Centre for Internet and Society

Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media

amber — 2021-05-31T10:19:33Z

For more details visit https://cis-india.org/internet-governance/files/beyond-public-squares-dumb-conduits-and-gatekeepers.pdf

Beyond Property Rights: Thinking About Moral Definitions of Openness

praskrishna — 2013-08-07T09:43:35Z

It is hard for Westerners to realize just how much we take for granted about intellectual property, and in particular, how much the property owner’s perspective--be it a corporation, government or creative artist--is embedded in our view of the world as the natural order of things.

This blog post by David Eaves was published in TECH President on August 6, 2013. Sunil Abraham is quoted.

While sharing and copying technologies are disrupting some of the ways we understanding “content,” when you visit a non-Western country like India, the spectrum of choices become broader. There is less timidity wrestling with questions like: should poor farmers pay inflated prices for patented genetically-engineered seeds? How long should patents be given for life-saving medicines that cost more than many make in a year? Should Indian universities spend millions on academic journals and articles? In the United States or other rich countries we may weigh both sides of these questions--the rights of the owner vs. the moral rights of the user--but there’s no question people elsewhere, such as in India, weigh them different given the questions of life and death or of poverty and development.

Consequently, conversations about open knowledge outside the supposedly settled lands of the “rich” often stretch beyond permission-based “fair use” and “creative commons” approaches. There is a desire to explore potential moral rights to use “content” in addition to just property rights that may be granted under statutes.

A couple of months ago I sat down in Bangalore with Sunil Abraham, the founder and executive director of the Center for Internet & Society (CIS) there, to talk about the center, and his views on the role of technology and openness in politics and society. One part of our conversation led to this WeGov column on “I Paid a Bribe” and the challenge of fighting corruption in India using technology. Here I want to reflect further on how Sunil and his counterparts may be radically challenging how we should think about open information more generally.

As we talked, Sunil outlined how people and organizations were using “open” methodologies to advance social movements or create counter power. To explain his view he sketched out the following “map” of IP rights and freedoms to show people use and view the different “permissions” (some legal, some illegal).

As a high-level overview this map offers a general list of the tools at the disposal of citizens interested in playing with intellectual property, particularly as they pursue social justice issues.

At the top of the chart are the various forms of “permissions” that a property owner may (or may not) grant you. Thus at the far left sits the most restrictive IP regime and, as you move right, the user gets more and more freedoms (or, if you take the perspective of property owners, property loses more and more of its formal legal protections and a different notion, of “moral rights,” arises).

The second row divides the permissions and the actors along what Sunil believes is one of the most important permissions - the requirement to attribute (or the freedom not to).

Finally, at the bottom, I’ve placed various actors along the spectrum to both show where they might be positioned in the access debate and/or how they use these tools to advance their aims. Thus someone like Lawrence Lessig, the intellectual father of Creative Commons, might support many uses of information as long as the owner gives permission; whereas groups like the Pirate Party or the Yes Men edge further out into uses that may not appear legitimate to a property owner.

Particularly interesting is Sunil’s decision to include non-legal “permissions” such as ignoring the property holders rights in his spectrum of openness. He sees this as the position of the Pirate Party, which he suggests advocates that people should have the right to do what they want with intellectual property even if they don’t have permission, with the exception, interestingly, of ignoring attribution.

He also includes two even more radical “permissions” – counterfeiting, that is claiming that you created the work – and false attribution – assigning your work to someone else! Sunil sees Anonymous as often using the former and the Yes Men as using the latter. “They (the Yes Men) are playing with the attribution layer,” he says, by conducting actions such as their fake DOW press release about the Bhopal disaster.

Pushing the identity envelope
To Sunil, the big dividing line is less about legal vs. illegal but around this issue of attribution. “This is the most exciting area because this (the non-attribution area) is where you escape surveillance,” he declares.

“All the modern day regulation over IP is trying to pin an individual against their actions and then trying to attach responsibility so as to prosecute them,” Sunil says. “All that is circumvented when you play with the attribution layer.”

This matters a great deal for individuals and organizations trying to create counter power – particularly against the state or large corporate interests. In this regard Sunil is actually linking the tools (or permissions) along the open spectrum to civil disobedience. Of course, such “permissions” are also used by states all the time, such as pretending that a covert action was the responsibility of someone else, or simply denying responsibility for some action.

This, in turn, has some interesting implications.

The first is, that it allows Sunil to weave together a number of groups that might not normally be seen as connected because he can map their strategies or tools against a common axis. Thus Lawrence Lessig, the Yes Man, companies and journalists can all be organized based on what “permissions” they believe are legitimate. For example, journalists and new publishers are often seen as fairly pro-copyright (it protects their work) but they are quite happy to ignore the proprietary rights of a government or corporate document and publish its contents, if they believe that action is in the public interest. Hence their position on the spectrum as “willing to ignore proprietary rights.” (Leave aside government arguments that publishing such documents is “stealing” when, at least in the US, they are technically already not subject to copyright.) However, a credible newspaper or journalist would never knowingly attribute a quote or document to a different person. Attribution remains sacred, even when legal proprietary rights are not.

It also tests the notions of who is actually an IP radical. As Sunil notes: “The more you move to the right the more radical you are. Because everywhere on the left you actually have to educate people about the law, which is currently unfair to the user, before you even introduce them to the alternatives. You aren’t even challenging the injustice in the law! On the right you are operating at a level that is liberated from identity and accountability. You are hacking identity.”

Sunil is thus justifying how the use of “illegal” permissions may actually be a form of civil disobedience that can be recognized as legitimate. This is something journalists confront regularly as well. Many are willing to publish “illegally” obtained leaked documents when they believe that may serve the public good. What is ethical is not always legal and so there position on this chart is more nuanced than one might initially suspect.

This is not to say that Sunil doesn’t believe in the effectiveness of legal approaches. For him this map represents a more complete range of choices an activist can choose from as they try to develop their strategy.

“So what you do, and the specific change you are trying to precipitate, you’ll have to determine what strategy you need. Sometimes working within the left hand group is sufficient. Having a non-derivative, non-commercial license to enable students to access academic works, in India, is good enough… But then, to do what the Yes Men did to DOW Chemicals? You have to be over on the right side.”

For more details visit https://cis-india.org/news/tech-president-august-6-2013-david-eaves-beyond-property-rights-thinking-about-moral-definitions-openness

Beyond Access as Inclusion

anja — 2011-08-02T07:29:03Z

On 13 September, the day before the fifth Internet Governance Forum opens, CIS is coorganising in Vilnius a meeting on Internet governance and human rights. One of the main aims of this meeting is to call attention to the crucial, yet in Internet governance often neglected, indivisibility of rights. In this blog post, Anja Kovacs uses this lens to illustrate how it can broaden as well reinvigorate our understanding of what remains one of the most pressing issues in Internet governance in developing countries to this day: that of access to the Internet.

One of the most attractive characteristics of the Internet – and perhaps also one of the most debated ones – is its empowering, democratising potential. In expositions in favour of access to the Internet for all, this potential certainly often plays a central role: as the Internet can help us to make our societies more open, more inclusive, and more democratic, everybody should be able to reap the fruits of this technology, it is argued. In other words, in debates on access to the Internet, most of us take as our starting point the desirability of such access, for the above reasons. But how justified is such a stance? Is an Internet-induced democratic transformation of our societies what is actually happening on the ground?

I would like to move away, in this blog post, from the more traditional approaches to the issue of access, where debates mostly veer towards issues of infrastructure (spectrum, backbones, last mile connectivity, …) or, under the banner of “diversity”, towards the needs of specific, disadvantaged communities (especially linguistic minorities and the disabled). To remind us more sharply of the issues at stake and of the wide range of human rights that need our active attention to make our dreams a reality, I would like to take a step back and to ask two fundamental questions regarding access: why might access be important? And what do we actually have access to?

Let me start, then, by exploring the first question: why, actually, is Internet access important? In his canonical work on the information age, and especially in the first volume on the rise of the network society, Manuel Castells (2000) has perhaps provided the most elaborate and erudite description of the ways in which new technologies are restructuring our societies and our lives. We are all all too familiar with the many and deep-seated ways in which the Internet changes the manner in which we learn, play, court, pay, do business, maintain relationships, dream, campaign. And yet, the exact nature of the divide created by the unequal distribution of technical infrastructure and access, despite being so very real, receives relatively little attention: this divide is not simply one of opportunities, it is crucially one of power. If in traditional Marxist analysis the problem was that the oppressed did not have access to the means of production, today, one could well argue, the problem is that they do not have access to the means of communication and information.

Indeed, the Internet is not something that is simply happening to us: there are people who are responsible for these new evolutions. And so it becomes important to ask: who is shaping the Internet? Who is creating this new world? Let us, by way of example, consider some figures relating to Internet use in India. So often hailed as the emerging IT superpower of the world, there are, by the end of 2009, according to official government figures, in this country of 1 billion 250 million people slightly more than 15 million Internet connections. Of these, only slightly more than half, or almost 8 million, are broadband connections – the rest are still dial-up ones (TRAI 2010). The number of Internet users is of course higher – one survey estimates that there are between 52 million and 71 million Internet users in urban areas, where the bulk of users is still located (IAMAI 2010). But while this is a considerable number, it remains a fraction of the population in a country so big. What these figures put in stark relief, then, is that the poor and marginalised are not so much excluded from the information society (in fact, many have to bear the consequences of new evolutions made possible by it in rather excruciating fashion), but rather, that they are fundamentally excluded from shaping the critical ways in which our societies are being transformed.

To have at least the possibility to access the Internet is, then, of central significance in this context for the possibility of participation it signals in the restructuring of our societies at the community, national and global level, and this in two ways: in the creation of visions of where our societies should be going, and in the actual shaping of the architecture of our societies in the information age.

If we agree that access attains great significance in this sense, then a second question poses itself, and that is: in practice, what exactly are we getting access to? This query should be of concern to all of us. With the increasing corporatisation of the Internet and the seemingly growing urges of governments on all continents to survey and control their citizens, new challenges are thrown up of how to nurture the growth of open, inclusive, democratic societies, that all of us are required to take an interest in.

Yet it is in the case of poor and marginalised people that the challenges are most pronounced. Efforts to include them in the information society are disproportionately legitimised on the basis of the contribution these can make to improving their livelihoods. Initiatives, often using mobile technology, that allow farmers to get immediate information about the market prices of the produce they are intending to sell, are perhaps the most well-known and oft-cited examples in this category. Other efforts aim to improve the information flow from the government to citizens: India has set up an ambitious network of Common Service Centres, for example, that aim to greatly facilitate the access of citizens to particular government services, such as obtaining birth or caste certificates – and going by first indications, this also seems to be succeeding in practice. Only rarely, however, do initiatives to “include” the poor in the information society address them as holistic beings who do not only have economic lives, but political, emotional, creative and intellectual existences as well. This is not to say that economic issues are not of importance. But by highlighting only this aspect of poor people's lives, we promote a highly impoverished understanding of their existences.

The focus on a limited aspect of the poor's identity - important as that aspect may be - has a function, however: it makes it possible to hide from view the extremely restrictive terms on which poor people are currently being integrated into the information society. Even initiatives such as the Common Service Centres are in fact based on a public-private-partnership model that explicitly aims to “align [..] social and commercial goals” (DIT 2006: 1), and in effect subordinates government service design to the requirements of the CSC business model (Singh 2008). The point is not simply that we need strong privacy and data protection policies in such a context – although we clearly do. There is a larger issue here, which is that efforts to include the poor in the information society, in the present circumstances, really seem to simply integrate them more closely into a capitalist system over which they have little control, or to submit them to ever greater levels of government and corporate surveillance. Their own capacity to give shape to the system in which they are “included”, despite the oft-heralded capacities of the Internet to allow greater democratic participation and to turn everybody into a producer and distributor, as well as a consumer, remains extremely limited.

Such tendencies have not gone unnoticed. For example, unlike in many other parts of the world, social movements in India fighting against dams, special economic zones or mining operations in forest areas - all initiatives that lead to large-scale displacement – have not embraced technology as enthusiastically as one might have expected. There are various reasons for this. Within Indian nationalism, there have always been strands deeply critical of technology, with Gandhi perhaps their most illustrious proponent. But for many activists, technology often also already comes with an ideological baggage: an application such as Twitter, for example, in so many of its aspects is clearly manufactured by others, for others, drawing on value sets that activists often in many ways are reluctant to embrace. And such connotations only gain greater validity because of the intimate connections that exist in India between the IT boom and neoliberalism: technology has great responsibility for many of the trends and practices these activists are fighting against. While the Internet might have made possible many new publics, most movements do not – as movements – recognise these publics as their own (Kovacs, forthcoming).

To some extent, these are of course questions of the extent of access that people are granted. But they also raise the important issue of the value structure of the Internet. Efforts at inclusion always take for granted a standard that is already set. But what if the needs and desires of the many billions that still need to be included are not served by the Internet as it exists? What if, for it to really work for them, they need to be able to make the Internet a different place than the one we know today? While it is obvious that different people will give different answers in different parts of the world, such debates are complicated tremendously by the fact that it is no longer sufficient to reach a national consensus on the issues under discussion, as was the case in earlier eras. The global nature of the Internet's infrastructure requires that the possibility of differing opinions, too, needs to be facilitated at the global level. What are the consequences of this for the development of democracy?

For access to the Internet to be substantively meaningful from a human rights perspective in the information age, it is crucial, then, that at a minimum, the openness of the Internet is ensured at all levels. Of course, openness can be considered a value in itself. But perhaps more importantly, at the moment, it is the only way in which the possibility of a variety of answers to the pressing question of what shape our societies should take in the information age can emerge. Open standards and the portability of data, for example, are crucial if societies are to continue to decide on the role corporations should play in their public life, rather than having corporations de facto rule the roost. Similarly, under no circumstances should anyone be cut off from the Internet, if people are to participate in the public life of the societies of which they are members. And these are not just concerns for developing countries: if recent incidents from France to Australia are anything to go by, new possibilities facilitated by the Internet have, at least at the level of governments, formed the impetus for a clear shift to the right of the political spectrum in many developed countries. In the developed world, too, the questions of access and what it allows for are thus issues that should concern all. In the information age, human rights will only be respected if such respect is already inscribed in the very architecture of its central infrastructure itself.

List of References

Castells, Manuel (2000). The Rise of the Network Society, 2^nd edition. Oxford: Blackwell.

Department of Information Technology (DIT) (2006). Guidelines for the Implementation of Common Services Centers (CSCs) Scheme in States. New Delhi: Department of Information Technology, Government of India.

