Centre for Internet and Society

India Still Trying To Turn Optional Aadhaar Identification Number Into A Mandatory National Identity System

praskrishna — 2016-03-24T06:34:21Z

from the sliding-down-the-slippery-slope-to-disaster dept

The blog post was published by Tech Dirt on March 22, 2016. CIS research on Aadhaar was quoted.

Last year, we wrote about India's attempt to turn the use of its Aadhaar system, which assigns a unique 12-digit number to all Indian citizens, into a requirement for accessing government schemes. An article in the Hindustan Times shows that the Indian government is still pushing to turn Aadhaar into a mandatory national identity system. A Bill has just been passed by both houses of the country's parliament, which seeks to give statutory backing to the scheme -- in the teeth of opposition from India's Supreme Court:

There have been orders passed by the Supreme Court that prohibit the government from making Aadhaar mandatory for availing government services whereas this Bill seeks to do precisely that, contrary to the government's argument that Aadhaar is voluntary.

The article notes that in some respects, the new Bill brings improvements over a previous version:

It places stringent restrictions on when and how the UID [Unique Identification] Authority (UIDAI) can share the data, noting that biometric information -- fingerprint and iris scans -- will not be shared with anyone. It seeks prior consent for sharing data with third party. These are very welcome provisions.

But it also contains some huge loopholes:

The government will get sweeping power to access the data collected, ostensibly for "efficient, transparent, and targeted delivery of subsidies, benefits and services" as it pleases "in the interests of national security", thus confirming the suspicions that the UID database is a surveillance programme masquerading as a project to aid service delivery.

The fact that an optional national numbering system now seems to be morphing into a way to monitor what people are doing will hardly come as a surprise to Techdirt readers, but this continued slide down the slippery slope is still troubling, as are other aspects of the new legislation. For example, it was introduced as a "Money Bill," which is normally reserved for matters related to taxation, not privacy. That suggests a desire to push it through without real scrutiny. What makes this attempt to give the Aadhaar number a much larger role in Indian society even more dangerous is the possibility that it won't work:

A recent paper in the Economic and Political Weekly by Hans Mathews, a mathematician with the [Centre for Internet and Society], shows the programme would fail to uniquely identify individuals in a country of 1.2 billion.

A mandatory national identity system that can't even uniquely identify people: sounds like a recipe for disaster.

For more details visit https://cis-india.org/internet-governance/news/tech-dirt-march-22-2016-india-still-trying-to-turn-optional-aadhaar-identification-number-into-mandatory-national-identity-system

India sees biggest improvement in Internet freedom, says report

praskrishna — 2014-12-07T11:08:34Z

Big stride ascribed to removal of restrictions imposed in 2013; globally, Internet freedom sees decline.

The article by Moulishree Srivastava was published in Livemint on December 5, 2014. Sunil Abraham gave his inputs.

India fared better this year when it came to freedom of the Net, while globally Internet freedom declined for the fourth consecutive year in 2014 with a growing number of countries introducing more aggressive online censorship and monitoring practices, said a report by Freedom House, an independent watchdog.

The global Freedom on the Net report 2014, which covered the period between 1 May 2013 and 31 May 2014 and was released on Thursday, said India scored 42 points this year, an improvement of five points over the previous reporting period.

It’s the largest increase in Internet freedom over the past year and was ascribed to the removal of temporary restrictions on access and content that had been imposed in 2013 to stem an exodus of people from north-eastern states from wherever else they were in India.

Of the 65 countries assessed, 36 saw a decline in Internet freedom. The most significant declines were in Russia, Turkey and Ukraine. Iran, Syria and China are the world’s worst abusers of Internet freedom, said Freedom House.

A low score indicates higher Internet freedom.

The US remained relatively free compared with the rest of the world with a total score of 19, the report said.

“Any report on Internet freedom that ranks US as free cannot be taken seriously,” said Sunil Abraham, executive director of the Bengaluru-based research organization Centre for Internet and Society.

There is massive intellectual property rights (IPR)-related censorship in the US, which Freedom House does not consider censorship, and the total surveillance regime of the National Security Agency that resulted in self-censorship was also ignored by Freedom House, he said.

In India, curbs on content and arrests related to online publishing under Section 66A of the information technology (IT) Act declined in the past year.

There have been nine criminal complaints filed against social media posts in the period, but the Supreme Court did its bit by curtailing arrests for online expression under the IT Act.

Independently, the Supreme Court is assessing the constitutionality of provisions in the IT Act and secondary legislation that restrict content and criminalize speech online. Section 66A of the IT Act criminalizes a wide range of speech and led to several arrests for social media posts in 2012 and early 2013. On 2 December, the Supreme Court asked the government to clarify its stand on the constitutionality of these provisions by 9 December.

Several petitioners have also challenged parts of the IT Act, including rules introducing potential criminal liability for intermediary companies for content posted by third parties, as unconstitutional in the Supreme Court.

“Legislation and procedures to effectively protect privacy, meanwhile, remain lacking, and the scope of a privacy law currently being drafted is unclear,” said the Freedom House report.

India was expected to get a privacy law before the launch of the Unique ID, or Aadhar, programme, but this has not happened.

“Allegations of procedural abuses by state officials in surveillance cases have emerged in the states of Himachal Pradesh and Gujarat, in the latter while the present Prime Minister was chief minister,” the report said. “Partly in response to these scandals, the government tightened procedures in January 2014, saying officials must issue interception orders to telecommunications providers in written form, though they still require no warrant or judicial oversight.”

Currently, the government can retrieve data from intermediaries such as Internet service providers, which are required to install infrastructure for surveillance and keyword scanning of all traffic passing through each gateway.

What can curb Net freedom substantially in India, according to the report, is the Indian government’s ambitious nationwide surveillance programme, the Central Monitoring System, which allows authorities to monitor individuals’ digital communications directly without issuing orders to service providers, written or otherwise—that is, “without judicial oversight”.

The move allows government agencies to intercept any online activities, phone calls, text messages and even social media conversations in real time by directly accessing interception equipment on intermediary premises.

The Indian government also requested user information from international Web-based platforms including Google Inc., which received 2,794 data requests from Indian government agencies from January to June 2014. Facebook Inc. got 3,598 such requests and Twitter Inc. 19.

Apoorva contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-december-5-2014-moulishree-srivastava-india-sees-biggest-improvement-in-internet-freedom

India second in requesting user info: Google

praskrishna — 2012-11-15T09:40:10Z

India is at second place after the US in terms of the government requests for user data from Google

Karthik Subramanian's article was published in the Hindu on November 14, 2012. Pranesh Prakash is quoted.

The Indian government made the second largest demand for Web user information — next only to the United States government — to Google in the six-month period from January to June this year, according to the ‘Transparency Report’ published by the Web services major on Tuesday.

During the six-month period, the Indian government — both by way of court orders and by way of requests from police— requested Google to disclose user information 2,319 times over 3,467 users/accounts. Google fully or partially complied with the request to the tune of 64 per cent. Only the U.S. government requested more data during the period — 7,969 requests over 16,281 accounts, compliance rate: 90 per cent.

It is the sixth time Google has brought out the bi-annual report detailing its interactions with the world government agencies. It details two categories of interactions : requests to divulge user data; and requests to pull down content. India ranked seventh in the list of requests to pull down data; experts say that the possible reason could be the government not having such powers under the Constitution.

Pranesh Prakash, policy director with Bangalore-based Centre for Internet and Society, said that the Google report was a damning indictment of the country’s government exceeding its constitutional bounds by demanding removal of material for defamation, government criticism, etc., without a valid court order. "There are no laws in our country that allows the executive or the police to remove such material without a court order."

Substantial spike

In all, 33 countries figure in the report. There was a substantial spike when compared to previous reports with respect to the number of requests from various governments to pull down content.

"In the first half of 2012, there were 20,938 inquiries from government entities around the world. Those requests were for information about 36,614 accounts,” wrote Dorothy Chou, Google’s senior policy analyst, on the Official Google Blog while presenting the report. “The number of government requests to remove content from our services was largely flat from 2009 to 2011. But it’s spiked in this reporting period. In the first half of 2012, there were 1,791 requests from government officials around the world to remove 17,746 pieces of content."

