Centre for Internet and Society

Surveillance: Privacy Vs Security

praskrishna — 2013-08-19T05:32:55Z

The Foundation for Media Professionals is organizing a debate at the India International Centre, New Delhi on August 17, 2013. Shri Kapil Sibal will give the opening speech. Natgrid chief Raghu Raman is one of the debaters. Pranesh Prakash is participating in this event as a panelist.

This was published by the Foundation for Media Professionals on their website. Also read the blog post by Vivian Fernandes and Ninglun Hanghal.

In the backdrop of the recent disclosures by US defense contractor Edward Snowden about the activity of the National Security Agency (NSA) and reports that NSA may have collaborated with India on surveillance program in the country that have raised concerns about privacy and right of citizens, Foundation for Media Professionals (FMP) in partnership with Friedrich Ebert Stiftung (FES) invited Pranesh Prakash to a panel discussion on "Surveillance: Privacy vs. Security".

Guest Speaker
Kapil Sibal, Union Minister for Communications and Information Technology, Govt. of India

Panelists

Pranesh Prakash, Policy Director, Centre for Internet and Society

Dr. Usha Ramanathan, Independent Law Researcher
Saikat Datta, Resident Editor, DNA
Capt. Raghu Raman, National Intelligence Grid (Natgrid)

Moderator

Paranjoy Guha Thakurta

For more details visit https://cis-india.org/news/foundation-for-media-professionals-august-17-2013-surveillance-privacy-v-security

Learn to Protect your Online Activities!

bernadette — 2013-08-13T13:55:20Z

The Centre for Internet and Society cordially invites you to a CryptoParty!

"Governments around the world, are greatly increasing their surveillance of the Internet. Alongside a loss of the private sphere, this also represents a clear danger to basic civil liberties. The good news is that we already have the solution: encrypting communications makes it very hard, if not entirely impossible, for others to eavesdrop on our conversations. The bad news is that crypto is largely ignored by the general public, partly because they don't know about it, and partly because even if they do, it seems too much trouble to implement." (Source)

So lets go and have a party, and teach each other how to crypto!

Everyone is invited! Especially do not hesitate to join if you are not using any crypto at all (yet!)

For more details visit https://cis-india.org/internet-governance/cryptoparty-bangalore

FinFisher in India and the Myth of Harmless Metadata

maria — 2013-08-13T11:30:15Z

In this article, Maria Xynou argues that metadata is anything but harmless, especially since FinFisher — one of the world's most controversial types of spyware — uses metadata to target individuals.

In light of PRISM, the Central Monitoring System (CMS) and other such surveillance projects in India and around the world, the question of whether the collection of metadata is “harmless” has arisen.[1] In order to examine this question, FinFisher[2] — surveillance spyware — has been chosen as a case study to briefly examine to what extent the collection and surveillance of metadata can potentially violate the right to privacy and other human rights. FinFisher has been selected as a case study not only because its servers have been recently found in India[3] but also because its “remote monitoring solutions” appear to be very pervasive even on the mere grounds of metadata.

FinFisher in India

FinFisher is spyware which has the ability to take control of target computers and capture even encrypted data and communications. The software is designed to evade detection by anti-virus software and has versions which work on mobile phones of all major brands.[4] In many cases, the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[5] Citizen Lab researchers have found three samples of FinSpy that masquerades as Firefox.[6]

FinFisher is a line of remote intrusion and surveillance software developed by Munich-based Gamma International. FinFisher products are sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group.[7] A few months ago, it was reported that command and control servers for FinSpy backdoors, part of Gamma International´s FinFisher “remote monitoring solutions”, were found in a total of 25 countries, including India.[8]

The following map, published by the Citizen Lab, shows the 25 countries in which FinFisher servers have been found.[9]


The above map shows the results of scanning for characteristics of FinFisher command and control servers.

FinFisher spyware was not found in the countries coloured blue, while the colour green is used for countries not responding. The countries using FinFisher range from shades of orange to shades of red, with the lightest shade of orange ranging to the darkest shade of red on a scale of 1-6, and with 1 representing the least active servers and 6 representing the most active servers in regards to the use of FinFisher. On a scale of 1-6, India is marked a 3 in terms of actively using FinFisher.[10]

Research published by the Citizen Lab reveals that FinSpy servers were recently found in India, which indicates that Indian law enforcement agencies may have bought this spyware from Gamma Group and might be using it to target individuals in India.[11] According to the Citizen Lab, FinSpy servers in India have been detected through the HostGator operator and the first digits of the IP address are: 119.18.xxx.xxx. Releasing complete IP addresses in the past has not proven useful, as the servers are quickly shut down and relocated, which is why only the first two octets of the IP address are revealed.[12]

The Citizen Lab's research reveals that FinFisher “remote monitoring solutions” were found in India, which, according to Gamma Group's brochures, include the following:

FinSpy: hardware or software which monitors targets that regularly change location, use encrypted and anonymous communications channels and reside in foreign countries. FinSpy can remotely monitor computers and encrypted communications, regardless of where in the world the target is based. FinSpy is capable of bypassing 40 regularly tested antivirus systems, of monitoring the calls, chats, file transfers, videos and contact lists on Skype, of conducting live surveillance through a webcam and microphone, of silently extracting files from a hard disk, and of conducting a live remote forensics on target systems. FinSpy is hidden from the public through anonymous proxies.[13]

FinSpy Mobile: hardware or software which remotely monitors mobile phones. FinSpy Mobile enables the interception of mobile communications in areas without a network, and offers access to encrypted communications, as well as to data stored on the devices that is not transmitted. Some key features of FinSpy Mobile include the recording of common communications like voice calls, SMS/MMS and emails, the live surveillance through silent calls, the download of files, the country tracing of targets and the full recording of all BlackBerry Messenger communications. FinSpy Mobile is hidden from the public through anonymous proxies.[14]

FinFly USB: hardware which is inserted into a computer and which can automatically install the configured software with little or no user-interaction and does not require IT-trained agents when being used in operations. The FinFly USB can be used against multiple systems before being returned to the headquarters and its functionality can be concealed by placing regular files like music, video and office documents on the device. As the hardware is a common, non-suspicious USB device, it can also be used to infect a target system even if it is switched off.[15]

FinFly LAN: software which can deploy a remote monitoring solution on a target system in a local area network (LAN). Some of the major challenges law enforcement faces are mobile targets, as well as targets who do not open any infected files that have been sent via email to their accounts. FinFly LAN is not only able to deploy a remote monitoring solution on a target´s system in local area networks, but it is also able to infect files that are downloaded by the target, by sending fake software updates for popular software or to infect the target by injecting the payload into visited websites. Some key features of the FinFly LAN include: discovering all computer systems connected to LANs, working in both wired and wireless networks, and remotely installing monitoring solutions through websites visited by the target. FinFly LAN has been used in public hotspots, such as coffee shops, and in the hotels of targets.[16]

FinFly Web: software which can deploy remote monitoring solutions on a target system through websites. FinFly Web is designed to provide remote and covert infection of a target system by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface, enabling the agent to easily create a custom infection code according to selected modules. It provides fully-customizable web modules, it can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.[17]

FinFly ISP: hardware or software which deploys a remote monitoring solution on a target system through an ISP network. FinFly ISP can be installed inside the Internet Service Provider Network, it can handle all common protocols and it can select targets based on their IP address or Radius Logon Name. Furthermore, it can hide remote monitoring solutions in downloads by targets, it can inject remote monitoring solutions as software updates and it can remotely install monitoring solutions through websites visited by the target.[18]

Although FinFisher is supposed to be used for “lawful interception”, it has gained notoriety for targeting human rights activists.[19] According to Morgan Marquis-Boire, a security researcher and technical advisor at the Munk School and a security engineer at Google, FinSpy has been used in Ethiopia to target an opposition group called Ginbot.[20] Researchers have argued that FinFisher has been sold to Bahrain's government to target activists, and such allegations were based on an examination of malicious software which was emailed to Bahraini activists.[21] Privacy International has argued that FinFisher has been deployed in Turkmenistan, possibly to target activists and political dissidents.[22]

Many questions revolving around the use of FinFisher and its “remote monitoring solutions” remain vague, as there is currently inadquate proof of whether this spyware is being used to target individuals by law enforcement agencies in the countries where command and control servers have been found, such as India.[23] However, FinFisher's brochures which were circulated in the ISS world trade shows and leaked by WikiLeaks do reveal some confirmed facts: Gamma International claims that its FinFisher products are capable of taking control of target computers, of capturing encrypted data and of evading mainstream anti-virus software.[24] Such products are exhibited in the world's largest surveillance trade show and probably sold to law enforcement agencies around the world.[25] This alone unveils a concerning fact: spyware which is so sofisticated that it even evades encryption and anti-virus software is currently in the market and law enforcement agencies can potentially use it to target activists and anyone who does not comply with social conventions.[26] A few months ago, two Indian women were arrested after having questioned the shutdown of Mumbai for Shiv Sena patriarch Bal Thackeray's funeral.[27] Thus, it remains unclear what type of behaviour is targeted by law enforcement agencies and whether spyware, such as FinFisher, would be used in India to track individuals without a legally specified purpose.

Furthermore, India lacks privacy legislation which could safeguard individuals from potential abuse, while sections 66A and 69 of the Information Technology (Amendment) Act, 2008, empower Indian authorities with extensive surveillance capabilites.[28] While it remains unclear if Indian law enforcement agencies are using FinFisher spy products to unlawfully target individuals, it is a fact that FinFisher control and command servers have been found in India and that, if used, they could potentially have severe consequences on individuals' right to privacy and other human rights.[29]

The Myth of Harmless Metadata

Over the last months, it has been reported that the Central Monitoring System (CMS) is being implemented in India, through which all telecommunications and Internet communications in the country are being centrally intercepted by Indian authorities. This mass surveillance of communications in India is enabled by the omission of privacy legislation and Indian authorities are currently capturing the metadata of communications.[30]

Last month, Edward Snowden leaked confidential U.S documents on PRISM, the top-secret National Security Agency (NSA) surveillance programme that collects metadata through telecommunications and Intenet communications. It has been reported that through PRISM, the NSA has tapped into the servers of nine leading Internet companies: Microsoft, Google, Yahoo, Skype, Facebook, YouTube, PalTalk, AOL and Apple.[31] While the extent to which the NSA is actually tapping into these servers remains unclear, it is certain that the NSA has collected metadata on a global level.[32] Yet, the question of whether the collection of metadata is “harmful” remains ambiguous.

According to the National Information Standards Organization (NISO), the term “metadata” is defined as “structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource”. NISO claims that metadata is “data about data” or “information about information”.[33] Furthermore, metadata is considered valuable due to its following functions:

Resource discovery
Organizing electronic resources
Interoperability
Digital Identification
Archiving and preservation

Metadata can be used to find resources by relevant criteria, to identify resources, to bring similar resources together, to distinguish dissimilar resources and to give location information. Electronic resources can be organized through the use of various software tools which can automatically extract and reformat information for Web applications. Interoperability is promoted through metadata, as describing a resource with metadata allows it to be understood by both humans and machines, which means that data can automatically be processed more effectively. Digital identification is enabled through metadata, as most metadata schemes include standard numbers for unique identification. Moreover, metadata enables the archival and preservation of large volumes of digital data.[34]

Surveillance projects, such as PRISM and India's CMS, collect large volumes of metadata, which include the numbers of both parties on a call, location data, call duration, unique identifiers, the International Mobile Subscriber Identity (IMSI) number, email addresses, IP addresses and browsed webpages.[35] However, the fact that such surveillance projects may not have access to content data might potentially create a false sense of security.[36] When Microsoft released its report on data requests by law enforcement agencies around the world in March 2013, it revealed that most of the disclosed data was metadata, while relatively very little content data was allegedly disclosed.[37]

imilarily, Google's transparency report reveals that the company disclosed large volumes of metadata to law enforcement agencies, while restricting its disclosure of content data.[38]

Such reports may potentially provide a sense of security to the public, as they reassure that the content of personal emails, for example, has not been shared with the government, but merely email addresses – which might be publicly available online anyway. However, is content data actually more “harmful” than metadata? Is metadata “harmless”? How much data does metadata actually reveal?

The Guardian recently published an article which includes an example of how individuals can be tracked through their metadata. In particular, the example explains how an individual is tracked – despite using an anonymous email account – by logging in from various hotels' public Wi-Fi and by leaving trails of metadata that include times and locations. This example illustrates how an individual can be tracked through metadata alone, even when anonymous accounts are being used.[39]

Wired published an article which states that metadata can potentially be more harmful than content data because “unlike our words, metadata doesn't lie”. In particular, content data shows what an individual says – which may be true or false – whereas metadata includes what an individual does. While the validity of the content within an email may potentially be debateable, it is undeniable that an individual logged into specific websites – if that is what that individuals' IP address shows. Metadata, such as the browsing habits of an individual, may potentially provide a more thorough and accurate profile of an individual than that individuals' email content, which is why metadata can potentially be more harmful than content data.[40]

Furthermore, voice content is hard to process and written content in an email or chat communication may not always be valid. Metadata, on the other hand, provides concrete patterns of an individuals' behaviour, interests and interactions. For example, metadata can potentially map out an individuals' political affiliation, interests, economic background, institution, location, habits and the people that individual interacts with. Such data can potentially be more valuable than content data, because while the validity of email content is debateable, metadata usually provides undeniable facts. Not only is metadata more accurate than content data, but it is also ideally suited to automated analysis by a computer. As most metadata includes numeric figures, it can easily be analysed by data mining software, whereas content data is more complicated.[41]

FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, provide solid proof that the collection of metadata can potentially be “harmful”. In particular, FinFly LAN can be deployed in a target system in a local area network (LAN) by infecting files that are downloaded by the target, by sending fake software updates for popular software or by infecting the payload into visited websites. The fact that FinFly LAN can remotely install monitoring solutions through websites visited by the target indicates that metadata alone can be used to acquire other sensitive data.[42]

FinFly Web can deploy remote monitoring solutions on a target system through websites. Additionally, FinFly Web can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.[43] FinFly ISP can select targets based on their IP address or Radius Logon Name. Furthermore, FinFly ISP can remotely install monitoring solutions through websites visited by the target, as well as inject remote monitoring solutions as software updates.[44] In other words, FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, can target individuals, take control of their computers and their data, and capture even encrypted data and communications with the help of metadata alone.

The example of FinFisher products illustrates that metadata can potentially be as “harmful” as content data, if acquired unlawfully and without individual consent.[45] Thus, surveillance schemes, such as PRISM and India's CMS, which capture metadata without individuals' consent can potentially pose a major threat to the right to privacy and other human rights.[46] Privacy can be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others.[47] Furthermore, privacy is at the core of human rights because it protects individuals from abuse by those in power.[48] The unlawful collection of metadata exposes individuals to the potential violation of their human rights, as it is not transparent who has access to their data, whether it is being shared with third parties or for how long it is being retained.

It is not clear if Indian law enforcement agencies are actually using FinFisher products, but the Citizen Lab did find FinFisher command and control servers in the country which indicates that there is a high probability that such spyware is being used.[49] This probability is highly concerning not only because the specific spy products have such advanced capabilities that they are even capable of capturing encrypted data, but also because India currently lacks privacy legislation which could safeguard individuals.

Thus, it is recommended that Indian law enforcement agencies are transparent and accountable if they are using spyware which can potentially breach their citizens' human rights and that privacy legislation is enacted into law. Lastly, it is recommended that all surveillance technologies are strictly regulated with regards to the protection of human rights and that Indian authorities adopt the principles on communication surveillance formulated by the Electronic Frontier Foundation and Privacy International.[50] The above could provide a decisive first step in ensuring that India is the democracy it claims to be.

