Centre for Internet and Society

CIS Statement on Right to Privacy Judgment

amber — 2017-08-31T18:13:14Z

In an emphatic endorsement of the right to privacy, a nine judge constitutional bench unanimously upheld a fundamental right to privacy. The events leading to this bench began during the hearings in the ongoing Aadhaar case, when in August 2015, Mukul Rohatgi, the then Attorney General stated that there is no constitutionally guaranteed right to privacy.

reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, he claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench. This landmark judgment was in response to a referral order to clear the confusion over the status of privacy as a right.

We, at the Centre for Internet and Society (CIS) welcome this judgement and applaud the depth and scope of the Supreme Court’s reasoning. CIS has been producing research on the different aspects of the right to privacy and its implications for the last seven years and had the privilege of serving on the Justice AP Shah Committee and contributing to the Report of the Group of Experts on Privacy.[1] We are honoured that some of our research has also been cited by the judgment.[2] Such judicial recognition is evidence of the impact sound research can have on policymaking.

In the course of a 547 page judgment, the bench affirmed the fundamental nature of the right to privacy reading it into the values of dignity and liberty. The judgment is instructive in its reference to scholarly works and jurisprudence not only in India but other legal systems such as USA, South Africa, EU and UK, while recognising a broad right to privacy with various dimensions across spatial, informational and decisional spheres. We note with special appreciation that women’s bodily integrity and citizens’ sexual orientation are among those aspects of privacy that were clearly recognised in the judgment. For researchers studying privacy and its importance, this judgment is of great value as it provides clear reasoning to reject oft-quoted arguments which are used to deny privacy’s significance. The judgement is also cognizant of the implications of the digital age and emphasise the need for a robust data protection framework.

The right to privacy has been read into into Article 21 (Right to life and liberty), and Part III (Chapter on Fundamental Rights) of the Constitution. This means that any limitation on the right in the form of reasonable restrictions must not only satisfy the tests evolved under Article 21, but where loss of privacy leads to infringement on other rights, such as chilling effects of surveillance on free speech, the tests for constitutionality under those provisions for also be satisfied by the limiting action. This provides a broad protection to citizens’ privacy which may not be easily restricted. We expect that this judgment will have far reaching impacts, not just with respect to the immediate Aadhaar case, but also to in a score of other matters such as protection of sexual choice by decriminalising Section 377 of the Indian Penal Code, oversight of statutory search and seizure provisions such as Section 132 of the Income Tax Act, personal data collection and processing practices by both state and private actors and mass surveillance programmes in the interest of national security.

As this judgment comes in response to a referral order, the judges were not dealing with any questions of fact to ground the legal principles in. Subsequent judgments which deal with privacy will apply these principles and further evolve the contours of this right on a case-by-case basis. For now, we welcome this judgment and look forward to its consistent application in the future.

[1]. http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[2]. CIS was quoted in the judgement on footnote 46, page 33 and 34: http://supremecourtofindia.nic.in/pdf/LU/ALL%20WP(C)%20No.494%20of%202012%20Right%20to%20Privacy.pdf The quote is " Illustratively, the Centre for Internet and Society has two interesting articles tracing the origin of privacy within Classical Hindu Law and Islamic Law. See Ashna Ashesh and Bhairav Acharya ,“Locating Constructs of Privacy within Classical Hindu Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/loading-constructs-of-privacy-within-classical-hindu-law. See also Vidushi Marda and Bhairav Acharya, “Identifying Aspects of Privacy in Islamic Law”, The Centre for Internet and Society, available at https://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law " Further, research commissioned by CIS cited in the judgment includes a reference in page 201 footnote 319, "Bhairav Acharya, “The Four Parts of Privacy in India”, Economic & Political Weekly (2015), Vol. 50 Issue 22, at page 32."

For more details visit https://cis-india.org/internet-governance/blog/cis-statement-on-right-to-privacy-judgment

Privacy is not a unidimensional concept

amber — 2017-08-07T08:02:20Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all citizens in India to defend their individual autonomy in the face of invasive state actions purportedly for the public good. The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all.

This article, written by Amber Sinha was published in the Economic Times on July 23, 2017.

In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

One must wonder why we are debating the contours of the right to privacy, which 40 years of jurisprudence had lulled us into believing we already had. The answer to that can be found in a series of hearings in the Aadhaar case that began in 2012. Justice KS Puttaswamy, a former Karnataka High Court judge, filed a petition before the Supreme Court, questioning the validity of the Aadhaar project due its lack of legislative basis (since then the Aadhaar Act was passed in 2016) and its transgressions on our fundamental rights. Over time, a number of other petitions also made their way to the apex court, challenging different aspects of the Aadhaar project. Since then, five different interim orders by the Supreme Court have stated that no person should suffer because they do not have an Aadhaar number. Aadhaar, according to the court, could not be made mandatory to avail benefits and services from government schemes. Further, the court has limited the use of Aadhaar to specific schemes: LPG, PDS, MGNREGA, National Social Assistance Programme, the Pradhan Mantri Jan Dhan Yojna and EPFO.

The real spanner in the works in the progress of this case was the stand taken by Mukul Rohatgi, then attorney general of India who, in a hearing before the court in July 2015, stated that there is no constitutionally guaranteed right to privacy. His reliance was on two Supreme Court judgments in MP Sharma v Satish Chandra (1954) and Kharak Singh v State of Uttar Pradesh (1962): both cases, decided by eight- and six-judge benches respectively, denied the existence of a constitutional right to privacy. As the subsequent judgments which upheld the right to privacy were by smaller benches, Rohatgi claimed that MP Sharma and Kharak Singh still prevailed over them, until they were overruled by a larger bench.

The reference to a larger bench has since delayed the entire matter, even as a number of government schemes have made Aadhaar mandatory. This reading of privacy as a unidimensional concept by the courts is, with due respect, erroneous. Privacy, as a concept, includes within its scope, spatial, familial, informational and decisional aspects. We all have a legitimate expectation of privacy in our private spaces, such as our homes, and in our personal relationships. Similarly, we must be able to exercise some control over how personal data, like our financial information, are disseminated. Most importantly, privacy gives us the space to make autonomous choices and decisions without external interference. All these dimensions of privacy must stand as distinct rights. In MP Sharma, the court rejected a certain aspect of the right of privacy by refusing to acknowledge a right against search and seizure. This, in no way prevented the court, even in the form of a smaller bench, from ruling on any other aspects of privacy, including those that are relevant to the Aadhaar case.

The limited referral to this bench means that the court will have to rule on the status of privacy and its possible limitations in isolation, without even going into the details of the Aadhaar case (based on the nature of protection that this bench accords to privacy, the petitioners and defendants in the Aadhaar case will have to argue afresh on whether the project does impede on this most fundamental right). There are no facts of the case to ground the legal principles in, and defining the contours of a right can be a difficult exercise. The court must be wary of how any limits they put on the right may be used in future. Equally, it is important to articulate that any limitations on the right to privacy due to competing interests such as national security and public interest must be imposed only when necessary and always be proportionate.

It will not be enough for the court to merely state that we have a constitutional right to privacy. They would be well advised to cut through the muddle of existing privacy jurisprudence, and unequivocally establish the various facets of the right. Without that, we may not be able to withstand the modern dangers of surveillance, denial of bodily integrity and self-determination through forcible collection of information. The nine judges, in their collective wisdom, must not only ensure that we have a right to privacy, but also clearly articulate a robust reading of this right capable of withstanding the growing interferences with our autonomy.

For more details visit https://cis-india.org/internet-governance/privacy-is-not-a-unidimensional-concept

July 2017 Newsletter

praskrishna — 2017-08-23T02:03:19Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
In an article published in the Huffington Post on July 1, 2017, Nirmita Narasimhan stated that imposing taxes on assistive devices is unfair. It is unconscionable that disability aids and assistive technology are considered a luxury and taxed at a higher rate than rough semi-precious stones or cashew nuts. A research paper on patent working requirements and complex products in India authored by Prof Jorge L. Contreras, University of Utah, and Rohini Lakshané, CIS has been accepted for publication in the Jindal Global Law School Law Review 2017. Negotiators from 16 countries met in Hyderabad for discussing a free trade agreement titled Regional Comprehensive Economic Partnership. Anubha Sinha along with Arul George Scaria reported this in an article published by Live Law.in. Supreme Court of India while dismissing an appeal by the Indian Reprographic Rights Organization ruled that there was no copyright infringement and no licence was required since the activities fell under the education exception in Indian copyright law. In an article published by EIFL, Anubha Sinha discusses the judgment and what it means for access to educational materials in India. Odia Wikipedians, in conjunction with Indian Athletics Federation and Sports and Youth Services collaborated to document the 2017 Asian Athletics Championships. Hundreds of photos were uploaded and new Wikipedia content added to inform the event’s fans, wrote Sailesh Patnaik and Jnanaranjan Sahu in a blog post. As recently as May 27, 2016, the General Data Protection Regulation (REGULATION (EU) 2016/679 was adopted The Data Protection Directive (1995/46/EC) will be replaced by this Regulation. It is expected that under this Regulation data privacy will be strengthened. Aditi Chaturvedi analyses the developments in a report.