Google is leading the cause for voluntary disclosure of the interactions it has with the governments. Other web services that put out similar transparency reports include micro-blogging site Twitter; cloud storage service Dropbox; and social networking site Linkedin.

Mr. Prakash said it was not enough if just the web services put out such reports. "The telecom service providers must voluntarily come out with such information," he added.

"There is a dearth of public information about the amount of legal interception and surveillance. This does not bode well in a democratic polity."

For more details visit https://cis-india.org/news/the-hindu-sci-tech-internet-karthik-subramanian-nov-14-2012-india-second-in-requesting-user-info-google

India second in keeping tabs on netizens

praskrishna — 2012-11-15T09:04:01Z

India ranks second globally in accessing private details of its citizens, next only to the US, if the latest data from Google is to be believed.

The article by Ishan Srivastava was published in the Times of India on November 15, 2012, Pranesh Prakash is quoted.

The transparency report by the internet search giant lists out requests it received from governments across the world to access information on the users of its various services.

In the first six months of 2012, India made 2,319 requests involving 3,467 users. In comparison, the US made 7,969 requests in the same period and Brazil, which comes third, sent 1,566 requests. Globally, there were 20,938 requests for user data during the January-June period. The data can include your complete Gmail account, chat logs, Orkut profile and search terms among others. These reports are prepared by Google every six months, and were started in July-December 2009.

The requests for user data from India doubled from 1,061 in July-December 2009 to 2,207 in July-December 2011.

"Though India is a large country with a significant number of internet users, this data is nonetheless an indicator of growing surveillance," said Pranesh Prakash, policy director at Centre for Internet and Society (CIS), a Bangalore-based organization looking at issues of public accountability, internet freedom and openness.

"India lacks a general privacy law that helps set guidelines for such user requests, despite privacy being a constitutional right as part of the right to life," said Prakash.

India also actively sends requests to take down content which it deems defamatory and against national security. While the number of court orders for taking down web content has remained almost stagnant over the years, there has been a rise in the number of requests by the executive and police. Between January and June this year, there were 20 court orders and 64 requests from executive/police that resulted in 596 items being taken down from the web. In comparison, there were only eight court orders and 22 executive/police requests in January-June 2010, resulting in 125 items being taken down.

"The government does not always specify the reason for which they want access. They just want access, what they do with the information is not known to us," said a legal adviser to an MNC. "These requests come with a threat to our continued operation in India."

Falsified court orders are also being employed to seek removal of content. Three such court orders were sent to Google "that demanded the removal of blog posts and entire blogs for alleged defamation." One order was said have been issued by a local court in Andheri, Mumbai while the other two by the Delhi high court. But all the three were found to be fake.

Google says a single court order was responsible for removal of 360 items this year as they "contained adult videos that allegedly violated an individual's personal privacy." While such orders have a positive impact like curbing pornography and violent content, governments at every level have also tried to use these requests to take down unfavourable content or criticism.

In January-June 2011 period, Google received "requests from state and local law enforcement agencies to remove YouTube videos that displayed protests against social leaders or used offensive language in reference to religious leaders". Google rejected a majority of these requests. It also received a request from a law enforcement agency to remove 236 communities and profiles from Orkut that were critical of a local politician. Google did not remove them either.

"Prior to 2009, government had limited powers of interception. However, after 26/11 they gave themselves huge powers to block and monitor content," said Supreme Court lawyer Pavan Duggal. "Data privacy is non-existent in India." He said that the A P Shah Committee, which was formed to recommend principles for a privacy law, has submitted its report to the Planning Commission and now it is up to the government to take it to the next stage.

Both Prakash and Duggal said that technology companies in India, including telecom players, should come out with similar transparency reports as Google. A report by international watchdog Privacy International says that Bharti Airtel, in its 2010-2011 annual report, said it had received 422 appreciation letters from law enforcement agencies for assistance in lawful interceptions. "The Indian IT Act requires electronic audit by firms but the law is silent on how this audit is filed," said Duggal.

Globally, Dropbox, LinkedIn, Sonic.net and Twitter release transparency reports apart from Google.

For more details visit https://cis-india.org/news/times-of-india-india-times-tech-tech-news-internet-ishan-srivastava-nov-15-2012-india-second-in-keeping-tabs-on-netizens

India ranks second globally in accessing private details of users

praskrishna — 2012-11-19T04:49:23Z

According to the latest transparency report released by Google, India ranks second in the world for accessing private details of its citizens, only after the U.S. The Google report lists out requests it received from governments across the world to access details of users of its various services.

Kul Bhushan's blog post was published in thinkdigit on November 15, 2012. Pranesh Prakash is quoted.

Google's data reveals India had made 2,319 requests involving 3,467 users in the first six months. The U.S. made 7,969 requests, while Brazil, which ranks third, made 1,566 requests during the same period. Worldwide 20,938 requests were made during the January-June period. The report says the information shared included complete Gmail account, chat logs, Orkut profile and search terms among others.

The requests for accessing user data from India had grown two-fold from 1,061 in July-December 2009 to 2,207 in July-December 2011, the report points out.

According to the report, India has been consistently sending requests to remove content which it brands as defamatory and against national security. The court orders, however, to take down content has remained almost stagnant over the years; though requests from the executive and police have grown.

In the first six months this year, there were 20 court orders and 64 requests from executive/police that resulted in 596 items being taken down from the web. During the January-June 2010 period, there were only eight court orders and 22 executive/police requests, resulting in 125 items being taken down. Read about Google's previous transparency report here.

"Though India is a large country with a significant number of internet users, this data is nonetheless an indicator of growing surveillance," Times of India quotes Pranesh Prakash, policy director at Centre for Internet and Society ( CIS), a Bangalore-based organization looking at issues of public accountability, internet freedom and openness, as saying.

"India lacks a general privacy law that helps set guidelines for such user requests, despite privacy being a constitutional right as part of the right to life," added Prakash.

For more details visit https://cis-india.org/news/thinkdigit-internet-kul-bhushan-nov-15-2012-india-ranks-second-globally-in-accessing-private-details-of-users

India must support UN's e-snooping move: Human rights activists

praskrishna — 2013-11-19T09:10:02Z

India is facing pressure from internet and human rights activists to support a United Nations resolution that calls for an end to electronic spying after revelations of mass illegal surveillance by the United States.

The article by Indu Nandakumar was published in the Economic Times on November 11, 2013. Sunil Abraham is quoted.

The resolution, jointly submitted by Brazil and Germany - vocal opponents of US cyber spying - urged UN member states to act against excessive surveillance. Records leaked by whistleblower Edward Snowden had exposed US eavesdropping on Brazil's President Dilma Rousseff and German Chancellor Angela Merkel.

Internet activists and experts said the world's largest democracy must join the resolution as a reaction to unfair surveillance by the US. Confidential documents from Snowden, a former US National Security Agency contractor showed India was one of the victims of US snooping.

"Decision-makers in India haven't made a principled stand on the issue. They are still debating and deliberating," said Oleg Demidov, program director for international information security and global internet governance at the Russian Center for Policy Studies.

Demidov said India was unlikely to join the resolution as it has strong language and measures that need to be implemented immediately. "Joining this would mean a big political step." The resolution, while not legally binding, can still be a formal vote against US spying. A senior government official in New Delhi said Brazil and Germany on Friday held consultations with all UN member states including India on the draft resolution.

India will take 'detailed' look

He said India will take a "detailed look" at the resolution over the coming days before deciding whether it wants to be part of it. Revelations about US government snooping on communication between governments and individuals has caused global outrage over the past few months.

Popular email and internet service providers locating their servers in the US makes tapping into communication lines easier for that country. Brazil is considering legislation that would require internet companies to store data locally.

Latest documents revealed by Snowden showed that NSA had been monitoring data that travels between servers of Yahoo and Google, thus accessing personal data of millions of internet users across the world, including Indian users. It had prompted strong reaction from Google, whose executive chairman Eric Schimdt called such snooping "outrageous."