[1]. Robert Anderson (2013), “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, http://bit.ly/1cIhu7G

[2]. Gamma Group, FinFisher IT Intrusion, http://bit.ly/fnkGF3

[3]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[4]. Michael Lewis, “FinFisher Surveillance Spyware Spreads to Smartphones”, The Star: Business, 30 August 2012, http://bit.ly/14sF2IQ

[5]. Marcel Rosenbach, “Troublesome Trojans: Firm Sought to Install Spyware Via Faked iTunes Updates”, Der Spiegel, 22 November 2011, http://bit.ly/14sETVV

[6]. Intercept Review, Mozilla to Gamma: stop disguising your FinSpy as Firefox, 02 May 2013, http://bit.ly/131aakT

[7]. Intercept Review, LI Companies Review (3) – Gamma, 05 April 2012, http://bit.ly/Hof9CL

[8]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[9]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[10]. Ibid.

[11]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[12]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[13]. Gamma Group, FinFisher IT Intrusion, FinSpy: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/zaknq5

[14]. Gamma Group, FinFisher IT Intrusion, FinSpy Mobile: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/19pPObx

[15]. Gamma Group, FinFisher IT Intrusion, FinFly USB: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/1cJSu4h

[16]. Gamma Group, FinFisher IT Intrusion, FinFly LAN: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/14J70Hi

[17]. Gamma Group, FinFisher IT Intrusion, FinFly Web: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/19fn9m0

[18]. Gamma Group, FinFisher IT Intrusion, FinFly ISP: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/13gMblF

[19]. Gerry Smith, “FinSpy Software Used To Surveil Activists Around The World, Reports Says”, The Huffington Post, 13 March 2013, http://huff.to/YmmhXI

[20]. Jeremy Kirk, “FinFisher Spyware seen Targeting Victims in Vietnam, Ethiopia”, Computerworld: IDG News, 14 March 2013, http://bit.ly/14J8BwW

[21]. Reporters without Borders: For Freedom of Information (2012), The Enemies of the Internet: Special Edition: Surveillance, http://bit.ly/10FoTnq

[22]. Privacy International, FinFisher Report, http://bit.ly/QlxYL0

[23]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[24]. Gamma Group, FinFisher IT Intrusion, FinSpy: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/zaknq5

[25]. Adi Robertson, “Paranoia Thrives at the ISS World Cybersurveillance Trade Show”, The Verge, 28 December 2011, http://bit.ly/tZvFhw

[26]. Gerry Smith, “FinSpy Software Used To Surveil Activists Around The World, Reports Says”, The Huffington Post, 13 March 2013, http://huff.to/YmmhXI

[27]. BBC News, “India arrests over Facebook post criticising Mumbai shutdown”, 19 November 2012, http://bbc.in/WoSXkA

[28]. Indian Ministry of Law, Justice and Company Affairs, The Information Technology (Amendment) Act, 2008, http://bit.ly/19pOO7t

[29]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[30]. Phil Muncaster, “India introduces Central Monitoring System”, The Register, 08 May 2013, http://bit.ly/ZOvxpP

[31]. Glenn Greenwald & Ewen MacAskill, “NSA PRISM program taps in to user data of Apple, Google and others”, The Guardian, 07 June 2013, http://bit.ly/1baaUGj

[32]. BBC News, “Google, Facebook and Microsoft seek data request transparency”, 12 June 2013, http://bbc.in/14UZCCm

[33]. National Information Standards Organization (2004), Understanding Metadata, NISO Press, http://bit.ly/LCSbZ

[34]. Ibid.

[35]. The Hindu, “In the dark about 'India's PRISM'”, 16 June 2013, http://bit.ly/1bJCXg3 ; Glenn Greenwald, “NSA collecting phone records of millions of Verizon customers daily”, The Guardian, 06 June 2013, http://bit.ly/16L89yo

[36]. Robert Anderson, “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, 01 July 2013, http://bit.ly/1cIhu7G

[37]. Microsoft: Corporate Citizenship, 2012 Law Enforcement Requests Report,http://bit.ly/Xs2y6D

[38]. Google, Transparency Report, http://bit.ly/14J7hKp

[39]. Guardian US Interactive Team, A Guardian Guide to your Metadata, The Guardian, 12 June 2013, http://bit.ly/ZJLkpy

[40]. Matt Blaze, “Phew, NSA is Just Collecting Metadata. (You Should Still Worry)”, Wired, 19 June 2013, http://bit.ly/1bVyTJF

[41]. Ibid.

[42]. Gamma Group, FinFisher IT Intrusion, FinFly LAN: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/14J70Hi

[43]. Gamma Group, FinFisher IT Intrusion, FinFly Web: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/19fn9m0

[44]. Gamma Group, FinFisher IT Intrusion, FinFly ISP: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/13gMblF

[45]. Robert Anderson, “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, 01 July 2013, http://bit.ly/1cIhu7G

[46]. Shalini Singh, “India's surveillance project may be as lethal as PRISM”, The Hindu, 21 June 2013, http://bit.ly/15oa05N

[47]. Cyberspace Law and Policy Centre, Privacy, http://bit.ly/14J5u7W

[48]. Bruce Schneier, “Privacy and Power”, Schneier on Security, 11 March 2008, http://bit.ly/i2I6Ez

[49]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[50]. Elonnai Hickok, “Draft International Principles on Communications Surveillance and Human Rights”, The Centre for Internet and Society, 16 January 2013, http://bit.ly/XCsk9b

For more details visit https://cis-india.org/internet-governance/blog/fin-fisher-in-india-and-myth-of-harmless-metadata

Beyond Property Rights: Thinking About Moral Definitions of Openness

praskrishna — 2013-08-07T09:43:35Z

It is hard for Westerners to realize just how much we take for granted about intellectual property, and in particular, how much the property owner’s perspective--be it a corporation, government or creative artist--is embedded in our view of the world as the natural order of things.

This blog post by David Eaves was published in TECH President on August 6, 2013. Sunil Abraham is quoted.

While sharing and copying technologies are disrupting some of the ways we understanding “content,” when you visit a non-Western country like India, the spectrum of choices become broader. There is less timidity wrestling with questions like: should poor farmers pay inflated prices for patented genetically-engineered seeds? How long should patents be given for life-saving medicines that cost more than many make in a year? Should Indian universities spend millions on academic journals and articles? In the United States or other rich countries we may weigh both sides of these questions--the rights of the owner vs. the moral rights of the user--but there’s no question people elsewhere, such as in India, weigh them different given the questions of life and death or of poverty and development.

Consequently, conversations about open knowledge outside the supposedly settled lands of the “rich” often stretch beyond permission-based “fair use” and “creative commons” approaches. There is a desire to explore potential moral rights to use “content” in addition to just property rights that may be granted under statutes.

A couple of months ago I sat down in Bangalore with Sunil Abraham, the founder and executive director of the Center for Internet & Society (CIS) there, to talk about the center, and his views on the role of technology and openness in politics and society. One part of our conversation led to this WeGov column on “I Paid a Bribe” and the challenge of fighting corruption in India using technology. Here I want to reflect further on how Sunil and his counterparts may be radically challenging how we should think about open information more generally.

As we talked, Sunil outlined how people and organizations were using “open” methodologies to advance social movements or create counter power. To explain his view he sketched out the following “map” of IP rights and freedoms to show people use and view the different “permissions” (some legal, some illegal).

As a high-level overview this map offers a general list of the tools at the disposal of citizens interested in playing with intellectual property, particularly as they pursue social justice issues.

At the top of the chart are the various forms of “permissions” that a property owner may (or may not) grant you. Thus at the far left sits the most restrictive IP regime and, as you move right, the user gets more and more freedoms (or, if you take the perspective of property owners, property loses more and more of its formal legal protections and a different notion, of “moral rights,” arises).

The second row divides the permissions and the actors along what Sunil believes is one of the most important permissions - the requirement to attribute (or the freedom not to).

Finally, at the bottom, I’ve placed various actors along the spectrum to both show where they might be positioned in the access debate and/or how they use these tools to advance their aims. Thus someone like Lawrence Lessig, the intellectual father of Creative Commons, might support many uses of information as long as the owner gives permission; whereas groups like the Pirate Party or the Yes Men edge further out into uses that may not appear legitimate to a property owner.

Particularly interesting is Sunil’s decision to include non-legal “permissions” such as ignoring the property holders rights in his spectrum of openness. He sees this as the position of the Pirate Party, which he suggests advocates that people should have the right to do what they want with intellectual property even if they don’t have permission, with the exception, interestingly, of ignoring attribution.

He also includes two even more radical “permissions” – counterfeiting, that is claiming that you created the work – and false attribution – assigning your work to someone else! Sunil sees Anonymous as often using the former and the Yes Men as using the latter. “They (the Yes Men) are playing with the attribution layer,” he says, by conducting actions such as their fake DOW press release about the Bhopal disaster.

Pushing the identity envelope
To Sunil, the big dividing line is less about legal vs. illegal but around this issue of attribution. “This is the most exciting area because this (the non-attribution area) is where you escape surveillance,” he declares.

“All the modern day regulation over IP is trying to pin an individual against their actions and then trying to attach responsibility so as to prosecute them,” Sunil says. “All that is circumvented when you play with the attribution layer.”

This matters a great deal for individuals and organizations trying to create counter power – particularly against the state or large corporate interests. In this regard Sunil is actually linking the tools (or permissions) along the open spectrum to civil disobedience. Of course, such “permissions” are also used by states all the time, such as pretending that a covert action was the responsibility of someone else, or simply denying responsibility for some action.

This, in turn, has some interesting implications.

The first is, that it allows Sunil to weave together a number of groups that might not normally be seen as connected because he can map their strategies or tools against a common axis. Thus Lawrence Lessig, the Yes Man, companies and journalists can all be organized based on what “permissions” they believe are legitimate. For example, journalists and new publishers are often seen as fairly pro-copyright (it protects their work) but they are quite happy to ignore the proprietary rights of a government or corporate document and publish its contents, if they believe that action is in the public interest. Hence their position on the spectrum as “willing to ignore proprietary rights.” (Leave aside government arguments that publishing such documents is “stealing” when, at least in the US, they are technically already not subject to copyright.) However, a credible newspaper or journalist would never knowingly attribute a quote or document to a different person. Attribution remains sacred, even when legal proprietary rights are not.

It also tests the notions of who is actually an IP radical. As Sunil notes: “The more you move to the right the more radical you are. Because everywhere on the left you actually have to educate people about the law, which is currently unfair to the user, before you even introduce them to the alternatives. You aren’t even challenging the injustice in the law! On the right you are operating at a level that is liberated from identity and accountability. You are hacking identity.”

Sunil is thus justifying how the use of “illegal” permissions may actually be a form of civil disobedience that can be recognized as legitimate. This is something journalists confront regularly as well. Many are willing to publish “illegally” obtained leaked documents when they believe that may serve the public good. What is ethical is not always legal and so there position on this chart is more nuanced than one might initially suspect.

This is not to say that Sunil doesn’t believe in the effectiveness of legal approaches. For him this map represents a more complete range of choices an activist can choose from as they try to develop their strategy.

“So what you do, and the specific change you are trying to precipitate, you’ll have to determine what strategy you need. Sometimes working within the left hand group is sufficient. Having a non-derivative, non-commercial license to enable students to access academic works, in India, is good enough… But then, to do what the Yes Men did to DOW Chemicals? You have to be over on the right side.”

For more details visit https://cis-india.org/news/tech-president-august-6-2013-david-eaves-beyond-property-rights-thinking-about-moral-definitions-openness

Token disclosures?

praskrishna — 2013-08-07T09:30:39Z

Snowden’s Xkeyscore expose makes a mockery of Twitter’s transparency revelations.

The article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

This week, roughly around the same time, two ‘revelations’ made headlines in the world of technology. The first, the U.S. National Security Agency’s top secret web surveillance programme, codenamed Xkeyscore, another expose from the house of Edward Snowden & Co.; and second, microblogging site Twitter’s third biannual Transparency Report for the first half of 2013.

The former exposed a global surveillance net, cast far and wide to freely (no formal authorisation required) access and mine emails, chats and browsing histories of millions. The content of the latter report not only pales in comparison but also raises fundamental questions on just how much goes on beyond the arguably modest claims made on Twitter’s transparency charts.

Documents published by The Guardian have the NSA claiming that the “widest-reaching” system mining intelligence from the web had, over a month in 2012, retrieved and stored no less than 41 billion records on its Xkeyscore servers. These mind-boggling numbers make a mockery of Twitter’s few hundred access request disclosures, advocates of online privacy and freedom point out. Then, it is hardly surprising that a large chunk of global requests came from the U.S. government: no less than 902 of the total 1,157 requests, accounting for 78 per cent. A far second is Japan at 8 per cent followed by the U.K.

India References

Interestingly, both Twitter’s report and the NSA’s Xkeyscore document have India references. While a map titled 'Where is Xkeyscore' in the training manual released showing India as one of 150 sites (hosting a total of 700 servers) indicates that India's very much on the global surveillance radar of the United States government; the fact that the India is a new entrant on Twitter's ‘Country Withheld Content Tool’ means that the government here is also making active interventions in microblogging content. This is very much in line with stances the Indian government has taken over the last year, swinging indecisively between asking internet firms to pre-screen content and asking service providers to take down what it finds offensive.

India, A Bit-Player

The Twitter report states that over the last six months it has seen an increase in the number of requests received (and eventual withholding of content) in five new countries: India, Brazil, Japan, Netherlands and Russia. In terms of numbers, India is still very much a bit player in the game given it falls under the ‘less than 10 category, a list where the number of requests for user information made by the government during this period is fewer than 10. It appears from the report that Twitter did not honour any of these requests, indicating that either the requests were too broad or failed to identify individual accounts.

In the same period, Twitter received two requests from India to remove content, one from the “government/law enforcement agency” and the other through a court order. In all, three tweets were removed by Twitter. No details on the nature of content removed were available.

Transparency Trends

A late entrant to transparency initiatives, Twitter's bi-annual reports have been applauded by privacy activists as an initiative that at least attempted to offer a glimpse into the otherwise opaque medium/industry. According to 'Who Has Your Back' an initiative by the Electronic Frontier Foundation, which tracks which corporate helps protect your data from the government, only a third of the 18 internet majors publish Transparency Reports – in fact, Facebook, WordPress and Tumblr all don't publish.

This article by Deepa Kurup was published in the Hindu on August 4, 2013. Sunil Abraham is quoted.

While it's definitely good that Twitter's providing data for India, post-Edward Snowden and his revealing PRISM leaks, netizens would question to what extent this data is representative of the magnitude or extent of user data tracking. Do governments like the U.S. need to approach Twitter (or other internet service providers) at all to access detailed user activity logs, content and metadata?

Secret Orders Excluded

Twitter makes it clear that its current report does not include "secret orders" or FISA disclosures. In another blog related to the Transparency Report, Jeremy Kessel, Manager, Legal Policy at Twitter Inc, writes that since 2012, Twitter's seen an uptick in requests to withhold content from two to seven countries. He writes that while Twitter wants to publish “numbers of national security requests – including FISA (Foreign Intelligence Surveillance Act) disclosures – separately from non-secret requests.” It claims it has “insisted” that the United States government allow for increased transparency into “secret orders”. “We believe it’s important to be able to publish numbers of national security requests – including FISA disclosures – separately from non-secret requests." Unfortunately, we are still not able to include such metrics, Twitter states.

'Not the Whole Truth'

In the absence of these metrics, Sunil Abraham, director of Centre for Internet and Society, feels transparency reports “may not tell us the whole truth”. The Xkeyscore revelations then may explain why the U.S. government has made only 902 information requests. “A rogramme like XKeyScore potentially allows them to capture the very same data without having to approach Twitter. This is the very same imperative behind the CMS project in India. Governments across the world want to automate private sector involvement in blanket surveillance measures so that it wont serve as a check on their unbridled appetite for data”

He warns that there's a likely “race to the bottom”, given that an unintended consequence of transparency may be that governments, rather than being shamed into respect for free speech and privacy, would be emboldened by the scale of surveillance and censorship in the so-called democracies such as the US and EU members that are on top of the global blanket surveillance game.

