Centre for Internet and Society

Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny

praskrishna — 2016-04-01T15:48:17Z

We need to reboot the Aadhaar debate by asking why we want to create a centralised biometric database of Indian residents in the first place.

The article by Reetika Khera was published in the Wire on March 23, 2016.

A recent article, ‘Identification simplified, myths busted’, by Piyush Peshwani and Bhuwan Joshi (hereafter, Peshwani & Joshi) makes some questionable claims about the UID project. Peshwani & Joshi’s strategy appears to be to ignore those questions to which they do not have an answer (e.g., that Aadhaar is mostly redundant as far as NREGA, PDS, etc., are concerned). For others, they cherry-pick ‘facts’ without acknowledging the debates surrounding those facts. Here is a selection.

#1: To get Aadhaar, you need a Proof of ID (PoID) and Proof of address (PoA)

Peshwani & Joshi: “For many, Aadhaar is perhaps the first document of their existence – a robust proof of their identity and address that can be verified online. No more closed doors for them!”

Peshwani & Joshi: “The Demographic Data Standards and Verification Procedures committee prescribes a list of valid 18 proof of identity and 33 valid proof of address documents for getting an Aadhaar.”

Fact: In fact, 99.97% of those who have Aadhaar, used PoID and PoA to get it. For those who have neither, there is an “introducer system”, but according to a reply to an RTI request, only 0.03% of those who have the Aadhaar number used this route.

As far as closed doors are concerned, Aadhaar does not guarantee any benefits: work through NREGA, widow or old-age pensions or PDS rations. There are separate eligibility conditions for those programmes which continue to apply.

#2 On costs

Peshwani & Joshi: “Does it justify the cost? Yes, absolutely, according to the World Bank, which said the initiative is estimated to be saving the Indian government about $1 billion annually by thwarting corruption, even as it underlined that digital technologies promote inclusion, efficiency and innovation.”

Fact: Savings due to the use of Aadhaar have been disputed. The government has claimed it has saved Rs. 14,672 crore on LPG subsidies due to Aadhaar while they are likely lower – by a factor of 100 (see Business Standard or Wall Street Journal).

Peshwani & Joshi: “Even before the World Bank’s endorsement of Aadhaar, the Delhi-based National Institute of Public Finance and Policy (NIPFP) conducted a detailed cost-analysis study on Aadhaar in 2012… the study found that the Aadhaar project would yield an internal rate of return in real terms of 52.85% to the government.”

Fact: The NIPFP cost-benefit was based on unrealistic assumptions – e.g., estimates of leakages that Aadhaar could plug were available for only two out of seven schemes; for the rest, they assumed leakage rates which are termed ‘conservative’, but are actually not.

In their response, the NIPFP team admitted that “a full-fledged cost benefit analysis of Aadhaar is difficult” because “many gains from Aadhaar are difficult to quantify because they are intangible” and, “even if in specific schemes there may be tangible benefits, the information available on those schemes does not permit a precise quantification of those benefits.”

They went on to say that “The study has steered away from relying exclusively on analyses of isolated and small sample sets”. What evidence did the NIPFP study rely on? “For ASHAs, Janani Suraksha Yojana and scholarships, no analysis, large or small has been used. For the Indira Awaas Yojana, the three analyses relied on exclusively are a Times of India news report, a press release based on a discussion in Parliament and a “Scheme Brief” by the Institute for Financial Management and Research (IFMR). Interestingly, the corruption estimate in the IFMR brief cross-refers to the Times of India article (apart from a CAG report)!” (Khera, 2013)

#3 De-duplication

Peshwani & Joshi: “Aadhaar means no fake, ghost or duplicate beneficiaries. Double-dipping will become more and more difficult with Aadhaar, a number that is well de-duplicated with the use of biometrics.”

Fact: De-duplication is one possible contribution of Aadhaar – but that needs biometrics, not a centralised biometric database. Local biometrics (used extensively in Andhra Pradesh before UID) mean that biometric data is stored by the concerned government department or on the local e-POS machine’s memory chip. It has the advantage that connectivity is not required (you are authenticated by the machine), errors and corrections can be correctly locally, making it more practical. The distinction between a local and centralised database is important (see #5 below).

Further, no one has a reliable estimate of the duplication problem. Two government estimates of duplicates exist: the Dhande committee for LPG (2%) and in NREGA job cards from the Government of Andhra Pradesh (also 2%).

#4 Exclusion

Peshwani & Joshi: “As far as exclusion in delivery of other services due to biometric authentication accuracy is concerned, it is important to go beyond scratching the surface.”

Fact: When the PDS was integrated with Aadhaar: “The Andhra Pradesh Food and Civil Supplies Corporation found that…nearly one-fifth ration card holders did not buy their ration.” Further, “When the government delved deeper in the issue, it was found that out of the 790 cases interviewed for the study, 400 reported exclusion. Out of the excluded cases, 290 were due to fingerprint mismatch and 93 were because of Aadhaar card mismatch. The remaining 17 cases were due to failure of E-PoS.” More here.

Moreover, Peshwani & Joshi pick one definition of ‘exclusion’ (due to biometric failure) when in fact, exclusion has a broader meaning. For instance, “In Chitradurga (Karnataka), Rs.100-150 million in wages from 2014-15 were held up for a year. When payments were being processed, their job cards could not be traced in NREGAsoft. Upon enquiry, the district administration learnt field staff had deleted them to achieve ‘100% Aadhaar-seeding’.”

#5 Profiling and privacy violations

Peshwani & Joshi: “A prominent criticism of Aadhaar is that it ‘profiles’ people.” …“Most of us have one or more identity/address documents, such as a passport, ration card, PAN card, driving licence, vehicle registration documents or a voter ID card. The government departments managing these already have our data. Aadhaar is no different. We give our data to banks, to insurance companies and to telecom companies for accounts, policies and mobile connections.”

Fact: That’s like saying BJP can be more corrupt because the Congress was corrupt. Instead we need to engage more seriously with the work of Sunil Abraham, Amber Sinha and others at the Centre of Internet and Society. There are crucial differences between Aadhaar and Social Security Number in the US, see this. Malavika Jayaram listed the UID project among a slew of “big brother” projects facilitating mass surveillance in India.

Conclusion

The debate on UID tends to begin with the premise that Aadhaar is necessary for ‘good governance’. Those claims of the UIDAI have long been demolished. In a nutshell, Aadhaar cannot help identify the poor, its possession does not guarantee inclusion into government social welfare (go to #1). It cannot reduce PDS or NREGA corruption as claimed in their early documents. Thankfully, PDS–NREGA corruption has been on the decline without Aadhaar – more needs to be done. (More details? Try this and this.)

Bihar shows how much corruption in the PDS can be reduced without Aadhaar. Credit: Reetika Khera

Aadhaar is not required for portability of benefits or for cash transfers. Cash transfers need bank accounts. To get a bank account, you need a proof of ID and a proof of address (go to #1). Aadhaar can help de-duplicate, but so can local biometrics (go to #3). We need to “reboot” the Aadhaar debate, starting on the right terms – why exactly do we need to create a centralised biometric database of Indian residents?

For more details visit https://cis-india.org/internet-governance/news/the-wire-march-23-2016-reetika-khera-debate-five-aadhaar-myths-that-dont-stand-up-to-scrutiny

Debate over #Aadhaar Turns Nasty as Critics Accuse Supporters of Online Trolling

praskrishna — 2017-06-07T13:09:10Z

Internet Freedom Foundation’s Kiran Jonnalagadda has alleged that iSPIRT and its co-founder Sharad Sharma set up fake Twitter profiles to harass, intimidate Aadhaar critics.

The article by Ajoy Ashirwad Mahaprahasta was published in the Wire on May 19, 2017.

As bizarre as this may sound, one of the founders of the Indian Software Products Industry Round Table (iSPIRT) – an influential think-tank closely associated with the Unique Identification Authority of India (UIDAI) – Sharad Sharma, is battling allegations of trolling anti-Aadhar campaigners through fake Twitter profiles.

Kiran Jonnalagadda, one of the founders of Internet Freedom Foundation (IFF), has alleged that a number of fake profiles started to troll him online earlier this month in response to his criticism of Aadhar on Twitter. Surprisingly, he said, one of the profiles –@confident_India – which trolled him was apparently operated by Sharma, considered highly influential within the IT and start-up industry and a governing council member of iSPIRT.

What is iSPIRT?

In 2013, a group of volunteers working with NASSCOM founded iSPIRT to represent the software products industry independently. It is widely known that many of these same volunteers also helped the UIDAI develop much of the initial Aadhaar infrastructure and ecosystem. According to Forbes India, iSPIRT helps Indian software product companies “draft and take policy proposals to government officials; create reusable ‘playbooks’ from successful companies that can be applied by others; and create ‘self-help communities’.” It aims to facilitate Indian software product companies, which build affordable and innovative technologies, get a footprint in sectors like health, education, infrastructure and create conditions so that they get an equal platform to compete with big multinationals.

In this mission, iSPIRT believes that Aadhaar-based technologies, which Indian software product companies may create, could help the Indian software product industry gain an advantage over multinationals, which may be skeptical about using Aadhaar. In other words, iSPIRT, one of the biggest advocates of Aadhaar, sees a commercial advantage to the increasing use of Aadhaar for many of the entrepreneurs associated with the Round Table. To this end, iSPIRT runs two initiatives – ProductNation and IndiaStack, a collection of open APIs for technology infrastructure projects like UPI and Aadhaar.

While the mission may sound fine, many of the Aadhaar advocates within iSPIRT have had to face questions from civil society, most of which have to do with the suspicion that Aadhaar could compromise online privacy. This, over the past few months, has led to heated social media battles between iSPIRT and anti-Aadhaar campaigners.

However, the debate took a darker turn when Jonnalagadda uploaded a video showing that the @Confident_India Twitter handle could be traced back to Sharma’s personal mobile phone number on Twitter. Sharma, has since then, apparently changed his number.

“It was only when I started to grow suspicious of the handle that I thought of using Sharma’s phone number to verify the account,” Jonnalagadda tells The Wire.

In an article – “Inside the mind of India’s chief tech stack evangelist” – where he narrates the events, he says “a flurry of newly created Twitter trolls accounts began heckling me about Aadhaar”.

Around 10 such handles started making unprovoked attacks on Jonnalagadda and another founder of IFF, Nikhil Pahwa, accusing them of being guided by “greed, profit, and deceit” for being in the “#AntiAadhaar brigade.”

As the argument continued, @confident_India called Jonnalgadda “pretentious” mouthing “highfalutin stuff” and “techno-babble”.

“All these did not perturb me as it was a part of routine arguments,” says Jonnalagadda.

However, in what he calls a “lightbulb moment”, he had the first inkling that Sharma could be operating the account of @confident_India through this thread:

“Sharad Sharma’s original account doesn’t follow any of these people on the thread. The conversation would not have shown on his timeline. Yet both @confident_India and Sharad Sharma made the same argument,” says Jonnalagadda.

Then, he says, Sharma gave it out. A question addressed to Sharad Sharma ended up being answered by @confident_India.

@Confident_India also went on a tirade against the IFF fellows and called them “JNUtype”, “ISISstooge” or belonging to Lutyens Delhi, insinuating that the IFF fellows are terrorists or largely belong to a certain social elite category of people.

When this prompted Jonnalagadda to verify the account with Sharma’s number, it matched. He later posted the video on his account.

An email from The Wire to Sharad Sharma remained unanswered at the time of writing.

However, soon after this alleged expose kicked off a Twitter war between the two groups, Sharad responded with a reply to Nikhil Pahwa’s tweet.

iSPIRT also responded in various online forums. “Sharad Sharma, co-founder of iSPIRT, named in these allegations is in the US for a medical emergency in his family. As of this morning, Eastern Standard Time, Sharad has categorically denied these allegations. We will further investigate the confusion around the alleged link of mobile number and clarify all outstanding questions. For the moment, we are prioritising the well-being of Sharad and his family,” says the organisation’s response.

“We want to categorically state that the allegations against iSPIRT coordinating and/or promoting any troll campaign are false and the evidence presented is a deliberate misreading of our intent to engage with those speaking against India Stack” it added.