CIS in the news:

UIDAI declining multiple requests by police to share Indian citizens’ biometrics (Justin Lee; Biometrics; July 4, 2017).
Act now to protect yourself against future ransomware attacks (Sanjay Kumar Singh; Business Standard; July 5, 2017).
Reliance Jio data leaked on website : report (Livemint; July 10, 2017).
Supreme Court sets up constitution bench to hear Aadhaar privacy issues (Priyanka Mittal; Livemint; July 12, 2017).
Centre to form panel to 'encrypt' MGNREGA-DBT database and prevent leaks (Sanjeeb Mukherjee; Business Standard; July 14, 2017).
Calls for law change after Indians left in dark over data leaks (Rahul Bhatia and Sankalp Phartiyal; Reuters; July 14, 2017).
Indians Call For More Stringent Data Protection Laws (PYMTNS; July 17, 2017).
Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar (Gaurav Vivek Bhatnagar; Wire; July 16, 2017).

Aadhaar privacy: Key issues that all Aadhaar card holders should bear in mind (Business Today, July 19, 2017).
Data in the open makes it easy for cyber criminals (Kiran Parashar KM; New Indian Express; July 26, 2017).

CIS members wrote the following articles

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).
Course Packs for Education Ruled Legal in India (Anubha Sinha; EIFL; July 12, 2017).
Digital native: Not only words (Nishant Shah; Indian Express; July 16, 2017).
Aadhar: Privacy is not a unidimensional concept (Amber Sinha; Economic Times; July 23, 2017).
RCEP IP Chapter: A Serious Threat to Access to Knowledge/ Cultural Goods? (Arul George Scaria and Anubha Sinha; July 27, 2017).
Digital native: Ever on the go (Nishant Shah; Indian Express; July 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Article

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies and Copyright

Research Paper

Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance (Jorge L. Contreras and Rohini Lakshané; SSRN and Jindal Global Law School Review; July 17, 2017).

Participation in Event

19th RCEP Meeting (Organized by Ministry of Commerce, Government of India; July 17 - 28, 2017; Hyderabad). Anubha Sinha participated in the meeting.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Note: The events were organized earlier but reports were published in July 2017:

Christ University Wikipedia Education Program Internship (Manasa Rao and Ananth Subray; July 5, 2017).
Christ University Wikipedia Education Program Faculty Orientation Report (Ananth Subray; July 7, 2017).
How It Came To Be: Wiki Loves Uniformed Services (Krishna Chaitanya Velaga; July 10, 2017).
Tallapaka Pada Sahityam is now on Wikisource (Pavan Santhosh; July 10, 2017).
Thematic Edit-a-thon at Yashawantrao Chavan Institute of Science, Satara (Subodh Kulkarni; July 11, 2017).
Asian Athletics Championships 2017 Edit-a-thon (Sailesh Patnaik and Jnanaranjan Sahu; July 31, 2017).

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entry

Data Protection: Understanding the General Data Protection Regulation (Aditi Chaturvedi; July 4, 2017).

Participation in Event

IViR Summer Course on Privacy Law and Policy (Organized by the University of Amsterdam; July 3 - 7, 2017; Amsterdam). Amber Sinha attended the course.

►Free Speech and Expression and Cyber Security

Participation in Events

OHD on Consultation Paper on Net Neutrality (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.
UNESCO Multistakeholder consultation at 8th Asia Pacific Regional Internet Governance Forum (APrIGF) (Organized by UNESCO; Bangkok; July 26 - 29, 2017). Sunil Abraham was a speaker. Vidhushi Marda also participated in the event.
Cybersecurity Workshop: Spotlight On GCCS 2017 (Organized by Global Partners Digital (GPD) and the Centre for Communication Governance at National Law University, Delhi, in collaboration with Digital Empowerment Foundation, Digital Asia Hub and Open Net Korea; Bangkok; July 25 - 27, 2017). Sunil Abraham was a speaker. Udbhav Tiwari and Vidushi Marda participated in the event.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Participation in Event

Workshop on Public Open Wi-Fi Pilot (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Event Organized

Dr. Prerna Prabhakar - Impact of Digitisation of Land Records in Rural India (CIS, New Delhi; July 7, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2017-newsletter

Aadhar: Privacy is not a unidimensional concept

amber — 2017-08-23T01:50:19Z

Right to privacy is important not only for our negotiations with the information age but also to counter the transgressions of a welfare state. A robust right to privacy is essential for all Indian citizens to defend their individual autonomy in the face of invasive state actions purportedly for the public good.

The article was published in the Economic Times on July 23, 2017.

The ruling of this nine-judge bench will have far-reaching impact on the extent and scope of rights available to us all. In a disappointing case of judicial evasion by the apex court, it has taken over 600 days since a reference order was passed in August 11, 2015, for this bench to be constituted. Over two days of arguments, the counsels for the petitioners have presented before the court why the right to privacy, despite not finding a mention in the Constitution of India, is a fundamental right essential to a person’s dignity and liberty, and must be read into not one but multiple articles of the Constitution. The government will make its arguments in the coming week.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-july-23-2017-amber-sinha-aadhar-privacy-is-not-a-unidimensional-concept

Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar

Admin — 2017-07-20T14:31:12Z

Social activist Shabnam Hashmi recorded a policeman telling her those without address proof and Aadhaar could be “eliminated”.

The article by Gaurav Vivek Bhatnagar was published in the Wire on July 16, 2017. Pranesh Prakash was quoted.

Well-known social activist Shabnam Hashmi held a press conference to say she was threatened on the telephone by a police officer at the Lajpat Nagar police station warning her that the government had launched a ‘surround and eliminate’ campaign against people whose addresses are not known and who do not possess Aadhaar numbers or cards. This is now a standing instruction to all police stations, Hashmi was told. Moreover, the officer – accused of threatening and abusing Hashmi when she called him on the night of July 14 to know why the husband of a woman, who learns stitching at a training centre run by the NGO Pehchan at Jaitpur in south-east Delhi, had been summoned at a late hour – insisted that police personnel were well within their rights to act in this way.

The police may brush aside this assertion as the concerned officer’s personal opinion, or they may deny the veracity of the conversation, which Hashmi recorded and shared with the media; but she and other anti-Aadhaar activists say the interaction raises questions about the consequences – intended or unintended – of the Centre’s stress on making Aadhaar mandatory for the personal liberty and civil rights of ordinary residents.

Many Aadhaar critics have, in the past, expressed the fear that the irresponsible use or misuse of Aadhaar could lead to India becoming a ‘surveillance state’ or ‘police state’ by placing enormous discretionary powers in the hands of unscrupulous state officials.

Petitioners in SC had cautioned against misuse of Aadhaar

Earlier this year, Communist Party of India leader Binoy Viswam had filed a petition in the Supreme Court questioning the introduction of Section 139 AA of the IT Act to link Aadhaar cards with PAN cards. Subsequently, in an interview in April this year, he had noted that “the citizens are becoming instruments in the hands of the state” as “by taking fingerprints, iris scans and other details of the citizens of the country, the state is becoming the custodian of its people.” He had also expressed the fear that “the state can use this data according to its whims and fancies”.

Viswam could not have been more correct. Much before the use of data, “elements” of the state have started using the ruse of creation of data itself as a convenient tool to threaten and intimidate people and this is precisely what happened in the case of Hashmi.

Recalling the incident, Hashmi, who is the founding trustee of Pehchan, said the NGO runs a small centre in Jaitpur extension where it teaches school dropouts to appear for class 10 and 12 examinations and also runs sewing classes for women.

Hashmi said that at around 9 pm on July 14, Haseen, the husband of Mubina, one of the trainees, was summoned by a sub-inspector to the Lajpat Nagar police station regarding a complaint. When Hashmi called up the police station to find out what the summons was about, the policeman allegedly “hurled abuses”, and used “highly derogatory and uncivilised language” during the conversation.

Though Hashmi did not have a recorder in her phone at the time of the first call, she subsequently downloaded one and later recorded her conversation with the same officer.

In this conversation, the policeman is heard reasoning with Hashmi that he had not summoned Haseen at a late hour. He claimed that he used harsh language in the first conversation since she had not identified herself and had only proclaimed herself to be a social worker. It also comes across in the conversation that Hashmi had told the man in the earlier conversation that he was drunk while being on duty and that this had irked him. It emerged that the cop had got an inkling that she was recording the later conversation, because of which he apparently mellowed down.

The issue assumes significance as after declaring twice in the past that Aadhaar cannot be made mandatory for delivering services, the Supreme Court had recently upheld the validity of an Income Tax law amendment linking PAN with Aadhaar for filing tax returns.

Former Attorney General Mukul Rohatgi had argued that the government was “entitled to have identification” and that “as constituents of society people can’t claim immunity from identification.” Rohatgi had insisted that “no right is absolute, right to body is not absolute. Under extreme cases even right to life can be taken away, under due process.”

Experts have often cautioned against Aadhaar misuse

According to legal experts, the illegalities related to Aadhaar do not just end with such arguments. Writing for The Wire, Prashant Reddy T., a research associate at the School of Law, Singapore Management University, had noted that in the past couple of months the “Modi government has increasingly used its rule-making powers under various laws in a manner which is contrary to the law of the land.” He was referring to the Centre’s announcement to mandatorily link Aadhaar numbers to all non-small bank accounts, failing which, access to the bank accounts would be disabled after December 31.

“As is often the case with this government, the question now is whether this new mandatory Aadhaar requirement (and the threatened punishment) is legal,” the expert had asked.