For more details visit https://cis-india.org/news/the-hindu-august-4-2013-deepa-kurup-token-disclosures

Crypto Night

praskrishna — 2013-08-06T06:04:05Z

Challenging government snooping at an all-night cryptography party.

This article by Rahul M was published in the Caravan on August 1, 2013. Pranesh Prakash and Bernadette Langle are quoted.

Satyakam Goswami sat in a conference hall in the Institute of Informatics & Communication in Delhi University's South Campus, furiously typing code into his laptop. He typed the string “/var/log/tor#”, into a Linux terminal, then turned to me and said, “I am one step away, man.” It was around midnight on a muggy July Saturday, and Goswami had been here for six hours. He resumed typing—and cursing under his breath in Telugu as he realised that the online instructions he was following weren’t helping.

Around him, the room bustled with the activity of around 25 other people, all participants at a Cryptoparty, a cryptography event at which programmers and non-programmers meet to share information and expertise on tools that can help thwart government spying.

Goswami was one of the organisers of the event, which was led by Bernadette Längle, a German ‘hacktivist’ who is a member of the Chaos Computer Club (CCC), Europe’s largest association of hackers. Längle was one of the organisers of the CCC’s Chaos Communication Congress in 2012, an international hackers’ meet held in Hamburg that year. While processing participant applications for the Congress, she came across a group that wanted to organise what they called a “Cryptoparty” at the meet. “I thought Cryptoparty would be a bunch of guys coming together, learning crypto and having a party,” she told me. Only at the event did she realise that Cryptoparties are rather more political affairs, at which participants experiment with ways of combating governmental intrusions into privacy and freedom.

After she graduated, Längle decided she wanted to travel. “I hadn’t been to America or Asia, and I don’t think I want to enter America,” she said. “I thought India might be a good point to start.” While she was exploring her options, she met Goswami online. “I first met Bernadette on an IRC channel, ‘hasgeek’, where she expressed her interest to come to India,” Goswami said. “I suggested that she write a proposal to CIS [the Centre for Internet and Society, in Bangalore].” Längle applied, and was accepted to work with the organisation for six months.

When Längle was teaching a one-week course on email cryptography at a CIS event, a participant suggested to her that she organise a Cryptoparty in the city. “I thought I was travelling anyway, and I can make a Cryptoparty everywhere I go,” Längle said. This led to the Bangalore Cryptoparty on 30 June, followed by the Delhi edition on 6 July. Längle then held a Cryptoparty in Dharamsala in the second week of July, and plans to hold another in Mumbai in October. At each of these, she gave tutorials on specific aspects of cryptography, such as the Pretty Good Privacy (PGP) encryption and decryption program, which Edward Snowden used to communicate with The Guardian’s Glenn Greenwald during their now-famous collaboration. Participants would then experiment with these tools, sending emails and messages to each other using secure channels. The Delhi edition, which saw around 70 participants, continued late into the night, with the last exhausted stragglers shutting off their gadgets and heading home at 4 am.

I met Längle again the day after the Delhi event; with her was Pranesh Prakash, policy director at CIS, who is a commentator on issues related to surveillance and privacy. Both agreed that the Indian government’s Central Monitoring System programme, as well as Edward Snowden’s recent leaks, had resulted in a greater interest in cryptography in the country in recent months. “Without the PRISM stuff, there wouldn’t have been so many people attending,” Längle said. “People are concerned about that.” Prakash believes that the NSA leaks have served as a loud wake-up call about a longstanding state of affairs. “It’s this I-told-you-so moment for lots of people right now,” he said. “This isn’t the first time there have been revelations about the NSA spying beyond their authority. These revelations have been happening at least since 2006.”

For more details visit https://cis-india.org/news/caravan-magazine-august-1-2013-rahul-m-crypto-night

Theorizing the Digital Subaltern

sara — 2013-08-06T07:20:41Z

As digital humanities research at CIS proceeds, a number of critical positions have arisen, making it possible to reconcile questions of humanities with the digital realm. This blog entry focusses on race as a factor of research and how it is displayed in the digital.

Digital humanities has been criticized for a lack of content when compared with research in the traditional field of humanities. While humanities work deals mostly with subalternity, politics and what it means to be human, it has been established that a lot of digital humanities work revolves mainly around questions of providing access. Access is a good thing and focussing on it can be helpful. Nonetheless, as has been stated by Nishant Shah, simply providing access only works in an ideal world, where all have the gadgets and knowledges of making use of the research made available through digitalization (Shah: 2012). The internet is not the discrimination-free, post-gendered space that cyber-enthusiasts hoped for it to be. As a matter of fact, as Lisa Nakamura describes, the internet is a space of racial and gendered re-embodiement (Nakamura: 2007). Her argument is that in relation to the advancing biotechnologies, ubiquitous surveillance and pre-emptive profiling, 'racio-visual logic' is reconfiguring the body online (ibid.). Even if there is actually visibility of marginalized groups online, it is not always something that actually results in fruitful engagement with the paradigms of racial discrimination. This means that social inequalities and racial discrimination marginalizing people offline are reproduced online. Nakamura exemplifies this in an example by investigating the website alllooksame.com, where users are encouraged to participate in racial profiling by labeling pictures of Asians to be Korean, Chinese or Japanese. A majority of users falsely label the faces, which shows how the social construction of race can wrongly be mainstreamed to accommodate visual perceptions of eastern stereotypes. In this case, as the obviously problematic title of the website already suggests, simply making spaces for perceived minorities is more harmful than good. Nakamura also exemplifies how race is otherwise fetishized online, for example in video games like Grand Theft Auto, portraying non-white protagonists as thugs, or even all-time favorites like Street Fighter or Tekken, appealing to the western image of Asians as martial arts superpowers.

Therefore, the question of the quality of that access and visibility concerning subaltern groups should be vitally important to work in the digital humanities, more than the mere quantity of knowledges available. As Moore-Gilbert explains in his work on digital subalternity (Moore-Gilbert: 2000), it is not mainly access and digitalization, which will be equalizing factors in the digital age. The subaltern is a concept by Antonio Gramsci, which tries to describe the marginalized groups of people that do not have access to hegemonic spaces in society. Gayatri Spivak adds to that concept by saying that not only do the subaltern not have access to hegemonic power structures, also this denial of access makes it impossible for the subaltern to express their own knowledges, as they need to adopt Western ways of knowing to be heard. A subaltern's own cultural knowledges are therefore omitted from the discourse and a subaltern can never truly express oneself (Spivak: 1988).

Summarizing subalternity as the oppressed and dispossessed, Mike Kent (2008) defines a new digital divide, which is opening between people with access to the internet and abilities to operate a computer, and people to whom, for some reason, that description does not apply. These people may simply not own or have access to computers on a regular basis (or at all), but also may be excluded from a digital discourse, because they have been marginalized in that discourse from its analog beginnings. One of the examples was shortly addressed in one of the digital humanities blogposts, where it was explained that many people in India seem to believe that the digital is naturally for the english-speaking world and not available in local languages. These are therefore excluded in the building of gadgets and internet infrastructure, leading users to believe that the internet is a hegemonic space with male, white, western, or at the very least english-speaking dominance. Therefore local Indian languages are marginalized and the digital becomes a realm, which marginalizes non-hegemonic culture and people with different language priorities have difficulties finding their way into. The problem with subalternity is that these people are not visibly excluded, and might not even be aware of their exclusion (Kent: 2008). Providing Indian language Wikipedia, for example, is part of the solution, but definitely not all of it. When doing digital humanities work, archiving or creating access through digitalization, the digital divide grows and does so even more, as it is not, and cannot be addressed in such a way that the people being marginalized are put into a position of realizing the disproportion of knowledge access.

So merely providing information online will not result in the diminishment of the priorly addressed knowledge gap. Even when addressing this gap, it happens in terms of academics, intellectuals and people with online access speaking on behalf of people who do not have access to the discursive space in which these gaps are discussed. The experiences of the subaltern are only addressed from the outside and without their presence. This summarizes subalternity under one large, obscure category, ignoring that the subaltern might need to be addressed individually, according to race, class, gender, etc., to be able to gain the knowledges needed to participate in the discourse evolving around questions of digital humanities. Is it therefore substantive to include subaltern positions into digital discourses, even if this means speaking on behalf of certain positions at first to raise awareness. However, the awareness of speaking for someone else should also exist within the discourse and if there is any way of including subaltern positions directly, they should do so.

Within the work field of digital humanities, many projects are discussing the infrastructure and ways of dealing with online knowledges. The project Digital Humanities Q&A (http://digitalhumanities.org/answers/, or @DHanswers on twitter) offers a platform to ask questions regarding anything concerned with digital humanities. The community quickly tries to help the poster to overcome whatever difficulties s_he might be having in 'building'. And even questions of politics and ethics are discussed in the forum. This is an important infrastructure for discourse happening outside of classical academic forms and certainly retains authority through the amount of other work the researchers participating in the project are publishing online and off.

What seems to be missing, however, is the acknowledgement that the digital is not simply something apart from humanity, and is not something simply extractable and usable as a tool without affecting what it means to be human. Technology forms our very being from the first moment of creation in our mother's wombs. It is intrinsic to every life form in human society and even a complete lack of technology surrounding someone (if that is even possible), is technological in a sense that it is perceived as a lack thereof. This does not necessarily mean that all research work results to digital humanities, but it does point to the impossibility of leaving questions of the social, of race, of gender, aside when dealing with technological development.

To make an analytical example, the technologically focussed concept of the 'Internet-Geek' or the 'Hacker' gives an outlook on how questions of race are handled within a digital space. The terms hacker and geek are being used interchangeably, even though the concepts might differ. Not all geeks are hackers, however, they occupy the same space in the mainstream discourse and when speaking of an internet-geek it is often the assumption that they hack as well. While the term geek bore negative connotations for years, it seems to have shaken these with the rise of the digital realm marking the turn from 'geekism' to 'hacktivism', and with that, geekism as a new type of expertise. Geeks are no longer seen as friendless mavericks, who spend their time obsessing about one subject, which the mainstream culture seems to have little interest in or use for. Much more, the internet-geek is a political figure, which is often said to have the best survival skills in the digital age and is able to navigate through the digital realm like 'a fish takes to water'. The discourse around geek-ism focusses on the geek as an anti-intellectual figure, which overcomes classical academia, as “it's unnecessary to get a college degree in order to be a great coder” (Sanger 2011). However, debates around intellectualism are as old as the concept of the intellectual itself. Historically, the discourse on intellectualism has always been paired with antisemitism and the concept of the intellectual was first used as a derogative term to attack the left wing group defending the jewish captain Alfred Dreyfus in late 19^th century France. The captain was sentenced to life imprisonment for the wrongful accusations of having communicated french military secrets to the German embassy. His accusation and life sentence served the sustenance of French national values and enforced nationalism through the 'Othering'¹ of the jewish captain. Anti-intellectualism therefore historically springs from structural antisemitism and it is worth looking into how that concept has been employed in today's digital culture. Unfortunately, dwelling on the concept of the intellectual is not possible within the frame of this short exemplary analysis. The ambivalence of the concept should, however, not go by unnoticed. This polemic of the discourse is lost in the digital age and there seems to be little engagement with historical perceptions, which may lead to essentialists perceptions of knowledges.

In embracing the priorly addressed values of the internet, the figure of the geek is in most discourses portrayed as anarchic and dismissive of any form of singular authority, therefore undermining power-structures and hegemonic knowledges. While these discourses engage in questions of authority and freedom, it is difficult to find engagement with the categorial inequalities existent in the digital realm. The political engagement, which is supposed to be a key feature in the identity of the hacker, limits itself to questions of freedom of data and open-source. As has been described before, these technological concepts restrict themselves to data accessibility, but do not engage in questions of the quality of access to that data, or the quality of that data itself. The work of the geek or hacker is therefore not subversive per se. Rather, hackerism saw the freedom of internet usage as a right, not a privilege, thereby essentializing a 'survival of the fittest' mentality, which benefits and excuses aggressive behaviour and therefore alienating more sensitive positions. This usually results in re-justifying patriarchal structures and affirming the white, male, heterosexual norm.

Within the last couple of years geek feminism blogs and websites have been springing up on the web in an attempt to overcome the existing knowledge gaps, but the linguistic and theoretical reference seems always to be more along the lines of feminism in an online space and how much these discourses actually impact hetero-normative hackerspaces is questionable. Geek feminists therefore seldom perceive themselves to be part of the hacker-identity, but move in the realm of feminist theory, where intersectionality with other categories, such as race, has been established to be a key factor of analysis. In the hacker-realm, however, when referring to color, what is mostly being addressed is the ethical direction, in which the hacker is performing his*² task, as a short search-engine review of the topic implies. So the political questions the geek or hacker faces, evolve around cybersecurity, privacy and open spaces on the internet, but do not engage in what it means to be of a certain race, gender, etc. when writing code, hacking technologies, or processing knowledges online. This practice of obscuring categories of inequality does not make them any less effective, but, as has been shown above, enforce shallow and often fetishized depictions of online spaces and the users occupying them. This results in a naturalization of the white, male perspective and implies every other position to be an aberration. It is often implied that people of color simply don't want to participate, instead of seeing the possibility of the spaces not being inclusive and inviting enough. It has often been said that hackerspaces are alienating towards women, but the stereotypical depiction of any ethnic group influences the notion of the hacker to be of a certain class and race as well. While one might perceive that Asians occupy a great amount of online space, this does not necessarily mean fruitful engagement in a critical discourse around race in cyberspace.

So even if there is no direct racism in online spaces or within the notion of the hacker, the lack of theorizing race as a category which is still being seen as inferior leads to informal discrimination and reinforces a norm that marginalizes people of color. Research and the building of infrastructure follows these normative interests and marginalizes interests of groups that do not fit into the privileged categories. The notions of free internet usage implies a choice which is not always available, especially within marginalized communities. So it is necessary to engage with the questions of freedom, for whom they apply online, and where freedom and access stop being choices.

To reference Marshall McLuhan, the medium may not necessarily be the message, but it does inseparably intertwine itself, so that it is impossible to tell where medium stops and message begins. If we accept the premise that we are all cyborgs and digital technologies are inscribed in our bodies, a mere quantitative approach to these is not possible and believing technology to simply be a methodology, a means to end is not either. It is necessary to find a way to deal with the technological, the data and, in the end, the internet as a cultural phenomenon which forms our society just as other media does, but also creates reality in a more accurate and impacting way than any medium has done before.

Therefore when taking a turn towards visualizations and design, one should remember what it means to visualize and what is being left out in the process. Of course, articulating something is always a process of marginalizing something else, as it is simply impossible to include all positions. However, the necessity to clarify ones own position, vital in humanities, seems lost in the transition towards digital humanities. The necessity of critical digital humanities has been stressed in the past and a number of critical projects have arisen, a number of which are summarized on the design for digital inclusion homepage from the Washington University: https://depts.washington.edu/ddi/research.html. It is necessary to critically engage with concepts that occupy the digital space and this short analysis of the hacker may serve as a starting point for future research.

Annotations:

1'Othering' is a concept introduced by Edward Said, saying that the construction of a norm usually develops through the demarcation of what they are not. In this case, the french nationality was built upon a notion of anti-semitism and the concept of treason as the biggest offense to the nation state. The concept of 'othering' has also been employed by several other theorists and subaltern researchers, amongst them Gayatri Spivak. See Said: 1977, Spivak: 1985

2Unless explicitly feminist, most literature still addresses the hacker as a male figure. Although of course there are several female hackers, the concept is still connoted as a male identity. In following, this connotation will be applied, however the * indicates the critical engagement with the concept, mirroring the differential gap of power and authority according to the concept of hegemonic masculinity.

References:

Deleuze, G./Guattari, F. (1993): A Thousand Plateaus. Capitalism and Schizophrenia. Minnesota: U of Minnesota Press.

