Centre for Internet and Society

Cyber Dialogue Conference 2014

praskrishna — 2014-04-08T05:09:54Z

The Cyber Dialogue conference, presented by the Canada Centre for Global Security Studies at the Munk School of Global Affairs, University of Toronto, will convene an influential mix of global leaders from government, civil society, academia and private enterprise to participate in a series of facilitated public plenary conversations and working groups around cyberspace security and governance.

Malavika Jayaram is participating in this event being held on March 30 and 31, 2014. Full event details here.

After Snowden, Whither Internet Freedom?

A recent stream of documents leaked by former NSA contractor Edward Snowden has shed light on an otherwise highly secretive world of cyber surveillance. Among the revelations — which include details on mass domestic intercepts and covert efforts to shape and weaken global encryption standards — perhaps the most important for the future of global cyberspace are those concerning the way the U.S. government compelled the secret cooperation of American telecommunications, Internet, and social media companies with signals intelligence programs.

For American citizens, the NSA story has touched off soul-searching discussions about the legality of mass surveillance programs, whether they violate the Fourth and Fifth Amendments of the U.S. Constitution, and whether proper oversight and accountability exist to protect American citizens' rights. But for the rest of the world, they lay bare an enormous “homefield advantage” enjoyed by the United States — a function of the fact that AT&T, Verizon, Google, Facebook, Twitter, Yahoo!, and many other brand name giants are headquartered in the United States.

Prior to the Snowden revelations, global governance of cyberspace was already at a breaking point. The vast majority of Internet users — now and into the future — are coming from the world’s global South, from regions like Africa, Asia, Latin America, and the Middle East. Of the six billion mobile phones on the planet, four billion of them are already located in the developing world. Notably, many of the fastest rates of connectivity to cyberspace are among the world’s most fragile states and/or autocratic regimes, or in countries where religion plays a major role in public life. Meanwhile, countries like Russia, China, Saudi Arabia, Indonesia, India, and others have been pushing for greater sovereign controls in cyberspace. While a US-led alliance of countries, known as the Freedom Online Coalition, was able to resist these pressures at the Dubai ITU summit and other forums like it, the Snowden revelations will certainly call into question the sincerity of this coalition. Already some world leaders, such as Brazil’s President Rousseff, have argued for a reordering of governance of global cyberspace away from U.S. controls.

For the fourth annual Cyber Dialogue, we are inviting a selected group of participants to address the question, “After Snowden, Whither Internet Freedom?” What are the likely reactions to the Snowden revelations going to be among countries of the global South? How will the Freedom Online Coalition respond? What is the future of the “multi-stakeholder” model of Internet governance? Does the “Internet Freedom” agenda still carry any legitimacy? What do we know about “other NSA’s” out there? What are the likely implications for rights, security, and openness in cyberspace of post-Snowden nationalization efforts, like those of Brazil’s?

As in previous Cyber Dialogues, participants will be drawn from a cross-section of government (including law enforcement, defence, and intelligence), the private sector, and civil society. In order to canvass worldwide reaction to the Snowden revelations, this year’s Cyber Dialogue will include an emphasis on thought leaders from the global South, including Africa, Asia, Latin America, and the Middle East.

For more details visit https://cis-india.org/news/cyber-dialogue-conference-2014

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

Cryptoparty Delhi Flyer

bernadette — 2013-06-21T11:53:44Z

For more details visit https://cis-india.org/internet-governance/cryptoparty-delhi-flyer

Cryptoparty bangalore flyer

bernadette — 2013-06-21T11:53:58Z

invitation / flyer for cryptoparty bangalore july

For more details visit https://cis-india.org/internet-governance/cryptoparty-bangalore-flyer

Crypto Night

praskrishna — 2013-08-06T06:04:05Z

Challenging government snooping at an all-night cryptography party.

This article by Rahul M was published in the Caravan on August 1, 2013. Pranesh Prakash and Bernadette Langle are quoted.

Satyakam Goswami sat in a conference hall in the Institute of Informatics & Communication in Delhi University's South Campus, furiously typing code into his laptop. He typed the string “/var/log/tor#”, into a Linux terminal, then turned to me and said, “I am one step away, man.” It was around midnight on a muggy July Saturday, and Goswami had been here for six hours. He resumed typing—and cursing under his breath in Telugu as he realised that the online instructions he was following weren’t helping.

Around him, the room bustled with the activity of around 25 other people, all participants at a Cryptoparty, a cryptography event at which programmers and non-programmers meet to share information and expertise on tools that can help thwart government spying.

Goswami was one of the organisers of the event, which was led by Bernadette Längle, a German ‘hacktivist’ who is a member of the Chaos Computer Club (CCC), Europe’s largest association of hackers. Längle was one of the organisers of the CCC’s Chaos Communication Congress in 2012, an international hackers’ meet held in Hamburg that year. While processing participant applications for the Congress, she came across a group that wanted to organise what they called a “Cryptoparty” at the meet. “I thought Cryptoparty would be a bunch of guys coming together, learning crypto and having a party,” she told me. Only at the event did she realise that Cryptoparties are rather more political affairs, at which participants experiment with ways of combating governmental intrusions into privacy and freedom.

