Centre for Internet and Society

Checks and balances needed for mass surveillance of citizens, say experts

Admin — 2017-12-16T14:32:23Z

A number of measures are required to protect law-abiding citizens from mass surveillance and misuse of their personal data, according to top technology and legal experts.

The article by Peerzada Abrar was published in the Hindu on December 9, 2017

The measures include issuing of tokens by the Unique Identification Authority of India (UIDAI) instead of Aadhaar numbers and having an official in the judiciary give permission to vigilance.

The experts were participating in a panel discussion on ‘Navigating Big Data Challenges’ at Carnegie India’s Global Technology Summit here. They also said there was a need to implement ‘de-identification of data’ or preventing a person’s identity from being connected with information.

The moderator of the discussion was Justice B.N. Srikrishna, a former Supreme Court judge, who was also heading a government-appointed committee of experts to identify “key data protection issues” and recommend methods to address them. Justice Srikrishna told the panellists that Aadhaar or the unique identification number had empowered the people. But in situations where the State wants all the information about citizens from different service providers because of its suspicions related to terrorism or criminal activity, he asked, what is the method to create a balance?

“Surveillance is like salt in cooking which is essential in tiny quantities, but counterproductive even if slightly in excess,” responded Sunil Abraham, executive director of Bengaluru-based think tank, Centre for Internet and Society. He said there was a need to make a surveillance system which had privacy by design built into it.

Mr. Abraham said that his organisation had proposed to the UIDAI that it used ‘tokenisation,’ which meant that whenever there was a ‘know your customer’ requirement, the Aadhaar number was not accessed by organisations like telecom firms or the banks. Instead, when the citizens used various services via smart cards or pins, a token got generated, which was controlled by the UIDAI. Organisations like banks and telecom firms can store those token numbers in their database. He said this would make it harder for unauthorised parties to combine databases. But at the same time would enable law enforcement agencies to combine database using the appropriate authorizations and infrastructure.

“UIDAI is considering this, they call it the dummy Aadhaar numbers. We need technical as well as institutional checks and balances,” said Mr. Abraham.

Countries like the U.S also have processes like Foreign Intelligence Surveillance Court (FISA court) which entertains applications made by the U.S Government for approval of electronic surveillance, physical search, and certain other forms of investigative actions for foreign intelligence purposes.

“My concern is that in the current system, surveillance can be done by the State machinery. I don’t necessarily suggest FISA court.... but some kind of mechanism where (one can’t) be held at the mercy of incestuous State machinery,” said Rahul Matthan, a partner at law firm Trilegal. “But have some second person who is outside the influence of this system (and) who actually says ‘yes this is a terrorist which requires us to do mass surveillance,” he said.

Artificial Intelligence

A large amount of information or Big data ranging from financial, health to political insights of people is being collected by different organisations and service providers which is sitting in different silos. All of this is likely going to be linked through Aadhaar. Mr. Srikrishna asked what if a situation arises where all of this data is aggregated and using artificial intelligence and machine learning, one is able to analyse it and profile individuals. He said “would that be not a terrifying scenario” where the State can act super-monitor for citizens. He asked how can citizens be guarded against it?

Mr.Srikrishna was referring to the ‘Social Credit System’ proposed by the Chinese government for creating a national reputation system to rate the trustworthiness of its citizens including their economic and social status. It works as a mass surveillance tool and uses big data analysis technology.

“It is a possibility. What stands in the way of it becoming a reality (in India) is a robust law,” said Mr.Matthan. “Technology is so powerful that it could equally be used for good as well as bad.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-peerzada-abrar-december-9-2017-checks-and-balances-needed-to-mass-surveillance-of-citizens-say-experts

Masking personal data to protect privacy crucial for India, say experts

Admin — 2017-12-16T14:27:34Z

Finding a way to protect privacy is critical, with the Supreme Court hearing petitions challenging the mandatory linking of Aadhaar to avail various social and welfare benefits.

The article by Deepti Govind was published in Livemint on December 11, 2017

Using the concept of de-identification to protect an individual’s right to privacy and creating laws that constantly re-evaluates the difference between harmful and good use of data is crucial for India, according to an expert panel on data privacy.

That could mean developing a token system that lets the Unique Identification Authority of India (UIDAI) hold a master-list of data through Aadhaar, while generating token numbers for all other Know Your Customer (KYC) requirements, suggested the panel at the Global Technology Summit hosted by think-tank Carnegie India.

“If we can implement de-identification principles in government collection and storage of data, even if that data is displayed on the website it cannot be correlated to an individual. And if it can’t be correlated to an individual then immediately that data is not as dangerous as it could be,” said Rahul Matthan, partner at Trilegal and a Mint columnist.

In theory, de-identification could include anything from deleting or masking personal identifiers, like names, to generalizing or suppressing others, like an individual’s pin code.

Finding a way to protect privacy is critical for India, with the Supreme Court hearing petitions challenging the mandatory linking of Aadhaar to avail various social and welfare benefits.

One of the grounds for challenge is that the use of biometric information of an individual encroaches upon the individual’s privacy.

The Centre for Internet and Society, a Bengaluru-based research organisation, proposed that the UIDAI use tokens for KYC requirements. Under this method an individual can use a smart card and a personal identification number (PIN), rather than biometrics, at a UIDAI-controlled booth and generate a token number. That token number can be submitted to a telephone operator or a bank.

“UIDAI is currently considering this. They call it the dummy or virtual Aadhaar numbers. Under this a single agency cannot pull off the surveillance completely by themselves. So there is both a technical and institutional check,” said Sunil Abraham, executive director of the Centre for Internet and Society.

Another method could be shifting the emphasis to revoking consent rather than grant of consent to collect and store data.

This could be done using the same method that currently exists to filter unwanted calls and messages on phones via the do-not-disturb registry. But over and above these, creating the right regulatory framework is important.

“It has become absolutely necessary to have in place a law which governs the usage of misuse of data,” said former Supreme Court justice B.N. Srikrishna.

Srikrishna used to head a 10-member committee of experts constituted by the government to study various issues related to data protection, make specific suggestions on the principles to be considered and suggest a draft data protection bill.

The data protection law must balance the interests of all three stakeholders—the common citizens, data collectors and the state—and not focus on just one or two, Srikrishna said on Friday. There should also be methods in place to penalize or impose fines on companies or agencies in case of data breaches or misuses, he added. But imposing fines is not the ideal solution, according to experts.

“It’s really critical that we think about building in incentives to do better. If every violation results in a huge penalty, for instance, then the posture of companies will be a secretive, protective, legal defence posture rather than one that strives to constantly improve practices and technologies,” said Facebook Inc.’s global deputy chief privacy officer, Stephen Deadman.

For more details visit https://cis-india.org/internet-governance/news/masking-personal-data-to-protect-privacy-crucial-for-india-say-experts

Paranoid about state surveillance? Here’s the FD Guide to living in the age of snoops

Admin — 2017-12-16T13:38:46Z

The US does it, so does China. Ever since Edward Snowden’s revelations back in 2013, which exposed the extent of the US’s global surveillance apparatus, the public has been fairly clued into the extent of mass surveillance.

The blog post by Sriram Sharma was published in Factor Daily on December 12, 2017

It doesn’t take a conspiracy theorist to worry that India does it (or wants to), too, especially with the high decibel campaigns by banks, telecom service providers and others to have Indians link Aadhaar, the unique citizen ID, to multiple services.

If you want a dystopian picture of the future of surveillance, look no further than China, considered the world’s worst abuser of internet freedom for the third year in a row, according to the new Freedom House, a US-based NGO that conducts research and analysis on the internet. With a score of 87/100 (higher is worse), the Chinese state is renowned for its Great Firewall, which filters access to the wider internet. “Digital activism has declined amid growing legal and technical restrictions as well as heavy prison sentences against prominent civil society figures,” the latest Freedom House report notes.