Interestingly, however, what has emerged out of the controversy is another allegation by the IFF that iSPIRT had made trolling part of its policy to counter Aadhaar’s “detractors.”

At a fellows meeting earlier this year in February, iSPIRT charted out a “Detractors Matrix” in which they categorised the anti-Aadhar campaigners into four categories, namely “misinformed, fearful, and engaging”, “informed, fearful and engaging”, “misinformed and trolling” and lastly, “informed yet trolling”. In an internal iSPIRT presentation, Reetika Khera, IIT professor and a renowned economist, and Nikhil Pahwa, IFF’s co-founder were shown as belonging to the last two categories.

To counter Aadhaar critics on online platforms, iSPIRT volunteers intended to group themselves into “archers” and “swordsmen” who would challenge their theories on Twitter and elsewhere.

iSPIRT has acknowledged discussing the “detractor matrix” in its reply to the allegation but dismissed it being equivalent to trolling, as Jonnalagadda alleges. Co-founder of iSPIRT, ThiyagaRajan Maruthavanan, while responding to allegations said that there was no official involvement on behalf of iSPIRT.

CIS allegations

Many of the pro-Aadhaar Twitter trolls, most noticeably Confident_India, have also lashed out at other Internet rights organisations. This includes the Bangalore-based Centre for Internet and Society (CIS) which last month released a report that claimed that over 100 million Aadhaar numbers were publicly exposed by four government websites. The Confident_India Twitter handle has alleged that CIS has violated foreign funding regulations (under the Foreign Contributions Regulations Act), that they are likely “funded by ISI” and that because of their “advocacy efforts”, the organisation should be shut down.

It should be noted that the Unique Identification Authority of India has also sent a sharp letter to CIS over its report and has suggested that some of the Aadhaar data that the report documented could not have been gotten through legal means.

For more details visit https://cis-india.org/internet-governance/news/the-wire-may-19-2017-ajoy-ashirwad-mahaprahasta-debate-over-aadhaar-turns-nasty-as-critics-accuse-supporters-of-online-trolling

Debate on Section 66A rages on

praskrishna — 2012-12-10T09:44:31Z

Last week, a reputed BPO in Chennai took down its Facebook page and introduced stricter moderation for posts on its bulletin board.

Vasudha Venugopal's article was published in the Hindu on December 10, 2012. Pranesh Prakash is quoted.

The measure, an official said, was aimed at avoiding any "callous remark by any employee." "We have discussions on many raging topics here, and we are just making sure the content is clean with no intended defamation."

The need to present only ‘unobjectionable content’ is just one off-shoot of a controversy that has gripped the country after at least five persons were arrested in recent months for posting their views online. But what started as an outcry by a few voices against the IT Act has now turned into a campaign against the constitutional validity of the Act itself. Last week also saw concerted protests to demand the repeal of Section 66A of the IT Act, under which most of the accused were booked. Human chains and protests were conducted in Chennai, Bangalore, Pune, Hyderabad, Guntur, Kakinada, Vijaywada, Visakhapatnam, Pune, Kozhikode and Kannur, among others.

In the past few months, the debate on the use of Section 66A in particular, and the Act in general, has gathered momentum. The arrests of Jadavpur University professor Ambikesh Mahapatra for circulating a cartoon lampooning West Bengal Chief Minister Mamata Banerjee; cartoonist Aseem Trivedi; businessman Ravi Srinivasan for tweets against Union Finance Minister P. Chidambaram’s son Karti Chidambaram; and the two girls in Maharashtra for criticising the bandh after Shiv Sena leader Bal Thackeray’s death have sparked popular anger.

“Public anger and media attention have been so strong that the government has been forced to retreat, which is a good first step,” says Alagunambi Welkin, president of the Free Software Foundation Tamil Nadu, which organised the protests in Chennai. "The next step would be to plug the loopholes in the IT Act. After all, this same government has declared in various international forums that it is all for promoting openness online."

Activists say that along with the increased pressure on the government, collecting information on cases of the misuse of the Act are the tasks that have to be fulfilled immediately. Human rights activist A. Marx, who has filed a public interest litigation petition against Section 66A, says the selective application of the law is very troubling. From a broader perspective though, this is also an issue of global proportions. Recently, a man in the U.K. was jailed for 18 months after he was found guilty of posting abusive messages on an online memorial. In July this year, a young Moroccan was arrested in Casablanca on the charge of posting “insulting caricatures of the Prophet Mohammed on Facebook.”

As recently as Tuesday, a Shenzen resident was arrested for posting a letter online, accusing a senior village official of corruption, and last week, a man in Kent was arrested for posting an image of a burning poppy on a social network site.

However, Pranesh Prakash, policy director, Centre For Internet And Society, Bangalore, notes that the more problematic parts in India’s laws are ones that result from adaptation. India’s own adaptation of the U.K. law, for instance, considerably increases punishment from six months to three years. However, if it is any consolation, there are voices worldwide being raised on this issue. Till last week, Google’s search page had a message: "Love the free and open Internet? Tell the world’s governments to keep it that way," and a link for comments directed to the Dubai conference, which will see a wide-ranging discussions and key decisions on global internet governance.

For more details visit https://cis-india.org/news/the-hindu-sci-tech-internet-december-10-2012-vasudha-venugopal-debate-on-section-66a

Debate on Cyber Crime in TV9

praskrishna — 2017-03-28T15:25:40Z

Vidushi Marda took part in a debate on cyber crime which was aired on TV9 on January 13, 2017.

Vidushi spoke about the the definition of "cyber crime" within the IT Act, and also on proportionality of punishment/the best way to deal with such incidents. This programme was aired after a few college websites had been hacked to display false notices from deans, registrars, etc.

For more details visit https://cis-india.org/internet-governance/news/debate-on-cyber-crime-in-tv9

Death By WhatsApp

Admin — 2018-06-25T15:47:41Z

The fatal messages were both in text and in audio. They were in Telugu, Kannada, Tamil, Hindi, Assamese and Gujarati among others.

This was published by News18.com on June 25, 2018. Sunil Abraham was quoted.

Guys please be on high alert10:24 PM

Three kids were kidnapped from my friend’s area this morning.. There were 10 guys giving biscuits and people from that area have caught all 10 n 5 more based on their info...10:24 PM

Cops arrived at scene and informed that 400 people have landed in Hyderabad (or Bangalore or Chennai or KarbiAnglong or Singhbhum or any other place) for child trafficking. Check my next video and repost. Parents pls be on high alert.10:25 PM

The Snowball Effect

No one had any idea where the messages originated from or who was the original sender. But when it comes to the safety of one’s children, these questions become irrelevant.

Maybe, if someone had stopped to ask these questions, this fake WhatsApp message wouldn’t have led to 22 murders in one year. These 22 ‘outsiders’ were lynched by mobs on the mere suspicion of being the non-existent ‘child lifters’.

Phony as a three-dollar bill, the message spread like forest fire from Jharkhand to Tamil Nadu and Assam to Gujarat. In each state, it preyed on the raging ‘local versus outsider’ sentiment. It started doing the rounds of southern states around the time when political discourse was hijacked by the ‘North versus South’ debate.

It might be easy now to scoff at those who believed and further shared the fake message, but hindsight is always a perfect 20/20.

In fact, according to a research by University of Warwick, 40% of fake news cannot be spotted by average educated adults. Even if they do feel something is amiss, only 45% adults can place their finger on what exposes the news as fake.

Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.

Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.

In the last four years, social media usage in the country has gone up by 150% with an 83% increase in smartphone ownership. Such proliferation and the availability of competitive data plans have ensured digital intrusion in areas where people have had no exposure to the concept of fake news or digital privacy.

Caveat emptor does not apply in this case, says Sunil Abraham, the Executive Director of Bangalore-based research organisation Centre for Internet and Society.

A Timeline of Deaths

CHAPTER 1

The Propaganda Machine

WhatsApp has unfortunately become a fertile breeding ground for parasites that prey on fear. At present, it has 200 million active users. These users are potential victims of fake news given the complex form of anonymity that WhatsApp offers. It is mainly to arrest the fake news propaganda that the first step in violence-hit areas is to suspend internet services.

In this case, too, the original culprits took cover in this anonymity and experts believe they may never be unmasked. While Facebook and other social media websites are under pressure to address the menace, an inter-personal software, such as WhatsApp, skirts the scanner.

“Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups. My guess is that they would have started it (the rumours) on WhatsApp because it is difficult to trace. Once it starts, it (the message) makes its way to everywhere. Somebody gets it on WhatsApp, they put it on their Facebook profile or forward to other WhatsApp users. It goes across multiple platforms. It is not limited to one platform,” says Alt News co-founder Pratik Sinha.

Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups

Given its penetration, WhatsApp has emerged as a cheap medium to propagate hate.

Police officials investigating the murder of senior journalist and Left-leaning thinker Gauri Lankesh in Bengaluru were surprised to find out that a key suspect was an ‘admin’ for hundreds of groups.

KT Naveen Kumar, a college dropout, floated his outfit ‘Hindu Yuva Sena’ in Mandya near Bengaluru three years ago. The Hindutva activist confessed to the police that he created several WhatsApp groups — Hindu Yuva Sena, Jago Hindu Maddur, Bajrang Maddur and Kaveri Boys among others — to propagate his ‘Save Hinduism’ agenda.

Once you create a WhatsApp group and add ‘participants’, you are free to make others the ‘admin’, who in turn can add scores of people to the group. There is no known cap to the number of participants in a WhatsApp group.

How To Spot Fake News

CHAPTER 2

Jharkhand

The fake message on ‘child lifters’ added fuel to fire in Jharkhand, which has been plagued by child abductions and kidnappings for years. Young girls from the state have been known to be abducted and forced into modern-day slavery in other states.

Villagers, who had never heard of the concept of fake news, bought into the rumours. And since a photo can say a 1,000 fake words as well, graphic images freely available on the internet were used alongside the message. The propaganda did the trick and aroused murderous rage among the local tribal population.

At least nine people were killed in separate incidents over as many days in Singhbhum district. Angry mobs beat and hacked the victims to death, assuming they were saving their young ones from ‘child lifting’ gangs that were rumoured to be abducting children for organ trade.

The death toll would have been higher had protest marches against the fake news and the killings not been held in cities like Jamshedpur. While these protests did not get the police to act against hate mongers on social media, the uproar publicised the fact that the message was a fake one.

Over the next few days, alleged ‘child lifters’ were caught in other villages, but were duly handed over to the police.

The disinformation campaign died a natural death in Jharkhand, but moved to a new hunting ground.

CHAPTER 3

Tamil Nadu

More than 2,000 km from Jharkhand, the message landed in Tamil Nadu with an additional detail — be wary of ‘North India people’. It warned of a gang of 400 ‘North Indians’ out to lure children for organ trade. These people, the message added, may try to gain entry inside homes on the pretext of being repair men or hawkers. Again, the images of mutilated bodies did the trick.

No one stopped to think whether a ‘gang of 400 outsiders’ could travel undetected. No one called the 100 helpline to confirm the rumour with the police. The mere ‘police-arrived-at-the-scene’ was enough to convince people of its authenticity.

A man in Thiruvalluvar, north of Chennai, became the state’s first victim of the fake news. A mob beat him mercilessly and hung him from a bridge in Pulicat on May 10.

The mob didn’t even give her a chance to be heard.

The second lynching came in less than 24 hours. This time the victim was an elderly woman identified as Rukmani in the temple town of Thiruvannamalai. She was returning from a temple visit with her relatives when they stopped their car at a village. Rukmani was handing out ‘foreign chocolates’ to local children when word spread that a woman was ‘luring’ kids with sweets.

“The mob didn’t even give her a chance to be heard. Giving out chocolates to children doesn’t make you a child trafficker. I’m scared to even step out after this incident,” says a relative who was in the car with Rukmani and was grievously injured.

Police officials rounded up at least 30 people and charged them with murder.

CHAPTER 4

Andhra Pradesh & Telangana

The mob madness spread to Andhra Pradesh and Telangana next, again preying on anti-migrant sentiment. The first attack was reported mid-May when 12 people were suspected to be members of ‘Parthi’ gang, a group notorious for dacoity in Madhya Pradesh and Maharashtra.

A couple of days later, a mob beat up two beggars in Vishakhapatnam, killing one of them.