After she graduated, Längle decided she wanted to travel. “I hadn’t been to America or Asia, and I don’t think I want to enter America,” she said. “I thought India might be a good point to start.” While she was exploring her options, she met Goswami online. “I first met Bernadette on an IRC channel, ‘hasgeek’, where she expressed her interest to come to India,” Goswami said. “I suggested that she write a proposal to CIS [the Centre for Internet and Society, in Bangalore].” Längle applied, and was accepted to work with the organisation for six months.

When Längle was teaching a one-week course on email cryptography at a CIS event, a participant suggested to her that she organise a Cryptoparty in the city. “I thought I was travelling anyway, and I can make a Cryptoparty everywhere I go,” Längle said. This led to the Bangalore Cryptoparty on 30 June, followed by the Delhi edition on 6 July. Längle then held a Cryptoparty in Dharamsala in the second week of July, and plans to hold another in Mumbai in October. At each of these, she gave tutorials on specific aspects of cryptography, such as the Pretty Good Privacy (PGP) encryption and decryption program, which Edward Snowden used to communicate with The Guardian’s Glenn Greenwald during their now-famous collaboration. Participants would then experiment with these tools, sending emails and messages to each other using secure channels. The Delhi edition, which saw around 70 participants, continued late into the night, with the last exhausted stragglers shutting off their gadgets and heading home at 4 am.

I met Längle again the day after the Delhi event; with her was Pranesh Prakash, policy director at CIS, who is a commentator on issues related to surveillance and privacy. Both agreed that the Indian government’s Central Monitoring System programme, as well as Edward Snowden’s recent leaks, had resulted in a greater interest in cryptography in the country in recent months. “Without the PRISM stuff, there wouldn’t have been so many people attending,” Längle said. “People are concerned about that.” Prakash believes that the NSA leaks have served as a loud wake-up call about a longstanding state of affairs. “It’s this I-told-you-so moment for lots of people right now,” he said. “This isn’t the first time there have been revelations about the NSA spying beyond their authority. These revelations have been happening at least since 2006.”

For more details visit https://cis-india.org/news/caravan-magazine-august-1-2013-rahul-m-crypto-night

Critique of the Aadhaar Bill 2016

2016-05-02T04:49:14Z

The Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 on March 11, 2016, to give legislative basis to the Aadhaar number assigning being done by the Unique Identification Authority of India (UIDAI). The Bill was introduced, by Finance Minister, Mr. Arun Jaitley, as a money bill, and there was no public consultation to evaluate the provisions therein even though there are very serious ramifications for the Right to Privacy and the Right to Association and Assembly. Since its inception in 2009, the UIDAI project has been shrouded in controversy due to various questions raised about privacy, technological limitations, security concerns, and legal basis. We have documented various concerns with the Aadhaar Bill 2016, as well as with the project at large.

About the Aadhaar Bill 2016

FAQ on the Aadhaar Project and the Bill

This FAQ attempts to address the key questions regarding the Aadhaar/UIDAI project and the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. We will continue to add questions to this list, and edit/expand the answers, based on our ongoing research.

The New Aadhaar Bill in Plain English

This post summarizes the provisions of Aadhaar Bill 2016 in a simplified language.

What's New in the Aadhaar Bill 2016?

Simple comparison of the texts of the The National Identification Authority of India Bill, 2010 and The Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Bill, 2016.

Comparison of the Aadhaar Bill 2016 and the NIAI Bill 2010

A detailed provision-by-provision comparison of the Bills.

Salient Points in the Aadhaar Bill and Concerns

This post contributes to the growing body of analysis and critique of the Aadhaar Bill 2016, and foregrounds the major concerns identified by CIS with the Bill.

Public Statements and Letters

An Urgent Need for the Right to Privacy

Along with a group of individuals and organisations from academia and civil society, we have drafted and are signatories to an open letter addressed to the Union government and urging the same to "urgently take steps to uphold the constitutional basis to the right to privacy and fulfil it’s constitutional and international obligations." Here we publish the text of the open letter. Please follow the link below to support it by joining the signatories.

List of Recommendations on the Aadhaar Bill, 2016 - Letter Submitted to the Members of Parliament

On Friday, March 11, the Aadhaar Bill, 2016, was introduced and passed as a money bill and there was no public consultation to evaluate the provisions therein even though there are very serious ramifications for the Right to Privacy and the Right to Association and Assembly. Based on these concerns, and numerous others, we submitted an initial list of recommendations to the Members of Parliaments to highlight the aspects of the Bill that require immediate attention.

Press Release, March 15, 2016: The New Bill Makes Aadhaar Compulsory!