Gold, M.K. (2012): Debates in the Digital Humanities. Open Access Edition

Kuhn, T. S.(1996): The Structure of Scientific Revolutions, University of Chicago Press. 3^rd edition.

Kent, M. (2008): Digital Divide 2.0 and the Digital Subaltern. In: Nebula 5.4, 2008. Accessed July 26^th 2013:http://www.nobleworld.biz/images/Kent3.pdf

Moore-Gilbert, B. (2000): Spivak and Bhabha, In: Schwarz/Ray (ed.), A Companion to Postcolonial Studies. Oxford: Blackwell Publishers, 2000, p. 453.

Nakamura, L. (2008): Digitizing Race. Visual Cultures of the Internet. Minnesota: U of Minnesota Press.

Said, E. (1977): Orientalism. London: Penguin

Shah, N. (2012): The Digital Classroom in the Time of Wikipedia. Accessed July 26^th 2013: http://cis-india.org/raw/digital-humanities/blogs/digital-classroom/digital-classroom-in-time-of-wikipedia

Spivak, Gayatri Chakravorty. " Can the Subaltern Speak?" in Marxism and the Interpretation of Culture. Eds. Cary Nelson and Lawrence Grossberg. Urbana, IL: University of Illinois Press, 1988: 271-313.

Sterne, J. (2000): Computer Race goes to Class. How Computers in Schools Helped Shape the Racial Topography of the Internet. In: Kolko/Nakamura/Rodman (ed.): Race in Cyberspace. New York/London: Routledge. Accessed 29^th July 2013: http://sterneworks.org/ComputerRaceGoestoClass.pdf

For more details visit https://cis-india.org/raw/theorizing-the-digital-subaltern

The Phishing Society: Why 'Facebook' is more Dangerous than the Government Spying on You - A Talk by Maria Xynou

maria — 2013-09-27T09:16:19Z

Next Wednesday, you are all invited to listen to Maria Xynou's crazy - or not-so-crazy theory of the "Phishing Society", in which surveillance, control and oppression is not imposed in a traditional top-down manner, but rather a personal and collective "choice"...come and engage in a heated debate!

We have read and heard a lot of theories on the contemporary "Surveillance Society"...but how much of that is about surveillance per se? Are we being spied on a top-down manner...or are we enabling our own surveillance? Have the masses ever directly or indirectly "pursued" their own surveillance in the past...or are we witnessing a new phenomenon in history?

Most geeks would probably agree that the term "phishing" is used to describe the act of attempting to acquire sensitive information, such as usernames, passwords, private encryption keys and credit card details, by masquerading as a trustworthy entity. In other words, "phishing" is commonly used to describe the acquisition of sensitive, personal data through the use of bait.

The aim of the talk on Wednesday is to discuss the possible existence of a "Phishing Society", through which the act of providing bait — whether it being security, commodities, services or relationships — is a common, contemporary practice on a social, political and economic level in the pursuit of the "Gold of the Digital Age": personal data. Through this discussion, the "Government spying vs. Corporate spying" debate will be looked at, in an attempt to understand why the dynamics of surveillance have changed over the last year.

Everyone with an open mind is welcome to attend this talk and to share all opinions, ideas and concerns!

Video

For more details visit https://cis-india.org/internet-governance/events/the-phishing-society-a-talk-by-maria-xynou

More than a Hundred Global Groups Make a Principled Stand against Surveillance

elonnai — 2013-07-31T14:26:38Z

For some time now there has been a need to update understandings of existing human rights law to reflect modern surveillance technologies and techniques.

Nothing could demonstrate the urgency of this situation more than the recent revelations confirming the mass surveillance of innocent individuals around the world.

To move toward that goal, today we’re pleased to announce the formal launch of the International Principles on the Application of Human Rights to Communications Surveillance. The principles articulate what international human rights law – which binds every country across the globe – require of governments in the digital age. They speak to a growing global consensus that modern surveillance has gone too far and needs to be restrained. They also give benchmarks that people around the world can use to evaluate and push for changes in their own legal systems.

The product of over a year of consultation among civil society, privacy and technology experts, including the Centre for Internet and Society (read here, here, here and here), the principles have already been co-signed by over hundred organisations from around the world. The process was led by Privacy International, Access, and the Electronic Frontier Foundation. The process was led by Privacy International, Access, and the Electronic Frontier Foundation.

The release of the principles comes on the heels of a landmark report from the United Nations Special Rapporteur on the right to Freedom of Opinion and Expression, which details the widespread use of state surveillance of communications, stating that such surveillance severely undermines citizens’ ability to enjoy a private life, freely express themselves and enjoy their other fundamental human rights. And recently, the UN High Commissioner for Human Rights, Nivay Pillay, emphasised the importance of applying human right standards and democratic safeguards to surveillance and law enforcement activities.

"While concerns about national security and criminal activity may justify the exceptional and narrowly-tailored use of surveillance programmes, surveillance without adequate safeguards to protect the right to privacy actually risk impacting negatively on the enjoyment of human rights and fundamental freedoms," Pillay said.

The principles, summarised below, can be found in full at necessaryandproportionate.org. Over the next year and beyond, groups around the world will be using them to advocate for changes in how present laws are interpreted and how new laws are crafted.

We encourage privacy advocates, rights organisations, scholars from legal and academic communities, and other members of civil society to support the principles by adding their signature.

To sign, please send an email to rights@eff.org, or visit https://www.necessaryandproportionate.org/about

Summary of the 13 principles

Legality: Any limitation on the right to privacy must be prescribed by law.
Legitimate Aim: Laws should only permit communications surveillance by specified State authorities to achieve a legitimate aim that corresponds to a predominantly important legal interest that is necessary in a democratic society.
Necessity: Laws permitting communications surveillance by the State must limit surveillance to that which is strictly and demonstrably necessary to achieve a legitimate aim.
Adequacy: Any instance of communications surveillance authorised by law must be appropriate to fulfill the specific legitimate aim identified.
Proportionality: Decisions about communications surveillance must be made by weighing the benefit sought to be achieved against the harm that would be caused to users’ rights and to other competing interests.
Competent judicial authority: Determinations related to communications surveillance must be made by a competent judicial authority that is impartial and independent.
Due process: States must respect and guarantee individuals' human rights by ensuring that lawful procedures that govern any interference with human rights are properly enumerated in law, consistently practiced, and available to the general public.
User notification: Individuals should be notified of a decision authorising communications surveillance with enough time and information to enable them to appeal the decision, and should have access to the materials presented in support of the application for authorisation.
Transparency: States should be transparent about the use and scope of communications surveillance techniques and powers.
Public oversight: States should establish independent oversight mechanisms to ensure transparency and accountability of communications surveillance.
Integrity of communications and systems: States should not compel service providers, or hardware or software vendors to build surveillance or monitoring capabilities into their systems, or to collect or retain information.
Safeguards for international cooperation: Mutual Legal Assistance Treaties (MLATs) entered into by States should ensure that, where the laws of more than one State could apply to communications surveillance, the available standard with the higher level of protection for users should apply.
Safeguards against illegitimate access: States should enact legislation criminalising illegal communications surveillance by public and private actors.

For more details visit https://cis-india.org/internet-governance/blog/more-than-hundred-global-groups-make-principled-stand-against-surveillance

India's National Cyber Security Policy in Review

jon — 2013-07-31T10:40:22Z

Earlier this month, the Department of Electronics and Information Technology released India’s first National Cyber Security Policy. Years in the making, the Policy sets high goals for cyber security in India and covers a wide range of topics, from institutional frameworks for emergency response to indigenous capacity building.

What the Policy achieves in breadth, however, it often lacks in depth. Vague, cursory language ultimately prevents the Policy from being anything more than an aspirational document. In order to translate the Policy’s goals into an effective strategy, a great deal more specificity and precision will be required.

The Scope of National Cyber Security

Where such precision is most required is in definitions. Having no legal force itself, the Policy arguably does not require the sort of legal precision one would expect of an act of Parliament, for example. Yet the Policy deals in terms plagued with ambiguity, cyber security not the least among them. In forgoing basic definitions, the Policy fails to define its own scope, and as a result it proves remarkably broad and arguably unfocused.

The Policy’s preamble comes close to defining cyber security in paragraph 5 when it refers to "cyber related incident[s] of national significance" involving "extensive damage to the information infrastructure or key assets…[threatening] lives, economy and national security." Here at least is a picture of cyber security on a national scale, a picture which would be quite familiar to Western policymakers: computer security practices "fundamental to both protecting government secrets and enabling national defence, in addition to protecting the critical infrastructures that permeate and drive the 21st century global economy."[*] The paragraph 5 definition of sorts becomes much broader, however, when individuals and businesses are introduced, and threats like identity theft are brought into the mix.

Here the Policy runs afoul of a common pitfall: conflating threats to the state or society writ large (e.g. cyber warfare, cyber espionage, cyber terrorism) with threats to businesses and individuals (e.g. fraud, identity theft). Although both sets of threats may be fairly described as cyber security threats, only the former is worthy of the term national cyber security. The latter would be better characterized as cyber crime. The distinction is an important one, lest cyber crime be “securitized,” or elevated to an issue of national security. National cyber security has already provided the justification for the much decried Central Monitoring System (CMS). Expanding the range of threats subsumed under this rubric may provide a pretext for further surveillance efforts on a national scale.

Apart from mission creep, this vague and overly broad conception of national cyber security risks overwhelming an as yet underdeveloped system with more responsibilities than it may be able to handle. Where cyber crime might be left up to the police, its inclusion alongside true national-level cyber security threats in the Policy suggests it may be handled by the new "nodal agency" mentioned in section IV. Thus clearer definitions would not only provide the Policy with a more focused scope, but they would also make for a more efficient distribution of already scarce resources.

What It Get Right

Definitions aside, the Policy actually gets a lot of things right — at least as an aspirational document. It certainly covers plenty of ground, mentioning everything from information sharing to procedures for risk assessment / risk management to supply chain security to capacity building. It is a sketch of what could be a very comprehensive national cyber security strategy, but without more specifics, it is unlikely to reach its full potential. Overall, the Policy is much of what one might expect from a first draft, but certain elements stand out as worthy of special consideration.

First and foremost, the Policy should be commended for its commitment to “[safeguarding] privacy of citizen’s data” (sic). Privacy is an integral component of cyber security, and in fact other states’ cyber security strategies have entire segments devoted specifically to privacy. India’s Policy stands to be more specific as to the scope of these safeguards, however. Does the Policy aim primarily to safeguard data from criminals? Foreign agents? Could it go so far as to protect user data even from its own agents? Indeed this commitment to privacy would appear at odds with the recently unveiled CMS. Rather than merely paying lip service to the concept of online privacy, the government would be well advised to pass legislation protecting citizens’ privacy and to use such legislation as the foundation for a more robust cyber security strategy.

The Policy also does well to advocate “fiscal schemes and incentives to encourage entities to install, strengthen and upgrade information infrastructure with respect to cyber security.” Though some have argued that such regulation would impose inordinate costs on private businesses, anyone with a cursory understanding of computer networks and microeconomics could tell you that “externalities in cybersecurity are so great that even the freest free market would fail”—to quote expert Bruce Schneier. In less academic terms, a network is only as strong as its weakest link. While it is true that many larger enterprises take cyber security quite seriously, small and medium-sized businesses either lack immediate incentives to invest in security (e.g. no shareholders to answer to) or more often lack the basic resources to do so. Some form of government transfer for cyber security related investments could thus go a long way toward shoring up the country’s overall security.

The Policy also “[encourages] wider usage of Public Key Infrastructure (PKI) within Government for trusted communication and transactions.” It is surprising, however, that the Policy does not mandate the usage of PKI. In general, the document provides relatively few details on what specific security practices operators of Critical Information Infrastructure (CII) can or should implement.

Where It Goes Wrong

One troubling aspect of the Policy is its ambiguous language with respect to acquisition policies and supply chain security in general. The Policy, for example, aims to “[mandate] security practices related to the design, acquisition, development, use and operation of information resources” (emphasis added). Indeed, section VI, subsection A, paragraph 8 makes reference to the “procurement of indigenously manufactured ICT products,” presumably to the exclusion of imported goods. Although supply chain security must inevitably factor into overall cyber security concerns, such restrictive acquisition policies could not only deprive critical systems of potentially higher-quality alternatives but—depending on the implementation of these policies—could also sharpen the vulnerabilities of these systems.

Not only do these preferential acquisition policies risk mandating lower quality products, but it is unlikely they will be able to keep pace with the rapid pace of innovation in information technology. The United States provides a cautionary tale. The U.S. National Institute of Standards and Technology (NIST), tasked with producing cyber security standards for operators of critical infrastructure, made its first update to a 2005 set of standards earlier this year. Other regulatory agencies, such as the Federal Energy Regulatory Commission (FERC) move at a marginally faster pace yet nevertheless are delayed by bureaucratic processes. FERC has already moved to implement Version 5 of its Critical Infrastructure Protection (CIP) standards, nearly a year before the deadline for Version 4 compliance. The need for new standards thus outpaces the ability of industry to effectively implement them.

Fortunately, U.S. cyber security regulation has so-far been technology-neutral. Operators of Critical Information Infrastructure are required only to ensure certain functionalities and not to procure their hardware and software from any particular supplier. This principle ensures competition and thus security, allowing CII operators to take advantage of the most cutting-edge technologies regardless of name, model, etc. Technology neutrality does of course raise risks, such as those emphasized by the Government of India regarding Huawei and ZTE in 2010. Risk assessment must, however, remain focused on the technology in question and avoid politicization. India’s cyber security policy can be technology neutral as long as it follows one additional principle: trust but verify.

Verification may be facilitated by the use of free and open-source software (FOSS). FOSS provides security through transparency as opposed to security through obscurity and thus enables more agile responses to security responses. Users can identify and patch bugs themselves, or otherwise take advantage of the broader user community for such fixes. Thus open-source software promotes security in much the same way that competitive markets do: by accepting a wide range of inputs.

Despite the virtues of FOSS, there are plenty of good reasons to run proprietary software, e.g. fitness for purpose, cost, and track record. Proprietary software makes verification somewhat more complicated but not impossible. Source code escrow agreements have recently gained some traction as a verification measure for proprietary software, even with companies like Huawei and ZTE. In 2010, the infamous Chinese telecommunications giants persuaded the Indian government to lift its earlier ban on their products by concluding just such an agreement. Clearly trust but verify is imminently practicable, and thus technology neutrality.

What’s Missing

Level of detail aside, what is most conspicuously absent from the new Policy is any framework for institutional cooperation beyond 1) the designation of CERT-In “as a Nodal Agency for coordination of all efforts for cyber security emergency response and crisis management” and 2) the designation of the “National Critical Information Infrastructure Protection Centre (NCIIPC) to function as the nodal agency for critical information infrastructure protection in the country.” The Policy mentions additionally “a National nodal agency to coordinate all matters related to cyber security in the country, with clearly defined roles & responsibilities.” Some clarity with regard to roles and responsibilities would certainly be in order. Even among these three agencies—assuming they are all distinct—it is unclear who is to be responsible for what.

More confusing still is the number of other pre-existing entities with cyber security responsibilities, in particular the National Technical Research Organization (NTRO), which in an earlier draft of the Policy was to have authority over the NCIIPC. The Ministry of Defense likewise has bolstered its cyber security and cyber warfare capabilities in recent years. Is it appropriate for these to play a role in securing civilian CII? Finally, the already infamous Central Monitoring System, justified predominantly on the very basis of cyber security, receives no mention at all. For a government that is only now releasing its first cyber security policy, India has developed a fairly robust set of institutions around this issue. It is disappointing that the Policy does not more fully address questions of roles and responsibilities among government entities.

Not only is there a lack of coordination among government cyber security entities, but there is no mention of how the public and private sectors are to cooperate on cyber security information—other than oblique references to “public-private partnerships.” Certainly there is a need for information sharing, which is currently facilitated in part by the sector-level CERTS. More interesting, however, is the question of liability for high-impact cyber attacks. To whom are private CII operators accountable in the event of disruptive cyber attacks on their systems? This legal ambiguity must necessarily be resolved in conjunction with the “fiscal schemes and incentives” also alluded to in the Policy in order to motivate strong cyber security practices among all CII operators and the public more broadly.