Another horrific attack unfolded in Hyderabad where a transgender was stoned to death by a mob of 200. The victim had travelled from Mahabubnagar district with three others to seek alms in the holy month of Ramzan.

Soon, the fake news reached other districts. A man visiting a relative in Nizamabad was killed when he failed to give ‘satisfactory’ explanation to the mob about his presence there.

A murder in Yadadri district of Telangana, an attack on nine people in Vikarabad district and an assault on a woman at the Guntur railway station followed within days.

CHAPTER 5

Karnataka

The mob mentality fuelled by the fake news campaign reached Karnataka, where the ‘local versus outsider’ debate had reached fever pitch during election campaigning.

WhatsApp users in Bengaluru, India’s Silicon Valley, started receiving warnings on ‘child lifters’ in Kannada.

“Don’t leave your kids unattended..if you find such traffickers, tie them up and call the cops (sic),” one such message advised.04:24 PM

A 26-year-old construction labourer from Rajasthan, identified as Kalu Ram, who had come to look for work was tied with a rope, dragged through the streets of Chamarajpet in west Bengaluru. Beaten with bats and other household ‘weapons’, he succumbed to his injuries.

According to Additional Commissioner (West) BK Singh, India saw a similar kind of 'madness’ 20 years ago with the ‘Ganesha drinking milk’ rumour, but WhatsApp has taken it to a dangerous new height.

“This hapless man was walking alone. Two persons standing there saw him and started following him to a shop just 100 metres away. Suddenly, a crowd gathered. People brought whatever they could find in their homes — cricket bats, stumps, ropes etc,” Singh says.

“Once a crowd becomes a mob, you cannot control it. Many of them may be meek persons individually, but they are taken in by the presence of the mob. The mob thinks that if they act collectively, police won’t act and they can get away easily,” Singh adds.

People brought whatever they could find in their homes — cricket bats, stumps, ropes etc.

Around 20 people were arrested based on CCTV footage and videos taken by bystanders, who did nothing to help the hapless victim. One of the main accused is 26-year-old Anbu, who has other criminal cases pending against him. Four women and a minor were among those in custody. All of them face murder charges now.

The spread of the fake news in Tamil Nadu may also have led to the violence.

Pension Mohalla in Bakshi Garden where the attack took place has a dominant Tamil population. Some of them could have been aware of the rumours before it made its way to Bengaluru. When the WhatsApp messages started doing the Silicon Valley’s rounds, it may have been perceived as a confirmation of the fake news.

Another person was killed under similar circumstances in Salem. The state witnessed seven more such attacks.

CHAPTER 6

Assam

The latest casualty of the fake news was reported in Assam, again a state which deals with anti-migrant sentiment.

On June 8, two youths from Guwahati were battered to death in Karbi Anglong district on suspicion of being child lifters. Police said Abhijit Nath and Nilutpal Das were on their way to the Kanthe Langshu picnic spot when their vehicle was attacked by a group of men at Panjuri Kachari village, 16 km from Dokmoka town.

Eyewitnesses said the two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.

“It happened when some locals informed a group of villagers about two men travelling in a black car with an abducted child. These few villagers were drinking in the roadside dhaba and immediately called upon more people to trace the car and catch them. The mob stopped the car and surrounded the two boys inside. The village elders tried to stop them from beating the boys, but they would not listen,” said a local shopkeeper.

The two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.

This incident was yet again preceded by paranoia fuelled by WhatsApp forwards. The messages warned people of 'sopadhora' (child lifters) being on the prowl. Many in Karbi Anglong, one of the most backward areas of the country, took those messages as gospel.

“We have arrested 35 people so far. Some of them are directly involved in the attack, while one has been arrested for posting objectionable content on social media, inciting communal violence soon after the incident took place. There’s no substance to the rumour of ‘sopadhora’ (child lifters) in the area. But it had created a fear psychosis among people here,” says Agarwal.

Death By Whatsapp

For more details visit https://cis-india.org/internet-governance/news/death-by-whatsapp

Death by Social Media

Admin — 2018-07-10T01:44:15Z

The victims of WhatsApp forwards are outsiders, the political class is silent, the state is helpless. There are clear patterns behind the recent mob lynchings.

The article by Pretika Khanna, Abhiram Ghadyalpatil and Shaswati Das was published in LiveMint on July 9, 2018. Pranesh Prakash was quoted.

The Maharashtra state administration is still trying to come to terms with the shocking lynching on 1 July in Dhule district in northern Maharashtra, where a restive mob of 3,500-plus villagers gathered outside the gram panchayat office in Rainpada village, broke open the locks, and killed five agricultural labourers on the suspicion that they were ‘child-lifters’. There have been 14 incidents of mob lynching and vigilante justice—fuelled by rumours spread on social media—in Maharashtra alone in less than a month since 8 June.

In fact, a police officer, who spoke on the condition of anonymity as he is part of the investigating team, says the police machinery was clueless as “no police station in the areas where the mob attacks have occurred has received a formal complaint about kidnappings or children missing before the attacks”. Now, of course, everybody has swung into action. In Maharashtra, at prominent public locations across cities and towns, the state government have put up large boards cautioning people against believing social media rumours.

(Right) an angry mob lynched a hawker on suspicion of being a child-lifter at the Tripura State Rifles camp in Agartala on 29 June. Photo: AFP

Over the last year, there have been a number of deaths fuelled by rumours which spread like lightning via WhatsApp, the messaging platform owned by Facebook Inc. Horrific incidents have been reported from the states of Assam, Tripura, Karnataka, Jharkhand among others. A common rumour—that gangs of children-lifters are out to pick up children—has triggered almost all of these incidents of mob frenzy. Those being targeted include migrants, mentally challenged people, nomadic and denotified tribes and other vulnerable sections of society.

“Over 20 people have been killed. It’s unprecedented not just in India but globally. It is as serious as a breakout of an epidemic. Misinformation has been weaponized to target minorities, individuals, activists…,” says Pratik Sinha co-founder AltNews, a fact-checking website.

Complicating matters is that there are multiple reasons behind this shocking breakdown in law and order. Is the villain of the piece WhatsApp, which has 200 million monthly users, and did it do enough to stop the spread of rumours? Did the all-powerful, all-seeing local administration and police do its best to catch the societal discord before it erupted? What role did an overall, environment play, at a time when society has internalized lynching to such an extent that a Harvard-educated union minister Jayant Sinha recently honoured and garlanded eight people convicted of lynching a coal trader Alimuddin Ansari in Ramgarh, Jharkhand, last June?

Over 20 people have been killed. It’s unprecedented not just in India but globally. It is as serious as a breakout of an epidemic. Misinformation has been weaponized to target minorities, individuals, activists…- Pratik Sinha, co-founder of AltNews, a fact-checking website

Fear of the outsider

Not only have most of the victims been strangers, there are clear patterns behind most mob lynchings in recent times. In 2012, for instance, a rumour that spread like wildfire on social media had the north-eastern people in Bengaluru fleeing the city overnight. “These were not just random rumours, these are targeted. For example, the messages circulated in Bengaluru targeted Hindi-speaking migrants,” said Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank.

Experts point out that victims are usually outsiders as they are not seen as being rooted in society. “There is a structural marginalization based on caste, class which is usually attributed with such rumours. Invariably the attack is against those who already have a reputation,” said T.K. Oommen, sociologist and professor emeritus at the Centre for the Study of Social Systems, JNU.

Take the Dhule incident. According to the police official cited earlier, “In Maharashtra particularly there has been a method to this madness against some tribes like the Nath Gosavi tribe, to which the victims in Dhule belonged, and the Phase Pardhis. These communities are routinely identified as of criminal bent and have been on the receiving end much before social media emerged.”

There is a structural marginalization based on caste, class which is usually attributed with such rumours. Invariably the attack is against those who already have a reputation- T.K. Oommen, sociologist and professor emeritus at the Centre for the Study of Social Systems, JNU

Changes in society

“Rumours are not a one-time event. They emerge due to unrest in society. This is usually the situation in a society characterized by fear. The general tendency in society is that they are unreliable. That leads to consequences which are usually bad,” says Oommen.

Even as the Union home ministry has no official record of mob lynching, social media has become the primary catalyst for self-styled cow vigilantes, as well, to bring to book those who have reportedly been indulging in cow slaughter. On 1 April 2017, Pehlu Khan, along with six others, was returning from Jaipur to his village in Nuh, Haryana, carrying cows and calves for the purpose of dairy farming. They were stopped at the Jaipur-Delhi national highway by 200 cow vigilantes, who beat Khan to death.

Since 2014, there have been numerous such incidents of mob violence that have normalized the brutal act. The fact that political leaders have not been openly and quickly condemning such instances sets out a signal to the administration and people at large. All this comes at a time when sociologists and mental health experts point out that there has been a change in the societal set-up. They say that unlike older times, there is no folklore anymore. There is also a breakdown of the traditional society set-up along with a speed up of technology which gives a boost to the spread of such rumours.

Social media has become the primary catalyst for self-styled cow vigilantes, as well, to bring to book those who have reportedly been indulging in cow slaughter

Mental health experts say that people tend to believe messages sent through platforms like WhatsApp as they usually are sent by a trusted source. “As a result, doubts regarding the credibility of the source of the messages tend to get diluted. And therefore, we are inherently more likely to not think of rejecting the content of the message as being false or inauthentic,” said Samir Parikh, director of department of mental health and behavioural sciences at Fortis Healthcare.

The role of WhatsApp

On 8 June, two men, who had gone to Kangthilangso waterfall in Karbi Anglong district in Assam were beaten to death by villagers at Panjuri Kachari on suspicion of being child-lifters.

While the police immediately sprung into action, they are still heavily dependent on the response mechanism of the social media companies. “WhatsApp circulation has increased exponentially and we are now thinking of ways to control the flip side of it. When we are faced with specific cases pertaining to social media we write to the platforms separately, but their response time is long,” said Pallab Bhattacharya, special director general of police (special branch), Assam.

Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank.

There is no literacy training on the fact that the platform has rumours and misinformation, how to spot them and avoid becoming a source of it
- Pranesh Prakash, fellow at the Centre for Internet and Society, a Bengaluru-based think tank

According to Prakash, while WhatsApp keeps reminding users that their messages are encrypted, it does not remind its users to not forward unverified information or misinformation, as is prohibited by its acceptable use policy. The acceptable use policy is available only in English, and there is no user conditioning about what kind of messages aren’t acceptable. “Also, there is no literacy training on the fact that the platform has rumours and misinformation, how to spot them and avoid becoming a source of it,” he added.

For instance, Akash Tomar, superintendant of police-city (Ghaziabad) found it challenging to handle the rumours spread through social media platforms during Dera Sacha Sauda riots that took place not very far away from the state and other similar sensitive incidents. “At one point, WhatsApp can help the police in disseminating important and useful information for citizens but off late we have witnessed that such social media platforms have a potential to trigger riots, lynching and other crimes,” Tomar said.

While WhatsApp says it will take appropriate measures to curtail the spread of fake news , simply shooting the messenger is not going to be enough. These murders have not taken place in a digital vacuum.

pretika.k@livemint.com

Komal Gupta and Neetu Chandra Sharma in New Delhi contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/death-by-social-media

Dear Milind Deora, Prakash Javadekar Deserved The Truth

praskrishna — 2013-09-05T10:38:05Z

Milind Deora, the Minister of State for Communications, Information Technology and Shipping, isn’t your typical politician.

This article by Rohin Dharmakumar was published in Forbesindia Magazine on August 22, 2013. Sunil Abraham is quoted.

At just 36, he’s way younger than the average cabinet minister (64) or Member of Parliament (53). He’s also richer (Rs.17.5 crore compared to Rs.5.3 crore for the average M.P.)

He’s got his own website - www.milinddeora.in - which unlike most of his peer’s websites, is fairly well-designed and constantly updated. He’s also an avid user of social networks like Twitter (@milinddeora) and Facebook.

Oh, he’s also a Blues fan and a pretty good guitarist.

In short, he’s the kind of politician or minister many Indians would like to vote for.

And vote they do, in fact. Deora’s won the Mumbai (South) parliamentary constituency two times in a row, garnering nearly twice his next opponent’s votes during the 2009 elections.