Earlier this year, writing for the Hindustan Times, Pranesh Prakash, policy director at the Centre for Internet and Society, and an affiliated fellow at Yale Law School’s Information Society Project, had referred to the immense potential of Aadhaar for profiling and surveillance. He had called for fundamentally altering Aadhaar, saying that if the rampant misuse of surveillance and wilful ignorance of the law by the state were anything to go by, the future looked bleak.

For more details visit https://cis-india.org/internet-governance/news/the-wire-gaurav-vivek-bhatnagar-july-16-2017-social-activist-alleges-threat-by-police-officer-over-possession-of-aadhaar

Privacy Newsletter April 2017

praskrishna — 2017-07-20T14:03:37Z

For more details visit https://cis-india.org/internet-governance/files/privacy-newsletter-april-2017.pdf

June 2017 Newsletter

praskrishna — 2017-07-18T02:21:10Z

Welcome to the Centre for Internet & Society (CIS) newsletter for June 2017.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS made a submission on the Goods and Services Tax (GST) that has come into force this year. In the submission assessed the impact of GST on persons with disabilities. Indian Patent Office updated the Guidelines for Examination of Computer Related Inventions. Anubha Sinha throws light on the updated guidelines in a blog post. She has clarified that the updated Guidelines take no concrete position to help clarify the ambiguity around patentability of software inventions in India. A strategic symposium on Marathi Wikipedia and its sister projects was conducted in April 2017. Subodh Kulkarni has shared the developments in a report. Compiled a compendium on cyber security from the Indian context. The document is a comprehensive source compiling all the cyber-security related regulations, policies, guidelines, notifications, executive orders, court rulings, etc. CIS commented on the renewal of the .NET Registry Agreement. CIS expressed its strong opposition to the proposed renewal. The comments were prepared by Vidushi Marda with inputs from Sunil Abraham and Pranesh Prakash. Harsh Gupta discussed "FAT ML (Fairness, Accountability, and Transparency in Machine Learning) for Lawyers and Lawmakers" at the CIS office in Delhi on June 29, 2017. Shyam Ponappa in an article in the Business Standard opined that broadband in India needs reforms for local manufacturing and for infrastructure expansion and utilisation

CIS in the news:

Aadhaar: Ushering in a Commercialized Era of Surveillance in India (Jyoti Panday; Electronics Frontier Foundation; June 1, 2017).
Privacy is culture specific, MNCs hit by Aadhaar, says TRAI chief (Pranav Mukul; Indian Express; June 1, 2017).
Centre brings in new safeguards following cases of Aadhaar data leaks on government websites (Nidhi Sharma; Economic Times; June 2, 2017).
New rules for govt agencies to ensure security of personal data (Komal Gupta; Livemint; June 2, 2017).
Explore money apps but watch your data (Shaikh Zoaib Saleem; Livemint; June 8, 2017).
New law to unlock data economy (Yuthika Bhargava; Hindu; June 9, 2017).
Placements at NUJS: Class of 2017 Scores 100% (Simran Sahni; Livelaw; June 10, 2017).
Why did Nandan Nilekani praise a Twitter troll? (Kiran Jonnalgadda; Indian Express; June 10, 2017).
Are biometrics hack-proof? (Shaikh Zoaib Saleem; Livemint; June 11, 2017).
GoldenEye ransomware attack hit operations at Pipavav Port, JNPT (Jyotika Sood and Utpal Bhaskar; Livemint; June 28, 2017).

CIS members wrote the following articles

Digital Native: In digiville attention is Currency (Nishant Shah; Indian Express; June 11, 2017).
Digital Native: On mute, the Voice of the People (Nishant Shah; Indian Express; June 24, 2017).

Submission

GST - A Barrier to Human Rights for Persons with Disabilities (Nirmita Narasimhan; June 24, 2017).

Participation in Events

WSIS Forum 2017 (Co-organized by ITU, UNESCO, UNCTAD and UNDP, in close collaboration with all UN agencies; Geneva; June 12 - 16, 2017). Nirmita Narasimhan was a speaker.
Digital Accessibility (Organized by National Informatics Centre; Bengaluru; June 17, 2017). Rakesh Paladugula, a web accessibility trainer and Nirmita Narasimhan made a presentation to scientists about digital accessibility.

►Copyright

Participation in Event

Fixing Copyright for Education (SCCR34 Side Event) (Communia, EIFL, Creative Commons, and PIJIP; June 7, 2017). Anubha Sinha was a speaker.

►Pervasive Technologies

Participation in Event

Preliminary Findings: Working Requirements for Complex Products under the Indian Patent System (Organized by O.P. Jindal University; New Delhi; June 10 - 11, 2017). Prof. Jorge Contreras gave a talk on a forthcoming paper.

►Wikipedia

Blog Entries

Train The Trainer 2017 (Manasa Rao; June 5, 2017).
Thematic Edit-a-thon at J.P.Naik Centre for Education & Development, Pune (Subodh Kulkarni; June 7, 2017).
Wiki Loves Mayabazaar (Pavan Santhosh; June 7, 2017).
Marathi Wikipedia Symposium at Gokhale Institute Of Politics & Economics (Subodh Kulkarni; June 7, 2017).
Digitisation, Wikimedia Commons and Wikisource Orientation Workshop at Vigyan Ashram, Pabal, Pune District (Subodh Kulkarni; June 7, 2017).

Note: The workshops for the above blog posts were held earlier but the reports were published during the month of June.

-----------------------------------

Internet Governance
-----------------------------------

►Cybersecurity

Blog Entry

Cybersecurity Compilation: Indian Context (Leilah Elmokadem and edited by Elonnai Hickok; June 18, 2017).

Participation in Events

2nd India Think Tank Forum (Organized by Observer Research Foundation; New Delhi; June 19 - 21, 2017). Udbhav Tiwari participated in the forum.
Second India China Think-Tank Forum (Organized by Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences; Beijing; June 22 - 27, 2017). Saikat Dutta represented an Indian think tank.

►Free Speech and Expression

Submission

Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement (Vidushi Marda, Sunil Abraham and Pranesh Prakash; June 6, 2017).

Participation in Events

ISEA 2017 (Organized by the University of Caldas, Manizales; Columbia; June 11 - 16, 2017). Sharat Chandra Ram was a panelist.
Freedom of Expression on the Internet : Possibilities and Challenges (Organized by Bolivar Technological University; Cartagena; June 29, 2017). Sharat Chandra Ram was a speaker.

►Privacy

Participation in Events

BIS LITD 17 Privacy Panel meeting (Organized by National School of India University; Bangalore; June 21, 2017). Udbhav Tiwari attended the meeting.
DSCI Best Practices Meet (Organized by Data Security Council of India; Bangalore; June 22 - 23, 2017). Udbhav Tiwari attended the meeting.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Broadband Reforms for Local Manufacturing (Shyam Ponappa; Business Standard; May 31, 2017 and Organizing India Blogspot; June 5, 2017).

Event Organized

CISxScholars Delhi - Harsh Gupta - FAT ML for Lawyers and Lawmakers (CIS; New Delhi; June 29, 2017). Harsh Gupta gave a talk.

-----------------------------------

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/june-2017-newsletter

Digital native: Not only words

nishant — 2017-08-07T15:33:20Z

The article was published in the Indian Express on July 16, 2017.

Emoticons, or if you prefer the original Japanese word emojis, are everywhere. We are used to emoticons in all shapes and sizes — from animated gifs jumping out at us on our social media feed to yellow-faced smileys that we use to add tone and feeling, nuance and layers to our text-heavy conversations in the digital world. For many of the current users of digital communication, emoticons are pre-defined pictures that they select from a menu that gives them access to add a wink, a nod, a smiling or sad face to their messages. However, there are power users who, I am sure, still remember the times when emoticons were things that you created.

Before the emergence of the Graphical User Interface (GUI) that turned the computer into a box of cuteness, turning all of us into eternal children playing with the friendly faces of the digital platforms, the digital world was flat and largely textual. Emoticons were first proposed in 1982 to take away the density and the unforgiving monotone of text-based conversations on digital platforms. From that first proposal of a : ) and : ( sign to indicate the mood of a text, emoticons have had a fascinating history of evolution. Following the proposal of the basic emoticons by Scott Fahlman, a variety of early adopters of the web came up with a wide range of options. The smiley became a grin with : D and the sad face was made to weep with : ‘ (. The face became mischievous and winked with a ;) and swooned in love with a <3. It became silly with its tongue poking out :p and sprouted devil horns to show its inherent wickedness with >:D.

Early users will remember how, from that first explosion, the emoticons grew into forming extremely intricate art forms. In the world of text-based virtual realities, the shrugging emoticon was my constant companion when giving up on futile internet arguments : ¯\_(?)_/¯ . From there, we were only one step away from complex ASCII (American Standard Code for Information Interchange) art forms that made punctuation and critical marks the new tools for emerging artists to play with. The ASCII characters were keyboard symbols, letters and numbers mixed together to produce images ranging from flowers and animals to the globe and human bodies. In fact, ASCII became such a huge rage that there were special forums where people submitted their ASCII art. Even though we have now achieved high visual fidelity with our powerful computing devices, the ASCII messages still continue on our WhatsApp groups and discussion forums. So that we still tell people we love them in ASCII

(¯`v´¯)
`·.¸.·´ I Love
¸.·´¸.·´¨) ¸.·*¨)
(¸.·´ (¸.·´ .·´ You… or pledge friendship in punctuation
(‘,’)/\(‘,’)
<) )—( (>
_\\__//_

One of the lesser known histories of emoticons and ASCII, however, has been forgotten in the gentrified, cute and commodified mass produced usage that we have put them to. In many cultures and spaces in those early days of the web, emoticons were also ways of resisting censorship and circumventing supervision. As the web became more open and more people started signing up for digital conversations, there was also an increase in the monitoring and surveillance of things online. In more conservative cultures, there were immediate bans on conversations that were considered pornographic or obscene. In stricter work places, the system administrators were trying to filter messages which might have certain words or images in their content. ASCII and emoticons came to the rescue, because, using these characters which the computer only read as punctuation marks without content, people were able to communicate sexual content without the fear of censorship.

