Centre for Internet and Society

India's 'Big Brother': The Central Monitoring System (CMS)

maria — 2013-12-06T09:39:20Z

In this post, Maria Xynou looks at India´s Central Monitoring System (CMS) project and examines whether it can target individuals´ communications data, regardless of whether they are involved in illegal activity.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Starting from this month, all telecommunications and Internet communications in India will be analysed by the government and its agencies. What does that mean? It means that everything we say or text over the phone, write, post or browse over the Internet will be centrally monitored by Indian authorities. This totalitarian type of surveillance will be incorporated in none other than the Central Monitoring System (CMS).

The Central Monitoring System (CMS)

The Central Monitoring System (CMS) may just be another step in the wrong direction, especially since India currently lacks privacy laws which can protect citizens from potential abuse. Yet, all telecommunications and Internet communications are to be monitored by Indian authorities through the CMS, despite the fact that it remains unclear how our data will be used.

The CMS was prepared by the Telecom Enforcement, Resource and Monitoring (TREM) and by the Centre for Development of Telematics (C-DoT) and is being manned by the Intelligence Bureau. The CMS project is likely to start operating this month and the government plans on creating a platform that will include all the service providers in Delhi, Haryana and Karnataka. The Information Technology Amendment Act 2008 enables e-surveillance and central and regional databases will be created to help central and state level law enforcement agencies in interception and monitoring. Without any manual intervention from telecom service providers, the CMS will equip government agencies with Direct Electronic Provisioning, filters and alerts on the target numbers. The CMS will also enable Call Data Records (CDR) analysis and data mining to identify the personal information of the target numbers.

The estimated set up cost of the CMS is Rs. 4 billion and it will be connected with the Telephone Call Interception System (TCIS) which will help monitor voice calls, SMS and MMS, fax communications on landlines, CDMA, video calls, GSM and 3G networks. Agencies which will have access to the CMS include the Research and Analysis Wing (R&AW), the Central Bureau of Investigation (CBI), the National Investigation Agency (NIA), the Central Board of Direct Taxes (CBDT), the Narcotics Control Bureau, and the Enforcement Directorate (ED). In particular, last October, the NIA approached the Department of Telecom requesting its connection with the CMS, which would help it intercept phone calls and monitor social networking sites without the cooperation of telcos. However, the NIA is currently monitoring eight out of 10,000 telephone lines and if it is connected with the CMS, the NIA will also get access to e-mails and other social media platforms. Essentially, the CMS will be converging all the interception lines at one location and Indian law enforcement agencies will have access to them. The CMS will also be capable of intercepting our calls and analyzing our data on social networking sites. Thus, even our attempts to protect our data from ubiquitous surveillance would be futile.

In light of the CMS being installed soon, the Mumbai police took the initiative of setting up a ´social media lab´ last month, which aims to monitor Facebook, Twitter and other social networking sites. This lab would be staffed by 20 police officers who would keep an eye on issues being publicly discussed and track matters relating to public security. According to police spokesman Satyanarayan Choudhary, the lab will be used to identify trends among the youth and to plan law and order accordingly. However, fears have arisen that the lab may be used to stifle political debate and freedom of expression. The arrest of two Indian women last November over a Facebook post which criticized the shutdown of Mumbai after the death of politician Bal Thackeray was proof that the monitoring of our communications can potentially oppress our freedom and human rights. And now that all our online activity will be under the microscope...will the CMS security trade-off be worth it?

Surveillance in the name of Security

In a digitised world, threats to security have been digitised. Terrorism is considered to be a product of globalisation and as such, the Internet appears to be a tool used by terrorists. Hence governments all around the world are convinced that surveillance is probably one of the most effective methods in detecting and prosecuting terrorists, as all movement, action, interests, ideas and everything else that could define an individual are closely being monitored under the ´surveillance umbrella´ True; if everything about our existence is being closely monitored and analysed, it seems likely that we will instantly be detected and prosecuted if engaged in illegal activity. But is that the case with big data? According to security expert Bruce Schneier, searching for a terrorist through data mining is like looking for a needle in a haystack. Generally, the bigger the amount of data, the bigger the probability of an error in matching profiles. Hence, when our data is being analysed through data mining of big data, the probability of us being charged for a crime we did not commit is real. Nonetheless, the CMS is going to start operating soon in an attempt to enable law enforcement agencies to tackle crime and terrorism.

A few days ago, I had a very interesting chat with an employee at SAS Institute (India) Pvt. Ltd. in Bangalore, which is a wholly owned subsidiary of SAS Institute Inc. SAS is a company which produces software solutions and services to combat fraud in financial services, identify cross-sell opportunities in retail, and all the business issues it addresses are based on three capabilities: information management, analytics and business intelligence. Interestingly enough, SAS also produces social network analysis which ´helps institutions detect and prevent fraud by going beyond individual and account views to analyze all related activities and relationships at a network dimension´. In other words, social network analysis by SAS would mean that, through Facebook, for example, all of an individual's´ interests, activities, habits, relationships and everything else that could be, directly or indirectly, linked to an individual would be mapped out in relation to other individuals. If, for example, several individuals appear to have mutual interests and activities, there is a high probability that an individual will be associated with the same type of organization as the other individuals, which could potentially be a terrorist organization. Thus, an essential benefit of the social network analysis solution is that it uncovers previously unknown network connections and relationships, which significantly enables more efficient investigations.

According to the SAS employee I spoke to, the company provides social network analysis to Indian law enforcement agencies and aims at supporting the CMS project in an attempt to tackle crime and terrorism. Furthermore, the SAS employee argued that their social network analysis solution only analyzes open source data which is either way in the public online domain, hence respecting individuals´ online privacy. In support of the Mumbai ´social media lab´, cyber security expert, Vijay Mukhi, argued:

´There may be around 60 lakh twitter users in the city and millions of other social media network users. The police will require a budget of around Rs 500 crore and huge resources such as complex software, unique bandwidth and manpower to keep a track of all of them. To an extent, the police can monitor select people who have criminal backgrounds or links with anti-social or anti-national elements...[...]...Even the apprehension that police is reading your tweet is wrong. The volume of networking on social media sites is beyond anybody's capacity. Deleting any user's message is humanly impossible. It is even difficult to find the origin of messages and shares. However, during the recent Delhi gangrape incident such monitoring of data in public domain helped the police gauge the mood of the people.´

Another cyber security expert argued that the idea that the privacy of our messages and online activity would be intercepted is a misconception. The expert stated that:

´The police are actually looking out for open source intelligence for which information in public domain on these sites is enough. Through the lab, police can access what is in the open source and not the message you are sending to your friend.´

Cyber security experts also argued that the purpose of the creation of the Mumbai social media lab and the CMS in general is to ensure that Indian law enforcement agencies are better informed about current public opinion and trends among the youth, which would enable them to take better decisions on a policy level. It was also argued that, apparently, there is no harm in the creation of such monitoring centres, especially since other countries, such as the U.S., are conducting the same type of surveillance, while have enacted stringent privacy regulations. In other words, the monitoring of our communications appears to be justified, as long as it is in the name of security.

CMS targeting individuals: myth or reality?

The CMS is not a big deal, because it will not target us individually...or at least that is what cyber security experts in India appear to be claiming. But is that really the case? Lets look at the following hypothesis:

The CMS can surveille and target individuals, if Indian law enforcement agencies have access to individuals content and non-content data and are simultaneously equipped with the necessary technology to analyse their data.

The two independent variables of the hypothesis are: (1) Indian law enforcement agencies have access to individuals´ content and non-content data, (2) Indian law enforcement agencies are equipped with the necessary technology to analyse individuals´ content and non-content data. The dependent variable of the hypothesis is that the CMS can surveille and target individuals, which can only be proven once the two independent variables have been confirmed. Now lets look at the facts.

The surveillance industry in India is a vivid reality. ClearTrail is an Indian surveillance technology company which provides communication monitoring solutions to law enforcement agencies around the world and which is a regular sponsor of ISS world surveillance trade shows. In fact, ClearTrail sponsored the ISS world surveillance trade show in Dubai last month - another opportunity to sell its surveillance technologies to law enforcement agencies around the world. ClearTrail´s solutions include, but are not limited to, mass monitoring of IP and voice networks, targeted IP monitoring, tactical Wi-Fi monitoring and off-the-air interception. Indian law enforcement agencies are equipped with such technologies and solutions and thus have the technical capability of targeting us individually and of monitoring our ´private´ online activity.

Shoghi Communications Ltd. is just another example of an Indian surveillance technology company. WikiLeaks has published a brochure with one of Shoghi´s solutions: the Semi Active GSM Monitoring System. This system can be used to intercept communications from any GSM service providers in the world and has a 100% target call monitor rate. The fact that the system is equipped with IMSI analysis software enables it to extract the suspect´s actual mobile number from the network without any help from the service provider. Indian law enforcement agencies are probably being equipped with such systems by Shoghi Communications, which would enable the CMS to monitor telecommunications more effectively.

As previously mentioned, SAS provides Indian law enforcement agencies social network analysis solutions. In general, many companies, Indian and international, produce surveillance products and solutions which they supply to law enforcement agencies around the world. However, if such technology is used solely to analyse open source data, how do law enforcement agencies expect to detect criminals and terrorists? The probability of an individual involved in illegal activity to disclose secrets and plans in the public online sphere is most likely significantly low. So given that law enforcement agencies are equipped with the technology to analyse our data, how do they get access to our content data in order to detect criminals? In other words, how do they access our ´private´ online communications to define whether we are a terrorist or not?

Some of the biggest online companies in the world, such as Google and Microsoft, disclose our content data to law enforcement agencies around the world. Sure, a lawful order is a prerequisite for the disclosure of our data...but in the end of the day, law enforcement agencies can and do have access to our content data, such as our personal emails sent to friends, our browsing habits, the photos we sent online and every other content created or communicated via the Internet. Law enforcement requests reports published by companies, such as Google and Microsoft, confirm the fact that law enforcement agencies have access to both our content and non-content data, much of which was disclosed to Indian law enforcement agencies. Thus, having access to our ´private´ online data, all Indian law enforcement agencies need is the technology to analyse our data and match patterns. The various surveillance technology companies operating in India, such as ClearTrail and Shoghi Communications, ensure that Indian law enforcement agencies are equipped with the necessary technology to meet these ends.

The hypothesis that the CMS can surveille and target us individually can be confirmed, since Indian law enforcement agencies have access to our content and non-content data, while simultaneously being equipped with the necessary technology to analyse our data. Thus, the arguments brought forth by cyber security experts in India appear to be weak in terms of validity and reliability and the CMS appears to be a new type of ´Big Brother´ upon us. But what does this mean in terms of our privacy and human rights?

The telephone tapping laws in India are weak and violate constitutional protections. The Information Technology Amendment Act 2008 has enabled e-surveillance to reach its zenith, but yet surveillance projects, such as the CMS, lack adequate legal backing. No privacy legislation currently exists in India which can protect us from potential abuse. The confirmed CMS hypothesis indicates that all individuals can potentially be targeted and monitored, regardless of whether they have been involved in illegal activity. Yet, India currently lacks privacy laws which can protect individuals from the infringement of their privacy and other human rights. The following questions in regards to the CMS remain vague: Who can authorise the interception of telecommunications and Internet communications? Who can authorise access to intercepted data? Who can have access to data? Can data monitored by the CMS be shared between third parties and if so, under what conditions? Is data monitored by the CMS retained and if so, for how long and under what conditions? Do individuals have the right to be informed about their communications being monitored and about data retained about them?

Immense vagueness revolves around the CMS, yet the project is due to start operating this month. In order to ensure that our right to privacy and other human rights are not breached, parliamentary oversight of intelligence agencies in India is a minimal prerequisite. E-surveillance regulations should be enacted, which would cover both policy and legal issues pertaining to the CMS project and which would ensure that human rights are not infringed. The overall function of the CMS project and its use of data collected should be thoroughly examined on a legal and policy level prior to its operation, as its current vagueness and excessive control over communications can create a potential for unprecedented abuse.

The necessity and utility of the CMS remain unclear and thus it has not been adequately proven yet that the security trade-off is worth it. One thing, though, is clear: we are giving up a lot of our data....we are giving up the control of our lives...with the hope that crime and terrorism will be reduced. Does this make sense?

This was cross-posted in Medianama

For more details visit https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system

March 2013 Bulletin

praskrishna — 2013-04-14T11:45:29Z

The Centre for Internet & Society (CIS) welcomes you to the third issue of its newsletter for the year 2013. In this issue we bring you an overview of our research programs, updates of events organised by us, events we participated in, news and media coverage, and videos of some of our recent events.

Jobs
CIS invites applications for the posts of Developer (NVDA Screen Reader Project), Programme Officer (Access to Knowledge and Openness), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org.

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One of this is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another is for developing a screen reader and text-to- speech synthesizer for Indian languages. CIS is also working with the World Blind Union and many other organisations to develop a Treaty for the Visually Impaired helped by the WIPO:

National Resource Kit for Persons with Disabilities
Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Lakshadweep, Meghalaya and Uttar Pradesh:

The Lakshadweep Chapter (by Anandhi Viswanathan, March 25, 2013): The union territory of Lakshadweep has not passed any legislation for persons with disabilities, but implements the provisions under the central laws. The benefits currently available to persons with disabilities in Lakshadweep include disability pension, unemployment allowance and grant for setting up kiosks.
The Meghalaya Chapter (by Manojna Yeluri, March 25, 2013): Meghalaya is one of the few north-eastern states, which has appointed a Commissioner for Disabilities. Most of the schemes and benefits given to persons with disabilities in Meghalaya are under centrally sponsored schemes. Very few schemes are initiated by the state government.
The Uttar Pradesh Chapter (by Manojna Yeluri, March 31, 2013): The Government of Uttar Pradesh has established shelter homes and vocational training centres in several parts of the states — most recently in Meerut, Bareilly and Gorakhpur. It has also undertaken to finance nearly 4340 corrective surgeries for polio across nine cities of Uttar Pradesh. It also intends to start several projects in 2013. These include the establishment of a Braille Press in order to produce Braille books, magazines and other study material.