India is rated “Partly Free” with a score of 41/100 (lower is better) in Freedom House’s 2017 report on internet freedom

While it’s a long way away from China, India scores 41/100 on Internet Freedom in 2017 but is still considered only ‘partly free’ owing to blocking of internet and telecom service providers in Kashmir and detainment of citizens for expressing their views online. The India report from Freedom House highlights Aadhaar’s mandatory linking for a wide range of schemes and records concerns regarding its privacy and security implications.

In this guide, we take a look at the why, what and how of India’s surveillance apparatus, the legal provisions in the Indian constitution that enables them, ask domain experts to provide us with tips on living in an age of state surveillance. We also take a look at a variety of widely used tools and apps that help you countering state surveillance or tracking of any kind.

Know your Big Brother: India’s State Surveillance Programs

Right to privacy organisation Privacy International has a detailed dossier on the state of privacy in India, which examines India’s surveillance schemes, laws around interception and access, and central intelligence agencies that carry out surveillance. Apart from the state police and the army, surveillance is carried out at least 16 different intelligence agencies, it notes.

The Centre for Internet and Society (CIS) and Software Freedom Law Centre (SFLC) have done extensive research in the past on India’s surveillance apparatus. Earlier this year, CIS reported on the various programs and tech infrastructure behind India’s surveillance state: these include Central Monitoring System (CMS), National Intelligence Grid (NATGRID), Network Traffic Analysis System (NETRA), etc. An earlier CIS report highlights a boom in surveillance tech in India following the 26/11 terror attacks in Mumbai.

Based on an RTI (Right to Information) filing, SFLC’s 2014 report on India’s Surveillance State reveals that around 7,500 to 9,000 telephone interception orders are issued by the central government alone each month. State surveillance of citizens’ private communications is authorised by laws that let them monitor phone calls, texts, e-mails and Internet activity on a number of broadly worded grounds such as such as ‘security of the state’, ‘defence of India’, and ‘public safety’.

The Government of India is also known to said to work with private third parties, some of which go so far as to infect target devices using malicious software to extract information on the subject. A 2013 Citizen Lab report titled ‘The Commercialisation of Digital Spying’ found command and control servers (used to control the host system) for FinFisher (a remote computer monitoring software suite) in India. A Wikileaks expose in 2015 dumped over a million emails belonging to Italian surveillance malware vendor HackingTeam. The emails revealed how India’s top intelligence agencies and the government expressed interest in buying Hacking Team’s malware interception tools.

Fears of an Aadhaar Surveillance State

Thejesh G N, an infoactivist wrote in FactorDaily about Hyderabad’s surveillance hub, which wants to collect all manner of details. Aadhaar is one of the primary keys to matching profiles with external data sources, he notes.

A look at data points gathered by Hyderabad’s Integrated Information Hub

“The end product shows on a map where you live, what you consume, did you take PDS, move to some other place, your mobile number, gender… there’s a lot of data in the hands of the very lowest level of government, which doesn’t have any protection as by a parliamentary committee or anything like that. It’s run by bureaucrats, so that has huge implications,” he says. “If you see Citizen Four (a 2014 documentary about Edward Snowden), it shows a similar system, where you enter one’s SSN, and it shows everything you have done, and are planning to do. We are building the same system…Governments change, today we might have a good government, tomorrow we might have the worst possible government on the planet.”

Pranesh Prakash, Policy Director of CIS says he doesn’t regard Aadhaar as a surveillance project. “I see Aadhaar as something that can facilitate surveillance, but by and of itself, it isn’t surveillance,” he says, adding that it does so in a non-consensual manner. “By having Aadhaar numbers across multiple databases, you make surveillance easier. But you need to tie it up to a surveillance system. For instance, Aadhaar without NATGRID isn’t surveillance, but Aadhaar with NATGRID can be helpful for surveillance.” NATGRID (National Intelligence Grid) was first proposed in late 2009 following 26/11 attacks by the Union Home Minister, to enhance India’s counter-terror capabilities. It links 21 citizen databases for access to intelligence/enforcement agencies.

Ongrid’s website earlier had this visualisation depicting its verification service, which made privacy advocates cringe. Source: Twitter.

We discussed some worst-case scenarios around the commercial use of Aadhaar and India Stack companies with Thejesh. “Let’s say there’s a screening company and they have your Aadhaar ID. They will send it to Airtel, or Vodafone, and ask for a list of all the websites you have viewed. Maybe you’ve watched porn or something, at some point in your life, and that could hurt your employment,” he says.

Curbing your data exhaust

The EFF (Electronic Frontier Foundation) has published a number of useful articles and resources for countering internet surveillance. Recommendations include using end-to-end encryption through tools such as OTR (a messaging protocol available on Adium), PGP (to exchange secure emails), and Signal (messenger).

Other useful tips:

Use VPNs

VPNs (virtual private networks) use encryption protocols and secure tunneling techniques to keep your internet activity impervious to snooping. With a VPN, you can bypass ISP restrictions on blocked websites or access services (Spotify) not available in your country, making it appear that you are browsing from another part of the world. Keep in mind that you can still be outed by your VPN provider, so it’s important to choose one that respects your privacy. There are hundreds of VPN service providers to choose from, That One Privacy Guy maintains a detailed comparison chart of over a hundred VPN providers, with details on jurisdiction, price, ethics, logging policies, VPN protocols supported, and more. Out of these, the country that the VPN provider is based in is a key filter: you don’t want to choose a VPN service based out of the ‘14 eyes‘, as they are known to do mass surveillance.

Use TOR

Tor, an acronym for ‘The Onion Router’, is a free app that lets you anonymise your online communication by directing a web browser’s traffic through a volunteer-run network of thousands of servers. It is funded by the US-based National Science Foundation, Mozilla, and Open Technology Fund, among others. Tor is available for download on Windows, Mac, Linux, and Android.

Browsing on Tor can be far slower than a regular web browser, but it keeps you anonymous.

Encrypt your storage

It’s now a default feature on your phone, or computer, so there’s no reason why you shouldn’t make use of it. To check if it is turned on in Windows 10, Go to Settings > System > About, and look for a “Device encryption” setting at the bottom of the About tab. Keep in mind that you need to sign into Windows with a Microsoft account to enable this setting, so it’s likely that the NSA or FBI might be able to bypass it.

On a Mac, you turn on full-disk encryption through FileVault, accessible in > System Preferences > Security & Privacy.

On an iPhone, data protection is enabled once you set up a passcode on your device.

Android 5.0 and above devices support full-disk encryption. If it isn’t turned on by default on your device, you can turn on encryption under the Security menu.

Sensitive documents can also be encrypted using TrueCrypt. Though you must keep in mind that key disclosure laws apply in India, under the Section 69 of the Information Technology Act, which states that there’s a seven-year prison sentence for failing to assist the central and state governments in decrypting information on a computer resource.

Use an air-gapped PC

An air-gapped PC is one that is not connected to the internet or to any computers that are connected to the internet. Air-gapped PCs are typically used when handling critical infrastructure, and this is an extreme measure one can take when working with sensitive data that you don’t want to be leaked.

Use HTTPS everywhere

HTTPS Everywhere offers plugins for Firefox, Chrome, and Opera, and turns every link you open or key in, to a secure version of the HTTP protocol, which is encrypted by Transport Layer Security (TLS). The tool protects you from eavesdropping or tampering with the site you are visiting, but only works on sites that support HTTPS. Keep in mind that this tool won’t conceal the sites you have accessed from eavesdroppers but it won’t reveal the specific URL that you visited.