Which is why it’s surprising, and saddening, to see Deora trot out a patently false set of answers to how America’s global dragnet of Internet surveillance is affecting the privacy of Indians.

On 16th August Deora responded to a question from Rajya Sabha M.P. and BJP Spokesperson Prakash Javadekar, asking the following:

(a) whether it is a fact that India was the fifth most tracked country by the United States intelligence, particularly on the internet;
(b) if so, the details thereof;
(c) the impact of USA”s surveillance program-Prism and Boundless Information on the country; and
(d) the steps Government intends to take to protect country”s interests and the privacy of its citizens?

Javadekar’s question was sorely needed in light of the near-daily disclosures being made about the scarily omnipresent extent to which the US Government spies on global Internet users through a myriad of ways.

India, as Javadekar rightly pointed out, was indeed the fifth most monitored country under the “Boundless Informant” data mining tool that tracks the NSA’s (the US’ lead communications spy agency) global surveillance efforts. In just March 2013 alone, according to a leaked presentation on the tool, the NSA collected 6.3 billion pieces of information from India. Suffice it to say, the information would have come from Indian citizens, businesses, ministries, bureaucrats and of course, members of Parliament (most of who now use webmail and social network from the likes of Google and Facebook).

The only countries that were spied upon more than us were Iran, Pakistan, Jordan and Egypt. Some sobering company, that!

One would thus expect Deora to be seized of the urgency and concern behind Javadekar’s questions. His answer was:

(a) & (b) In June 2013, Media reports have disclosed that India is the fifth largest target of United States electronic surveillance programmes, in terms of interception of communications on fibre cables and other infrastructure. As per media reports, United States agencies used a number of methods to gather intelligence including intercepting communication on fibre cables and infrastructure, collecting information from servers of global internet and Telecom Service Providers. Such companies include Google, Facebook, Microsoft, Apple, Yahoo, AOL,Youtube, Paltalk and Skype.

Here we have a member of Parliament asks India’s Minister for Communications & IT about the extent to which Indian citizens and businesses are being spied upon by the US – ostensibly a friendly country – and all the Minister could do was cite newspaper reports?

What about your own investigations Mr.Minister? What is the opinion of your leading spy agencies like the NTRO, R&AW and IB? Are they also relying on newspaper reports?

But wait, Deora does go on to provide a few more answers:

(c) & (d) Government has expressed concerns over reported United States monitoring of internet traffic from India. Concerns with regard to violation of any Indian laws relating to privacy of information of ordinary Indian citizen as well as intrusive data capture deployed against Indian citizens or government infrastructure have been conveyed to the United States. The issue of United States Cyber surveillance activities was discussed during the Indo-US (India United States ) strategic dialogue meeting held in New Delhi on 24.06.2013.

Whew. That was reassuring. We expressed “concerns with regard to violation of any Indian laws relating to privacy of information” to the US during a “strategic dialogue meeting”.

Let me guess what the US side responded: “Sure. We’ll do that. Come back to us when you have a privacy law. Ha ha!”

As Sunil Abraham, the director for the Center for Internet & Society points out in Forbes India, India has no modern and comprehensive privacy law. And the government is working on a new one for only the last three years:

What would an ideal privacy law for India look like? For one, it would protect the rights of all persons, regardless of whether they are citizens or residents. Two, it would define privacy principles. Three, it would establish the office of an independent and autonomous privacy commissioner, who would be sufficiently empowered to investigate and take action against both government and private entities. Four, it would define civil and criminal offences, remedies and penalties. And five, it would have an overriding effect on previous legislation that does not comply with all the privacy principles.

The Justice AP Shah Committee report, released in October 2012, defined the Indian privacy principles as notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness and accountability. The report also lists the exemptions and limitations, so that privacy protections do not have a chilling effect on the freedom of expression and transparency enabled by the Right to Information Act.

The Department of Personnel and Training has been working on a privacy bill for the last three years. Two versions of the bill had leaked before the Justice AP Shah Committee was formed. The next version of the bill, hopefully implementing the recommendations of the Justice AP Shah Committee report, is expected in the near future. In a multi-stakeholder-based parallel process, the Centre for Internet and Society (where I work), along with FICCI and DSCI, is holding seven round tables on a civil society draft of the privacy bill and the industry-led efforts on co-regulation.

Which brings me to the final part of Deora’s response to Javadekar:

United States official responded that PRISM dealt only with Meta Data (related to the direction and the flow of the traffic) and only broad patterns of telephony and internet traffic are monitored. United States Officials maintained that data content/content of emails are not accessed or not monitored under these surveillance programmes; therefore, it is not a violation of privacy. It was stated by United States that its agencies need to get separate authorization from Foreign Intelligence Surveillance Act (FISA) court, if they want to access the content of any of the data intercepted by these surveillance programmes.

Dear Mr.Minister, either you have been lied to by your friendly “United States Official”, or, well…

Firstly, by limiting the answer to only PRISM, which happens to be just one of the NSA’s secret tools for online surveillance, you are willfully or inadvertently narrowing down Javadekar’s question which specifically mentions other tools like Boundless Informant.

Almost all of the big Internet companies revealed to be part of the NSA’s global spying mechanism have also used the same tactic to tailor their denials. I suppose they got the cue from the NSA, which loves using the “Under This Program” dodge to derail specific questions about its secret programs, according to the Electronic Frontier Foundation:

Another tried and true technique in the NSA obfuscation playbook is to deny it does one invasive thing or another “under this program.” When it’s later revealed the NSA actually does do the spying it said it didn’t, officials can claim it was just part of another program not referred to in the initial answer.

In case you weren’t aware of the NSA’s obfuscation tactics Mr.Minister, here is another great piece on it from the Slate – “How to Decode the True Meaning of What NSA Officials Say”

Thus when your friendly US official tells you that “only meta data (related to the direction and the flow of the traffic) and only broad patterns of telephony and internet traffic are monitored” under PRISM, not “data content/content of emails”, he or she is technically right.

Because the NSA has other programs that capture all of that. For instance, XKeyscore, which according to leaked presentations, it can capture “nearly everything a typical user does on the internet”. This includes emails, visits to websites, web searches and Facebook chats & private messages.

Did you also know, Mr. Minister, that the XKeyscore surveillance program has servers located inside India?

Finally, you make a statement that is patently false. You say that US spy agencies need authorizations from the secret Foreign Intelligence Surveillance Courts (FISC) in order to access the data collected by various surveillance programs.

FISA courts almost always approve any request made to them (they apparently rejected just 11 requests out of 33,900 made by the US government in the last 33 years), so that’s that for oversight.

And in the NSA’s Orwellian world of doublespeak, large scale interception and storage of Internet communications isn’t considered “collected” till such time one of their agents has had a chance to look at it. Which means if you’re reading this post – the NSA’s secret servers over the world and in India can coolly capture that and store it in vast databases for posterity – without it ever registering as a “collection” or requiring any approval from FISA courts.

Fact is, Mr.Minister, we “foreigners” (unless you belong to one of the four other countries that are part of the “Five Eyes” alliance, in which case you’ll be treated with a wee bit more caution) , that is, us, are fair game:

The intelligence data is being gathered under Section 702 of the of the Fisa Amendments Act (FAA), which gives the NSA authority to target without warrant the communications of foreign targets, who must be non-US citizens and outside the US at the point of collection.

The communications of Americans in direct contact with foreign targets can also be collected without a warrant, and the intelligence agencies acknowledge that purely domestic communications can also be inadvertently swept into its databases. That process is known as “incidental collection” in surveillance parlance.

We expected better answers from you Mr.Minister – sorry, expect better.

Alas your recent answers don’t inspire much trust, for instance when you tell us constant surveillance is “good for us” and “will enhance the privacy of citizens”.

Or when you tell us that “Google Hangouts” – a service provided by a company that looms over nearly everything Indians do online – is a better medium to reach out to people than Parliament or Television.

We deserve the truth from you Mr.Minister. Just like Prakash Javadekar.

For more details visit https://cis-india.org/news/forbesindia-august-22-2013-rohin-dharmakumar-dear-milind-deora-prakash-javadekar-deserved-the-truth

Deadline For Linking Bank Accounts With Aadhaar To Be Extended To 31 March

Admin — 2017-12-16T13:24:59Z

The government does away with the existing deadline of 31 December for linking of bank accounts with Aadhaar and PAN

The article by Komal Gupta and Ramya Nair was published in Livemint on December 14, 2017

The government on Wednesday extended the deadline for linking of bank accounts with Aadhaar to 31 March, in line with its submission to the Supreme Court.

The earlier deadline was 31 December.

Bank account holders will have to furnish their 12-digit unique biometric identity number and Permanent account number or PAN by 31 March or within six months of opening the account, whichever is earlier, said a statement from the finance ministry.

This will provide temporary relief to crores of bank account holders who had not linked their bank accounts with the 12-digit unique identity number.

Last week, the income tax department had extended the deadline for linking of Aadhaar with the permanent account number to 31 March from 31 December.

The move comes a day before a Constitution bench of the Supreme Court starts hearing the issue of stay against mandatory linking of Aadhaar with bank accounts and mobile phone numbers.

The statement added that the bank account will cease to be operational in case of failure to furnish Aadhaar and PAN as on 31 March or at the end of six months. The account will become operational again only after the furnishing of documents.

“This is just a gesture from the government, seeking to avoid the court granting an interim stay against the mandatory linkage of Aadhaar with bank accounts. This apparent extension won’t truly help ordinary people, who will continue being harassed through constant messages urging them to provide their Aadhaar number to continue receiving entitlements, services, and for access to one’s own money,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.

For more details visit https://cis-india.org/internet-governance/news/deadline-for-linking-bank-accounts-with-aadhaar-to-be-extended-to-31-march

Dead and Clicking

praskrishna — 2016-03-23T01:42:20Z

A look at the phenomenon of digital memorials; repositories and time capsules of a life even after it's ended in the real world.

The article by Jayanthi Madhukar and Sowmya Rajaram was published by Bangalore Mirror on March 20, 2016. Rohini Lakshane was quoted.

On the first death anniversary of his father-in-law last week, Pradip Mehta (36) decided to show the 120 relatives gathered at his home in Rajkot the digital memoriam he had created through Shradhanjali.com, India's first and only memory portal. As he clicked on the page, the photograph of his father-in-law popped out to the accompaniment of the Mrityunjaya mantra. Curious relatives looked on as he showed them the photo album on the portal where all good moments with the deceased we're captured for eternity. "There were two reasons why I chose this kind of memoriam," he explains. "Instead of paying a fortune on print media for the announcement, this online profile will be up for 30-odd years. And by uploading all the pictures and videos, my wife and I are making sure that he will be 'alive' for our 12-year-old son in the future." Mehta regrets that he grew up with practically no idea of his ancestors. "We don't take efforts to know our lineage at all."

That may not be the case with the millennial generation and the people who follow them. With an entire life online — selfies uploaded to Facebook, tweets, posts, Instagrams of their meals and dubsmashes — leaving behind a legacy is less a matter of choice and more a matter of inevitability. Everybody leaves behind a footprint on the Internet, but some of it can be controlled even after their death. Today, your loved ones have a 'life' beyond their death — on memorialised pages on Facebook, on webpages dedicated to their memory, and even on QR codes on their gravestones that will link to information about them online.

Indeed, the dead may soon outnumber the living, at least in the virtual space. A US statistician has calculated that Facebook's dead will outnumber the living by 2098. And when that is the case, the rules must evolve.

In memoriam

Take the way social norms have evolved in the virtual space. When a death is announced on social media, online friends begin sharing thoughts and comments. Some may not have even met the deceased in the real world but their digital interactions had been extensive enough for them to suffer a sense of grief.

So, how does one mourn a loved one who has piled up an extensive amount of digital possessions? Do they deserve an online memorial? Facebook certainly thinks so. On the social networking website, families can get full access to profiles only if there's documented instruction from the deceased. You can let the site know if a person has passed away, and Facebook will memorialise the account, which means that person's Facebook account now appears with a 'Remembering' above their name. A legacy contact (someone you choose to look after your account if it's memorialised) can then write posts, respond to new friend requests and such. There are many such accounts on the site — take the accounts (now memorialised pages) of actor Sanjit Bedi (of TV show Sanjeevani fame), Sheryl Sandberg's late husband Dave Goldberg and late F1 driver Jules Bianchi. All this, if you don't explicitly ask for your account to be deleted after your death.