Internet and Mobile Association of India (IAMAI) (2010). I-Cube 2009-2010: Internet in India. Mumbai: Internet and Mobile Association of India.

Kovacs, Anja (forthcoming). Inquilab 2.0? Reflections on Online Activism in India (working title). Bangalore: Centre for Internet and Society.

Singh, Parminder Jeet (2008). Recommendations for a Meaningful and Successful e-Governance in India. IT for Change Policy Brief, IT for Change, Bangalore.

Telecom Regulatory Auhority of India (TRAI) (2010). The Indian Telecom Services Performance Indicators, October-December 2009. New Delhi: Telecom Regulatory Auhority of India.

For more details visit https://cis-india.org/internet-governance/blog/beyond-access-as-inclusion

Between the Local and the Global: Notes Towards Thinking the Nature of Internet Policy

nishant — 2014-04-04T03:49:14Z

This post by Nishant Shah is part of a series related to the 2014 Milton Wolf Seminar on Media and Diplomacy: The Third Man Theme Revisited: Foreign Policies of the Internet in a Time Of Surveillance and Disclosure, which takes place in Vienna, Austria from March 30 – April 1, 2014.

The 2014 seminar is jointly organized by the Center for Global Communication Studies (CGCS) at the University of Pennsylvania’s Annenberg School for Communication, the American Austrian Foundation (AAF), and the Diplomatic Academy of Vienna (DA). For more information visit the seminar webpage and Facebook Page. Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India.

Nishant Shah's post was published on April 1st, 2014 | by cgcsblog

An imagined and perceived gap between the global and the local informs transnational politics and internet policy. The global views the local as both the site upon which the global can manifest itself as well as the microcosm that supports and strengthens global visions by providing mutations, adaptations and reengineering of the governance practices. The local is encouraged to connect with the global through a series of outward facing practices and policies, thus producing two separate domains of preservation and change. On the one hand, the local, the organic and the traditional, needs to be preserved and make the transnational and the global the exotic other. On the other hand, the local also needs to be in a state of aspiration, transforming itself to belong to global networks of polity and policy that are deemed as desirable, especially for a development and rights based vision of societies.

While these negotiations and transactions are often fruitful and local, national, and transnational structures and mechanics have been developed to facilitate this flow, this relationship is precarious. There is an implicit recognition that the local and the transnational, dialectically produced, are often opaque categories and empty signifiers. They sustain themselves through unquestioned presumptions of particular attributes that are taken for granted in these interactions. There have been many different metaphors that have been used to understand and explain these complex transfers of knowledge and information, resources and capital, bodies and ideologies. Vectors, Flows, Disjunctures, Intersections are some of the examples. However, with the rise of the digital technologies and vocabularies, especially the internet, the metaphor of the Network with its distributed nodes has become one of the most potent explanations of contemporary politics. This idea of living in networked worlds is so seductive and ‘common-sense,’ that it has become an everyday practice to think of the global as a robust, never-ending, all-inclusive network where the local becomes an important node because it enables both connectivity within but also an expansion of the edges, in order to connect to that which is outside the traffic capacities of the network.

The ‘Network Society’ paradigm is distinct from earlier rubrics of information and open society that have informed existing information and communication policies. In this paradigm we have the opportunity to revisit and remap the ways in which local governments and populations function and how they produce locals who can feed into the transnational and global discourse. The network facilitates some knowledge that is valuable and allows us to map inequity and mal-distribution of resources by offering comparisons between the different nodes. Networks force our attention to the edges, the no-person’s-zone which is porous but still serves as an osmotic filter that often keeps the underprivileged and the unintelligible outside its fold. Networks as metaphors are valuable because they produce a cartographic vision of the world with multiple boundaries and layers, dealing with big data sets to create patterns that might otherwise be invisible. They enable the replication of models that can be further localised and adapted to fit the needs of the context. Networks make the world legible – we write it through the lens of the network, intelligible – we understand it through the language and vocabulary of the network, and accessible – it allows for knowledge and practices to transfer across geographies and times.

At the same time, networks are a vicious form of organisation because they work through the logic of resource maximisation, efficiency and optimisation, often disallowing voices of dissent that threaten the consensus making mechanisms of the network. Networks have a self-referential relationship with reality because they produce accounts of reality which can easily stand in for the material and the real. They are the new narratives that can operate with existing data sets and produce such rich insights for analysis that we forget to account for that which cannot be captured in the database structures of these data streams. Networks work through a principle of homogeneity and records, thus precluding forms of operation which cannot be easily quantified.

Given this complex nature of networks and the fact that they are emerging as the de facto explanations of not only social and cultural relationships but also economic and political transactions, it might be fruitful to approach the world of policy and politics, the local and the transnational, through the lens of the network. Building a critique of the network while also deploying the network as a way to account for the governmental practices might produce key insights into how the world operates. What does it mean to imagine the world in the image of the internet as a gigantic network? What are the ways in which a networked visualisation of policy and governmental processes can help us analyse and understand contemporary politics? What tools can we develop to expose the limitations of a network paradigm and look at more inclusive and sensitive models for public discourse and participation? How do we document events, people, and drivers of political change that often get overlooked in the networked imagination of transnational politics? These are the kind of questions that the Center for Global Communication Study’s Internet Policy Observatory (IPO) could initiate, building empirical, qualitative and historical research to understand the complex state of policy making and its relationship with enforcement, operationalization and localisation.

Given the scope and scale of these questions, there are a few specific directions that can be followed to ensure that research is focused and concentrated rather than too vague and generalised:

Bird’s eye views: The big picture understanding of transnational political and policy networks is still missing from our accounts of contemporary discourse. While global representative networks of multi-stakeholder dialogues have been established, there is not enough understanding of how they generate traffic (information, knowledge, data, people, policies) within the network through the different nodes. Producing an annotated and visual network map that looks at the different structural and organisational endeavours and presences, based on available open public data, bolstered by qualitative interviews would be very useful both as a research resource but also an analytic prototype to understand the complex relationships between the various stakeholders involved in processes of political change.
Crisis Mapping: One of the most important things within Network studies is how the network identifies and resolves crises. Crises are the moment when the internal flaws, the structural weaknesses, and the fragile infrastructure become visible. The digital network, like the internet, has specific mechanisms of protecting itself against crises. However, the appearance of a crisis becomes an exciting time to look at the discrepancy between the ambition of the network and its usage. A crisis is generally a symptom that shows the potentials for radical subversion, overthrowing, questioning and the abuse of network designs and visions. Locating ICT related crises with historical and geographical focuses could similarly reveal the discrepancies of the processes of making policy and orchestrating politics.
Longitudinal Studies: The network remains strong because it works through a prototype principle. Consequently, no matter how large the network is, it is possible to splice, slice, and separate a small component of the network for deep dive studies. This microcosm offers rich data sets, which can then be applied across the network to yield different results. Further, working with different actors – from individual to the collective, from the informal the institutional – but giving them all equal valency provides a more equal view of the roles, responsibilities, and aspirations of the different actors involved in the processes. This kind of a longitudinal study, working on very small case-studies and then applying them to analyse the larger social and political conditions help in understanding the transnational and global processes in a new way.

These research based inquiries could result in many different outputs based on the key users that they are working with and for. The methods could be hybrid, using existing local and experimental structures, with predefined criteria for rigour and robustness. The research, given its nature, would necessitate working with existing networks and expanding them, thus building strong and sustainable knowledge networks that can be diverted towards intervention through capacity building and pedagogy directed at the different actors identified within these nodes.

Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India. He is an International Tandem Partner at the Centre for Digital Cultures, Leuphana University, Germany and a Knowledge Partner with the Hivos Knowledge Programme, The Netherlands. In these varied roles, he has been committed to producing infrastructure, frameworks and collaborations in the global south to understand and analyse the ways in which emergence and growth of digital technologies have shaped the contemporary social, political and cultural milieu. He is the editor for a series of monographs on ‘Histories of Internet(s) in India’ that looks at the complicated relationship that technologies have with questions of gender, sexuality, body, city, governance, archiving and gaming in a country like India. He is also the principle researcher for a research programme that produced the four-volume anthology ‘Digital AlterNatives With a Cause?’ that examines the ways in which young people’s relationship with digital technologies produces changes in their immediate environments.

For more details visit https://cis-india.org/internet-governance/blog/cgcs-nishant-shah-april-1-2014-between-the-local-and-the-global

Better Understanding of the Idea of Privacy Sought

praskrishna — 2011-08-08T07:40:18Z

Understanding the ways in which an individual's privacy is violated will help provide a better definition of privacy in India. At a public conference called ‘Privacy Matters' held at the Madras Institute of Development Studies (MIDS) here on Saturday, speakers underscored the need for discussions surrounding the privacy bill.

Prashant Iyengar from Privacy India said, "In India, we do not have a set view on privacy. There is a lot of articulation around privacy in law, yet we do not have an omnibus concept." He stressed the importance of bringing about discussions around the adequacy of safeguards.

Post 26/11 terror attacks, the country has seen an enhancement of electronic surveillance and the proliferation of databases that collect information from individuals, said Santhosh Babu, Secretary, Information Technology Department.

"The problem arises when these databases are misused for political or other reasons. In a legal framework, we have to figure out what information can be given out, what cannot and what can be misused," he said. He stressed the importance of databases going through a software development lifecycle to make them more secure.

Speaking from a media practitioner's perspective, Sashi Kumar, Chairman, Media Development Foundation, said it is the business of the media to conduct sting operations especially when people in power are obfuscating information. “Sting operations are legitimate when larger public good is at stake. We have to be aware of this when we discuss the privacy bill. It should not protect people in power and keep exposure at bay,” he said. He also stressed that privacy is closely linked with the dignity of the person. R. Ramamurthy, Chairman, Cyber Society of India said, “The definition of privacy varies from what it was twenty years ago to what it is today. A lot has changed since the internet came to India.” The statutes that govern all forms of communication in India should be revamped, he said. Discussions around privacy in relation to telecommunications, financial transactions, consumer rights and basic rights followed. The conference was a collaborative effort between Privacy India, Citizen Consumer and Civic Action Group, Chennai and MIDS.

A staff reporter from the Hindu covered the event. The original can be read here

For more details visit https://cis-india.org/news/better-understanding-of-privacy

Benefits, Harms, Rights and Regulation: A Survey of Literature on Big Data

praskrishna — 2017-03-23T02:03:07Z

For more details visit https://cis-india.org/internet-governance/files/benefits-harms-rights-and-regulation-a-survey-of-literature-on-big-data

Benefits and Harms of "Big Data"

Scott Mason — 2015-12-30T02:48:08Z

Today the quantity of data being generated is expanding at an exponential rate. From smartphones and televisions, trains and airplanes, sensor-equipped buildings and even the infrastructures of our cities, data now streams constantly from almost every sector and function of daily life.

Introduction

In 2011 it was estimated that the quantity of data produced globally would surpass 1.8 zettabyte[1]. By 2013 that had grown to 4 zettabytes[2], and with the nascent development of the so-called 'Internet of Things' gathering pace, these trends are likely to continue. This expansion in the volume, velocity, and variety of data available[3] , together with the development of innovative forms of statistical analytics, is generally referred to as "Big Data"; though there is no single agreed upon definition of the term. Although still in its initial stages, Big Data promises to provide new insights and solutions across a wide range of sectors, many of which would have been unimaginable even 10 years ago.

Despite enormous optimism about the scope and variety of Big Data's potential applications however, many remain concerned about its widespread adoption, with some scholars suggesting it could generate as many harms as benefits[4]. Most notably these have included concerns about the inevitable threats to privacy associated with the generation, collection and use of large quantities of data [5]. However, concerns have also been raised regarding, for example, the lack of transparency around the design of algorithms used to process the data, over-reliance on Big Data analytics as opposed to traditional forms of analysis and the creation of new digital divides to just name a few.

The existing literature on Big Data is vast, however many of the benefits and harms identified by researchers tend to relate to sector specific applications of Big Data analytics, such as predictive policing, or targeted marketing. Whilst these examples can be useful in demonstrating the diversity of Big Data's possible applications, it can nevertheless be difficult to gain an overall perspective of the broader impacts of Big Data as a whole. As such this article will seek to disaggregate the potential benefits and harms of Big Data, organising them into several broad categories, which are reflective of the existing scholarly literature.

What are the potential benefits of Big Data?

From politicians to business leaders, recent years have seen Big Data confidently proclaimed as a potential solution to a diverse range of problems from, world hunger and diseases, to government budget deficits and corruption. But if we look beyond the hyperbole and headlines, what do we really know about the advantages of Big Data? Given the current buzz surrounding it, the existing literature on Big Data is perhaps unsurprisingly vast, providing innumerable examples of the potential applications of Big Data from agriculture to policing. However, rather than try (and fail) to list the many possible applications of Big Data analytics across all sectors and industries, for the purposes of this article we have instead attempted to distil the various advantages of Big Data discussed within literature into the following five broad categories; Decision-Making, Efficiency & Productivity, Research & Development, Personalisation and Transparency, each of which will be discussed separately below.

Decision-Making

Whilst data analytics have always been used to improve the quality and efficiency of decision-making processes, the advent of Big Data means that the areas of our lives in which data driven decision- making plays a role is expanding dramatically; as businesses and governments become better able to exploit new data flows. Furthermore, the real-time and predictive nature of decision-making made possible by Big Data, are increasingly allowing these decisions to be automated. As a result, Big Data is providing governments and business with unprecedented opportunities to create new insights and solutions; becoming more responsive to new opportunities and better able to act quickly - and in some cases preemptively - to deal with emerging threats.

This ability of Big Data to speed up and improve decision-making processes can be applied across all sectors from transport to healthcare and is often cited within the literature as one of the key advantages of Big Data. Joh, for example, highlights the increased use of data driven predictive analysis by police forces to help them to forecast the times and geographical locations in which crimes are most likely to occur. This allows the force to redistribute their officers and resources according to anticipated need, and in certain cities has been highly effective in reducing crime rates [6]. Raghupathi meanwhile cites the case of healthcare, where predictive modelling driven by big data is being used to proactively identify patients who could benefit from preventative care or lifestyle changes[7].

One area in particular where the decision-making capabilities of Big Data are having a significant impact is in the field of risk management [8]. For instance, Big Data can allow companies to map their entire data landscape to help detect sensitive information, such as 16 digit numbers - potentially credit card data - which are not being stored according to regulatory requirements and intervene accordingly. Similarly, detailed analysis of data held about suppliers and customers can help companies to identify those in financial trouble, allowing them to act quickly to minimize their exposure to any potential default[9].