Resources
We now have a new section on our website which contains all government notifications, RTI applications, and accessibility related resources: cases, statutes, etc. The following were published earlier this month:

Information about Schemes for Disabled Persons in Haryana We received this notification on schemes and policies for persons with disabilities from the Government of Haryana.
Haryana Government Notification (Hindi version): The notification that we received from the state government was in Hindi. We will put up the English translation soon.
West Bengal (Govt) Notifications: We received a series of notifications from the West Bengal Government from its various departments such as finance, higher education, transport, health and family welfare, labour, land and land reforms, panchayats and rural development, etc. OCR versions of the same have been published.
Lakshadweep (Govt) Notifications: Notifications received from the Lakshadweep Government including guidelines for functioning of KIOSKS, grant of unemployment allowance and special jobs to persons with disabilities, issuing identity card to persons with disabilities for availing government benefits, etc., are published. OCR versions have also been put up.

Event Participated In

A Discussion on Intercept between UNCRPD & CEDAW (organized by the Shanta Memorial Institute of Rehabilitation – Odisha, CBR Network and Mitra Jyoti, Bangalore, Karnataka, February 4, 2013): Anandhi Viswanathan participated in this event.

Access to Knowledge and Openness

The Wikimedia Foundation awarded CIS a two year grant of INR 26,000,000 to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Wikipedia

Beginning from September 1, 2012, Wikimedia Foundation awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon, Subhashish Panigrahi and Noopur Raval, and one team member Dr. U.B. Pavanaja who is working from Bangalore office.

Indic Wikipedia Visualisation Project

Visualising Basic Parameters (by Sajjad Anwar and Sumandro Chattapadhyay, March 26, 2013): Sajjad and Sumandro bring you a visualisation of the growth of Indic Wikipedia in this first post on Indic Wikipedia Visualisation project. They look into the different aspects of the past and present activities of Indic Wikipedias, and divide the visualisation into three different focus areas: (1) basic parameters, (2) geographic patterns of edits, and (3) exploring the topics that receives the greatest number of edits.

Events Organised

Introductory Wikipedia session at BITS Goa (organised by CIS, Birla Institute of Technology & Science, Pilani, Goa, March 7, 2013). The Access to Knowledge team was invited by Nikhil Dixit from BITS to organise a Wikipedia editing session. Nitika Tandon led the session on IP editing.
Kannada Wikipedia Workshop (organised by CIS, Institution of Engineers, JLB Road, Mysore, March 24, 2013). Dr. U.B. Pavanaja led this workshop.

Events Co-organised

Wiki Women's Day in Goa (organised by the Wikimedia India Chapter and CIS, Nirmala Institute of Education, Panaji, Goa, March 8, 2013). Nitika Tandon participated in this workshop held on International Working Women's Day, and shares the developments in this report.
Wikipedia Workshop for Kannada Science Writers (organised by Wikimedia India Chapter, Karnataka Rajya Vijnana Parishath and CIS, Karnataka Rajya Vijnana Parishath Conference Hall, Banashankari 2nd Stage, Bangalore, March 17, 2013). Dr. U.B. Pavanaja participated in the event.

Upcoming Event

Telugu Wiki Mahotsavam 2013 (co-organised with the Telegu Wikipedia community, Hyderabad, April 9 to 11, 2013). Vishnu Vardhan is participating in this event as a speaker. A public event will be held on April 11 from 5.00 p.m. to 8.00 p.m. at Golden Threshold (Sarojini Naidu's house) in Hyderabad.

Events Participated

Wikipedia Women's Workshop Bangalore 2013 (organised by Wikimedia India, Servelots Infotech, Jayanagar, Bangalore, March 8, 2013). The event was covered by Kannada Prabha on March 9, 2013. Dr. U.B. Pavanaja participated in the event.
Wikipedia at Avenir (organised by the Wikipedia community, Netaji Subhash Engineering College, Kolkata, West Bengal, March 11, 2013). CIS supported this event.

Event Report from Other Organisations
Wikipedia Community members helped the Higher Education Innovation and Research Applications Programme (HEIRA) of CSCS Bangalore to organize a day-long workshop on ‘Digital Literacy’ at Ahmednagar College, Ahmednagar, Maharasthra on January 17, 2013. Tanveer Hasan of HEIRA shares with us the developments in this report.

Other Openness Updates

Event Report

Iraqi Public Data Scenario Workshop: A Summary (by Sumandro Chattapadhyay, March 26, 2013): A workshop on public data was conducted by Sunil Abraham and Sumandro Chattapadhyay for the officials of the Government of Iraq. It was organized by UNDP Iraq in Amman, Jordan from October 18 to 23, 2012. Sumandro Chattapadhyay shares with us the developments from the workshop held over five days.

Event Participated

Open DataCamp - 2013 (organized by Open Data Camp, Dharmaram Vidya Kshetram (inside Christ University Campus), Dairy Circle, Bangalore, March 2 and 3, 2013): Sunil Abraham was a panelist.

HasGeek
HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works from the CIS office in Bengaluru.

Upcoming Events

Pig Workshop (organized by HasGeek, Alchemy Solutions, Domlur, Bangalore, 9.00 a.m. to 6.00 p.m.): A workshop on how to use Pig for mining useful information from data. It is open to programmers who have a background in Java programming, some familiarity with Hadoop and MapReduce algorithms, and have worked with large chunks of data.
The Fifth Elephant 2013 (organized by HasGeek, July 11 to 13, 2013, NIMHANS Convention Centre, Bangalore).

Internet Governance

The Internet Governance programme conducts research around the various social, technical, and political underpinnings of global and national Internet governance, and includes online privacy, freedom of speech, and Internet governance mechanisms and processes. Currently, CIS is doing a project with Privacy International, London to facilitate research and events around surveillance, and freedom of speech and expression.

Privacy

Policy

Draft Human DNA Profiling Bill (April 2012): High Level Concerns (by Elonnai Hickok, March 12, 2013). The post examines the high level concerns that CIS has with the April 2012 draft of the Bill.
Human DNA Profiling Bill 2012 Analysis (by Jeremy Gruber, Council for Responsible Genetics, US, March 19, 2013). Jeremy provides an analysis of the Human DNA Profiling Bill, 2012. He says that India’s updated 2012 Human DNA Profiling Bill offers largely superficial changes from its predecessor, the Draft DNA Profiling Bill, 2007.

The Privacy (Protection) Bill 2013: A Citizen's Draft (by Bhairav Acharya, March 26, 2013). Bhairav Acharya has drafted the Privacy (Protection) Bill 2013. It contains provisions that speak to data protection, interception, and surveillance and also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Upcoming Events

A Privacy Round Table in Delhi (organized by CIS and Federation of Indian Chambers of Commerce and Industry, FICCI Federation House, Tansen Marg, New Delhi, April 3, 2013).
A Privacy Round Table in Bangalore (organized by CIS and Federation of Indian Chambers of Commerce and Industry, Jayamahal Palace, Jayamahal Road, Bangalore, April 20, 2013).

Event Organized

Analyzing the Draft Human DNA Profiling Bill 2012 (organized by the Centre for Internet and Society, Bangalore, March 1, 2013): Maria Xynou shares a summary of the workshop in this report.

Events Participated In

Global Partners Meeting @ London (organized by Privacy International, London School of Economics and Political Science, March 22 – 25, 2013). Sunil Abraham and Malavika Jayaram participated in the event.
India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics (organized by the Center for Global Communication Studies, Annenberg School of Communication, University of Pennsylvania, Philadelphia, March 28, 2013). Malavika Jayaram participated as a speaker.
Future of Privacy in India (organized by DSCI and ICOMP, Oberoi Hotel, New Delhi, April 5, 2013). Sunil Abraham is a speaker at this event.

Blog Posts

Hacking without borders: The future of artificial intelligence and surveillance (by Maria Xynou, March 15, 2013). In this post, Maria looks at some of DARPA´s artificial intelligence surveillance technologies in regards to the right to privacy and their potential future use in India.
Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes... (by Maria Xynou, March 26, 2013). Maria examines red light cameras, RFID tags and black boxes used to monitor vehicles in India.
Microsoft Releases its First Report on Data Requests by Law Enforcement Agencies around the World (by Maria Xynou, March 27, 2013). CIS presents Microsoft´s report on law enforcement requests, with a focus on data requested by Indian law enforcement agencies.
The Criminal Law Amendment Bill 2013 — Penalising 'Peeping Toms' and Other Privacy Issues (by Divij Joshi, March 31, 2013). The pending amendments to the Indian Penal Code, if passed in their current format, would be a huge boost for individual physical privacy by criminalising stalking and sexually-tinted voyeurism and removing the ambiguities in Indian law which threaten the privacy and dignity of individuals.

IT Act

Featured Blog Post

CIS Welcomes Standing Committee Report on IT Rules (by Pranesh Prakash, March 27, 2013). CIS welcomes the report by the Standing Committee on Subordinate Legislation, in which it has lambasted the government and has recommended that the government amend the Rules it passed in April 2011 under section 79 of the Information Technology Act. The post was quoted in: The Times of India (March 28, 2013), The Statesman (March 28, 2013), Economic Times (March 28, 2013), Data Quest (March 28, 2013), and The Hindu (April 1, 2013).

Submissions
Bhairav Acharya, on behalf of CIS submitted comments to the Committee on Subordinate Legislation of the 15^th Lok Sabha for the following rules:

Comments on the Information Technology (Electronic Service Delivery) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 316(E) on April 11, 2011.
Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 313(E) on April 11, 2011.
Comments on the Information Technology (Guidelines for Cyber Cafe) Rules, 2011. The Rules were notified by the Central Government in the Gazette of India vide Notification GSR 315(E) on April 11, 2011.

Note: The above rules were submitted earlier but published on our website only recently.

Unique ID Project

Event Organized

Unique Identity Number (UID), National Population Register (NPR), and Governance (organized by CIS and Say No to UID Campaign, TERI, Bangalore, March 2, 2013): CIS interviewed Usha Ramanathan and Anant Maringanti. Watch the videos uploaded in this blog post by Maria Xynou. This was covered in newzfirst on March 3, 2013 and in the Hindu on March 3, 2013.

Interview

Unique Identification Scheme (UID) & National Population Register (NPR), and Governance (by Elonnai Hickok, March 14, 2013). The post examines the UID, NPR and Governance as it exists in India. A video on the UID interview Questions and Answers is published.

News and Media

Indian ID crisis unveils Aadhaar doubts (ZDNet, March 14, 2013). Sunil Abraham is quoted.
New $1 Billion RIC Project Casts Doubts on Aadhaar (AEG India, March 16, 2013). Sunil Abraham is quoted.

Blog Entry

India's Biometric Identification Programs and Privacy Concerns (by Divij Joshi, March 31, 2013).

Free Speech and Expression

News and Media

Foreign Funding of NGOs (by Prashant Reddy, Open Magazine, March 2, 2013).
Iceland’s proposed porn ban ‘like repression in Iran, N. Korea’ – activists (RT, March 1, 2013). Sunil Abraham is quoted.
Chidambaram to Talk Budget on Google+ Hangout (by Dhanya Ann Thoppil, Wall Street Journal, March 4, 2013). Sunil Abraham is quoted.
Responding to govt requests is a challenge for online firms: Colin Maclay (LiveMint, March 13, 2013). Colin M. Maclay, managing director of Berkman Center for Internet and Society at Harvard mentioned CIS.
Indian police set up lab to monitor social media (originally published by AFP, March 18, 2013, and also carried in Global Post on the same day). Sunil Abraham is quoted.
Namaste, Mr. Eric Schmidt (by R. Jai Krishna, Wall Street Journal, March 20, 2013). Sunil Abraham is quoted.
Parliament panel blasts govt over ambiguous internet laws (by Ishan Srivastava, The Times of India, March 28, 2013). Pranesh Prakash is quoted.
What if the Net shut down for a few days (by Atul Sethi, The Times of India, March 30, 2013). Sunil Abraham is quoted.
Press controls ‘send wrong message to rest of world’ (by Jerome Starkey from Johannesburg, Francis Elliott from Delhi and David Brown, The Times, UK).

Event Organized

Freedom Song: Film Screening and Discussion (IIHS Bangalore City Campus, March 21, 2013). Freedom Song, a documentary film produced by the Public Service Broadcasting Trust and directed by Paranjoy Guha Thakurta and Subi Chaturvedi was screened.

Events Participated In

Is Social Media Incredible? (organized by Indian Institute of Journalism & New Media, Bangalore, March 2, 2013). Snehashish Ghosh participated in a panel discussion. The New Indian Express published a post-event report.
Rethinking the Internet: The Way Forward (organized by Telecom Italia and Financial iTimes, Telecom Italia Future Centre, Italy, March 21 – 22, 2013). Pranesh Prakash participated in this event.

Others

Events Organised

DML 2013: Fourth Annual Conference (co-organised by CIS and Digital Media & Learning Research Hub Central, Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2013). We had a special track that ran through the conference on "Whose Change Is It Anyway? Futures, Youth, Technology And Citizen Action In The Global South (And The Rest Of The World)". Noopur Raval was one of the 16 presenters that we had selected on the tracks. Nishant Shah was one of the members in the Conference Committee.

