Centre for Internet and Society

Data Privacy: Footprints on the Web

Admin — 2018-06-25T16:48:34Z

Technology has made data protection a hot button issue. Now, a group of eminent citizens, mostly lawyers, have formulated a draft privacy bill, a legal framework that protects the individual’s right to privacy, but it faces legal jurisdiction issues

The blog post by Sujit Bhar was published in IndiaLegal on June 21, 2018.

Lack of data privacy is a modern day peril. Quite like the individual’s right to privacy—one that has been raised to the level of a Fundamental Right by the Supreme Court—data privacy today is prime, because technology has made our lives fully dependant on associated data. Hence, by extension of the same logic and arguments that the top court used for personal privacy, data privacy should be protected.

The methodology to be adopted, though, is not as easy to determine given the lack of legislation in the field, the improbability of existing technology to ensure complete privacy and because of legal jurisdiction issues.

Also, to what extent data privacy can and should be allowed is a legal argument that needs to be supported by other fields of knowledge. The Supreme Court decision to award privacy as a Fundamental Right will act as a plinth in determining this.

To that end a group of eminent citizens, mostly lawyers, came together and formulated a draft privacy bill with the objective of slicing through banal arguments that would ensue if this was to wait for public re-reference/debate.

The proponents—Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman M Aggarwal, Praavita Kashyap, Prasanna S, Raman Jit Singh Chima, Ujwala Uppaluri and Vrinda Bhandari—have tried to develop their own privacy bill, based on the foundation of the Privacy (Protection) Bill, 2013, “which was drafted over a series of roundtables and inputs conducted by the Centre for Internet and Society, Bangalore”.

In doing so the group started from what it calls “seven privacy principles”, derived from various constitutional and expert texts.

Principle 1: Individual rights are at the centre of privacy and data protection.

This says that “the individual and her rights are primary. The law on privacy must empower you by advancing your right to privacy…”including “your right to autonomy and dignity.

Principle 2: A data protection law must be based on privacy principles.

Here reference is made to the report of the Justice AP Shah Committee of Experts. It’s a method that has been left flexible, to accommodate fast developing technology. There is a reference to Moore’s Law in this. Moore’s Law has remained one of the most overwhelmingly true laws of the IT industry. Originating in 1970, it says that processor speeds, or overall processing power for computers “will double every two years”. While that has remained true till now, with the development of multiple core processors, this law too has seemingly run its course. With the world changing at such a fast pace, if the data privacy bill/law does not remain flexible, it would also be quickly consigned to a museum of laws. Hence this flexible approach will be crucial.

Principle 3: A strong privacy commission must be created to enforce the privacy principles.

This is the part of establishing an oversight authority, “a strong body to ensure that the data protection rights are put into practice and enforced”. This structure has been treated for something “that works in principle and in practice.”

There is one part that says that this proposed “Privacy Commission”, has been “provided wide powers of investigation, adjudication, rule-making and enforcement. The Commission should adopt an approach that builds accountability for the rights of users by having powers to impose penalties that are proportionate to the harm and build deterrence.” This, obviously, means that it will be stepping onto the toes of other laws and that would be a rough road to navigate. However, as the group’s own philosophy says that the problem with technology oriented legislation is that it takes catching up with the progress of technology. To overcome this, the group wants to “make sure that the Privacy Code is not outdated” and hence wants to make sure that the “Privacy Commission can exercise rule making powers to give effect to the data protection principles under the regulation”.

The other part of the philosophy is of acknowledging and addressing public complaints. Hence the legal rigidity of regular acts would be dismissed. How this can work with enforcement agencies, though, will remain a matter of debate. The draft bill says that the “Privacy Commission must serve as the forum for the redressal of the general public’s grievances”, and that “Privacy Commissions should have the ability to investigate (independently through the office of a Director General), hold hearings and pass orders with directions and fines”.

That could be legal nightmare, because unlike a simple code, the bill has to pass through parliament to become an act, and legislators are the ones who have final say in remodelling an existing law. How much power they would agree to delegate is anybody’s guess.

Of course, the draft also calls for the courts to welcome public opinion. There seems to be a slight hitch in the wording, which says that “…while the Privacy Commission serves as the forum for redressal, the public should retain the remedies of approaching the civil courts (even in instances where harm is suffered by a group of people) and of filing police complaints directly”. That questions even the oversight authority of the commission. There is another objective—a hope, one would say—that the Privacy Commission must have jurisdiction over the government, as it does over the private sector. The Privacy Commission should have overriding power and superintendence over all legal entities in matter of data protection and privacy”. While this sounds good on paper, the issue of national security can override all. At this point, according to a cyber security expert, there is talk within the Indian government on how to deal with the social media messaging app WhatsApp. Technically, as the company points out, messaging through an app is encrypted (military grade encryption, it is said) end-to-end. Hence terrorist groups have zeroed in on this as a common idea exchange platform. There could possibly be restrictive legislation on this. That could strike at the heart of data privacy.

The government’s reaction, though, could become counter-productive. This could be visible in what the Justice Srikrishna-led Committee of Experts possibly could recommend.

Principle 4: The government should respect user privacy. Technically, if this bill, in its current form, has to go through parliament, members of both houses should be willing to accept that it will have no snooping powers, ever. The way the government fought tooth and nail against personal privacy in court—and the Aadhaar verdict is still awaited—this proposal seems unlikely to have an easy passage. The draft says: “It is imperative that the government, its arms, bodies and programmes be compliant with the privacy protection principles through a data protection law.”

There is a caveat within this, saying: “We support the use of digital technologies for public benefit. However, they should not be privileged over fundamental rights.” The proposal also says: “The government is responsible for the delivery of many essential services to the public of India. These services must not be withheld from an individual, due to such individual not sharing data with the government. Withholding services on the pretext of requirement of collection of data effectively amounts to extortion of consent. Individuals cannot be forced to trade away their data and citizenship at the altar of being permitted to use government services and access legal entitlements on welfare.” This will have to wait its validation or dismissal through the Aadhaar verdict.

Principle 5: A complete privacy code comes with surveillance reform

This is another tricky issue for any government. It talks about how the Snowden revelations “brought to public knowledge that our personal data is collected in an indiscriminate manner by governments”. The draft calls this collection procedure “dragnet surveillance”, because it “contravenes the principles of necessity, proportionality and purpose limitation”. Necessity and proportionality have been argued in detail during the Aadhaar debate in court and till that verdict is out, it would, possibly, not be right to delve into this, though a recommendation for procedural safeguards might run into the same wall as in the case of encrypted software in social media apps. The draft accepts the possibility of “individual interception and surveillance”, but says “this should be severely limited in substance and practice through procedural safeguards”.

Principle 6: The right to information needs to be strengthened and protected

This basically refers to the Right to Information Act and seems completely justified, with Information Commissioners being “exempted from interference or control by the Privacy Commissioner”.