Efficiency and Productivity

In an era when many governments and businesses are facing enormous pressures on their budgets, the desire to reduce waste and inefficiency has never been greater. By providing the information and analysis needed for organisations to better manage and coordinate their operations, Big Data can help to alleviate such problems, leading to the better utilization of scarce resources and a more productive workforce [10].

Within the literature such efficiency savings are most commonly discussed in relation to reductions in energy consumption [11]. For example, a report published by Cisco notes how the city of Olso has managed to reduce the energy consumption of street-lighting by 62 percent through the use of smart solutions driven by Big Data[12]. Increasingly, however, statistical models generated by Big Data analytics are also being utilized to identify potential efficiencies in sourcing, scheduling and routing in a wide range of sectors from agriculture to transport. For example, Newell observes how many local governments are generating large databases of scanned license plates through the use of automated license plate recognition systems (ALPR), which government agencies can then use to help improve local traffic management and ease congestion[13].

Commonly these efficiency savings are only made possible by the often counter-intuitive insights generated by the Big Data models. For example, whilst a human analyst planning a truck route would always tend to avoid 'drive-bys' - bypassing one stop to reach a third before doubling back - Big Data insights can sometimes show such routes to be more efficient. In such cases efficiency saving of this kind would in all likelihood have gone unrecognised by a human analyst, not trained to look for such patterns[14].

Research, Development, and Innovation

Perhaps one of the most intriguing benefits of Big Data is its potential use in the research and development of new products and services. As is highlighted throughout the literature, Big Data can help businesses to gain an understanding of how others perceive their products or identify customer demand and adapt their marketing or indeed the design of their products accordingly[15]. Analysis of social media data, for instance, can provide valuable insights into customers' sentiments towards existing products as well as discover demands for new products and services, allowing businesses to respond more quickly to changes in customer behaviour[16].

In addition to market research, Big Data can also be used during the design and development stage of new products; for example by helping to test thousands of different variations of computer-aided designs in an expedient and cost-effective manner. In doing so, business and designers are able to better assess how minor changes to a products design may affect its cost and performance, thereby improving the cost-effectiveness of the production process and increasing profitability.

Personalisation

For many consumers, perhaps the most familiar application of Big Data is its ability to help tailor products and services to meet their individual preferences. This phenomena is most immediately noticeable on many online services such as Netflix; where data about users activities and preferences is collated and analysed to provide a personalised service, for example by suggesting films or television shows the user may enjoy based upon their previous viewing history[17]. By enabling companies to generate in-depth profiles of their customers, Big Data allows businesses to move past the 'one size fits all' approach to product and services design and instead quickly and cost-effectively adapt their services to better meet customer demand.

In addition to service personalisation, similar profiling techniques are increasingly being utilized in sectors such as healthcare. Here data about a patient's medical history, lifestyle, and even their gene expression patterns are collated, generating a detailed medical profile which can then be used to tailor treatments to meet their specific needs[18]. Targeted care of this sort can not only help to reduce costs for example by helping to avoid over-prescriptions, but may also help to improve the effectiveness of treatments and so ultimately their outcome.

Transparency

If 'knowledge is power', then, - so say Big Data enthusiasts - advances in data analytics and the quantity of data available can give consumers and citizens the knowledge to hold governments and businesses to account, as well as make more informed choices about the products and services they use. Nevertheless, data (even lots of it) does not necessarily equal knowledge. In order for citizens and consumers to be able to fully utilize the vast quantities of data available to them, they must first have some way to make sense of it. For some, Big Data analytics provides just such a solution, allowing users to easily search, compare and analyze available data, thereby helping to challenge existing information asymmetries and make business and government more transparent[19].

In the private sector, Big Data enthusiasts have claimed that Big Data holds the potential to ensure complete transparency of supply chains, enabling concerned consumers to trace the source of their products, for example to ensure that they have been sourced ethically [20]. Furthermore, Big Data is now making accessible information which was previously unavailable to average consumers and challenging companies whose business models rely on the maintenance of information asymmetries.The real-estate industry, for example, relies heavily upon its ability to acquire and control proprietary information, such as transaction data as a competitive asset. In recent years, however, many online services have allowed consumers to effectively bypass agents, by providing alternative sources of real-estate data and enabling prospective buyers and sellers to communicate directly with each other[21]. Therefore, providing consumers with access to large quantities of actionable data . Big Data can help to eliminate established information asymmetries, allowing them to make better and more informed decisions about the products they buy and the services they enlist.

This potential to harness the power of Big Data to improve transparency and accountability can also be seen in the public sector, with many scholars suggesting that greater access to government data could help to stem corruption and make politics more accountable. This view was recently endorsed by the UN who highlighted the potential uses of Big Data to improve policymaking and accountability in a report published by the Independent Expert Advisory Group on the "Data Revolution for Sustainable Development". In the report experts emphasize the potential of what they term the 'data revolution', to help achieve sustainable development goals by for example helping civil society groups and individuals to 'develop data literacy and help communities and individuals to generate and use data, to ensure accountability and make better decisions for themselves' [22].

What are the potential harms of Big Data?

Whilst it is often easy to be seduced by the utopian visions of Big Data evangelists, in order to ensure that Big Data can deliver the types of far-reaching benefits its proponents promise, it is vital that we are also sensitive to its potential harms. Within the existing literature, discussions about the potential harms of Big Data are perhaps understandably dominated by concerns about privacy. Yet as Big Data has begun to play an increasingly central role in our daily lives, a broad range of new threats have begun to emerge including issues related to security and scientific epistemology, as well as problems of marginalisation, discrimination and transparency; each of which will be discussed separately below.

Privacy

By far the biggest concern raised by researchers in relation to Big Data is its risk to privacy. Given that by its very nature Big Data requires extensive and unprecedented access to large quantities of data; it is hardly surprising that many of the benefits outlined above in one way or another exist in tension with considerations of privacy. Although many scholars have called for a broader debate on the effects of Big Data on ethical best practice ^{^[23]}, a comprehensive exploration into the complex debates surrounding the ethical implications of Big Data go far beyond the scope of this article. Instead we will simply attempt to highlight some of the major areas of concern expressed in the literature, including its effects on established principles of privacy and the implication of Big Data on the suitability of existing regulatory frameworks governing privacy and data protection.

1. Re-identification

Traditionally many Big Data enthusiasts have used de-identification - the process of anonymising data by removing personally identifiable information (PII) - as a way of justifying mass collection and use of personal data. By claiming that such measures are sufficient to ensure the privacy of users, data brokers, companies and governments have sought to deflect concerns about the privacy implications of Big Data, and suggest that it can be compliant with existing regulatory and legal frameworks on data protection.

However, many scholars remain concerned about the limits of anonymisation. As Tene and Polonetsky observe 'Once data-such as a clickstream or a cookie number-are linked to an identified individual, they become difficult to disentangle'[24]. They cite the example of University of Texas researchers Narayanan and Shmatikov, who were able to successfully re-identify anonymised Netflix user data by cross referencing it with data stored in a publicly accessible online database. As Narayanan and Shmatikov themselves explained, 'once any piece of data has been linked to a person's real identity, any association between this data and a virtual identity breaks anonymity of the latter' [25]. The quantity and variety of datasets which Big Data analytics has made associable with individuals is therefore expanding the scope of the types of data that can be considered PII, as well as undermining claims that de-identification alone is sufficient to ensure privacy for users.

2. Privacy Frameworks Obsolete?

In recent decades privacy and data protection frameworks based upon a number of so-called 'privacy principles' have formed the basis of most attempts to encourage greater consideration of privacy issues online[26]. For many however, the emergence of Big Data has raised question about the extent to which these 'principles of privacy' are workable in an era of ubiquitous data collection.

Collection Limitation and Data Minimization : Big Data by its very nature requires the collection and processing of very large and very diverse data sets. Unlike other forms scientific research and analysis which utilize various sampling techniques to identify and target the types of data most useful to the research questions, Big Data instead seeks to gather as much data as possible, in order to achieve full resolution of the phenomenon being studied, a task made much easier in recent years as a result of the proliferation of internet enabled devices and the growth of the Internet of Things. This goal of attaining comprehensive coverage exists in tension however with the key privacy principles of collection limitation and data minimization which seek to limit both the quantity and variety of data collected about an individual to the absolute minimum[27].

Purpose Limitation: Since the utility of a given dataset is often not easily identifiable at the time of collection, datasets are increasingly being processed several times for a variety of different purposes. Such practices have significant implications for the principle of purpose limitation, which aims to ensure that organizations are open about their reasons for collecting data, and that they use and process the data for no other purpose than those initially specified [28].

Notice and Consent: The principles of notice and consent have formed the cornerstones of attempts to protect privacy for decades. Nevertheless in an era of ubiquitous data collection, the notion that an individual must be required to provide their explicit consent to allow for the collection and processing of their data seems increasingly antiquated, a relic of an age when it was possible to keep track of your personal data relationships and transactions. Today as data streams become more complex, some have begun to question suitability of consent as a mechanism to protect privacy. In particular commentators have noted how given the complexity of data flows in the digital ecosystem most individuals are not well placed to make truly informed decisions about the management of their data[29]. In one study, researchers demonstrated how by creating the perceptions of control, users were more likely to share their personal information, regardless of whether or not the users had actually gained control [30]. As such, for many, the garnering of consent is increasingly becoming a symbolic box-ticking exercise which achieves little more than to irritate and inconvenience customers whilst providing a burden for companies and a hindrance to growth and innovation [31].

Access and Correction: The principle of 'access and correction' refers to the rights of individuals to obtain personal information being held about them as well as the right to erase, rectify, complete or otherwise amend that data. Aside from the well documented problems with privacy self-management, for many the real-time nature of data generation and analysis in an era of Big Data poses a number of structural challenges to this principle of privacy. As x comments, 'a good amount of data is not pre-processed in a similar fashion as traditional data warehouses. This creates a number of potential compliance problems such as difficulty erasing, retrieving or correcting data. A typical big data system is not built for interactivity, but for batch processing. This also makes the application of changes on a (presumably) static data set difficult'[32].

Opt In-Out: The notion that the provision of data should be a matter of personal choice on the part of the individual and that the individual can, if they chose decide to 'opt-out' of data collection, for example by ceasing use of a particular service, is an important component of privacy and data protection frameworks. The proliferation of internet-enabled devices, their integration into the built environment and the real-time nature of data collection and analysis however are beginning to undermine this concept. For many critics of Big Data the ubiquity of data collection points as well as the compulsory provision of data as a prerequisite for the access and use of many key online services is making opting-out of data collection not only impractical but in some cases impossible. [33]

3. "Chilling Effects"

For many scholars the normalization of large scale data collection is steadily producing a widespread perception of ubiquitous surveillance amongst users. Drawing upon Foucault's analysis of Jeremy Bentham's panopticon and the disciplinary effects of surveillance, they argue that this perception of permanent visibility can cause users to sub-consciously 'discipline' and self- regulate of their own behavior, fearful of being targeted or identified as 'abnormal' [34]. As a result, the pervasive nature of Big Data risks generating a 'chilling effect' on user behavior and free speech.

Although the notion of "chilling effects" is quite prevalent throughout the academic literature on surveillance and security, the difficulty of quantifying the perception and effects of surveillance on online behavior and practices means that there have only been a limited number of empirical studies of this phenomena, and none directly related to the chilling effects of Big Data. One study, conducted by researchers at MIT however, sought to assess the impact of Edward Snowden's revelations about NSA surveillance programs on Google search trends. Nearly 6,000 participants were asked to individually rate certain keywords for their perceived degree of privacy sensitivity along multiple dimensions. Using Google's own publicly available search data, the researchers then analyzed search patterns for these terms before and after the Snowden revelations. In doing so they were able to demonstrate a reduction of around 2.2% in searchers for those terms deemed to be most sensitive in nature. According to the researchers themselves, the results 'suggest that there is a chilling effect on search behaviour from government surveillance on the Internet'[35]. Although this study focussed on the effects on government surveillance, for many privacy advocates the growing pervasiveness of Big Data risks generating similar results. [36]

4. Dignitary Harms of Predictive Decision-Making

In addition to its potentially chilling effects on free speech, the automated nature of Big Data analytics also possess the potential to inflict so-called 'dignitary harms' on individuals, by revealing insights about themselves that they would have preferred to keep private [37].

In an infamous example, following a shopping trip to the retail chain Target, a young girl began to receive mail at her father's house advertising products for babies including, diapers, clothing, and cribs. In response, her father complained to the management of the company, incensed by what he perceived to be the company's attempts to "encourage" pregnancy in teens. A few days later however, the father was forced to contact the store again to apologies, after his daughter had confessed to him that she was indeed pregnant. It was later revealed that Target regularly analyzed the sale of key products such as supplements or unscented lotions in order to generate "pregnancy prediction" scores, which could be used to assess the likelihood that a customer was pregnant and to therefore target them with relevant offers[38]. Such cases, though anecdotal illustrate how Big Data if not adopted sensitively can lead to potential embarrassing information about users being made public.

Security

In relation to cybersecurity Big Data can be viewed to a certain extent as a double-edged sword. On the one hand, the unique capabilities of Big Data analytics can provide organizations with new and innovative methods of enhancing their cybersecurity systems. On the other however, the sheer quantity and diversity of data emanating from a variety of sources creates its own security risks.

5. "Honey-Pot"

The larger the quantities of confidential information stored by companies on their databases the more attractive those databases may appear to potential hackers.

6. Data Redundancy and Dispersion

Inherent to Big Data systems is the duplication of data to many locations in order to optimize query processing. Data is dispersed across a wide range of data repositories in different servers, in different parts of the world. As a result it may be difficult for organizations to accurately locate and secure all items of personal information.

Epistemological and Methodological Implications

In 2008 Chris Anderson infamously proclaimed the 'end of theory'. Writing for Wired Magazine, Anderson predicted that the coming age of Big Data would create a 'deluge of data' so large that the scientific methods of hypothesis, sampling and testing would be rendered 'obsolete' [39]. 'There is now a better way' Anderson insisted, 'Petabytes allow us to say: "Correlation is enough." We can stop looking for models. We can analyze the data without hypotheses about what it might show. We can throw the numbers into the biggest computing clusters the world has ever seen and let statistical algorithms find patterns where science cannot'[40].

In spite of these bold claims however, many theorists remain skeptical of Big Data's methodological benefits and have expressed concern about its potential implications for conventional scientific epistemologies. For them the increased prominence of Big Data analytics in science does not signal a paradigmatic transition to a more enlightened data-driven age, but a hollowing out of the scientific method and an abandonment of casual knowledge in favor of shallow correlative analysis[41].