Next Steps

India’s inaugural National Cyber Security Policy is by and large a step in the right direction. It covers many of the most pressing issues in national cyber security and lays out a number of ambitious goals, ranging from capacity building to robust public-private partnerships. To realize these goals, the government will need a much more detailed roadmap.

Firstly, the extent of the government’s proposed privacy safeguards must be clarified and ideally backed by a separate piece of privacy legislation. As Benjamin Franklin once said, “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” When it comes to cyberspace, the Indian people must demand both liberty and safety.

Secondly, the government should avoid overly preferential acquisition policies and allow risk assessments to be technologically rather than politically driven. Procurement should moreover be technology-neutral. Open source software and source code escrow agreements can facilitate the verification measures that make technology neutrality work.

Finally, to translate this policy into a sound strategy will necessarily require that India’s various means be directed toward specific ends. The Policy hints at organizational mapping with references to CERT-In and the NCIIPC, but the roles and responsibilities of other government agencies as well as the private sector remain underdetermined. Greater clarity on these points would improve inter-agency and public-private cooperation—and thus, one hopes, security—significantly.

[*]. Melissa E. Hathaway and Alexander Klimburg, “Preliminary Considerations: On National Cyber Security” in National Cyber Security Framework Manual, ed. Alexander Klimburg, (Tallinn, Estonia: Nato Cooperative Cyber Defence Centre of Excellence, 2012), 13

For more details visit https://cis-india.org/internet-governance/blog/indias-national-cyber-security-policy-in-review

July 2013 Bulletin

praskrishna — 2013-08-21T09:30:32Z

Our newsletter for the month of July 2013 can be accessed below.

The Centre for Internet & Society (CIS) welcomes you to the seventh issue of its newsletter for the year 2013. In this issue we bring you a report on the Institute on Internet and Society held in the month of June, comments submitted by us to the Office of the Controller General of Patents Designs and Trademarks on the draft guidelines on computer related inventions, report from the fifth privacy roundtable meeting held in Kolkata, updates from Kannada Wikipedia workshops held in Hubli and Sagara, a report on Digital Humanities for higher education, media coverage, and information on our forthcoming events.

Archives of our newsletters are here. Our policies on Ethical Research Guidelines, Non-Discrimination and Equal Opportunities, Privacy, Terms of Website Use and Travel can be accessed here.

Jobs
CIS is inviting applications for the posts of Developer (NVDA Screen Reader Project). To apply for this post, send in your resume to Nirmita Narasimhan (nirmita@cis-india.org). CIS is also seeking applications for the post of Policy Associate (Internet Governance). To apply send your resume to Sunil Abraham (sunil@cis-india.org) and Pranesh Prakash (pranesh@cis-india.org).

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another for developing a screen reader and text-to- speech synthesizer for Indian languages:

National Resource Kit for Persons with Disabilities
CIS and the Centre for Law and Policy Research (CLPR) are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Punjab, Uttarakhand, Maharashtra and Chandigarh:

The Punjab Chapter (by Anandhi Viswanathan, July 31, 2013).
The Uttarakhand Chapter (by Anandhi Viswanathan, July 31, 2013).
The Chandigarh Chapter (by CLPR, July 31, 2013).
The Maharashtra Chapter (by Anandhi Viswanathan, July 31, 2013).

Note: All the chapters published on the website are early drafts and will be reviewed and updated.

Access to Knowledge and Openness

The Wikimedia Foundation has given a grant to CIS to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Access to Knowledge (Previously IP Reforms)

Comments

Comments on the Draft Guidelines for Computer Related Inventions (by Puneeth Nagaraj, July 31, 2013). The comments were submitted to the office of the Controller General of Patents Designs & Trademarks, Mumbai on July 26, 2013.

Event Participated

An International Conference on Interface between Intellectual Property and Competition Law (organized by ASSOCHAM, July 12, 2013). Nehaa Chaudhari participated in the conference and shares select notes in a blog post.

Access to Knowledge (Wikipedia)
The A2K team consists of three members based in Bangalore: T. Vishnu Vardhan, Dr. U.B. Pavanaja and Subhashish Panigrahi and one team member Nitika Tandon who is working from Delhi office.

Event Organised

A Kannada Wikipedia Workshop (organized by CIS-A2K team, July 21, 2013, Hubli). Dr. U.B. Pavanaja gave training to the participants on Wikipedia. Leading newspapers like the Times of India, Vijaya Karnataka, Deccan Herald, VijayaVani, Prajavani, Samyukta Karnataka and HosaDiganta covered the event. Scanned versions of the published articles can be viewed here.
A Kannada Wikipedia Workshop at Sagara (organized by CIS-A2K team, Sagara, July 28, 2013). Dr. U.B. Pavanaja gave a talk on Wikipedia and Kannada Wikipedia.

Event Co-organised

Telugu Wiki Academy at Centre for Good Governance (organized by CIS-A2K and Telegu Wikipedia Community, Centre for Good Governance, Jubilee Hills, Hyderabad, April 9, 2013). T. Vishnu Vardhan participated in this event.

Note: The event was organized in April but report got published only in July.

Event Participated

Free Software (organized by Free Software Movement of Karnataka in partnership with Jnana Vikas Institute of Technology, Bidadi, July 24, 2013). Dr. U.B. Pavanaja made a presentation on Wikipedia.

Ongoing Event

A Workshop on Posting Articles in Kannada on Wikipedia (organised by the Centre for Proficiency Development Placement Service, University of Mysore, CPDPS premises, Manasagangotri, August 6, 2013). Dr. U.B. Pavanaja is conducting a workshop. The announcement was made in an article by R. Krishna Kumar in the Hindu on August 2, 2013.

Press Coverage

Konkani Wikipedia next? (by Diana Fernandes, OHeralO, July 27, 2013). T. Vishnu Vardhan is quoted.

Openness

Events Organised

Delhi: Digital Activism in Europe (The Sarai Programme, Centre for the Study of Developing Societies, New Delhi, July 8, 2013). Bernadette Längle gave a talk about the hacker scene and digital activism in Europe, with a focus on the Chaos Computer Club.
Open Hardware Lab: Play & Invent + Bonus Film Screening (CIS, Bangalore, August 4, 2013). There was a film screening of Theremin: An Electronic Odyssey at the event.

Internet Governance

CIS began two projects earlier this year. The first one on facilitating research and events on surveillance and freedom of expression is with Privacy International and support from the International Development Research Centre, Canada. The second one on mapping cyber security actors in South Asia and South East Asia is with the Citizen Lab, Munk School of Global Affairs, University of Toronto and support from the International Development Research Centre, Canada:

SAFEGUARDS Project
Events Organised

Delhi: Learn to Secure Your Online Communication! (IIC, DU Campus, Delhi, July 6, 2013). A cryptoparty was held in Delhi.
Dharamsala: Learn to Secure Your Online Communication! (Dharamsala, July 13, 2013). A cryptoparty was held in Dharamsala. This was also covered in an article published in the Caravan on August 1, 2013.
Privacy Roundtable Meeting (co-organized by CIS, DSCI, and FICCI, Kolkata, July 13, 2013). An event report was written by Maria Xynou.
The Hackers Way of Reshaping Policies (CIS, Bangalore, August 2, 2012). Bernadette Langle gave a talk on privacy.

Events Participated In

Biometrics or bust? India's Identity Crisis (organised by the Oxford Internet Institute, Oxford University Press, July 2, 2013). Malavika Jayaram participated as a speaker on UID and Privacy.
DSCI Best Practices Meet 2013 (organized by DSCI, Anna Salai, Chennai, July 12, 2013). Kovey Coles attended the meeting.
Achieve Cyber Security Together (organized by the Confederation of Indian Industries, Chennai, July 13, 2013). Kovey Coles attended this event.

Ongoing / Upcoming Events

The Phishing Society: Why 'Facebook' is more dangerous than the Government Spying on You - A Talk by Maria Xynou (CIS, Bangalore, August 7, 2013). Maria Xynou will give a talk on phishing society.
Learn to Protect your Online Activities! (ACJ - Asian College of Journalism, Second Main Road (Behind M.S. Swaminathan Research Foundation), Taramani, Chennai, August 7, 2013).
Privacy Meeting: Brussels – Bangalore (CIS, Bangalore, August 14, 2013). Gertjan Boulet and Dariusz Kloza will give a talk on privacy.
Privacy Round Table, New Delhi (co-organised with FICCI and DSCI, FICCI, Federation House, Tansen Marg, New Delhi, August 24, 2013).

Columns

How Surveillance Works in India (by Pranesh Prakash, New York Times, July 10, 2013).
Can India Trust Its Government on Privacy? (by Pranesh Prakash, New York Times, July 11, 2013).
Parsing the Cyber Security Policy (by Chinmayi Arun, The Hoot, and cross-posted in Free Speech Initiative, July 13, 2013).

Blog Entries

The Difficult Balance of Transparent Surveillance (by Kovey Coles, July 10, 2013).
Moving Towards a Surveillance State (by Srinivas Atreya, July 15, 2013).
More than a Hundred Global Groups Make a Principled Stand against Surveillance (by Elonnai Hickok, July 31, 2013).
The Audacious ‘Right to Be Forgotten’ (by Kovey Coles, July 31, 2013).

Interview

An Interview with Reijo Aarnio: Maria Xynou conducted an interview with Reijo, the Finnish Data Protection Ombudsman.

Media Coverage

Google brings tabs to sneak advertisements into your inbox (by Indu Nandakumar, Economic Times, July 30, 2013). Sunil Abraham is quoted.
How the world’s largest democracy is preparing to snoop on its citizens (by Leslie D' Monte and Joji Thomas Philip, July 3, 2013). Sunil Abraham is quoted.
Geeks have a solution to digital surveillance in India: Cryptography (by Joanna Lobo, DNA, July 7, 2013). Pranesh Prakash is quoted.
India's centralised snooping system facing big delays (by Phil Muncaster, The Register, July 9, 2013). CIS is mentioned in this article.
India’s Central Monitoring System: Security can’t come at cost of privacy (by Danish Raza, FirstPost, July 10, 2013). Sunil Abraham is quoted.
Is CMS a Compromise of Your Security? (by Rohin Dharmakumar, Forbes India magazine, July 12, 2013). Sunil Abraham is quoted.
Snooping technology: Will CMS work in India? (by Pierre Fitter, FirstPost, July 17, 2013). Pranesh Prakash is quoted.
सावधान आपके प्रोफ़ाइल पर है पुलिस की नज़र! (by Parul Aggarwal, BBC, July 18, 2013). Pranesh Prakash is quoted.
Your life's an open Facebook (by Shikha Kumar, DNA, July 21, 2013). Sunil Abraham is quoted.
Concerns over central snoop (by Aloke Tikku, Hindustan Times, June 28, 2013). Sunil Abraham is quoted.
Your telco could help spy on you (by Joji Thomas Philip, Leslie D'Monte and Shauvik Ghosh, LiveMint, July 30, 2013). Sunil Abraham is quoted.

DNA Profiling Bill
A sub-committee has been constituted as per the recommendations of the Expert Committee of DNA Profiling Bill. The sub-committee will have a meeting in Hyderabad on August 6, 2013. Sunil Abraham is one of the members of the sub-committee.

Cyber Stewards Project
Laird Brown, a strategic planner and writer with core competencies on brand analysis, public relations and resource management and Purba Sarkar who in the past worked as a strategic advisor in the field of SAP Retail are working in this project.

Video Interviews

Part 3: Interview with Eva Galperin (July 10, 2013).
Part 4: Interview with Marietje Schaake (July 11, 2013).
Part 5: Interview with Amelia Andersdotter (July 12, 2013).
Part 6: Interview with Lhadon Tethong (July 15, 2013).
Part 7: Interview with Jochem de Groot (July 18, 2013).
Part 8: Interview with Jeff Moss (July, 23, 2013).

Cyber Security
Blog Entries

India's National Cyber Security Policy in Review (by Jonathan Diamond, July 31, 2013).
Guidelines for the Protection of National Critical Information Infrastructure: How Much Regulation? (by Jonathan Diamond, July 31, 2013).

Free Speech, Expression and Censorship
Column

You Have the Right to Remain Silent (by Nishant Shah, July 22, 2013).

Event Participated In

Connaught Summer Institute on Monitoring Internet Openness and Rights (organized by the Munk School of Global Affairs, Bloor Street West, July 23, 2013). Malavika Jayaram participated in this event and spoke on "India's Civil Liberties Crisis: Digital Free Will in Free Fall".

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project to create a knowledge repository on Internet and society. This repository will comprise content targeted primarily at civil society with a view to enabling their informed participation in the Indian Internet and ICT policy space. The repository is available at www.internet-institute.in.

Event Organised

Institute on Internet and Society: Event Report (supported by Ford Foundation, Golden Palms Resort, Bangalore, June 8 – 14, 2013). Pranesh Prakash, Bernadette Längle, Vir Kamal Chopra, AK Bhargava, Ananth Guruswamy, Archana Gulati, Chakshu Roy, Elonnai Hickok, Gaurab Raj Upadhaya, Helani Galpaya, Michael Ginguld, Dr. Nadeem Akhtar, C. Nandini, Dr. Nirmita Narasimhan, Dr. Nishant Shah, Parminder Jeet Singh, Ravikiran Annaswamy, Dr. Ravina Aggarwal, Satyen Gupta, Dr. Subbiah Arunachalam, Sunil Abraham, Tulika Pandey and T. Vishnu Vardhan were speakers at the event. The presentations and videos can now be accessed in this report.

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Building Up vs Tearing Down (by Shyam Ponappa, July 3, 2013, originally published in the Business Standard, and also mirrored in Organizing India Blogspot).

Digital Humanities

We are building research clusters in the field of Digital Humanities. The Digital will be used as a way of unpacking the debates in humanities and social sciences and look at the new frameworks, concepts and ideas that emerge in our engagement with the digital. The clusters aim to produce and document new conversations and debates that shape the contours of Digital Humanities in Asia.

Event Co-organised

Digital Humanities for Indian Higher Education (co-organised by HEIRA, CSCS, Tumkur University, Tata Institute of Social Sciences, Mumbai and CIS, Indian Institute of Science, Bangalore, July 13, 2013).

Event Organised

Digital Humanities Talk (CIS, Bangalore, July 31, 2013). Sara Morais gave a talk on the advantages and problems in doing digital humanities work.

Event Participated In

Political Economy, Activism and Alternative Economic Strategies (organized by the International Institute of Social Studies, Erasmus University of Rotterdam, The Hague, July 9 – 13, 2013). Nishant Shah presented his paper on paper on Citizen Action in the Time of Network.

Blog Entries

Designing Change? Gatekeepers in Digital Humanities (by Sara Morais, July 2, 2013).
Towards Critical Tool-building (by Sara Morais, July 12, 2013).

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/july-2013-bulletin

International Principles on the Application of Human Rights to Communications Surveillance

praskrishna — 2013-07-31T09:02:12Z

For more details visit https://cis-india.org/internet-governance/blog/necessary-and-proportionate.pdf

Chennai: Learn to Protect your Online Activities!

bernadette — 2013-08-01T12:16:52Z

The Centre for Internet and Society cordially invites you to a Crypto Party at Asian College of Journalism Second main Road (Behind M.S. Swaminathan Research Foundation) Taramani in Chennai on August 7, 2013, 4.30 p.m. to 6.30 p.m.

So lets go and have a party, and teach each other how to crypto!

Everyone is invited! Especially do not hesitate to join if you are not using any crypto at all (yet!)

Here is a Flyer / Printout for you to spread the message!

For more details visit https://cis-india.org/internet-governance/cryptoparty-chennai

Your telco could help spy on you

praskrishna — 2013-07-30T06:13:07Z

Telecom minister gives approval to changes in rules for mobile licences to enable such mass surveillance.