Principle 7: International protections and harmonisation to protect the open internet must be incorporated

Another contentious issue, being fuelled by the loss of face by Facebook in its effort to introduce graded access (with paywalls).

The group widens its scope in stating that “we need to be guided by the Supreme Court’s Right to Privacy decision and make reference to the European Union’s General Data Protection Regulation”. More interestingly, the group admits that every law will have certain exceptions. It says: “…but without clear wording sometimes exceptions swallow up the rule. We adopted a three part test in our drafting process in which any exceptions to these privacy principles should be: (a) worded clearly; (b) limited in purpose, necessary and proportionate to the aim; and (c) accompanied by sufficient procedural safeguards”.

On the face of it, the overall draft represents a novel and upright way of thinking, and if some of this is accepted while the government mulls the Justice Srikrishna Committee’s recommendations (expected late this month), it would be a good beginning.

For more details visit https://cis-india.org/internet-governance/news/india-legal-live-june-21-2018-data-privacy

Comments on the Draft Digital Communications Policy

Anubha Sinha, Gurshabad Grover and Swaraj Barooah — 2018-06-14T12:43:10Z

This submission presents comments by the Centre for Internet & Society, India (“CIS”) on the Draft Digital Communications Policy which was released to the public by the Department of Telecommunications of the Ministry of Communications on 1st May 2018 for comments and views.

Preliminary

On 1st May 2018, the Department of Telecommunications of the Ministry of Communications released the Draft Digital Communications Policy for comments and feedback. We laud the Government’s attempts to realise the socio-economic potential of India by increasing access to Internet, and drafting a comprehensive policy while adequately keeping in mind the various security and privacy concerns that arise due to online communication. On behalf of the Centre for Internet & Society (CIS), we thank the Department of Telecommunications for the opportunity to submit its comments on the draft policy.

We would like to point out two concerns with the consultation process: (i) a character-limit imposed on the comments to each section, due to which this submission has to sacrifice on providing comprehensive references to research; and (ii) issues with signing in on the MyGov where this consultation was hosted. We strongly recommend that the consultation process be liberal in accepting content, and allow for multiple types of submissions.

Comments

Connect India: Creating a Robust Digital Communication Infrastructure

On 2022 Goals

a. Provide Universal broadband coverage at 50 Mbps to every citizen

According to UNICEF’s 2017 report, Children in a Digital World, only 29% of the internet users in India are female. It is essential that the policy recognise the wide digital gender gap and other differences in internet access that result from traditional sociocultural barriers. Therefore, we recommend that the goal read as: “Provide Universal broadband coverage at 50 Mpbs to every citizen, with special focus on increasing internet access for women, people with disabilities, and historically-marginalised communities.”

g. Ensure connectivity to all uncovered areas

The term “connectivity” should be changed to “active internet connectivity”. As per the current norms, a gram panchayat may be considered “connected” if the fibre infrastructure exists, but this does not necessarily mean an active internet connection being serviced in the area. For example, as on May 20, “of 1.22 lakh gram panchayats with fibre connectivity, 1.09 lakh had active internet.”

On Strategies

1.1 (a) i. BharatNet – Providing 1 Gbps to Gram Panchayats upgradeable to 10 Gbps

The Central Government, under the “State-led” implementation of the BharatNet initiative, has allowed certain state governments to implement the program in their respective states. This has allowed State Governments to take misplaced liberty with the core objective of the program, which originally was to increase access to internet services. For example, after the Telecom Commission’s approval of Andhra Pradesh’s “State-led” implementation of the program, the state government set up a body corporate Andhra Pradesh State FiberNet Limited. This body then went on to exceed its mandate by venturing into the television broadcasting and distribution business by offering Internet Protocol Television (IPTV) services. This is deeply problematic a it indicates that central government funds meant for increasing internet access are being used for IPTV services, despite the TRAI’s repeated recommendations (since 2012) that state-owned entities should not be allowed to enter broadcasting and distribution activities ; allowing state entities in the business is against fair play and competition, runs contrary to the principle of independent and free media, and has chilling effects on the freedom of expression.

Additionally, this has created a problem for aggregated data availability on the expenditure on the program. While the central government should ideally have all data pertaining to state-wise expenditure of funds for the program, data regarding the states implementing the initiative on their own is generally excluded from the data provided by the Ministry. The goals of the program need to be specifically defined so that funds are directed effectively. The program needs stricter monitoring mechanisms to ensure that the intended objectives are met.

1.1 (a) iv. JanWiFi – Establishing 2 Million Wi-Fi Hotspots in rural areas

Under present regulations, resale of communication data logged by WiFi hotspots is not permitted. However, recent news reports suggest that the DoT may change these norms to permit (virtual network) operators to further sell this information. We understand that while changing such norms may incentivise the operators to set up WiFi hotspots, however, the proliferation of internet access cannot come at the cost of privacy of users. The data available to the operators of these hotspots includes all browsing data, which is sensitive private information, and thus, should be restricted from sale. We strongly recommend that in compatibility with the security & privacy goals for consumers envisioned in the latter sections of this draft policy, the DoT ensure that strong privacy measures are in place for public WiFi hotspots made available through programs like JanWiFi.

1.1 (f) Enabling Infrastructure Convergence of IT, telecom and broadcasting sectors

The policy proposes a convergence of the infrastructure administration currently performed by three central Government departments: IT, Broadcasting and Telecom. As admitted in the draft, this will require amendments, amongst many Acts, to the Telegraph Act. However, the draft policy has not clearly delineated the new proposed responsibilities for each department, and avoids elaborating on the nuance that will be required to address the multiple legal and administrative concerns stemming from the proposed convergence. The document also fails to detail how infrastructure (say internet access through 4G) will be regulated differently services (say IPTV operating on 4G). Further clarity is also required (i) how department-specific concerns (which are unsuited for a larger body) will be handled; and (ii) regarding the auspices under which the new converged body will operate.

1.2 (a) Making adequate spectrum available to be equipped for the new broadband era

TRAI’s consultation paper, Allocation and Pricing of Microwave Access (MWA) and Microwave Backbone (MWB) RF carriers (March 2014), recommends the exploration of the usage of the E-band (71 - 76 / 81-86 GHz) and V-band (57-64 MHz), and for the allocation of the same to telecom service providers. We recommend that the Ministry accept TRAI’s recommendations, and reflect it in this policy.

While the draft policy aims to decrease regulation of the spectrum, including liberalising spectrum “sharing, leasing and trading” regime, in addition, the policy should clear the government’s stance on unlicensed spectrum usage. CIS has written earlier (June 2012) about the demonstrable need for unlicensed spectrum to create a path for inexpensive connectivity in rural and remote areas.