Turn on Advanced Protection in Gmail

If you trust Gmail with your data, take the relationship to the next level with Advanced Protection, which safeguards your account against phishing attacks, limits access to trusted apps, and adds extra verification features to block fraudulent account access. You will need a Bluetooth key and a USB key to turn this feature on.

Some other don’ts

Don’t leave any cameras open. Tape them up if you are a potential surveillance target.
Don’t use freemium apps, which trade in your privacy. A recent example of a worst-case scenario.
Don’t send any data via free email services that you would like to keep private.
Don’t use Google or Facebook, as Snowden says, if you value your privacy. Don’t take our word for it.

As for Aadhaar, Thejesh says that there isn’t much one can do as it is forcibly linked to many essential services. He recommends using different email ids for official work and unofficial work. “Use one email ID for Aadhaar and mobile related accounts, and use the other one for regular communication. It separates the accounts from surveillance and adds a layer of security,” he says. “Don’t use Aadhaar until is necessary. If you use Aadhaar and you are not in a mood to resist everything, then don’t use it where it is not required. Don’t use it like a regular address proof,” he adds.

If you are already an Aadhaar holder, it makes sense to use the biometric locking system provided by UIDAI on its website to protect against identity theft and unauthorised access. The biometric locking feature sends an OTP code to your registered mobile number to unlock or disable the locking system.

If someone is concerned about surveillance, CIS’s Prakash recommends not having a cell phone. “The cellphone is the single largest means of data gathering about you,” he says.

Surveillance can take many forms: it can be physical or off-the-air surveillance (an interception technique used to snoop on phone calls), he points out.

A CCTV camera fitted on top of a Hyderabad Police vehicle

Surveillance is not always bad: medical surveillance, for instance, an entire field around the spread of diseases, is necessary, Prakash clarifies. “Even state surveillance for national security purposes is absolutely necessary. A nation-state can’t survive without surveillance so I am quite clear that those who oppose all forms of surveillance are opposing all kinds of rights – because you can’t have rights without security. And indeed, individual security is a human right guaranteed under the Universal Declaration of Human Rights and guaranteed in Article 21 of the Indian Constitution. Without security of the person, you can’t have the right to freedom of speech, you can’t enjoy the right to privacy… If you’re in a state of war or in a state of terror, then you can’t enjoy rights – so clearly for me, surveillance is necessary,” he says.

That said, surveillance in India is highly problematic as the laws and the democratic framework for surveillance is very weak, and enforcement of that framework is even worse, Prakash adds. “One of the best ways of countering surveillance, I would suggest, is to actually demand a democratic framework for surveillance in India. Demand that your MLA and MP take up this issue at the state and central level… and that we have a democratic framework for both our intelligence agencies and for all the surveillance that is conducted by the state in India,” he says.

He calls everything else – “the technological stuff, using anonymising networks, end-to-end encryption” – a second order issue. “It can help you as an individual, but it doesn’t help us as a society.”

For more details visit https://cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops

Artificial Intelligence Literature Review

Admin — 2017-12-16T10:43:42Z

For more details visit https://cis-india.org/internet-governance/files/artificial-intelligence-literature-review

State-led interference in encrypted systems: A public debate on different policy approaches

Admin — 2017-12-05T14:03:09Z

State-led interference in encrypted systems. Sunil Abraham is a speaker for this event.

Proposer's Name: Mr. Carlos Alberto Afonso
Proposer's Organization: Instituto Nupef
Co-Proposer's Name: Mr. Hartmut Glaser
Co-Proposer's Organization: CGI.br

Co-Organizers:

Mr., Carlos, AFONSO,Civil Society, Instituto Nupef
Mr. Hartmut, GLASER, Technical Community, CGI.br
Ms. Jamila, VENTURINI,Technical Community, NIC.br
Mr. Diego, CANABARRO, Technical Community, NIC.br

Session Format: Other - 90 Min
Format description: The session is designed to host a dialectic debate segment followed by a traditional round-table segment structured around a Q&A format.

Proposer:
Country: Brazil
Stakeholder Group: Civil Society

Co-Proposer:
Country: Brazil
Stakeholder Group: Technical Community

Speakers

Christoph Steck (Telefonica, Spain)
Riana Pfefferkorn (Stanford CIS, EUA)
Cristine Hoepers (CERT.br, Brazil)
Carlos A. Afonso (Nupef Institute, Brazil)
Neide Oliveira (Federal Prosecution Service, Brazil)
Sunil Abraham (CIS India)
Monica Guise Rosina (Facebook Brazil)
Jonah F. Hill (NTIA, EUA)
Nina Leemhuis Janssen (Govt of The Netherlands)

Content of the Session

The workshop is built around a policy question that approaches some historical controversies inherent to the widespread use and availability of encryption in the Internet, with a special focus on the tension between the increasing use of cryptography after Snowden and the supposed challenges it poses to public and national security in a digital era. The session promotes a space for multistakeholder debate on: the state of the art in the development and employment of cryptography; different attitudes towards the freedom to use encryption in different jurisdictions; modes of state-led interference in/with encrypted systems; and the limits posed by national and international law to such interference, as well as the impacts it might have to the protection and promotion fundamental human rights and shared values, to permission-less innovation on the Internet and the open architecture of the network. The session will host two segments: one will consist of two presentations made by government officials from the UK and the Netherlands that will detail different policy approaches for dealing with the use of encryption. The second comprises a multistakeholder round-table that gathers comments and questions about the previous presentations. In the end, moderators will summarize discussions and an overarching and documented report of the session will be made available for the session. The unorthodox format chosen for this session allows public scrutiny over some very practical policy-oriented approaches. The bulk of discussions registered during the workshop can provide dialogued feedback into policy development processes elsewhere.

Relevance of the Session

The development and use of encryption to protect information and communication dates back to ancient times. Encryption has been mainly employed over the centuries to protect personal data, business information, governmental classified information, etc. Attempts to break encryption in general as well as the notion of inserting vulnerabilities (such as backdoors) in systems that rely on encryption have been a parallel phenomenon to (and also an integral part of) the longstanding efforts of cryptography. One might even say that those two processes function as the two different sides of the same coin.

The advent and the great pace of development of computing and networking technologies boosted the science behind cryptography to unprecedented levels of relevance for society in general. More recently, after the Snowden affairs, cryptography has been perceived as a necessary condition (not a sufficient one though) for Internet users to curb the abuses entailed by massive digital surveillance and espionage by an ever growing number of countries. In parallel, together with other measures, the deployment of encryption to commercial applications seems to have become a, somehow, sine qua non condition for some Internet companies to regain consumer trust and retain competitive advantages in relation to other players in the market.

The widespread use and availability of encryption tools however refueled tensions and entailed policy responses in a myriad of countries (e.g.: the Apple vs FBI case in the context of the San Bernadino Shooting; the announcement made by some European countries of their willingness to outlaw some uses of encryption as well as the public commitment of the Netherlands government to support encryption and oppose the development of backdoors; and the successive orders by Brazilian courts that aimed at blocking Whatsapp in the country due to the company’s denial to delivery communication records from some of its users). Those tensions generally revolve around the fact that as general-purpose technology, encryption can be also employed to conceal irregular and/or illicit activities, which would justify the creation of some narrow but allegedly needed exceptions to the constitutional limits built over the last century in several countries to impose limits to criminal investigation in order to uphold privacy and personal data protection.

The cases mentioned above gave rise to fierce discussions on whether or not the use of encryption increases by itself the likelihood of and facilitate the occurrence of crime and other illicit activities (most notably organized crime of all sorts and terrorism). Some law enforcement agencies and security forces have argued that encryption impairs crime investigation and the prosecution of criminals, and therefore the development of technology with embedded backdoors might be needed. Other actors, including representatives from the technical community, however, argue that such interference might disrupt regularly protected flows of information and communication as well as compromise privacy and the protection of other fundamental human rights. At this point, we are in a stage in which the trade-off between those two perspectives have to be settled through democratic means and public participation and that is why this workshop was submitted for the IGF 2017.