The article by Joji Thomas Philip, Leslie D'Monte and Shauvik Ghosh was originally published in Livemint on July 30, 2013. Sunil Abraham is quoted.

Telecom companies and Internet service providers will soon help the government monitor every call made, every email sent and every website visited, with the Centre deciding to connect their networks to its automated surveillance platform known as the Centralised Monitoring System (CMS).

Communications minister Kapil Sibal has approved changes in existing rules and new clauses to be inserted in mobile licences for enabling such mass surveillance, copies of documents reviewed by Mint reveal.

	The department of telecommunications (DoT) will shortly send a letter to all telcos asking them to connect their “lawful interception system (LIS)” to the CMS “at a regional monitoring centre through an interception, store and forward (ISF) server placed in the licensee’s premises”, according to the documents. Telcos including Bharat Sanchar Nigam Ltd (BSNL), Mahanagar Telephone Nigam Ltd (MTNL), Reliance Communications Ltd, Bharti Airtel Ltd, Vodafone India Ltd and Tata TeleServices Ltd declined to comment on questions emailed in this regard.

The department of telecommunications (DoT) will shortly send a letter to all telcos asking them to connect their “lawful interception system (LIS)” to the CMS “at a regional monitoring centre through an interception, store and forward (ISF) server placed in the licensee’s premises”, according to the documents.

Telcos including Bharat Sanchar Nigam Ltd (BSNL), Mahanagar Telephone Nigam Ltd (MTNL), Reliance Communications Ltd, Bharti Airtel Ltd, Vodafone India Ltd and Tata TeleServices Ltd declined to comment on questions emailed in this regard.

“The automated process of the CMS will be subjected to the same regulatory scrutiny as is available in the present manual system under Section 5(2) of Indian Telegraph Act and Rules 419-A thereunder, with the added advantage of having a safeguard against any illegal provisioning by the telecom service providers in the present system, however, remote it may be,” DoT said in an email reply to a questionnaire with a brief on CMS.

“Safeguard has also been built against any unauthorized provisioning by having a different interception provisioning agency than the interception requisitioning and monitoring agencies thus having an inbuilt system of checks and balances. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” DoT said.

The CMS was approved by the cabinet committee on security (CCS) on 16 June 2011, with government funding of Rs.400 crore. It is expected to enable the government to monitor all forms of communication, from emails to online activity to phone calls, text messages and faxes by automating the existing process of interception and monitoring. The government completed a pilot project in September 2011 under which the Centre for Development of Telematics (C-DoT) installed two ISF servers, one of them for MTNL.

“The interception services have been integrated and tested successfully for these two telecom services providers (TSPs),” the note said, referring to MTNL and Tata Communications Ltd. MTNL officials declined to comment. There was no response to queries by Tata Communications.

It added that training had been imparted to six law enforcement agencies—the Intelligence Bureau, the Central Bureau of Investigation, the Directorate of Revenue Intelligence, the Research and Analysis Wing, the Delhi Police and the National Investigation Agency.

However, the documents also reveal that the CMS project is getting delayed over technical issues such as lawful interception systems sending the intercept-related information (IRI) in “their own proprietary format”; difficulty in tracing the movement of “the target from the home network to the roaming network”; and how to independently provision voice and data interception of mobile users.

The government is simultaneously devising a strategy to counter criticism from the media and privacy lobby groups that this surveillance platform has no privacy safeguards. Mint reported on 13 July that fresh questions were raised on the CMS infringing on the rights of individuals, especially in the wake of the US government’s PRISM surveillance project.

In an internal note on 16 July to help Sibal brief the media, DoT said even as the CMS will automate the existing process of interception and monitoring “... all safeguards that are currently in place in the manual mode of interception will continue”.

The note argued that implementation of the CMS “will rather enhance the privacy of the citizens” since it will not be necessary to take the authorization (for tapping) to the nodal officer of the telecom service providers “who comes to know whose or which phone is being intercepted”. The note added that after the CMS is implemented, provisioning of interception will be done by a CMS authority, who would be different from the law enforcement agency authorities.

“The law enforcement agency (LEA) cannot provision for interception and monitoring and the CMS authority cannot see the content but would be able to provision the request from the LEA.Hence, complete check and balance will be ensured. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” added the department’s note briefing the minister.

Also, acknowledging that “questions were being asked about the practices of Indian agencies and the privacy and rights of its citizens”, national security adviser Shivshankar Menon in a 23 June note to the ministries of home, external affairs and telecom, the department of electronics and information technology, and the cabinet secretary said: “Only home secretaries of the Centre and states can authorize such monitoring; orders are valid for two months, are not extendable beyond six months; records are to be maintained, use of storage is limited and a review committee of cabinet secretary, law secretary and secretary of the telecom department regularly screens all cases.”

Menon also admitted that when it came to individual privacy rights, there were “larger issues that needed serious consideration and wider consultation with industry, advocacy groups and NGOs (non-governmental organizations) as has been the case so far in the draft privacy Bill... For data protection and retention in India, however, there may be a need to consider legislation or strengthening existing legislation, as the march of technology has made most present laws irrelevant.”

Privacy experts are convinced that safeguards are needed, especially since India does not have a privacy law.

“To safeguard public interest, the government should also draft a law that will make it a criminal offence if a CMS authority is found in possession of any personal information culled through the CMS. That will prove to be a deterrent,” said Sunil Abraham, executive director of the Centre for Internet and Society, a privacy lobby body. “Also, the government must build an audit trail using PKI (public key encryption) and people as an additional safeguard.”

“As I understand it, there is also no clear statutory backing for the CMS,” said Apar Gupta, a partner at law firm Advani and Co. that specializes in information technology (IT) law. “What is important is that every tapping order should be backed by a reason. This was the case with the manual process. Will this be possible in an automated surveillance system such as the CMS?”

“What is disturbing is that there is no transparency with regard to the CMS. Everything is happening under the radar with media reports periodically giving us glimpses into the project,” he said. “A state should protect its interests but should do so in a manner that safeguards privacy and limits abuse.”

According to the Freedom on the Net 2012 report by Freedom House, an independent privacy watchdog body, of the 47 countries analysed, 19 had introduced new laws or other directives since January 2011 that could affect free speech online, violate users’ privacy, or punish individuals who post certain types of content. India, which scored 39 points out of 100 (score achieved out of 100 for censoring the Internet), was termed partly free by the report, which was released on 24 September.

Globally, 79% of the respondents in another study said they were concerned about their privacy online, with India (94%), Brazil (90%) and Spain (90%) showing the highest level of concern, according to a June survey undertaken by research firm ComRes, and commissioned by Big Brother Watch, an online privacy campaign.

For more details visit https://cis-india.org/news/livemint-july-30-2013-joji-thomas-philip-leslie-d-monte-shauvik-ghosh-your-telco-could-help-spy-on-you

Institute on Internet & Society: Event Report

srividya — 2013-10-15T06:48:00Z

The Institute on Internet and Society organized by the Centre for Internet and Society (CIS) with grant supported by the Ford Foundation took place from June 8 to 14, 2013 at the Golden Palms Resort in Bangalore.

A total of 20 participants spent the seven days in a residential institute, learning about the fundamental technologies of the Internet and topics on which CIS has expertise on such as Accessibility, Openness, Privacy, Digital Natives and Internet Governance.

The participants belonged to various stakeholder groups and it provided a common forum (first of its kind in India) to discuss and share ideas. Twenty-four expert speakers from various domains came to share their knowledge and speak about their work, so as to encourage activity in the field and supply resources from which participants could learn to increase their accessibility, range and funding possibilities, as well as network with the speakers and amongst themselves.

The Institute has triggered a number of follow-up events — those that the participants organized themselves with the help of CIS staff, including Crypto Parties in Bangalore, Delhi and Mumbai, that taught netizens to keep their online communication private. In addition to that, the CIS Access2Knowledge (A2K) team could rope in eight new Wikipedians who will contribute to Wikipedia in Indic languages.

The day wise talks and activities that took place are listed below:

Day 1: June 8, 2013

The seven day residential Institute began on Saturday, the 8th of June with a warm welcome by Dr. Ravina Aggarwal and Dr. Nirmita Narasimhan. They outlined the purpose of the residential institute and briefly went over the topics which would get covered over the week long duration. This was followed by each of the participants introducing themselves briefly and also stating their expectations from the Institute, why they were attending the same and what they hope to get at the end.

Session 1: History of the Internet

(by Pranesh Prakash and Bernadette Längle)

Above is a picture of Pranesh Prakash speaking about the History of the Internet during the first session on Day 1.	The Institute proceedings kicked off with the first session, History of the Internet by Pranesh Prakash and Bernadette Längle. Participants learned where the Internet originally came from and how it is organized, as well as different technologies surrounding the Internet. Pranesh Prakash and Bernadette Längle set the start point of the Internet in the late 50's when the Russians send the first satellite in space (Sputnik) and the US founded the DARPA(Defense Advanced Research Projects Agency), a research agency that was tasked with creating new technologies for military use. DARPA is credited with development of many technologies which have had a major effect on the world, including computer networking, as well as NLS, which was both the first hypertext system, and an important precursor to the contemporary ubiquitous graphical user interface (GUI). A few years later the first four computers were connected to a network.

After the Network Control Protocol (NCP, later replaced by the TCP/IP) was invented in 1970, the first applications were made: email (connecting people), telnet (connecting computers) and the file transport protocol (FTP) (connecting information) — all of these are still in use today. Participants were surprised to learn that the Web, most commonly used today, known to be invented by one single person in the 90's, actually existed for a long time prior to the '90s.

VIDEO

Session 2: Domestic Bodies and Mechanisms

(by Pranesh Prakash)
After lunch, Pranesh Prakash led the second session about Domestic Bodies and Mechanisms and he started with some of the problems associated with the Domestic Regulatory Bodies:

Lack of coherence and consistency in Internet related policies
Rather than co-operating, the different agencies compete with each other.
Communication with the public is of different degrees and openness of different agencies varies.

Department of Electronics and Information Technology (DEITY), is one of the most important public agencies & the CERT-in focuses on issues like malware and content regulation. There is also the STQC (Standard Setting and Quality Setting Body).
The work of these organizations is to govern the Internet, bring about better privacy policies and ensure freedom of speech.
Other governing bodies include DOT (Department of Telecommunications) which governs the telecom and internet policies of India. In India, certain content regulation takes place under a notification as part of the IT Act, 2003.
TRAI (Telecom Regulatory Authority of India) also looks into the tariff, interconnections and quality of telecom sector, spectrum regulation and so on.
The USOF (Universal Service Obligation Fund) seeks to provide funds for setting up telecom services in rural areas.
Ministry of Information and Broadcasting (MIB) has been extending copyright restrictions to online publications.

VIDEO

Session 3: Emerging trends in Internet usage in India

(by Nandini C and Vir Kamal Chopra)
Emerging Trends in Internet Usage with specific focus on BSNL offerings (by Vir Kamal Chopra)
Some of the salient points discussed were:

In 1995, the VSNL provided internet in 4 metros of India, by 1998 DOT had provided internet in 42 cities.
Some of the facilities internet provides include Tele-education, Tele-medicine, mobile banking, payment of bills via mobile internet, etc.
BSNL has got maximum broadband market share in India.
Present Scenario, there are 900 million mobiles in India, 430 million wireless connections with capability to access data.
The total broadband connections are 15 million in country, 10 million provided by BSNL.
Total internet users are 120 million with a growth rate of 30%.
Public access is not only about network intermediaries but about info-mediaries who understand internet.
BSNL lost Rs 18,000 crores from 3G license.
2G to 3G shifting is not seamless and leads to lot of packet loss, and 3G coverage is not as extensive as 2G. Thus 3G is not efficient however; the government has made a lot of money from selling 3G licenses.
Future trends include technology trends for internet access, optical fiber technologies, fiber to the curb, fibre to the home, metro Ethernet, etc.
Internet has created an online Public sphere.
In 2000 Parliament passed the Information Technology Act 2000 and the dot.com boom is seen.

Making internet access meaningful in the Indian Context (by Nandini.C)
(Click to see the presentation slides)
Some of the salient points discussed were:

Status of internet access today sees low level of overall penetration of internet, high rate of household mobile penetration and huge rural-urban divide in internet access.
Relationship b/w women and internet in India
8.4% of women in India have access to internet in India and 43% of women using internet in India perceived it as being an important part of their life.
Some area of concerns include ensuring adequate access of internet for the women, entrenched patriarchies, contextual relevance, the imaginary of ‘public access’.
The importance of an existing strong social support network, ITC itself cannot open up economic/social empowerment opportunities for women
ICT-enabled micro-enterprises may also force the burden of double work on women, who undertake both productive activities for the micro-enterprise and re/productive activities for the household.
The Internet today has created an online public sphere.
Countering the threat of online violence.
Censorship and content regulation.
Women’s rights and the spaces of internet governance.
Arbitrary censorship and self-regulation by the corporate and slide towards an illusory freedom; state is used as a bogeyman by corporate to create an online culture that is suitable to the corporate values.

VIDEO

Activity
Day 1 featured an interesting activity called the Creative Handshake. The goal of the game was to teach the participants the concept of "Handshake" in Internet terms and why it is important to make sure that integrity of data transferred is maintained.

Day 2: June 9, 2013

The focus of the second day was more on the nuts and bolts behind the working of the Internet by Dr. Nadeem Akhtar, Wireless Technologies and a case-study in Air Jaldi by Michael Ginguld, Collaborative Knowledge base building by Vishnu Vardhan and Affordable Devices on the Internet by Ravikiran Annaswamy.

The salient points of each of the talks are listed below.

Session 1: How Internet Works

(by Nadeem Akhtar)
Click to read the presentation slides

Internet structure and hierarchy:
1. Data Networks comprise of set of nodes, connected by transmission links, for exchange of data between nodes.
2. Some of the key principles which underpin data networks include digital transmission, multiplexing and data forwarding/routing.
Data networks through ownership include public and private networks.
Data networks through coverage include local area networks (small area), metro area networks (may comprise of a city) and wide area networks (wide geographic area across cities).
Protocols include:
1. Open systems interconnection (OSI) model divides a communication system into smaller parts. Each part is referred to as a layer. Similar communication functions are grouped into logical layers.
2. OSI model defines the different stages that data must go through to travel from one device to another over a network & this enables a modular approach towards developing complex system functionality i.e. functionality at layer X does not depend on how layer Y is implemented.
Above is a picture of Dr. Nadeem Akhtar speaking on the working of the internet on Day 2
Internet networks or connections.
Internet backbone refers to the principal data routes between large, strategically interconnected networks and core routers on the internet and these data routes are hosted by commercial, government, academic and other high-capacity network centers, the internet exchange points and network access points. The internet back bone is decentralized.
Transit Service - Passing information from small ISP to large ISP.
Peering Service - The passing of information between two similar ISP’s os similar size to let network traffic pass.
Three levels of network Tier1, Tier2 and Tier 3. TATA Company is the only Tier 1 Indian Company.
Backhaul- Transport Links which connects access edge networks with the ‘core’ network. The transmitters have to be mounted on a high level.