A representative for the German federal foreign office said the resolution was submitted to "protect human rights in the digital age more effectively" and that all member states are invited to co-sponsor the resolution.

"Indians should press their own government to forcefully object to the United States' surveillance policies and demand that those policies be brought into conformity with international law," said Jameel Jaffer, deputy legal director of the American Civil Liberties Union, an influential civil rights union based in New York. Jaffer said while no one questions the US government's right to engage judicially supervised surveillance, "dragnet surveillance of entire populations is a severe and unnecessary infringement on the privacy of millions."

He said that reforming the policies of NSA would require pressure from outside the US, especially foreign governments.

The pushback against mass surveillance is taking place in the backdrop of India and US looking to strengthen their economic relationship. Issues such as the US immigration reform bill which is seen as detrimental by India's $75 billion softw are export industry, and India's nuclear liability law, which US companies find unreasonable, have been irritants in bilateral relations.

Another senior government official said India's stance on US surveillance has been soft as any discussion on the subject would bring India's Central Monitoring System into the spotlight. The system, similar to the US government's PRISM project, gives the government access to phone calls, text messages and even social media conversations of individuals.

Sunil Abraham, executive director of Bangalore based think-tank Centre for Internet and Society, said India must be a part of the efforts by Brazil and Germany.

"Surveillance needs to be addressed both at technological as well as policy levels." Former diplomat and foreign affairs expert G Parthasarathy acknowledged the need for international consensus to protect individual privacy but doubted whether snooping by governments will ever end.

"Yes, the Americans are over-doing it, but India cannot condemn it because we have been doing the same thing. India monitored conversations between (Pakistan army chief) Pervez Musharraf and his chief of general staff (Mohammed Aziz) during the Kargil conflict. The point is everyone does it, but Americans got caught."

For more details visit https://cis-india.org/news/economic-times-november-11-2013-indu-nandakumar-india-must-support-un-e-snooping-move

India is falling down the facial recognition rabbit hole

Prem Sylvester and Karan Saini — 2019-07-25T13:40:00Z

Its use as an effective law enforcement tool is overstated, while the underlying technology is deeply flawed.

The article by Prem Sylvester and Karan Saini was published in the Wire on July 23, 2019.

In a discomfiting reminder of how far technology can be used to intrude on the lives of individuals in the name of security, the Ministry of Home Affairs, through the National Crime Records Bureau, recently put out a tender for a new Automated Facial Recognition System (AFRS).

The stated objective of this system is to “act as a foundation for a national level searchable platform of facial images,” and to “[improve] outcomes in the area of criminal identification and verification by facilitating easy recording, analysis, retrieval and sharing of Information between different organizations.”

The system will pull facial image data from CCTV feeds and compare these images with existing records in a number of databases, including (but not limited to) the Crime and Criminal Tracking Networks and Systems (or CCTNS), Interoperable Criminal Justice System (or ICJS), Immigration Visa Foreigner Registration Tracking (or IVFRT), Passport, Prisons, Ministry of Women and Child Development (KhoyaPaya), and state police records.

Furthermore, this system of facial recognition will be integrated with the yet-to-be-deployed National Automated Fingerprint Identification System (NAFIS) as well as other biometric databases to create what is effectively a multi-faceted system of biometric surveillance.

It is rather unfortunate, then, that the government has called for bids on the AFRS tender without any form of utilitarian calculus that might justify its existence. The tender simply states that this system would be “a great investigation enhancer.”

This confidence is misplaced at best. There is significant evidence that not only is a facial recognition system, as has been proposed, ineffective in its application as a crime-fighting tool, but it is a significant threat to the privacy rights and dignity of citizens. Notwithstanding the question of whether such a system would ultimately pass the test of constitutionality – on the grounds that it affects various freedoms and rights guaranteed within the constitution – there are a number of faults in the issued tender.

Let us first consider the mechanics of a facial recognition system itself. Facial recognition systems chain together a number of algorithms to identify and pick out specific, distinctive details about a person’s face – such as the distance between the eyes, or shape of the chin, along with distinguishable ‘facial landmarks’. These details are then converted into a mathematical representation known as a face template for comparison with similar data on other faces collected in a face recognition database. There are, however, several problems with facial recognition technology that employs such methods.

Facial recognition technology depends on machine learning – the tender itself mentions that the AFRS is expected to work on neural networks “or similar technology” – which is far from perfect. At a relatively trivial level, there are several ways to fool facial recognition systems, including wearing eyewear, or specific types of makeup. The training sets for the algorithm itself can be deliberately poisoned to recognise objects incorrectly, as observed by students at MIT.

More consequentially, these systems often throw up false positives, such as when the face recognition system incorrectly matches a person’s face (say, from CCTV footage) to an image in a database (say, a mugshot), which might result in innocent citizens being identified as criminals. In a real-time experiment set in a train station in Mainz, Germany, facial recognition accuracy ranged from 17-29% – and that too only for faces seen from the front – and was at 60% during the day but 10-20% at night, indicating that environmental conditions play a significant role in this technology.

Facial recognition software used by the UK’s Metropolitan Police has returned false positives in more than 98% of match alerts generated.

When the American Civil Liberties Union (ACLU) used Amazon’s face recognition system, Rekognition, to compare images of legislative members of the American Congress with a database of mugshots, the results included 28 incorrect matches.

There is another uncomfortable reason for these inaccuracies – facial recognition systems often reflect the biases of the society they are deployed in, leading to problematic face-matching results. Technological objectivity is largely a myth, and facial recognition offers a stark example of this.

An MIT study shows that existing facial recognition technology routinely misidentifies people of darker skin tone, women and young people at high rates, performing better on male faces than female faces (8.1% to 20.6% difference in error rate), lighter faces than darker faces (11.8% to 19.2% difference in error rate) and worst on darker female faces (20.8% to 34.7% error rate). In the aforementioned ACLU study, the false matches were disproportionately people of colour, particularly African-Americans. The bias rears its head when the parameters of machine-learning algorithms, derived from labelled data during a “supervised learning” phase, adhere to socially-prejudiced ideas of who might commit crimes.

The implications for facial recognition are chilling. In an era of pervasive cameras and big data, such prejudice can be applied at unprecedented scale through facial recognition systems. By replacing biased human judgment with a machine learning technique that embeds the same bias, and more reliably, we defeat any claims of technological neutrality. Worse, because humans will assume that the machine’s “judgment” is not only consistently fair on average but independent of their personal biases, they will read agreement of its conclusions with their intuition as independent corroboration.

In the Indian context, consider that Muslims, Dalits, Adivasis and other SC/STs are disproportionately targeted by law enforcement. The NCRB in its 2015 report on prison statistics in India recorded that over 55% of the undertrials prisoners in India are either Dalits, Adivasis or Muslims, a number grossly disproportionate to the combined population of Dalits, Adivasis and Muslims, which amounts to just 39% of the total population according to the 2011 Census.

If the AFRS is thus trained on these records, it would clearly reinforce socially-held prejudices against these communities, as inaccurately representative as they may be of those who actually carry out crimes. The tender gives no indication that the developed system would need to eliminate or even minimise these biases, nor if the results of the system would be human-verifiable.

This could lead to a runaway effect if subsequent versions of the machine-learning algorithm are trained with criminal convictions in which the algorithm itself played a causal role. Taking such a feedback loop to its logical conclusion, law enforcement may use machine learning to allocate police resources to likely crime spots – which would often be in low income or otherwise vulnerable communities.

Adam Greenfield writes in Radical Machines on the idea of ‘over transparency,’ that combines “bias” of the system’s designers as well of the training sets – based as these systems are on machine learning – and “legibility” of the data from which patterns may be extracted. The “meaningful question,” then, isn’t limited to whether facial recognition technology works in identification – “[i]t’s whether someone believes that they do, and acts on that belief.”