Blog Posts

WGIG+8: Stock-Taking, Mapping, and Going Forward (Fontenoy Building, conference room # 7, UNESCO Headquarters, Paris, February 27, 2013). Pranesh Prakash was the moderator for the session. A summary of the discussion has been published.
What’s In a Name? — DNS Singularity of ICANN and the Gold Rush (by Sharath Chandra Ram, March 31, 2013). March 2013 being the 28th birthday of the first ever registered Internet domain as well as the exigent launch of the Trademark Clearing House disguised as a milestone in rights protection by ICANN for its new gTLD program, Sharath Chandra Ram, dissects the transitory role of ICANN from being a technical outfit to the Boardroom Big Brother of Internet Governance.
An Introduction to Bitfilm & Bitcoin in Bangalore, India (by Benson Samuel, March 12, 2013). Video of the event organized by CIS on January 23, 2013 is published in this blog post.

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access and will touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation policies related to internet access. The blog posts and modules will be published in a new website: www.internet-institute.in.

Upcoming Event
We are hosting an “Institute on Internet and Society” in collaboration with the Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registration and relevant details will be announced soon on our website.

The following units have been published:

Internet Protocols (by Srividya Vaidyanathan, March 18, 2013).
How email works, how do you get your email? Email Protocols (SMTP, POP, IMAP), SPAM/Phishing (by Srividya Vaidyanathan, March 19, 2013).
Internet Corporation for Assigned Names and Numbers (by Snehashish Ghosh, March 19, 2013).
ITU sectors — ITU-R, ITU-T, ITU-D, etc. (by Snehashish Ghosh, March 27, 2013).
World Conference on International Telecommunications 2012 (by Snehashish Ghosh, March 29, 2013).

Telecom

CIS is involved in promoting access and accessibility of telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Are India's Glory Days Over? (by Shyam Ponappa, Organizing India Blogspot, March 8, 2013, originally published in the Business Standard, March 6, 2013).

Digital Natives

Digital Natives with a Cause? examines the changing landscape of social change and political participation in light of the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who critically engage with discourse on youth, technology and social change, and look at alternative practices and ideas in the Global South:

Events Participated In

Video Vortex # 9 Re:assemblies of Video (organized by the Institute of Network Cultures, Post Media Lab, Moving Image Lab, Leuphana, et.al, February 28 – March 2, 2013). Nishant Shah gave the key note. Videos of the event are published.

Digital Humanities

From 2012 to 2015, the Researchers @ Work series is focusing on building research clusters in the field of Digital Humanities. We organised the first Habits of Living workshops in Bangalore last year. The next workshop is being held in Brown University

Event Co-organised

Habits of Living: Networked Affects, Glocal Effects (co-organised with Brown University, March 21 – 23, 2013, Brown University, Rhode Island). Nishant Shah was a speaker at this event. He made a presentation on network ontologies.

Event Participated

Korean Trans Cine-Media in Global Contexts: Asia and the World (organized by Trans-Asia Screen Culture Institute, Cinema Studies, Korean National University of Arts, Korean Film Archive and Tsubouchi Memorial Theatre Museum, Waseda University, Seoul, March 27 – 29, 2013). Nishant Shah was a speaker at this event. He spoke on "The Asian Intercourse: Reimagining the Inter-Asia moment through ‘net-porn’ in networks".

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/march-2013-bulletin

India's Biometric Identification Programs and Privacy Concerns

divij — 2016-07-21T10:51:42Z

The invasiveness of individual identification coupled with the fallibility of managing big data which biometric identification presents poses a huge risk to individual privacy in India.

Divij Joshi is a 2nd year at NLS. He is interning with the Centre for Internet and Society for the privacy project. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Introduction

Biometric technology looks to be the way ahead for the Indian government in its initiatives towards identification. From the Unique Identity Scheme (Aadhaar) to the National Population Register and now to Election ID’s, [1] biometric identification seems to have become the government’s new go-to solution for all kinds of problems. Biometrics prove to be an obvious choice in individual identification schemes – it’s easiest to identify different individuals by their faces and fingerprints, unique and integral aspects of individuals – yet, the unflinching optimism in the use of biometric technology and the collection of biometric data on a massive scale masks several concerns regarding compromises of individual privacy.

‘Big Data’ and Privacy Issues

Biometric data is going to be collected under several existing and proposed identification schemes of the government, from the Centralized Identities Data Register of the UID to the draft DNA Profiling Bill which seeks to improve criminal forensics and identification. With the completion of the biometric profiling under the UID, the Indian government will have the largest database of personal biometric data in the world. [3] With plans for the UID to be used for several different purposes — as a ration card, for opening a banking account, for social security and healthcare and several new proposed uses emerging everyday,[1] the creation of ‘Big Data’ becomes possible. ‘Big Data’ is characterized by the volume of information that is produced, the velocity by which data is produced, the variety of data produced and the ability to draw new conclusions from an analysis of the data.[2] The UID will generate “Big Data” as it is envisioned that the number will be used in every transaction for any platform that adopts it — for all of the 1.2 billion citizens of India. In this way the UID is different any other identity scheme in India, where the identifier is used for a specific purpose at a specific point of time, by a specific platform, and generates data only in connection to that service. Though the creation of “Big Data” through the UID could be beneficial through analysing data trends to target improved services, for example, at the same time it can be problematic in case of a compromise or breach, or if generated information is analyzed to draw new and unintended conclusions about individuals without their consent, and using information for purposes the individuals did not mean for it to be used.

Biometric ID and Theft of Private Data

The government has touted identification schemes such as the UID and NPR as a tool to tackle rural poverty, illegal immigration and national security issues and with this as the premise, the concerns about privacy seem to have been left in the lurch. The optimism driving the programmes also means that its potential fallibility is often overlooked in the process. Biometric technology has been proven time and again to be just as easily jeopardized as any other and the threat of biometric identity theft is as real and common as something like credit card fraud, with fingerprints and iris scans being easily capable of replication and theft without the individual owners consent. [2] In fact, compromise or theft of biometric identity data presents an even greater difficulty than other forms of ID because of the fact that it is unique and intrinsic, and hence, once lost cannot be re-issued or reclaimed like traditional identification like a PIN, leaving the individual victim with no alternative system for identification or authentication. This would also defeat the entire purpose behind any authentication and identification schemes. With the amount of personal data that the government plans to store in databases using biometrics, and without adequate safeguards which can be publicly scrutinized, using this technology would be a premature and unsafe move.

Biometric data and Potential Misuse

Centralised data storage is problematic not only for the issues with data compromise and identity theft, but the problems of potential third-party misuse in the absence of an adequate legal framework for protecting such personal data, and proper technical safeguards for the same, as has been pointed out by the Standing Committee on Finance in its report on the UIDAI project.[4] The threat to privacy which these massive centralized databases pose has led to the shelving of similar programmes in England as well as France. [4] Further, concerns have been voiced about data sharing and access to the information contained in the biometric database. The biometric database is to be managed by several contracting companies based in the US. These same companies have legal obligations to share any data with the US government and Homeland Security. [5]

A second, growing concern over biometric identification schemes is over the use of biometrics for state surveillance purposes. While the UID’s chief concern on paper has been development, poverty, and corruption alleviation, there is no defined law or mandate which restricts the number from being used for other purposes, hence giving rise to concerns of a function creep - a shift in the use of the UID from its original intended purpose. For example, the Kerala government has recently proposed a scheme whereby the UID would be used to track school children.[5] Other schemes such as the National Population Register and the DNA Profiling Bill have been specifically set up with security of the State as the mandate and aim.[6] With the precise and accurate identification which biometrics offers, it also means that individuals are that much easier to continuously survey and track, for example, by using CCTV cameras with facial recognition software, the state could have real-time surveillance over any activities of any individual.[7]

With all kinds of information about individuals connected by a single identifier, from bank accounts to residential and voter information, the threat of increased state surveillance, and misuse of information becomes more and more pronounced. By using personal identifiers like fingerprints or iris scans, agencies can potentially converge data collected across databases, and use it for different purposes. It also means that individuals can potentially be profiled through the information provided from their various databases, accessed through identifiers, which leads to concerns about surveillance and tracking, without the individuals knowledge. There are no Indian laws or policies under data collection schemes which address concerns of using personal identifiers for tracking and surveillance.[8] Even if such such use is essential for increased national security, the implementation of biometrics for constant surveillance under the present regime ,where individuals are not notified about the kind of data being collected and for what its being used, would be a huge affront on civil liberties, as well as the Right to Privacy, and prove to be a powerful and destructive weapon in the hands of a police state. Without these concerns being addressed by a suitable, publicly available policy, it could pose a huge threat to individual privacy in the country. As was noted by the Deputy Prime Minister of the UK, Nick Clegg, in a speech where he denounced the Identity Scheme of the British government, saying that “This government will end the culture of spying on its citizens. It is outrageous that decent, law-abiding people are regularly treated as if they have something to hide. It has to stop. So there will be no ID card scheme. No national identity register, a halt to second generation biometric passports.” [6]

Biometric technology has been useful in several programmes and policies where its use has been open to scrutiny and restricted to a specific function, for example, the recent use of facial recognition in Goa to tackle voter fraud, and similar schemes being taken up by the Election Commission. [7] However, with lack of any guidelines or specific legal framework covering the implementation and collection of biometric data schemes, such schemes can quickly turn into ‘biohazards’ for personal liberty and individual privacy, as has been highlighted above and these issues must be brought to light and adequately addressed before the Government progresses on biometric frontiers.

[1]. http://www.goacom.com/goa-news-highlights/3520-biometric-scanners-to-be-used-for-elections.

[2]. http://www.wired.com/threatlevel/2008/03/hackers-publish.

[3].https://www.eff.org/deeplinks/2012/09/indias-gargantuan-biometric-database-raises-big-questions.

[4]. http://www.informationweek.com/security/privacy/britain-scraps-biometric-national-id-car/228801001.

[5]. http://www.thehindu.com/opinion/op-ed/questions-for-mr-nilekani/article4382953.ece.

[6]. http://news.bbc.co.uk/2/hi/8691753.stm

[7]. Supra note 1.

For more details visit https://cis-india.org/internet-governance/blog/indias-biometric-identification-programs-and-privacy-concerns

Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes...

maria — 2013-07-12T15:26:33Z

In this post, Maria Xynou looks at red light cameras, RFID tags and black boxes used to monitor vehicles in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

How many times in your life have you heard of people been involved in car accidents and of pedestrians being hit by red-light-running vehicles? What if there could be a solution for all of this? Well, several countries, including the United States, the United Kingdom and Singapore, have already adopted measures to tackle vehicle accidents and fatalities, some of which include traffic enforcement cameras and other security measures. India is currently joining the league by not only installing red light cameras, but by also including radio frequency identification (RFID) tags on vehicles´ number plates, as well as by installing electronic toll collection systems and black boxes in some automobiles. Although such measures could potentially increase our safety, privacy concerns have arisen as it remains unclear how data collected will be used.

Red light cameras

Last week, the Chennai police announced that it plans to install traffic enforcement cameras, otherwise known as red light cameras, at 240 traffic signals over the next months, in order to put an end to car thefts in the city. Red light cameras, which capture images of vehicles entering an intersection against a red traffic light, have been installed in Bangalore since early 2008 and a study indicates that they have reduced the traffic violation rates. A 2003 report by the National Cooperative Highway Research Programme (NCHRP) examined studies from the previous 30 years in the United States, the United Kingdom, Australia and Singapore and concluded that red light cameras ´improve the overall safety of intersections when they are used´.

However, how are traffic violation rates even measured? According to Barbara Langland Orban, an associate professor of health policy and management at the University of South Florida:

“Safety is measured in crashes, in particular injury crashes, and violations are not a proxy for injuries. Also, violations can be whatever number an agency chooses to report, which is called an ‘endogenous variable’ in research and not considered meaningful as the number can be manipulated. In contrast, injuries reflect the number of people who seek medical care, which cannot be manipulated by the reporting methods of jurisdictions.”

Last year, the Bombay state government informed the High Court that the 100 CCTV cameras installed at traffic junctions in 2006-2007 were unsuitable for traffic enforcement because they lacked the capacity of automatic processing. Nonetheless, red light cameras, which are capable of monitoring speed and intersections with stop signals, are currently being proliferated in India. Yet, questions remain: Do red light cameras adequately increase public safety? Do they serve financial interests? Do they violate driver´s due-process rights?

RFID tags and Black Boxes

A communication revolution is upon us, as Maharashtra state transport department is currently including radio frequency identification (RFID) tags on each and every number plate of vehicles. This ultimately means that the state will be able to monitor your vehicle´s real-time movement and track your whereabouts. RFID tags are not only supposedly used to increase public safety by tracking down offenders, but to also streamline public transport timetables. Thus, the movement of buses and cars would be precisely monitored and would provide passengers minute-to-minute information at bus stops. Following the 2001 amendment of Rule 50 of the Central Motor Vehicles Rules, 1989, new number plates with RFID tags have been made mandatory for all types of motor vehicles throughout India.

RFID technology has also been launched at Maharashtra´s state border check-posts. Since last year, the state government has been circulating RFID stickers to trucks, trailers and tankers, which would not only result in heavy goods vehicles not having to wait in long queues for clearance at check-posts, but would also supposedly put an end to corruption by RTO officials.

By 31 March 2014, it is estimated that RFID-based electronic toll collection (ETC) systems will be installed on all national highways in India. According to Dr. Joshi, the Union Minister for Road Transport and Highways:

“The RFID technology shall expedite the clearing of traffic at toll plazas and the need of carrying cash shall also be eliminated when toll plazas shall be duly integrated with each other throughout India.”

Although Dr. Joshi´s mission to create a quality highway network across India and to increase the transparency of the system seems rational, the ETC system raises privacy concerns, as it uniquely identifies each vehicle, collects data and provides general vehicle and traffic monitoring. This could potentially lead to a privacy violation, as India currently lacks adequate statutory provisions which could safeguard the use of our data from potential abuse. All we know is that our vehicles are being monitored, but it remains unclear how the data collected will be used, shared and retained, which raises concerns.