1.2 (a) v. Optimal Pricing of Spectrum to ensure sustainable and affordable access to Digital Communications

The draft policy should review existing approach to spectrum pricing in India. The Indian telecom sector is under heavy debt, and if rejuvenating this sector is a purported goal of this policy via “optimal pricing of spectrum”, auctions with a view to revenue maximisation should no longer remain the preferred method of assigning spectrum. The National Telecom Policy, 1999 which adopted a revenue-sharing approach to license fees, showed good results for the sector and translated into huge benefits for consumers. The government should adopt a similar approach to rescue the industry.

Propel India: Enabling Next Generation Technologies and Services through Investments, Innovation, Indigenous Manufacturing and IPR Generation

On Strategies

2.2 (a) ii. Simplifying licensing and regulatory frameworks whilst ensuring appropriate security frameworks for IoT/ M2M / future services and network elements incorporating international best practices

The process of “simplifying” licensing and regulatory regime is currently vague, and the intentions remain unclear. Simplifying licences without clear intentions can lead to losing the necessary nuance in the license agreements required to maintain competitive markets. In recent months, the industry has already witnessed a dilution of provisions which were placed to ensure healthy competition in the sector. For example, on May 31st, new norms were announced by DoT under which now allow an operator to hold 35% of the total spectrum as opposed to the earlier regulation which only allowed for holding a maximum 25% of the total spectrum.

2.3 (d) (iii) Providing financial incentives for the development of Standard Essential Patents(SEPs) in the field of digital communications technologies

This is a welcome step by the government to incentivise the development of SEPs in the country. However, this appreciable step will only yield results in the long term - and realistically speaking, not before a decade. It is equally necessary to improve the environment of licensing of SEPs in the short-term. The government should take initiative for creation of government-controlled patent pools for SEPs, which will solve issues of licensing for SEP holders, and also improve transparency of information relating to SEPs. Specifically, we recommend that the government initiate the formation of a patent pool of critical mobile technologies and apply a five percent compulsory license.

Secure India: Ensuring Digital Sovereignty, Safety and Security of Digital Communications

On Strategies

3.1 Harmonising communications law and policy with the evolving legal framework and jurisprudence relating to privacy and data protection in India

We welcome the Ministry’s intention to amend licence agreements to include data protection and privacy provisions. In the same vein, the Ministry should also consider removing provisions from licenses that prevent the operator from using certain encryption methods in its network. For example, Clause 2.2 (vii) of the License Agreement between DoT & ISP prohibits bulk encryption. Additionally, in the License Agreement, encryption with only up to 40-bit in RSA (or equivalent) is normally permitted. Similarly, Clause 37.1 of the Unified Service License Agreement prohibits bulk encryption. These provisions must be revised to ensure that ISPs and other service providers can employ more cryptographically secure methods.

When regulating on encryption, we recommend that the government only set positive minimum mandates for the storage and transmission of data, and not set upper limits on the number of bits or on the quality of cryptographical method. In pursuance of the same goals, we also recommend adding point ‘iii’ to 3.1 (b): “promoting the use of encryption in private communication by providing positive minimum mandates for strong encryption in (or along with) the data protection framework.”

3.2 (a) Recognising the need to uphold the core principles of net neutrality

Like other goals of the draft policy, the target for ensuring and enforcing net neutrality principles has been set as 2022. However, this goal is achievable by as early as December 2018. We suggest that the Government take the first step towards this goal by accepting the net neutrality principles proposed by the TRAI and its recommendations to the government which have been pending with the Ministry since November 2017. The government may additionally take into consideration CIS’ position on net neutrality.

The vaguely worded “appropriate exclusions and exceptions” carved out to net-neutrality principles in the policy need urgent elaboration. Given the vague boundaries between different control layers in digital communication, content regulation is very easy to slip into, and needs to be consciously avoided by the government.

3.3 (f) ii. Facilitating lawful interception agencies with state of the art lawful intercept and analysis systems for implementation of law and order and national security

There is no clarity in policy on how the government plans to meet the goal of “[f]acilitating lawful interception agencies with state of the art lawful intercept and analysis systems for implementation of law and order and national security.” It has been recently suggested that some legal provisions that enable targeted communication surveillance might be violative of the privacy guidelines laid out in the recent Supreme Court judgment that affirmed the Right to Privacy. Additionally, mass surveillance, prime facie, does not meet the “proportionality test.” Therefore, the policy documents needs details as to how the Ministry will aid intelligence agencies, and whether these interception details will be known to ISPs, TSPs and the public via reflection in the various License Agreements.

For more details visit https://cis-india.org/internet-governance/blog/comments-on-the-draft-digital-communications-policy

NITI Aayog Discussion Paper: An aspirational step towards India’s AI policy

2018-06-13T13:08:47Z

The National Strategy for Artificial Intelligence — a discussion paper on India’s path forward in AI, is a welcome step towards a comprehensive document that reflects the government's AI ambitions. The 115-page discussion paper attempts to be an all encompassing document looking at a host of AI related issues including privacy, security, ethics, fairness, transparency and accountability.

Download the Report

The 115-page discussion paper attempts to be an all encompassing document looking at a host of AI related issues including privacy, security, ethics, fairness, transparency and accountability. The paper identifies five focus areas where AI could have a positive impact in India. It also focuses on reskilling as a response to the potential problem of job loss due the future large-scale adoption of AI in the job market. This blog is a follow up to the comments made by CIS on Twitter on the paper and seeks to reflect on the National Strategy as a well researched AI roadmap for India. In doing so, it identifies areas that can be strengthened and built upon.

Identified Focus Areas for AI Intervention

The paper identifies five focus areas—Healthcare, Agriculture, Education, Smart Cities and Infrastructure, Smart Mobility and Transportation, which Niti Aayog believes will benefit most from the use of AI in bringing about social welfare for the people of India. Although these sectors are essential in the development of a nation, the failure to include manufacturing and services sectors is an oversight. Focussing on manufacturing is fundamental not only in terms of economic development and user base, but also regarding questions of safety and the impact of AI on jobs and economic security. The same holds true for the service sector particularly since AI products are being made for the use of consumers, not just businesses. Use of AI in the services sector also raises critical questions about user privacy and ethics. Another sector the paper fails to include is defense, this is worrying since India is chairing the Group of Governmental Experts on Lethal Autonomous Weapons Systems (LAWS) in 2018. Across sectors, the report fails to look at how AI could be utilised to ensure accessibility and inclusion for the disabled. This is surprising, as aid for the differently abled and accessibility technology was one of the 10 domains identified in the Task Force Report on AI published earlier this year. This should have been a focus point in the paper as it aims to identify applications with maximum social impact and inclusion.