The question thus arises as to why the MHA/NCRB believes this is an effective tool for law enforcement. We’re led, then, to another, larger concern with the AFRS – that it deploys a system of surveillance that oversteps its mandate of law enforcement. The AFRS ostensibly circumvents the fundamental right to privacy, as ratified by the Supreme Court in 2018, through sourcing its facial images from CCTV cameras installed in public locations, where the citizen may expect to be observed.

The extent of this surveillance is made even clearer when one observes the range of databases mentioned in the tender for the purposes of matching with suspects’ faces extends to “any other image database available with police/other entity” besides the previously mentioned CCTNS, ICJS et al. The choice of these databases makes overreach extremely viable.

This is compounded when we note that the tender expects the system to “[m]atch suspected criminal face[sic] from pre-recorded video feeds obtained from CCTVs deployed in various critical identified locations, or with the video feeds received from private or other public organization’s video feeds.” There further arises a concern with regard to the process of identification of such “critical […] locations,” and if there would be any mechanisms in place to prevent this from being turned into an unrestrained system of surveillance, particularly with the stated access to private organisations’ feeds.

The Perpetual Lineup report by Georgetown Law’s Center on Privacy & Technology identifies real-time (and historic) video surveillance as posing a very high risk to privacy, civil liberties and civil rights, especially owing to the high-risk factors of the system using real-time dragnet searches that are more or less invisible to the subjects of surveillance.

It is also designated a “Novel Use” system of criminal identification, i.e., with little to no precedent as compared to fingerprint or DNA analysis, the latter of which was responsible for countless wrongful convictions during its nascent application in the science of forensic identification, which have since then been overturned.

In the Handbook of Face Recognition, Andrew W. Senior and Sharathchandra Pankanti identify a more serious threat that may be born out of automated facial recognition, assessing that “these systems also have the potential […] to make judgments about [subjects’] actions and behaviours, as well as aggregating this data across days, or even lifetimes,” making video surveillance “an efficient, automated system that observes everything in front of any of its cameras, and allows all that data to be reviewed instantly, and mined in new ways” that allow constant tracking of subjects.

Such “blanket, omnivident surveillance networks” are a serious possibility through the proposed AFRS. Ye et al, in their paper on “Anonymous biometric access control”, show how automatically captured location and facial image data obtained from cameras designed to track the same can be used to learn graphs of social networks in groups of people.

Consider those charged with sedition or similar crimes, given that the CCTNS records the details as noted in FIRs across the country. Through correlating the facial image data obtained from CCTVs across the country – the tender itself indicates that the system must be able to match faces obtained from two (or more) CCTVs – this system could easily be used to target the movements of dissidents moving across locations.

Constantly watched

Further, something which has not been touched upon in the tender – and which may ultimately allow for a broader set of images for carrying out facial recognition – is the definition of what exactly constitutes a ‘criminal’. Is it when an FIR is registered against an individual, or when s/he is arrested and a chargesheet is filed? Or is it only when an individual is convicted by a court that they are considered a criminal?

Additionally, does a person cease to be recognised by the tag of a criminal once s/he has served their prison sentence and paid their dues to society? Or are they instead marked as higher-risk individuals who may potentially commit crimes again? It could be argued that such a definition is not warranted in a tender document, however, these are legitimate questions which should be answered prior to commissioning and building a criminal facial recognition system.

Senior and Pankanti note the generalised metaphysical consequences of pervasive video surveillance in the Handbook of Face Recognition:

“the feeling of disquiet remains [even if one hasn’t committed a major crime], perhaps because everyone has done something “wrong”, whether in the personal or legal sense (speeding, parking, jaywalking…) and few people wish to live in a society where all its laws are enforced absolutely rigidly, never mind arbitrarily, and there is always the possibility that a government to which we give such powers may begin to move towards authoritarianism and apply them towards ends that we do not endorse.”

Such a seemingly apocalyptic scenario isn’t far-fetched. In the section on ‘Mandatory Features of the AFRS’, the system goes a step further and is expected to integrate “with other biometric solution[sic] deployed at police department system like Automatic Fingerprint identification system (AFIS)[sic]” and “Iris.” This form of linking of biometric databases opens up possibilities of a dangerous extent of profiling.

While the Aadhaar Act, 2016, disallows Aadhaar data from being handed over to law enforcement agencies, the AFRS and its linking with biometric systems (such as the NAFIS) effectively bypasses the minimal protections from biometric surveillance the prior unavailability of Aadhaar databases might have afforded. The fact that India does not have a data protection law yet – and the Bill makes no references to protection against surveillance either – deepens the concern with the usage of these integrated databases.

The Perpetual Lineup report warns that the government could use biometric technology “to identify multiple people in a continuous, ongoing manner [..] from afar, in public spaces,” allowing identification “to be done in secret”. Senior and Pankanti warn of “function creep,” where the public grows uneasy as “silos of information, collected for an authorized process […] start being used for purposes not originally intended, especially when several such databases are linked together to enable searches across multiple domains.”

This, as Adam Greenfield points out, could very well erode “the effectiveness of something that has historically furnished an effective brake on power: the permanent possibility that an enraged populace might take to the streets in pursuit of justice.”

What the NCRB’s AFRS amounts to, then, is a system of public surveillance that offers little demonstrable advantage to crime-fighting, especially as compared with its costs to fundamental human rights of privacy and the freedom of assembly and association. This, without even delving into its implications with regard to procedural law. To press on with this system, then, would be indicative of the government’s lackadaisical attitude towards protecting citizens’ freedoms.

The views expressed by the authors in this article are personal.

For more details visit https://cis-india.org/internet-governance/blog/india-is-falling-down-the-facial-recognition-rabbit-hole

India for inclusive internet governance

praskrishna — 2014-05-05T10:36:52Z

India wants "core internet infrastructure" to be part of an international legal system that would accommodate governments, civil society and other stakeholders. In typical Indian diplomatic style, its position can be interpreted to mean everything and nothing.

The article by Indrani Bagchi published in the Times of India on April 25, 2014 quotes Sunil Abraham.

An MEA team, led by joint secretary Vinay Kwatra, told Net Mundial (forum for internet governance) in Brazil on Thursday, "The elements of India's approach on internet governance respond to its growing complexity and rests in supporting the dynamism, security and openness of a single and unfragmented cyberspace. We also support innovation and robust private sector investment to augment internet's continuing growth and evolution."

The Indian position is essentially an MEA position, because there has been little prior inter-agency consultation in the government. In fact, while the MEA had decided upon its team almost a month ago, the department of information technology woke up only last week. It was on Friday that the nodal ministry for IT-related issues even agreed to send a team to Brazil on Monday- the same team that the MEA was sending. If nothing else, sources said, this only highlighted the lack of seriousness within the Indian system.

Kwatra said internet should have a democratic governing system involving everyone, which would essentially mean creating a parallel international system. While India does not want the status quo to continue, there is no clarity whether it favours a multilateral or a multi-stakeholder system. India, like China, wants a strong state presence in the decision-making process of internet governance because "it is used for transactions of core economic, civil and defence assets at national level and in the process, countries are placing their core national security interests in this medium". On the other hand, it wants unfettered access to knowledge and technology as a nation-building and governance tool.

Additionally, India wants non-governmental stakeholders to be properly audited and a "clear delineation of principles governing their participation, including their accountability, representativeness, transparency and inclusiveness". There is a crying need for India to clearly define the future it expects to thrive in.

Sunil Abhraham of Bangalore-based Centre for Internet and Society says India should take the lead in defining new internet rules, keeping its future in mind. "We could use patent pools and compulsory licensing to provide affordable and innovative digital hardware to the developing world. This would ensure that rights-holders, innovators, manufactures, consumers and government would all benefit ... We could explore flat-fee licensing models like a broadband copyright cess or levy to ensure that users get content at affordable rates and rights-holders get some royalty from all internet users in India. This will go a long way in undermining the copyright enforcement-based censorship regime that has been established by the US. We could enact a world-class privacy law and establish an independent, autonomous and proactive privacy commissioner who will keep both private and state actors on a short lease. We need a scientific, targeted surveillance regime that is in compliance with human rights principles. This will make India simultaneously an IP and privacy haven and thereby attract huge investment from the private sector, and also earn the goodwill of the global civil society and independent media."