In the late ’90s, there were graphic and explicit ASCII images that were circulated, so that the content filters would not detect them, and, using just the characters, the earliest internet porn, or Pr0n as it was tagged, came into being. The emoticon-filled messages were not just about nodding and winking at each other but also a way for people to question authority and to find new modes of expression. Since those days of subversion, emoticons have come a long way, becoming appropriated in our everyday practice — they have been tamed and made mainstream.

I am sure that the ubiquity of the emoticons produces a sense of irritation sometimes, and you want to send a slapping emoticon when you find a work email with a smiley face at the end. But before you announce the death of the emoticon, you might want to know that digital natives are experimenting with the radical power of these emoticons. They are developing an entirely new language filled with exploding bananas, pulsating aubergines, peeking monkeys, dancing unicorns, and victorious roosters to communicate in ways that are not accessible to the parents, teachers and authority figures around them. The repurposing of emoticons by young users to chat, express, flirt, tease and engage with each other in ways that defy all conventional sense. I find this fascinating because it gives me hope that the web is not going to just produce all users as cheap copies of each other.

For more details visit https://cis-india.org/raw/indian-express-nishant-shah-july-16-2017-digital-native-not-only-words

GDPR_IndustrySheet_07.pdf

praskrishna — 2017-07-04T16:11:10Z

For more details visit https://cis-india.org/internet-governance/files/GDPR_IndustrySheet_07.pdf

Cybersecurity Compilation

elonnai — 2017-06-18T13:15:49Z

For more details visit https://cis-india.org/internet-governance/files/cyber-security-compilation.pdf

Aadhaar: Ushering in a Commercialized Era of Surveillance in India

praskrishna — 2017-06-07T12:45:30Z

Since last year, Indian citizens have been required to submit their photograph, iris and fingerprint scans in order to access legal entitlements, benefits, compensation, scholarships, and even nutrition programs. Submitting biometric information is needed for the rehabilitation of manual scavengers, the training and aid of disabled people, and anti-retroviral therapy for HIV/AIDS patients. Soon police in the Alwar district of Rajasthan will be able to register criminals, and track missing persons through an app that integrates biometric information with the Crime and Criminal Tracking Network Systems (CCTNS).

The article by Jyoti Panday was published by the Electronic Frontier Foundation on June 1, 2017.

These instances demonstrate how intrusive India’s controversial national biometric identity scheme, better known as Aadhaar has grown. Aadhaar is a 12-digit unique identity number (UID) issued by the government after verifying a person’s biometric and demographic information. As of April 2017, the Unique Identification Authority of India (UIDAI) has issued 1.14 billion UIDs covering nearly 87% of the population making Aadhaar, the largest biometric database in the world. The government asserts that enrollment reduces fraud in welfare schemes and brings greater social inclusion. Welfare schemes that provide access to basic services for marginalized and vulnerable groups are essential. However, unlike countries where similar schemes have been implemented, invasive biometric collection is being imposed as a condition for basic entitlements in India. The privacy and surveillance risks associated with the scheme have caused much dissension in India.

Identity and Privacy in India

Initiated as an identity authentication tool, the critical problem with Aadhaar is that it is being pushed as a unique identifier to access a range of services. The government continues to maintain that the scheme is voluntary, and yet it has galvanized enrollment by linking Aadhaar to over 50 schemes. Aadhaar has become the de-facto identity document accepted at private, banks, schools, and hospitals. Since Aadhaar is linked to the delivery of essential services, authentication errors or deactivation has serious consequences including exclusion and denial of statutory rights. But more importantly, using a unique identifier across a range of schemes and services enables seamless combination and comparison of databases. By using Aadhaar, the government can match existing records such as driving license, ration card, financial history to the primary identifier to create detailed profiles. Aadhaar may not be the only mechanism, but essentially, it's a surveillance tool that the Indian government can use to surreptitiously identify and track citizens.

This is worrying, particularly in context of the ambiguity regarding privacy in India. The right to privacy for Indian citizens is not enshrined in the Constitution. Although, the Supreme Court has located the right to privacy as implicit in the concept of “ordered liberty” and held that it is necessary in order for citizens to effectively enjoy all other fundamental rights. There is also no comprehensive national framework that regulates the collection and use of personal information. In 2012, Justice K.S. Puttaswamy challenged Aadhaar in the Supreme Court of India on the grounds that it violates the right to privacy. The Court passed an interim order restricting compulsory linking of Aadhaar for benefits delivery, and referred the clarification on privacy as a right to a larger bench. More than a year later, the constitutional bench is yet to be constituted.

The delay in sorting out the nature and scope of privacy as right in India has allowed the government to continue linking Aadhaar to as many schemes as possible, perhaps with the intention of ensuring the scheme becomes too big to be rolled back. In 2016, the government enacted the 'Aadhaar Act' passing the legislation without any debate, discussion or even approval of both houses of Parliament. In April this year, Aadhaar was made compulsory for filing income tax or PAN number application and the decision is being challenges in Supreme Court. Defending the State , the Attorney-General of India claimed that the arguments on so-called privacy and bodily intrusion is bogus, and citizens cannot have an absolute right over their body! The State’s articulation is chilling, especially in light of the Human DNA Profiling Bill seeking the right to collect biological samples and DNA indices of citizens. Such anti-rights arguments are worth note because biometric tracking of citizens isn't just government policy - it is also becoming big business.

Role of Private Companies

Private companies supply hardware, software, programs, and the biometric registration services for rolling out Aadhaar to India’s large population. UIDAI’s Committee on Biometrics acknowledges that biometrics data are national assets though American biometric technology provider L-1 Identity Solutions, and consulting firms Accenture and Ernst and Young can access and retain citizens' data. The Aadhaar Act introduces electronic Know-Your-Customer (eKYC) that allows government agencies and private companies to download data such as name, gender and date of birth from the Aadhaar database at the time of authentication. Banks and telecom companies using authentication process to download data and auto-fill KYC forms and to profile users. Over the last few years, the number of companies or applications built around profiling of citizens’ personally sensitive data has grown exponentially.

A number of people linked with creating the UIDAI infrastructure have founded iSPIRT, an organisation that is pushing for commercial uses of Aadhaar. Private companies are using Aadhaar for authentication purposes and background checks. Microsoft has announced SkypeLite integration with Aadhaar to verify users. Others, such as TrustId and Eko are integrating rating systems into their authentication services and tracking users through platforms they create. In essence such companies are creating their own private database to track authenticated Aadhaar users and they may sell this data to other companies. The growth of companies that share and combine databases to profile users is an indication of the value of personal data and its centrality for both large and small companies in India.

Integrating and linking large biometrics collections to each other, which are then linked with traditional data points that private companies hold such as geolocation or phone number enables constant surveillance to take over. So far, there has been no parliamentary discussion on the role of private companies. UIDAI remains the ultimate authority in deciding the nature, level and cost of access granted to private companies. For example, there is nothing in Aadhaar Act that prevents Facebook from entering into an agreement with the Indian government to make Aadhaar mandatory to access WhatsApp or any of its other services. Facebook could also pay data brokers and aggregators to create customer profiles to add to its ever growing data points for tracking and profiling its users.

Security Risks and Liability

A series of data leakages have raised concerns about which private entities are involved, and how they handle personal and sensitive data. In February, UIDAI registered a complaint against three companies for storing and using biometric data for multiple transactions. Aadhaar numbers of over 130 million people and bank account details of about 100 million people have been publicly displayed through government portals owing to poor security practices. A recent report from Centre for Internet and Society (CIS) showed that a simple tweaking of URL query parameters of the National Social Assistance Programme (NSAP) website could unmask and display private information of a fifth of India's population.

Such data leaks pose a huge risk as compromised biometrics can never be recovered. The Aadhaar Act establishes UIDAI as the primary custodian of identity information, but is silent on the liability in case of data breaches. The Act is also unclear about notice and remedies for victims of identity theft and financial frauds and citizens whose data has been compromised. UIDAI has continued to fix breaches upon being notified, but maintains that storage in federated databases ensures that no agency can track or profile individuals.

After almost a decade of pushing a framework for mass collection of data, the Indian government has issued guidelines to secure identity and sensitive personal data in India. The guidelines could have come earlier, and given large data leaks in the past may also be redundant. Nevertheless, it is reassuring to see practices for keeping information safe and the idea of positive informed consent being reinforced for government departments. To be clear, the guidelines are meant for government departments and private companies using Aadhaar for authentication, profiling and building databases fall outside its scope. With political attitudes to corporations exploiting personal information changing the world over, the stakes for establishing a framework that limits private companies commercializing personal data and tracking Indian citizens are as high as they have ever been.