We published and circulated the following press release on March 15, 2016, to highlight the fact that the Section 7 of the Aadhaar Bill, 2016 states that authentication of the person using her/his Aadhaar number can be made mandatory for the purpose of disbursement of government subsidies, benefits, and services; and in case the person does not have an Aadhaar number, s/he will have to apply for Aadhaar enrolment.

Press Release, March 11, 2016: The Law cannot Fix what Technology has Broken!

We published and circulated the following press release on March 11, 2016, as the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. This Bill was proposed by finance minister, Mr. Arun Jaitley to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).

Infographics

Can the Aadhaar Act 2016 be Classified as a Money Bill?

In this infographic, we show if the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, can be classified as a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Amber Sinha and Sumandro Chattapadhyay.

Can the Matters Dealt with in the Aadhaar Act be the Objects of a Money Bill?

In this infographic, we highlight the matters dealt with in the Aadhaar Act 2016, recently tabled in and passed by the Lok Sabha as a money bill, and consider if these can be objects of a money bill. The infographic is designed by Pooja Saxena, based on information compiled by Sumandro Chattapadhyay and Amber Sinha.

Vulnerabilities in the UIDAI Implementation Not Addressed by the Aadhaar Bill, 2016

In this infographic, we document the various issues in the Aadhaar enrolment process implemented by the UIDAI, and highlight the vulnerabilities that the Aadhaar Bill, 2016 does not address.

Aadhaar Bill 2016 Evaluated against the National Privacy Principles

In this infographic, we evaluate the privacy provisions of the Aadhaar Bill 2016 against the national privacy principles developed by the Group of Experts on Privacy led by the Former Chief Justice A.P. Shah in 2012.

Legal Critique of the Aadhaar Bill 2016

Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles

In October 2012, the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee submitted its report which listed nine principles of privacy which all legislations, especially those dealing with personal should adhere to. In this paper, we shall discuss how the Aadhaar Act fares vis-à-vis these nine principles.

Aadhaar Act and its Non-compliance with Data Protection Law in India

This post compares the provisions of the Aadhaar Act, 2016, with India's data protection regime as articulated in the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Aadhaar Bill Fails to Incorporate Suggestions by the Standing Committee

An analysis of how recommendations made by the Standing Committee on UID were not incorporated in the Aadhaar Bill 2016.

Govt Narrative on Aadhaar has Not Changed in the Last Six Years: Sunil Abraham

In this article, Sunil Abraham says that bill is fundamentally the same as the UPA version, with some cosmetic changes, and some token statements towards the "right to privacy."

Privacy Concerns Overshadow Monetary Benefits of Aadhaar Scheme

Amber Sinha and Pranesh Prakash discuss how the privacy concerns remain, and are reinforced through loopholes, in the Aadhaar Bill 2016.

Technical Critique of the Aadhaar / UIDAI Project

Flaws in the UIDAI Process

The accuracy of biometric identification depends on the chance of a false positive: the probability that the identifiers of two persons will match. An experiment performed at an early stage of the programme has allowed us to estimate the chance of a false positive. For the current population of 1.2 billion the expected proportion of duplicands is 1/121, a ratio which is far too high.

Aadhaar is Actually Surveillance Tech: Sunil Abraham

In this interview, Sunil Abraham argues that the concept of Aadhaar is fundamentally flawed, and it doesn't substantially help in plugging leakages in government schemes.

For more details visit https://cis-india.org/aadhaar-bill-2016

Critics of India's ID card project say they have been harassed, put under surveillance

Admin — 2018-02-24T07:50:55Z

Researchers and journalists who have identified loopholes in India’s massive national identity card project have said they have been slapped with criminal cases or harassed by government agencies because of their work.

This was published by Reuters on February 13, 2018. Reporting by Rahul Bhatia; Editing by Raju Gopalakrishnan

Last month, the Unique Identification Authority of India (UIDAI), the semi-government body responsible for the national identity project, called Aadhaar, or “Basis”, filed a criminal case against the Tribune newspaper for publishing a story that said access to the card’s database could be bought for 500 rupees ($7.82).

Reuters spoke to eight additional researchers, activists and journalists who have complained of being harassed after writing about Aadhaar. They said UIDAI and other government agencies were extremely sensitive to criticism of the Aadhaar programme.

Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users and the world’s biggest database.

Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.

The Tribune said one of its reporters purchased access to a portal that could provide data linked to any Aadhaar cardholder.

The UIDAI complaint, filed with the police cyber cell in the capital, New Delhi, accused the newspaper, the reporter, and others of cheating by impersonation, forgery and unauthorised access to a computer network.

Media associations sharply criticised the action - the Editors Guild of India said UIDAI’s move was “clearly meant to browbeat a journalist whose story was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press.”

In response, the agency said “an impression was being created in media that UIDAI is targeting the media or whistleblowers or shooting the messenger.”

“That is not at all true. It is for the act of unauthorised access, criminal proceedings have been launched,” it said in a statement.