This is more than the Indian government has thought of.

While no binding decisions are expected from Brazil this week, the high profile event is expected to trigger a high-level debate on possible reforms. India, say officials, needs to come up with concrete proposals. This is imperative after the US made two crucial decisions on internet governance this year. In March the US announced that by September 2015 it would give up oversight of the Internet Corporation for Assigned Names and Numbers (ICANN), a California-based non-profit group, that assigns domain names. But the US is clear it will not hand over the levers to any organization that can be controlled by any other country. This week, the US' FCC dealt a body blow to the concept of "net neutrality" (which essentially functions on the premise that access to the internet is the same for everyone) by allowing companies like Disney and Google to pay for premium internet speeds.

Countries like China, Russia, Saudi Arabia (may be even Iran) seek to control net access for their citizens as a measure of political control. Second, cyber offensive by countries which are ramping up capacity in these fields could take over internet governance structures if they are not crafted carefully enough. If the US is relinquishing control over ICANN, the next global battle is likely to be over who takes over that mantle. This makes it important to get net governance right. At least China has a plan: It wants the UN to take control. India wants a bit of everything, without actually giving it a shape, making it virtually impossible to shape the debate.

For more details visit https://cis-india.org/news/the-times-of-india-april-25-indrani-bagchi-india-for-inclusive-internet-governance

India Digital Freedom Series: Internet Shutdowns, Censorship and Surveillance

gurshabad — 2021-01-11T10:07:30Z

A series of reports on digital rights and civic space in India, focusing on four areas where restrictive policies threaten fundamental freedoms and impede public participation: internet shutdowns, censorship, platform governance and surveillance.

Read the reports

1. Introduction, Background and Methodology by Arindrajit Basu

2. Internet Shutdowns: Threats to Digital Access by Torsha Sarkar, Manogna Matam and Gurshabad Grover

3. Censorship: Threats to Expression by Matam Manogna, Torsha Sarkar, Gurshabad Grover and Kanav Khanna

4. Platforms as Gatekeepers: Threats to Digital Space by Torsha Sarkar and Gurshabad Grover

5. Surveillance and Data Protection: Threats to Privacy and Digital Security by Mira Swaminathan and Arindrajit Basu

Background

Amidst global trends towards authoritarianism and closing space for civil society, India’s dynamic changing landscape calls for ongoing attention. In the last year alone, upheaval around the Citizenship Amendment Act protests, sectarian violence and communal riots in Delhi and elsewhere, the emergence of Covid-19, and issues of statelessness and discrimination have raised questions about the state of civic freedoms in India. At the same time, efforts to mold and restrict civil society, through funding limitations and a narrative against activism and ‘foreign agents,’ continue to reverberate across the non-profit sector. Technology has played a major role in all of these developments, with expression and democratic debate increasingly carried into the digital sphere, and privacy, data, and surveillance taking center stage, particularly amidst a global pandemic. India additionally has the notorious distinction of being the world’s democracy with the longest-running internet shutdown. Other examples of how digital rights are being impacted in India abound: possible government-sanctioned surveillance on activists and journalists; various forms of censorship, and denial of access to information.

Documentation and consideration of such phenomena is critical, given the role digital developments will play shaping Indian society in the 21st century. Technology can be a great enabler of constitutional values, welfare, and act as a facilitator of public discourse. It can also be used by the state to fetter the realization of constitutional rights and restrict the growth of civil society activism and public discourse. To date, there exists little comprehensive coverage of the overall universe of policies and laws affecting digital rights, and how their implementation is impacting Indian civil society actors, including non-profits, activists, media, minority groups, and others.

India’s constitutional ethos provides for a wide array of fundamental rights designed to protect and empower the most vulnerable. It views the state as a key actor in breaking existing barriers of structural inequality - something technology can play a role in - if designed and implemented reasonably, with the widest possible consultation. Given India’s status as the world’s most populous democracy, along with its considerable heft in the Information and Communications Technology (ICT) sector globally, how these issues play out will be critical for the future of digital civic space, in South Asia, Asia, and beyond.

This report undertakes an examination of key topics related to digital rights and civic space in India. It focuses on four areas of particular concern, where restrictive policies threaten to violate fundamental freedoms and restrict civil society and public participation. The topics covered include: 1) Internet Shutdowns, 2) Online Censorship, 3) Platform Governance, and 4) Surveillance. Each chapter begins with a factual overview identifying the scope of the problem across the country. It proceeds to evaluate relevant Indian laws and regulations affecting the enjoyment of fundamental human rights of members of civil society online, including the rights to free association, assembly, expression, privacy, access to information and public participation. The chapter then summarizes relevant international law and standards, many of which are obligatory on the Indian government and constitute binding international commitments, and concludes with some reflections and recommendations.

Ultimately, the report emphasizes the importance of a free, fair, and democratic digital civic space in line with international law and best practices. It evaluates ongoing Indian policies in the four topic areas in light of these standards, and provides suggestions for paths to reform that Indian policymakers can undertake to enable the use of technology in consonance with India’s rich constitutional ethos.

Methodology

This report was researched and written by the Centre for Internet and Society (CIS), with support from the International Center for Not-for-Profit Law (ICNL). Researchers at CIS with specialized knowledge in digital rights undertook an expansive review of a wide range of sources related to this topic, including academic scholarship and legal literature, news articles, government documents, laws, and other publications. In addition to desk research, two teams of CIS researchers travelled across five cities - Jodhpur and Jaipur (state of Rajasthan), Ahmedabad (state of Gujarat), Siliguri (state of West Bengal), and Guwahati (state of Assam). Each of these states have a vibrant civic space, and have seen a number of individuals and organizations engaging with key issues in the digital space over the past months. Researchers interviewed a diverse array of stakeholders, including student activists, public interest lawyers, government officials, party workers, and journalists. While refraining from undertaking quantitative or empirical analysis of the fieldwork findings, the qualitative insights and data gathered from these interviews were instrumental in the shaping of this report.

This report uses the World Bank’s definition of “civil society,” namely: “a wide array of organizations: community groups, non-governmental organizations [NGOs], labour unions, indigenous groups, charitable organizations, faith-based organizations, professional associations, and foundations.” However, to truly understand public participation in a democracy, the report looks beyond organised groups and their workings, and examines how various individuals participate in public processes - including through protests, writing, and engagement through social media. Thus, when considering the impact of digital rights, this report did not limit its investigation only to organised civil society but considered a larger scope to engage with a broader notion of public participation.

Acknowledgements

The Centre for Internet and Society would like to thank the International Center for Not- for-Profit Law for the financial support that made the report possible. The authors would also like to thank Abhijit Roy, Arun Chauhan, Gajendra Singh Dahiya, Kumar Shubham, Manjula Pradeep, Rahul Bordoloi, Roshan Gupta, and many others who chose to remain anonymous for their inputs that informed the research; Akash T for research assistance; and Julie Hunter, Lisa Vermeer, and Nick Robinson for their feedback. Thanks also to the ICNL team for designing, formatting and editing the reports. All opinions and errors in the piece remain those of the authors.

We would also like to wholeheartedly thank The Legal Aid and Awareness Committee from the National Law University Jodhpur for helping us set up a number of interviews with key stakeholders.

For more details visit https://cis-india.org/internet-governance/blog/india-digital-freedom-series-internet-shutdowns-censorship-and-surveillance

India believes in Complete Freedom of Cyber Space: Kapil Sibal

praskrishna — 2013-10-25T07:13:44Z

The site of the impact of a cyber crime should determine jurisdiction, says information technology minister Kapil Sibal.

This article by Elizabeth Roche was published in Livemint on October 14, 2013. Moulishree Srivastava also contributed to this story. Sunil Abraham is quoted.

Minister for communications and information technology Kapil Sibal said on Monday that if a cyber crime had an impact on India or the subject matter was Indian, India should have the jurisdiction to investigate the crime and mete out justice.

India “believes in complete freedom of cyber space”, Sibal said, adding that the international community should arrive at a consensus on rules of jurisdiction and enforceability where cyber crimes are concerned. He was speaking at a conference on cyber security and cyber governance in New Delhi.