Besides dealing with several different topics that comprise the overarching agenda of Internet governance (human rights, cybersecurity, openness and permission-less innovation, economic development, infrastructure governance, etc), the topic of this workshop is directly connected to two different goals comprised in the UN SDGs: sound institutions and innovation. Discussions on the contours of sound political institutions and on challenges and incentives for innovation are integral components of any sort of political agenda that aims at reflecting upon the “digital future”, which is the case of the 2017 IGF and highlight the importance of adding this proposal to the overall agenda of the event.

For more details visit https://cis-india.org/internet-governance/news/state-led-interference-in-encrypted-systems-a-public-debate-on-different-policy-approaches

Digital native: Memory card is full

nishant — 2018-01-10T02:08:57Z

We train ourselves to forget as our devices store everything. How do we remember things that matter?

The article was published in Indian Express on December 3, 2017

#metoo #himtoo #privacy #bigdata #artificialintelligence #machinerights #Aadhaarprivacy #ItHappensToEverybody #chillingeffects #cyberbullying #Anonymity #checkyourprivilege #botlogic #bluewhale #kidsonline #alonetogether #digitalfreedom #freespeech #righttolove #righttobeforgotten #digitalIndia #mobility #digitalcare #emojis #freeexpression #Internetblackouts #DigitallyDisconnected #attentioneconomies #Digitalcurrencies #algorithmicfriendships #MakeInIndia #AadhaarLeaks #freepress #wisdomofmobs #snapchatgate #digitalivesmatter #ClosedWebs #dataconsent #rightobeforgotten #surveillance #digitalcitizens #fakenews #righttoprivacy #alternativefacts #neveragain #alwaysremember #Nogoingback #Notallmen #yesallmen #dalitlivesmatter

As you stare at the mass of hashtags, I want you to play a little game with me. These are all hashtags associated with social movements, political protests, cultural phenomena and individual impulses that have marked 2017. Over this year, I have written about these. Most of these events were discussed a lot and they must have come to your attention in our viral webs. I want you to look at each of these hashtags and try to remember what events and circumstances, concerns and questions, alarms and crises were associated with them.

I must confess that I only have faint memories of some of these events and a complete blank spot on the specificities of a few. At the time of writing, these were questions that were urgent, critical, and all-consuming. And yet, in the brief span of a few months, they have receded from my memory. The only reason I was able to list all these topics was not because I remembered them, but because they were stored and archived in the digital web, and I was able to pull them out through a search query.

This relationship between memory and storage is both intriguing and alarming. One of the joys of being human is to be able to forget. One of our strongest coping mechanisms is our capacity to make things fade in memories, so that we can live without being trapped in our pasts. The ability to forget also allows us to forgive and to move on, focusing on corrections rather than mistakes.

However, when it comes to the digital, memory and storage are the same thing. Human memory falters. But digital storage, outside of a system crash or a black-out is always there, and ready to be converted into memory at the click of a search button. This infinite storage produces a new crisis for us in our digitally mediated lives. It means that even when we forget and depend on our social networks forgetting, the algorithmic databases of storage will not forget our actions and reactions.

Now, we also train ourselves to forget because we are assured that these new artificial memories will retain the information longer. As we rely on algorithmic prompts to remind us of things from our past, we lose our capacity to remain engaged and committed to different questions and ideas that are important to us. This reliance on digital storage rather than human memory enables a culture of fragmented and multitasking politics, where we pay momentary attention to the hashtag of the day and forget it quickly as new things grab our attention.

It poses crucial questions to our ways of thinking about social collectives: Who are we when our machines remember what we have forgotten? What happens when somebody animates forgotten memories through querying digital storage? How do we ensure that the prompts for the new do not draw us away from remembering things that are critical? Human civilisations have depended on cultures of memory making. All our cultural products — even the pictures of dancing babies and cute cats — are indeed ways by which we create collective memories of who we are and who we want to be. However, we are increasingly living in times where our capacity to forget is superseded by our machines of storage. We need to find new ways of figuring out how we can remember things that need longer memory, and how we can be forgotten from actions which need to be un-stored.

For more details visit https://cis-india.org/raw/indian-express-nishant-shah-december-3-2017-digital-native-memory-card-is-full

November 2017 Newsletter

praskrishna — 2018-01-10T01:57:29Z

November 2017 Newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment. CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu. The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW. The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017. DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector. CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017. CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them. CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

Highlights

Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. She posed a question on the agenda 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on Limitations and Exceptions for Libraries and Archives and GRULAC Proposal for Analysis of Copyright in the Digital Environment.
CIS-A2K signed a Memorandum of Understanding with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu.
The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society gave comments on GIGW.
The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in an article in the Business Standard on November 1, 2017.
DataMeet and CIS have collaborated on identifying and addressing the challenges to open up and integrate data and information in the water sector.
CIS commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector published by the Telecom Regulatory Authority of India on August 9, 2017.
CIS published a report that compares laws and regulations in the United Kingdom and India to see the similarities and disjunctions in cyber security policy between them.
CIS sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing. The submission drew on research primarily done in the Pervasive Technologies project.

CIS in the News:

Big Data for governance (Alekhya Hanumanthu; Telangana Today; November 4, 2017).
How tech is making life easier for differently-abled (Shalini Umachandrani; November 7, 2017).
India Today Conclave Next 2017: Aadhaar was rushed, says MP Rajeev Chandrashekhar (Priya Pathak; India Today; November 8, 2017).
What You Need To Worry About Before Linking Your Mobile Number With Aadhaar (Roopa Raju and Shekhar Rai; Youth Ki Awaaz; November 8, 2017).
OPINION | Data is New Oil and Human Mind the New Battlefield. India Must Wake Up Now (Lt. General (Retd.) D. S. Hooda; News18.com; November 11, 2017).
Aadhaar seeding: benefits and concerns (Shaikh Zoaib Saleem; Livemint; November 14, 2017).
Privacy issues exist even without Aadhaar (Ronald Abraham; November 15, 2017).
Advocating for Openness: Nine Ways Civil Society Groups Have Mobilized to Defend Internet Freedom (Centre for International Media Assistance; November 15, 2017).
Govt working to set up financial CERT to tackle cyber threats (Komal Gupta; Livemint; November 16, 2017).
Financial CERT to combat cyber threats, says MoS home affairs (CISO MAG; November 17, 2017).
UIDAI admits 210 government websites made Aadhaar details public (Financial Express; November 20, 2017).
India’s internet missionaries: The women Google is relying on to spread its Next Billion message (Sunny Sen; Livemint; November 21, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Indian activists slam FCC decision to ditch net neutrality (Kul Bhushan; Hindustan Times; November 23, 2017).
FCC’s plan to repeal net neutrality may not impact India (Surabhi Agarwal; Economic Times; November 23, 2017).
Why should you keep a close eye on the net neutrality debate in the US (Subhrojit Mallick; Digit; November 24, 2017).
Cyberattacks a significant threat to democracy: Modi (Komal Gupta; Livemint; November 24, 2017).
Aadhaar verification at airports raises need for stricter data privacy regulations (Aman Sethi; Hindustan Times, November 27, 2017).
IDAP Interview Series: Interview with Nirmita Narasimhan (IDIA Law; November 27, 2017).
Govt releases white paper on data protection framework (Komal Gupta; Livemint; November 28, 2017).
Bengalureans to receive Helen Keller award (Deccan Herald; November 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Submission

Comments on Guidelines for Indian Government Websites (Nirmita Narasimhan; November 26, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright & Patent

35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 15, 2017).
35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; November 17, 2017).
35th SCCR: CIS' Question to Dr. Rostama on her Study on the Impact of the Digital Environment on Copyright Legislation (Anubha Sinha; November 19, 2017).