Osama Manzar, the director of the Digital Empowerment Foundation, a New Delhi-based NGO, called the government’s prickliness “a clear sign that rather than it wanting to learn how to make Aadhaar a tool of empowerment, it actually wants to use it as a coercive tool of disempowerment”.

Data Leakage

Last May, the Centre for Internet and Society (CIS), an independent Indian advocacy group, published a report that government websites had inadvertently leaked several million identification numbers from the project.

UIDAI sent the CIS a legal notice within days, said Srinivas Kodali, one of the authors of the report.

The notice alleged that some of the data cited in the report would only be available if the site had been accessed illegally. The UIDAI wrote that the people involved had to be “brought to justice.”

According to Kodali, two more notices followed, addressed to the group’s directors and two researchers, containing more accusations. “They said it was a criminal conspiracy, and demanded that we send individual responses,” he said.

CIS then received questions about its funding from the home ministry section that grants NGOs permission to receive foreign funding, said a source in the group who saw the letter. CIS viewed this as a threat to its funding, the source said. CIS declined to comment on the notices or on the questions about funding.

UIDAI did not reply to multiple e-mails seeking comment on the accusations about CIS and similar complaints by other activists and journalists, and officials could not be reached by phone. Officials at the Ministry of Information Technology that supervises UIDAI were unreachable by phone.
In a column in the Economic Times newspaper in January, Ajay Pandey, the head of the UIDAI, wrote: “The data of all Aadhaar holders is safe and secure. One should not believe rumours or claims made on its so-called ‘breach’.”

R.S. Sharma, the head of India’s telecom regulatory body, said there was an “orchestrated campaign” against Aadhaar as it was against the interests of those who operated in the shadow economy with fictitious names, or were skimming off subsidies.

“It is going to clean up many systems,” Sharma told a television channel last month. “That’s probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them.”

That trip to Turkey

A Bangalore researcher who contributed to the CIS report said scrutiny by police and government officials was a common occurrence, but harassment was stepped up after it was published.

“Sometimes people from the police station visit you. Other times from the Home Ministry. It was intimidating,” the researcher said.

The person, who asked not to be named for fear of reprisal, said police officers asked questions like “How was that trip to Turkey?',” to make it clear the subjects were under surveillance.

When Sameer Kochhar, a social scientist and author of books on Aadhaar, demonstrated how the system’s biometrics safeguards could be bypassed last year, UIDAI filed a police report in New Delhi, a person familiar with the matter said.

Subsequently, Kochhar received at least three notices from the Delhi Police alleging that he had violated 14 sections under three separate laws, the person said.

Kochhar’s lawyer declined comment. Delhi Police officials declined comment.

Critics have warned Aadhaar could be used as an instrument of state surveillance while data security and privacy regulations are still to be framed.

Former central bank governor Raghuram Rajan said last month that the government needed to prove it would protect the privacy of Aadhaar.

“I do think that we have to assure the public that their data is safe,” Rajan said. “All these reports about easy availability of data are worrying and we have to ensure security. We cannot just say trust us, trust us, it’s all secure.”

For more details visit https://cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance

Critical Look at Visual Representation of Cybersecurity

Admin — 2019-08-21T07:58:07Z

For more details visit https://cis-india.org/internet-governance/files/critical-look-at-visual-representation-of-cybersecurity

Crisis for identity or identity crisis?

praskrishna — 2011-04-02T08:16:30Z

The hurry with which the government is pushing its most ambitious project to assign a number (UID) to every citizen without any feasibility study or public debate has raised many questions.

“It will empower all”, declared Prime Minister Manmohan Singh when he issued the first UID card to a villager from Tembhli village in Maharashtra. But as days pass and relevant issues come for public discourse, many people have begun to doubt prime minister’s assurance.

Unique identification number (UID), named Aadhaar is a 12 digit identification number that the government plans to issue to all citizens that will not only be an identity card but will also serve multiple purposes for its holder.

Infosys co-founder Nandan Nilekani has been assigned the responsibility to execute this proposal as Chairman of the Unique Identification Authority of India (UIDAI). Mr Nilekani leads a team of 120 people having the task of assigning unique identities to 1.2 billion people. He plans to take Aadhaar beyond being just a 12-digit identification number for every Indian. This ambitious and mammoth project is pitched to handle projects as diverse as a national-highway toll-collection system, a technology backbone for the forthcoming Goods and Services Tax (GST) and reform of the vast public distribution system (PDS) for subsidized foodgrains.

Government plans to cover 60 per cent of the nation’s population under this project in the next three years starting October this year. This project is intended to collect identification data about all residents in the country. It is said that it will impact the PDS and NREGA programmes, and plug leakages and save the government large sums of money.

But the UID will not replace ration cards and passports, and is not mandatory as of now. No questions would be asked related to language, caste or religion of the person applying for UID.

The UID number is linked to the fingerprints and the pattern of the eyes of the person assigned that number. This inimitable biometric data ensures that any given number is linked to only one person. So there is hardly a chance of any misgiving or stealing of rations and wages from the holder. It is believed that soon banks, insurance companies, cell phone providers and hospitals will demand UID number before doing business with you.