“Freedom of expression is central to our ideological stand on cyber space but at the same time there must be a de facto recognition of threats that are out there in cyber space and that we need to deal with those threats locally, nationally and globally and what we need is a consensus on those,” the minister said.

He was asked specifically about the need for changes in the global Internet governance structure following a US admission that its National Security Agency listened in on communications from the embassies of allies such as France, Italy and Greece, as well as Japan, Mexico, South Korea, India and Turkey.

The site of the impact of a cyber crime should determine jurisdiction, the minister said.

He gave an example: if anything happens in an Indian mission located in New York, it should be governed by Indian law because the mission would be considered Indian territory.

“So as long as the source of the data is Indian and the impact is on India then the jurisdiction must be Indian and that should apply across the world,” he said.

“If the harm has been caused to Indian citizens or Indian property then jurisdiction should be Indian,” said Sunil Abraham, executive director at Centre for Internet and Society. “This principle has already been developed by Justice Murlidhar in Banyan Tree case. So this principle already has legal precedent.”

But Abraham added that “even if Indian courts believe that it is their jurisdiction, foreign law enforcement agencies may not co-operate. This may be one of the biggest challenges in implementing this principle”.

“This move could be seen as one enhancing cyber security, but since there is no universally accepted definition to cyber security and some government include speech regulation, surveillance, cyber crime and hacktivism a part of cyber security—there can be damaging consequences for human rights online,” Abraham said.

The minister’s statement assumes significance against the backdrop of a number of countries including India protesting the spying by the US National Security Agency (NSA) on their missions in Washington and New York.

According to many news reports, India was among the top five countries whose missions in the US were targeted by the NSA as part of a clandestine effort to mine electronic data. Reports of the US snooping has caused unease world wide.

German Chancellor Angela Merkel raised the issue with US President Barack Obama in June while Brazil’s President Dilma Rouseff reportedly cancelled a summit with the US President in protest last month.

According to the ministry of external affairs in New Delhi, India raised the issue with the US embassy in New Delhi besides taking up the issue with the US state department in Washington. Both sides agreed to discuss the subject during their cyber security dialogue.

“That’s the law in the country...if anything happens there (in Indian embassies) that is part of Indian jurisdiction and similarly if you apply the same example and establish jurisdiction then anything that relates to Indian data and the impact on Indian data, it’s the courts in India that should have jurisdiction,” Sibal added later.

“We are talking about a principle and the principle is wherever there is Indian data wherever anything is done to impact on Indian data, the source of which is Indian then the jurisdiction must be of Indian courts,” the minister said adding that he was putting this view out as something the cyber security seminar should discuss.

India’s national security adviser Shiv Shankar Menon added that what the minister had voiced was India’s view but it was not a settled matter and that it had to be discussed at global forums.

With around 40% of the 120 million smartphone users in India accessing the Internet through mobile phones, network protection was an imperative. “The consequences of manipulation or distortion...can be potentially disastrous.” Menon said recalling how morphed pictures of violence seemingly targeting a particular ethnic group, circulated on the Internet and via cell phones, had resulted in thousands of people fleeing home from their places of work last year.

On certification of hardware security, Menon said: “India has recently received authorizing nation status for IT products and testing labs in the country will now gain global recognition,” adding that this was an opportunity for Indian industry.

Sibal, in his address, said the Internet had become a means of empowerment of people and most of this was due to the enormous freedom provided by the Internet. But “there can be no concept of sovereignty in cyber space because there are no territorial issues involved”, he said.

For more details visit https://cis-india.org/news/livemint-october-14-2013-elizabeth-roche-moulishree-srivastava-india-believes-in-complete-freedom-of-cyber-space

In our anxiety about the Blue Whale Challenge, are we missing the elephant in the room?

Admin — 2018-01-03T02:09:11Z

In the beginning, the Blue Whale Challenge seemed like it had all the hallmarks of an urban legend: an online self-harm game that instructed victims to commit increasing degrees of violence upon themselves, finally convincing them to commit suicide. While it was whispered about in schools, college corridors and Reddit forums, reporters found it difficult to trace.

The blog post by Karishma Attari was published by Scroll on September 9, 2017.

But since then, it appears to be accruing a body count: multiple suicides and suicide attempts in Russia, Kenya, Brazil, China, Spain, Italy, Chile and India have been attributed to people signing up for the challenge. The stories are often accompanied by images of a blue whale carved onto the victim’s skin or a last selfie taken before committing suicide.

The latest incident in India involves the last-minute rescue of a teenager in Jodhpur who attempted suicide twice – first by jumping into Kalina Lake on September 4, and then by overdosing on sleeping pills – within the same week. The teenager had carved the shape of a whale on her arm, and when interviewed, revealed that unless she completed the last task of the challenge, she believed that her mother would die.

Most victims of the Blue Whale Challenge across the world appear to have a few things in common – they are young and vulnerable to abuse online, and their connection with the game is hard to substantiate. While the stories speak to our wariness of technology-dependence, and send our parenting instincts into nervous overdrive, there is very little evidence on ground that the game even exists.

Ever since the challenge was first reported on a Russian news portal, news reports have debunked its existence, raising questions about the media’s responsibility in spreading unsubstantiated rumours and the manner in which the issue is being used to argue against the influence of the internet and promote panic. Much of the coverage regarding the challenge’s possible influence, begs the question: how can teens be raised in a way that makes them safe from the internet?

The Blue Whale Challenge in India

Cyber-lawyer Karnika Seth, who authored the book Protection of Children on Internet, admits that it is impossible to generate the kind of surveillance required to nip perceived online threats – both on account of privacy laws and the sheer scale of effort such an exercise would require. She calls the unregulated internet in India a “mammoth problem that cannot be overlooked anymore”.

While there is no specific law to be applied to a situation like the alleged Blue Whale Challenge, Seth pointed to acts relating to the cyber space like the IT Act and the Protection of Children from Sexual Offences Act, along with inbuilt provisions within the Indian Penal Code, such as Act 305, that could be applied.

There have been approximately 10 reported cases of suicide in India, which are believed to be related to the Blue Whale Challenge. Google Trends show that Indian interest in the phenomenon has been overwhelming – the most common searched phrases have been “Download Blue Whale Game”, which might suggest that people are keen to inflict self-harm, or just morbidly curious (particularly in Kochi and Calcutta).

Timely intervention appears to have saved at least a few lives, such as the case of an engineering student in Kolkata who claimed that having completed several levels of the game, he was pulled back from the brink of suicide by his teacher, parents and a CID officer who counselled him. He was quoted as saying: “My message to whoever is in this game is stop before it is too late. It is not a game…they give you challenges and they take you to places you cannot come back from. They drive you to suicide.”

But despite this, the police in India have found no direct link between the suicides and the existence of any virtual moderator, who according to the Blue Whale legend, instructs victims to inflict self-harm. A lot of the so-called links have been proved to be hearsay and hysteria as seen in the case of a 12-year-old from Indore, whose mother clarified that while he had admitted to “playing games”, he had never heard of Blue Whale.

A disturbing trend

Pranesh Prakash, Policy Director at the Centre for Internet and Society, concluded: “All the available evidence points to this being a hoax, including those situations where teenagers have actually engaged in self-harm by carving a whale on their arm and have blamed the ‘Blue Whale app’ and a stranger threatening them. The children have subsequently been found to be lying through hard evidence, for instance the mobile operator finds no records of any messages or calls at those timings to the child’s number.”

While the first suicide linked to the alleged challenge emerged in Russia in 2015, Prakash added: “[E]ven the Russian police haven’t revealed any evidence in their possession in the arrests they have made related to the Blue Whale Challenge, nor have those cases gone to trial. How else can one explain the fact that there hasn’t been evidence of a ‘tutor’ in even a single one of the cases reported in India?”

There is, however, a huge problem regardless of whether the game exists: “The harm caused by the media sensationalism is quite real thanks to what is known as the Werther effect, leading to copycat suicides,” Prakash said.