In an earlier interview to The Huffington Post, Facebook spokesperson Fred Wolens had said: "When we receive a report that a person on Facebook is deceased, we put the account in a special memorialised state. Certain more sensitive information is removed, and privacy is restricted to friends only. The profile and wall are left up so that friends and loved ones can make posts in remembrance. If we're contacted by a close family member with a request to remove the profile entirely, we will honor that request."

Time capsule

Shradhanjali.com works a little differently. For Vivek Vyas, co-founder of Shradhanjali.com, the idea was born out of empathy rather than business opportunity. He says one particular incident prompted him to offer the memorial service online. He and his friend (now partner) Vimal Popat were eating samosas at a roadside restaurant off Rajkot in 2011. The paper in which the savouries were packed was the obituary page. "It was disturbing to see the photographs of the deceased wrapped around the samosas, oil-stained and later, discarded as rubbish." The friends spoke of having an online memoriam which would be decorous to the memory of the departed.

Back home, the two researched similar sites and to their surprise, found no other site offering such a service in India. "Let's do this," Popat urged Vyas, and the two quit their jobs in an insurance company to start the memorial portal. The site went live in 2011, allowing you to relive memories of your loved ones.

First, one has to register by going online to this B2C website with a simple user interface. Once a payment of Rs 2,700 is made for a 30-year subscription, the subscriber can upload information, photographs and videos about their loved one. They are offered a choice of 10 languages (for friends and relatives to write their condolences) and a selection of music that they wish to be played whenever someone visits the profile page. The content is completely user-driven and once the page goes 'live' the link is sent to all the emails that have been uploaded.

Vyas maintains that their website is gaining traction — there are about 400 paid subscribers, many of them are agencies which partner with print media giving 'packages' to the client — and in spite of not marketing aggressively, the number is growing. "The concept connects with people in a rather intimate manner," he says, "and some of the people to whom I have explained the site have shed copious tears, they are so moved by the concept of memoralising the departed."

In fact, one of the subscribers initially wrote a cheque of Rs 27,000 insisting that the yeoman service needs better cash appreciation.

The founders maintain that their venture is not comparable with Facebook or a blog as Shradhanjali is free of any advertisements and even sends out reminders of birth and death anniversaries. "Besides, the others are not exclusive platforms for memorials," Vyas stresses.

Life, beyond

Clearly, the meaning of the memory of a loved one is different today. It exists beyond photo albums and physical memories of that person's friends and family. Madhu Nataraj, choreographer and dancer, Natya Stem Dance Kampini, discusses what the community page dedicated to her late mother Maya Rao on Facebook means to her. Although the page was made when she was alive, as a way for her students to address her and to talk about her book, after her death in 2014, Nataraj says today it has become a sort of memorial page, where people post their remembrances of her mother.

"She lives on through her art. Every time I dance or step on stage — and I'm sure this is true even of her students — I remember her. This is just another dimension of that remembering," Nataraj says. In another case, the FB page of Dean D'Souza (a close friend of a writer who did not wish to be named), who died in a helicopter crash in 2013, "brings comfort and a smile". He adds, "Friends are constantly posting on it, and his profile picture is changed regularly, reminding us of a happier time. I found it unnerving at first have FB remind me that "It's Dean's birthday", but not anymore over the years."

Nataraj however emphasises that for an artist of her mother's stature, the legacy is through the memory of her art. Of course it feels good when people pay tribute to her online. But a virtual 'memorial' of her mother's life isn't the only legacy she has.

Digital remembering

But the burgeoning number of such services makes it clear that for many others, a virtual repository of their loved one's life is important. Take The Digital Beyond, a site that discusses how to plan digital legacy management — Facebook accounts, email, bank accounts etc — after death.

There are others. In a page straight out of the movie PS I Love You, a service called My Wonderful Life sends posthumous emails to loved ones. Then there's MyDeathSpace.com, which tracks social media profiles of the dead and maintains an extensive message board and Facebook page.

Services such as Living Headstones allow you to emboss a QR code upon a loved one's headstone. Scanning it connects to a website containing information you and friends add about your loved one, such as: an obituary, family heritage and history, photos, comments by friends and relatives and even links to share content on Facebook or Twitter. Another, Quiring Monuments, adds a link to the granite memorial through which smartphones can connect to your loved one's personalised website.

There are those who might raise their eyebrows at such platforms, but Vyas will have none of it. "Just because you have a mandir (a prayer room) at home, the need for temples will not diminish, will it? There is a decorum given to the memory of the dead on our site."

Do we forget?

But there is also a flipside. In the real world there is a period of mourning, people come to offer condolences and then, it is time to move on. Cyberspace may not allow this clean transition from grief and mourning to a semblance of routine. The thing about having such a digital memoriam is that grieving does not really end. This is a setback, according to clinical psychologist Dr Anand A Rao. "Grief has to be suffered immediately otherwise it will become a reaction later which will require clinical help," he says. But reliving the memory each time someone posts a query or shares a memory does not help either. "Ultimately, grief has to stop and loved one's routines have to continue. Typically I would recommend the presence of such a page for about 15 days, no more," he says.

There is also the matter of insincere tributes. As Nataraj says, she was very hurt when people who "hardly knew" her mother had posted selfies captioned: 'Maya didi', "followed by five hearts". "I found that callous," she says. "There are so many so-called obits and condolence messages and everybody wants to claim that familiarity with her that I'm sometimes wary."

But it doesn't look like the digital memorial phenomenon is going away anytime soon. Rohini Lakshane, researcher at the Centre for Internet and Society, agrees with Dr Rao to an extent, saying that getting constant updates could thwart the process of grieving or healing. "But at the same time, I could see how reaching out to a larger community via public updates or photos could give them strength, moral support and empathy," she says. She points out that if a person feels that their online persona or presence is an extension of themselves, it's a perfectly "legitimate wish" to have. "Given the importance attached to details of events that we post online, I suppose the desire to create a time capsule of it will continue to exist.

For more details visit https://cis-india.org/internet-governance/news/bangalore-mirror-jayanthi-madhukar-sowmya-rajaram-march-20-2016-dead-and-clicking

De facebook

praskrishna — 2011-04-02T13:41:13Z

Facebook used to be our playground but privacy concerns are now souring that fantasy. Why do we trust a clutch of new corporations with such phenomenal amounts of personal data?

The age of privacy is over, Facebook’s fresh-faced founder and CEO Mark Zuckerberg declared a couple of months back. Social norms have shifted. We are now used to living out loud. “When I got started in my dorm room at Harvard, the question a lot of people asked was, ‘Why would I want to put any information on the internet at all? Why would I want to have a website?’” he said.

That paranoid past is behind us, claimed Zuckerberg, justifying Facebook’s controversial new decision to fling open the curtains and make maximum visibility the new normal. “In the last five or six years, blogging has taken off in a huge way, and (there are) just all these different services that have people sharing all this information,” he said.

In other words, get over the stage fright. Everyone else is out there over-sharing, arguing, preening, and generally acting out online.

In June last year, Facebook sneaked in a feature called the Everyone update. This makes it much like Twitter, and also allows it to share with and sell information to search engines like Google, Bing or Yahoo. “Facebook’s privacy changes are relevant as it tries to compete with real-time search on platforms like Twitter. It does give you an option to work around that though I am certain the whole process of setting privacy preferences could be a lot more intuitive,” says Sidharth Rao, digital industry watcher and CEO of internet marketing firm Webchutney.

On the surface, the new Facebook settings are better and much more malleable, if you can figure out how to work them — you can now choose, per post, what you want different sets of people to see. They have eliminated regional networks which would unwittingly expose you to an entire city sometimes (meaning that not everyone who is on the Delhi network, say, has automatic access to your information if you are in Delhi). But on the other hand, the default setting that Facebook recommends is deeply problematic. You, your profile picture, current city, gender, networks, and the pages that you are a “fan” of are all “publicly available information”. Earlier, you could make sure only your friends saw the rest of your friends — now, that option no longer exists as a setting.

Wasn’t privacy once a Facebook fundamental? Unlike the seedier environments of Orkut or Myspace, Facebook grew out of a small Harvard community, expanded to cover other East Coast schools, then conquered companies and countries. In September 2006, Facebook opened registration to anyone with an email address. But it was extremely cautious about how it engineered interaction. In essence, you were meant to socialise with people you already knew.

“It felt safer. It wasn’t about random people sending you scraps and stalking you, like on Orkut or whatever. Facebook reflected my real world. It kept you loosely, comfortably connected to so many people”, says Nomita Sawhney, a young Delhi-based architect. Unlike the threat of cyberstalking, intimidation, and impersonation that stalk less selective networks, Facebook remained clear of what media scholar Danah Boyd calls ‘stranger danger’. Only two years back, Zuckerberg told tech blogger Marshall Kirkpatrick that privacy “is the vector around which Facebook operates”.

I Like To Watch

Why are these changes such a big deal? Zuckerberg’s claim about privacy rings true for most unself-conscious Facebookers. After all, only recently, bra colour status updates were the big buzz on Facebook, ostensibly in support of breast cancer awareness. Now, it’s doppelganger week, where you tell the world what celebrity you most resemble. You can take dippy quizzes, remember birthdays, discuss the news, giggle over pictures. Grim warnings about corporate avarice and government spying sound faintly ridiculous in this pleasant context.

Social networks and blogs have certainly reconfigured privacy. Anyone who’s spent time on Facebook knows the impulse to meander through the pages and pictures of people in that amorphous category called ‘friends of friends’. In just a few years, we have got used to the thought that our lives are externalised and sprawled out for near-strangers to see.

In fact, Facebook is now the largest photo site in the world. When you join Facebook, under its Terms of Service, you give it a “license” (that is, legal permission) to use your content “on or in connection with the Facebook Service or the promotion thereof.” It takes some effort to realise how recent all this is, that it’s still a great unfolding experiment, and that we are granting these companies fabulous power.
In his recent book, The Peep Diaries: How We’re Learning to Love Watching Ourselves and Our Neighbors, cultural critic Hal Niedzviecki describes the digital glasshouse: “Peep culture is reality TV, YouTube, Twitter, Flickr, MySpace and Facebook. It’s blogs, chat rooms, amateur porn sites, virally spread digital movies of a fat kid pretending to be a Jedi Knight, cell phone photos — posted online — of your drunk friend making out with her ex-boyfriend, and citizen surveillance. Peep is the backbone of Web 2.0 and the engine of corporate and government data mining.”

Web 2.0 was the clunky name for a whole range of liberating personal expression platforms — from Flickr and Youtube to Livejournal and Facebook. These companies provide the space and you bring the party. They encourage you to feel right at home and treat these platforms like your lounge, confessional or salon. Meanwhile, they also collect and refine data about you, and often wield it without your awareness.
In its over-eagerness, Facebook has blundered into several privacy minefields before this—when it first introduced Newsfeed, pushing a steady stream of your friends’ status updates at you, it embarrassed and annoyed many. Boyd compared it to the experience of shouting to be heard at a party, when the music abruptly stops and everyone else can suddenly hear your careless small talk. Of course, it turns out Zuckerberg was right when he told users to “calm down and breathe”, and Newsfeed has been naturalised into the Facebook experience. Another, more scarring experience was Beacon — its attempt to track what users in the US bought on partner sites — and tell on them to their friends. After an avalanche of protests, Facebook backed down and modified the ad platform. It even employs a chief privacy officer to address our fears.

In the early days, Facebook generated awkwardness because it didn’t respect context — the fact that you wear and cast off selves depending on who you’re interacting with, your crazy roommate or your conservative grand-aunt who decided to befriend you online. “It is the problem that arises when worlds collide, when norms get caught in the crossfire between communities, when walls that separate social situations come crashing down,” writes Chris Peterson of the University of Massachusetts, who has studied Facebook’s privacy architecture.