In short, in the future our name, address, bank account numbers, personal information and identity as a whole will be solely linked and governed by those 12 digit number we hold.

Critics say that there has been no feasible study conducted about UID project, neither has there been a cost benefit analysis done. To add to it, there are serious concerns about data and identity theft.

But apart from the buzz about this new project, there is an air of suspicion surrounding it too.

The launch of the UID has led to a flurry of debate amongst policy-makers, legal experts and civil society at large. In response, Mr Nilekani claims the UID to be “a foolproof project implemented at a low cost”.

However, some critical issues remain unanswered.

One of the major objections about UID is that there has been no feasible study conducted, neither has there been a cost benefit analysis done. There is no project document as such.

To add to it, there are serious concerns about data and identity theft.

In a world where cyber terrorism is the new threat, and the countries are gearing themselves to protect against such a threat, projects like UID come as an open invitation to terrorist outfits to infiltrate their defences.

The UID number is linked to fingerprints and the patterns of the holder’s eye. But medical studies show that our eye's iris patterns can change due to aging, disease or malnourishment. More over the government has no alternative option for many millions who fall outside this pattern of identification owing to callused hands, corneal scars and cataract induced by malnourishment. Even as enrollment is poised to begin, authentication is still an unstudied field. Fake fingerprints can very easily be made. Hence, the unique element of these numbers can be tampered.

Recently, Sunil Abraham, Director, Centre for Internet and Society has remarked, “If I leave my fingerprints around, my identity can be stolen and transactions done on my behalf. They could use that number, to share information about anybody.”

A cyber-criminal having access to any person’s identification number can virtually control that person. Telephone numbers, addresses, family history can all be tracked down. Bank accounts can be manipulated and transactions done without the person knowing. Since these days, a lot of money transactions are done through internet, a cyber criminal can easily steal few UID numbers and impersonate those persons to manipulate the bank or credit card accounts.

In an even uglier scenario, where people might be tracked and judged by their numbers, a criminal’s fingerprints left behind on a scene of crime can be mixed with some one else through a slight manipulation and exchange of UID numbers, making an entirely innocent person a suspect in the eyes of law. Some incompetent or revengeful government officials can also frame innocents for a crime one never committed.

Human rights activists claim that a tech-savvy person can hack into the system and gain any person’s information from the servers unless the government tightens the defenses. A reminiscence of the Bruce Willis starrer Hollywood blockbuster Die Hard 4, a bunch of techno geeks operating from trailer truck hold the entire United States hostage as they hack into every main frame computing network from transportation, communication, power, defence and individual accounts.

The number can also be used for real time tracking, profiling, mounting surveillance and ‘convergence’ of information. Apart from the concerns about identity theft, the number can also invade our private space. If in the future insurance companies and hospitals merge their databases, the insurance companies can increase premium, or simply refuse insurance cover to a person who is not keeping well.

Poor labourers and immigrants who are on the move in search of work could also be the victims of the ‘Aadhaar’. In future, in case of card being lost or misplaced, poor labour would be threatened with financial and welfare exclusion. Where being a legal resident is to be closely tied in with having a UID number, it could render the poor vulnerable to exclusion and expulsion by exploitative employers and others.

Interestingly, few months back in June, UK government scrapped the plans for the controversial 5 billion pounds National Identity Card scheme. The UK government now plans to destroy all information held on the National Identity Register, effectively dismantling the whole system.

Though Mr Nilekani claims that UID would be a cost effective project, however deeper analysis throws a different story. It is reported that the UIDAI project will cost Rs 45,000 crores to the exchequer in the next 4 years. This does not seem to include the costs that will be incurred by Registrars, Enrollers, additional costs on the PDS system to connect it to the UID, the estimated cost to the end user and to the number holder.

Defending himself from the flurry of queries, Mr Nilekani has stressed that the identification number is not mandatory for everyone and only those interested can enroll. The project aims to first enroll the poor and uneducated masses promising them better wages and ration schemes. As was reported, the first villager to get the UID card was ‘happy but did not know its benefits’. Critics allege that the reason why Aadhaar is selling itself to millions of poor in the country is to create a foundation of legitimacy to deflect concerns over its possible misuse, unsafe technology and huge costs. Later, with a larger foundation, the UID can be enforced upon all citizens in the near future as the apex identity proof, making everyone vulnerable to several risks described above.

The UIDAI project has proceeded so far without any legal authorization. There has been no feasibility study or cost-benefit analysis preceding the setting up of such a pervasive project. All calculations are of the back-of-the envelope variety. Data theft is a very serious threat to every individual and the country as a whole. There are deeply disconcerting facts about the project that should make even a die-hard UID supporter worry about its long term implications.

This article has been written by Sushant Sharma. He is a college fresher and avid reader.

Interestingly, few months back in June, UK government scrapped the plans for the controversial 5 billion pounds National Identity Card scheme. The decision came after about 15,000 citizens had already been enrolled and given their numbers. The UK government now plans to destroy all information held on the National Identity Register, effectively dismantling the whole system.