Authorities in most countries where victims have appeared have treated these claims seriously. In May, the Russian Duma or parliament made it an act of criminal responsibility to create a pro-suicide group on social media. Authorities in China and other countries are monitoring mentions of the game on forums and live broadcasts. The Delhi Police have issued an advisory after a cyber cell spotted related hashtags and messages on social networking sites. In India, the Ministry of Electronics and Information Technology directed several internet companies such as Google, Facebook, Instagram, WhatApp, Microsoft and Yahoo to remove all links which direct users to the Blue Whale Challenge.

The real problem

Teenage suicide is a growing concern worldwide and India has one of the world’s highest suicide rates for youth aged between 15 and 29. In the US, suicide is documented as the second leading cause of death for young people. The Netflix original series 13 Reasons Why was banned in several countries over accusations that it glamourised teen depressives and suicides.

The real conversation we need to be having with the youth is about their reasons for choosing self-harm – about mental health and depression. Dr Depeak Raheja, a senior psychiatrist and vice-president of the Delhi Psychiatric Society, suggested that parents who suspect their child might have suicidal urges should address not just the issue of the game, “but also the underlying causative factors – isolation, low self-worth, hopelessness and underlying or active depression”.

One way in which this is already happening is through online mental health support groups which are promoted as alternatives to the Blue Whale Challenge. In Brazil, a designer has created a viral counter movement called the Pink Whale (Baleia Rosa), which relies on the collaboration of hundreds of volunteers and is based on positive tasks that combat depression. The British YouTuber HiggyPop has also set up an email service that sends daily Pink Whale challenges to participants. In the United States, a site called Blue Whale Challenge uses fifty days of tasks to promote mental health and well-being, while the Green Whale Challenge is a humorous version of the game in Argentina.

The fear and anxiety around the Blue Whale Challenge shows our willingness to project our fears of an unregulated internet onto anything that fits the profile, even as we override all evidence to the contrary. Instead, parents in particular must treat the tragic aftermath of popular suicide games as an opportunity to have a necessary, if belated, conversation about depression and mental health. The Blue Whale challenge may well turn out to be a hoax, but the challenge of keeping teenagers safe and healthy is a very real one.

Karishma Attari is the author of I See You and Don’t Look Down. She runs a workshop series called Shakespeare for Dummies and is currently writing a novel titled The Want Diaries. Her Twitter handle is @KarishmaWrites.

For more details visit https://cis-india.org/internet-governance/news/scroll-karishma-attari-september-9-2017-in-our-anxiety-about-the-blue-whale-challenge-are-we-missing-the-elephant-in-the-room

In India, Prism-like Surveillance Slips Under the Radar

praskrishna — 2013-07-03T09:31:18Z

Prism, the contentious U.S. data-collection surveillance program, has captured the world’s attention ever since whistle-blower Edward Snowden leaked details of global spying to the Guardian and Washington Post.

The article by Anjan Trivedi was published in Time World on June 30, 2013. Sunil Abraham is quoted.

However, it turns out India, the world’s largest democracy, is building its own version to monitor internal communications in the name of national security. Yet India’s Central Monitoring System, or CMS, was not shrouded in secrecy — New Delhi announced its intentions to watch over its citizens, however mutedly, in 2011, and rollout is slated for August. And while reports that the American system collected 6.3 billion intelligence reports in India led to a lawsuit at the nation’s Supreme Court, comparable indignation has been conspicuously lacking with the domestic equivalent.

CMS is an ambitious surveillance system that monitors text messages, social-media engagement and phone calls on landlines and cell phones, among other communications. That means 900 million landline and cell-phone users and 125 million Internet users. The project, which is being implemented by the government’s Centre for Development of Telematics (C-DOT), is meant to help national law-enforcement agencies save time and avoid manual intervention, according to the Department of Telecommunications’ annual report. This has been in the works since 2008, when C-DOT started working on a proof-of-concept, according to an older report. The government set aside approximately $150 million for the system as part of its 12th five-year plan, although the Cabinet ultimately approved a higher amount.

Within the internal-security ministry though, the surveillance system remains a relatively “hush-hush” topic, a project official unauthorized to speak to the press tells TIME. In April 2011, the Police Modernisation Division of the Home Affairs Ministry put out a 90-page tender to solicit bidders for communication-interception systems in every state and union territory of India. The system requirements included “live listening, recording, storage, playback, analysis, postprocessing” and voice recognition.

Civil-liberties groups concede that states often need to undertake targeted-monitoring operations. However, the move toward extensive “surveillance capabilities enabled by digital communications,” suggests that governments are now “casting the net wide, enabling intrusions into private lives,” according to Meenakshi Ganguly, South Asia director for Human Rights Watch. This extensive communications surveillance through the likes of Prism and CMS are “out of the realm of judicial authorization and allow unregulated, secret surveillance, eliminating any transparency or accountability on the part of the state,” a recent U.N. report stated.

India is no stranger to censorship and monitoring — tweets, blogs, books or songs are frequently blocked and banned. India ranked second only to the U.S. on Google’s list of user-data requests with 4,750 queries, up 52% from two years back, and removal requests from the government increased by 90% over the previous reporting period. While these were largely made through police or court orders, the new system will not require such a legal process. In recent times, India’s democratically elected government has barred access to certain websites and Twitter handles, restricted the number of outgoing text messages to five per person per day and arrested citizens for liking Facebook posts and tweeting. Historically too, censorship has been India’s preferred means of policing social unrest. “Freedom of expression, while broadly available in theory,” Ganguly tells TIME, “is endangered by abuse of various India laws.”

There is a growing discrepancy and power imbalance between citizens and the state, says Anja Kovacs of the Internet Democracy Project. And, in an environment like India where “no checks and balances [are] in place,” that is troubling. The potential for misuse and misunderstanding, Kovacs believes, is increasing enormously. Currently, India’s laws relevant to interception “disempower citizens by relying heavily on the executive to safeguard individuals’ constitutional rights,” a recent editorial noted. The power imbalance is often noticeable at public protests, as in the case of the New Delhi gang-rape incident in December, when the government shut down public transport near protest grounds and unlawfully detained demonstrators.

With an already sizeable and growing population of Internet users, the government’s worries too are on the rise. Netizens in India are set to triple to 330 million by 2016, according to a recent report. “As [governments] around the world grapple with the power of social media that can enable spontaneous street protests, there appears to be increasing surveillance,” Ganguly explains.

India’s junior minister for telecommunications attempted to explain the benefits of this system during a recent Google+ Hangout session. He acknowledged that CMS is something that “most people may not be aware of” because it’s “slightly technical.” A participant noted that the idea of such an intrusive system was worrying and he did not feel safe. The minister, though, insisted that it would “safeguard your privacy” and national security. Given the high-tech nature of CMS, he noted that telecom companies would no longer be part of the government’s surveillance process. India currently does not have formal privacy legislation to prohibit arbitrary monitoring. The new system comes under the jurisdiction of the Indian Telegraph Act of 1885, which allows for monitoring communication in the “interest of public safety.”

The surveillance system is not only an “abuse of privacy rights and security-agency overreach,” critics say, but also counterproductive in terms of security. In the process of collecting data to monitor criminal activity, the data itself may become a target for terrorists and criminals — a “honeypot,” according to Sunil Abraham, executive director of India’s Centre for Internet and Society. Additionally, the wide-ranging tapping undermines financial markets, Abraham says, by compromising confidentiality, trade secrets and intellectual property. What’s more, vulnerabilities will have to be built into the existing cyberinfrastructure to make way for such a system. Whether the nation’s patchy infrastructure will be able to handle a complex web of surveillance and networks, no one can say. That, Abraham contends, is what attackers will target.

National security has widely been cited as the reason for this system, but no one can say whether it will actually help avert terrorist activity. India’s own 9/11 is a case in point: the Indian government was handed intelligence by foreign agencies about the possibility of the 2008 Mumbai terrorist attacks, but did not act. This is a “clear indication that having access to massive amounts of data is not necessarily going to make people safer,” Kovacs tells TIME. However, officers familiar with the new system say it will not increase surveillance or enhance intrusion beyond current levels; it will only strengthen the policy framework of privacy and increase operational efficiency. Spokespersons and officials in the internal-security and telecom departments did not respond to requests or declined to comment.