The cattle and pedestrians roaming the streets in India appear to have increased the need for the installation of an Event Data Recorder (EDR), otherwise known as a black box, which is a device capable of recording information related to crashes or accidents. The purpose of a black box is to record the speed of the vehicle at the point of impact in the case of an accident and whether the driver had applied the brakes. This would help insurance companies in deciding whether or not to entertain insurance claims, as well as to determine whether a driver is responsible for an accident.

Black boxes for vehicles are already being designed, tested and installed in some vehicles in India at an affordable cost. In fact, manufacturers in India have recommended that the government make it mandatory for cars to be fitted with the device, rather than it being optional. But can we have privacy when our cars are being monitored? This is essentially a case of proactive monitoring which has not been adequately justified yet, as it remains unclear how information would be used, who would be authorised to use and share such information, and whether its use would be accounted for to the individual.

Are monitored cars safer?

The trade-off is clear: the privacy and anonymity of our movement is being monitored in exchange for the provision of safety. But are we even getting any safety in return? According to a 2005 Federal Highway Administration study, although it shows a decrease in front-into-side crashes at intersections with cameras, an increase in rear-end crashes has also been proven. Other studies of red light cameras in the US have shown that more accidents have occurred since the installation of traffic enforcement cameras at intersections. Although no such research has been undertaken in India yet, the effectiveness, necessity and utility of red light cameras remain ambiguous.

Furthermore, there have been claims that the installation of red light cameras, ETCs, RFID tags, black boxes and other technologies do not primarily serve the purpose of public security, but financial gain. A huge debate has arisen in the United States on whether such monitoring of vehicles actually improves safety, or whether its primary objective is to serve financial interests. Red light cameras have already generated about $1.5 million in fines in the Elmwood village of Ohio, which leads critics to believe that the installation of such cameras has more to do with revenue enhancement than safety. The same type of question applies to India and yet a clear-cut answer has not been reached.

Companies which manufacture vehicle tracking systems are widespread in India, which constitutes the monitoring of our cars a vivid reality. Yet, there is a lack of statutory provisions in India for the privacy of our vehicle´s real-time movement and hence, we are being monitored without any safeguards. Major privacy concerns arise in regards to the monitoring of vehicles in India, as the following questions have not been adequately addressed: What type of data is collected in India through the monitoring of vehicles? Who can legally authorize access to such data? Who can have access to such data and under what conditions? Is data being shared between third parties and if so, under what conditions?How long is such data being retained for?

And more importantly: Why is it important to address the above questions? Does it even matter if the movement of our vehicles is being monitored? How would that affect us personally? Well, the monitoring of our cars implies a huge probability that it´s not our vehicles per se which are under the microscope, but us. And while the tracking of our movement might not end us up arrested, interrogated, tortured or imprisoned tomorrow...it might in the future. As long as we are being monitored, we are all suspects and we may potentially be treated as any other offender who is suspected to have committed a crime. The current statutory omission in India to adequately regulate the use of traffic enforcement cameras, RFID tags, black boxes and other technologies used to track and monitor the movement of our vehicles can potentially violate our due process rights and infringe upon our right to privacy and other human rights. Thus, the collection, access, use, analysis, sharing and retention of data acquired through the monitoring of vehicles in India should be strictly regulated to ensure that we are not exposed to our defenceless control.

Maneuvering our monitoring

Nowadays, surveillance appears to be the quick-fix solution for everything related to public security; but that does not need to be the case.

Instead of installing red light cameras monitoring our cars´ movements and bombarding us with fines, other ´simple´ measures could be enforced in India, such as increasing the duration of the yellow light between the green and the red, re-timing lights so drivers will encounter fewer red ones or increasing the visibility distance of the traffic lights so that it is more likely for a driver to stop. Such measures should be enforced by governments, especially since the monitoring of our vehicles is not adequately justified.

Strict laws regulating the use of all technologies monitoring vehicles in India, whether red light cameras, RFID tags or black boxes, should be enacted now. Such regulations should clearly specify the terms of monitoring vehicles, as well as the conditions under which data can be collected, accessed, shared, used, processed and stored. The enactment of regulations on the monitoring of vehicles in India could minimize the potential for citizens´ due process rights to be breached, as well as to ensure that their right to privacy and other human rights are legally protected. This would just be another step towards preventing ubiquitous surveillance and if governments are interested in protecting their citizens´ human rights as they claim they do, then there is no debate on the necessity of regulating the monitoring of our vehicles. The question though which remains is:

Should we be monitored at all?

For more details visit https://cis-india.org/internet-governance/blog/driving-in-the-surveillance-society-cameras-rfid-black-boxes

The Privacy (Protection) Bill 2013: A Citizen's Draft

bhairav — 2013-07-12T11:50:20Z

The Centre for Internet and Society has been researching privacy in India since 2010 with the objective of raising public awareness around privacy, completing in depth research, and driving a privacy legislation in India. As part of this work, Bhairav Acharya has drafted the Privacy (Protection) Bill 2013.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Privacy (Protection) Bill 2013 contains provisions that speak to data protection, interception, and surveillance. The Bill also establishes the powers and functions of the Privacy Commissioner, and lays out offenses and penalties for contravention of the Bill. The Bill represents a citizen's version of a possible privacy legislation for India, and will be shared with key stakeholders including civil society, industry, and government.

Click to download a full draft of the Privacy (Protection) Bill, 2013.

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-citizens-draft

Privacy Protection Bill 2013

praskrishna — 2013-04-07T04:58:43Z

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013.pdf

Internet Censorship, Surveillance, and Corporate Transparency

praskrishna — 2013-03-25T10:29:50Z

Google’s Dorothy Chou will be in conversation with international experts Annenberg School of Communication, St., Philadelphia, on April 3, 2013, from 4.30 p.m. to 6.00 p.m. Malavika Jayaram is participating in the event as a panelist. The event is organised by Center for Global Communication Studies and Annenberg School for Communication, University of Pennsylvania.

Read full details of the event was published on the website of Center for Global Communication Studies.

Since mid 2010 Google has been publishing data about the requests it receives from governments to remove content or hand over user data. This regularly updated Transparency Report reveals alarming trends: Government surveillance is on the rise, everywhere. Even worse, a large number of government censorship and surveillance requests are of dubious legality even according to the host countries’ own laws. In a world where citizens increasingly rely on digital products and services owned and operated by private corporations for their civic and political lives, the implications for human rights and democracy around the world are troubling.

Dorothy Chou, Senior Policy Analyst who leads Google's efforts to increase transparency about how it responds to government censorship and surveillance demands, will discuss Google's Transparency Report with Rebecca MacKinnon, Senior Fellow at the New America Foundation and an international panel of experts:

Ronald Lemos, the Director of the Center for Technology and Society at the Fundação Getúlio Vargas (FGV) School of Law in Rio de Janeiro, Brazil

Hu Yong, Associate Professor, Peking University School of Journalism and Communication

Malavika Jayaram, Fellow, Center for Internet and Society, Bangalore and Annenberg CGCS;

Gregory Asmolov, PhD Candidate, London School of Economics; Global Voices "RuNet Echo" contributor and Russian social media expert.

This event is part of the cross-disciplinary, university-wide “New Technologies, Human Rights, and Transparency” project funded by the university’s Global Engagement Fund and hosted by Annenberg’s Center for Global Communications Studies in partnership with Wharton, PennLaw, Engineering, and the School of Arts and Sciences. The project aims to examine the relationship between government and corporate power in today’s digitally networked world, bringing together research partners from across the university and around the world to develop a methodology to evaluate and compare the policies and practices of Information and Communication Technology (ICT) companies as they affect Internet users’ freedom expression and privacy in a human rights context.

For more details visit https://cis-india.org/news/global-asc-upenn-events-internet-censorship-surveillance-and-corporate-transparency

Global Partners Meeting @ London

praskrishna — 2013-03-20T06:37:48Z

Privacy International is organizing the Global Partners Meeting in London from March 22 to 25, 2013. The workshop will be held at the London School of Economics and Political Science. Sunil Abraham and Malavika Jayaram will be participating in this event.

Click to read the full details published by Privacy International here.

The meeting is an opportunity to connect global partners with each other and with researchers, human rights advocates, and privacy and technology experts from over 20 countries. This will provide an opportunity for discussion and debate, that will enrich global research and advocacy agenda for the next two years.

Workshop Overview

The purpose of the three day workshop is as follows:

To understand the privacy discourse and identify the challenges faced in advancing the right to privacy across the globe.
To consolidate our network and look for opportunities for collaboration and cross-pollination for research and advocacy initiatives.
To share experiences about research, dissemination and advocacy strategies that influence policy change.

We envisage this workshop as a launching pad for the work that Privacy International and our global partners will conduct over the next two years under the ambit of the Surveillance and Freedom: Global Understandings and Rights Development (SAFEGUARD) project, funded by the International Development

Research Centre. The focus of the SAFEGUARD project is to understand what are the threats, challenges and obstacles to, and opportunities for, the protection of privacy in developing countries.

Background to the SAFEGUARD project

Nowhere are the challenges to, and opportunities for, privacy protections as dynamic and complex as in the developing world. As these countries seek new measures to develop their economies, build social and technological infrastructures, sustain their social systems, and ensure security they need to consider what are the modern policy frameworks they require to ensure a just society. The windows around these policy frameworks are key opportunities for reflection about rights and democratic values, and in the case of this project, the protection of privacy.

The vast scope and relevance of the right to privacy in this age of technology gives rise to a myriad of challenges and issues, many of which have relevance across, as well as within, borders. This is particularly the case in the developing world, where South-South collaboration is gaining increasing currency in the development sector, and donor countries continue to contribute to and influence policy in recipient countries, particularly with respect to the adoption of new technologies. Many of the trends in developing countries – communications surveillance, biometrics and DNA databases, and identity cards – mirror those being adopted in the global North. Policy laundering and modelling, such as that witnessed with respect to counter-terrorism policies in the aftermath of 9/11 is taking hold in the context of communications surveillance laws and national ID databases. Such phenomena raise concerns not only as to the spread of practices that threaten to undermine privacy, but also with respect to the stifling of national policy discourses and legislative processes.

Conceptual framework

This projects sets out to isolate and understand the challenges to privacy in the developing world. In order to ensure that the research developed is sufficiently targeted to influence policy debates, we have identified a set of themes that cover the range of privacy-related issues and that together will give a comprehensive picture of the difficult relationship between privacy and technology. This set of themes has been developed in collaboration with our partners, who have identified those discussions around which there is perfect storm of advancing surveillance policies and technologies, poor legal and technical safeguards, and a scarcity of research and understanding. We have designed our conceptual framework accordingly.

Research questions

The legal and constitutional landscape: What laws and constitutional provisions exist to protect privacy, how are they implemented and monitored, and where are the legal and policy gaps?

Data protection: What is the state of data protection in partner countries, and what are the local and regional regulatory standards and good practices?

Communications surveillance: What communications surveillance regimes are in place, how are they designed in law and how do they operate in practice?

Adoption of surveillance technologies: Where are governments buying surveillance technologies, and how are they using them? What legal regimes are in place to establish safeguards over the use of advanced surveillance technologies? What is the state of the art in legal protections?

Political intelligence oversight: What is the nature and operation of local intelligence services, what oversight mechanisms are in place, and how can these mechanisms be implemented or enforced?

Politics, Identity, sexual and reproductive health and social sorting: To what the extent do governments misuse personal information to pursue social sorting practices?

Delivery of public services: What is the state of privacy protections in public service delivery, particularly those related to e-health systems and social protection programmes, and how can protections be improved?

ID, DNA and biometrics: What privacy risks are associated with the collection and use of personal information for ID and biometric systems?

Partners

Africa	Latin America	Asia
Zimbabwe Human Rights Forum, Zimbabwe Kenyan Ethical and Legal Issues Network, Kenya Media Institute of Southern Africa, Namibia Jonction, Senegal Centre for Social Sciences Research, University of Cape Town African Platform for Social Protection, Kenya	Dejusticia, Columbia Asociacion por los Derechos Civiles, Argentina Autonomous University of Mexico State, Mexico Centro de Tecnologia y Sociedad, Universidad San Andres, Argentina, in collaboration with the Centro de Tecnologica da Escola de Direito da Fundacao Getulio Vargas, Brasil Instituto NUPEF, Brazil Derechos Digitales, Chile	VOICE, Bangladesh University of Hong Kong, Hong Kong Centre for Internet and Society, India Thai Netizen Network, Thailand Thai Media Policy Center, Thailand Bytes For All, Pakistan Centre for Cyber Law Studies, Indonesia Foundation for Media Alternatives, Philippines

Africa

Latin America

Asia

Zimbabwe Human Rights Forum, Zimbabwe

Kenyan Ethical and Legal Issues Network, Kenya

Media Institute of Southern Africa, Namibia

Jonction, Senegal

Centre for Social Sciences Research, University of Cape Town

African Platform for Social Protection, Kenya

Dejusticia, Columbia

Asociacion por los Derechos Civiles, Argentina

Autonomous University of Mexico State, Mexico

Centro de Tecnologia y Sociedad, Universidad San Andres, Argentina, in collaboration with the Centro de Tecnologica da Escola de Direito da Fundacao Getulio Vargas, Brasil

Instituto NUPEF, Brazil

Derechos Digitales, Chile

VOICE, Bangladesh
University of Hong Kong, Hong Kong
Centre for Internet and Society, India
Thai Netizen Network, Thailand
Thai Media Policy Center, Thailand
Bytes For All, Pakistan
Centre for Cyber Law Studies, Indonesia
Foundation for Media Alternatives, Philippines

Participants

Ababacar Diop
Allan Maleche
Anna Fielder
Anthony Jackson
Arthit Suriyawongkul
Arthur Gwagwa
Ben Hayes
Ben Wagner
Benjamin Barretto
Carly Nyst
Carolin Moeller
Charles Dhewa
Claudio Ruiz
Clement Chen
Danilo Doneda
Eric King
Farjana Akter
Fieke Jansen
Graciela Sulamein
Gus Hosein
Helen Wallace
Juan Camilo Rivera
Karelle Dagon
Katitza Rodriguez
Kevin Donovan
Levinson Kabwato
Malavika Jayaram
Mathias Vermeulen
Michael Rispoli
Nelson Arteaga Botello
Pablo Palazzi
Pirongrong Ramasoota
Ramiro Alvarez Ugarte
Richie Tynan
Sam Smith
Sinta Dewi Rosadi
Shahzad Ahmed
Sinta Dewi Rosadi
Sunil Abraham
Stephanie Perrin
Tavengwa Nhongo
Vera Franz
Vicky Nida
Vivian Newman Pont

Agenda

Friday, March 22, 2013: Reception

Meet with Privacy International staff members and advisors, and workshop participants from more than 20 countries in Latin America, Asia, Africa, Europe and Central Asia. Food and drinks will be provided.