The UK system like the Indian UID had also started with much fanfare, claiming to save nearly 900 million pounds for the taxpayers. While the project was axed, UK’s Home Secretary Theresa May stated - “It (the identity card project) is intrusive and bullying, ineffective and expensive. It is an assault on individual liberty that does not promise a great good.”

The same logic implies to the India as well. But instead of scraping this over-hyped-failure-in-the-making project, our Prime Minister claims the UID project “will empower all”. But will it actually? That is for us to decide now.

Read the original article here.

For more details visit https://cis-india.org/news/identity-crisis

Creativity, Politics, and Internet Censorship

sneha-pp — 2016-06-17T07:07:40Z

In collaboration with Karnataka for Kashmir, we organised a discussion on 'Creativity, Politics and Internet Censorship' on May 25, 2016. Mahum Shabir, a legal activist and artist, Mir Suhail, political cartoonist with Kashmir Reader and Rising Kashmir, and Habeel Iqbal, a lawyer who has worked with several justice groups in Kashmir, shared some of their work and experiences. This discussion was organised as part of Port of Kashmir 2016, a series of events bringing together a small collective of people using different modes of art and activism to address crucial challenges to free speech and democracy in the state.

Mahum Shabir talking about the Handwara case. Source: Swar Thounaojam.

The discussion began with Mahum Shabir giving an overview of the work at the Jammu Kashmir Coalition of Civil Society, specifically on the Handwara case. She spoke of the role of the internet, and social media in particular, in perpetuating the gaze of the state, while also bringing up the larger question of how media propagates a certain way of looking at Kashmir, particularly women, marginalised groups and victims of violence. Internet blockades and media censorship pose several obstacles for the circulation of information, resulting in the need for surreptitious ways of communication as a necessary way to counter predominant narratives in the discourse around occupation. The implications of these for the rights of women in particular, the curbs on freedom at different levels, and the undercurrent of violence that is prevalent in everyday life, came up as significant questions.

Mir Suhail presented some of his cartoons, and shared some poignant personal experiences of growing up in a state under military occupation. His works reflect his concerns about a changing society, from understanding strife as an almost normalised state of existence, to now a phase of industrialization and control of resources. He spoke on the politics of exercising creative freedom in the present, and his attempt to encourage conversations on contemporary issues through his art. The role of technology in facilitating these conversations is as crucial as it is contentious, for it also brings up questions of surveillance and privacy;his art tries to navigate through some of these questions in different ways.

Habeel Iqbal, a lawyer who has worked on the Shopian and Handwara cases, spoke on some of the legal aspects of censorship and surveillance related issues in Kashmir, particularly in instances involving social media. He discussed some of the challenges faced by activists, social workers and political groups in working on certain cases, particularly in gathering and circulating information or in writing about sensitive issues. Self-censorship is often the only option for people working on these issues, as he elaborated through some personal experiences.

The discussion included questions on the possibilities opened up by privacy tools, such the use of encryption and to the extent to which they affect communication. Access to these technologies is a factor here; besides, transparency is also a goal for most human rights organisations working in the state. Social media, and social messaging apps in particular often function as an alternative to mainstream media as a means of communication, and it is interesting to see the questions it opens up for censorship. Examples of activism using not just the internet, but the network (through USBs and hard drives) were also discussed. The responses to such forms of activism, from across the world were interesting to engage with, as it tries to tackle predominant perceptions about the state. The economic aspects of different strategies of censorship and surveillance, through curfews and blockades and its broader implications for socio-economic development in the state were also discussed. The talk provided several insights into the problems and challenges to freedom of speech, the censorship of ideas, and its repercussions for creative freedom and politics in Kashmir.

Postcards of cartoons by Mir Suhail. Source: Swar Thounaojam.

For more details visit https://cis-india.org/raw/creativity-politics-and-internet-censorship-20160525

CPRsouth 2016 – Young Scholars Programme

praskrishna — 2016-05-30T02:01:21Z

Rohini Lakshané, Amber Sinha and Vidushi Marda have been selected to attend the two-day Young Scholars' Programme to be held in Zanzibar, Tanzania in early September this year. The programme is a part of the CPRSouth conference.

Read the original announcement published by CPRSouth here.

Following highly successful joint Afro-Asian CPR conferences in Mauritius in 2012, and India in 2013, CPRafrica and CPRsouth formally merged under the banner of CPRsouth in 2014. Since then, CPRsouth has hosted conferences in the Cradle of Humankind in South Africa (2014), and at the Innovation Center for Big Data and Digital Convergence at Yuan Ze University, Taiwan (2015).

This year’s conference is co-hosted by COSTECH and TCRA in Zanzibar, and will include sessions on cutting-edge developments on ICT policy and regulation in the South and discussion of the research-policy interface.