The government has been cagey about details on implementation and extent. This ability to act however the authorities deems fit “just makes it really easy to slide into authoritarianism, and that is not acceptable for any democratic country,” Kovacs says. Indeed, India has seen that before — almost four decades ago, Indira Gandhi declared a state of emergency for 19 months, which suspended all civil liberties. Indians complaining about Prism may want to look a little closer to home.

For more details visit https://cis-india.org/news/time-world-anjan-trivedi-june-30-2013-in-india-prison-like-surveillance-slips-under-the-radar

In India, Biometric Data Storage Sparks Demands for Privacy Laws

praskrishna — 2016-03-23T02:27:05Z

In India, calls for strict privacy laws are growing after this week's passage of a measure that allows federal agencies access to biometric data of the nation's citizens, the world's largest such repository.

The article by Anjana Pasricha was published in Voice of America on March 18, 2016. Pranesh Prakash gave inputs.

The government says the use of biometrics will help cut rampant graft in the distribution of subsidies, but activists and opposition lawmakers warn it could usher in an era of increased state surveillance.

Raghubir Gaur, who works as an electrician in the capital, New Delhi, says he has never collected subsidized rations such as wheat and rice, because “somebody else has been taking the rations I should have gotten.” Now, with a national proof of identity, or "Aadhaar" card in his hands, Gaur says he is confident he will be able to access his designated subsidies.

The Aadhaar card is being used to give welfare benefits to the poor, who often cannot provide any proof identity, allowing corrupt officials to siphon entitlements.

The government says it has saved nearly $2 billion by preventing misuse of the subsidies in the last fiscal year alone.

Critics fear ‘police state’

Civil activists and research groups, however, have dubbed the Aadhaar program “surveillance technology” that constitutes a serious breach of privacy. They point to identity-verification systems in other countries, where cards or identification numbers are used for verification without creating a gigantic central database that documents every last transaction.

Indeed, the Aadhaar database also stores fingerprints and iris scans of every account holder, labeling each with a 12-digit identification number.

Concerns that this could lead to a massive invasion of privacy have been heightened because the new law allows the data to be used “in the interest of national security.”

“From verifying yourself to the ticket conductor on a train to someone who is delivering something at your house, all the way to opening a new bank account, all these transactions get logged against the centralized data base," says Pranesh Prakash of the Center for Internet and Society in Bangalore. "So this invades your life completely and thoroughly.”

Some lawyers and privacy advocates say this has made it even more important to support a strong privacy law to ensure the huge government database isn't misused.

Finance Minister Arun Jaitley has defended the biometrics legislation, saying the data will be accessed only in rare cases that require authorization by a senior official.

“You mark my words, you are midwifing a police state,” said lawmaker Asaduddin Owaisi, just one parliamentarian opposed passage of the legislation and found no comfort in Jaitley's assurances.

Fraud concerns

Despite objections, the bill was passed by legislators who argued that such a move is critical to ensuring subsidies reach intended beneficiaries in a country where millions are poor and illiterate.

Attempts to draft a right to privacy bill to protect individuals against misuse of data by government or private agencies date back to 2010, but have made little headway. The latest push started in 2014.

Citing a cyberattack targeting the U.S. government, in which a hacker gained access to the information of millions of people, research groups have also flagged security concerns around India’s ambitious Aadhaar program.

“If this database gets leaked, the entire identification system collapses because people will be able to authenticate themselves as anyone else. So identity fraud is a great concern,” said Prakash of the Center for Internet and Society.

Nearly one billion biometric identity cards have been issued in India in the last six years.

For more details visit https://cis-india.org/internet-governance/news/voice-of-america-anjana-pasricha-march-18-2016-in-india-biometric-data-storage-sparks-demands-for-privacy-laws

Implications of post-Snowden Internet localization proposals

praskrishna — 2014-07-03T07:09:25Z

The Ninth Annual Internet Governance Forum (IGF) Meeting will be held in Istanbul, Turkey on 2-5 September 2014. The venue of the meeting is Lütfi Kirdar International Convention and Exhibition Center (ICEC).

Sunil Abraham will be speaking in this workshop organized by Internet Society and Center for Democracy and Technology at the IGF.

Examples include mandatory storage of citizens' data within country, mandatory location of servers within country (e.g. Google, Facebook), launching state-run services (e.g. email services), restricted transborder Internet traffic routes, investment in alternate backbone infrastructure (e.g. submarine cables, IXPs), etc.

Localization of data and traffic routing strategies can be powerful tools for improving Internet experience for end-users, especially when done in response to Internet development needs. On the other hand, done uniquely in response to external factors (e.g. foreign surveillance), less optimal choices may be made in reactive moves.

How can we judge between Internet-useful versus Internet-harmful localisation and traffic routing approaches? What are the promises of data localization from the personal, community and business perspectives? What are the potential drawbacks? What are implications for innovation, user choice and the availability of online services in the global economy? What impact might they have on a global and interoperable Internet? What impact (if any) might these proposals have on user trust and expectations of privacy?

The objective of the session is to gather diverse perspectives and experiences to better understand the technical, social and economic implications of these proposals.

Name(s) and stakeholder and organizational affiliation(s) of institutional co-organizer(s)

Organizer:
Nicolas Seidler, Policy advisor
Technical community
Internet Society
Co-organizer:
Matthew Shears
Civil society
Center for Democracy and Technology

Names and affiliations (stakeholder group, organization) of speakers the proposer is planning to invite

Mr. Chris Riley, Senior Policy Engineer, Mozilla Corporation, Private sector (CONFIRMED)
Mr. Jari Arkko, Chair of the Internet Engineering Task Force, Technical community (CONFIRMED)
Mr. Christian Kaufmann, Director Network Architecture at Akamai Technologies, Private sector (CONFIRMED)
Ms. Emma Llanso, Director of Free Expression Project, Center for Democracy and Technology, Civil Society (CONFIRMED)
Mr. Sunil Abraham, Executive Director, Center for Internet and Society, India, Civil Society (CONFIRMED)
Mr. Thomas Schneider, Deputy head of international affairs, Swiss Federal Office of Communication (OFCOM), Government (CONFIRMED)

Name of Moderator(s)

Nicolas Seidler, Policy advisor, Internet Society

Name of Remote Moderator(s)

Konstantinos Komaitis

For more details visit https://cis-india.org/news/igf-2014-session-post-snowden-localisation

Implications of post-Snowden Internet Localization Proposals

praskrishna — 2014-10-05T08:59:27Z

Sunil Abraham was a speaker in this workshop organized by Center for Democracy and Technology on September 2, 2014.

Following the 2013-2014 disclosures of large-scale pervasive surveillance of Internet traffic, various proposals to "localize" Internet users' data and change the path that Internet traffic would take have started to emerge.

Examples include mandatory storage of citizens' data within country, mandatory location of servers within country (e.g. Google, Facebook), launching state-run services (e.g. email services), restricted transborder Internet traffic routes, investment in alternate backbone infrastructure (e.g. submarine cables, IXPs), etc.

Localization of data and traffic routing strategies can be powerful tools for improving Internet experience for end-users, especially when done in response to Internet development needs. On the other hand, done uniquely in response to external factors (e.g. foreign surveillance), less optimal choices may be made in reactive moves.

How can we judge between Internet-useful versus Internet-harmful localisation and traffic routing approaches? What are the promises of data localization from the personal, community and business perspectives? What are the potential drawbacks? What are implications for innovation, user choice and the availability of online services in the global economy? What impact might they have on a global and interoperable Internet? What impact (if any) might these proposals have on user trust and expectations of privacy?

The objective of the session is to gather diverse perspectives and experiences to better understand the technical, social and economic implications of these proposals.

For full details see the IGF website.

For more details visit https://cis-india.org/internet-governance/news/implications-of-post-snowden-internet-localization-proposals