7. Obfuscation

Although Big Data analytics can be utilized to study almost any phenomena where enough data exists, many theorists have warned that simply because Big Data analytics can be used does not necessarily mean that they should be used[42]. Bigger is not always better and indeed the sheer quantity of data made available to users may in fact act to obscure certain insights. Whereas traditional scientific methods use sampling techniques to identify the most important and relevant data, Big Data by contrast encourages the collection and use of as much data as possible, in an attempt to attain full resolution of the phenomena being studied. However, not all data is equally useful and simply inputting as much data as possible into an algorithm is unlikely to produce accurate results and may instead obscure key insights.

Indeed, whilst the promise of automation is central to a large part of Big Data's appeal, researchers observe that most Big Data analysis still requires an element of human judgement to filter out the 'good' data from the 'bad', and to decide what aspects of the data are relevant to the research objectives. As Boyd and Crawford observe, 'in the case of social media data, there is a 'data cleaning' process: making decisions about what attributes and variables will be counted, and which will be ignored. This process is inherently subjective"^{^[43]}.

Google's Flu Trend project provides an illustrative example of how Big Data's tendency to try to maximise data inputs can produce misleading results. Designed to accurately track flu outbreaks based upon data collected from Google searches, the project was initially proclaimed to be a great success. Gradually however it became apparent that the results being produced were not reflective of the reality on the ground. Later it was discovered that the algorithms used by the project to interpret search terms were insufficiently accurate to filter out anomalies in searches, such as those related to the 2009 H1N1 flu pandemic. As such, despite the great promise of Big Data, scholars insist it remains critical to be mindful of its limitations, remain selective about the types of data included in the analysis and exercise caution and intuition whenever interpreting its results ^{^[44]}.

8. "Apophenia"

In complete contrast to the problem of obfuscation, Boyd and Crawford observe how Big Data may also lead to the practice of 'apophenia', a phenomena whereby analysts interpret patterns where none exist, 'simply because enormous quantities of data can offer connections that radiate in all directions" ^{^[45]}. David Leinweber for example demonstrated that data mining techniques could show strong but ultimately spurious correlations between changes in the S&P 500 stock index and butter production in Bangladesh [46]. Such spurious correlation between disparate and unconnected phenomena are a common feature of Big Data analytics and risks leading to unfounded conclusions being draw from the data.

Although Leinweber's primary focus of analysis was the use of Data-Mining technologies, his observations are equally applicable to Big Data. Indeed the tendency amongst Big Data analysts to marginalise the types of domain specific expertise capable of differentiating between relevant and irrelevant correlations in favour of algorithmic automation can in many ways be seen to exacerbate many of the problems Leinweber identified.

9. From Causation to Correlation

Closely related to the problem of Aphonenia is the concern that Big Data's emphasis on correlative analysis risks leading to an abandonment of the pursuit of causal knowledge in favour of shallow descriptive accounts of scientific phenomena[47].

For many, Big Data enthusiasts 'correlation is enough', producing inherently meaningful results interpretable by anyone without the need for pre-existing theory or hypothesis. Whilst proponents of Big Data claim that such an approach allows them to produce objective knowledge, by cleansing the data of any kind of philosophical or ideological commitment, for others by neglecting the knowledge of domain experts, Big Data risks generating a shallow type of analysis, since it fails to adequately embed observations within a pre-existing body of knowledge.

This commitment to an empiricist epistemology and methodological monism is particularly problematic in the context of studies of human behaviour, where actions cannot be calculated and anticipated using quantifiable data alone. In such instances, a certain degree of qualitative analysis of social, historical and cultural variables may be required in order to make the data meaningful by embedding it within a broader body of knowledge. The abstract and intangible nature of these variables requires a great deal of expert knowledge and interpretive skill to comprehend. It is therefore vital that the knowledge of domain specific experts is properly utilized to help 'evaluate the inputs, guide the process, and evaluate the end products within the context of value and validity'[48].

As such, although Big Data can provide unrivalled accounts of "what" people do, it fundamentally fails to deliver robust explanations of "why" people do it. This problem is especially critical in the case of public policy-making since without any indication of the motivations of individuals, policy-makers can have no basis upon which to intervene to incentivise more positive outcomes.

Digital Divides and Marginalisation

Today data is a highly valuable commodity. The market for data in and of itself has been steadily growing in recent years with the business models of many online services now formulated around the strategy of harvesting data from users^{^[49]}. As with the commodification of anything however, inequalities can easily emerge between the haves and have not's. Whilst the quantity of data currently generated on a daily basis is many times greater than at any other point in human history, the vast majority of this data is owned and tightly controlled by a very small number of technology companies and data brokers. Although in some instances limited access to data may be granted to university researchers or to those willing and able to pay a fee, in many cases data remains jealously guarded by data brokers, who view it as an important competitive asset. As a result these data brokers and companies risk becoming the gatekeepers of the Big Data revolution, adjudicating not only over who can benefit from Big Data, but also in what context and under what terms. For many such inconsistencies and inequalities in access to data raises serious doubts about just how widely distributed the benefits of Big Data will be. Others go even further claiming that far from helping to alleviate inequalities, the advent of Big Data risks exacerbating already significant digital divides that exist as well as creating new ones ^{^[50]}.

10. Anti-Competitive Practices

As a result of the reluctance of large companies to share their data, there increasingly exists a divide in access between small start-ups companies and their larger and more established competitors. Thus, new entrants to the marketplace may be at a competitive disadvantage in relation to large and well established enterprises, being as they are unable to harness the analytical power of the vast quantities of data available to large companies by virtue of their privileged market position. Since the performance of many online services are today often intimately connected with the collation and use of users data, some researchers have suggested that this inequity in access to data could lead to a reduction in competition in the online marketplace, and ultimately therefore to less innovation and choice for consumers[51].

As a result researchers including Nathan Newman of New York University have called for a reassessment and reorientation of anti-trust investigations and regulatory approaches more generally to 'to focus on how control of personal data by corporations can entrench monopoly power and harm consumer welfare in an economy shaped increasingly by the power of "big data"'[52]. Similarly a report produced by the European Data Protection Supervisor concluded that, 'The scope for abuse of market dominance and harm to the consumer through refusal of access to personal information and opaque or misleading privacy policies may justify a new concept of consumer harm for competition enforcement in digital economy' [53].

11. Research

From a research perspective barriers to access to data caused by proprietary control of datasets are problematic, since certain types of research could become restricted to those privileged enough to be granted access to data. Meanwhile those denied access are left not only incapable of conducting similar research projects, but also unable to test, verify or reproduce the findings of those who do. The existence of such gatekeepers may also lead to reluctance on the part of researchers to undertake research critical of the companies, upon whom they rely for access, leading to a chilling effect on the types of research conducted[54].

12. Inequality

Whilst bold claims are regularly made about the potential of Big Data to deliver economic development and generate new innovations, some critics of remain concerned about how equally the benefits of Big Data will be distributed and the effects this could have on already established digital divides [55].

Firstly, whilst the power of Big Data is already being utilized effectively by most economically developed nations, the same cannot necessarily be said for many developing countries. A combination of lower levels of connectivity, poor information infrastructure, underinvestment in information technologies and a lack of skills and trained personnel make it far more difficult for the developing world to fully reap the rewards of Big Data. As a consequence the Big Data revolution risks deepening global economic inequality as developing countries find themselves unable to compete with data rich nations whose governments can more easily exploit the vast quantities of information generated by their technically literate and connected citizens.

Likewise, to the extent that the Big Data analytics is playing a greater role in public policy-making, the capacity of individuals to generate large quantities of data, could potentially impact upon the extent to which they can provide inputs into the policy-making process. In a country such as India for example, where there exist high levels of inequality in access to information and communication technologies and the internet, there remain large discrepancies in the quantities of data produced by individuals. As a result there is a risk that those who lack access to the means of producing data will be disenfranchised, as policy-making processes become configured to accommodate the needs and interests of a privilege minority [56].

Discrimination

13. Injudicious or Discriminatory Outcomes

Big Data presents the opportunity for governments, businesses and individuals to make better, more informed decisions at a much faster pace. Whilst this can evidently provide innumerable opportunities to increase efficiency and mitigate risk, by removing human intervention and oversight from the decision-making process Big Data analysts run the risk of becoming blind to unfair or injudicious results generated by skewed or discriminatory programming of the algorithms.

There currently exists a large number of automated decision-making algorithms in operation across a broad range of sectors including most notably perhaps those used to asses an individual's suitability for insurance or credit. In either of these cases faults in the programming or discriminatory assessment criteria can have potentially damaging implications for the individual, who may as a result be unable to attain credit or insurance. This concern with the potentially discriminatory aspects of Big Data is prevalent throughout the literature and real life examples have been identified by researchers in a large number of major sectors in which Big Data is currently being used[57].

Yu for instance, cites the case of the insurance company Progressive, which required its customers to install 'Snapsnot' - a small monitoring device - into their cars in order to receive their best rates. The device tracked and reported the customers driving habits, and offered discounts to those drivers who drove infrequently, broke smoothly, and avoided driving at night - behaviors that correlate with a lower risk of future accidents. Although this form of price differentiation provided incentives for customers to drive more carefully, it also had the unintended consequence of unfairly penalizing late-night shift workers. As Yu observes, 'for late night shift-workers, who are disproportionately poorer and from minority groups, this differential pricing provides no benefit at all. It categorizes them as similar to late-night party-goers, forcing them to carry more of the cost of the intoxicated and other irresponsible driving that happens disproportionately at night'[58].

In another example, it is noted how Big Data is increasingly being used to evaluate applicants for entry-level service jobs. One method of evaluating applicants is by the length of their commute - the rationale being that employees with shorter commutes are statistically more likely to remain in the job longer. However, since most service jobs are typically located in town centers and since poorer neighborhoods tend to be those on the outskirts of town, such criteria can have the effect of unfairly disadvantaging those living in economically deprived areas. Consequently such metrics of evaluation can therefore also unintentionally act to reinforce existing social inequalities by making it more difficult for economically disadvantaged communities to work their way out of poverty[59].

14. Lack of Algorithmic Transparency.

If data is indeed the 'oil of the 21^st century'[60] then algorithms are very much the engines which are driving innovation and economic development. For many companies the quality of their algorithms is often a crucial factor in providing them with a market advantage over their competitor. Given their importance, the secrets behind the programming of algorithms are often closely guarded by companies, and are typically classified as trade secrets and as such are protected by intellectual property rights. Whilst companies may claim that such secrecy is necessary to encourage market competition and innovation, many scholars are becoming increasingly concerned about the lack of transparency surrounding the design of these most crucial tools.

In particular there is a growing sentiment common amongst many researchers that there currently exists a chronic lack of accountability and transparency in terms of how Big Data algorithms are programmed and what criteria are used to determine outcomes ^{^[61]}. As Frank Pasquale observed,

' hidden algorithms can make (or ruin) reputations, decide the destiny of entrepreneurs, or even devastate an entire economy. Shrouded in secrecy and complexity, decisions at major Silicon Valley and Wall Street firms were long assumed to be neutral and technical. But leaks, whistleblowers, and legal disputes have shed new light on automated judgment. Self-serving and reckless behavior is surprisingly common, and easy to hide in code protected by legal and real secrecy'[62].

As such, without increased transparency in algorithmic design, instances of Big Data discrimination may go unnoticed as analyst are unable to access the information necessary to identify them.

Conclusion

Today Big Data presents us with as many challenges as it does benefits. Whilst Big Data analytics can offer incredible opportunities to reduce inefficiency, improve decision-making, and increase transparency, concerns remain about the effects of these new technologies on issues such as privacy, equality and discrimination. Although the tensions between the competing demands of Big Data advocates and their critics may appear irreconcilable; only by highlighting these points of contestation can we hope to begin to ask the types of important and difficult questions necessary to do so, including; how can we reconcile Big Data's need for massive inputs of personal information with core principles of privacy such as data minimization and collection limitation? What processes and procedures need to be put in place during the design and implementation of Big Data models and algorithms to provide sufficient transparency and accountability so as to avoid instances of discrimination? What measures can be used to help close digital divides and ensure that the benefits of Big Data are shared equitably? Questions such as these are today only just beginning to be addressed; each however, will require careful consideration and reasoned debate, if Big Data is to deliver on its promises and truly fulfil its 'revolutionary' potential.

[1] Gantz, J., &Reinsel, D. Extracting Value from Chaos, IDC, (2011), available at: http://www.emc.com/collateral/analyst-reports/idc-extracting-value-from-chaos-ar.pdf

[2] Meeker, M. & Yu, L. Internet Trends, Kleiner Perkins Caulfield Byers, (2013), http://www.slideshare.net/kleinerperkins/kpcb-internet-trends-2013 .

[3] Douglas, L. "3D Data Management: Controlling Data Volume, Velocity and Variety" . Gartner, (2001)

[4] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878, Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[5] Ibid.,

[6] Joh. E, 'Policing by Numbers: Big Data and the Fourth Amendment', Washington Law Review, Vol. 85: 35, (2014) https://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/1319/89WLR0035.pdf?sequence=1

[7] Raghupathi, W., &Raghupathi, V. Big data analytics in healthcare: promise and potential. Health Information Science and Systems, (2014)

[8] Anderson, R., & Roberts, D. 'Big Data: Strategic Risks and Opportunities, Crowe Horwarth Global Risk Consulting Limited, (2012) https://www.crowehorwath.net/uploadedfiles/crowe-horwath-global/tabbed_content/big%20data%20strategic%20risks%20and%20opportunities%20white%20paper_risk13905.pdf

[9] Ibid.