30 Young Scholars from Africa and the Asia-Pacific region will be selected to participate in a tutorial programme taught by recognised scholars and practitioners from Africa and Asia, and they will attend the main conference thereafter.

Tutorials are scheduled to be held on the 6^th and 7^th of September 2016, prior to the main CPRsouth conference.

Who will qualify?

Masters/PhD students in Economics, Public policy, Communications and Journalism
Officers of government/regulatory agencies undertaking ICT policy research, developing/gathering indicators (monitoring and evaluation)
Staff of private companies in the communication industries working in regulatory affairs
Officers in NGOs/INGOs working in policy and regulation
Researchers from think tanks, university research centres
Journalists covering communication public policy and regulation

Seminar

The seminar will cover a number of topics of the two days, such as:

policy analysis using supply-side or demand-side data;
ICT impact analysis;
convergence, net neutrality;
funding broadband network extension, open access networks, spectrum;
sector and competition regulation;
research to policy interventions;
Internet governance – privacy, surveillance, human rights online; and
introduction to big data, open data.

(2016 tutorial programme still to be confirmed)

Previous tutorial presentations can be accessed at http://www.cprsouth.org/

Application deadline: 22 April 2016

Application guidelines

Applications should be submitted via this link by 22 April 2016, and must contain the following:

one-page curriculum vitae; and
one-page write-up outlining why you wish to become an African or Asia-Pacific based expert capable of contributing to ICT related policy and regulatory reform in the region

Applicants’ write-ups and biographies should be in a single word document, and named: CPRsouth2016_YoungScholar_ApplicantLastName.

Kindly note: Late applications and applications that do not conform to the prescribed format above will automatically be disqualified.

Review Criteria

Applications will be reviewed according to the following criteria:

content of application;
evidence of interest in, and commitment to, policy-relevant research for Africa or the Asia-Pacific region;
quality of writing; and
gender and country representation

The selection committee may contact your supervisor or mentor before making the final selections.

Candidates selected to participate in the tutorial programme must:

provide a one-page research proposal upon acceptance onto the tutorial programme
participate in all tutorial sessions
participate in the entire CPRsouth 2016 conference

Funding

Selected young scholars who are passport holders of, and travelling from, low and middle income countries within the Asia Pacific and Africa (as classified by the World Bank http://data.worldbank.org/about/country-classifications/country-and-lending-groups#Low_income) will be provided with:

lowest-cost economy airfare to conference destination (less USD 150 registration fee);
ground transfers between the conference venue and airport; and
twin sharing accommodation on bed and breakfast basis, 5 lunches and 1 dinner for the duration of the conference and tutorials (6 – 10 September 2016). Not all meals are covered.

The registration fee for young scholars to attend the conference and tutorials is USD150, and airfares will be reimbursed less this registration fee. Participants will be required to cover:

transport to and from airports in their home countries;
visa fees (if any);
meals not provided; and
any other incidental costs

As the registration fee is so low and should be met personally even if there is no institutional support for attendance of the course and conference, please note that only under exceptional circumstances of extreme financial hardship may the organisers consider a waiver of the conference registration fee. Such waivers will be considered on a case-by-case basis and only where a scholar would otherwise be prevented from attending the YS programme and conference.

Visas

Letters of invitation will be provided for purposes of visa applications after participant selections have been made. Participants are responsible for securing their own visas to enter Tanzania, and are strongly advised to initiate visa approval procedures immediately on receipt of confirmation of their participation.

Kindly direct all enquiries to Ondine Bello: admin@researchictafrica.net orinfo@CPRsouth.org

For more details visit https://cis-india.org/internet-governance/news/cprsouth-2016-2013-young-scholars-programme

CPDP 2015

praskrishna — 2014-09-30T09:52:52Z

The eighth international conference on computers, privacy and data protection will be held in Brussels from January 21 to 23, 2015. The Centre for Internet and Society is a moral supporter of CPDP.

CPDP is a non-profit platform originally founded in 2007 by research groups from the Vrije Universiteit Brussel, the Université de Namur and Tilburg University and has grown into a platform carried by 20 academic centers of excellence from the EU, the US and beyond. As a world-leading multidisciplinary conference CPDP offers the cutting edge in legal, regulatory, academic and technological development in privacy and data protection. Within an atmosphere of independence and mutual respect, CPDP gathers academics, lawyers, practitioners, policy-makers, computer scientists and civil society from all over the world in Brussels offering them an arena to exchange ideas and discuss the latest emerging issues and trends. This unique multidisciplinary formula has served to make CPDP one of the leading data protection and privacy conferences in Europe and around the world. CPDP2014 welcomed 854 guests including 343 speakers from 43 different countries dispersed over more than 60 panels which took place during three full days. It attracted another 500 people in several public evening events including debates, a pecha kucha evening and an art exhibition. CPDP2015 aims to repeat the success of last year and will stage panels within the following main topical themes: Data Protection Reform: European and Global Developments, Mobility (mobile technologies, wearable technologies, border surveillance), EU-US developments concerning the regulation of government surveillance, Health, privacy and data protection, Love and lust in the digital age, Internet governance and privacy.