Time: 6.00 p.m.
Location: 2nd Floor, 46 Bedford Row, London WC1R 4LR
Contact: 0207 242 2836
Getting there: Our office is a short walk 10 minute from your hotel. See Map 1 below for directions.

Saturday, March 23, 2013: Day 1 (Objectives and Reviewing the Landscape)

10:00 a.m. - Welcome Breakfast: Setting The Scene
Location: Mercure London Bloomsbury restaurant

Welcome and introduction

Overview of PI’s work in developing countries

Participant introductions

Setting the agenda

12:30 p.m. - Session 1: Reviewing The Landscape
Location: Old Building, Room 3.21, London School of Economics and Political Science, Houghton Street, London WC2A 2AE

Mapping privacy in constitutions

Masterclass 1: communications surveillance laws around the world

Break-out groups on assigned topics, and reporting back

2:30 p.m. - Afternoon tea

Privacy quiz

Masterclass 2: SIM card registration

Building a network: how can PI facilitate your work?

Masterclass 3: Oversight of intelligence agencies

6:00 p.m. - Drinks

7:00 p.m. - Dinner

Location: Tohbang, 164 Clerkenwell Road
http://www.tohbang.com/sub_eng/main.php

Sunday, March 24: Day 2 (Research Topics and Strategies)

Location: Old Building, Room 3.21, London School of Economics and Political Science, Houghton Street, London WC2A 2AE

10:00 a.m. - Recap of day one

Masterclass 4 - The UN Universal Periodic Review

Open-space - research and policy priorities

1:00 p.m. - Lunch
Location: Ship Tavern, Holborn

2:30 p.m. - Reconvene

Open space - research, dissemination and communication strategies

Wrapping up and going forward

6:00 p.m. - Dinner
Location: Wahaca, Charlotte St, http://www.wahaca.co.uk/

For more details visit https://cis-india.org/news/global-partners-meeting-london

Global Partners Meeting - Agenda and Info

praskrishna — 2013-03-20T06:25:09Z

For more details visit https://cis-india.org/internet-governance/blog/global-partners-meeting-london.pdf

Hacking without borders: The future of artificial intelligence and surveillance

maria — 2013-07-12T15:30:27Z

In this post, Maria Xynou looks at some of DARPA´s artificial intelligence surveillance technologies in regards to the right to privacy and their potential future use in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Robots or computer systems controlling our thoughts is way beyond anything I have seen in science fiction; yet something of the kind may be a reality in the future. The US Defence Advanced Research Projects Agency (DARPA) is currently funding several artificial intelligence projects which could potentially equip governments with the most powerful weapon possible: mind control.

Combat Zones That See (CTS)

Source: swanksalot on flickr

Ten years ago DARPA started funding the Combat Zones That See (CTS) project, which aims to ´track everything that moves´ within a city through a massive network of surveillance cameras linked to a centralized computer system. Groundbreaking artificial intelligence software is being used in the project to identify and track all movement within cities, which constitutes Big Brother as a reality. The computer software supporting the CTS is capable of automatically identifying vehicles and provides instant alerts after detecting a vehicle with a license plate on a watch list. The software is also able to analyze the video footage and to distinguish ´normal´ from ´abnormal´ behavior, as well as to discover links between ´places, subjects and times of activity´ and to identify patterns. With the use of this software, the CTS constitute the world´s first multi-camera surveillance system which is capable of automatically analyzing video footage.

Although the CTS project was initially intended to be used for solely military purposes, its use for civil purposes, such as combating crime, remains a possibility. In 2003 DARPA stated that 40 million surveillance cameras were already in use around the world by law enforcement agencies to combat crime and terrorism, with 300 million expected by 2005. Police in the U.S. have stated that buying new technology which may potentially aid their work is an integral part of the 9/11 mentality. Considering the fact that literally millions of CCTV cameras are installed by law enforcement agencies around the world and that DARPA has developed the software that has the capability of automatically analyzing data gathered by CCTV cameras, it is very possible that law enforcement agencies are participating in the CTS network.

However if such a project was used for non-military level purposes, it could raise concerns in regards to data protection, privacy and human rights. As a massive network of surveillance cameras, the CTS ultimately could enable the sharing of footage between private parties and law enforcement agencies without individuals´ knowledge or consent. Databases around the world could be potentially linked to each other and it remains unclear what laws would regulate the access, use and retention of such databases by law enforcement agencies of multiple countries. Furthermore, there is no universal definition for ´normal´ and ´abnormal´ behaviour, thus if the software is used for its original purpose, to distinguish between “abnormal” and “normal” behaviour, and used beyond military purposes, then there is a potential for abuse, as the criteria for being monitored, and possibly arrested, would not be clearly set out.

Mind´s Eye

Source: watchingfrogsboil on flickr

A camera today which is only capable of recording visual footage appears futile in comparison to what DARPA´s creating: a thinking camera. The Mind´s Eye project was launched in the U.S. in early 2011 and is currently developing smart cameras endowed with ´visual intelligence´. This ultimately means that artificial intelligence surveillance cameras can not only record visual footage, but also automatically detect ´abnormal´ behavior, alert officials and analyze data in such a way that they are able to predict future human activities and situations.

Mainstream surveillance cameras already have visual-intelligence algorithms, but none of them are able to automatically analyze the data they collect. Data analysts are usually hired for analyzing the footage on a per instance basis, and only if a policeman detects ´something suspicious´ in the footage. Those days are over. General James Cartwright, the vice chairman of the Joint Chiefs of Staff, stated in an intelligence conference that “Star[ing] at Death TV for hours on end trying to find the single target or see something move is just a waste of manpower.” Today, the Mind´s Eye project is developing smart cameras equipped with artificial intelligence software capable of identifying operationally significant activity and predicting outcomes.

Mounting these smart cameras on drones is the initial plan; and while that would enable military operations, many ethical concerns have arisen in regards to whether such technologies should be used for ´civil purposes.´ Will law enforcement agencies in India be equipped with such cameras over the next years? If so, how will their use be regulated?

SyNAPSE

Source: A Health Blog on flickr

The Terminator could be more than just science fiction if current robots had artificial brains with similar form, function and architecture to the mammalian brain. DARPA is attempting this by funding HRL Laboratories, Hewlett-Packard and IBM Research to carry out this task through the Systems of Neuromorphic Adaptive Plastic Scalable Electronics (SyNAPSE) programme. Is DARPA funding the creation of the Terminator? No. Such artificial brains would be used to build robots whose intelligence matches that of mice and cats...for now.

SyNAPSE is a programme which aims to develop electronic neuromorphic machine technology which scales to biological levels. It started in the U.S. in 2008 and is scheduled to run until around 2016, while having received $102.6 million in funding as of January 2013. The ultimate aim is to build an electronic microprocessor system that matches a mammalian brain in power consumption, function and size. As current programmable machines are limited by their computational capacity, which requires human-derived algorithms to describe and process information, SyNAPSE´s objective is to create biological neural systems which can autonomously process information in complex environments. Like the mammalian brain, SyNAPSE´s cognitive computers would be capable of automatically learning relevant and probabilistically stable features and associations, as well as of finding correlations, creating hypotheses and generally remembering and learning through experiences.

Although this original type of computational device could be beneficial to predict natural disasters and other threats to security based on its cognitive abilities, human rights questions arise if it were to be used in general for surveillance purposes. Imagine surveillance technologies with the capacity of a human brain. Imagine surveillance technologies capable of remembering your activity, analyzing it, correlating it to other facts and/or activities, and of predicting outcomes; and now imagine such technology used to spy on us. That might be a possibility in the future.

Such cognitive technology is still in an experimental phase and although it could be used to tackle threats to security, it could also potentially be used to monitor populations more efficiently. No such technology currently exists in India, but it could only be a matter of time before Indian law enforcement agencies start using such artificial intelligence surveillance technology to supposedly enhance our security and protect us.

Brain-Computer Interface (BCI)

Remember Orwell's ´Thought Police´? Was Orwell exaggerating just to get his point across? Well, the future appears to be much scarier than Orwell's vision depicted in 1984. Unlike the ´Thought Police´ which merely arrested individuals who openly expressed ideas or thoughts which contradicted the Party´s dogma, today, technologies are being developed which can literally read our thoughts.

Once again, DARPA appears to be funding one of the world´s most innovative projects: the Brain-Computer Interface (BCI). The human brain is far better at pattern matching than any computer, whilst computers have greater analytical speed than human brains. The BCI is an attempt to merge the two together, and to enable the human brain to control robotic devices and other machines. In particular, the BCI is comprised of a headset (an electroencephalograph - an EEG) with sensors that rest on the human scalp, as well as of software which processes brain activity. This enables the human brain to be linked to a computer and for an individual to control technologies without moving a finger, but by merely thinking of the action.

Ten years ago it was reported that the brains of rats and monkeys could control robot arms through the use of such technologies. A few years later brainstem implants were developed to tackle deafness. Today, brain-computer interface technologies are able to directly link the human brain to computers, thus enabling paralyzed people to conduct computer activity by merely thinking of the actions, as well as to control robotic limbs with their thoughts. BCIs appear to open up a new gateway for disabled persons, as all previously unthinkable actions, such as typing on a computer or browsing through websites, can now be undertaken by literally thinking about them, while using a BCI.

Brain-controlled robotic limbs could change the lives of disabled persons, but ethical concerns have arisen in regards to the BCI´s mind-reading ability. If the brain can be used to control computers and other technologies, does that ultimately mean that computers can also be used to control the human brain? Researchers from the University of Oxford and Geneva, and the University of California, Berkley, have created a custom programme that was specially designed with the sole purpose of finding out sensitive data, such as an individuals´ home location, credit card PIN and date of birth. Volunteers participated in this programme and it had up to 40% success in obtaining useful information. To extract such information, researchers rely on the P300 response, which is a very specific brainwave pattern that occurs when a human brain recognizes something that is meaningful, whether that is personal information, such as credit card details, or an enemy in a battlefield. According to DARPA:

´When a human wearing the EEG cap was introduced, the number of false alarms dropped to only five per hour, out of a total of 2,304 target events per hour, and a 91 percent successful target recognition rate was introduced.´

This constitutes the human brain as a new warfighting domain of the twenty-first century, as experiments have proven that the brain can control and maneuver quadcopter drones and other military technologies. Enhanced threat detection through BCI´s scan for P300 responses and the literal control of military operations through the brain, definitely appear to be changing the future of warfare. Along with this change, the possibility of manipulating a soldier´s BCI during conflict is real and could lead to absolute chaos and destruction.

Security expert, Barnaby Jack, of IOActive demonstrated the vulnerability of biotechnological systems, which raises concerns that BCI technologies may also potentially be vulnerable and expose an individual's´ brain to hacking, manipulation and control by third parties. If the brain can control computer systems and computer systems are able to detect and distinguish brain patterns, then this ultimately means that the human brain can potentially be controlled by computer software.

Will BCI be used in the future to interrogate terrorists and suspects? What would that mean for the future of our human rights? Can we have human rights if authorities can literally hack our brain in the name of national security? How can we be protected from abuse by those in power, if the most precious thing we have - our thoughts - can potentially be hacked? Human rights are essential because they protect us from those in power; but the privacy of our thoughts is even more important, because without it, we can have no human rights, no individuality.

Sure, the BCI is a very impressive technological accomplishment and can potentially improve the lives of millions. But it can also potentially destroy the most unique quality of human beings: their personal thoughts. Mind control is a vicious game to play and may constitute some of the scariest political novels as a comedy of the past. Nuclear weapons, bombs and all other powerful technologies seem childish compared to the BCI which can literally control our mind! Therefore strict regulations should be enacted which would restrict the use of BCI technologies to visually impaired or handicapped individuals. Though these technologies currently are not being used in India, explicit laws on the use of artificial intelligence surveillance technologies should be enacted in India, to help ensure that they do not infringe upon the right to privacy and other human rights.

Apparently, anyone can buy Emotiv or Neurosky BCI online to mind control their computer with only $200-$300. If the use of BCI was imposed in a top-down manner, then maybe there would be some hope that people would oppose its use for surveillance purposes; but if the idea of mind control is being socially integrated...the future of privacy seems bleak.