[10] Kshetri. N, 'The Emerging role of Big Data in Key development issues: Opportunities, challenges, and concerns'. Big Data & Society (2014)http://bds.sagepub.com/content/1/2/2053951714564227.abstract,

[11] Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[12] Cisco, 'IoE-Driven Smart Street Lighting Project Allows Oslo to Reduce Costs, Save Energy, Provide Better Service', Cisco, (2014) Available at: http://www.cisco.com/c/dam/m/en_us/ioe/public_sector/pdfs/jurisdictions/Oslo_Jurisdiction_Profile_051214REV.pdf

[13] Newell, B, C. Local Law Enforcement Jumps on the Big Data Bandwagon: Automated License Plate Recognition Systems, Information Privacy, and Access to Government Information. University of Washington - the Information School, (2013) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2341182

[14] Morris, D. Big data could improve supply chain efficiency-if companies would let it, Fortune, August 5 2015, http://fortune.com/2015/08/05/big-data-supply-chain/

[15] Tucker, Darren S., & Wellford, Hill B., Big Mistakes Regarding Big Data, Antitrust Source, American Bar Association, (2014). Available at SSRN: http://ssrn.com/abstract=2549044

[16] Davenport, T., Barth., Bean, R. How is Big Data Different, MITSloan Management Review, Fall (2012), Available at, http://sloanreview.mit.edu/article/how-big-data-is-different/

[17] Tucker, Darren S., & Wellford, Hill B., Big Mistakes Regarding Big Data, Antitrust Source, American Bar Association, (2014). Available at SSRN: http://ssrn.com/abstract=2549044

[18] Raghupathi, W., &Raghupathi, V. Big data analytics in healthcare: promise and potential. Health Information Science and Systems, (2014)

[19] Brown, B., Chui, M., Manyika, J. 'Are you Ready for the Era of Big Data?', McKinsey Quarterly, (2011), Available at, http://www.t-systems.com/solutions/download-mckinsey-quarterly-/1148544_1/blobBinary/Study-McKinsey-Big-data.pdf ; Benady, D., 'Radical transparency will be unlocked by technology and big data', Guardian (2014) Available at: http://www.theguardian.com/sustainable-business/radical-transparency-unlocked-technology-big-data

[20] Ibid.

[21] Ibid.

[22] United Nations, A World That Counts: Mobilising the Data Revolution for Sustainable Development, Report prepared at the request of the United Nations Secretary-General,by the Independent Expert Advisory Group on a Data Revolutionfor Sustainable Development. (2014), pg. 18, see also, Hilbert, M. Big Data for Development: From Information- to Knowledge Societies (2013). Available at SSRN: http://ssrn.com/abstract=2205145

[23] Greenleaf, G. Abandon All Hope? Foreword for Issue 37(2) of the UNSW Law Journal on 'Communications Surveillance, Big Data, and the Law' ,(2014) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2490425##, Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society, Vol. 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[24] Tene, O., &Polonetsky, J. Big Data for All: Privacy and User Control in the Age of Analytics, 11 Nw. J. Tech. &Intell. Prop. 239 (2013) http://scholarlycommons.law.northwestern.edu/njtip/vol11/iss5/1

[25] Narayanan and Shmatikov quoted in Ibid.,

[26] OECD, Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, The Organization for Economic Co-Operation and Development, (1999); The European Parliament and the Council of the European Union, EU Data Protection Directive, "Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data," (1995)

[27] Barocas, S., &Selbst, A, D., Big Data's Disparate Impact,California Law Review, Vol. 104, (2015). Available at SSRN: http://ssrn.com/abstract=2477899

[28] Article 29 Working Group., Opinion 03/2013 on purpose limitation, Article 29 Data Protection Working Party, (2013) available at: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2013/wp203_en.pdf

[29] Solove, D, J. Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013), Available at: http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications

[30] Brandimarte, L., Acquisti, A., & Loewenstein, G., Misplaced Confidences:

Privacy and the Control Paradox, Ninth Annual Workshop on the Economics of Information Security (WEIS) June 7-8 2010, Harvard University, Cambridge, MA, (2010), available at: https://fpf.org/wp-content/uploads/2010/07/Misplaced-Confidences-acquisti-FPF.pdf

[31] Solove, D, J., Privacy Self-Management and the Consent Dilemma, 126 Harv. L. Rev. 1880 (2013), Available at: http://scholarship.law.gwu.edu/cgi/viewcontent.cgi?article=2093&context=faculty_publications

[32] Yu, W, E., Data., Privacy and Big Data-Compliance Issues and Considerations, ISACA Journal, Vol. 3 2014 (2014), available at: http://www.isaca.org/Journal/archives/2014/Volume-3/Pages/Data-Privacy-and-Big-Data-Compliance-Issues-and-Considerations.aspx

[33] Ramirez, E., Brill, J., Ohlhausen, M., Wright, J., & McSweeny, T., Data Brokers: A Call for Transparency and Accountability, Federal Trade Commission (2014) https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf

[34] Michel Foucault, Discipline and Punish: The Birth of the Prison. Translated by Alan Sheridan, London: Allen Lane, Penguin, (1977)

[35] Marthews, A., & Tucker, C., Government Surveillance and Internet Search Behavior (2015), available at SSRN: http://ssrn.com/abstract=2412564

[36] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society, Vol. 15, Issue 5, (2012)

[37] Hirsch, D., That's Unfair! Or is it? Big Data, Discrimination and the FTC's Unfairness Authority, Kentucky Law Journal, Vol. 103, available at: http://www.kentuckylawjournal.org/wp-content/uploads/2015/02/103KyLJ345.pdf

[38] Hill, K., How Target Figured Out A Teen Girl Was Pregnant Before Her Father Didhttp://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/

[39] Anderson, C (2008) "The End of Theory: The Data Deluge Makes the Scientific Method Obsolete", WIRED, June 23 2008, www.wired.com/2008/06/pb-theory/

[40] Ibid.,

[41] Kitchen, R (2014) Big Data, new epistemologies and paradigm shifts, Big Data & Society, April-June 2014: 1-12

[42] Boyd D and Crawford K (2012) Critical questions for big data. Information, Communication and Society 15(5): 662-679

[43] Ibid

[44] Lazer, D., Kennedy, R., King, G., &Vespignani, A. " The Parable of Google Flu: Traps in Big Data Analysis ." Science 343 (2014): 1203-1205. Copy at http://j.mp/1ii4ETo

[45] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[46] Leinweber, D. (2007) 'Stupid data miner tricks: overfitting the S&P 500', The Journal of Investing, vol. 16, no. 1, pp. 15-22. http://m.shookrun.com/documents/stupidmining.pdf

[47] Boyd D and Crawford K (2012) Critical questions for big data. Information, Communication and Society 15(5): 662-679

[48] McCue, C., Data Mining and Predictive Analysis: Intelligence Gathering and Crime Analysis, Butterworth-Heinemann, (2014)

[49] De Zwart, M. J., Humphreys, S., & Van Dissel, B. Surveillance, big data and democracy: lessons for Australia from the US and UK. Http://www.unswlawjournal.unsw.edu.au/issue/volume-37-No-2. (2014) Retrieved from https://digital.library.adelaide.edu.au/dspace/handle/2440/90048

[50] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878; Newman, N., Search, Antitrust and the Economics of the Control of User Data, 31 YALE J. ON REG. 401 (2014)

[51] Newman, N., The Cost of Lost Privacy: Search, Antitrust and the Economics of the Control of User Data (2013). Available at SSRN: http://ssrn.com/abstract=2265026, Newman, N. ,Search, Antitrust and the Economics of the Control of User Data, 31 YALE J. ON REG. 401 (2014)

[52] Ibid.,

[53] European Data Protection Supervisor, Privacy and competitiveness in the age of big data:

The interplay between data protection, competition law and consumer protection in the Digital Economy, (2014), available at: https://secure.edps.europa.eu/EDPSWEB/webdav/shared/Documents/Consultation/Opinions/2014/14-03-26_competitition_law_big_data_EN.pdf

[54] Boyd, D., and Crawford, K. 'Critical Questions for Big Data: Provocations for a cultural, technological, and scholarly phenomenon', Information, Communication & Society,Vol 15, Issue 5, (2012) http://www.tandfonline.com/doi/abs/10.1080/1369118X.2012.678878

[55] Schradie, J., Big Data Not Big Enough? How the Digital Divide Leaves People Out, MediaShift, 31 July 2013, (2013), available at: http://mediashift.org/2013/07/big-data-not-big-enough-how-digital-divide-leaves-people-out/

[56] Crawford, K., The Hidden Biases in Big Data, Harvard Business Review, 1 April 2013 (2013), available at: https://hbr.org/2013/04/the-hidden-biases-in-big-data

[57] Robinson, D., Yu, H., Civil Rights, Big Data, and Our Algorithmic Future, (2014) http://bigdata.fairness.io/introduction/

[58] Ibid.

[59] Ibid

[60] Rotellla, P., Is Data The New Oil? Forbes, 2 April 2012, (2012), available at: http://www.forbes.com/sites/perryrotella/2012/04/02/is-data-the-new-oil/

[61] Barocas, S., &Selbst, A, D., Big Data's Disparate Impact,California Law Review, Vol. 104, (2015). Available at SSRN: http://ssrn.com/abstract=2477899; Kshetri. N, 'The Emerging role of Big Data in Key development issues: Opportunities, challenges, and concerns'. Big Data & Society(2014) http://bds.sagepub.com/content/1/2/2053951714564227.abstract

[62] Pasquale, F., The Black Box Society: The Secret Algorithms That Control Money and Information, Harvard University Press , (2015)

For more details visit https://cis-india.org/internet-governance/blog/benefits-and-harms-of-big-data

Battle for the Internet

praskrishna — 2011-04-01T15:28:19Z

In this article written by Latha Jishnu and published by Down to Earth, Issue: March 15 2011, the author reports about the events in the United States in the post WikiLeaks scenario.

As the Internet becomes the public square and the marketplace of our world, it is increasingly becoming a contested terrain. Its potential for diffusing knowledge and subverting the traditional channels of information is tremendous. So it is not surprising that governments, corporations and even seemingly innocuous social networking sites all want to control and influence the way the Internet operates. It’s easy to see why. Close to a third of humanity is linked to this system—and the dramatic growth in Internet usage over the past decade is set to explode in coming years. So is its commercial promise. Latha Jishnu looks at events in the US following the WikiLeaks exposé of its diplomatic cables, and in the hot spots of political turmoil across the world to understand the significance of the Internet in today’s interconnected world and the threats it faces. Arnab Pratim Dutta explains the technology used to block access to the Net.

An opposition supporter holds up a laptop showing images of celebrations in Cairo's Tahrir Square, after Egypt's President Hosni Mubarak resigned (Photo: Reuters)

Ideas and ideologies, images and reports of events, both minor and cataclysmic, fly on the Internet, swirling through cyberspace, gathering resonance, metamorphosing and touching millions of lives in different ways. Many of the ideas—and visuals—could be banal (as they very often are), some dangerous, others bringing promise of change. Some have the power to subvert, helping to stir and stoke the smouldering embers of political and social unrest as recent uprisings in north Africa, West Asia and Asia have shown. To many, the Internet is the rebel hero of our times, subverting conventional media and leaking news and information that governments would like to censor. Even a village in the remote reaches of Odisha’s Malkangiri district which may have no electricity is in some way linked to cyberspace through smart cell phones because mobile operators are increasingly turning Internet service providers (ISPs) and bringing the worldwide web to the conflict-ridden forests of central India.

It is about the power and reach of connection, unprecedented since people first began communicating with each other. The Internet, therefore, is turning into a conflict zone with everyone seeking control of it: governments, corporations and social networking sites, all of whom have different agendas. Social networks may seem innocuous but they are as much a hazard as the others to Internet freedom. Surveillance of “netizens” is becoming commonplace, whether in democracies or in totalitarian regimes, through a host of new laws and regulations ostensibly aimed at strengthening national security, cyber security or protecting business interests.

While most governments are seeking to filter and block specific content, in extreme cases, as in Egypt, the Net has been blacked out using what some experts say is the “kill switch” (see ‘The Egypt shutdown’). This could emerge as the biggest threat to the Internet since other regimes could be tempted to go the Egyptian way. Most governments, however, prefer not to use it, not even the censorship-obsessed Chinese and Saudi regimes because the Internet is also about business—commerce of increasing significance is being routed through its sinews. Take one small example: In January alone, Britons spent a whopping £5.1 billion online, recording a 21 per cent jump in e-commerce revenues over January 2010, according to the latest edition of the IMRG/CapGemini e-Retail Sales Index. It is the kind of figure that stops authorities from reaching for the kill switch.

In the case of China, e-commerce transactions hit 4.5 trillion yuan (US $682.16 billion) in 2010, up 22 per cent year-on-year, according to China e- Business Research Center and CNZZ Data Center. Of this, online B2B or business-to-business deals accounted for the bulk: 3.8 trillion yuan (US

Popular whistleblower website wikileaks.org was unavailable for some time in December 2010

$576.05 billion). And retail sales are expected to zoom, too, pretty soon with e-commerce websites selling directly to customers growing to more than 18,600 last year. Thanks to a dramatic spike in the rate of Net penetration and impressive growth of online business.

But the world has a long way to go before the Internet becomes ubiquitous or an all-encompassing global commons. Currently, just two billion people are linked to the system (see above: ‘Big picture’), which is less than a third of the world’s population. And the reach, as the chart shows, is rather patchy. India may be in the top five Internet user nations with a total of 81 million users but penetration is an abysmal 6.9 per cent, the worst in the list. Blame that on our pathetic education levels and poverty. China, however, is the undisputed leviathan with 420 million users in 2010—some estimates put the figure closer to 500 million now—who account for more than a fifth of the world’s Internet users. No other country’s growth in this sector matches China’s either in speed or drama.

This is one reason Washington frequently raises the issue of China’s policing of the Internet in different fora. The most recent was on February 15 when secretary of state Hillary Clinton made the second of her rousing speeches on safeguarding the Internet from all kinds of government interference. Speaking at George Washington University in Washington DC, Clinton pointed out that the attempts to control the Internet were rife across the world but singled China for repeated attacks.

“In China, the government censors content and redirects search requests to error pages. In Burma, independent news sites have been taken down with distributed denial of service (DDoS) attacks. In Cuba, the government is trying to create a national intranet, while not allowing their citizens to access the global internet. In Vietnam, bloggers who criticize the government are arrested and abused. In Iran, the authorities block opposition and media websites, target social media, and steal identifying information about their own people in order to hunt them down. These actions reflect a landscape that is complex and combustible, and sure to become more so in the coming years as billions of more people connect to the Internet.”

That seemed a fair assessment of the trends but the irony is that even as the secretary of state was speaking, the Department of Justice was seeking to enforce a court order to direct Twitter Inc, to provide the US government records of three individuals, including Birgitta Jonsdottir, a member of Iceland's Parliament who had been in touch with others about WikiLeaks and its founder Juan Assange last year when WikiLeaks released its huge cache of US diplomatic cables.

A commentary in China Daily noted with asperity: “The Assange case reveals such rhetoric is just so much hypocrisy. It is apparent that when Internet freedom conflicts with self-declared US national interests, or when Internet freedom exposes lies by the self-proclaimed open and transparent government, it immediately becomes a crime.”

The Assange case more than anything else has exposed how vulnerable the Net is to political meddling and control. In December last year, Amazon said it stopped hosting the WikiLeaks website because it “violated its terms of service” and not because the office of the Senate Homeland Security Committee chaired by Joe Lieberman had questioned Amazon about its relationship with WikiLeaks.