In 2015 CPDP will take place from January 21 to 23, 2015 in the Halles de Schaerbeek, Brussels, Belgium. Registrations are already open: http://www.cpdpconferences.org/Registration.html. For more details see here.

For more details visit https://cis-india.org/internet-governance/news/cpdp-2015

CPC Gathering Agenda

Admin — 2019-01-20T02:42:40Z

For more details visit https://cis-india.org/internet-governance/files/cpc-gathering-agenda.pdf

Court’s approval needed to tap phones: Panel

praskrishna — 2012-10-22T07:02:34Z

Investigators can monitor a person for 15-20 days on executive orders in case of emergencies, suggests panel.

Surabhi Agarwal's article was published in LiveMint on October 18, 2012. Sunil Abraham is quoted.

Government agencies need judicial permission before intercepting any communication or starting surveillance of any individual, a panel on the proposed privacy law suggested on Thursday.

If there is any urgency, investigators can tap phones or monitor a person’s movements for 15-20 days on executive orders but will then have to approach the courts to continue, the committee led by retired Delhi high court judge Ajit P. Shah recommended.

“Phone tapping under the present regime is done under executive permission whereas in other countries it is done only with the permission of the courts,” Shah said.

Security agencies currently require permission from home secretaries, either at the Centre or the states, to set up wiretaps or monitor emails. An oversight group of the cabinet, law and telecom secretaries at the Centre reviews all such authorizations.

	The government established the Shah committee in Feburary under the Planning Commission to study international best practices on privacy and surveillance after concerns arose on misuse of information collected by official agencies. Shah said on Thursday that the committee was “not interested” in preparing a privacy law but has only laid down the principles. The department of personnel and training will deliberate on the panel’s recommendations and then draft a legislation, said Ashwani Kumar, junior minister in the Planning Commission.

The government established the Shah committee in Feburary under the Planning Commission to study international best practices on privacy and surveillance after concerns arose on misuse of information collected by official agencies.

Shah said on Thursday that the committee was “not interested” in preparing a privacy law but has only laid down the principles.

The department of personnel and training will deliberate on the panel’s recommendations and then draft a legislation, said Ashwani Kumar, junior minister in the Planning Commission.

The Shah panel has recommended appointing privacy commissioners and a system under which organizations will have to develop privacy standards that will be approved by a commissioner as a means of self-regulation.

Sectoral industry associations would form a code of conduct for companies that will comply with law as they will be approved by the privacy commissioner, according to Kamlesh Bajaj, chief executive officer of Data Security Council of India, one of the members of the committee. “These associations could also act as alternative dispute-resolution mechanisms,” Bajaj said.

The committee’s other recommendations include giving individuals a choice to provide personal information, collection of only critical personal information, use of data only for the purpose for which it has been collected, and a penalty for violations.

“Without a comprehensive horizontal regulatory framework and the office of the regulator both private and public entities in India have been trampling on the rights of citizens without complying to any of the international best practices when it comes to protecting the right to privacy,” said Sunil Abraham, executive director of Centre for Internet and Society, a Bangalore-based advocacy group. After the privacy law is enacted and the office of a privacy commissioner is created, people will be able to seek redressal against these erring pubic and private entities if their rights are violated, he added.

The government has been looking to enact a privacy law to ensure data collected by various programmes such as the National Population Register, Unique Identification Authority of India and National Intelligence Grid was not misused. It was expected to scotch criticism of these programmes by privacy and Internet activists. It later expanded the scope of the proposed legislation after catching flak for a leak of tapped conversations between corporate lobbyist Niira Radia, industrialists and journalists.

The government now aims to uphold the right of all Indians against any misuse of personal information, interception of personal communication, unlawful surveillance and unwanted commercial communication. That means it effectively covers everything from the misuse of data collected by the government to spam.

However, there could be opposition from law enforcement agencies if the privacy law mandates that prior permission of the courts will be required before intercepting communication.

If judges begin taking a call on interception requests, there could be chances of leakage, “since there are so many judges at so many levels”, said Rumel Dahiya, deputy director general at Institute of Defence Studies and Analyses, a New delhi-based think tank. “The government carries out surveillance to gain fool-proof intelligence. That purpose will be defeated.”

Last week, Prime Minister Manmohan Singh said a fine balance needs to be maintained between the right to information and the right to privacy.

The Shah committee included representatives from the private sector, the department of information technology, ministry of home affairs, department of telecommunication, the law ministry and the department of personnel and training.

Kirthi V. Rao contributed to this story.

For more details visit https://cis-india.org/news/livemint-october-18-2012-surabhi-agarwal-courts-approval-needed-to-tap-phones

Counter Surveillance Panel: DiscoTech & Hackathon (Flyer)

praskrishna — 2014-02-24T21:29:51Z

For more details visit https://cis-india.org/internet-governance/blog/counter-surveillance.pdf