In its vision for the use of AI in smart cities, the paper suggests the adoption of a sophisticated surveillance system as well as the use of social media intelligence platforms to check and monitor people’s movement both online and offline to maintain public safety. This is at variance with constitutional standards of due process and criminal law principles of reasonable ground and reasonable suspicion. Further, use of such methods will pose issues of judicial inscrutability. From a rights perspective, state surveillance can directly interfere with fundamental rights including privacy, freedom of expression, and freedom of assembly. Privacy organizations around the world have raised concerns regarding the increased public surveillance through the use of AI. Though the paper recognized the impact on privacy that such uses would have, it failed to set a strong and forward looking position on the issue - such as advocating that such surveillance must be lawful and inline with international human rights norms.

Harnessing the Power of AI and Accelerating Research

One of the ways suggested for the proliferation of AI in India was to increase research, both core and applied, to bring about innovation that can be commercialised. In order to attain this goal the paper proposes a two-tier integrated approach: the establishment of COREs (Centres of Research Excellence in Artificial Intelligence) and ICTAI (International Centre for Transformational Artificial Intelligence). However the roadmap to increase research in AI fails to acknowledge the principles of public funded research such as free and open source software (FOSS), open standards and open data. The report also blames the current Indian Intellectual Property regime for being “unattractive” and averse to incentivising research and adoption of AI. Section 3(k) of Patents Act exempts algorithms from being patented, and the Computer Related Inventions (CRI) Guidelines have faced much controversy over the patentability of mere software without a novel hardware component. The paper provides no concrete answers to the question of whether it should be permissible to patent algorithms, and if yes, to to what extent. Furthermore, there needs to be a standard either in the CRI Guidelines or the Patent Act, that distinguishes between AI algorithms and non-AI algorithms. Additionally, given that there is no historical precedence on the requirement of patent rights to incentivise creation of AI, innovative investment protection mechanisms that have lesser negative externalities, such as compensatory liability regimes would be more desirable. The report further failed to look at the issue holistically and recognize that facilitating rampant patenting can form a barrier to smaller companies from using or developing AI. This is important to be cognizant of given the central role of startups to the AI ecosystem in India and because it can work against the larger goal of inclusion articulated by the report.

Ethics, Privacy, Security and Safety

In a positive step forward, the paper addresses a broader range of ethical issues concerning AI including transparency, fairness, privacy and security and safety in more detail when compared to the earlier report of the Task Force. Yet despite a dedicated section covering these issues, a number of concerns still remain unanswered.

Transparency

The section on transparency and opening the Black Box has several lacunae. First, AI that is used by the government, to an acceptable extent, must be available in the public domain for audit, if not under Free and Open Source Software (FOSS). This should hold true in particular for uses that impinge on fundamental rights. Second, if the AI is utilised in the private sector, there currently exists a right to reverse engineer within the Indian Copyright Act, which is not accounted for in the paper. Furthermore, if the AI was involved both in the commission of a crime or the violation of human rights, or in the investigations of such transgressions, questions with regard to judicial scrutability of the AI remain. In addition to explainability, the source code must be made circumstantially available, since explainable AI alone cannot solve all the problems of transparency. In addition to availability of source code and explainability, a greater discussion is needed about the tradeoff between a complex and potentially more accurate AI system (with more layers and nodes) vs. an AI system which is potentially not as accurate but is able to provide a human readable explanation. It is interesting to note that transparency within human-AI interaction is absent in the paper. Key questions on transparency, such as whether an AI should disclose its identity to a human have not been answered.

Fairness

With regards to fairness, the paper mentions how AI can amplify bias in data and create unfair outcomes. However, the paper neither suggests detailed or satisfactory solutions nor does it deal with biased historical data in an Indian context. More specifically, there seems to be no mention of regulatory tools to tackle the problem of fairness, such as:

Self-certification
Certification by a self-regulatory body
Discrimination impact assessments
Investigations by the privacy regulator

Such tools will proactively need to ensure inclusion, diversity, and equity in composition and decisions.

Additionally, with reference to correcting bias in AI, it should be noted that the technocratic view that as an AI solution continues to be trained on larger amounts of data , systems will self correct, does not fully recognize the importance of data quality and data curation, and is inconsistent with fundamental rights. Policy objectives of AI innovation must be technologically nuanced and cannot be at the cost of intermediary denial of rights and services.

Further, the paper does not deal with issues of multiple definitions and principles of fairness, and that building definitions into AI systems may often involve choosing one definition over the other. For instance, it can be argued that the set of AI ethical principles articulated by Google are more consequentialist in nature involving a a cost-benefit analysis, whereas a human rights approach may be more deontological in nature. In this regard, there is a need for interdisciplinary research involving computer scientists, statisticians, ethicists and lawyers.

Privacy

Though the paper underscores the importance of privacy and the need for a privacy legislation in India - the paper limits the potential privacy concerns arising from AI to collection, inappropriate use of data, personal discrimination, unfair gain from insights derived from consumer data (the solution being to explain to consumers about the value they as consumers gain from this), and unfair competitive advantage by collecting mass amounts of data (which is not directly related to privacy). In this way the paper fails to discuss the full implications on privacy that AI might have and fails to address the data rights necessary to enable the right to privacy in a society where AI is pervasive. The paper fails to engage with emerging principles from data protection such as right to explanation and right to opt-out of automated processing, which directly relate to AI. Further, there is no discussion on the issues such as data minimisation and purpose limitation which some big data and AI proponents argue against. To that extent, there is a lack of appreciation of the difficult policy questions concerning privacy and AI. The paper is also completely silent on redress and remedy. Further the paper endorses the seven data protection principles postulated by the Justice Srikrishna Committee. However CIS has pointed out that these principles are generic and not specific to data protection. Moreover, the law chapter of IEEE’s ‘Global Initiative on Ethics of Autonomous and Intelligent Systems’ has been ignored in favor of the chapter on ‘Personal Data and Individual Access Control in Ethically Aligned Design’ as the recommended international standard. Ideally, both chapters should be recommended for a holistic approach to the issue of ethics and privacy with respect to AI.

AI Regulation and Sectoral Standards

The discussion paper’s approach towards sectoral regulation advocates collaboration with industry to formulate regulatory frameworks for each sector. However, the paper is silent on the possibility of reviewing existing sectoral regulation to understand if they require amending. We believe that this is an important solution to consider since amending existing regulation and standards often takes less time than formulating and implementing new regulatory frameworks. Furthermore, although the emphasis on awareness in the paper is welcome, it must complement regulation and be driven by all stakeholders, especially given India’s limited regulatory budget. The over reliance on industry self-regulation, by itself, is not advisable, as there is an absence of robust industry governance bodies in India and self-regulation raises questions about the strength and enforceability of such practices. The privacy debate in India has recognized this and reports, like the Report of the Group of Experts on Privacy, recommend a co-regulatory framework with industry developing binding standards that are inline with the national privacy law and that are approved and enforced by the Privacy Commissioner. That said, the UN Guiding Principles on Business and Human Rights and its “protect, respect, and remedy” framework should guide any self regulatory action.