WikiLeaks had turned to Amazon to keep its site available after hackers tried to flood it and prevent users accessing the classified information. Few people were willing to credit Amazon’s feeble explanation for cutting off WikiLeaks and the general surmise was that Lieberman had put some kind of pressure on the webhosting platform. According to one analyst, the simple reason is that the US government is one of the company’s biggest clients. According to a press note issued by the company: “Government adoption of AWS (Amazon Web Services) grew significantly in 2010. Today we have nearly 20 government agencies leveraging AWS, and the US federal government continues to be one of our fastest growing customer segments.”

As Amazon abandoned WikiLeaks, Paypal, Visa and MasterCard had also dumped WikiLeaks. This set off a fullscale cyber war in which a fourth party made its presence felt: Hackers/ ‘hacktivists’ who unleashed operation payback for what they deemed unfair targeting of WikiLeaks and Assange. This involved a series of (DDOS) attacks on Paypal, MasterCard, Swiss Bank PostFinance and Lieberman’s website.

So while governments in many parts of the world block sites, jail or kill dissidents for expressing their views on the Net, threats to the freedom of the Internet come primarily from the paranoia that governments suffer and from badly crafted policies they implement to protect business and other interests.

US enforcement agencies shut down 84,000 sites, falsely accusing them of child pornography

The US, the ultimate symbol of liberal democracy, is no less uneasy about the power of the Internet. A slew of laws are making their way through the Senate, laws that will give the administration sweeping powers to seize domain names and shut down websites, even those outside its territory, and laws that strengthen the powers of the president in the time of a cyber emergency, including the use of a kill switch. In September, the US Senate introduced the Combating Online Infringement and Counterfeits Act, which would allow the government to create a blacklist of websites that are suspected to be infringing IP rights and to pressure or require all ISPs to block access to those sites. In these cases, no due process of law protects people before they are disconnected or their sites are blocked.

In India, in the wake of the terrorist attacks in Mumbai in November 2008, Parliament hastily passed amendments to the Information Technology Act, 2000, without any discussion in either House. The December 2008 amendments have some good points but they also allow increased online surveillance. Section 69A permits the Centre to “issue directions for blocking of public access to any information through any computer resource”, which means that the government can block any website.

Pranesh Prakash of the Bengalurubased Centre for Internet and Society notes that while necessity or expediency in terms of certain restricted interests is specified, no guidelines have been specified. “It has to be ensured that they are prescribed first, before any powers of censorship are granted to anybody,” said Prakash in an analysis of the amendments. “In India, it is clear that any law that gives unguided discretion to an administrative authority to exercise censorship is unreasonable.”

Civil rights activists say the section has broadened the scope of surveillance and that there are no legal or procedural safeguards to prevent violation of civil liberties.

As the battle for keeping the Internet is joined by netizens who are aware of the power of connection, governments, too, are ramping up command and control measures. Among the risks to an open, democratic Internet are the following:

Threat to universality

The basic design principle underlying the World Wide Web is universality, and, according to its founder Tim Berners-Lee, several threats are emerging. Among these are: cable companies that sell Internet connectivity wanting to limit their Net users to downloading only the company’s mix of entertainment and social networking sites (see ‘Hidden dangers of Facebook’).

Another is by pricing Net connectivity out of the reach of the poor and allowing differential pricing. Berners- Lee, warned at a recent London conference: “There are a lot of companies who would love to be able to limit what web pages you can see...the moment you let Net neutrality go, you lose the web as it is...You lose something essential—the fact that any innovator can dream up an idea and set up a website at some random place and let it just take off from word of mouth...”

Actions against piracy

The nub of such operations lies in the US Department of Homeland Security, whose Immigration and Customs Enforcement (ICE) and the Department of Justice (DoJ) have been seizing domains because they are suspected of hawking pirated goods. The first seizure was in November last year when 82 websites selling counterfeit goods ranging from handbags to golf clubs were taken out.

Last month, there was another raid on the Internet. According to TorrentFreak and other Internet monitoring sites, the two agencies wrongly shut down 84,000 websites that had not broken the law, falsely accusing them of child pornography crimes. After the mistake was identified, it took about three days for some of the websites to go live again. The domain provider, FreeDNS, was taken aback. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible,” it said.

Earlier, DoJ and ICE had seized the domain of the popular sports streaming and P2P download site Rojadirecta. What is shocking is that the site is based in Spain and is perfectly legal. Two courts in Spain have ruled that the site operates legally, and other than the .org domain the site has no links to the US.

Internet freedom could easily become the biggest casualty in the illconceived and poorly designed procedures adopted by developed countries— France, the UK, South Korea, Taiwan and New Zealand have similar laws—to protect intellectual property from counterfeiters and pirates, primarily at the behest of the film and music recording industries.

There are indications India may be planning to follow suit (see ‘India’s three-strikes policy’), although civil rights groups say it could amount to a form of deprivation of liberty.

Surveillance technology

The problem with the use of technology in keeping the Internet safe cuts both ways. With increasing number of cyber attacks on both official and public websites from an array of hackers and malware, governments are reaching for ever more sophisticated high-tech surveillance systems. For instance, computer systems of the US Congress and the executive branches are under attack an average of 1.8 billion times per month, according to a recent Senate report. The result: more spyware. One such is deep packet inspection technology. It is a tool that protects customers from rampant spam and virus traffic. Experts say the Internet could not survive without this technology and yet, it helps authorities to keep a close watch on what people are doing on the Net. In the US, ISPs are required to have this technology.

So what can be done? Keep close tabs on government involvement in the Internet and ensure that its intrusion in both the content and the engines of this system is kept to the minimum.

Read the original article written by Latha Jishnu in Down to Earth here

For more details visit https://cis-india.org/news/battle-internet

Bangalore: Learn to secure your online communication!

bernadette — 2013-06-27T11:11:32Z

Having a Cryptoparty in Bangalore

"Governments around the world, are greatly increasing their surveillance of the Internet. Alongside a loss of the private sphere, this also represents a clear danger to basic civil liberties. The good news is that we already have the solution: encrypting communications makes it very hard, if not entirely impossible, for others to eavesdrop on our conversations. The bad news is that crypto is largely ignored by the general public, partly because they don't know about it, and partly because even if they do, it seems too much trouble to implement." (Source)

So lets go and have a party, and teach each other how to crypto!

Everyone is invited! Especially do not hesitate to join if you are not using any crypto at all (yet!)

Here is a Flyer / Printout for you to spread the message!

Please add your name on the list here, or RSVP at bernadette@cis-india.org, Thank you!

For more details visit https://cis-india.org/internet-governance/events/cryptoparty-bangalore

Bangalore CryptoParty!

praskrishna — 2013-01-06T13:47:02Z

Care about your privacy and online security? Want to fight against pervasive governmental surveillance and corporate invasions of privacy? The Centre for Internet & Society invites you to the CryptoParty tonight (Friday) at 6.00 p.m. Make sure to bring friends (and your laptop and smart phones)!

We will discuss, install and use digital security and privacy tools and practices.

Hosts

Thejesh GN
Kaustubh Srikanth
Pranesh Prakash

Details

We Will Provide

Food and drinks: Snacks - Samosas + Kachoris + Biscuits + Tea + Soft Drinks
Software: Security-in-a-box toolkits + Ubuntu Live USBs + software + internet connection
Expertise: Kaustubh Srikanth + Thejesh GN + Pranesh Prakash

You need to bring

Your own laptop (highly recommended)
Desire to learn about secure and private communications and storage (mandatory! :D)
Expertise, to share with others (if possible)

Intro

(20 mins)

Privacy vs. convenience
Importance of Free and Open Source Software and Open Standards
Basics of Passwords

Choosing secure passwords

Dropbox Register Page

Storing comes later
2FA - Google Authenticator

Securing online Identities

Show and tell

Browsing (45 mins)
(5 mins)

Firefox (multiple platforms) / offline

(15 mins):

AdBlockPlus
RequestPolicy
HTTPSEverywhere
Ghostery / DoNotTrackMe
Noscript

(5 mins)

Anti-Google Surveillance

DuckDuckGo
GoogleSharing

(10 mins)

Password management

Keepass + Password Safe
Cloud Services

LastPass
Keepass + Dropbox

Email + IM (1 hour)
(10 mins)

Thunderbird (multiple platforms) / available offline

Enigmail

(30 mins)

GPG4Win + GPGTools / offline
Seahorse (on Ubuntu Fresh Install)
Enigmail + Key Management (Kaustubh)
Key-signing party!

(15 mins)

Instant Messaging with OTR

Pidgin + Adium / offline
OTR / offline

Tell (27 mins)
(5 mins)

Tor (Pranesh)

(5 mins)

VPNs and SSH tunnel

RiseUp (Kaustubh)
SSH tunneling using AWS / RackSpace (Thej)

(12 mins)

Mobiles

APG + K9 (Pranesh)
WhisperCore (Kaustubh mentions)
Text Secure (Thej)
Gibbberbot (Pranesh)

(3 mins)

Full-disk encryption

Ubuntu (Pranesh demoes quickly)
BitLocker
TrueCrypt

(2 mins)

Virtual machines

VirtualBox (Kaustubh demoes quickly)

For more details visit https://cis-india.org/internet-governance/events/bangalore-crypto-party

Bali meet to discuss Internet governance issues

praskrishna — 2013-10-23T08:29:23Z

Four-day event hosted by Internet Governance Forum to also discuss Internet access and diversity, privacy, security.

This article by Moulishree Srivastava was published in Livemint on October 22, 2013. Sunil Abraham is quoted.

Representatives of governments around the world, technology executives and activists will discuss issues such as Internet access and diversity, privacy, security, inter-governmental corporation, and Internet governance at a four-day event hosted by the Internet Governance Forum (IGF) that begins on Tuesday in Bali, Indonesia.

J. Satyanarayana, secretary, ministry of communications and information technology, confirmed India’s participation in the forum and said the country would be represented by Dr Govind, a senior director and head of department, e-infrastructure and Internet governance division, department of information technology.

“We will also be taking part in a working group on Internet governance and enhanced cooperation, which will be convened by the United Nations Commission on Science and Technology for Development in November,” said Satyanarayana.

“IGF is a valuable learning forum wherein different stakeholders can discuss Internet governance policy issues without any antagonism. Other fora for Internet policy like ICANN, WIPO (World Intellectual Property Organization), ITU (International Telecommunication Union), etc., are places where international law and policy are developed, and do not allow for such learning because negotiations are always very acrimonious. Since IGF is only meant for learning, it does not directly address the global policy vacuum that exists for cyber crime, data protection and privacy,” said Sunil Abraham, executive director of Bangalore-based Centre for Internet and Society, who will be participating in the Bali event.

“Indian government, private sector, civil society, technical and academic community can become more competent and effective through such a dialogue in other multilateral and multi-stakeholder fora where international Internet standards, policies and laws are formulated. It also helps the stakeholders contribute to the development of internationally interoperable domestic policy,” he added.

In 2006, the UN secretary general established a small secretariat in Geneva to assist him in the convening of IGF. The first meeting was convened in October-November 2006 in Athens. In December 2010, IGF’s mandate was extended for five years.

In its eighth edition, IGF will have detailed discussions on issues such as free flow of information on the Internet, regulatory approaches to privacy, and protection of interests of individuals and communities in cyberspace, Internet surveillance and legal framework for cyber crime, said the forum in a statement on its website.

During the four-event, for instance, one of the workshops “will explore what core principles and strategies are needed to achieve a balanced and fair approach to data protection that is effective internationally and regionally”, according to IGF.

Some of the prominent speakers in the event include Jari Arkko, chairman, Internet Engineering Task Force, Finland; Virat Bhatia, president, South Asia, AT&T Inc.; Chris Painter, coordinator for cyber issues, US department of state; Karen Mulberry, policy adviser, Internet Society; and Matthew Shears, director of Internet policy and human rights, Center for Democracy and Technology.

According to industry estimates, over 2.5 billion Internet users interact in shared cross-border online spaces where they can post content potentially accessible worldwide.

“No clear frameworks exist yet to handle the tensions between these competing normative orders or values and enable peaceful cohabitation in cross-border cyberspace. This challenge constitutes a rare issue of common concern for all stakeholder groups,” said IGF on its website.

According to a UN estimate, nearly 40% of the world’s population will be online by the end of 2013. “The Internet has become an essential tool for the creation of jobs and the delivery of basic public services,” said the UN undersecretary-general for economic and social affairs, Wu Hungbo, in a statement, adding that it is also essential “for improving access to knowledge and education, for empowering women, for enhancing transparency, and for giving marginalized populations a voice in decision-making processes”.

For more details visit https://cis-india.org/news/livemint-moulishree-srivastava-october-22-2013-bali-meet-to-discuss-internet-governance-issues

Balancing vigilance and privacy

praskrishna — 2013-09-05T10:53:28Z

As the government steps up its surveillance capabilities, the entire social contract between the state and citizens is being reformulated, with worrying consequences.

This article by Prashant Jha was published in the Hindu on August 18, 2013. Pranesh Prakash is quoted.

The Indian state is arming itself with both technological capabilities and the institutional framework to track the lives of citizens in an unprecedented manner.

A new Centralised Monitoring System (CMS) is in the offing, which would build on the already existing mechanisms. As The Hindu reported on June 21, this would allow the government to access in real-time any mobile and fixed line conversation, SMS, fax, website visit, social media usage, Internet search and email, and will have ‘unmatched capabilities of deep search surveillance and monitoring’.

Civil society groups and citizens expressed concern about the government’s actions, plans, and intent at a discussion organised by the Foundation for Media Professionals, on Saturday.

The context

Usha Ramanathan, a widely respected legal scholar, pointed to the larger political context which had permitted this form of surveillance. It stemmed, she argued, from a misunderstanding of the notion of sovereignty. “It is not the government, but the people who are sovereign.” Laws and the Constitution are about limiting the power of the state, but while people were being subjected to these restrictions, the government itself had found ways to remain above it – either by not having laws, or having ineffective regulators. States knew the kind of power they exercised over citizens, with the result that ‘impunity had grown’.

“There is also a complete breakdown of the criminal justice system,” Ms Ramanathan said. This had resulted in a reliance on extra-judicial methods of investigation, and ‘scape-goating’ had become the norm. ‘National security’ had been emphasised, re-emphasised, and projected as the central goal. “We haven’t paused to ask what this means, and the extent to which we have been asked to give up personal security for the sake of national security.” It was in this backdrop that technology had advanced by leaps, and made extensive surveillance possible.