►Wikipedia

Blog Entry

CIS-A2K signs MoU with Telangana Government (Manasa Rao; November 8, 2017).

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entries

A Comparison of Legal and Regulatory Approaches to Cyber Security in India and the United Kingdom (Divij Joshi; edited by Elonnai Hickok; November 12, 2017).
Counter Comments on TRAI's Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector (Amber Sinha; November 23, 2017).

Participation in Event

BIS International Seminar on Internet of Things (Organized by BIS; November 15, 2017; India Habitat Centre, New Delhi). Amber Sinha attended the event.
Internet Universality Indicators for a Safe, Secure and Inclusive Cyberspace for Sustainable Development (Organized by UNESCO in collaboration with the Ministry of Electronics and IT, Government of India; UNESCO Conference Room, Chanakyapuri, New Delhi; November 17, 2017). Amber Sinha attended the event.

Roundtable on Data Integrity and Privacy (Organized by Observer Research Foundation; November 18, 2017). The round table discussion was chaired by Shri Baijayant Panda, Hon'ble Member of Parliament.

►Cyber Security

Blog Entry

Breach Notifications: A Step towards Cyber Security for Consumers and Citizens (Amelia Andersdotter; November 14, 2017).

Event Organized

Roundtable on Enhancing Indian Cyber Security through Multi-Stakeholder Cooperation (Indian Islamic Centre; Lodhi Road; New Delhi; November 4, 2017).
Open House on Security Practices in FinTech (Organized by CIS and Has Geek; November 17, 2017).

Participation in Event

Multinational Cyber Security Forum at University of Haifa (Organized by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative; November 5 - 7, 2017). Sunil Abraham participated in the meeting held in Israel.
Global Commission on the Stability of Cyberspace (GCSC) (Organized by GCSC; November 21, 2017; New Delhi). Pranesh Prakash participated in the event.

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

Nobel Laureate Richard Thaler's Views On Auctions (Shyam Ponappa; Business Standard; November 1, 2017).

Submission

Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing (Anubha Sinha; November 26, 2017).

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Articles

Digital native: Rebellion by Google Doc (Nishant Shah; Indian Express; November 4, 2017)
Digital native: Let there be life (Nishant Shah; Indian Express; November 19, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/november-2017-newsletter

Govt releases white paper on data protection framework

Admin — 2017-11-28T14:34:09Z

Public comments are welcome till 31 December on the data protection white paper, which is aimed at securing digital transactions and addressing privacy issues.

The article by Komal Gupta was published in Livemint on November 28, 2017

A nuanced approach towards data protection will have to be followed in India, keeping in mind the fact that individual privacy is a fundamental right limited by reasonable restrictions, according to a white paper issued by the government on a data protection framework.

The government has sought public comments till 31 December on the white paper, which is aimed at securing digital transactions and addressing customer and privacy protection issues.

The white paper, drafted by the committee of experts on data protection framework, was released by the ministry of electronics and information technology on Monday.

On 31 July, the government constituted a 10-member committee of experts headed by former Supreme Court justice B.N. Srikrishna to study various issues relating to data protection and make specific suggestions on the principles to be considered for data protection as well as suggest a draft Data Protection bill.

Other members of the committee include telecom secretary Aruna Sundararajan, Unique Identification Authority of India chief executive Ajay Bhushan Pandey, and additional secretary in the information technology ministry Ajay Kumar.

The committee seeks to put the onus on stakeholders and the public through a questionnaire on issues such as collection of personal data, consent of consumers, penalties and compensation, code of conduct and an enforcement model that should be set up.

“The sensitivity of the data could also develop based on its combination with other types of information. For example, an email address taken in isolation, is not sensitive. However, if it is combined with a password, then it could become sensitive as it opens access to many other websites and systems, which may expose the individual to harm such as cyberattacks and phishing frauds,” the white paper said.

It is also possible that personal or even non-personal data, when processed using big data analytics, could be transformed into sensitive personal data. Therefore, there may be a need to create safeguards which will prevent misuse of personal information in these contexts of use, it added.

The white paper also seeks “to designate certain lawful grounds under which data can be processed, even in the absence of consent.”

In some situations, seeking consent prior to a data processing activity would not be possible, or it may defeat the purpose of the processing. For instance, where law enforcement officials need to apprehend a criminal, seeking the consent of the criminal prior to processing would defeat the purpose of the investigation, it said.

“It seems to be an eminently reasonable white paper which raises the right questions. However, it lacks analysis of data protection vis-a-vis Aadhaar,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

Safeguarding privacy rights needs much more than a data protection law; it needs a larger consultation that includes issues like surveillance as well, added Prakash.

For more details visit https://cis-india.org/internet-governance/news/livemint-november-28-2017-komal-gupta-govt-releases-white-paper-on-data-protection-framework

CyFy 2017 Agenda

Admin — 2017-11-26T09:11:29Z

For more details visit https://cis-india.org/internet-governance/files/cyfy-2017-agenda

Advocating for Openness: Nine Ways Civil Society Groups Have Mobilized to Defend Internet Freedom

Admin — 2017-11-26T03:58:47Z

The debate over whether the Internet is a better tool for democratic empowerment or authoritarian control misconstrues the nature of the democratic challenges of the digital age.

The blog post by Sarah Oh was published by the Center for International Media Assistance on November 15, 2017

Key Findings

Civil society groups from the Global South are leading the charge to advocate for an Internet that remains open, pluralistic, and democratic. The nine case studies highlighted in this report demonstrate various ways groups in different countries have successfully fought for policies and norms that strengthen Internet freedom and digital rights. These strategies include awareness-raising, nonviolent direct action, regional and international coalition-building, and strategic litigation.

Media freedom advocates have been at the forefront of many Internet freedom efforts.
Threats to independent media online and freedom of expression continue to mount as authoritarian regimes become more technologically savvy.
Building broad civil society coalitions around Internet rights increases the chances of long-term success.

Introduction

The debate over whether the Internet is a better tool for democratic empowerment or authoritarian control misconstrues the nature of the democratic challenges of the digital age. The Internet is not a tool, but a complex domain of “competing forces and constraints.”1 These forces are comprised of powerful businesses, states, politicians, criminal enterprises, advocacy groups: in short, all of the elements present in any democracy. But in this cyber-democracy, forces compete in part on the shifting ground of the technological and physical infrastructure of the Internet, where some players wield more power than others with an ability to mold the terrain in their favor. Authoritarian states aware of what is at stake in the evolution of the Internet are beginning to engage in long-term and well-resourced efforts to undermine the democratic rights of citizens in this more fundamental way.

In a reference to the distributed denial-of-service (DDoS) attacks that take down a specific website, these broader efforts represent what some have called a “distributed denial-of-democracy” (DDoD) attack aimed at reducing the utility of the Internet for genuine democratic discourse. These efforts, which are coordinated and well resourced, are often more insidious, harder to detect, and have the overall effect of undermining civic engagement and overall trust in the media ecosystem.

And while the diffuse and fast-changing nature of Internet can at times make it difficult for authoritarian regimes to exert their control, the complex interplay between technology, laws, infrastructure, and socio-political factors shaping the Internet make it equally difficult for democratic actors to counteract these DDoD strategies. As an additional obstacle, the values that underpin Internet freedom can be sidelined in the forums and governing bodies that set Internet standards by the dominance in those spaces of private tech companies concerned primarily with generating profits.

Formidable though they may be, these challenges are not insurmountable. Civil society groups from the Global South are leading the charge to advocate for an Internet that remains open, pluralistic, and democratic. The nine case studies highlighted in this report demonstrate various ways groups in different countries have successfully fought for policies and norms that strengthen Internet freedom and digital rights. These strategies include awareness-raising, nonviolent direct action, regional and international coalition-building, and strategic litigation.