For more details visit https://cis-india.org/internet-governance/news/electronic-frontier-foundation-jyoti-panday-june-1-2017-aadhaar-ushering-in-a-commercialized-era-of-surveillance-in-india

May 2017 Newsletter

praskrishna — 2017-06-17T02:46:03Z

Welcome to the Centre for Internet & Society (CIS) newsletter for May 2017.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS compiled a report that highlighted four government projects run by various government departments that have made sensitive personal financial information and Aadhaar numbers public on the project websites. Article 19 had put out a call for applications for its Internet of Rights Fellowship in February 2017. Vidushi Marda was selected for Internet of Rights Fellowship. CIS gave inputs on a document on implementing digital accessibility to Ministry of Electronics and Information Technology on May 2, 2017. The 34th session of the Standing Committee on Copyright and Related Rights (SCCR) was held in Geneva from May 1 to 5, 2017. Anubha Sinha participated in the event and a summary report is available here. She made statements on behalf of CIS on the Discussion on Limitations and Exceptions for Libraries and Archives and on the Proposal for Analysis of Copyright Related to the Digital Environment. CIS-A2K’s widely well-regarded flagship skill building program, Train The Trainer and MediaWiki Training was conducted in Kolkata earlier this year. Tito Dutta captured the developments in a blog post. Although it has made the topographic maps or the Open Series Maps available to general public, Survey of India’s (SoI) Nakshe portal will have to go through a variety of litmus test, as the initiative fails to implement the mandates of public sharing of government data using open standards and open license as put forward by the NMP 2005 and NDSAP 2012, said Sumandro Chattapadhyay in an interview with Geospatial World on May 02, 2017. In an interview with nettime.org, Geert Lovink discussed with Ramesh Srinivasan Tech Anthropology Today and "how can we embrace the realities of communities too-often relegated to the margins". In an article published in the Business Standard on May 3, 2017, Shyam Ponappa examined whether policies can be better framed to harness the market potential. Why is so much investment flowing into India's securities markets?

CIS in the news:

130 Million Aadhaar Numbers Were Made Public, Says New Report (The Wire; May 1, 2017 and MensXP.com; May 5, 2017).
Aadhaar Details Of 13.5 Crore People Available On Government Sites (Mahima Kapoor; Bloomberg Quint; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (Press Trust of India; May 2, 2017).
Details of 135 million Aadhaar card holders may have leaked, claims CIS report (Hindustan Times; May 2, 2017).
UIDAI remains silent on #Aadhaarleaks of 13 crore users through government portals (Shruti Menon; Newslaundry; May 2, 2017).
১৩ কোটি আধার তথ্য ফাঁস চার সরকারি পোর্টাল থেকে! বিস্ফোরক দাবি রিপোর্টে (Amar Bazar Patrika; May 2, 2017).
13 crore Aadhaar numbers on four government websites compromised: Report (Akram Mohammed; New Indian Express; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (DNA; May 2, 2017).
Biggest blast on Aadhaar leak so far: govt sites leaked data of 13 crore people (Jikku Varghese Jacob; Manorama; May 2, 2017).
Around 13 crore Aadhaar numbers easily available on government portals, says report (Scroll.in; May 2, 2017).
What privacy? 13 crore Aadhaar numbers accessible on government portals (Anusha Ravi; Oneindia; May 2, 2017).
Govt may have made 135 million Aadhaar numbers public: CIS report (Komal Gupta; Livemint; May 2, 2017).
Aadhaar numbers of 135 mn may have leaked, claims CIS report (The Times of India; May 2, 2017)
Aadhaar data leaks not from UIDAI: Centre (Krishnadas Rajagopal; Hindu; May 3, 2017).
135 MEELLION Indian government payment card details leaked (Richard Chirgwin; The Register; May 3, 2017).
Aadhaar data of over 13 crore people exposed: New report (Indian Express; May 3, 2017).
In The Biggest Data Leak, Info Of 13 Crore Aadhaar Card Holders Has Been Compromised And Is Available Online (Bobins Abraham; The Times of India; May 3, 2017).
Around 130-135M Aadhaar Numbers published on 4 sites alone (Nikhil Pahwa; Medianama; May 4, 2017).
Aadhaar's the largest biometric database globally but it is leaky by design (Rohith Jyotish; Global Voices; May 2, 2017 and Business Standard; May 5, 2017).
Why Aadhaar leaks should worry you, and is biometrics really safe? (Rakesh Mehar; Newsminute; May 4, 2017).
Indian Government says it is still drafting privacy law, but doesn’t give timelines (Vivek Pai; Medianama; May 4, 2017).
आधार नंबर, नाम, पता, बैंक अकाउंट और दूसरी संवेदनशील जानकारियां लीक: CIS रिपोर्ट (Aaj Tak; May 4, 2017).
With digitisation at the forefront, government departments need to be cautious about digital security (Manas Pratap Singh; NDTV; May 4, 2017).
Kashmir: Telecom firms struggle to block 22 banned social media sites (Aijaz Hussain; Livemint; May 4, 2017).
Aadhaar data of 130 millions, bank account details leaked from govt websites: Report (India Today; May 4, 2017).
Aadhaar: Are a billion identities at risk on India's biometric database (Soutik Biswas; BBC News; May 4, 2017 and Rawlson King; Biometric Update.com; May 5, 2017).
135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers (Counterview; May 5, 2017).
Suicide videos: Facebook beefs up team to monitor content (Kim Arora; The Times of India; May 5, 2017).
Aadhaar assurances fail to assuage privacy concerns (Anirban Sen; Livemint; May 5, 2017).
A 13-year-old's rape in TN highlights the major threat online sexual grooming poses to children (Priyanka Thirumurthy; May 6, 2017).
Experts stress on need for enhanced security (New Indian Express; May 6, 2017).
Taking Cognisance of the Deeply Flawed System That Is Aadhaar (Shreyashi Roy; Wire; May 10, 2017).
Plug data leak before imposing Aadhaar (Deccan Herald; May 11, 2017).
Aadhaar data leak: Take precautions while sharing info on websites, MEITy tells all depts (Indian Express; May 11, 2017).
Aadhaar security: Here's how your private information can be protected (Sanjay Kumar Singh; Business Standard; May 11, 2017).
Online Trolls Attack Critics of India's Aadhaar State ID System (Rohith Jyothish; Global Voices; May 31, 2017).
India is building a biometric database for 1.3 billion people — and enrollment is mandatory (Shashank Bengali; Los Angeles Times; May 12, 2017).
Watch: Aadhaar has become a whipping boy: Nandan Nilekani (Alnoor Peermohamed and Raghu Krishnan; Business Standard; May 13, 2017).
Partnership on AI Adds Corporate, NGO Members, Charts Initial Course (Benjamin Romano; Xconomy; May 16, 2017).
WannaCry: ATMs not to shut down, clarifies RBI, but how safe are our machines? (Soumya Chatterjee; May 16, 2017).
Google, Facebook's AI group adds new members (Jens Meyer; Axios; May 16, 2017).
22 companies join Partnership on AI, begin to study AI's impact on work and society (Alison DeNisco; TechRepublic; May 17, 2017).
Intel, Salesforce, eBay, Sony and others join the grand AI partnership club (CIOL; May 17, 2017).
IT companies in Bengaluru on high alert over WannaCry ransomware (Kiran Parashar K M & Shruthi H M; New Indian Express; May 17, 2017).
Partnership on AI adds new organizations to its network (Madison Moore; Software Development Times; May 17, 2017).
Intel, eBay, SAP, Salesforce y Sony colaborarán en inteligencia artificial (Monica Tilves; Silicon; May 17, 2017).
22 nieuwe leden voor Partnership on AI (Telecom Paper; May 17, 2017).
Provide hacker details, outfit that claimed data leak told (Mahendra Singh; The Times of India; May 18, 2017).
UIDAI asks Centre for Internet & Society to provide hacker details (Mahendra Singh; Economic Times; May 18, 2017).
Hack exposes Zomato's weak protection of customer data, say Cyber experts (Alnoor Peermohamed; Business Standard; May 19, 2017).
What’s Hard To Digest About The Zomato Hacking (Aayush Ailawadi; Bloomberg Quint; May 19, 2017).
UIDAI puts posers to CIS over Aadhaar data leak claim (Press Trust of India and Financial Express; May 19, 2017).
Faking it on WhatsApp: How India's favourite messaging app is turning into a rumour mill (Samarth Bansal; Hindustan Times; May 19, 2017).
Debate over #Aadhaar Turns Nasty as Critics Accuse Supporters of Online Trolling (Ajoy Ashirwad Mahaprahasta; The Wire; May 19, 2017).
Hacker steals 17 million Zomato users’ data, briefly puts it on dark web (Kim Arora and Digbijay Mishra with inputs from Ranjani Ayyar; The Times of India; May 19, 2017).
UIDAI goes after org that disclosed government departments were releasing Aadhaar data (Nikhil Pahwa; May 19, 2017).
Developer releases WannaCry key-recovery tool for Windows XP (Cirilo Laguardia; Hoyen TV; May 20, 2017).
Will Aadhaar leaks be used as an excuse to shut out scrutiny of welfare schemes? (Anumeha Yadav; Scroll.in; May 20, 2017).
Microsoft says WannaCry ransomware must be a wake-up call for governments (Journaldu Maghreb; May 20, 2017).
Noida cyber cell gives tips on preventing WannaCry attack (Juana McKenzie; World News Journal; May 20, 2017).
Chinese state media says U.S. should take some blame for cyber attack (Ellis Neal; Villages Suntimes; May 21, 2017).
Zomato hack: You need to enhance online security with a password manager (Sanjay Kumar Singh; Business Standard; May 23, 2017).
Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program (Shweta Modgil; Inc 42; May 23, 2017).
iSpirt's Sharad Sharma: Sorry, I trolled Aadhaar critics (Shalina Pillai and Anand J; The Times of India; May 24, 2017).
Sharad Sharma's case shows how rampant troll culture has become under Modi (Catch News; May 25, 2017).
Aadhaar Card: One Identity, Multiple Disorders (Gaurav Raj; India Saga; May 25, 2017).
Tweets from the afterlife (Heena Khandelwal; DNA; May 28, 2017).
BBMP faces ire for publishing pourakarmikas' Aadhaar details on website (Bharat Joshi; Economic Times; May 29, 2017).