The implications are enormous. The data is often used for purposes it is not meant for, including political vendetta, keeping track of rivals, corporates, and digging out facts about a citizen when he may have antagonised those in power.

Pranesh Prakash, director of the Centre of Internet and Society (CIS) looked back at the killing of Haren Pandya, the senior Bharatiya Janata Party (BJP) leader in Gujarat. Mr Pandya was using the SIM card of a friend, and it was by tracking the SIM, and through it his location, that the Gujarat government got to know that Mr Pandya had deposed before a commission and indicted the administration for its role in the riots. Eventually, he was found murdered outside a park in Ahmedabad. The Gujarat Police had accessed call details of 90,000 phones.

It is also not clear whether mining this kind of data has been effective for the national security purposes, which provide the reason for doing it in the first place. Saikat Datta, resident editor of Daily News and Analysis, and an expert on India’s intelligence apparatus, said a core problem was the absence of any auditing and over sight. “There needs to be a constant review of the number of calls, emails under surveillance, with questions about whether it is yielding results. But this does not happen, probably because a majority is not for counter-terrorism. There would be trouble if you build accountability mechanisms.” When he sought information under RTI around precisely such issues, he was denied information on the grounds that it would strengthen ‘enemies of the state’.

Anja Kovacs, who works with the Internet Democracy Project, said this form of “mass surveillance” criminalised everybody since it was based on the assumption that each citizen was a “potential criminal”. She also pointed out that having “more information” did not necessarily mean it was easier to address security threats – there was intelligence preceding the Mumbai attacks, but it was not acted upon. She added, “Most incidents have been resolved by traditional intelligence. Investing in agencies, training them better could be more effective.”

Bring in the caveats

Few argue that the state is not entitled to exercise surveillance at all. In fact, a social contract underpins democratic states. Citizens agree to subject some of their rights to restrictions, and vest the state with the monopoly over instruments and use of violence. In turn, the state – acting within a set of legal principles; being accountable to citizens; and renewing its popular legitimacy through different measures, including elections – provides order and performs a range of developmental functions.

This framework, citizens and civil liberty groups worry, is under threat with governments appropriating and usurping authority to conduct unprecedented surveillance. Citizen groups, technology and privacy experts came together globally to draft the International Principles on the Application of Human Rights to Communication Surveillance.

It prescribed that any restriction to privacy through surveillance must be ‘legal’; it must be for a ‘legitimate aim’; it must be ‘strictly and demonstrably necessary’; it must be preceded by showing to an established authority that other ‘less invasive investigative techniques’ have been used; it must follow ‘due process’; decisions must be taken by a ‘competent judicial authority’; there must be ‘public oversight’ mechanisms; and ‘integrity of communications and systems’ should be maintained. (Full text available on www.necessaryandproportionate.org)Mr Prakash of CIS, which has done extensive work on surveillance and privacy issues, said, “An additional principle must be collection limitation or data minimisation.” Giving the instance of Indian Railways seeking the date of birth from a customer booking a ticket, Mr Prakash said this was not information which was necessary. But it could be used by hackers and many other agencies to access an individual’s private transactions in other areas. The UPA government is finalising a privacy Bill, but its final version is not yet public, and it is not clear how far the government would go in protecting citizen rights.

For more details visit https://cis-india.org/news/the-hindu-august-19-2013-prashant-jha-balancing-vigilance-and-privacy

Automated Facial Recognition Systems and the Mosaic Theory of Privacy: The Way Forward

Arindrajit Basu, Siddharth Sonkar — 2020-01-02T14:12:38Z

Arindrajit Basu and Siddharth Sonkar have co-written this blog as the third of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems?

The Mosaic Theory of Privacy

Whether the data collected by the AFRS should be treated similar to face photographs taken for the purposes of ABBA is not clear in the absence of judicial opinion. The AFRS would ordinarily collect significantly more data than facial photographs during authentication. This can be explained with the help of the mosaic theory of privacy.

The mosaic theory of privacy suggests that data collected for long durations of an individual can be qualitatively different from single instances of observation. It argues that aggregating data from different instances can create a picture of an individual which affects her reasonable expectation of privacy. This is because a mere slice of information reveals a lot less if the same is contextualised in a broad pattern — a mosaic.

The mosaic theory of privacy does not find explicit reference in Puttaswamy II. The petitioners had argued that seeding of Aadhaar data into existing databases would bridge information across silos so as to make real time surveillance possible. This is because information when integrated from different silos becomes more than the sum of its parts.

The Court, however, dismissed this argument, accepting UIDAI’s submission that the data collected remains in different silos and merging is not permitted within the Aadhaar framework. Therefore, the Court did not examine whether it is constitutionally permissible to integrate data from different silos; it simply rejected the possibility of surveillance as a result of Aadhaar authentication.

Jurisprudence in other jurisdictions is more advanced. In United States v. Jones, the United States Supreme Court had observed that the insertion of a global positioning system into Antoine Jones’ Jeep in the absence of a warrant and without his consent invaded his privacy, entitling him to Fourth Amendment Protection. In this case, the movement of Jones’ vehicle was monitored for a period of twenty-eight days. Five concurring opinions in Jones acknowledges that aggregated and extensive surveillance is capable of violating the reasonable expectation of privacy irrespective of whether or not surveillance has taken place in public.

The Court distinguished between prolonged surveillance and short term surveillance. Surveillance in the short run does not reveal what a person repeatedly does, as opposed to sustained surveillance which can reveal significantly more about a person. The Court takes the example of how a sequence of trips to a bar, a bookie, a gym or a church can tell a lot more about a person than the story of any single visit viewed in isolation.

Most recently, in Carpenter v. United States, the Supreme Court of the United States held that the collection of historical cell data by the government exposes the physical movements of an individual to potential surveillance, and an individual holds a reasonable expectation of privacy against such collection. The Court admitted that historical-cell site information allows the government to go back in time in order to retract the exact whereabouts of a person.

Judicial decisions have not addressed specifically whether facial recognition through law enforcement constitutes a search under the Fourth Amendment or a “mere visual observation”.

The common thread linking CCTV footages and cellular data is the unique ability to track the movement of an individual from one place to another, enabling extreme forms of surveillance. It is perhaps this crucial link that would make ARFS-enabled CCTVs prejudicial to individual privacy.

The mosaic theory as understood in Carpenter helps one understand the extent to which an AFRS can augment the capacities of law enforcement in India. This in turn can help in understanding whether it is constitutionally permissible to install such systems across the country.

AFRS enabled-CCTV footages from different CCTVs. if viewed in conjunction could reveal a sequence of movements of an individual, enabling long-term surveillance of a nature that is qualitatively distinct from isolated observances observed across unrelated CCTV footages.

Subsequent to Carpenter, federal district courts in the United States have declined to apply Carpenter to video surveillance cases since the judgement did not “call into question conventional surveillance techniques and tools, such as security cameras.”

The extent of processing that an AFRS-enabled CCTV exposes an individual to would be significantly greater. This is because every time an individual is in the zone of a AFRS-enabled CCTV, the facial image will be compared to a common database. Snippets from different CCTVs capturing the individual’s physical presence in two different locations may not be meaningful per se. When observed together, the AFRS will make it possible to identify the individual’s movement from one place to another.

For instance, the AFRS will be able to identify the person when they are on Street A at a particular time and when they are Street B in the immediately subsequent hour recorded by respective CCTV cameras, indicating the person’s physical movement from A to B. While a CCTV camera only records movement of an individual in video format, AFRS translates that digital information into individualised data with the help of a comparison of facial features with a pre-existing database.

Through data aggregation, which appears to be the aim of the Indian government in their tender that links three databases, it is apparent that the right to privacy is in danger. Yet, at present, there does not exist any case law or legislation that can render such efforts illegal at this juncture.

Conclusions and The Way Forward

Despite a lack of judicial recognition of the potential unconstitutionality of deploying AFRS, it is clear that the introduction of these systems pose a clear and present danger to civil rights and human dignity. Algorithmic surveillance alters a human being’s life in ways that even the subject of this surveillance cannot fully comprehend. As an individual’s data is manipulated and aggregated to derive a pattern about that individual’s world, the individual or his data no longer exists for itselfbut are massaged into various categories.

Louis Amoore terms this a ‘data-derivative’, which is an abstract conglomeration of data that continuously shapes our futures without us having a say in their framing. The branding of an individual as a criminal and then aggregating their data causes emotional distress as individuals move about in fear of the state gaze and their association with activities that are branded as potentially dangerous — thereby suppressing a right to dissent — as exemplified by their use reported use during the recent protests in Hong Kong.

Case law both in India and abroad has clearly suggested that a right to privacy is contextual and is not surrendered merely because an individual is in a public place. However, the jurisprudence protecting public photography or videography under the umbrella of privacy remains less clear globally and non-existent in India.

The mosaic theory of privacy is useful in this regard as it prevents mass ‘data-veillance’ of individual behaviour and accurately identifies the unique power that the volume, velocity and variety of Big Data provides to the state. Therefore, it is imperative that the judiciary recognise safeguards from data aggregation as an essential component of a reasonable expectation of privacy. At the same time, legislation could also provide the required safeguards.

In the US, Senators Coons and Lee recently introduced a draft Bill titled ‘The Facial Recognition Technology Warrant Act of 2019’. The Bill aims to impose reasonable restrictions on the use of facial recognition technology by law enforcement. The Bill creates safeguards against sustained tracking of physical movements of an individual in public spaces. The Bill terms such tracking ‘ongoing surveillance’ when it occurs for over a period of 72 hours in real time or through application of technology to historical records. The Bill requires that ongoing surveillance only be conducted for law enforcement purposes and in pursuance of a Court Order (unless it is impractical to do so).

While the Bill has its textual problems, it is definitely worth considering as a model going forward and ensure that AFR systems are deployed in line with a rights-respecting reading of a reasonable expectation of privacy. Parsheera suggests that the legislation should narrow tailoring of the objects and purposes for deployment of AFRS, restrictions on the person whose images may be scanned from the databases, judicial approval for its use on a case by case basis and effective mechanisms of oversight, analysis and verification.

Appropriate legal intervention is crucial. A failure to implement this effectively jeopardizes the expression of our true selves and the core tenets of our democracy.

For more details visit https://cis-india.org/internet-governance/automated-facial-recognition-systems-and-the-mosaic-theory-of-privacy-the-way-forward

Automated Facial Recognition Systems (AFRS): Responding to Related Privacy Concerns

Arindrajit Basu, Siddharth Sonkar — 2020-01-02T14:09:14Z

Arindrajit Basu and Siddharth Sonkar have co-written this blog as the second of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems?

The Supreme Court of India, in Puttaswamy I recognized that the right to privacy is not surrendered merely because the individual is in a public place. Privacy is linked to the individual as it is an essential facet of human dignity. Justice Chelameswar further clarified that privacy is contextual. Even in a public setting, people trying to converse in whispers would signal a claim to the right to privacy. Speaking on a loudspeaker would naturally not signal the same claim.

The Supreme Court of Canada has also affirmed the notion of contextual privacy. As recently as on 7 March, 2019, the Supreme Court of Canada in a landmark decision defined privacy rights in public areas implicitly applying Helena Nissenbaum’s theory of contextual integrity. Helena Nissenbaum explains that the extent to which the right to privacy is eroded in public spaces with the help of her theory of contextual integrity.

Nissenbaum suggests that labelling information as exclusively public or private fails to take into account the context which rationalises the desire of the individual to exercise her privacy in public. To explain this with an illustration, there exists a reasonable expectation of privacy in the restroom of a restaurant, even though it is in a public space.

In R v Jarvis (Jarvis), the Court overruled a Court of Appeal for Ontario decision to hold that people can have a reasonable expectation of privacy even in public spaces. In this case, Jarvis was charged with the offence of voyeurism for secretly recording his students. The primary issue that the Supreme Court of Canada was concerned with was whether the students filmed by Mr. Jarvis enjoyed a reasonable expectation of privacy at their school.

The Court in this case unanimously held that students did indeed have a reasonable expectation of privacy. The Court concluded nine contextual factors relevant in determining whether a person has a reasonable expectation to privacy would arise. The listed factors were:

“1. The location the person was in when he or she was observed or recorded,

2. The nature of the impugned conduct (whether it consisted of observation or recording),

3. Awareness of or consent to potential observation or recording,

4. The manner in which the observation or recording was done,

5. The subject matter or content of the observation or recording,

6. Any rules, regulations or policies that governed the observation or recording in question,

7. The relationship between the person who was observed or recorded and the person who did the observing or recording,

8. The purpose for which the observation or recording was done, and

9. The personal attributes of the person who was observed or recorded.” (paragraph 29 of the judgement).

The Court emphasized that the factors are not an exhaustive list, but rather were meant to be a guiding tool in determining whether a reasonable expectation of privacy existed in a given context. It is not necessary that each of these factors is present in a given situation to give rise to an expectation of privacy.

Compared to the above-mentioned factors in Jarvis, the Indian Supreme Court in Justice K.S Puttaswamy (Retd.) v. Union of India: Justice Sikri (Puttaswamy II) — the case which upheld the constitutionality of the Aadhaar project relied on the following factors to determine a reasonable expectation of privacy in a given context:

“(i) What is the context in which a privacy claim is set up?

(ii) Does the claim relate to private or family life, or a confidential relationship?

(iii) Is the claim a serious one or is it trivial?

(iv) Is the disclosure likely to result in any serious or significant injury and the nature and extent of disclosure?

(v) Is disclosure relates to personal and sensitive information of an identified person?

(vi) Does disclosure relate to information already disclosed publicly? If so, its implication?”

These factors (acknowledged in Puttaswamy II in paragraph 292) seem to be very similar to the ones laid down in Jarvis, i.e., there is a strong reliance on the context in both cases. While there is no explicit mention of individual attributes of the individual claiming a reasonable expectation, the holding that children should be given an opt out indicates that the Court implicitly takes into account personal attributes (e.g. age) as well.

The Court in Jarvis further (in paragraph 39) took the example of a woman in a communal change room at a public pool. She may expect other users to incidentally observe her undress but she would continue to expect only other women in the change room to observe her and reserve her rights against the general public. She would also expect not to be video recorded or photographed while undressing, both from other users of the pool and by the general public.

If it is later found out that the change room had a one-way glass which allowed the pool staff to view the users change — or if there was a concealed camera recording persons while they were changing, she could claim a breach of her reasonable expectation of privacy under such circumstances and it would constitute an invasion of privacy.