Security and Safety of AI Systems

In terms of security and safety of AI systems the paper seeks to shift the discussion of accountability being primarily about liability, to that of one about the explainability of AI. Furthermore, there is no recommendation of immunities or incentives for whistleblowers or researchers to report on privacy breaches and vulnerabilities. The report also does not recognize certain uses of AI as being more critical than others because of their potential harm to the human. This would include uses in healthcare and autonomous transportation. A key component of accountability in these sectors will be the evolution of appropriate testing and quality assurance standards. Only then, should safe harbours be discussed as an extension of the negligence test for damages caused by AI software. Additionally, the paper fails to recommend kill switches, which should be mandatory for all kinetic AI systems. Finally, there is no mention of mandatory human-in-the-loop in all systems where there are significant risks to safety and human rights. Autonomous AI is only viewed as an economic boost, but its potential risks have not been explored sufficiently. A welcome recommendation would be for all autonomous AI to go through human rights impact assessments.

Research and Education

Being a government think-tank, the NITI Aayog could have dealt in detail with the AI policies of the government and looked at how different arms of the government are aiming to leverage AI and tackle the problems arising out of the use of AI. Instead of tabulating the government’s role in each area and especially research, the report could have also listed out the various areas where each department could play a role in the AI ecosystem through regulation, education, funding research etc. In terms of the recommendations for introducing AI curriculums in schools, and colleges, the government could also ensure that ethics and rights are part of the curriculum - especially in technical institutions. A possible course of action could include corporations paying for a pan-Indian AI education campaign.This would also require the government to formulate the required academic curriculum that is updated to include rights and ethics.

Data Standards and Data Sharing

Based on the amount of data the Government of India collects through its numerous schemes, it has the potential to be the largest aggregator of data specific to India. However the paper does not consider the use of this data with enough gravity. For example, the paper recommends Corporate Data Sharing for “social good” and making government datasets from the social sector available publicly. Yet this section does not mention privacy enhancing technologies/standards such as pseudonymization, anonymization standards, differential privacy etc. Additionally there should be provisions that allow the government to prevent the formation of monopolies by regulating companies from hoarding user data. The open data standards could also be applicable to the private companies, so that they can also share their data in compliance with the privacy enhancing technologies mentioned above. The paper also acknowledges that AI Marketplaces require monitoring and maintenance of quality. It recognises the need for “continuous scrutiny of products, sellers and buyers”, and proposes that the government enable these regulations in a manner that private players could set up the marketplace. This is a welcome suggestion, but the legal and ethical framework of the AI Marketplace requires further discussion and clarification.

An AI Garage for Emerging Economies

The discussion paper also qualifies India as an “ideal test-bed” for trying out AI related solutions. This is problematic since questions of regulation in India with respect to AI have yet to be legally clarified and defined and India does not have a comprehensive privacy law. Without a strong ethical and regulatory framework, the use of new and possibly untested technologies in India could lead to unintended and possibly harmful outcomes.The government's ambition to position India as a leader amongst developing countries on AI related issues should not be achieved by using Indians as test subjects for technologies whose effects are unknown.

Conclusion

In conclusion, NITI Aayog’s discussion paper represents a welcome step towards a comprehensive AI strategy for India. However, the trend of inconspicuously releasing reports (this and the AI Task Force) as well as the lack of a call for public comments, seems to be the wrong way to foster discussion on emerging technologies that will be as pervasive as AI.

The blanket recommendations were provided without looking at its viability in each sector. Furthermore, the discussion paper does not sufficiently explore or, at times, completely omits key areas. It barely touched upon societal, cultural and sectoral challenges to the adoption of AI — research that CIS is currently in the process of undertaking.Future reports on Indian AI strategy should pay more attention to the country’s unique legal context and to possible defense applications and take the opportunity to establish a forward looking, human rights respecting, and holistic position in global discourse and developments. Reports should also consider infrastructure investment as an important prerequisite for AI development and deployment. Digitised data and connectivity as well as more basic infrastructure, such as rural electricity and well-maintained roads, require more funding to more successfully leverage AI for inclusive economic growth. Although there are important concerns, the discussion paper is an aspirational step toward India’s AI strategy.

For more details visit https://cis-india.org/internet-governance/blog/niti-aayog-discussion-paper-an-aspirational-step-towards-india2019s-ai-policy

Why NPCI and Facebook need urgent regulatory attention

sunil — 2018-06-12T02:07:42Z

The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet.

The article was published in the Economic Times on June 10, 2018.

As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.

The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.

In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.

On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.

In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.

My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”

NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”

This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”

Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.

However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.

Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.

Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention

NITI Aayog Discussion Paper

Admin — 2018-06-12T01:52:04Z

For more details visit https://cis-india.org/internet-governance/files/niti-aayog-discussion-paper

Disconnected Network Disruptions

Admin — 2018-06-12T01:23:02Z

For more details visit https://cis-india.org/internet-governance/files/disconnected-network-disruptions

Citizens’ Draft Privacy Bill Seeks To Revolutionise Data Collection, Storage In India

Admin — 2018-06-11T02:47:46Z

A draft privacy bill proposes sweeping reforms to the way personal data is collected, processed and stored in India.

The blog post by Arpan Chaturvedi was published in Bloomberg Quint on June 9, 2018. CIS research was quoted.

Titled Indian Privacy Code, 2018, the draft proposes that “all data collected, processed and stored by data controllers and data processors prior to the date on which this Act comes into force shall be destroyed within a period of two years from the date on which this Act comes into force”.

The draft has been put together by a group of lawyers and policy analysts and uploaded on the website of ‘Save our Privacy’ — a public initiative to put forth a model law on data protection. The initiative is backed by the India Privacy Foundation.

No person, including a data controller and data processor, shall collect any personal data without obtaining the consent of the data subject to whom it pertains, the draft bill says. Collection of personal data without consent can happen only when:

It’s necessary for the provision of an emergency medical service.
Prevent, investigate or prosecute a cognizable offence.
Exempted by a privacy commission that the draft seeks to institute

Also, the draft bill proposes that no person shall store any personal data for a period longer than is necessary to achieve the purpose for which it was collected or received. The same applies to the processing of personal data.

The draft bill has been submitted to the Justice Sri Krishna Committee — which will deliberate on a data-protection framework for the country. The committee’s first draft is likely to be submitted this month.

The bill prescribes punishment for offenses related to interception of communication, surveillance, abetment, repeat offenders and offenses by companies.