CIS members wrote the following articles

Aadhaar Case: Beyond Privacy, An Issue of Bodily Integrity (Amber Sinha and Aradhya Sethia; Quint; May 1, 2017).
Digital native: Free speech? You must be joking! (Nishant Shah; Indian Express; May 14, 2017).
Digital native: Look before you (digitally) leap (Nishant Shah; Indian Express; May 28, 2017).

Submission

Comments on the draft Policy on IT Accessibility for People with Disabilities (Nirmita Narasimhan; May 19, 2017).

►Copyright

Blog Entries

34th SCCR: A Summary Report (Anubha Sinha; May 15, 2017).
34th SCCR: CIS Statement on the Proposal for Analysis of Copyright Related to the Digital Environment (Anubha Sinha; May 15, 2017).
34th SCCR: CIS Statement on the Discussion on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; May 15, 2017).
34th SCCR: Observer Statements on Proposal for Analysis of Copyright related to the Digital Environment (Anubha Sinha; May 30, 2017).
34th SCCR: Observer Statements on Limitations and Exceptions for Educational and Research Institutions (Anubha Sinha; May 30, 2017).
34th SCCR: Observer Statements on Limitations and Exceptions for Libraries and Archives (Anubha Sinha; May 30, 2017).

Participation in Event

Fixing Copyright for Education (SCCR34 Side Event) (Hosted by Communia, EIFL, Creative Commons, and PIJIP; May 5, 2017). Anubha Sinha was a speaker.

►Wikipedia

Blog Entries

Wiki Loves Mayabazaar (Pavan Santhosh; May 1, 2017).
Marathi Wikipedia Symposium at Gokhale Institute Of Politics & Economics (Subodh Kulkarni; May 1, 2017).
Digitisation, Wikimedia Commons and Wikisource Orientation Workshop at Vigyan Ashram, Pabal, Pune District (Subodh Kulkarni; May 4, 2017).
Thematic Edit-a-thon at J.P.Naik Centre for Education & Development, Pune (Subodh Kulkarni; May 10, 2017).
Train The Trainer 2017 (Manasa Rao; May 10, 2017).
Continuing community engagement: Communities of interest and Quarrying (Manasa Rao; May 19, 2017).
Preliminary research result on Wikipedia gender gap in India (Ting-Yi Chang; May 22, 2017).
MediaWiki Training 2017 (Tito Dutta and Ananth Subray; May 23, 2017).
Mini TTT and MWT held in Kolkata (Tito Dutta; May 23, 2017).

Note: The workshops for the above blog posts were held earlier but the reports were published during the month of May.

►Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Blog Entry

SoI’s Open Series Maps Fails to Implement Public Sharing of Govt Data (Geospatial World; May 4, 2017). Sumandro Chattapadhyay was interviewed.

-----------------------------------

Internet Governance
-----------------------------------

►Freedom of Speech and Expression

Submission

Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement (Vidushi Marda with inputs from Pranesh Prakash and Sunil Abraham; May 31, 2017).

Event Organized

Communication Design and Visualising Information (CIS, Bengaluru; May 5, 2017). Saumyaa conducted a session on the broad principles of communication design and visualising information.

Participation in Events

World Press Freedom Day 2017 (UNESCO and the Digital Empowerment Foundation; New Delhi; May 3, 2017). Udbhav Tiwari participated in the event.
Consilience 2017 - A Conference on Artificial Intelligence & Law (Organized by National Law School of India University; May 20, 2017). Vidushi Marda was a panelist.

►Privacy

Submission

Comments on the Statistical Disclosure Control Report (Srinivs Kodali and Amber Sinha; May 2, 2017).

Blog Entry

(Updated) Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information (Amber Sinha and Srinivas Kodali; May 1, 2017).

Events Organized

Stand Shielded of Digital Rights (CIS; New Delhi; May 5, 2017). Amutha Arunachalam gave a talk.
Meeting on Proactive Disclosure and Personal Data (CIS; New Delhi; May 13, 2017).

Participation in Events

4th National Standards Conclave Evolving a Comprehensive National Strategy for Standards Sectoral and Regional Inclusiveness (Organized by Ministry of Commerce and Industry and the Confederation of Indian Industry; May 1 - 2, 2017).
Stockholm Internet Forum 2017 (Organized by Swedish International Development Cooperation Agency; Stockholm; May 15 to 18, 2017). Elonnai Hickok was a panelist in the session, "Private sector and civil society collaboration to advance freedom online".
Open house on information breaches (Organized by Has Geek; Bengaluru; May 26, 2017). Udbhav Tiwari was a speaker.
T20 Germany and Beyond: Digital Economy (Organized by GIZ and EPF; May 29 - 30, 2017). Elonnai Hickok participated in a round-table discussion.

-----------------------------------

Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Policies to Sustain India's Market (Shyam Ponappa; Business Standard; May 3, 2017 and Organizing India Blogspot; May 4, 2017).

Blog Entry

Tech Anthropology Today: Collaborate, Rather than Fetishize from Afar (Geert Lovink and Ramesh Srinivasan; nettime.org; May 16, 2017).

Participation in Event

Consultative Meeting for a Digital Archive Lab (Organized by Ambedkar University, New Delhi; May 20, 2017). P.P. Sneha participated in the meeting.

-----------------------------------

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/may-2017-newsletter

Online Trolls Attack Critics of India's Aadhaar State ID System

praskrishna — 2017-06-07T13:34:00Z

India's biometric state ID system has been leaking citizens’ data for months. When this information surfaced in April 2017, it stoked fears that the system could be used as an instrument of surveillance against Indian residents.

The blog post by Rohith Jyothish was published by Global Voices on May 31, 2017.

The Unique Identity Authority of India (UIDAI), which administrates the system known as Aadhaar (meaning foundation in Hindi) maintains that it only collects minimal personal data and stores it securely. But critics have firmly expressed doubts about these claims.

The implications of these leaks, and of any system flaw in Aadhaar technology, are substantial, especially for Indians who depend on the Aadhaar system in order to authenticate their identities when they use any number of government services. The Aadhaar system has become the gatekeeper of state systems and services ranging from voting to financial savings to food subsidies.

The digital sphere is now starting to see a pushback against Aadhaar critics through articles and blogposts that describe concerned citizens and privacy experts as the ‘anti-Aadhaar brigade‘ and accuse them of publishing “half-truths” and “spread[ing] confusion to advance their own interests.” One such article was even featured on the UIDAI website.

Some of the most well-researched critiques of the system have come from the Centre for Internet and Society (CIS), an inter-disciplinary research organisation in Bangalore that has now become a target of the pro-Aadhaar lobby. Shortly after CIS released a report that pointed out security flaws in the Aadhaar ecosystem, the UIDAI accused the organization of hacking into the Aadhaar system themselves.

In fact, CIS had investigated databases of four specific government websites. Three were available publicly, the fourth one was accessible by simply changing one of the URL parameters. Following the accusation from UIDAI, CIS clarified that the Aadhaar numbers along with other sensitive personal financial information like bank account details were made available by government websites themselves, putting a sizeable portion of Indian citizens at risk of financial fraud.

The Press Trust of India (India's largest news agency) referred to it as a “flip-flop”, which was contested by researchers at CIS.

Independent technology news platform Medianama reported that the accusation by the UIDAI is regrettably consistent with previous actions in which they filed a case against a journalist for exposing flaws in Aadhaar's enrollment mechanism.

A website called ‘Support Aadhaar‘ and its Twitter handle sought to collate opinions supporting Aadhaar and quell those speaking against it. However, most of their messages appear to evade or deflect the concerns that critics have raised by touting the benefits of the system and portraying critics as having a poor understanding of the benefits of technology.

Many Twitter users have also begun noticing patterns in the pro-Aadhaar posts:

Meanwhile, several critics of Aadhaar have repeatedly been trolled by anonymous handles on Twitter. These ‘sock puppet’ accounts seemed to be targeting those who criticise Aadhaar on social media.

One of the most active trolls issued an open challenge to reveal their identity with just their Aadhaar number. Technology entrepreneur Kiran Jonnalagadda accepted the challenge and found that ‘@Confident_India’, one of the many anonymous troll Twitter handles, is Sharad Sharma, the co-founder and director of iSPIRT Foundation (Indian Software Product Industry Roundtable), the software lobby that built the backbone of the Aadhaar ecosystem.

Sharma accidentally tweeted a denial from the troll account which has since been deleted. He then tweeted again from his personal handle which was captured.

iSPIRT officially denied allegations by Jonnalgadda that the “evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.” India Stack is the digital infrastructure that has been built over Aadhaar.