So, in the context of an AFRS, an individual walking down a public road may still signal that they wish to avail of their right to privacy. In such contexts, a concerted surveillance mechanism may come up against constitutional roadblocks.

What is the nature of information being collected?

The second big question — the nature of information which is being collected plays a role in determining the extent to which a person can exercise their reasonable expectation of privacy. Puttaswamy II laid down that collection of core biometric information such as fingerprints, iris scans in the context of the Aadhaar-Based Biometric Authentication (‘ABBA’) is constitutionally permissible. The basis of this conclusion is that the Aadhaar Act does not deal with the individual’s intimate or private sphere.

The judgement of the Supreme Court in Puttaswamy II is in a very specific context (i.e. the ABBA). It does not explain or identify the contextual factors which determine the extent to which privacy may be reasonably expected over biometrics generally. In this judgment, the Court observed that demographic information and photographs do not raise a reasonable expectation of privacy under Article 21 unless there exist special circumstances such as the disclosure of juveniles in conflict of law or a rape victim’s identity.

Most importantly, the Court held that face photographs for the purpose of identification are not covered by a reasonable expectation of privacy. The Court distinguished face photographs from intimate photographs or those photographs which concern confidential situations.

Face photographs, according to the Court, are shared by individuals in the ordinary course of conduct for the purpose of obtaining a driving license, voter id, passport, examination admit cards, employment cards, and so on. Face photographs by themselves reveal no information.

Naturally, this pronouncement of the Apex Court is a huge boost for the introduction of AFRS in India.

Abroad, however, on 4 September 2019, in Edward Bridges v. Chief Constable of South Wales Police, a Division Bench of the High Court in England and Wales heard a challenge against an AFRS introduced by law enforcement (see Endnote 1). The High Court rejected a claim for judicial review holding that the AFRS in question does not violate inter alia the right to privacy under Article 8 of the European Convention of Human Rights (‘ECHR’).

According to the Court, the AFRS was used for specific and limited purposes, i.e., only when the image of the public matched a person on an existing watchlist. The use of the AFRS was therefore considered a lawful and fair restriction.

The Court, however, acknowledged that extracting biometric data through AFRS is “well beyond the expected and unsurprising”. This seems to be a departure from the Indian Supreme Court’s observation in Puttaswamy II that there is no reasonable expectation of privacy over biometric data in the context of ABBA, and may be a wiser approach for the Indian courts to adopt.

Endnote

1. The challenge was put forth by Edward Bridges, a civil liberties campaigner from Cardiff for being caught on camera in two particular deployments of the AFRS a) when he was at Queen Street, a busy shopping area in Cardiff and b) when he was at the Defence Procurement, Research, Technology and Exportability Exhibition held at the Motorpoint Arena.

This was published by AI Policy Exchange.

For more details visit https://cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns

August 2019 Newsletter

praskrishna — 2019-12-06T04:54:20Z

Centre for Internet & Society newsletter for the month of August 2019.

Highlights for August 2019
The Oxford Internet Institute and CIS are creating a State of the Internet’s Languages report, as baseline research with both numbers and stories, to demonstrate how far we are from making the internet multilingual. The call is available in Arabic, Brazilian Portuguese, English, IsiZulu, Spanish, and Tamil. CIS invites friends and communities to translate the call into other languages. CIS's Access to Knowledge (A2K) team is conducting a free knowledge movement and as part of this initiative it is inviting contributions from the Wikipedia community. Photos, media, content or archives donated by community members would be used worldwide to disseminate information. The content you are donating must be under Creative Commons Share-like content. You must have the copyright of the content under CC licenses. Over the last few years, several digital identity schemes have been initiated in different countries across the world. There has been significant momentum on digital ID, especially after the adoption of UN Sustainable Development Goal 16.9, which calls for legal identity for all by 2030. Authors, Amber Sinha and Pooja Saxena, explore about the uses and design of digital identity systems and ask two core questions a) What are appropriate uses of ID?, and b) How should we think about the technological design of ID? Together with the Institute of Technology & Society (ITS), Brazil, and the Centre for Intellectual Property and Information Technology Law(CIPIT), Kenya, CIS participated at a side event in RightsCon 2019 held in Tunisia, titled Holding ID Issuers Accountable, What Works?, organised by the Omidyar Network. A report of the event is published here. As governments across the globe implement new, foundational, digital identification systems (“Digital ID”), or modernize existing ID programs, there is dire need for greater research and discussion about appropriate uses of Digital ID systems. At RightsCon 2019 in Tunis, we presented working drafts on appropriate use of Digital ID by the partner organisations of this three-region research alliance - ITS from Brazil, CIPIT from Kenya, and CIS from India. CIS gave its comments to the ID4D Practitioners’ Guide: Draft For Consultation released by ID4D in June, 2019. The submission is divided into three main parts. The first part (General Comments) contains the high-level comments on the Practitioners’ Guide, while the second part (Specific Comments) addresses individual sections in the Guide. The third and final part (Additional Comments) does not relate to particulars in the Practitioners' Guide but other documents that it relies upon. The Ministry of Health and Family Welfare had released the National Digital Health Blueprint on 15 July 2019 for comments. CIS submitted its comments. CIS notes that the nature of data which would be subject to processing in the proposed digital framework pre-supposes a robust data protection regime in India, one which is currently absent. Accordingly, it urges the ministry to cease the implementation of the framework until the Personal Data Protection Bill is passed by the Parliament. Aayush Rathi , Vedika Pareek , Divij Joshi and Pranav Bidare co-authored a research paper 'Future of Work in the ASEAN'. The authors reveal that the future of work will be mediated through region and country specific factors such as socioeconomic,geopolitical and demographic change. The report was edited by Elonnai Hickok and Ambika Tandon with research assistance by Sankalp Srivastava and Anjanaa Aravindan. The research is supported by Tides Foundation.

CIS and the News

The following articles were authored by CIS secretariat during the month:

The Knowledge Base is Liberated (Subodh Kulkarni and Madhav Gadgil; Loksatta; August 3, 2019).
Private Sector and the cultivation of cyber norms in India (Arindrajit Basu; Nextrends India; August 5, 2019).
Rethinking the intermediary liability regime in India (Torsha Sarkar; CyberBRICS; August 16, 2019).
Digital Native: How free is the internet? (Nishant Shah; Indian Express; August 18, 2019).
Linking Aadhaar with social media or ending encryption is counterproductive (Sunil Abraham; Prime Time; August 26, 2019).
A judicial overreach into matters of regulation (Gurshabad Grover; The Hindu; August 28, 2019).
Kashmir’s information vacuum (Aayush Rathi and Akriti Bopanna; The Hindu; August 29, 2019).

CIS in the News

CIS secretariat was consulted for the following articles published during the month in various publications:

Will Modi govt move on Kashmir’s Article 370 stand the scrutiny of Supreme Court? (The Print; August 6, 2019).
‘I’m just helpless’: Concern about Kashmir mounts as communication blackout continues (Niha Masih; Washington Post; August 6, 2019).
Why the Madras HC case on WhatsApp traceability could have wider ramifications (Haripriya Suresh; The News Minute; August 8, 2019).
Ministry of Health's public consultation on National Digital Health Blueprint: Legal issues around telemedicine, consent, and 'egosystems' in healthcare (Trisha Jalan; Medianama; August 8, 2019).
Abuse linked to Net fixation (Nina C. George; Deccan Herald; August 13, 2019).
India Shut Down Kashmir’s Internet Access. Now, ‘We Cannot Do Anything.’ (Vindu Goel, Karan Deep Singh and Sameer; New York Times; August 14, 2019).
India’s top science institution is trying hard to fix its “manel” problem (Quartz India; August 16, 2019). This piece was originally published on Connect under the headline, “We Learned (The Hard Way) Not to Have Manels.”
Perché l'India ha tagliato internet al Kashmir (Raffaele Angius; WIRED.IT; August 19, 2019).
US pressure threatens to weaken data - localisation mandate in India's landmark data-protection bill (Sandhya Sharma; ET Prime; August 19, 2019).
Linking Aadhaar to Facebook, WhatsApp won't curb fake news, but may undermine its legislation: Experts (Swathy Moorthy; Moneycontrol; August 20, 2019).
Linking Aadhaar to Facebook, Twitter: Possible witch-hunt or key to curb crime & fake news? (Taran Deol and Revathi Krishanan; The Print; August 21, 2019).
AI is biased, you’ll see if you Google ‘hands’ (Rajmohan Sudhakar; Deccan Herald; August 25, 2019).
Government plans tighter rules for social media brands like Facebook, TikTok, ShareChat (Sunny Sen; CNBC TV 18; August 28, 2019).
What Centre will tell Supreme Court on Aadhaar and social media account linkage (Amrita Madhukalya; Hindustan Times; August 28, 2019).

Access to Knowledge

Access to Knowledge is a campaign to promote the fundamental principles of justice, freedom, and economic development. It deals with issues like copyrights, patents and trademarks, which are an important part of the digital landscape.

Wikipedia

Under a grant from Wikimedia Foundation we are doing a project for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Blog Entry

Call for joining the Free Knowledge movement #Wikipedia #Wikimedia (Bhuvana Meenakshi; August 19, 2019).

Internet Governance

The Tunis Agenda of the second World Summit on the Information Society has defined internet governance as the development and application by governments, the private sector and civil society, in their respective roles of shared principles, norms, rules, decision making procedures and programmes that shape the evolution and use of the Internet. As part of internet governance work we work on policy issues relating to freedom of expression primarily focusing on the Information Technology Act and issues of liability of intermediaries for unlawful speech and simultaneously ensuring that the right to privacy is safeguarded as well.

Freedom of Speech & Expression

Under a grant from the MacArthur Foundation, CIS is doing research on the restrictions placed on freedom of expression online by the Indian government and contribute studies, reports and policy briefs to feed into the ongoing debates at the national as well as international level. As part of the project we bring you the following outputs:

Participation in Events

Packets, net neutrality and gaming public policy outcomes (Organized by Has Geek; Bangalore; August 15, 2019). Gurshabad Grover attended Prof. Vishal Misra's lecture on net neutrality.

Privacy

Under a grant from Privacy International and IDRC we are doing a project on surveillance. CIS is researching the history of privacy in India and how it shapes the contemporary debates around technology mediated identity projects like Aadhar. As part of our ongoing research, we bring you the following outputs:

Submission

Comments on the National Digital Health Blueprint (Samyukta Prabhu, Ambika Tandon, Torsha Sarkar and Aayush Rathi; August 7, 2019).

Participation in Events

Digital ID Forum 2019 (Organized by UNDP; Chulalongkorn University, Thailand; July 3, 2019). Sunil Abraham was one of the panelists at this event.
BIS LITD 17 meeting (Organized by Bureau of Indian Standards; New Delhi; July 3, 2019). Gurshabad Grover attended the sixteenth meeting of the Information Systems Security and Biometrics Section Committee (LITD17).
Facebook Data for Good in Bangalore (Organized by Facebook; Indian Institute of Science, Bangalore; July 25, 2019).
Roundtable with the WhatsApp leadership (Organized by WhatsApp; Mountbatten, The Oberoi, New Delhi; July 26, 2019). Will Cathcart, WhatsApp's new global head, visited India and invited Sunil Abraham for a discussion.
Facebook Data for Good in New Delhi (Organized by Facebook; University of Chicago Center, New Delhi; July 29, 2019).

IT / Information Technology

A research on the usage of systems (computers and telecommunications) for storing, retrieving and sending information as well as the IT Act:

Research Paper

Future of Work in the ASEAN (Aayush Rathi , Vedika Pareek , Divij Joshi and Pranav Bidare; edited by Elonnai Hickok and Ambika Tandon with research assistance from Sankalp Srivastava and Anjanaa Aravindan; August 31, 2019).

Participation in Event

Cyber Policy 2.0 (Organized by National Law University; Bangalore; August 17, 2019). Arindrajit Basu was a speaker.

Artificial Intelligence

With origins dating back to the 1950s Artificial Intelligence (AI) is not necessarily new. However, interest in AI has been rekindled over the recent years due to advancements of technology and its applications to real-world scenarios. We conduct research on the existing legal and regulatory parameters:

Participation in Events

Emergence of Chinese Technology:Rising stakes for innovation, competition and governance (Organized by Omidyar Network in partnership with the Esya Centre; New Delhi; August 12, 2019). Arindrajit Basu attended the event.
Impact of Industrial Revolution 4.0 - IT and Automotive Sector in India (Organized by the Dialogue and Friedrich-Ebert-Stiftung; Bangalore; August 21, 2019). Aayush Rathi attended the event.
Policies for the Platform Economy (Organized by IT for Change; India Habitat Centre; New Delhi; August 30, 2019). Amber Sinha and Anubha Sinha were panelists.

Digital Identity

Omidyar Network is investing in establishment of a three-region research alliance — to be co-led by the Institute for Technology & Society (ITS), Brazil, the Centre for Intellectual Property and Information Technology Law (CIPIT) , Kenya, and CIS. As part of this Alliance, we at the CIS will look at the policy objectives of digital identity projects, how technological policy choices can be thought through to meet the objectives, and how legitimate uses of a digital identity framework may be evaluated.

Research Paper

Design and Uses of Digital Identities - Research Plan (Amber Sinha and Pooja Saxena; August 8, 2019).

Submissions

The Appropriate Use of Digital Identity (Amber Sinha; August 8, 2019).
Comments to the ID4D Practitioners’ Guide (Amber Sinha; August 8, 2019).

Participation in Event

Holding ID Issuers Accountable, What Works? (Organized by Omidyar Network; RightsCon 2019; August 8, 2019).

Researchers@Work

The researchers@work programme at CIS produces and supports pioneering and sustained trans-disciplinary research on key thematics at the intersections of internet and society; organise and incubate networks of and fora for researchers and practitioners studying and making internet in India; and contribute to development of critical digital pedagogy, research methodology, and creative practice.

Participation in Event

Workshop on Archival Standards and Digitisation Workflow (Organized by British Library; NCBS; Bangalore; August 19 - 20, 2019). P.P. Sneha attended the event.

Blog Entries

#HookingUp (Akhil Kang, Christina Thomas Dhanraj, Dhrubo Jyoti, and Gowthaman Ranganathan; August 1, 2019).
Call for Contributions and Reflections: Your experiences in Decolonizing the Internet’s Languages! (P.P. Sneha; August 7, 2019).
Simiran Lalvani - Workers’ fictive kinship relations in Mumbai app-based food delivery (Sumandro Chattapadhyay; August 16, 2019).

About CIS

CIS is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

Follow CIS on:

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

Support CIS:

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

Collaborate with CIS:

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/august-2019-newsletter