The bill, according to information on the website, is based on seven principles, foremost of which is the importance of individual rights. The others are:

A data protection law must be based on privacy principles and guidelines discussed in the report of Justice AP Shah Committee of Experts; the Supreme Court judgement on Right to Privacy and European Union’s General Data Protection Regulation.
A strong privacy commission must be created to enforce privacy principles. The commission should be granted wide powers of investigation, adjudication, rule-making and enforcement. The privacy commission must have jurisdiction over the government as well as private bodies.
The government must respect user privacy. The government cannot deny essential services to citizens if they choose not to share data with it. The draft says government withholding services on pretext of collection of information effectively amounts to “extortion of consent”.
A complete privacy code must come with surveillance reform. Even when individual interception and surveillance is carried out this should be severely limited in substance and practiced through procedural safeguards.
Strengthen the Right To Information Act and exempt information commissioners from interference or control by the privacy commissioner
International protection and harmonisation is a must to protect the open internet. The group suggests the law must have extraterritorial effect and apply to web services and platforms which are accessible in India and gather personal data of Indians.

The bill takes inspiration from the Privacy (Protection) Bill, 2013 which was drafted over a series of roundtable discussions and inputs conducted by the Centre for Internet and Society, Bengaluru.

The individuals who were involved in the drafting of the model law are Raman Jit Singh Cheema, Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman N Aggarwal, Praavita Kashyap, Prasanna S, Ujjwala Uppaluri, Vrinda Bhandari.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-june-9-2018-draft-bill-seeks-to-revolutionise-data-collection-storage-in-india

Draft Digital Communications Policy

Gurshabad Grover — 2018-06-07T02:02:29Z

For more details visit https://cis-india.org/internet-governance/files/draft-digital-communications-policy

DP Compendium

Admin — 2018-05-31T16:00:24Z

For more details visit https://cis-india.org/internet-governance/files/dp-compendium

May 2018 Newsletter

praskrishna — 2018-06-12T14:03:24Z

CIS newsletter for the month of May 2018.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here. Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty. India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018. Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok. The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok. Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah. Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly. Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report. The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Highlights

The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here.
Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty.
India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018.
Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok.
The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok.
Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah.
Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly.
Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report.
The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Articles:

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).

India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).
India's Data Protection Framework Will Need to Treat Privacy as a Social and Not Just an Individual Good (Amber Sinha; Economic & Political Weekly, Volume 53, Issue No. 18, 05 May, 2018).
Digital Native: Web of Wander (Nishant Shah; Indian Express; May 20, 2018).

CIS in the News:

India's National ID Project Brings Pain to Those it Aims to Help (Aayush Soni; Ozy.com; May 11, 2018).
Aadhaar Remains an Unending Security Nightmare for a Billion Indians (Karan Saini; Wire; May 11, 2018).
More errors in Aadhaar data in Andhra Pradesh than in voter database (U Sudhakar Reddy; Times of India; May 18, 2018).
Putting women human rights activists on the world map (Sarumathi K.; Hindu; May 19, 2018).
An open data ecosystem can boost India's GDP by $22 B and double farmer income (Sohini Mitter; Your Story; May 23, 2018).
Complying with Europe’s GDPR will be a “matter of survival” for Indian IT firms (Ananya Bhattacharya; Quartz India; May 24, 2018).
Don't blindly forward WhatsApp messages. You could be sued (Rajitha Menon and Surupasree Sarmmah; Deccan Herald; May 29, 2018).
Alexa’s recording leak in US ‘echoes’ privacy issues here (Mugdha Variyar; Economic Times; May 29, 2018).
Election Experiment Proves Facebook Just Doesn't Care About Fake News In India (Visvak; Huffington Post; May 30, 2018).
India Proposes Law to Give Indians Complete Control of their Digital Health Data (Madhur Singh; India Spend; May 31, 2018).
Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter (Alnoor Peermohamed and Manavi Kapur; Business Standard; May 31, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright and Patent

Blog Entries

CIS participated in the 36th SCCR held in Geneva from May 28 to June 1, 2018 and made the following statements:

Statement on the Proposed Treaty for the Protection of Broadcasting Organizations (Anubha Sinha; May 28, 2018).
NGOs circulate letter at WIPO SCCR/36 raising serious concerns about draft Broadcasting Treaty (Anubha Sinha; May 29, 2018).
Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities (Anubha Sinha; May 31, 2018).
Statement on the Draft Action Plan for Libraries, Archives and Museums (Anubha Sinha; May 31, 2018).
Statement on Limitations and Exceptions Agenda (Anubha Sinha; May 31, 2018).

Participation in Event

RightsCon Toronto 2018 (Organized by RightsCon; Beanfield Centre at Exhibition Place, Toronto; May 17, 2018). Maggie Huang, Amba Kak, Rohini Lakshané, Vidushi Marda, Elonnai Hickok and Anubha Sinha were among the speakers at the event. Amber Sinha remotely participated in a private meeting on 'Strategizing Civil Society Roles in the Artificial Intelligence Debate'. Anubha Sinha, Maggie Huang, Rohini Lakshané and Vidushi Marda presented their findings from the Pervasive Technologies project in a panel titled "Cheap and Chipper: IP in India's Affordable Smartphones". Prof Michael Geist moderated the session. Anubha Sinha and Vidushi Marda participated remotely. Elonnai Hickok participated in these sessions: IDRC cyber policy meeting; GNI board meeting; GNI learning session on MLATs; FOC-AN meeting; GNI session on Intermediary Liability.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Reports

Methods workshop on researching Future of Work in India (Natallia Khaniejo and Aayush Rathi; May 10, 2018).
AI in the Banking and Finance Industry in India (Saman Goudarzi, Elonnai Hickok and Amber Sinha; May 14, 2018)
Indian Intermediary Liability Regime: Compliance with the Manila Principles on Intermediary Liability (Divij Joshi; May 20, 2018). The report was edited by Elonnai Hickok and Swaraj Barooah.
Jurisdictional Report India (Compendium on Regulation of Cross-Border Transfers of Personal Data in Asia; Amber Sinha and Elonnai Hickok; May 31, 2018).

Blog Entry

Design Concerns in Creating Privacy Notices (Saumyaa Naidu; May 29, 2018). The blog post was edited by Elonnai Hickok.

Participation in Events

Meeting of Coalition for an Inclusive Approach on the Trafficking Bill (Organized by Alternative Law Forum; Bengaluru; May 3, 2018).
Fairness, Transparency and Accountable AI (Organized by DeepMind; London; May 10, 2018). Amber Sinha participated remotely in the inaugural meeting.
Rootconf 2018 (Organized by HasGeek; Bengaluru; May 11 - 12, 2018). Gurshabad Grover, Natallia Khaniejo and Aayush Rathi attended the event.
Inter Movements Open Forum: Trafficking Bill (Organized by Sangram, Naz Foundation, NNSW, Tarshi and VAMP; India International Centre, New Delhi; May 18, 2018).
IETF Indian Community Meetup: RFCs We Love (IoT edition) (Organized by Indian IETF Community; Zoomcar's office; Bengaluru; May 19, 2018). Gurshabad Grover and Sandeep Kumar attended 'RFCs We Love Meetup'.
Emerging Technologies: Issues & Way Forward (Organized by Technology Policy team at the National Institute of Public Finance and Policy; Bengaluru; May 23 - 24, 2018).
Privacy in the Digital Age: Addressing Common Challenges, Seizing Opportunities (Organized by DG Justice and Consumers and European Union; New Delhi; May 25, 2018).