But several other Twitter users have confirmed that Sharma's phone number is linked to ‘@Confident_India’. By their own admission, iSPIRT seemed to have an officially sanctioned project intended to systematically challenge anti-Aadhaar campaigners in online platforms. But they refuse to term these actions as “trolling”.

However, Sharma later made an apology for trolling and called it a “lapse of judgement”. CIS Executive Director Sunil Abraham seemed to appreciate the message. He tweeted: Bravo to @sharads for this! All of us at @cis_india look fwd to collaborating with @Product_Nation & @sharads to serve Indian s/w sector. https://twitter.com/sharads/status/866943195678035968 …

iSPIRT is an initiative which finds far-reaching support from several IT industry leaders in India. What is worrying is that there is still no clarification from iSPIRT on the identities of the other anonymous trolls and their position on trolling against genuine concerns raised by citizens.

More than a week after the trolling revelations, iSPIRT announced on its website, the results of an investigation carried out by an Internal Guidelines and Compliance Committee over the allegations against Sharma of operating the anonymous handles, ‘@Confident_India’ and ‘@Indiaforward2′. Jonnalgadda was one of the trolling victims who testified in the internal meeting. A summary of the investigation was posted bafflingly by the accused himself in which he says that project Sudham has been dissolved and that he has been told to not make public appearances on behalf of iSPIRT for four months while he remains Director and the face of the organisation. FactorDaily reported that iSPIRT members on the condition of anonymity said that Pallav Nadhani (Founder, Chief Executive, FusionCharts) and Naveen Tewari (Co-founder, InMobi) who quit iSPIRT were upset with their excessive focus on India Stack.

One wonders whether this kind of behavior would be treated differently if it took place offline. Is intimidating those who appear to be ‘detractors’ the most effective way of dealing with criticism? Why is a software lobby taking it upon themselves to defend the idea of Aadhaar and India Stack through such means?

Many are hoping that experts on both sides of the issue can find a way to debate questions around the privacy and security of Aadhaar's technology — that affect some 1.3 billion people — in a more democratic way.

For more details visit https://cis-india.org/internet-governance/news/global-voices-rohith-jyothish-may-31-2017-online-troll-attack-critics-of-indias-aadhaar-state-id-system

Sharad Sharma Apologises for Trolling Aadhaar Critics; Unmasking Ispirit's Controversial Trolling Program

praskrishna — 2017-05-26T01:08:09Z

Last weekend I was at Aditi Mittal’s standup comedy show in Mumbai where she made a cheeky remark that stayed with me – “Do you guys know what India’s soft power is today? It is trolling!”

The blog post by Shweta Modgil was published by Inc 42 on May 23, 2017.

While she was poking fun at the Snapchat-Snapdeal-Evan Spiegel controversy, in a bizarre coincidence those words came back to haunt me three days later. That was when one of biometric authentication system Aadhaar’s most vocal critics, Kiran Jonnalagadda, co-founder of Internet Freedom Foundation (IFF), an advocacy group, revealed in a series of tweets that @Confident_India, one of the anonymous accounts arguing in favour of Aadhaar and attacking its critics on Twitter, was being operated by none other than Sharad Sharma, the founder of software products think tank iSPIRT.

At the time, Sharad had completely denied that he was tweeting from an anonymous account. But today, on Twitter, Sharad apologised for the anonymous trolling on Twitter.

In a tweet, Sharad stated that “There was a lapse of judgement on my part. I condoned tweets with uncivil comments. So I’d like to unreservedly apologise to everybody who was hurt by them.”

He added that “Anonymity seemed easier than propriety, and tired as I was by personal events and attacks on iSPIRT’s reputation, I slipped.” Furthermore, he stated that he would not be part of anything like this again or allow such behaviour to continue. He also revealed that an iSPIRT Guidelines and Compliance Committee (IGCC) has been set up to investigate the matter and recommend corrective action.

On Catching a Troll

On 17 May, Kiran tweeted out a revelation, which shook a lot of people – “Have we caught an Aadhaar troll?” Kiran used Twitter’s account reset option on Confident_India with Sharad Sharma’s number to see if it is was accepted. And, as per a screenshot posted by him, it did.

This was further corroborated by many other Twitter users. Medianama’s Nikhil Pahwa (and co-founder of IFF) also confirmed the same, tweeting that the troll account does link to Sharad Sharma.

In a detailed Medium post, Kiran then revealed how he investigated the rise of anonymous Twitter accounts and trolls responding to critics of Aadhaar. But what he revealed next was the shocking part – that at the 27th Fellows meeting of the think tank, a plan was hatched to respond to critics of India Stack which involved the use of trolls. A group called Sudham, created earlier, divided people who were broadcasting different views on Aadhaar, into different categories and then underlined various proposals on dealing with them. One of the groups called “archers” was entrusted to carry out the mainstream debate, while another group of “swordsmen” was entrusted to challenge people who were categorised as informed yet “trolling.” Swordsmen would do this by coordinating on WhatsApp with quick responses and in numbers.

Kiran got a hold of the presentation and also shared how one controversial slide also showed a detractor matrix.

It is this slide which Kiran uses to illustrate the fact that: “ iSPIRT has an officially sanctioned trolling program where the trolls coordinate on WhatsApp and attack together on Twitter, exactly the behaviour seen in all the tweets above—and I’ve only covered the leader’s tweets. There are at least a dozen known troll accounts that attack in packs.”

First Denial

Back when the information was first revealed, Sharad Sharma responded by denying that he was tweeting from the @Confident_India Twitter account.

He further added that he was in for a family emergency in the US. And that he was clueless as to why his number was linked with that account.

But, interestingly, what roused the investigator’s suspicions was that Sharad shared the same denial from another troll account @indiaforward2 – which was captured by another Twitter user before it was deleted.

The denial from Sharad’s true account came half an hour later. But the damage had been done and all fingers pointed in the direction of Sharad Sharma engaging in trolling from those accounts. Kiran then wrote another damning post on Sharad’s dubious denial.

As can be guessed, all the tweets related to this matter from Sharad’s and Indiaforward’s accounts have been deleted. The last tweet from Confident India’s account on 17 May professed that he is not Sharad Sharma.

Meanwhile, iSPIRT finally responded to Kiran’s revelations on Medium –“We want to categorically state that the allegations against iSPIRT coordinating and/or promoting any troll campaign are false and the evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack.”

The post further explained that in its Fellows meeting held in February and April 2017, it did address the issue of the chatter around India Stack. It says, “Our volunteer, Tanuj Bhojwani, led the discussion and we outlined our strategy for dealing with our detractors. The slide in question is clearly titled “Detractor Matrix.” The slide outlines how we classify those speaking against India Stack, and how we are engaging with them. We called one category of people “informed yet trolling (IYT),” a category of people deliberately misleading people, despite understanding the nuance behind the debate.”

The post admitted that the think tank encouraged volunteers to respond to these IYT Twitter handles directly from their own personal handles. However, at no point did it endorse or recommend anonymous trolling.

“We are aware that some volunteers and their friends have created an anonymous campaign to Support Aadhaar. This is not a troll campaign, but an informational one. It is also not an iSPIRT campaign.”

It concluded with: “Kiran’s motivated misrepresentation of the slides perhaps speaks to his biases against iSPIRT.” The post added that it plans to investigate the confusion around the alleged mobile number and account link and clarify all outstanding questions.

Meanwhile coming back to trolling from where we started. Though Sharad’s apology did not say directly whether he operated the two Twitter accounts — @Confident_ India and @Indiaforward2 — which he was suspected of using for trolling- he signs off by saying that he requests “those who I have disappointed to look at this as an exception.”

The Aadhaar Controversy

While the series of incidents raises many doubts over an esteemed organisation such as iSPIRT, the controversy over Aadhaar, India’s massive biometric identification programme, has been raging for many months now.

Over the last few months, it has come under fire for not addressing the privacy concerns of an individual and leaking individual data. Aadhaar critics have pointed out that it is more a mass surveillance tool, can lead to identity thefts, and linking basic services with it spells doom.

This month, a CIS (Centre for Internet and Society ) report revealed that Aadhaar numbers and personal information of as many as 135 million Indians could have been leaked from four government portals, due to lack of IT security practices. The report claimed that the absence of “proper controls” in populating the databases could have disastrous results as it may divulge sensitive information about individuals, including details about the address, photographs, and financial data. It also added that as many as 100 Mn bank account numbers could have been “leaked.”

However, on May 16, the CIS updated its report and clarified that although the term ‘leak’ was originally used 22 times in its report, it is at “best characterised as an illegal data disclosure or publication and not a breach or a leak.” It also claimed that some of its findings were “misunderstood or misinterpreted” by the media and that it never suggested that the biometric database had been breached.

Meanwhile, the Aadhaar-issuing authority UIDAI has asked CIS to explain its sensational claim that 13 crore Aadhaar numbers were “leaked” and provide details of servers where they are stored. The UIDAI also wants CIS to clarify what kind of “sensitive data” is still with the Centre or anyone else. The UIDAI has strongly denied any breach of its database and has asked CIS to provide details such as the servers where the downloaded “sensitive data” is stored.

While the security of the above-mentioned Aadhaar data is still being debated, the government’s push towards making it compulsory across industries has become a major topic of debate in India.