Above is a picture of Dr. Nadeem Akhtar speaking on the working of the internet on Day 2

VIDEO

Session 2: Wireless Technologies

(by Michael Ginguld)
Click to read the presentation slides

We are surrounded by electromagnetic radiation
All about transmission waves and there are both advantages and disadvantages of the same:
1. Pros: higher reach for lower price, overcomes topographic challenges, lower maintenance, less to damage/lose
2. Cons: limited resources, maintenance (energy), physical limitations to transfer rates.
Satellite/VSAT is a very small aperture tech: a small satellite dish that connects to a geo-static satellite.
Strength: globally usable, can connect from anywhere.
Weakness: signal problems, relatively high installation charge, upstream connection is lower than the downstream, transmitter on satellite is extremely expensive, hence limitation on transmission capacity of the satellite.
VSATs are not scalable. It is a dead-end tech for usages where data transmission volume is expected to grow.
2G Technology for mobile connection.
Limitation in transfer of data, due to technology and encryption limitations but great availability and reasonable price.
3G Technology has a problem in India; low uptake, leading to low investment, leading to low speed, leading to low uptake. The technology allows for high-speed data transfer but the market condition in India still does not make adequate infrastructural support feasible.
4G license auction.
A company bought the country-wide 4G license in the auction. Mukesh Ambani bought the company after some days.
The present legislation does not allow for VoIP-based Telco operation but that is expected to change soon.
Wifi technology is wireless technology. It is low cost wireless transfer of data. The Public dissemination of the ranges in which data transfer using the WiFi protocol can take place. It was made public in India in January 2005.
1. Limitations: needs line of sight, limit to data transfer.
2. Strength: cheap, de-licensed spectrum usage, easily deployable.
2G spectrum, 3G spectrum and now 4G spectrum all are part of the wireless technology.
Air Jaldi started in Dharamshala; building wifi connection spanning campuses.
Three types of consumer categories: (1) no coverage, (2) under-served, and (3) ‘deserving clients’. #2 is the most common group. #3 are people who should be served but cannot pay fully for the service, hence are cross-subsidised by group #2.
Deployed and managed by local staff, trained by AirJaldi.
Customer premise equipment: Rs. 3-4k.
User charges: Rs 975 per month for 512 kbps, Rs 1500 per month for 1 mbps.
Content: by and large, AirJaldi brings infrastructure on which content can ride on, teams with various content providers (like e-learning, rural BPOs, local e-banking etc) for the content side. The biggest drivers are local BPO, banking and retail. The next big driver coming up is entertainment.
WiMax includes 4g spectrum.

VIDEO

Session 3: Building Knowledge Bases and Platform via Mass Collaboration on the Internet

Click to read the presentation slides

The session started off with some physical activity in the form of "Kasa Kasa Warte, Chan Chan Warte" to break off the lunch induced sleep and a mental activity where the participants were divided into two groups and both the groups were asked to collect information on "Water". One group was left to itself while the other had some expert inputs from Vishnu Vardhan on how to collaborate and organize the data. After the activity, both teams presented the information that they had collected on "Water". The benefits of collaborative authoring such as "everyone's voice is heard", "various inputs leading to a multi-dimensional thinking" etc were evident as against a single dimensional thought process that was seen from the group that was un-assisted.	Given above is a picture of the participants involved in a group activity

Salient points discussed during the presentation:

The Concept of Knowledge today is not something of modern phenomena, but it is something which has been existent since print culture was developed. Print technology shapes what we consider as knowledge, and hence as knowledge platform
Techno-sociality of knowledge production
The Concept of Knowledge today is not something of modern phenomena, but it is something which has been existent since print culture was developed. Print technology shapes what we consider as knowledge, and hence as knowledge platform
Techno-sociality of knowledge production
Examples of knowledge platforms:
1. Baidu baike
2. English wikipedia
3. Hudong
4. Catawiki
5. Wikieducator
6. Open street map
7. Pad.ma
8. Sahapedia
9. Internet archive
10. Jstor
11. Dsal
12. Dli
In 1994 Cunningham developed the ‘Wiki Wiki Web’ also known as the ‘Ward Wiki’. Basically it is a knowledge platform.
Internet since then has been used for dissemination of information especially in the education sector. Digital Archived have developed over the years which provide information across various platforms like Wikipedia.
The spread of the internet has made possible the building of knowledge bases by seamless and mass collaboration.

Generic challenges for Wikipedia

Quality, relevance, consistency of knowledge
Suitable motivation of the contributors
Another issue is the scalability

Some of the problems faced by Indian Wikipedian pages:

Technical infrastructure for Indian languages
Typing in the regional language
OCR: complexity of Indian language scripts
Various other technical troubles like browser compatibility, font display, etc., which deter new users
Dearth of quality content available in digital format
Different standards/formats/generations (gov.in/DLI)
Relative lack of research/academic standards, which is transferred on to Indic wikipedias.
Lack of knowledge sharing culture.
Building a mass knowledge platform is the need of the hour.
The platform should be user friendly, easily available and adoptable; offline outreach is key to effective use of online platforms.
The programme should have feedback loop key, behavior statistics data, reinvent and replicate the programme, multi-channel awareness, ‘user connect’ programmes.
The people should communicate knowledge sharing objectives, make knowledge sharing fun, appoint ambassadors; virtual volunteer community building looks simple but its complex and leads to failure.

VIDEO

Session: 4 Affordable Devices to access the Internet

(by Ravikiran Annaswamy)
Click to read the presentation slides


Given above is a picture of the speaker Ravikiran Annaswamy giving a demo of the low cost Akash tablet.

Overview of Affordable Mobile Phones such as Lava Iris, Karbonn A1, Nokia Asha, etc.
Overview of Affordable Tablets such as Aakash, Ubislate, Karbonn Smart A34, etc.
The number of Internet users in India is expected to nearly triple from 125 million in 2011 to 330 million by 2016, says a report by Boston Consulting Group.
How Internet Penetration impacts society.
Demo of the devices.
Need for Mobile Internet
Sugata Mitra & Arvind Eye Care examples.

VIDEO

Day 3: June 10, 2013

The third day of the Institute focussed on Wired means of accessing the Internet, the technology involved followed by an assignment time where the participants were introduced to 2 topics and asked to work on an assignment. This was followed by a site visit in the afternoon to MapUnity. MapUnity develops technology to tackle social problems and development challenges. Their GIS, MIS and mobile technologies are used mostly by government departments and civil society organisations and in the R&D initiatives of commercial ventures.

Session 1: Wired Access Technology

(by Dr. Nadeem Akhtar)
Click to read the presentation slides

Some of the salient points discussed were:

Wired and Wireless

Wired:

Separate communication channel for each users
Low signal attenuation
No interference
Fixed point-of-attachment

Wireless:

Shared medium of communication
Signal is attenuated by a number of factors
Interference between adjacent channels
Points-of-attachment can be changed on-the-fly

Ethernet:

A family of computer networking technologies for LANs which was Invented in 1973 and commercially introduced in 1980. The systems communicating over ethernet divide a stream o data into individual packets called frames. Each frame contains source and destination addresses and error-checking data so that damaged data can be detected and re-transmitted.
Ethernet, by definition, is a broadcast protocol
Any signal can be received by all hosts
Switching enables individual hosts to communicate

Digital subscriber line (DSL):

DSL uses existing telephone lines to transport data to internet subscribers and the term xDSL is used to refer to a number of similar yet competing forms of DSL technologies which includes ADSL, SDSL, HDSL, HDSL-2, G.SHDL, IDSL, and VDSL. DSL service is delivered simultaneously with wired telephone service on the same telephone line and this is possible because DSL uses higher frequency bands for data.

Asymmetric DSL (ADSL):

ADSL is the most commonly installed technology and an ADSL tech can provide maximum downstream speeds of up to 8 mbps.

Modem and router:

Modem is specific to a technology
Modem is de/modulator, it takes bits coming from one protocol/technology, demodulates it (converts it into original data), and re-modulated the original data to another protocol/technology.
Router allows creation of a local area network, allowing multiple devices to connect to the network and access internet together through the router. It has very high bitrate DSL (VDSL) and goes up to 52 mbps downstream and 16 mbps upstream. The length of the physical connection is limited to 300 meters and the second generation VDSL (CDSL2) provides data rates up to 100 mbps simultaneously in both direction, but maximum available bit rate is still achieved about 300 meters.

Cable:

Cable broadband uses existing CATV infrastructure to provide high-access internet access; uses channels specifically reserved for data transfer
Support simultaneous access to broadband and TV programs
Cable access tech is built for one-way transmission; hence some congestion takes place for bi-way data transfer, leading to much lower upstream connection relative to downstream connection for data.

Fiber:

It is a generic term for any broadband network architecture using optical fiber; fiber to the neighborhood; fiber to the curb; the street cabinet is much closer to the user’s premises, typically within 300m, thus allowing ethernet or radio-based connection to the final users; fiber to the basement; fiber to the home (BSNL already providing); fiber to the desktop
Passive optical networks (PON)

Advantages of fiber:

Immunity to electromagnetic interference.
Provides very high data rates at long distances.
When network links run over several 1000s of meters (e.g., metro area networks), fiber significantly outperforms copper.
Replacing at least part of these links with fiber shortens the remaining copper segments and allows them to run much faster.
The data rate of a fiber link is typically limited by the terminal equipment rather than the fiber itself.

Assignment
Participants were given two options for an assignment to work on in the coming days and they could choose either one.

Assignment A
The Universal Service Obligation Fund of India has put out a Call for Proposals under two schemes:

Mobile Connectivity and ICT related livelihood skills for womens’ SHGs (http://www.usof.gov.in/usof-cms/pdf21may/Concept_Paper.pdf), and

Access to ICTs and ICT enabled services for persons with disabilities in rural India. (http://www.usof.gov.in/usof-cms/usofsub/Concept%20paper_USOF%20Scheme_PwDs_A.G.Gulati.pdf)

Your NGO is committed to the task of facilitating access to the Internet for women/ persons with disabilities in rural parts of Kerala and wishes to submit a proposal/ project idea in partnership with a service provider to the USOF.

Assignment B
You are a member of the ancient tribe of Meithis residing in Manipur. Over the years, there is a strong feeling in your community that although the Government has rolled out projects to connect the rural areas throughout India, these have not been successful for your tribe and there is still even a lack of basic fixed telephony, let alone mobile and broadband services. You have hence come to the conclusion that there is a need for focused efforts to target such communities as yours and have decided to submit a concept note to the USOF requesting that ‘ethnic and rural tribal communities’ be specifically included within the mandate of the USOF’s activities by defining them as an ‘underserved community’.


Given above is a picture of the participants engaged in a discussion.

Field Trip - Destination: MapUnity.
MapUnity develops technology to tackle social problems and development challenges. Their GIS, MIS and mobile technologies are used mostly by government departments and civil society organisations, and in the R&D initiatives of commercial ventures. MapUnity presented their product offerings to the participants.

VIDEO

Day 4: June 11, 2013

Session 1: Universal Access

(by Archana Gulati)
Click to read the presentation slides

Given above is a picture of Archana Gulati speaking on Universal Access.	Tuesday revolved around questions of access and openness. The day kicked off with Archana Gulati, a policy expert in access to ICTs for people with disabilities talking on Universal Access. Ms. Gulati stressed the importance of ICTs for social development. ICTs are a necessary aid in development structures including education, health and increased citizen participation in national affairs & they provide crucial knowledge inputs into productive activities. However, even with the Telecom boom, there still exists an access gap in India, which cannot be covered by commercially viable systems.

This 'actual access gap' exists because of geographic (scattered population, low income, low perceived utility of service, lack of commercial/industrial customers, lack of roads, power, difficult terrain, insurgency), economic (urban poor) and social inequality (gender, disabilities) differences. To achieve Universal Access or Universal Service, additional efforts must be made, so as to include these groups. However, Universal Access and Universal Service, while they may imply the same thing, are very different approaches to deal with the problematic access gap.

Universal service, a term coined by Theodore Vail, president of AT&T in 1906, argued that the government should enforce the usage of only one network. This approach suggests a monopolization of the market and goes against the liberal market principle.

Universal access on the other hand suggests cross-subsidizing the low and no profit service areas by high profit service areas. However, this results in the urban population to get over-charged while the rich rural areas benefit from rural subsidizing.

So how do we enable a fair and inexpensive network to be able to create access for a large number of people equally?
Ms. Archana Gulati went on to introduce the Sanchar Shakti scheme as a contribution to national access in India. It was initiated with the objective of improving rural SHG access skills, knowledge, financial services and markets through mobile connections and involved several stakeholders like NABARD, handset/modem manufacturers, DoT USOF, Mobile VAS Providers, Lead NGOs, Mobile Service Providers.

This scheme shows how important is, for the commercial, private and public sector to work together on obtaining accessibility to ITCs.

Session 2: Free and Open Internet

(by Pranesh Prakash)
The following session by Pranesh Prakash on Free and Open Internet showed how the internet can still be a restrictive place which does not allow for internet equality. His talk focussed on the concepts of free and open Internet. Prakash started by stating the Freedom of Speech and Expression Article of the Indian Constitution and in an interactive round it was discussed, how these articles are fundamental for securing other basic human rights. This was demonstrated by an example in which the distribution of food did not proceed equally, as misinformation and restrictions led to an inappropriate hoarding of goods. Therefore, it is important for everyone to have that right. In fact, the Indian constitution formulates Article 19 in a positive way, implying not only everyone should have that right, but that the government must promote the upholding of these rights.

However, in the case of Article 66a, the law actually caused a problem with freedom of speech in itself, as it penalizes sending false and offensive messages through communication services. This is a massive impediment on free speech, as outsiders decide upon what is offensive and what is false.

The other side of freedom of speech and expression is censorship. Online, the removal of websites and editing of content often happens quietly and obscures the fact that someone or something is being censored. Unlike book burnings in the past, which were always made a big political spectacle, often websites are simply removed without a trace, or one is faced with a 404 error, when trying to access it. Because of the offensive content law, journals and magazines are quick to remove supposedly offensive content, as it seems more difficult to engage in argument with the people claiming offense. The CIS proposed a counter-law to secure for this to happen less, as freedom of speech includes the freedom to receive that speech.

VIDEO

Session 3: Openness

(by Sunil Abraham)

Next to ensuring freedom of speech and access, the third session of the day focussed on Openness in terms of Open Source software. Sunil Abraham, CIS executive director, stated the importance of free software and open access of data, as they ensure what he called the four freedoms of internet usage, namely the freedom to use for any purpose, the freedom to study, to modify and to share (freely or for a fee). Proprietary software imposes on these freedoms, as it only has restrictive use and a strong copyright. However, there are alternatives that have moderate copyrights, or so-called copy centred perspectives, or even copyleft, including the above mentioned rights into the terms of the software usage.	Above is a picture of Sunil Abraham speaking on Openness

In alignment with Sunil Abraham’s talk Pranesh Prakash criticized copyright law cutting into accessibility rights, as copyright infringements include translation into other languages, audio versions and also integral parts of education. The key is not to have a "one size fits all" copyright solution, as it is impossible to treat twitter content the same as a blockbuster movie. However, the government of India is doing exactly that and needs to interlink questions of access with copyright law.

VIDEO

Session 4: Open Content

(by Prof. Subbiah Arunachalam)
Prof. Subbiah Arunachalam, who led the next session, discussed Open Content. He had seen during the course of his experience India's poor performance in Science & Technology and outlined the reasons for the same. The lack of access to information essential in scientific research and knowledge production, he said, was the major limiting cause.

VIDEO

Session 5: Quick Talk on Copyright Law and Access

This short session dealt with implications of copyright law on internet access.

Activity

The participants were divided into two groups, and they were asked build as huge a network as possible with their personal belongings and present their creations. The participants had good ideas. One group placed their mobiles and laptops into the network to have them as nodes. The other group implemented the re-routing around censorship.

VIDEO


Given above is a picture of the participants in an activity making the longest network possible with their personal belongings.

Day 5: (June 12, 2013)

Session 1: Privacy on the Internet in India

(by Sunil Abraham and Elonnai Hickok)

Click to view the presentation slides

Given above is a picture of Elonnai Hickock speaking about privacy	The following day, June 12th started off with “Privacy” as the theme. The session Privacy on the Internet in India was led by CIS privacy experts Sunil Abraham and Elonnai Hickock. In an exchange of anecdotes, it was made clear how there needs to be a certain degree of state surveillance to secure the citizens safety. This can happen through off air interception and active or passive cell phone towers that can track mobile devices. However, encryption is an important tool to secure one’s own privacy against cyber espionage.