Each of the following case studies corresponds to one of the nine guiding principles of a Democratic Framework to Interpret Open Internet Principles. This framework was collaboratively developed by a network of civil society groups worldwide to illuminate the ways that an open Internet is essential for the functioning of democratic societies. It was inspired by the norms and standards developed by the Internet Rights and Principles Dynamic Coalition (IRPC) of the United Nations Internet Governance Forum.

The framework is an important starting point for more effective, coordinated effort to ensure that the Internet remains a welcoming place for democratic life. Its aim is to create a consensus around the values that should shape the future development of the Internet. But moreover, it also provides an avenue for understanding and sharing knowledge on the concrete strategies that can be put into practice in different contexts to make sure that the Internet remains a level playing field. The following nine examples demonstrate how citizen groups can mobilize to enshrine such democratic principles in cyberspace.

“The debate over whether the Internet is a better tool for democratic empowerment or authoritarian control misconstrues the nature of the democratic challenges of the digital age.”

1. Freedom of Expression

In the Philippines, a cybercrime law introduced in 2012 proposed increasing penalties for libel and giving authorities unchecked power to track information online. Internet freedom activists worried several provisions of the law would infringe on freedom of expression by preventing Filipinos from freely posting content on websites, and participating in online forums and discussions without fear of being blocked or facing serious penalties. In response, pro-democracy organizations from across the political spectrum joined together to challenge the constitutionality of the law. Through protests, roundtables, and capacity building activities, they raised awareness and encouraged advocacy efforts around the dangers the law posted to freedom of expression and privacy. The Foundation for Media Alternatives (FMA ), a digital rights organization founded after the fall of the Marcos dictatorship and the Philippine Internet Freedom Alliance (PIFA), a broad nationwide coalition of pro-democracy and Internet freedom advocates, were among the organizations in the front lines on the struggle. PIFA was even one of the 20 organizations to file 15 petitions to the Supreme Court about the constitutionality of the law.

Public efforts in the courts and actions in the streets contributed to the takedown of three contested provisions of the law, including provision that would allow government to block or restrict access to computer data. The Supreme Court declared these provisions unconstitutional and delayed implementation of the law. Despite public concerns about the surviving provisions, the national campaign against the cybercrime law led to a turning point for Filipino activists; it showed the power of people coming together and fighting for the importance of digital rights in the Philippines. Initially fragmented, the campaign led to a larger movement unified under the goal of protecting human rights and freedom of expression online. Thus, it took the introduction of a flawed law and active public campaigns to initiate a broader dialogue about privacy, surveillance, and digital security. Digital rights communities across Southeast Asia have been inspired by Filipino advocacy efforts, which they have understood to be an example of how to communicate the balance required between anti-cybercrime measures with fundamental rights to a public audience.

2. Freedom of Assembly and Association

Social media is an important organizing tool for journalists and advocacy groups in Uganda. Facebook, WhatsApp, and other messaging applications have been used to share political knowledge, connect leaders with supporters, and organize events — even share information about government abuses. During national ‘Walk to Work’ protests in 2011, organized to protest living costs after presidential elections, Facebook and Twitter provided a steady stream of updates from protestors, bystanders, and journalists.

Using social media, however, can have dangerous consequences for marginalized groups such as the LGBT community. The government of Uganda has been known to collect user information and prosecute individuals based on information shared on social media. Uganda is one of 76 countries where homosexuality is currently criminalized, and LGBT activists fear that their online conversations will be monitored and used against them. By posting information taken from photos and content posted on Facebook, a local tabloid exposed the identity of numerous members of the LGBT community in 2011 and again in 2014. The tabloid stories in 2011 are believed to have contributed to the killing of David Kato, a prominent gay rights activist.

Furthermore, the government has repeatedly restricted access for advocacy groups to use the Internet to share political information. In 2016, the country’s media regulator restricted the use of WhatsApp, Facebook, and Twitter to prevent the organizing of protests before presidential elections in February as the government had done before in 2011. In both cases, the electoral commission enforced the social media shut-down.

Civil society groups have responded in two ways. First, they have sought to deepen their digital security capacity. To protect against threats to journalists, LGBT organizations, and other groups have learned how to use Facebook and social media applications more securely and to implement other practices that increase their privacy. In the lead up to the 2016 election this included the use of virtual private networks (VPNs) to share information. Civil society groups spread information about how to use them through radio broadcasts. The fact that the hashtag #UgandaDecides trended on Twitter shows how they were able to spread their knowledge through local networks and connect with international media. Secondly, civil society groups built coalitions with international organizations to draw attention to abuses taking place in Uganda. In 2016, Access Now supported a coalition of groups to demand that the government stop the Internet shutdown as part of the #KeepitOn campaign.

3. Accessibility

In Nigeria, national broadband plans have overlooked rural communities, leaving them with low bandwidth and high-cost options for Internet access. This means that broadband and mobile data fees are unaffordable to many in Nigeria, especially the poor. Fixed-line broadband subscriptions cost an average of 39 percent of average income, and mobile broadband packages cost 13 percent. Given that approximately 80 percent of Nigerians earn below the poverty line ($2 a day or less), access to the Internet is out of reach and unaffordable for a majority of citizens in Nigeria.

The Alliance for Affordable Internet, a global coalition working on Internet affordability, works with Nigerian civil society leaders to raise awareness around this issue through thematic working groups. The consumer advocacy and pricing transparency working group, for instance, works closely with a coalition of Nigerian NGOs that have been leading campaigns to raise awareness about pricing and taxation policies that have been proposed in Nigeria. One proposed policy includes imposing a nine percent tax on voice, data, and SMS services to consumers. This policy would make the Internet dramatically more expensive for Nigerian consumers. Groups say they worry about the consequences of the proposed policy in an environment where farmers are forced to climb trees just to get a stable Internet connection.

Civil society leaders who are part of the coalition have worked to build a healthy dialogue between regulators, civil society, and the government. A key strategy, according to activists, has been encouraging groups to find constructive ways to work with government and leveraging the interests of each of these groups to protect and drive down costs for Nigerian consumers. They seek to build relationships with the regulator and to inform them about ways to better communicate with and engage consumer groups, such as sharing their content through social media rather than press releases. Another important learning has been identifying champions within government to work on these issues.

4. Privacy and Data Protection

In Burma, gaps in the law have left citizens vulnerable when it comes to privacy and data protection. Restrictions on privacy have eased since the country’s transition from military rule, but a lack of data protection laws and general lack of awareness around privacy and data protection present significant challenges for protecting an open Internet.

Messaging applications such as Viber and Facebook Messenger, for example, are the de-facto tool for communication for activists and are used to organize political events and activities. Cheaper than voice calls, far more accessible than landlines, and easier to use than email, these tools are the primary way people in Burma communicate. Activists have received harsh penalties for sharing content that may be viewed as threatening state security. These applications are often not secure, making it possible for Burma state authorities or agents of the state to intercept their conversations. During a crackdown on student protests in March 2015, mobile phones were taken by police. Activists worried at the time that information on these phones would eventually be used against them.

Observing the need to protect activists and educate them about data protection, activists in 2016 formed a coalition, Digital Rights MM. The coalition, led by Phandeeyar, Myanmar Center for Responsible Business, Myanmar ICT for Development, and Free Expression Myanmar, has led a national conversation on the issue. Drawing on expertise from the region and international organizations, 22 local Burma-based organizations have been successful in pointing out gaps when it comes to privacy and freedom of expression in the national telecommunications law, a comprehensive law that oversees the development of the telecommunications sector in Burma. They also participated in meetings with the government and launched a public facing campaign #ourvoiceourhluttaw pushing to amend 23 articles, including one on lawful interception of data.