For more details visit https://cis-india.org/internet-governance/blog/hacking-without-borders-the-future-of-artificial-intelligence-and-surveillance

Summary of the CIS workshop on the Draft Human DNA Profiling Bill 2012

maria — 2013-07-12T15:33:25Z

On March 1st, 2013, the Centre for Internet and Society organized a workshop which analysed the April 2012 draft Human DNA Profiling Bill and its potential implications on human rights in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Think you control who has access to your DNA data? That might just be a myth of the past. Today, clearly things have changed, as draft Bills with the objective of creating state, regional, and national DNA databases in India have been leaked over the last years. Plans of profiling certain residents in India are being unravelled as, apparently, the new policy when collecting, handling, analysing, sharing and storing DNA data is that all personal information is welcome; the more, the merrier!

Who is behind all of this? The Centre for DNA Fingerprinting and Diagnostics in India created the 2007 draft DNA Profiling Bill[1], with the aim of regulating the use of DNA for forensic and other purposes. In February 2012 another draft of the Bill was leaked which was created by the Department of Biotechnology. The most recent version of the Bill was drafted in April 2012 and seeks to create DNA databases at the state, regional and national level in India[2]. According to the latest 2012 draft Human DNA Profiling Bill, each DNA database will contain profiles of victims, offenders, suspects, missing persons and volunteers for the purpose of identification in criminal and civil proceedings. The Bill also establishes a process for certifying DNA laboratories, and a DNA Profiling Board for overseeing the carrying out of the Act.

However, the 2012 draft Human DNA Profiling Bill lacks adequate safeguards and its various loopholes and overreaching provisions could create a potential for abuse. The creation of DNA databases is currently unregulated in India and although regulations should be enacted to prevent data breaches, the current Bill raises major concerns in regards to the collection, use, analysis and retention of DNA samples, DNA data and DNA profiles. In other words, the proposed DNA databases would not only be restricted to criminals…

DNA databases...and Justice for All?

Source: Libertas Academica on flickr

During the workshop [3]on the 2012 draft Human DNA Profiling Bill, DNA[4] was defined as a material that determines a persons´ hereditary traits, whilst DNA profiling[5] was defined as the processing and analysis of unique sequences of parts of DNA. Thus the uniqueness of DNA data is clear and the implications that could potentially occur through its profiling could be tremendous. The 2007 DNA Profiling Bill has been amended, yet its current 2012 version appears not only to be more intrusive, but to also be extremely vague in terms of protecting data, whilst very deterministic in regards to the DNA Profiling Board´s power. A central question in the meeting was:

Should DNA databases be created at all?

The following concerns were raised and discussed during the workshop:

● The myth of the infallibility of DNA evidence

The Innocence Project[6], which was presented at the workshop, appears to provide an appeal towards the storage of DNA samples and profiles, as it represents clients seeking post-conviction DNA testing to prove their innocence. According to statistics presented at the workshop, there have been 303 post-conviction exonerations in the United States, as a result of individuals proving their innocence through DNA testing. Though post-conviction exonerations can be useful, they cannot be the basis and main justification for creating DNA databases. Although DNA testing could enable post-conviction exonerations, errors in matching data remain a high probability and could result in innocent people being accused, arrested and prosecuted for crimes they did not commit. Thus, arguments towards the necessity and utility of the creation of DNA databases in India appear to be weak, especially since DNA evidence is not infallible[7].

False matches can occur based on the type of profiling system used, and errors can take place in the chain of custody of the DNA sample, all of which indicate the weakness of DNA evidence being used. DNA data only provides probabilities of potential matches between DNA profiles and the larger the amount of DNA data collected, the larger the probability of an error in matching profiles[8].

● The non-criteria of DNA data collection

How and when can DNA data be collected? The amended draft 2012 Bill remains extremely vague and broad. In particular, the Bill states that all offences under the Indian Penal Code and other laws, such as the Immoral Traffic (Prevention) Act, 1956, are applicable instances of human DNA profiling. Section B(viii) of the Schedule states that human DNA profiling will be applicable for offences under ´any other law as may be specified by the regulations made by the Board´. This incredibly vague section empowers the DNA Profiling Board with the ultimate power to decide upon the offences under which DNA data will be collected. The issue is this: most laws have loopholes. A Bill which lists applicable instances of human DNA profiling, under the umbrella of a potentially indefinite number of laws, exposes individuals to the collection of their DNA data, which could lead to potential abuse.

● The DNA Profiling Board´s power

The DNA Profiling Board has ´absolute´ power, especially according to the 2012 draft Human DNA Profiling Bill. Some of the Board´s functions include providing recommendations for provision of privacy protection laws, regulations and practices relating to access to, or use of, stored DNA samples or DNA analyses[9]. The Board is also required to advise on all ethical and human rights issues, as well as to take ´necessary steps´ to protect privacy. However, it remains unclear how a Board which lacks human rights expertise will carry out such tasks.

No human rights experts

Despite the various amendments[10] to the section on the composition of the Board, no privacy or human rights experts have been included. According to the Bill, the Board will be comprised of many molecular biologists and other scientists, while human rights experts have not been included to the list. This can potentially be problematic as a lack of expertise on privacy and human rights laws can lead to the regulation of DNA databases without taking civil liberties into consideration.

Vague authorisation for communication of DNA profiles

The Bill also empowers the Board to ´authorise procedures for communication of DNA profiles for civil proceedings and for crime investigation by law enforcement and other agencies´[11]. Although the 2007 Bill [12]restricted the Boards´ authorisation to crime investigation by law enforcement agencies, its 2012 amendment extends such authorisation to ´civil proceedings´ which can also be carried out by so-called ´other agencies´.[13] This amendment raises concerns, as the ´other agencies´ and the term ´civil proceedings´ remain vague.

Protecting the public

The Board is also authorised to ´assist law enforcement agencies in using DNA techniques to protect the public´[14]. Over the last years, laws are being enacted that enable law enforcement agencies to use technologies for surveillance purposes in the name of ´public security´, and the 2012 draft Bill is no exception. Many security measures have been applied to ´protect the public´, such as CCTV cameras and other technologies, but their actual contribution to public safety still remains a controversial debate[15]. DNA techniques which would effectively protect the public have not been adequately proven, thus it remains unclear how the Board would assist law enforcement agencies.

Sharing data with international agencies…and regulating DNA laboratories

In addition to the above, the Board would also encourage cooperation between Indian investigation agencies and international agencies[16]. This would potentially enable the sharing of DNA data between third parties and would enhance the probability of data being leaked to unauthorised third parties.

The Board would also be authorised to regulate the standards, quality control and quality assurance obligations of the DNA laboratories[17]. The draft 2012 Bill ultimately gives monopolistic control to the DNA Profiling Board over all the procedures related to the handling of DNA data!

● The DNA Data Bank Manager

According to the 2012 draft Human DNA Profiling Bill[18], it is the DNA Data Bank Manager who would carry out ´all operations of and concerning the National DNA Data Bank´. All such operations are not clearly specified. The powers and duties that the DNA Data Bank Manager would be expected to have are not specified in the Bill, which merely states that they would be specified by regulations made by the DNA Profiling Board.

The Bill also empowers the Manager to determine appropriate instances for the communication of information[19]. In other words, law enforcement agencies and DNA laboratories can request the disclosure of information from the DNA Data Bank Manager, without prior authorisation. The DNA Data Bank Manager is empowered to decide the requested data.

DNA access restrictions

Are you a victim or a cleared suspect? You better be, if you want access to your data to be restricted! The 2012 draft Human DNA Profiling Bill [20]states that access to information will be restricted in cases when a DNA profile derives from a victim or a person who has been excluded as a suspect. The Bill is unclear as to how access to the data of non-victims or suspects is regulated.

● Availability of DNA profiles and DNA samples

According to the amended draft 2012 Bill[21], DNA profiles and samples can be made available in criminal cases, judicial proceedings and for defence purposes among others. However, ´criminal cases´ are loosely defined and could enable the availability of DNA data in low profile cases. Furthermore, the availability of DNA data is also enabled for the ´creation and maintenance of a population statistics database´. This is controversial because it remains unclear how such a database would be used.

● Data destruction

According to an amendment to section 37, DNA data will be kept on a ´permanent basis´ and the DNA Data Bank Manager will expunge a DNA profile only once the court has certified that an individual is no longer a suspect. This raises major concerns, as it does not clarify under what conditions individuals can have access to their data during its retention, nor does it give volunteers and missing persons the opportunity to have their data deleted from the data bank.

Workshop conclusions

Source: micahb37 on flickr

The various loopholes in the Bill which can create a potential for abuse were discussed throughout the workshop, as well as various issues revolving around DNA data retention, as previously mentioned.

During the workshop, some participants questioned the creation of DNA databases to begin with, while others argued that they are inevitable and that it is not a question of whether they should exist, but rather a question of how they should be regulated. All participants agreed upon the need for further safeguards to protect individuals´ right to privacy and other human rights. Further research on the necessity and utility of the creation of DNA databases in regards to human rights was recommended. In addition to all the above, the Ministry of Law and Justice was recommended to pilot the draft DNA Profiling Bill to ensure better provisions in regards to privacy and data protection.

A debate on the use of DNA data in civil cases versus criminal cases was largely discussed in the workshop, with concerns raised in regards to DNA sampling being enabled in civil cases. The fact that the terms ´civil cases´ and ´criminal cases´ remain broad, vague and not legally-specified, raised huge concerns in the workshop as this could enable the misuse of DNA data by authorities. Thus, the members attending the workshop recommended the creation of two separate Bills regulating the use of DNA data: a DNA Profiling Bill for Criminal Investigation and a DNA Profiling Bill for Research. The creation of such Bills would restrict the access to, collection, analysis, sharing of and retention of DNA data to strictly criminal investigation and research purposes.

However, even if separate Bills were created, who is to say that when implemented DNA in the database would not be abused? Criminal investigations can be loosely defined and research purposes can potentially cover anything and everything. So the question remains:

Should DNA databases be created at all?

[1] Draft DNA Profiling Bill 2007, http://dbtindia.nic.in/DNA_Bill.pdf

[2] Human DNA Profiling Bill 2012: Working draft versión – 29th April 2012,

[3] Centre for Internet and Society, Analyzing the Draft Human DNA Profiling Bill 2012, 25 February 2013, http://cis-india.org/internet-governance/events/analyzing-draft-human-dna-profiling-bill

[4] Genetics Home Reference: Your Guide to Understanding Genetic Conditions, What is DNA?, http://ghr.nlm.nih.gov/handbook/basics/dna

[5] Shanna Freeman, How DNA profiling Works, http://science.howstuffworks.com/dna-profiling.htm

[6] Innocence Project, DNA exoneree case profiles, http://www.innocenceproject.org/know/

[7] Australian Law Reform Commission (ALRC), Essentially Yours: The Protection of Human Genetic Information in Australia (ALRC Report 96), ´Criminal Proceedings: Reliability of DNA evidence´, Chapter 44, http://www.alrc.gov.au/publications/44-criminal-proceedings/reliability-dna-evidence

[8] Ibid.

[9] Human DNA Profiling Bill 2012: Working draft version – 29th April 2012, Section 12(o, p, t), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[10] Ibid: Section 4(q)

[11] Ibid: Section 12(j)

[12] Draft DNA Profiling Bill 2007, Section 13, http://dbtindia.nic.in/DNA_Bill.pdf

[13] : Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(j), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[14] Ibid: Section 12(l)

[15] Schneier, B.(2008), Schneier on Security, ´CCTV cameras´, http://www.schneier.com/blog/archives/2008/06/cctv_cameras.html

[16] Human DNA Profiling Bill 2012: Working draft version – 29^th April 2012, Sections 12(u) and 12(v), http://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

[17] Ibid: Section on the ´Standards, Quality Control and Quality Assurance Obligations of DNA Laboratories´

[18] Ibid: Section 33

[19] Ibid: Section 35

[20] Ibid: Section 43

[21] Ibid: Section 40

For more details visit https://cis-india.org/internet-governance/blog/summary-of-cis-workshop-on-dna-profiling-bill-2012

Iceland’s proposed porn ban ‘like repression in Iran, N. Korea’ – activists

praskrishna — 2013-03-21T03:56:30Z

A group of 40 human rights activists from around the world fear that Iceland could become “a role model for Internet censorship” if it introduces Internet filters blocking online content deemed pornographic.

This blog post was published in RT on March 1, 2013. Sunil Abraham is quoted.

“The act of censoring pornography in Iceland differs in no way from repression of speech in Iran, China or North Korea,” human rights advocates wrote in an open letter to Icelandic Interior Minister Ögmundur Jónasson.

Activists from nearly 20 countries, including the UK, America, Austria and Finland, said that Iceland’s moral reasons for the push to censor Internet pornography is “justifying rather than condemning the actions of totalitarian regimes.”

Critics – including Jillian C. York, Director for International Freedom of Expression, Electronic Frontier Foundation, Sunil Abraham, Executive Director for India’s Internet and Society Center, and Ot van Daalen, head of the Dutch Bits of Freedom Center – have described the controversial measure as “an affront to basic principles of the society.”

They also argued that those advocating the Web porn ban have offered “no definition, no evidence, and suggested no technology.”

The authors of the letter warned that the prohibition of pornographic content could create demand for an underground porn industry, unregulated and most certainly affiliated with other illegal activities, “as we have seen in the case of drugs or alcohol prohibition. Hiding the problem is not a solution and may in fact make things worse.”

The solution, according to the activists, could be better sex education at home and schools: “Sex education that deals not only with conception, contraception and sexually transmitted diseases, but also relationships, communication and respect.”

Iceland, known for its feminist policies, could become the first Western country to censor online pornography, despite concerns over who will be given the authority to choose what is banned.

“It is tempting to regard filtering the Internet as a quick and easy way to restrict unwanted speech, opinions, or media, which the government regards as harmful for either them or the people,” the letter said. “The right to see the world as it is, is critical to the very tenets and functions of a democracy and must be protected at all costs.”

The activists claimed that it is technically impossible to censor the Internet without monitoring all telecommunications with automated machines: “This level of government surveillance directly conflicts with the idea of a free society.”