But now you can tweak settings and set up differential access. People have figured out how to work Facebook and not get burnt. “Profile pictures flatter, tagged pictures shatter,” says Priya Singh, a twenty-something law student, with a laugh. “You never know what someone’s going to put up and who’s going to see what. I don’t want everyone to see drunken party pictures, and so I’ve just learnt to place family on a new level of privacy settings.” And that’s the general pattern on Facebook: most people have learnt to adjust to the public glare, after some initial blinking and bemusement.

Privacy from Whom?

You can segment your social world as minutely as you like, but that doesn’t mean your life is any more private. It’s not just the fact that potential employers can scan and dismiss you, or current employers keep tabs — though such stories abound. For instance, MIT’s Gaydar research project discovered that you can identify a person’s sexual preferences by studying who their friends are on Facebook, even if they have avoided sharing that information in their profile.

But perhaps we have been gulled into thinking that the whole privacy fuss is about each other. “It’s very clever of Facebook to foreground this aspect of control. Your other friends, pictures, the games you play — that’s something we regularly give out anyway”, says Nishant Shah, director of the Bangalore-based Centre for Internet and Society. “But Facebook is not a single entity — it is a collection of third party apps (applications) that we have no control over. A simple birthday calendar can harvest all your data, all your online traces and you grant it access without knowing it,” he says. So Facebook makes a big show of protecting you from your acquaintances, even as it sells your information continuously.

This becomes a much bigger possibility when it comes to search engine integration, which allows the open flow on Facebook to be harnessed for perfect reach and recall.

To get a clearer sense of what’s at stake with these influential corporations, take a more powerful example: Google.com. Every day, we confide our trivial confusions, our deep doubts to one willing ear. And these billions of broken questions can add up to an eerily accurate picture of the world. But do you search Google or does Google search you? “Google can track you across applications: email, search, blogs, pictures and books read. That means they can profile you in a very detailed, exhaustive way, and they do,’ says Rahul Matthan. “They never delete information, and they’re getting progressively more intelligent about you, as they make search more relevant with features like Google Suggest.” As technology scholar Siva Vaidyanathan puts it, “we have to realise that we are not Google’s customers. We are its product. We are what Google sells to advertisers.” These behaviourially targeted ads are the most perfect, evolved form of advertising so far and in concept, the least annoying, because they are customised to you. Google has promised that its information is utterly secure and that search logs are anonymised after a certain period.

It provides limited disclosure of outside ads, lets users manage the categories that Google has assigned to them and tinker with it for a more accurate picture and also provides an opt-out option. But Search 2.0 is a scary beast — it can also facilitate social control and surveillance. Your online activities are not scattered across applications any more, Google can hear what you tell Facebook.

While selling us stuff more efficiently is probably a good thing, what happens when this intimate knowledge shades into active surveillance? Even if we live in countries where rights are respected, “we give out enough personal information in an innocuous way to a single repository. They are sitting on top of a very valuable resource, and all this information can easily be reverse-engineered to reveal specifics about you,” says Rahul Matthan, technology lawyer and founder-partner of Trilegal.

In India, we are even more oblivious to such stealthy watching. “Privacy concerns here are lesser than in the West, where they’re so dependent on digital ID. There, if someone impersonates you or overdraws credit limits, it could affect your house, your job,” says Matthan.

Privacy legislation doesn’t really exist in India — the right to keep personal information confidential has only been articulated as protection against state action. “There’s no easy legal recourse to being thoroughly spied on by a company,” says Matthan (Europe has enforced data protection directives since 1984 — you can control what information is gathered about you, and how it is used. While the US has somewhat diluted laws, personal information is still strongly guarded). While it’s tempting to think that you have nothing to hide, you are acceding to a set-up where outliers can be identified and dealt with. Privacy matters, no matter how unexceptionable your own life. So what’s to be done? “Holding Facebook and other companies to account is crucial. We must set up legislations by which people can look back, ask exactly what about their activity is being tracked. They have to treat consumers as peers,” says Shah. “If Facebook can gaze at us, we must be given the right to gaze back at its functioning — it has to be a peer-to-peer relationship.”

So far, Facebook and the Googleverse and Twitter are still our friends and enablers. But as they amass more and more power, it is better to see them as fallible companies rather than confidantes, and to make sure that they account for our information.

For original article on the Indian Express

For more details visit https://cis-india.org/news/de-facebook

Days to Derail Work of Two Generations?

Mahesh Kumar Shiva — 2017-12-21T16:18:57Z

Strap: How an internet shutdown hurt a family woodwork business.

Saharanpur, Uttar Pradesh: It was reportedly Bahlul (Bahlol) Lodi, the founder of Lodi dynasty, who in the 15th century first settled some Afghani craftsmen and their families on the outskirts of the old town in Saharanpur. Today, this area houses the Lakdi Market, home to world-famous wood art and handicrafts. From large fretwork screens and doors to trays, bowls and trinket boxes, these intricately carved wooden objects are called for from as far as Europe, the Middle East and Australia. The woodworking industry is the mainstay of thousands of artists, workers and entrepreneurs here, many of whom are part of small mom-and-pop operations.


Craftsmen at Furqan Handicrafts in Saharanpur

Mohammad Aarif, 28, heads one such business which has been in the family since two generations. Founded by his father four decades ago, Furqan Handicrafts has survived several challenges, such as rising prices of the fast exhausting raw material and middlemen, but the losses caused by a 10-day-long internet shutdown jolted him. He lost around Rs 7 lakh ($10,900) during this time. Six months on, he is still dealing with the repercussions, uncertain if he would ever recover the money.

Dalits and Thakurs in Shabbirpur village of Saharanpur district had their daggers drawn since violence first broke out in the village on May 5. The increasing friction led to a revenge cycle of violence, and subsequently to indefinite suspension of internet services on May 24, which went on till June 2, under the orders of the district magistrate to avoid rumour-mongering and hate messages being circulated on social media and messaging apps. The suspension of services in this west Uttar Pradesh city brought life to a standstill and Aarif’s business is just one of those which suffered dramatic losses during this one week.

Furqan Handicrafts is famous for its handicraft items and furniture, both in the country and abroad. Their products go as far as Malaysia, Finland and China. Aarif uses his mobile to make payments for the raw materials as he travels a lot, and this helps him conduct his business on the go.

“We have employed around 20 workers,” says Aarif. When the shutdown came into effect without warning on May 24, he had only around Rs 20,000-30,000 ($310-470) cash in hand. “Can you imagine running a business of this size, with a weekly turnover of Rs 10 lakhs, with so little cash in hand and having the liability of over 20 families on your head?” Aarif asks. “I ran out of cash on May 26 and then the real problems began. The banks were closed and the internet was shut down. We were left with no options. The situation was so tense outside that we could not even think of going to other districts to transact or to even our own banks when they eventually opened after two days,” the businessman says.

Moreover, Furqan Handicrafts has been accepting a good chunk of their orders online - either through their website or on WhatsApp. So the shutdown also affected the demand side of the business adversely. All the little consolatory lies he told himself to steel against the mounting panic didn’t help for long with the shutdown stretching on indefinitely. “I told my workers that the media said the situation would return to normal soon, and that helped us keep calm initially. We were hopeful that we would be able to conduct transactions in the next two days, but the situation worsened when the shutdown continued for over a week,” Aarif says.

“Our suppliers refused to sell us the raw materials without being paid first. Sometimes we may get some materials on loan, but most times only money does the talking. The chemicals that we get from Delhi have to be paid for fully in advance. We had more difficulties when we weren’t able to move our finished product. They were just lying there, collecting dust, and we incurred further losses in re-polishing them. And we were not able to pay our workers for the hours they had put in,” Aarif recalls.

It was not just his business that suffered, his employees felt the sting of the shutdown as well. Najeer Ahmad, a woodworker at Furqan Handicrafts, says that everything was normal in the beginning but situation started worsening after two days. “After the second day, work started slowing down and eventually, stopped completely. Our boss told us that we couldn’t get any raw materials because we weren’t able to pay the suppliers. Whatever little materials we had in the workshop, we used up, but then when there was none left, there was no work… since there was no work, there was no money. The boss usually settles our wages at the end of every week and gives us walking-around money every day. Without either of these, it became quite difficult to manage.”

Another of his employees, Rashid, was able to weather the shutdown because he had some cash lying around at home. “Aise to jumme ke jumme hisaab ho jaata hai (Usually, we get paid every Friday).” So, even though he wasn’t paid that Friday like he usually is, he made do. But he still lost wages because of the lack of work during that week.

“We have lost money in lakhs already. If something like this were to happen again it would ruin us,” says Aarif. But he still manages to see the silver lining in this suffering, and is glad that he did not lose his clients. “Allah ka shukar tha ki hamara koi bhi client toota nahi. Nuksaan ki bharpaayi to ab tak nahi ho paayi hai, lekin Allah chahega to jald hi ho jayegi (Thank god that we didn’t lose any of our clients. We haven’t been able to recover the losses yet, but god willing, we will be able to make up).”

Mahesh Kumar Shiva is a Lucknow - based freelance writer and a member of 101Reporters.com, a pan-India network of grassroots reporters. With inputs from Saurabh Sharma, a Lucknow-based reporter.

Shutdown stories are the output of a collaboration between 101 Reporters and CIS with support from Facebook.

For more details visit https://cis-india.org/internet-governance/blog/days-to-derail-work-of-two-generations

Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption

praskrishna — 2016-04-09T09:45:12Z

Messaging service WhatsApp's decision to roll out end-to-end encryption for over 1 billion subscribers has been hailed as a positive step by users across the world, although things are set to get tougher for law enforcement and investigative agencies in India seeking to track terrorists.

The article by Neha Alawadhi was published in Economic Times on April 8, 2016. Sunil Abraham was quoted.

"It was anyway difficult to get any kind of data from WhatsApp and now it is going to be even more difficult," said a person familiar with the working of these agencies who did not wish to be identified.

Encryption scrambles data such as text messages, photos and documents and makes them unintelligible for unintended recipients. A service that is encrypted end-to-end cannot be monitored or intercepted. No one, except the people or group communicating with each other, can access the data. If telecom companies, Internet providers or even companies that run messaging services try to intercept the message, all they would get is garbled data.

While chats will not be accessible, associated information known as metadata will be available, such as when the conversations took place, the identities of senders and recipients, their locations, mobile numbers, profile photos and address books, which may be useful for security agencies.

"Definitely for law enforcement it means a big headache, but the metadata is there and with metadata, if you have a couple of other bits of information, you can piece it together," said Sunil Abraham, executive director at Bengaluru-based research organisation Centre for Internet and Society. "Agencies can get the metadata, but they won't get the payload unless they're able to compromise the device. And that intelligence agencies like NSA (National Security Agency of the US) have been able to do in the past."

While encryption offers privacy and security to users, it is the bane of law enforcement agencies globally, as exemplified most recently and notably by the Apple-FBI dispute in the US. The Federal Bureau of Investigation FBI asked Apple to weaken its encryption to access a dead terrorist's iPhone data and after the company refused, hacked into the device with help from a third party.

In India, it is difficult to bring US-based companies to the negotiating table. "We have had minimum cooperation from WhatsApp. All the data is controlled in the US and they rarely hand over the data that we request. We don't ask them for content. We only ask for metadata," said another person familiar with the process who declined to be identified.

While the Indian IT Act gives wide-ranging powers to the government to ask for access to encrypted information, very few requests for information, very few requests for information take the legal route. One reason is the long time that it takes to process such requests - on average, over three years - and the other, especially in the case of WhatsApp, is little or no cooperation, according to government officials.

WhatsApp, based in Mountain View, California, did not respond to an email request for comment. The messaging company was acquired by Facebook in 2014.

How security and investigative agencies in India use the data they access is also a grey area. "We do not have a privacy legislation here which will take care of the concerns that people have with respect to use of data. If the government needs to have access to communications, they also need to ensure there are adequate safeguards in place," said Prasanth Sugathan, counsel at Software Freedom Law Centre.

"In practice, end-to-end encryption will bring the end user and the device into focus, rather than WhatsApp or any particular messaging service. This should be a trigger for greater clarity on India's data protection policy," said Arun Mohan Sukumar, who heads the cyber security and internet governance initiative at think tank Observer Research Foundation.

In India, requests for information from companies such as WhatsApp and Google are handled by the Ministry of Home Affairs or the Indian Computer Emergency Response Team. Emails to both were unanswered at the time of going to print.