►Free Speech and Expression

Report

Internet Shutdown Stories (Edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah; Foreword by Sunil Abraham; May 17, 2018). Case studies from the states of Jammu & Kashmir, Haryana, Rajasthan, Gujarat, Telangana, West Bengal, Tripura, Manipur, Nagaland, and Uttar Pradesh have been highlighted in this compilation.

Blog Entry

DIDP Request #30 - Enquiry about the employee pay structure at ICANN (Paul Kurian and Akriti Bopanna; May 26, 2018).

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Articles

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).
India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).

-----------------------------------
Researchers at Work
-----------------------------------

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Draft Research Paper

Infrastructure as Digital Politics: Media Practices and the Assam NRC Citizen Identification Project (Khetrimayum Monish Singh and Nafiza Ahmed; May 15, 2018).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/may-2018-newsletter-1

Emerging Technologies: Issues & Way Forward

Admin — 2018-05-26T00:39:11Z

Aayush Rathi and Gurshabad Grover attended a two day conference on 'Emerging Technologies: Issues & Way Forward' organised by the Technology Policy team at the National Institute of Public Finance and Policy (NIPFP), held on 23rd and 24th May in Bangalore.

The themes for discussion included:

Privacy, surveillance and data protection
Regulation of emerging technologies
Building sound regulators for technology policy, and
Fintech regulation

Click here to read the agenda

For more details visit https://cis-india.org/internet-governance/news/emerging-technologies-issues-way-forward

NIPFP Bangalore Agenda

Admin — 2018-05-26T00:38:16Z

For more details visit https://cis-india.org/internet-governance/nipfp-bangalore-agenda

Indian Intermediary Liability Regime

Admin — 2018-05-20T15:03:25Z

For more details visit https://cis-india.org/internet-governance/files/indian-intermediary-liability-regime

March 2018 Newsletter

praskrishna — 2018-05-20T14:55:25Z

March 2018 newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS in partnership with DataMeet and Arghyam is exploring the early steps for making open data and tools to plan for water resources accessible to all. As a move to celebrate World Water Day 2018 we are sharing a paper that we had been working on titled Open Data for Water Studies in India and a web app to make open water data easily explorable and usable. Disability rights activist Javed Abidi, former Director of the National Centre for Promotion of Employment for Disabled People who was instrumental in bringing issues pertaining to various disabilities under an umbrella organisation, and ensuring greater visibility in mainstream media passed away recently. Remembering Abidi, Dr. Nirmita Narasimhan spoke to Ambika Tandon about how they worked together to push National Policy on Universal Electronics Accessibility. CIS, Wikimedia Foundation, Wikimedia India and other affiliates of India have initiated Chromebook for the Project Tiger to enable writers from various Indic languages to create quality content in Indic languages. The project will also help Wikipedia editors by supporting them with internet charges for 6 months and laptops to 50 volunteers to address content gaps. Sunil Abraham in an article in the Business Standard has thrown light on the Cambridge Analytica Scandal and explained how India needs to save democracy from hegemonic incumbents with open source alternatives. For this the government should use its procurement powers. CIS has been instrumental in having ICANN become transparent about their revenue with our persistent requests for their sources of revenue. In our latest analysis we have presented a picture of ICANN financials from 2012 to 2016. In an article published in the Business Standard Shyam Ponappa wrote about correcting misinformed impressions about NPAs, and the Swedish model for setting up a bad bank. In an initial literature survey CIS has focused on how scholars in a diversity of fields, ranging from Information Science and Science and Technology Studies to Anthropology and Political Science, have engaged with how state infrastructures mediate the state-citizen relationship.

Highlights

CIS in partnership with DataMeet and Arghyam is exploring the early steps for making open data and tools to plan for water resources accessible to all. As a move to celebrate World Water Day 2018 we are sharing a paper that we had been working on titled Open Data for Water Studies in India and a web app to make open water data easily explorable and usable.
Disability rights activist Javed Abidi, former Director of the National Centre for Promotion of Employment for Disabled People who was instrumental in bringing issues pertaining to various disabilities under an umbrella organisation, and ensuring greater visibility in mainstream media passed away recently. Remembering Abidi, Dr. Nirmita Narasimhan spoke to Ambika Tandon about how they worked together to push National Policy on Universal Electronics Accessibility.
CIS, Wikimedia Foundation, Wikimedia India and other affiliates of India have initiated Chromebook for the Project Tiger to enable writers from various Indic languages to create quality content in Indic languages. The project will also help Wikipedia editors by supporting them with internet charges for 6 months and laptops to 50 volunteers to address content gaps.
Sunil Abraham in an article in the Business Standard has thrown light on the Cambridge Analytica Scandal and explained how India needs to save democracy from hegemonic incumbents with open source alternatives. For this the government should use its procurement powers.
CIS has been instrumental in having ICANN become transparent about their revenue with our persistent requests for their sources of revenue. In our latest analysis we have presented a picture of ICANN financials from 2012 to 2016.
In an article published in the Business Standard Shyam Ponappa wrote about correcting misinformed impressions about NPAs, and the Swedish model for setting up a bad bank.
In an initial literature survey CIS has focused on how scholars in a diversity of fields, ranging from Information Science and Science and Technology Studies to Anthropology and Political Science, have engaged with how state infrastructures mediate the state-citizen relationship.

Articles:

NPAs & Bad Banks (Shyam Ponappa; Business Standard and Organizing India Blogspot; March 1, 2018).
Digital native: Our lonely connected lives (Nishant Shah; Indian Express; March 11, 2018).
Cambridge Analytica scandal: How India can save democracy from Facebook (Sunil Abraham; Business Standard; March 28, 2018).

CIS in the News:

CIS ranks amongst top think tanks for public policy in the region (March 2, 2018). Think Tanks and Civil Societies Program featured Centre for Internet & Society in its annual report.
Is there a case for penalizing fake news? (Nilesh Christopher; ET Tech; March 7, 2018).

Supreme Court extends Aadhaar linking deadline till it passes verdict (Priyanka Mittal and Komal Gupta; Livemint; March 13, 2018).

Aadhaar unique IDs in India: a qualified success? (Web Fraud Prevention and Online Authentication Market Guide 2017/2018 and Paypers; March 16, 2018).

Facebook breach: Privacy advocates in India seek stronger data laws (Surabhi Agarwal and Devina Sengupta; March 20, 2018).

Govt warns Facebook of stringent legal action if found misusing data (Komal Gupta; Livemint; March 21, 2018).