Iceland is not the only European country that has tried to implement such a ban. In December, the UK proposed blocking access to all pornographic websites, but UK ministers rejected the idea over a lack of public support.

According to supporters of the Icelandic ban, pornography has unquestionably damaging effects on both children and women.

"We have to be able to discuss a ban on violent pornography, which we all agree has a very harmful effects on young people and can have a clear link to incidences of violent crime," Interior Minister Jonasson, the author of the proposed ban, was quoted as saying.

While Iceland has already passed a law banning the distribution and printing of pornography, the proposed ban would eventually restrict access to pornographic websites in the country, and make it impossible to use Icelandic credit cards on X-rated sites.

For more details visit https://cis-india.org/news/rt-march-1-2013-icelands-proposed-porn-ban

"All Indian Enterprises should Be Very Worried": Centre for Internet and Society

praskrishna — 2013-02-28T09:21:32Z

This blog post by Shubhra Rishi was published in Computer World on February 25, 2013. Pranesh Prakash is quoted.

The chairman of the Indian Institute of Planning and Management (IIPM) is having a Barbara Streisand moment.

The American entertainer Barbra Streisand, in 2003, attempted to suppress photographs of her residence, involuntarily and indirectly fuelling further publicity. Arindam Chaudhuri’s order from a Gwalior Court has unfortunately resulted in more or less the same.

The DoT’s CERT team has successfully censored more than 70 URLs that didn’t particularly contain praises of IIPM. Amusingly, a URL containing a public notice issued by the University Grants Commission (UGC) in July 2012 was also blocked. The UGC notice said that IIPM cannot be recognized as a university according to the provisions of a particular section.

So while this issue has managed to hold our attention, it has also fervently highlighted the misappropriation of section 69 of India’s Information Technology (IT) Act 2000. According to this act, if the Director of Controller is satisfied that it is necessary or expedient so, he/she may order or direct any agency of the Government to intercept any information transmitted through any computer resource.

In short, intercepting or blocking is counter-productive in today’s scenario and is often seen as a direct infringement of people’s online freedom. “The Constitution of India does not put so many restrictions on the freedom of speech and expression that IT Act puts under a particular section,” says cyber law expert, Pavan Duggal.

Legal experts are also of the opinion that several provisions of the IT Act are unconstitutional. “It does not have built-in safeguards, especially transparency-related ones, around surveillance and censorship. Censorship in India, especially under the IT (Intermediary Guidelines) Rules 2011, is completely opaque and results in invisible censorship, meaning that we don't even get to find out that censorship has happened and thus cannot challenge it,” says Pranesh Prakash, policy director, Centre for Internet and Society.

In the past, independent activists such as Binayak Sen, Assem Trivedi, and Arundhati Roy, or even commoners such as Shaheen Dhadha have come under fire of the said Act.

Frankly, if this loophole in the IT Act is not addressed, even Indian corporations could face a similar problem.

“I believe all intermediaries (websites that host user content, and networks that carry user traffic among others) are threatened now. Their executives can be dragged to court without any protection; thanks to the broad wording of the IT (Intermediary Guidelines) Rules 2011, despite the IT Act itself granting them some protections. This is dangerous, and all Indian enterprises should be very worried,” says Prakash.

CorporateIndiawill have to tighten its belts. Despite the fact that the entire IT Act needs to be overhauled and employees need to be sensitized, currently, the first thing that corporate India needs to do is ensure that its operations in electronic format comply with the IT Act and its rules. “There's a lack of awareness about compliances in the corporate sector. Any kind of “jugaad” may not help a company get out of a potential exposure under the IT Act. An effective implementation of these compliances will relieve companies of the IT Act’s potential liabilities, both civil and criminal,” advises Duggal.

So the Streisand effect in the IIPM case will slowly wear off, but the potential threat of the IT Act will continue to haunt enterprises.

For more details visit https://cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried

February 2013 Bulletin

praskrishna — 2013-03-11T05:35:46Z

The Centre for Internet & Society (CIS) wishes you a great year ahead and welcomes you to the second issue of its newsletter for the year 2013. In this issue we bring you an overview of our research programs, updates of events organised by us, events we participated in, news and media coverage, and videos of some of our recent events.

Memorial

Rahul Cherian, an expert and policy activist in disability law, intellectual property and technology law passed away due to an illness while on a visit to Goa on February 7, 2013. Rahul was the founder of the Inclusive Planet Centre for Disability and Policy, and a fellow at CIS. He was also a partner at IndoJuris Law Offices in Chennai and was one of the experts who drafted the Treaty for the Visually Impaired currently being negotiated at the World Intellectual Property Organization. The Hindu (February 8, 2013), First Post (February 8, 2013), Legally India (February 7, 2013), and Bar & Bench (February 8, 2013) covered this story. Lawrence Liang wrote an obituary page, A Lightness of Spirit (The Hindu, February 9, 2013) and Nishant Shah wrote a column One For All (Indian Express, February 17, 2013).

CIS organised a memorial function for Rahul Cherian at the TERI, Southern Regional Centre in Bangalore on February 28, 2013.

Accessibility

National Resource Kit for Persons with Disabilities

Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Bihar and West Bengal:

The Bihar Chapter (by Manojna Yeluri, February 14, 2013): The state of Bihar is in the process of formulating a comprehensive state policy on disability. The Bihar State Policy on Disability is an extension of the National Policy for Persons with Disabilities and is currently in a draft form awaiting government approval and notification.
The West Bengal Chapter (by Anandhi Viswanathan, February 28, 2013): The state of West Bengal has issued the West Bengal Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Rules, 1999 to implement the provisions under the central Persons with Disabilities (Protection of Rights, Equal Opportunities and Full Participation) Act, 1995.

Media Coverage

Indian Users’ Perspective On WIPO Negotiations On Treaty For Visually Impaired (by Catherine Saez, Intellectual Property Watch, February 16, 2013). Nirmita Narasimhan is quoted.

Access to Knowledge

The Wikimedia Foundation awarded CIS a two year grant of INR 26,000,000 to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. The project researches upon the noteworthy opportunities of the new types of low cost mobile devices, content and services as available in the market.

Wikipedia

Beginning from September 1, 2012, Wikimedia Foundation awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon, Subhashish Panigrahi and Noopur Raval, and one new team member Dr. U.B. Pavanaja who works from Bangalore office.

New Team Member

Dr. U.B. Pavanaja joined the A2K team as Programme Officer, India Language Initiatives on February 19, 2013. Dr. Pavanaja holds a Master’s degree from Mysore University and Ph.D. from Mumbai University. He was a scientist at Bhabha Atomic Research Centre, Mumbai, for about 15 years. He is one of the earliest editors of Kannada Wikipedia. He has to his credit many firsts, viz., first Kannada website, first Kannada online magazine, first Indian language (Kannada) website to receive Golden Web Award, first Indian language (Kannada) editor for Palm OS, first Indian language (Kannada) editor for WinCE device (HP Jornado 720), first Indian language version (Kannada) of universally popular Logo (programming language for children) software, etc. His Kannada logo won the Manthan Award for the year 2006. He was a member of the technical advisory committee setup by the Govt. of Karnataka for Standardization of Kannada on Computers (2000). He is also a member of the Kannada Software Committee of Govt. of Karnataka (2008-current).

Events Organised

Knowledge Sharing through GLAM at Bangalore (Karnataka Chitrakala Parishad, Kumara Krupa Road, Bangalore, February 25, 2013). Dr. U.B. Pavanaja, Subhashish Panigrahi and Nitika Tandon participated in this event.
Wikimedia Bangalore Meetup @ Indian Institute of Management (Indian Institute of Management, Bangalore (organized in partnership with Wikispeed and NASSCOM). Vishnu Vardhan spoke on the Access to Knowledge project. Noopur Raval participated in the event.

Blog Entries

Creative Commons comes to India (by Subhashish Panigrahi, February 28, 2013).
Fifty-fourth Bangalore Wikimedia Meet-up at IIM, Bangalore (by Noopur Raval, February 28, 2013).
Odia Wikipedia Community Brings Wikipedia Education Program to IIMC, Dhenkanal (by Subhashish Panigrahi, February 28, 2013).
FOSS, Wikimedia and Mozilla Under One Roof at GNUnify 2013, Pune (by Subhashish Panigrahi, February 28, 2013).

Event Reports
CIS organised one Wiki workshop in the month of February 2013. We also bring you the report from an event organised in the month of January:

Celebrating Odia Wikipedia's Ninth Anniversary (organized by the Odia Wiki Community with support from CIS and Academy for Media Learning, January 29, 2013, Bhubaneswar). Few glimpses of the event are available as audio podcasts.
Digital Literacy Workshop at Department of Arts, Delhi University (by Nitika Tandon, February 5, 2013).

Media Coverage

ଓଡ଼ିଆ ଉଇକିପିଡ଼ିଆର ନ‌ବମ ଜନ୍ମତିଥି ଅବସରରେ କର୍ମଶାଳା: ଇମିଡ଼ିଆରେ ଓଡ଼ିଆ ଭାଷାର ପ୍ର‌ୟୋଗ (Odishan.com, February 4, 2013).
ସମ୍ବାଦ: ଲିପି ବ୍ୟାକରଣ ଓ ମାନକ ଭାଷାର ପ୍ରୟୋଗ ଜରୁରୀ. (Sambad, February, 2013).
Odisha: Workshop organized on 9th Anniversary of Odia language: Application of Odia language in e-media (e India Bureau, March 2, 2013).
Odia Wikipedia’s 9th anniversary (fullOrissa News, February 13, 2013).
Odisha: Workshop organized on 9th Anniversary of Odia language: Application of Odia language in e-media (India Education Diary.com, March 2, 2013). Subhashish Panigrahi is quoted.
Odia language workshop organized on 9th Anniversary of Odia Wikipedia: Application of Odia language in e-media (Odishaviews.com, February 5, 2013). Subhashish Panigrahi is quoted.

Ongoing Events

Wikipedia Workshop @ BITS Goa (BITS Pilani K K Birla Goa Campus, March 7, 2013, 5.30 p.m. to 8.00 p.m.).
A Wikipedia Editing Workshop in Goa (Nirmala Institute of Education, Goa, March 8, 2013, 3 p.m. to 5 p.m.).

Announcement

Sanskrit Wikiquote — Now Available: The Access to Knowledge team at CIS is happy to announce the availability of Sanskrit Wikiquote. Shiju Alex, an ex-team member played an active role in bringing this out. For more info see http://bit.ly/Y9OY9R.

Pervasive Technologies

Event Participated In

International Conference on Contours of Media Governance: Teaching, Disciplinarity, Methodology (organised by Jamia Millia Islamia University with support from Ford Foundation and ICSSR, Centre for Culture, Media & Governance, Jamia Millia Islamia University, New Delhi, February 25 – 27, 2013). Sunil Abraham presented preliminary findings from the Pervasive Technologies project.

Other Openness Updates

Announcements from Other Organizations

Iryna Kuchma wins the second EPT award: The Electronic Publishing Trust for Development announced the winner of its 2nd Annual Award in recognition of the effort made by individuals working in the developing and emerging countries in the furtherance of Open Access (OA) to scholarly publications. Dr. Francis Jayakanth won the inaugural award last year.

HasGeek

HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works from the CIS office in Bengaluru.

Event Report & Video

Report of Aaron Swartz Memorial Hacknight (by Zainab Bawa, February 6, 2013). On January 19 and 20, 2013, HasGeek organized a hacknight to commemorate the life and work of Aaron Swartz. Zainab Bawa shares the developments.

Internet Governance

CIS has an agreement with Privacy International, London to facilitate the implementation of activities related to surveillance and freedom of speech and expression. We are also doing a project on examining the indicators of female economic empowerment in the IT industry in India.

Gender

Women in India’s IT Industry (by Jadine Lannon, February 27, 2013)
Women in the IT Industry: Request for Data (by Jadine Lannon, February 28, 2013).

Free Speech & Expression

Analyzing the Latest List of Blocked URLs by Department of Telecommunications (IIPM Edition) (by Snehashish Ghosh, February 14, 2013). The analysis was quoted in FirstPost.
Don’t SLAPP free speech (by Sunil Abraham with inputs from Snehashish Ghosh, Tehelka, February 3, 2013, Issue 9, Volume 10).
Freedom of Expression Gagged (by Chinmayi Arun, Hindu Business Line, February 15, 2013).

Media Coverage

Hate speech: ban or ignore? (NDTV, February 5, 2013). Pranesh Prakash, Shivam Vij, and Sanjay Rajoura gave their expert views on the impact of hate speech.
Censorship and sensibility in India (by Samanth Subramanian, February 6, 2013). Pranesh Prakash is quoted.
Online Abuse of Teen Girls in Kashmir Leads to Arrests (by Betwa Sharma, New York Times, February 8, 2013). Pranesh Prakash is quoted.
Indian net service providers too play censorship tricks (by T Ramachandran, The Hindu, February 9, 2013). Sunil Abraham is quoted.
Anonymous joins protests against Internet shutdown in Kashmir (by Indu Nandakumar, Economic Times, February 12, 2013). Sunil Abraham is quoted.
Why was the Gwalior court in such a hurry to block IIPM URLs? (by Danish Raza, FirstPost, February 19, 2013). Snehashish Ghosh’s analysis on blocked website is quoted.
Stop Press Carousel (by Arindham Mukherjee, Outlook, February 22, 2013). Sunil Abraham is quoted.
"All Indian Enterprises should Be Very Worried": Centre for Internet and Society (by Shubhra Rishi, Computer World, February 25, 2013). Pranesh Prakash is quoted.