Some of the salient points discussed were:

Off-the Air Interception
Possible to set up active or passive cell phone tower.
The signal strength will be strong and everyone looks for it.
Capacity to identify itself as a service provider.
Interception can begin with encryption Technology today used by security agencies.
NTRO- national technical Research Org and Outlook

VIDEO

Session 2: E-Accessibility

(by Nirmita Narasimhan)
Click to view the presentation slides


Given above is a picture of Dr. Nirmita Narasimhan speaking on e-accessibility

The second session was on “E-Accessibility” led by Dr. Nirmita Narasimhan. Some of the salient points discussed were:

Problems arising out of disability
Accessibility-Infrastructure and ICT
Assistive technologies for PWD’s.
Reasonable accommodation (not available or cannot be and requires extra effort and putting up an accessible copy up) and universal Design (for both for PWD’s and non-PWD’s).
Web Content Accessibility is operable and easily understandable.
Accessibility standards include; Daisy (6 types of books including audio and text books) is all about marking up the documents. Really a good way to read but is expensive and time consuming, also need Daisy tools and player to make it work.
In 1808 the first typewriter was developed to help the blind.
Considerations involved in Web Accessibility
Overlap b/w mobile accessibility and web accessibility.
Example- Raku Raku phone captured 60% of market share in Japan. It has many assistive features.
Relay Services has a middle man who passes on the message b/w different PWD’s in many countries, but it is not yet available in India.
PWD’s communicating with customer care – the issues involved.
Accessibility Policy- very few people are adopting accessible technologies. There is a need to have a strong policy. U.K. and U.S. already have strong policies related to accessible and assistive technology for PWD’s.

Video

Session 3: International Bodies and Mechanisms

(by Tulika Pandey and Gaurab Raj Upadhyay)
Activity
Gaurab incorporated an Activity into his talk to enable the students to have a clearer understanding of International Bodies and Mechanisms.


Given above is a picture of the speaker Gaurab Raj Upadhaya explaining the International Bodies and Mechanisms

Some of the salient points discussed during his talk were:

Definition: “Internet Governance is the development and application by Govt., the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures and programmes which shape the evolution and use of internet.”
It should be multilateral, transparent and democratic
Enhanced cooperation means to enable govt…

Technical issues to keep in mind while talking about internet:

Critical internet resources
Root server locations
Open Standards (CIS leads the initiative)
Interoperability
Search Engines
Internationalized Domain names (in own script & language)
Content

Virtual yet real space and most important question to be understood is that whether, the governance of internet is possible?
Public Policy- to monitor cross-border data flow, Openness vs Privacy
India’s Outlook in internet policies-Pillars of Internet which is not fully addressed by the Indian government today.
Established an Inter- Ministerial Group by including various government departments into the arena.
Layer 0-7 Names and Numbers
Layer 8 and above
Applications and Usage
Legal business, policy, etc.

Session-4: E-Governance

(by Tulika Pandey and Sunil Abraham)


Given above is a picture of the speaker Tulika Pandey speaking about e-Governance

Some of the salient points discussed were:

Making policies in India is difficult because the population is huge and implementation at rural level is difficult.
Bombarded by Techno utopians- who believe in technology’s ability to change lives.
Techno determinants- Corruption solved through technology through open government data. More technology is better, the most sophisticated ones are the best are gross misconceptions.
Bhoomi project tried to deal with corruption at village level. Important policy change made all paper work illegal and digitized the land records etc. every action and request will be logged. But this led to creation of new corruption. Bribes were taken even before data was logged!
UID Project (Cobra Post Scam) around 20 public sector and 30 private banks were involved in money laundering scams.
People who design the systems in Delhi prepare sub-contracts.

VIDEO

Day 6: (June 13, 2013)

Session 1: Critical Perspectives of the Internet

(by Dr. Nishant Shah)
Click to view the presentation slides

The sixth day of the Institute kicked off with Nishant Shah, director of research at CIS, looking into Critical Perspectives of the Internet. Nishant made a very important distinction between the internet as infrastructure and as social network constructing alternative universes. Nonetheless it was important to stress that technology should not be alienated in the process of this separation but seen as an integral part of it, as the digital is as much part of reality as any other technology and has become essential as a technology of change that it brings about not only in scientific but also in social development. Quoting Michel Foucault, Shah argued that technology becomes influential when it changes life, labour and language, which is why research in the field should involve critical ways of thinking about body, space and community.	Above is a picture of Dr. Nishant Shah speaking on Critical Perspectives of the Internet.

The body perception can be perceived through the way bodily agencies change through technology. Technology does not necessarily taint or corrupt the body, but can also be a way to escape its confines. To put it to a point, we are all born into technology and cannot free ourselves from them, as for example pregnancy already starts with nutritional supplements, regulatory diets and exercise and essentially ends with birth technologies that do not necessarily involve only the digital - we must remember, speech is one of the oldest technologies available today.

VIDEO

Session 2: Strategies for Policy Intervention

(by Chakshu Roy)
The second session on “Strategies for Policy Intervention” was led by Chakshu Roy. This session dealt with various ways in which policy intervention can be made and the various factors necessary to successfully engage in policy forums.

VIDEO

Session 3: Profile of Internet Service Providers

(by Satyen Gupta)
Click to view the presentation slides


Given above is a picture of Satyen Gupta speaking about Internet Service Providers

Satyen Gupta during his talk on “Profile of Internet Service Providers” discussed the nature, offerings and profile of various ISPs in India, their market share and dynamics.

The salient points discussed were:

National Broadband Plans
Spectrum Issues “Management”
Reality check of Indian ISPs
Broadband Definition & Penetration
Roadblocks for Broadband in India, Governments Role, Regulation
Institutional Framework for the Indian Telecom
Broadband Access in India- Technology-Neutrality
Satellite based DTH Services offer alternate for the Broadband via Receive Only Internet Service (ROIS)
Broadband using DTH for Receive-only Internet
VSAT has the potential for significant impact on Broadband Penetration in Remote Areas
Fixed Wireless Access- an important access technology
Facilitating Radio Spectrum for Broadband Access
Fiscal measures to reduce the cost of access devices, infrastructure and broadband service
Reduction in the cost of connectivity
National Internet Exchange of India (NIXI) -National Internet Exchange of India (NIXI) has been set up on recommendation of TRAI by DIT, Government of India to ensure that Internet traffic, originating and destined for India, should be routed within India.
Emerging Broadband Services
Broadband Commission for Digital Development (BCDD)-UN Targets for Universal Broadband,2015
NOFN India-Existing Fiber Infrastructure and Coverage by Various Service Providers
National Telecom Policy (NTP) 2012- Salient Features
State of Internet Services and ISPs in India:
1. India’s Ranking on Key Broadband Indicators
2. Regulator’s Report – Growth of Internet in India
3. Internet Subscribers Base & Market share of top 10 ISPs
4. Technology trends for Internet/Broadband Access
5. Internet/broadband Subscribers for top 10 states
6. Tariff Plans for USO funded Broadband
7. Contribution of Telcos in Development of Internet Services
8. Incumbent’s Role in Growth of Broadband
9. Plugging rural missing link- BBNL
Internet Subscribers Base & Market share of top 10 ISPs

VIDEO

Session 4: Competition in the Market by Helani Galpaya

Helani Galpaya during her talk on “Competition in the Market” discussed about what competition meant, Herfindahl–Hirschman Index to measure how competitive a market is, what are the dangers of monopoly markets and the landscape of the Telecom market in India.


Above is a picture of Helani Galpaya speaking about Competition in the Market

Day 7: (June 14, 2013)

The final day of the Institute focussed on how the Internet can be used to effect change on society – Activism was the theme.

Session 1: Leveraging Internet for activism

(by Ananth Guruswamy)
Click to read the presentation slides


Above is a picture of Ananth Guruswamy speaking during the session on leveraging internet for activism

Some of the salient points discussed were:

Digital Activism
Target Omar Abdullah. It is about an act called Administrative detention Act. One can be detained without act i.e. The Preventive Detention Act. He directly responded to the threat.
Twitter seems to be a place where the political leaders are actually accessible. This kind of access was not possible in day to day life earlier if one was a common man. This phenomenon is developing. Even in Corporate setup writing a mail directly to the CEO seems possible.
Strengths: Wide reach, Freedom of speech, Data collection is made easy, Issues can be tackled swiftly, Global communities, singular identities have lot of power. Eg: 190 Million people stood up against Poverty; this kind of mobilization impossible without internet.
Besides local issues even Global issues are addressed an collection of funds becomes easy. Onion.com once a struggling publication in U.S., but now with a global audience it is thriving and it has a healthy reader base today.
The Earth Hour helps people connect across space and time.
Weakness: More popularity, more attention; Traditional/Real Protest has become rare and a threat; There is no real action beyond internet, threat of movement is low, there is no real commitment involved in digital activism and just one click is enough to make one ‘feel good’.
Opportunities: Recruitment of protestors for real protests. Diff. b/w real and virtual blurred; anything that affects the mind space is real. The intersection is interesting.
Threats: Total removal of privacy, Government intervention in private issues and there could be misinterpretation of people’s thoughts by certain people.
Traditional vs Digital activism: Traditional fails to provide results whereas clicking a button is as easy as wearing a badge.
Facebook activism: ‘Like Buttons’, People moving away from reading emails, a shift towards use of facebook; creates a sense of belongingness which the traditional activism failed to achieve.
India against Corruption: used mobile phone effectively.
Social Media has changed the way protests happen globally and in India, one example is Twitter. Change.org is a website which gives freedom to anybody to start a petition without any external source; Awaaz.org another such petition website.
Green Peace launched a Green peace X which was a runaway success. YouTube is another platform for the masses. People today are more interested in watching rather than reading.
Pakistan in 2007: “Flash protests”; Free Fraizan Movement on Twitter.
Something to keep in mind regarding while launching a campaign online is to think who the audience is and what we want them to do and how will the campaign help our objectives?
How to measure success of a social media campaign?
Reach
Engagement- likes, tweets, comments, etc.
Influence
Attrition Score

VIDEO

Session 2: Internet Access Activism

(by Parminder Jeet Singh)
The next session on “INTERNET ACCESS” ACTIVISM by Parminder Jeet Singh dealt with how people can contribute to initiatives for improving internet access amongst masses.

VIDEO

Session 3: Ensuring Access to the Internet

(by A.K. Bhargava)
Click to view the presentation
The last session on “Ensuring Access to the Internet” by A.K. Bhargava discussed strategies to enhance access to the Internet in India with special focus on National Optical Fibre Network.

The salient points discussed were:

-    Role of Broadband in Nation Building
-    Policy Aspiration of Broadband - How do we meet aspiration?
-    Telecom Network Layers‐Gaps in OFC Reach
-    BBNL Interconnection
-    NOFN - Bridging The Gap
-    Digital Knowledge Centres (DKCs)
-    Architecture of BBNL
-    NOFN Impact

Societal
- Bridging the digital divide
Business
- Job creation, indigenous industry growth
Sectoral
- Improved connectivity, data growth
Technological
- Differentiators
VIDEO

Speaker Presentation Slides
All the presentation aids/slide shows barring a few have been uploaded to the website at http://internet-institute.in/repository

Presentation of Assignments
The participants presented their assignments which were given to them to work on the 3rd day. The participants were presented with Wikipedia T-Shirts as a token of appreciation.


Given above is a picture of the participants presenting their assignments

Participant Feedback
All participants were asked to fill a "Session Feedback Form" for each of the sessions and also an "Overall Feedback Form". They were also constantly encouraged to come up with suggestions and inputs on how to make the Institute more interesting.

The key findings from the Quantitative Feedback provided are:
(The figures below are averaged scores (out of 5) provided by participants in the Overall Feedback Forms)

S.No.	Parameter	Score (Out of 5)
1	Relevance of Content	3.6
2	Comprehensiveness of Content	3.44
3	Easy to Understand	3.55
4	Well Paced	3.33
5	Sufficient Breaks	3
6	Duration of Talks	3.2
7	Mix between Learning & Activities	3

The key findings from the Qualitative Feedback provided are:

S.No.	Points observed
1	Presentations – Participants felt sessions with accompanying slides/aids were most helpful. Some felt that accompanying notes could also be useful for future reference.
2	Use of Examples/Case Studies – Participants felt concepts can be better assimilated if case-studies/examples are used. Some also felt that for the technological advancements discussed, it would have been better had the social/economic impact of the same was discussed too.
3	Implementation Gaps– One participant, who is working at the field level in Kolkata had a specific thing to say about the talk about BSNL and its offerings– Although BSNL has so many options available on paper to connect to the Internet, common service centres in West Bengal are mostly run on Tata Indicom’s network even though the board outside says “BSNL” etc. She felt that the reality is far different from what exists on paper.
4	Interactive sessions were most appreciated than speaker led sessions.
5	There were many responses to the question “How will you apply this new information in the future” and it is very encouraging. People have given thought to contributing to Wikipedia in their mother tongue, take the knowledge to the field work that they are associated with, continue with their research, change their Internet connections, to help file RTIs, to adopt more open source software, sharing with students, advocacy efforts, etc
6	The responses to the question “What did you learn from the session/workshop that was new?” elicited more responses for the following sessions Domestic Bodies and Mechanisms Case-studies such as Air Jaldi Low cost devices in India USOF Free & Open Internet Copyright laws Privacy Accessibility Digital Natives ISPs
7	Field Trip – One participant said “One or two of the persons from MapUnity could have made the presentation at the institute venue itself. A visit to an underserved or un-served community with interactions with the people there could also have given a good understanding of on-ground challenges and needs.”
8	Follow-up Session –One participant had ideas about having a follow-up session “A follow-up call [webinar?] after 6 months to see if any of these concepts were useful would be an interesting exercise to take up”
9	Assignment – Participants felt that the assignments were good but they needed more time to work on the same.

Other Feedback:

The food and the facilities were enjoyed and appreciated by all.
The remote location of the Golden Palms Resort was a concern for most of the participants.

Participation Certificates
Participation Certificates (template shown below) have been mailed to all the participants in the third week of July 2013.


Given above is the certificate declaring the successful completion of the event

Institute Expenses

A total of Rs. 19, 91,889 (Rupees nineteen lakhs ninety one thousand eight hundred and eighty nine only) was spent towards organizing and conducting the Internet Institute. A breakup of the Institute Expenditures is given below:

S.No.	Type of Expense	Description	Total
1	Venue – Golden Palms Resort	Accommodation for participants, speakers and food	12,91,176
2	Travel	Cost of Air tickets	2,94,515
3	Local Travel	Airport Pickup/Drop, Local City Travel	1,41,001
4	Gifts & Printing	Gifts for speakers and ad hoc document printing charges	24,000
5	Infrastructure	Telephony, Audio, Video, Stage	1,05,000
6	Participant Bags		10,650
7	Reimbursements	Reimbursements to participants and speakers	1,25,547
Total Expenses			19,91,889

What the participants had to say

Sangh Priya Rahul – “One of my organisation's work is more or less related to empowerment of rural areas so knowledge about USOF will be useful there.” (On USOF)

Rashmi. M – “Makes me more sensitized towards the disabled people.” (On e-Accessibility)

Preethi Ayyaluswamy – “Would help me in strategically planning for an online campaign” (On digital activism).

Conclusion

The Institute was highly engaging and enabled the participants to explore the various facets of Internet & Society. As was evident from the feedback forms, participants had given thought to contributing to Wikipedia in their mother tongue, take the knowledge to the field work that they are associated with, continue with their research, change their Internet connections, help file RTIs, adopt more open source software, sharing with students, advocacy efforts etc. There was a very high level of expertise amongst speakers at the Institute which was apparent from the participatory discussions and a lot of insightful perspectives were brought forth. There was a common consensus amongst all participants that inclusive growth across all dimensions would take efforts from all stakeholders.

We hope to learn from the findings of this Institute and work towards a better second Institute.


Above is a group picture of all the participants and the organizers

For more details visit https://cis-india.org/telecom/knowledge-repository-on-internet-access/institute-on-internet-and-society-event-report