Without stringent law, threats to Mark Zuckerberg are hollow: Experts (Alnoor Peermohamed and Karan Choudhury; Business Standard; March 23, 2018).

‘If an Indian party acted like Cambridge Analytica, it will not be guilty under current laws’ (Amit Bhardwaj; Newslaundry; March 24, 2018).

Is Facebook too powerful without legal safeguards? (Vidhi Choudhary; Hindustan Times; March 24, 2018).

Digital Native: A new road to justice (Nishant Shah; Indian Express; March 25, 2018).

Aadhaar safety (Asian Age; March 25, 2018).

PM’s app also susceptible (Free Press Journal; March 25, 2018).

New Lock For EU’s Digital Mines (Arindam Mukherjee; Outlook; March 26; 2018).

Security experts say need to secure Aadhaar ecosystem, warn about third party leaks (Nilesh Christopher; March 26, 2018).

Data Breach: How will the biggest scandal that Facebook is mired in affect its credibility in India? (G. Seetharaman and Shephali Bhatt; Economic Times; March 26, 2018).

UIDAI servers or third parties, Aadhaar leaks are dangerous: Experts (Mayank Jain; Business Standard; March 27, 2018).

Narendra Modi’s personal app sparks India data privacy row (Financial Times; March 28, 2018).

The Narendra Modi app: The secret weapon in BJP’s elections arsenal (Jayadevan PK and Pankaj Mishra; Factor Daily; March 29, 2018).
Your mobile apps have the permission to spy on you (Economic Times; March 30, 2018).
Parties seek social media influencers to go viral (Ipsita Basu; Economic Times; March 31, 2018).
If data is the new oil, how much does an Indian citizen lose? (Saurya Sengpupta; Hindu; March 31, 2018).

Accessibility

India has an estimated 70 million disabled persons who are unable to read printed materials due to some form of physical, sensory, cognitive or other disability. The disabled need accessible content, devices and interfaces facilitated via copyright law and accessibility policies. CIS works to facilitate this.

Blog Entry

Groundbreaking disability rights activist Javed Abidi dies at 53 (Ambika Tandon; March 6, 2018).

Access to Knowledge

Access to Knowledge (A2K) is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape. Our A2K program comprises 2 projects: Pervasive Technologies done under a grant from International Development Research Centre examining interplay between cost-effective pervasive technologies and intellectual property and encouraging development of such technologies for social good, and Wikipedia under a grant from Wikimedia Foundation to enable the growth of Indic language communities and cultivate new editors in different Indian languages.

Wikipedia

Events Organized

The reports for the events were published in March 2018:

Marathi Language Day events (February 27, 2018). Marathi Language day is celebrated all over world on February 27. Various events and activities were conducted by CIS-A2K in collaboration with community, institutions and government departments. A guest editorial was published in Sakal newspaper on February 10, 2018. There was a radio interview Tomato FM 94.3 Kolhapur on February 27, 2018 for which promotion was made through Facebook. News on the events was also covered in Pudhari, Lokmat and Samana.
Mini Train the Trainer 2018 (Organized by CIS-A2K; Jnana Prabodhini & Bhave High School; Sadashiv Peth, Pune; February 24 - 25, 2018).

Blog Entry

Chromebook for the Project Tiger- How it is helping me to contribute actively on Wikimedia project! (Sangram Keshari Senapati; March 26, 2018).

Openness

Innovation and creativity are fostered through openness and collaboration. Our work in the Openness program focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software.

Note: We missed carrying our updates in our Openness program in previous newsletter, hence reproducing them here.

Open Data

Open Data and Land Ownership - Environment Scan (Sumandro Chattapadhyay; February 12, 2018).
On World Water Day - Open Data for Water Resources (Craig Dsouza; March 22, 2018).

Open Access

Open Access India recently released a statement to promote openness in science and research communities. CIS contributed to the text and introduced it to the participants of OpenCon 2018, Delhi.

Delhi Declaration on Open Access (Open Access India; February 14, 2018).

Internet Governance

The Tunis Agenda of the second World Summit on the Information Society has defined internet governance as the development and application by governments, the private sector and civil society, in their respective roles of shared principles, norms, rules, decision making procedures and programs that shape the evolution and use of the internet. CIS is engaged in two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Free Speech & Expression

Blog Entry

Analysis of ICANN financials from 2012-2016 (Sunil Abraham, Arjun Venkatraman and Akriti Bopanna; March 15, 2018).

Cyber Security

Blog Entry

People Driven and Tech Enabled – How AI and ML are Changing the Future of Cyber Security in India (Shweta Mohandas; March 11, 2018).

Participation in Event

Cybersecurity: The Intersection of Policy and Technology (Organized by Synergia Foundation; Bengaluru; March 15, 2018).

Privacy

Events Organized

Roundtable on A.I. and Governance in India (Organized by CIS; India Islamic Centre, New Delhi; March 16, 2018).
A Methods Workshop for Researching Future of Work in India (Co-organized by CIS and the Department of Management Studies, IIT-Delhi; New Delhi; March 28, 2018).

Participation in Events

Siri, did you hear me? Adapting Privacy to New Technologies, Automated Decision-making, and Cloud Computing (Organized by USIBC; New Delhi; March 6, 2018). Amber Sinha was a panelist.
White Paper on Data Protection and Privacy (Organized by National Institute of Public Finance and Policy; New Delhi; March 8, 2018). Sunil Abraham was a moderator in the session on Rights and Protections and Amber Sinha was a panelist.
Listening Machines - New interfaces for Art-Science and Technology Policy (Organized by National Academy of Sciences, Washington D.C; Arthur M Sackler Colloquia; March 12, 2018). Sharath Chandra presented his work "Listening Machines - New interfaces for Art-Science and Technology Policy".
Quantified identities as a global phenomenon: analyzing the impact of biometric systems in our societies (Internet Freedom Festival; Valencia, Spain; March 2018). Amber Sinha made a presentation.

Telecom

Newspaper Column

NPAs & Bad Banks (Shyam Ponappa; Business Standard; February 28, 2018 and Organizing India Blogspot; March 1, 2018).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entry

Information Infrastructures, State, and Citizens: An Initial Literature Survey (Khetrimayum Monish Singh, Ranjit Singh, Palashi Vaghela, and Nazifa Ahmed; March 28, 2018).

Event Organized

Designing Urban Nervous Systems (Organized by CIS; Bengaluru; March 27, 2018). Dr. Anupam Saraph, a future designer and an expert on complex systems gave a talk on looking at cities as living organisms, with nervous systems at the center of their being.

-----------------------------------

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/march-2018-newsletter

Internet Shutdown Stories

Ambika Tandon — 2018-05-17T10:45:20Z

A collection of stories of the impact of internet shutdowns on the lives of Indian citizens.

For more details visit https://cis-india.org/internet-shutdown-stories