“Messaging applications such as Viber and Facebook Messenger, for example, are the de-facto tool for communication for activists and are used to organize political events and activities.”

5. Personal Safety and Security

In Pakistan, women face threats of physical, sexual, and psychological harassment online. Leaking explicit photos and threats of blackmail are growing increasingly more common. From 2014 to 2015, more than 3,000 cybercrimes were reported to the Federal Investigation Agency and of those cases, nearly half were targeted to women on social media. Observers estimate far more cases go unreported. In fact, in workshops conducted by the The Digital Rights Foundation, many female college students reported that they did not know cyber harassment was a crime.

Online platforms are an important space for political engagement, expression, and mobilization in Pakistan. Thus, online harassment directly impacts the political participation of women, including female journalists and women politicians. In 2016 the Digital Rights Foundation established a Cyber Harassment Helpline that women can reach out to for help when they are harassed on the Internet. One of the main objective of the helpline is to help bridge the trust deficit between survivors and law enforcement agencies. An analysis of more than 400 cases showed that the most common barriers to equal participation are non-consensual use of information, impersonation, account hacking, black mailing, and receiving unsolicited messages; the most targeted groups include women, children, human rights defenders, and minority communities. The Digital Rights Foundation has also been leading efforts to strengthen legal protections for women and responding to survivors by recommendations to law enforcement agencies and the government. Pakistan has a National Response Centre for Cybercrime, but it has faced challenges serving women outside of major cities.

6. Inclusion

In India, the population of people with disabilities is estimated to be as high as 150 million people, and the recorded rates of those who are vision-impaired are among the highest in the world. Indian digital rights advocacy groups, like the Centre for Internet and Society (CIS) have worked to ensure that these individuals are able to participate fully online by promoting policies that prioritize accessibility. These include the National Policy on Universal Electronics Accessibility, the Rights of Persons with Disabilities Act, and Guidelines for Indian Government Web (GIGW), which all require government information be shared in formats that are accessible. Advocacy groups, however, have successfully shown that policies alone are not enough and have taken action to ensure persons with disabilities have access to critical resources and information online.

Mobile phones in particular are a vital portal to access government services, but mobile applications remain largely inaccessible to many people with disabilities, especially those with vision disabilities. For example, CIS observed in 2015 that the MyGov, the Indian Government’s mobile citizen engagement platform and the Prime Minister’s application was highly inaccessible: screens cannot be navigated by visually impaired users and can also not be read using a screen reader. Based on this, CIS with other advocacy organizations worked on framing accessibility guidelines for mobile applications recommended to the Government of India as a standard. Advocacy groups, such as the National Centre for Promotion of Employment for Disabled People (NCPEDP), have also been appealing to the private sector to ensure products designed to serve these needs are affordable and readily available to people with disabilities. They appeal to Indian companies and policymakers by advocating for the universal appeal of assistive technology to ensure disabled communities are not left behind.

Sustained advocacy, new legal mandates applied to public and private sectors, and increased research in this domain have helped advance the issue of accessibility of mobile applications. The country’s National Informatics Centre has set up a committee to revise the GIGW to bring them up to speed with international standards.

For more details visit https://cis-india.org/accessibility/news/cima-sarah-oh-november-15-2017-openness-nine-ways-civil-society-groups-have-mobilized-to-defend-internet-freedom

Aadhaar seeding: benefits and concerns

Admin — 2017-11-23T02:02:45Z

Products and services such as bank accounts, life insurance policies and phone connections have to be linked with Aadhaar. But is this of any real help?

The article by Shaikh Zoaib Saleem was published by Livemint on November 14, 2017.

The government has made it mandatory for consumers to link many important services with Aadhaar. You too may be getting frequent reminders to link your banks account, mutual fund and mobile number with Aadhaar. Recently, the Reserve Bank of India also clarified that it is mandatory to link bank accounts with Aadhaar.

The latest addition to this list are insurance policies. In a circular, the Insurance Regulatory and Development Authority of India (Irdai) has stated that linking of Aadhaar number to insurance policies is mandatory under the Prevention of Money-laundering (Maintenance of Records) Second Amendment Rules, 2017.

The issue is being discussed intensively, with the Supreme Court taking a decision in favour of linking Aadhaar biometrics and the number with a host of services. Several petitions have been filed challenging not just the linking of these services with Aadhaar but also the validity of Aadhaar itself. We spoke to people who support and those who oppose this linking, to understand how either case impacts consumers.

The benefits

According to the Unique Identification Authority of India (UIDAI), government schemes are asking for Aadhaar as it helps to clean out duplications and fakes, and provides accurate data to enable implementation of direct benefit programmes. “Use of Aadhaar reduces the cost of identifying persons and provides increased transparency to the government in implementation of its schemes,” the Authority states under frequently asked questions on its website (read more at: https://uidai.gov.in/your-aadhaar/help/faqs.html) So, when you link your bank account with your Aadhaar, government benefits such as subsidy on LPG cylinders is credited directly to that account. The FAQs, however, do not elaborate how such linking helps an individual who does not get, or does not wish to get, such subsidies. In a tweet, UIDAI had said that verifying a bank account using Aadhaar adds an additional layer of security.

Nakul Saxena, a former banker who now works on policy advocacy at the software think tank iSpirt Foundation, said that linking of Aadhaar with these services will help eradicate fake accounts, fake insurance policies and unauthorised mobile connections. “It is possible that there are many accounts in the system that have been opened using such documents and copied signatures and even the banks may not be aware of it. Some people may not even be aware that an account exists in their name. These accounts need to be verified using Aadhaar now,” he said.

The government claims to have removed millions of fake beneficiaries for government benefits by Aadhaar linking. As reported by Mint in May 2017, over 23 million fake ration cards have been scrapped, potentially saving the government Rs14,000 crore in food subsidy every year. Another Mint report in August says, three states discovered that about 2,72,000 fake students were availing the mid-day meal (MDM) scheme.

However, those who are against linking Aadhaar disagree with these arguments. “Initially, Aadhaar was about delivery of services. But linking everybody’s phone number and bank account is not about that anymore. The real question is, what purpose this linking serves. If the intention is to update the databases, then there can be other means to update those,” said Rahul Narayan, a Supreme Court advocate who is among the lawyers representing petitioners who have challenged Aadhaar linking in court.

The concerns

The fundamental objection to this linking of services is that all information on an individual will be available at a single place, which could make surveillance easier and also increase the risks if this information is hacked. “As of now, your bank knows something about you, your insurance company knows something and your mobile phone company knows something about you. Each of these are different silos of information. When these converge, which is then accessible to a single person, that person knows almost everything about you,” said Narayan.

Moreover, a user’s Aadhaar number and fingerprint are permanent identifiers, and at least the Aadhaar number has been compromised for over 130 million citizens, as per a study by Centre for Internet & Society, said Nikhil Pahwa, co-founder of the SaveTheInternet.in (https://internetfreedom.in) campaign for net neutrality in India. “This leaves the users vulnerable to social hacks, some of which we have already been reading about in the news. To forcefully and mandatorily link Aadhaar to bank accounts means that their finances are at risk,” he said.

Saxena said the data leaks that have been highlighted have been typically about demographic details such as name, date of birth and address “which have been commonly available so far.” However, given the heightened sensitivities in this digital age, customers must ask their service providers to not publish such details, nor provide this information freely, he added.

Grievance redressal and data privacy

Another major concern is the absence of a clear redressal mechanisms for consumers in case of a data leak, misuse or hack. “When things go wrong, consumers need to have access to a proper complaints mechanism. In the case of Aadhaar, such access is to be provided through the establishment of ‘contact centres’ under the Regulation 32 of the UIDAI Enrolment and Update Regulations. To the best of our knowledge, not much beyond Regulation 32 has yet been specified by the UIDAI,” said Renuka Sane, associate professor at the National Institute of Public Finance and Policy, who has worked on data privacy and security issues.