From linking bank accounts, to PAN numbers, to obtaining free gas connections under the Pradhan Mantri Ujjwala Yojana, to linking scholarships to linking Aadhaar numbers to social welfare schemes for electronically disbursing money to specific beneficiaries, or the Aadhaar-enabled Payment System (AEPS), the government has been pushing on with Aadhaar to make it a mandatory ID rather than the voluntary one it was envisaged to be originally. India still does not have a data protection and privacy law and making Aadhaar mandatory in such a country is not without risks.

Given the fact that the UIDAI cannot afford to carry out authentication-based rollouts across schemes in haste as the failure rate of AEPS can lead to denial of direct benefits, it makes more sense to retain Aadhaar as a voluntary authenticator, at least until the government solves on-ground issues around Aadhaar-based authentication. Because any failure can erode public faith in Aadhaar as the beneficiary would not get his rightful ration over authentication failure— and, to that extent, in the government itself. So, for beneficiaries who depend on public distribution systems (PDS) for rice, sugar, kerosene or oil, authentication failure is a serious problem.

It is to this effect that PILs (public interest litigation suits) have been filed in the Supreme Court stating that making Aadhaar compulsory is illegal and would virtually convert citizens into “slaves” as they would be under the government’s surveillance all the time. The Supreme Court had itself stated in August 2015 that Aadhaar cards will not be mandatory for availing benefits of government’s welfare schemes and had also barred authorities from sharing personal biometric data collected for enrollment under the scheme.

Last month too, it lambasted the Narendra Modi-led BJP government at the Centre for making Aadhaar card a mandatory prerequisite to avail government services. The court will examine all applications against Aadhaar on June 27 2017, while the government remains steadfast on not extending the deadline of June 30 by which various schemes such as the grant of scholarships, Sarva Shiksha Abhiyan and various other social welfare schemes were to seek mandatory Aadhaar number.

While the debate rages on, controversies keep on piling up. Recently, linking people living with HIV/ AIDS with Aadhaar cards has allegedly driven away patients from hospitals and antiretroviral therapy (ATR) centres in Madhya Pradesh. As per health department sources, the MP State AIDS Control Society made Aadhaar card number compulsory from February this year for those affected by the virus to get free medicines and treatment in accordance with the Central government’s policy making Aadhaar mandatory to avail benefits of any government scheme.

However, this led to negative fallout as many patients and suspected victims started avoiding ATR centres and district hospitals after the new rule came into effect. The patients feared that the compulsory submission of Aadhaar card to get free medicines and medical check-ups could lead to the disclosure of their identity, inviting social stigma.

While there is no denying the fact that, in a welfare state, technology can play a big role in enabling the state to hand out entitlements more efficiently and distribute public services at scale. But doing the same at the cost of an individual citizen’s privacy and resting it all on one mandatory number whose authentication is still not completely foolproof, is hardly the way a welfare state would like to operate.

For more details visit https://cis-india.org/internet-governance/news/inc42-may-23-2017-shweta-modgil-sharad-sharma-aplogises-for-trolling-aadhaar-critics

Aadhaar Card: One Identity, Multiple Disorders

praskrishna — 2017-05-26T00:01:54Z

It is still hazy to see the desperation of the union government to imposing the Aadhaar Card mandatory when matters related to Aadhaar Card are already sub judice.

This was blog post by Gaurav Raj was published by India Saga on May 25, 2017.

The constitutionality of Aadhaar is yet to be decided by the Supreme Court, however, the enrolment of Aadhaar has reached the mark of more than one billion. Recently, the government declared Aadhaar mandatory to file Income Tax Return (ITR) while the Supreme Court is opined not to treat Aadhaar mandatory, but voluntarily. Now it is imperative of the government to confide the citizens that the Aadhaar information- demography and biometrics-are in safe hands, a debate which has been heating up, and the contempt of the court’s decision by the government is for greater good. But the uproar against the speculation of identity revelation threat and possible misuse of Aadhaar details by the government-corporate nexus, plausible reasons to doubt the security of privacy, which is a fundamental right of Indian citizen. Ironically, after the Finance Minister Arun Jaitley defended the ‘Aadhaar Money Bill controversy’ filed by former congress MP Jairam Ramesh in the court, the Supreme Court is in dilemma and yet to decide whether ‘Right to Privacy' is a fundamental right or not.

Why Aadhaar Card Mandatory?

Nandan Nilekani, the co-founder of Infosys and the ideologue of Aadhaar, said that Aadhaar will change the PDS system in India since it ensures no ghost or fake beneficiaries to avail unentitled benefits of the various welfare schemes and subsidies. Nilekani also says that there might be margin of error up to 5 per cent in distributing the subsidies or benefits of various welfare schemes to the masses. The top-honcho technocrat has also defended Aadhaar that any breach of privacy of citizens is not possible as the Unique Identification Authority of India (UIDAI) is efficient to secure the public data under CIDR.

The government claims that the corruption-mounted Public Distribution System (PDS) in India is reformed due to the introduction of the 12 digit unique identification number. More than 40000 crore have been saved in the form of exchequer due to curb of fake and ghost beneficiaries in the PDS system. Now if we believe Nilekani claim of 5% error, then more than 5 crore beneficiaries would be losing their benefits due the error in the biometric identification. The Infosys co-founder later said that if there is a margin of error then ‘One Time Password’ (OTP) comes in. However, he didn’t define what if there is a congestion of network in the remotest Indian villages where phone signals are rare? Standing on the PDS shop waiting for food grains and network, is certainly not an ideal way to avail the benefits of the government welfare schemes. In 2011, activist and writer Ruchika Gupta said in an interview to Tahalka, “The UID cannot address the bulk of delivery problems in the two of the biggest social sectors programmes like MGNREGA and PDS. Linking UID with social sector legislation is completely baseless.”

PAN Card Linked with Aadhaar Card?

The government has directed the Reserve Bank of India to make Aadhaar mandatory for Income Tax Return filing. Currently, there are approximately 24.37 crores PAN holders in India, however 3.8 crore people file income tax return every year. There have been cases of people owned not more than one but 100 PAN Cards with them. PAN cards in India are mostly used by the citizens as a proof of identity. The government believes that PAN card linking with Aadhaar will curb the tax evasion.

How Safe Is Your Data In This Panopticon Model Of Mass Surveillance?

In the late 18th century, the well-known English social reformer and jurist Jeremy Bentham wanted to build a ‘panoptican’ for a mass surveillance of the prisoners in England. He advocated designing an institutional building be used to keep an eye on all the jail inmates by a single watchman. Very similarly, India is witnessing the biggest surveillance program ever under the name of single identity and availing benefits of governments’ schemes. Another logic behind enrolment of Aadhaar is the ‘national security’. National security? How can any government ensure national security backing Aadhaar, when international companies have been hired in consortium to collect residents’ biometric and demography details? In 2010, Accenture, Mahindra-Satyam Morpho and L1 identity solutions were pooled in by UIDAI for leveraging de-duplication exercise of Aadhaar and data collection. L1 Identity Solutions’ top brasses are the former Director CIA George Tenet and former Homeland Security deputy secretary Adm James. With its headquarters in Connecticut, this company is one of the biggest defence contractors specialised in facial recognition and biometrics. L1 Identity Solutions and Accenture work in a close affinity to US intelligence agencies. This is an age of information. Corporate houses and big telecom players are dying to get details of consumers. Obvious are the concerns about the safety and security of the people’s data. It is feared that the database can be used for various marketing and business purposes.

CIDR, A Single Database Of People’s Data

Central Identities Data Repository (CIDR) is a data management and storing agency in India which is initiated for the Aadhaar project. It is regulated by the statutory body of Unique Identification Authority of India (UIDAI). This centralised database is probably one of the biggest repositories on this planet.

In 2010, experts had claimed that more than a thousand government sites and portals were attacked more than 4000 times by China alone in one year. In April 2011, 77 million Sony Playstations and digital media delivery service Qriocity were hacked which resulted into a shutdown of the network for a week. The London School of Economics also reported that a central database of vulnerable to hacking and other terrorist and cyber crime activities. Recently Wannacry Ransomware virus hits the globe. More than 99 countries were affected.

Building one single repository for billions of Aadhaar Card data seems to be a big risk in the most vulnerable country where dat breach is at most.

Data Leak Crisis

UIDAI has so far spent approximately 5982.62 crores for more than a billion enrolments of Aadhaar Cards. 1615.34 crores have been spent between the financial year 2015-2016. Centre for Internet and Society, Bengaluru-based organization (CIS) has learned that data of more than 130 million Aadhaar card holders has been leaked from four government websites. They are National Social Assistance Programme, National Rural Employment Guarantee Scheme, Chandranna Bima Scheme and Daily Online Payments Reports of NREGA. It also includes Bank details and other confidential details of millions of residents.

What is Next?

The Lok Sabha has passed the Aadhaar Bill as Money Bill. Mukul Rohatgi said in the Supreme Court that according to Article 110 of the constitution, there is use of consolidated funds of India so the bill is a Money bill. Chief Justice Khehar said, “Your object might be good but whether it is a ‘Money Bill’ or not is the question.” Justice Ramana referred to a 2014 judgment passed by the Apex court that courts had no jurisdiction over procedurals matters of legislative.” In response P. Chidambram, the counsel for Jairam Ramesh said, “This petition is not about a procedural matter. There has been substantive infraction.”

For more details visit https://cis-india.org/internet-governance/news/the-indiasaga-may-25-2017-aadhaar-card-one-identity-multiple-disorders