Events Participated In

Freedom of expression online: identifying and addressing challenges and developing a shared vision and a working partnership: (organized by Wilton Park, Wiston House, Sussex, UK, February 13 – 15, 2013). Pranesh Prakash participated in the event.
9th International Asian Conference (organized by ITech Law, Bangalore, February 14 -15, 2013). Sunil Abraham was a panelist in the session on Censorship of Online Content.

Privacy

2012: Privacy Highlights in India (by Elonnai Hickok, February 12, 2013): Elonnai summarizes the top privacy moments of 2012 in India.
Surveillance Camp IV: Disproportionate State Surveillance - A Violation of Privacy (by Elonnai Hickok and Katitza Rodriguez of Electronic Frontier Foundation February 19, 2013).
BigDog is Watching You! The Sci-fi Future of Animal and Insect Drones (by Maria Xynou, February 25, 2013).

Events Organized

Analyzing the Draft Human DNA Profiling Bill 2012 (March 1, 2013, CIS, Bangalore).
Unique Identity Number (UID), National Population Register (NPR), and Governance (March 2, 2013, TERI Southern Regional Centre, Bangalore).

Event Participated In

The Omnishambles of UID, shrouded in its RTI opacity: CIS sponsored Colonel Mathew Thomas to hold a workshop at the fourth National Right to Information (RTI) organized by the National Campaign for People's Right to Information, held in Hyderabad from February 15 to 18, 2013.

Upcoming Event

DML Conference 2013 (co-organised by CIS and Digital Media & Learning Research Hub Central, Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2013).

Internet Access – Knowledge Repository

CIS in partnership with the Ford Foundation was executing the telecom knowledge repository project which included producing and disseminating modules on various aspects of telecommunications including policy, regulations, infrastructure and market. However, from November 2012 there was a change in the mandate of the project. The new repository will cover the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation policies related to internet access. The blog posts and modules will be published in a new website: www.internet-institute.in.

Upcoming Event

We are hosting an “Institute on Internet and Society” in collaboration with the Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registration and relevant details will be announced soon on our website.

Telecom

While the potential for growth and returns exist for telecommunications in India, a range of issues need to be addressed. One aspect is more extensive rural coverage and the other is a countrywide access to broadband which is low. Both require effective and efficient use of networks and resources, including spectrum:

Newspaper Column

The Supreme Court & Spectrum Management (by Shyam Ponappa, Organizing India Blogspot, February 14, 2013, originally published in the Business Standard, February 6, 2013).

Blog Entry

Who Minds the Maxwell's Demon: Revisiting Communication Networks through the Lens of the Intermediary (by Sharath Chandra Ram, February 28, 2013).

Digital Natives

Events Participated In

D:coding Digital Natives - Seminar with Nishant Shah (organized by HUMlab, February 26, 2013). Nishant Shah gave a talk on D:coding Digital Natives at Samhällsvetarhuset.

Video Vortex # 9 Re:assemblies of Video (organized by the Institute of Network Cultures, Post Media Lab, Moving Image Lab, Leuphana, et.al, February 28 – March 2, 2013). Nishant Shah delivered a key note at this event.

Digital Humanities

From 2012 to 2015, the Researchers At Work series is focusing on building research clusters in the field of Digital Humanities. We organised the first Habits of Living workshops in Bangalore last year. The next workshop is being held in Brown University.

Upcoming Event

Habits of Living: Networked Affects, Glocal Effects (organised by CIS and Brown University, March 21 – 23, 2013, Brown University, Rhode Island). Nishant Shah will be speaking at this event.

About CIS

CIS was registered as a society in Bangalore in 2008. As an independent, non-profit research organisation, it runs different policy research programmes such as Accessibility, Access to Knowledge, Openness, Internet Governance, and Telecom. The policy research programmes have resulted in outputs such as the e-Accessibility Policy Handbook for Persons with Disabilities with ITU and G3ict, and Digital Alternatives with a Cause?, Thinkathon Position Papers and the Digital Natives with a Cause? Report with Hivos, etc. We have conducted policy research for the Ministry of Communications & Information Technology, Ministry of Human Resource Development, Ministry of Personnel, Public Grievances and Pensions, Ministry of Social Justice and Empowerment, etc., on WIPO Treaties, Copyright Bill, NIA Bill, etc.

CIS is accredited as an observer at WIPO. CIS staff participates in the Standing Committee for Copyright and Related Rights (SCCR) meetings regularly held in Geneva, and participate in the discussions and comments on them from a public interest perspective. Our Policy Director, Nirmita Narasimhan won the National Award for Empowerment of Persons with Disabilities from the Government of India and also received the NIVH Excellence Award.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us

Request for Collaboration

For more details visit https://cis-india.org/about/newsletters/february-2013-bulletin

Who Minds the Maxwell's Demon (Revisiting Communication Networks through the Lens of the Intermediary)

sharath — 2013-03-05T07:37:37Z

A holistic reflection on information networks and it’s regulatory framework is possible only when the medium-specific boundary that has often separated the Internet and Telecom networks begins to dissolve, to objectively reveal points of contention in the communication network where the dynamics of network security and privacy are at large – namely, within the historic role of the intermediary at data/signal switching and routing nodes.

It is unfair to contextualize the history of the Internet without looking at how analog information networks like cable and wireless telegraph and later, the telephone, almost coincidentally necessitated the invention of automated networks for remote machine control and peer-to- peer communication over the Internet that promised to drastically reduce intermediary overheads. While the whole world was fraught in patent wars over wired private networks, the first nodes of the ‘open’ internet were built in a two-week global meeting of computer scientists who were flown down to simply prepare for ‘a public exhibition’ of the ARPANET in 1971.

While India only received it’s first telephone in New Delhi late into the 20^th century, “Telegraph Laws” to most of the Indian working class always remained an ominously urgent telegram that brought the news of a dear one who had taken seriously ill. And so, on a lateral note, it is apt to bring to light the life of one Mr Almond Brown Strowger, wherein the idea of an automatic telephone exchange was given birth to by the ‘business of death’.

The Automatic Telephone Exchange

Almond Strowger was an undertaker based in Missouri, in a town where there was yet another undertaker, who’s wife incidentally was an operator in the then manual telephone exchange. Strowger came to believe the reason he received fewer phone calls was that his business competitor’s wife ended up preferentially routing all callers seeking Strowger’s funeral services to her undertaker husband instead. Strowger conceived the initial idea in 1888 and patented ‘The Automatic Telephone Exchange’ in 1891. http://goo.gl/oieIJ

Popularly known as the ‘Strowger Switch’, the Step-by Step switch (SXS switch) consisted of two interfaces – One at the customer’s end that used telegraph keys (and later a rotary dial) to send a train of electric current pulses corresponding to the digits 0 -9 all the way to the exchange. The actual Strowger switch at the exchange, used an electromechanical device that could move vertically to select one of 10 contacts, and then rotated to select one of another 10 in each row – a total of 100 choices. Consequently was formed in 1892, the Strowger Automatic Telephone Exchange Company at Indiana with about 75 subscribers. Strowger later sold his patents for $10,000 in 1898 to the Automatic Electric Company, a competitor of Bell System’s Western Electric. His patents were eventually acquired by Bell systems for $2.5 million in 1916, showing just how much growth and investor interest the telephone industry had gained by then.

Switching Paradigms

The architecture of global communication was headed towards different ideals and directions. Most media historians contrast these methodologies into ‘circuit switching’ and ‘packet switching’, or a connection-oriented fault intolerant system on one hand and another connection-less fault tolerant protocol respectively, both of which were being developed concurrently. In reality however, a major driving factor were the stakeholders backing the infrastructure of the rapidly growing communication industry, who were looking for growing returns on their investments. And hence these parallel ramifications may also be looked at through the lens of closed proprietary and medium specific networks versus an open, shared, medium in-specific paradigm of information theory.

Circuit switching relied on an assured dedicated connection between 2 nodes, and was especially patronized by the industry that saw telecommunication as the latest fad in urban luxury (a key factor in the distinction of suburban areas as the affluent moved into urban areas that were ‘connected’ by telephone). Owners and manufacturers of the hardware infrastructure became the most significant stakeholders. The revenue model was based on the amount of time the network was used and hence was popular in analog voice telephone networks. The entire bandwidth of the channel was made available for the duration of the session along with a fixed delay between communicating nodes. Therefore, even if there was no information being transmitted during a session, the channel would not be made available to anyone else waiting to use it unless released by the previous party. Early telephone exchanges relied on manual labour to facilitate switching until the automated exchange came about.

Packet switching on the other hand, leaned towards the paradigm of shared bandwidth and resources, and more importantly approached communication with complete disregard to the medium of transmission, be it wired or wireless. Furthermore, it also disregarded the content, modality and form of communication with an objectified data-centric approach. Information to be transmitted was divided into structured “packets” or “capsules”. These packets were all ‘thrown’ into the shared network pool consisting of numerous other such packets, each with its own destination, to be carefully buffered, stored and forwarded by intermediary routers in the network. Apart from occasional packet loss, the time taken to send a message is indeterminate and is dependent on the overall traffic load on the network at any given time.

INTERFACE MESSAGE PROCESSOR and the ICCC ‘Hackathon’

Plans forged on into the early 1960s towards the development of an open architecture to enable network communication between computer systems, culminating in the invention of the ‘interface message processor’ that promised to herald the coming of an era of packet switching by enabling the ARPANET (Advanced Research Projects Agency Network), the first wide area packet switched network – and precursor to the world wide web as we know it today.

While the Information Processing Techniques Office (IPTO) had previously contracted Larry Roberts who in 1965 developed the first packet switched network between two computers , the TX-2 at MIT with a Q-32 in California, a growing need was felt to have a centralized terminal with access to multiple sites that would enable any computer to connect to any site. The first IMP was commissioned to be built by the engineering firm BBN (Bolt, Beranek and Newman, a professor student trio from MIT).

(The very first Interface Message Processor by BBN: Courtesy: http://goo.gl/tvo8n)

By 1971, the four original nodes that connected the ARPANET (viz, UCLA, Stanford Research Institute, University of Utah and University of California at Santa Barbara) had expanded to 15 nodes, but the lack of a common host protocol meant that a full-scale implementation and adoption of the ARPANET was far from complete. The time had come to allow the public to engage with the promising future that the Internet held. What entailed was the organization of first public International Conference on Computer Communication (1972) (http://goo.gl/PFhtL) under the umbrella of the IEEE Computer Society at the Hilton Hotel, Washington D.C. In many ways the event was the original version of a modern day new media art ‘hackathon’ and involved about 50 computer scientists who were flown in from around the globe alongside the likes of Vint Cerf and Bob Metcalfe. The deadline of a public demonstration provided the much-needed impetus to drive the network to functional completion. Exhibits included a variety of networked applications like the famed dialogue between the ‘paranoid patient’ chatbot PARRY and doctor ELIZA, motion control of the LOGO ‘Turtle’ across the network and remote access of digital files that were printed on paper locally. A milestone in distributed packet switching had been achieved and the stage had been set to compete with the archaic paradigm of circuit switched networks, even as delegates from AT&T (incidentally one of the funders of the event) watched on with the hope that the demonstration would run into a fatal glitch.

Who Minds the Maxwell's Demon

It may not be boldly evident from the vast corpus of policy research surrounding the regulation of communication networks (be it the issues of network security, privacy, anonymity, surveillance or billing systems) that key-points in the control system where dynamics play at large, are at the interfacing nodes and data/signal switches at either transceiver nodes as well as intermediary nodes. This is further underlined by the historical fact that the invention of the automatic telephone exchange was fuelled by the necessity to ensure a paradigm of unbiased circuit switching within the context of a networked business.

Just a glimpse at the number of patents that directly or indirectly refer to the Automatic Telephone Exchange patent shall bring to light myriad applications that range from “Linking of Personal Information Management Data”, “Universal Data Aggregation”, “Flexible Billing Architecture”, ”Multiple Data Store Authentication” , “Managing User to User Contact using Inferred Presence Detection” to various paradigms surrounding distributed systems for cache defeat detection, most of which are part of PUSH technology services that manage networked smartphone applications from instant messaging to email access. Other proposed systems for spectrum management and dynamic bandwidth allocation, such as policy alternatives to spectrum auction that entail frequency hopping at the transmitter level shall invariably depend on a centralized automated intermediary who shall in theory have transparent access to data flow. The role of routing intermediaries with specialized access, poses many interesting questions with regards to policy issues that surround network privacy and security.

This brings us back to the seemingly comical reference that this article makes to a mysterious entity named the ‘Maxwell’s Demon’. A thought experiment proposed by James Clerk Maxwell, involved a chamber of gas molecules at equilibrium that was divided into two halves along with a ‘door’ controlled by the “Maxwell’s Demon”. The demon had the ability to ‘open’ the door to allow faster than average molecules to enter one side of the chamber while slower molecules ended up on the other side of the chamber, causing the former side to heat up while the other side gradually cooled down, thereby establishing a temperature difference without doing any work, and thus violating the 2^nd Law of Thermodynamics. The parallel drawn in this article between networked switching intermediaries and the Maxwell’s demon does not go beyond this simple functional similarity.

However for the ambitious reader, it maybe interesting to note that ever since the invention of digital computers, scientists have actively pursued the paradox of Maxwell’s demon to revisit physical fundamentals governing information theory and information processing, which has involved analyzing the thermodynamic costs of elementary information manipulation in digital circuits – A study that probably constantly engages Google as they pump water through steel tubes to cool their million servers.

We shall save all this for another day, but on yet another related note, everytime say an email sent to an invalid address bounces back to your inbox as a “Mailer Daemon”, let it be known that the “Daemon” in Operating System terminology that refers to an invisible background process that the user has no control over, infact directly owes it’s etymology to the paradox of ‘Maxwell’s Demon’.

For more details visit https://cis-india.org/telecom/blog/who-minds-the-maxwells-demon