The Indian government was involved in a long-standing dispute with BlackBerry over access to encrypted data on its messenger and corporate email service. BlackBerry set up servers in Mumbai to comply with local regulations, but said it could not access encrypted data on its enterprise servers.

For more details visit https://cis-india.org/internet-governance/news/economic-times-april-8-2016-neha-alawadhi-daunting-task-ahead-for-investigative-agencies-with-whatsapp-end-to-end-encryption

Database on Big Data and Smart Cities International Standards

vanya — 2016-02-11T15:49:45Z

The Centre for Internet and Society is in the process of mapping international standards specifically around Big Data, IoT and Smart Cities. Here is a living document containing a database of some of these key globally accepted standards.

1. International Organisation for Standardization: ISO/IEC JTC 1 Working group on Big Data (WG 9 )

● Background

- The International Organization for Standardization /International Electrotechnical Commission (ISO/IEC) Joint Technical Committee (JTC) 1, Information Technology announced the creation of a Working Group (WG) focused on standardization in connection with big data.

- JTC 1 is the standards development environment where experts come together to develop worldwide standards on Information and Communication Technology (ICT) for integrating diverse and complex ICT technologies.^{^[1]}

- The American National Standards Institute (ANSI) holds the secretariat to JTC 1 and the ANSI-accredited U.S. Technical Advisory Group (TAG) Administrator to JTC 1 is theInterNational Committee for Information Technology Standards (INCITS) ^{^[2]}, an ANSI member and accredited standards developer (ASD). InterNational Committee for Information Technology standards (INCITS) is a technical committee on Big Data to serve as the US Technical Advisory Group (TAG) to JTC 1/WG 9 on Big Data/ pending approval of a New Work Item Proposal (NWIP). The INCITS/Big Data will address standardization in the areas assigned to JTC 1/WG 9. ^{^[3]}

- Under U.S. leadership, WG 9 on Big Data will serve as the focus of JTC 1's big data standardization program.

● Objective

- To identify standardization gaps.

- Develop foundational standards for Big Data.

- Develop and maintain liaisons with all relevant JTC 1 entities

- Grow the awareness of and encourage engagement in JTC 1 Big Data standardization efforts within JTC 1. ^{^[4]}

● Status

- JTC 1 appoints Mr. Wo Chang to serve as Convenor of the JTC 1 Working Group on Big Data.

- The WG has set up a Study Group on Big Data.

2. International Organisation for Standardization: ISO/IEC JTC 1 Study group on Big Data

● Background

- The ISO/IEC JTC1 Study Group on Big Data (JTC1 SGBD) was created by Resolution 27 at the November, 2013 JTC1 Plenary at the request of the USA and other national bodies for consideration of Big Data activities across all of JTC 1.

- A Study Group (SG) is an ISO mechanism by which the convener of a Working Group (WG) under a sub-committee appoints a smaller group of experts to do focused work in a specific area to identify a clear group to focus attention on a major area and expand the manpower of the committee.

- The goal of an SG is to create a proposal suitable for consideration by the whole WG, and it is the WG that will then decide whether and how to progress the work.^{^[5]}

● Objective

JTC 1 establishes a Study Group on Big Data for consideration of Big Data

activities across all of JTC 1 with the following objectives:

- Mapping the existing landscape: Map existing ICT landscape for key technologies and relevant standards /models/studies /use cases and scenarios for Big Data from JTC 1, ISO, IEC and other standards setting organizations,

- Identify key terms : Identify key terms and definitions commonly used in the area of Big Data,

- Assess status of big data standardization : Assess the current status of Big Data standardization market requirements, identify standards gaps, and propose standardization priorities to serve as a basis for future JTC 1 work, and

- Provide a report with recommendations and other potential deliverables to the 2014 JTC 1 Plenary. ^{^[6]}

● Current Status

- The study group released a preliminary report in the year 2014, which can be accessed here : http://www.iso.org/iso/big_data_report-jtc1.pdf.

3. The National Institute of Standards and Technology Big Data Interoperability Framework :

● Background

- NIST is leading the development of a Big Data Technology Roadmap which aims to define and prioritize requirements for interoperability, portability, reusability, and extensibility for big data analytic techniques and technology infrastructure to support secure and effective adoption of Big Data.

- To help develop the ideas in the Big Data Technology Roadmap, NIST is creating the Public Working Group for Big Data which Released Seven Volumes of Big Data Interoperability Framework on September 16, 2015.^{^[7]}

● Objective

- To advance progress in Big Data, the NIST Big Data Public Working Group (NBD-PWG) is working to develop consensus on important, fundamental concepts related to Big Data.

● Status

- The results are reported in the NIST Big Data Interoperability Framework series of volumes. Under the framework, seven volumes have been released by NIST, available here:

http://bigdatawg.nist.gov/V1_output_docs.php

4. IEEE Standards Association

● Background:

- The IEEE Standards Association introduced a number of standards

related to big-data applications.

● Status:

The following standard is under development:

- IEEE P2413

"IEEE Standard for an Architectural Framework for the Internet of Things (IoT)" defines the relationships among devices used in industries, including transportation and health care. It also provides a blueprint for data privacy, protection, safety, and security, as well as a means to document and mitigate architecture divergence.^{^[8]}

5. ITU

● Background:

- The International Telecommunications Union (ITU) has announced its first standards for big data services, entitled 'Recommendation ITU-T Y.3600 "Big data - cloud computing based requirements and capabilities"', recognizing the need for strong technical standards considering the growth of big data to ensure that processing tools are able to achieve powerful results in the areas of collection, analysis, visualization, and more.^{^[9]}

● Objective:

- Recommendation Y.3600 provides requirements, capabilities and use cases of

cloud computing based big data as well as its system context. Cloud computing

based big data provides the capabilities to collect, store, analyze, visualize and

manage varieties of large volume datasets, which cannot be rapidly transferred

and analysed using traditional technologies.^{^[10]}

- It also outlines how cloud computing systems can be leveraged to provide big-data services.

● Status:

- The standard was relseased in the year 2015 and is avaiabe here: http://www.itu.int/rec/T-REC-Y.3600-201511-I .

Smart cities

1. ISO Standards on Smart Cities

● Background:

- ISO, the International Organization for Standardization, established a strategic advisory group in 2014 for smart cities, comprised of a wide range of international experts to advise ISO on how to coordinate current and future Smart City standardization activities, in cooperation with other international standards organizations, to benefit the market.^{^[11]}

- Seven countries, China, Germany, UK, France, Japan, Korea and USA, are currently involved in the research.

● Objective:

- The main aims of which are to formulate a definition of a Smart City

- Identify current and future ISO standards projects relating to Smart Cities

- Examine involvement of potential stakeholders, city requirements, potential interface problems. ^{^[12]}

● Status:

- ISO/TC 268, which is focused on sustainable development in communities, has one working group developing city indicators and other developing metrics for smart community infrastructures. In early 2016 this committee will be joined by another - IEC - systems committee. The first standard produced by ISO/TC 268 is ISO/TR 37150:2014.

- ISO/TR 37150:2014 Smart community infrastructures -- Review of existing activities relevant to metrics: this standard provides a review of existing activities relevant to metrics for smart community infrastructures. The concept of smartness is addressed in terms of performance relevant to technologically implementable solutions, in accordance with sustainable development and resilience of communities, as defined in ISO/TC 268. ISO/TR 37150:2014 addresses community infrastructures such as energy, water, transportation, waste and information and communications technology (ICT). It focuses on the technical aspects of existing activities which have been published, implemented or discussed. Economic, political or societal aspects are not analyzed in ISO/TR 37150:2014.^{^[13]}

- ISO 37120:2014 provides city leaders and citizens a set of clearly defined city performance indicators and a standard approach for measuring each. Though some indicators will be more helpful for cities than others, cities can now consistently apply these indicators and accurately benchmark their city services and quality of life against other cities.^{^[14]} This new international standard was developed using the framework of the Global City Indicators Facility (GCIF) that has been extensively tested by more than 255 cities worldwide. This is a demand-led standard, driven and created by cities, for cities. ISO 37120 defines and establishes definitions and methodologies for a set of indicators to steer and measure the performance of city services and quality of life. The standard includes a comprehensive set of 100 indicators - of which 46 are core - that measures a city's social, economic, and environmental performance. ^{^[15]}

The GCIF global network, supports the newly constituted World Council on City Data - a sister organization of the GCI/GCIF - which allows for independent, third party verification of ISO 37120 data.^{^[16]}

- ISO/TS 37151 and ISO/TR 37152 Smart community infrastructures -- Common framework for development & operation: outlines 14 categories of basic community needs (from the perspective of residents, city managers and the environment) to measure the performance of smart community infrastructures. These are typical community infrastructures like energy, water, transportation, waste and information and communication technology systems, which have been optimized with sustainable development and resilience in mind. ^{^[17]} The committee responsible for this document is ISO/TC 268, Sustainable development in communities, Subcommittee SC 1, Smart community infrastructures. The objective is to develop international consensus on a harmonised metrics to evaluate the smartness of key urban infrastructure.^{^[18]}

- ISO 37101 Sustainable development of communities -- Management systems -- Requirements with guidance for resilience and smartness : By setting out requirements and guidance to attain sustainability with the support of methods and tools including smartness and resilience, it can help communities improve in a number of areas such as: Developing holistic and integrated approaches instead of working in silos (which can hinder sustainability), Fostering social and environmental changes, Improving health and wellbeing, Encouraging responsible resource use and Achieving better governance. ^{^[19]} The objective is to develop a Management System Requirements Standard reflecting consensus on an integrated, cross-sector approach drawing on existing standards and best practices.

- ISO 37102 Sustainable development & resilience of communities - Vocabulary . The objective is to establish a common set of terms and definitions for standardization in sustainable development, resilience and smartness in communities, cities and territories since there is pressing need for harmonization and clarification. This would provide a common language for all interested parties and stakeholders at the national, regional and international levels and would lead to improved ability to conduct benchmarks and to share experiences and best practices.

- ISO/TR 37121 Inventory & review of existing indicators on sustainable development & resilience in cities : A common set of indicators useable by every city in the world and covering most issues related to sustainability, resilience and quality of life in cities. ^{^[20]}

- ISO/TR 12859:2009 gives general guidelines to developers of intelligent transport systems (ITS) standards and systems on data privacy aspects and associated legislative requirements for the development and revision of ITS standards and systems. ^{^[21]}

2. International Organisation for Standardization: ISO/IEC JTC 1 Working group on Smart Cities (WG 11 )

● Background:

- Serve as the focus of and proponent for JTC 1's Smart Cities standardization program and works for development of foundational standards for the use of ICT in Smart Cities - including the Smart City ICT Reference Framework and an Upper Level Ontology for Smart Cities - for guiding Smart Cities efforts throughout JTC 1 upon which other standards can be developed.^{^[22]}

● Objective:

- To develop a set of ICT related indicators for Smart Cities in collaboration with ISO/TC 268.

- Identify JTC 1 (and other organization) subgroups developing standards and related material that contribute to Smart Cities.

- Grow the awareness of, and encourage engagement in, JTC 1 Smart Cities standardization efforts within JTC 1.

● Status

- Ms Yuan Yuan is the Convenor of this Working group.

- The purpose was to provide a report with recommendations to the JTC 1 Plenary in the year 2014, to which a preliminary report was submitted. ^{^[23]}

3. International Organisation for Standardization: ISO/IEC JTC 1 Study Group (SG1) on Smart Cities

● Background:

- The Study Group (SG) - Smart Cities was established in 2013^{^[24]} SG 1 will explicitly consider the work going on in the following committees: ISO/TMB/AG on Smart Cities, IEC/SEG 1, ITU-T/FG SSC and ISO/TC 268. ^{^[25]}

● Objective :

- To examine the needs and potentials for standardization in this area.