Apart from this, Section 47 of the Aadhaar Act stipulates that only UIDAI or its authorised officers can file a criminal complaint for violations of the Act, she added.

“The UIDAI has been given complete discretion in determining if and when to file a criminal complaint for violations of the Act, and an individual aggrieved by actions of a third person is left to rely upon the bonafide actions of the UIDAI,” Sane added. The government is also working towards a data privacy legislation, that is needed to give citizens protection against misuse of their data, and them having some control over who gets their data, how it is used, and where it can be shared. “However, a data privacy legislation and mechanism will not ensure that data remains secure and protected, and that processes are followed. The Act disallowing people from sharing Aadhaar numbers did not prevent government departments from publishing details online,” said Pahwa. He also said that systems can get hacked, which could include the Aadhaar database, the parallel Aadhaar databases with state governments, or eKYC databases held with banks and telecom operators.

Saxena said the UIDAI has clarified that biometric information is not stored with user agencies, and stored biometrics can't be used for Aadhaar authentication or eKYC. “Hence, customers can be assured when using Aadhaar and biometrics with authorized entities,” he said. “The data privacy law will address data privacy and protection in all digital systems, not just Aadhaar. It will equally apply to social media and mobile apps. It should also go into the aspect of ‘right to be forgotten’,” said Saxena.

Pahwa, however, insists that the least that should be done is to give citizens the right to not link their Aadhaar and use other IDs for authentication, plus the ability to change their ID number if the system gets compromised.

What you should do

For now, the deadlines for linking bank accounts with Aadhaar is 31 December 2017, and for mobile phones it is 7 February 2018. In its latest hearing on the matter, the Supreme Court has directed service providers to mention these deadlines in their reminders. “Right now, regardless of what they say, nobody is going to shut down your bank account or disconnect your mobile connection, at least till the deadline. There are several petitions being heard in the Supreme Court. The matter is supposed to be taken up by the Supreme Court in the last week of November. The final word from the court is yet to come and it is quite possible that at least the deadlines gets extended,” said Narayan.

If you have already linked these services with Aadhaar, you are in no trouble. But if you are having second thoughts, the linking cannot be undone. If you are concerned about safety or other aspects, you can wait to get more clarity from the Supreme Court.

For more details visit https://cis-india.org/internet-governance/news/shaikh-zoaib-saleem-livemint-november-14-2017-aadhaar-seeding-benefits-and-concerns

Breach Notifications

Admin — 2017-11-14T15:31:38Z

For more details visit https://cis-india.org/internet-governance/files/breach-notifications.pdf

India UK Legal Regulatory Approaches

Admin — 2017-11-14T15:25:20Z

For more details visit https://cis-india.org/internet-governance/files/india-uk-legal-regulatory-approaches.pdf

Submission to TRAI (November 6, 2017)

Admin — 2017-11-08T01:08:37Z

For more details visit https://cis-india.org/telecom/files/submission-to-trai-november-6-2017

October 2017 Newsletter

praskrishna — 2018-01-10T00:53:03Z

October 2017 Newsletter

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS submitted its comments on mobile accessibility guidelines to the Ministry of Electronics & IT, Govt. of India. Between 1 to 16 September, an online discussion took place on the creation of social media guidelines and strategy for Telugu Wikimedia handles online. Manasa Rao captured the developments in a blog post. Padma Venkataraman in a blog entry chronologically mapped CIS’ efforts at enhancing financial transparency and accountability at ICANN, while providing an outline of what remains to be done. Shyam Ponappa's article on NPAs and structural issues was published in the Business Standard on October 5, 2017.

Highlights

CIS submitted its comments on mobile accessibility guidelines to the Ministry of Electronics & IT, Govt. of India.
Between 1 to 16 September, an online discussion took place on the creation of social media guidelines and strategy for Telugu Wikimedia handles online. Manasa Rao captured the developments in a blog post.
Padma Venkataraman in a blog entry chronologically mapped CIS’ efforts at enhancing financial transparency and accountability at ICANN, while providing an outline of what remains to be done.
Shyam Ponappa's article on NPAs and structural issues was published in the Business Standard on October 5, 2017.

CIS in the News:

Attempted data breach of UIDAI, RBI, ISRO and Flipkart is worrisome (DailyO, October 4, 2017).
Sex, drugs and the dark web (Hindu; October 7, 2017).
Ahead of data protection law roll out, experts caution that it shouldn't limit collection and use of data (First Post; October 12, 2017).
#NAMAprivacy: The economics and business models of IoT and other issues (Medianama; October 18, 2017).
#NAMAprivacy: Data standards for IoT and home automation systems (Medianama; October 18, 2017).
Majority of top politicians' Twitter followers fake: audit (Furquan Moharkan; Deccan Herald; October 24, 2017).
Awards for those working on employment opportunities for disabled (Eastern Mirror; October 24, 2017).
Nibbling away into your bank account, salami attackers cart away a fortune (New Indian Express; October 25, 2017).
Nirmita Narasimhan wins the 18th NCPEDP-Mindtree Helen Keller Award 2017! (National Centre for Promotion of Employment for Disabled People; October 31, 2017).

►Wikipedia

Blog Entries

Odia Wikisource Turns 3 (Manasa Rao; October 22, 2017).
Wikimedia Workshop at Ismailsaheb Mulla Law College, Satara (Subodh Kulkarni; October 24, 2017).
Marathi Wikipedia Edit-a-thon at Dalit Mahila Vikas Mandal, Satara (Subodh Kulkarni; October 24, 2017).
Marathi Wikipedia Workshop at MGM Trust's College of Journalism and Mass Communication, Aurangabad (Subodh Kulkarni; October 24, 2017).
Orientation Program at Kannada University, Hampi (A. Gopalakrishna; October 24, 2017).
Marathi Wikipedia Workshop at Solapur University (Subodh Kulkarni; October 24, 2017).
Discussion on Creation of Social Media Guidelines & Strategy for Telugu Wikimedia (Manasa Rao; October 24, 2017).

►Openness

-----------------------------------

Internet Governance
-----------------------------------

►Freedom of Expression

ICANN’s Problems with Accountability and the .WEB Controversy (Padma Venkataraman; October 24, 2017).
Why Presumption of Renewal is Unsuitable for the Current Registry Market Structure (Padma Venkataraman; October 29, 2017).
CIS’ Efforts Towards Greater Financial Disclosure by ICANN (Padma Venkataraman; October 29, 2017).

►Cyber Security

Participation in Event

CyFy 2017 (Organized by Observer Research Foundation; New Delhi; October 2 - 4, 2017). Sunil Abraham was a speaker.

►Privacy

Blog Entry

GDPR and India: A Comparative Analysis (Aditi Chaturvedi; October 17, 2017).

Participation in Event

Securing The Digital Payments Ecosystem (Organized by NITI Aayog; October 9, 2017).

►Big Data

Blog Entry

Revisiting Per Se vs Rule of Reason in Light of the Intel Conditional Rebate Case (Shruthi Anand; October 4, 2017).

Event Organized

Emerging Issues in the Internet of Things (CIS, Bengaluru; October 23, 2017). Andrew Rens gave a talk.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Article

NPAs & Structural Issues (Shyam Ponappa; Business Standard; October 4, 2017).

Articles

Digital Native: There is no spoon, There is no privacy (Nishant Shah; October 9, 2017).
Digital Native: Finger on the buzzer (Nishant Shah; October 22, 2017).

-----------------------------------
About CIS
-----------------------------------

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/october-2017-newsletter