● Status:

- SG 1 is paying particular attention to monitoring cloud computing activities, which it sees as the key element of the Smart Cities infrastructure. DIN's Information Technology and Selected IT Applications Standards Committee (NIA (www.nia.din.de)) is formally responsible for ISO/IEC JTC1 /SG 1, but an autonomous national mirror committee on Smart Cities does not yet exist and the work is being overseen by DIN's Smart Grid steering body. ^{^[26]}

- A preliminary report has been released in the 2014, available here- http://www.iso.org/iso/smart_cities_report-jtc1.pdf

4. ITU

● Background:

- ITU members have established an ITU-T Study Group titled "ITU-T Study Group 20: IoT and its applications, including smart cities and communities" ^{^[27]}

- ITU-T has also established a Focus Group on Smart Sustainable Cities (FG-SSC).

● Objective:

- The study group will address the standardization requirements of Internet of Things (IoT) technologies, with an initial focus on IoT applications in smart cities.

- The focus group shall assess the standardization requirements of cities aiming to boost their social, economic and environmental sustainability through the integration of information and communication technologies (ICTs) in their infrastructures and operations.

- The Focus Group will act as an open platform for smart-city stakeholders - such as municipalities; academic and research institutes; non-governmental organizations (NGOs); and ICT organizations, industry forums and consortia - to exchange knowledge in the interests of identifying the standardized frameworks needed to support the integration of ICT services in smart cities.^{^[28]}

● Status:

- The study group will develop standards that leverage IoT technologies to address urban-development challenges.

- The FG-SSC concluded its work in May 2015 by approving 21 Technical Specifications and Reports. ^{^[29]}

- So far, ITU-T SG 5 FG-SSC has issued the following reports- Technical report "An overview of smart sustainable cities and the role of information and communication technologies", Technical report "Smart sustainable cities: an analysis of definitions", Technical report "Electromagnetic field (EMF) considerations in smart sustainable cities", Technical specifications "Overview of key performance indicators in smart sustainable cities", Technical report "Smart water management in cities".^{^[30]}

5. PRIPARE Project :

● Background:

- The 7001 - PRIPARE Smart City Strategy is to to ensure that ICT solutions integrated in EIP smart cities will be compliant with future privacy regulation.

- PRIPARE aims to develop a privacy and security-by-design software and systems engineering methodology, using the combined expertise of the research community and taking into account multiple viewpoints (advocacy, legal, engineering, business).

● Objective:

- The mission of PRIPARE is to facilitate the application of a privacy and security-by-design methodology that will contribute to the advent of unhindered usage of Internet against disruptions, censorship and surveillance, support its practice by the ICT research community to prepare for industry practice and foster risk management culture through educational material targeted to a diversity of stakeholders.

● Status:

- Liaison is currently on-going so that it becomes a standard (OASIS and ISO).^{^[31]}

6. BSI-UK

● Background:

- In the UK, the British Standards Institution (BSI) has been commissioned by the UK Department of Business, Innovation and Skills (BIS) to conceive a Smart Cities Standards Strategy to identify vectors of smart city development where standards are needed.

- The standards would be developed through a consensus-driven process under the BSI to ensure good practise is shared between all the actors. ^{^[32]}

● Objective:

The BIS launched the City's Standards Institute to bring together cities and key

industry leaders and innovators :

- To work together in identifying the challenges facing cities,

- Providing solutions to common problems, and

- Defining the future of smart city standards.^{^[33]}

● Status:

The following standards and publications help address various issues for a city to

become a smart city:

- The development of a standard on Smart city terminology (PAS 180)

- The development of a Smart city framework standard (PAS 181)

- The development of a Data concept model for smart cities (PAS 182)

- A Smart city overview document (PD 8100)

- A Smart city planning guidelines document (PD 8101)

- BS 8904 Guidance for community sustainable development provides a decision-making framework that will help setting objectives in response to the needs and aspirations of city stakeholders

- BS 11000 Collaborative relationship management

- BSI BIP 2228:2013 Inclusive urban design - A guide to creating accessible public spaces.

7. Spain

● Background:

- AENOR, the Spanish standards developing organization (SDO), has issued two new standards on smart cities: the UNE 178303 and UNE-ISO 37120. These standards joined the already published UNE 178301.

● Objective:

- The texts, prepared by the Technical Committee of Standardization of AENOR on Smart Cities (AEN / CTN 178) and sponsored by the SETSI (Secretary of State for Telecommunications and Information Society of the Ministry of Industry, Energy and Tourism), aim to encourage the development of a new model of urban services management based on efficiency and sustainability.

● Status:

Some of the standards that have been developed are:

- UNE 178301 on Open Data evaluates the maturity of open data created or held by the public sector so that its reuse is provided in the field of Smart Cities.

- UNE 178303 establishes the requirements for proper management of municipal assets.

- UNE-ISO 37120 which collects the international urban sustainability indicators.

- Following the publication of these standards, 12 other draft standards on Smart Cities have just been made public, most of them corresponding to public services such as water, electricity and telecommunications, and multiservice city networks. ^{^[34]}

8. China

● Background:

Several national standardization committees and consortia have started

standardization work on Smart Cities, including:

- China National IT Standardization TC (NITS),

- China National CT Standardization TC,

- China National Intelligent Transportation System Standardization TC,

- China National TC on Digital Technique of Intelligent Building and Residence Community of Standardization Administration, China Strategic Alliance of Smart City Industrial Technology Innovation^{^[35]}

● Objective:

- In the year 2014, all the ministries involved in building smart cities in China joined with the Standardization Administration of China to create working groups whose job is to manage and standardize smart city development, though their activities have not been publicized. ^{^[36]}

● Status:

- China will continue to promote international standards in building smart cities and improve the competitiveness of its related industries in global market.

- Also, China's Standardization Administration has joined hands with National Development and Reform Commission, Ministry of Housing and Urban-Rural Development and Ministry of Industry and Information Technology in establishing and implementing standards for smart cities.

- When building smart cities, the country will adhere to the ISO 37120 and by the year 2020, China will establish 50 national standards on smart cities. ^{^[37]}

9. Germany

● Background :

- Member of European Innovation Partnership (EIP) for Smart Cities and Communities DKE (German Commission for Electrical, Electronic & Information Technologies) and DIN (GermanInstitute for Standardization) have developed a joint roadmap and Smart Cities recommendations for action in Germany.

● Objective:

- Its purpose is to highlight the need for standards and to serve as a strategic template for national and international standardization work in the field of smart city technology.

- The Standardization Roadmap highlights the main activities required to create smart cities. ^{^[38]}

● Status:

- An updated version of the standardization roadmap was released in the year 2015. ^{^[39]}

10. Poland

● Background:

- A coordination group on Smart and Sustainable Cities and Communities (SSCC) was set up in the beginning of 2014 to monitor any national standardization activities.

● Objective:

- It was decided to put forward a proposal to form a group at the Polish Committee for Standardization (PKN) providing recommendations for smart sustainable city standardization in Poland.

● Status:

It has two thematic groups:

- GT 1-2 on terminology and Technical Bodies in PKN Its scope covers a collection of English terms and their Polish equivalents related to smart and sustainable development of cities and communities to allow better communication among various smart city stakeholders. This includes the preparation of the list of Technical Bodies (OT) in PKN involved in standardization activities related to specific aspects of smart and sustainable local development and making proposals concerning the allocation of standardization works to the relevant OT in PKN.

- GT 3 for gathering information and the development and implementation of a work programme Its scope includes identifying stakeholders in Poland, and gathering information on any national "smart city" initiatives having an impact on environment-friendly development, sustainability, and liveability of a city. The group is also tasked with developing a work programme for GZ 1 based on identified priorities for Poland. Finally, its aim is to conduct communication and dissemination of activities to make the results of GZ 1 visible. ^{^[40]}

11. Europe

● Background:

- In 2012, the European standardization organizations CEN and CENELEC founded the Smart and Sustainable Cities and Communities Coordination Group (SSCC-CG), which is a Coordination Group established to coordinate standardization activities and foster collaboration around standardization work. ^{^[41]}

● Objective:

- The aim of the CEN-CENELEC-ETSI (SSCC-CG) is to coordinate and promote European standardization activities relating to Smart Cities and to advise the CEN and CENELEC (Technical) and ETSI Boards on standardization activities in the field of Smart and Sustainable Cities and Communities.

- The scope of the SSCC-CG is to advise on European interests and needs relating to standardization on Smart and Sustainable cities and communities.

● Status:

- Originally conceived to be completed by the end of 2014, SSCC-CG's mandate has been extended by the European standards organizations CEN, CENELEC and ETSI by a further two years and will run until the end of 2016.^{^[42]}

- The SSCC-CG does not develop standards, but reports directly to the management boards of the standardization organizations and plays an advisory role. Current members of the SSCC.CG include representatives of the relevant technical committees, the CEN/CENELEC secretariat, the European Commission, the European associations and the national standardization organizations.^{^[43]}

- CEN/CENELEC/ETSI Joint Working Group on Standards for Smart Grids: The aim of this document is to provide a strategic report which outlines the standardization requirements for implementing the European vision of smart grids, especially taking into account the initiatives by the Smart Grids Task Force of the European Commission. It provides an overview of standards, current activities, fields of action, international cooperation and strategic recommendations^{^[44]}

12. Singapore

● Background:

- In the year 2015, SPRING Singapore, the Infocomm Development Authority of Singapore (IDA) and the Information Technology Standards Committee (ITSC), under the purview of the Singapore Standards Council (SSC), have laid out an Internet of Things (IoT) Standards Outline in support of Singapore's Smart Nation initiative.

● Objective:

- Realising importance of standards in laying the foundation for the nation empowered by big data, analytics technology and sensor networks in light of Singapore's vision of becoming a Smart Nation.

● Status:

Three types of standards - sensor network standards, IoT foundational standards and domain-specific standards - have been identified under the IoT Standards Outline. Singapore actively participates in the ISO Technical Committee (TC) working on smart city standards.^{^[45]}

^{^[1]} ISO/IEC JTC 1, Information Technology, http://www.iso.org/iso/jtc1_home.html

^{^[2]} The InterNational Committee for Information Technology Standards, JTC 1 Working Group on Big Data, http://www.incits.org/committees/big-data

^{^[3]} ISO/IEC JTC 1 Forms Two Working Groups on Big Data and Internet of Things, 27th January 2015, https://www.ansi.org/news_publications/news_story.aspx?menuid=7&articleid=5b101d27-47b5-4540-bca3-657314402591

^{^[4]} JTC 1 November 2014 Resolution 28 - Establishment of a Working Group on Big Data, and Call for Participation, 20th January 2015, http://jtc1sc32.org/doc/N2601-2650/32N2625-J1N12445_JTC1_Big_Data-call_for_participation.pdf

^{^[5]} SD-3: Study Group Organizational Information, https://isocpp.org/std/standing-documents/sd-3-study-group-organizational-information

^{^[6]} ISO/IEC JTC 1 Study Group on Big Data (BD-SG), http://jtc1bigdatasg.nist.gov/home.php

^{^[7]} NIST Released V1.0 Seven Volumes of Big Data Interoperability Framework (September 16, 2015),http://bigdatawg.nist.gov/home.php

^{^[8]} Standards That Support Big Data, Monica Rozenfeld, 8th September 2014, http://theinstitute.ieee.org/benefits/standards/standards-that-support-big-data

^{^[9]} ITU releases first ever big data standards, Madolyn Smith, 21st December 2015, http://datadrivenjournalism.net/news_and_analysis/itu_releases_first_ever_big_data_standards#sthash.m3FBt63D.dpuf

^{^[10]} ITU-T Y.3600 (11/2015) Big data - Cloud computing based requirements and capabilities, http://www.itu.int/itu-t/recommendations/rec.aspx?rec=12584

^{^[11]} ISO Strategic Advisory Group on Smart Cities - Demand-side survey, March 2015, http://www.platform31.nl/uploads/media_item/media_item/41/62/Toelichting_ISO_Smart_cities_Survey-1429540845.pdf

^{^[12]} The German Standardization Roadmap Smart City Version 1.1, May 2015, https://www.vde.com/en/dke/std/documents/nr_smartcity_en_v1.1.pdf

^{^[13]} ISO/TR 37150:2014 Smart community infrastructures -- Review of existing activities relevant to metrics, http://www.iso.org/iso/catalogue_detail?csnumber=62564

^{^[14]} Dissecting ISO 37120: Why this new smart city standard is good news for cities, 30th July 2014, http://smartcitiescouncil.com/article/dissecting-iso-37120-why-new-smart-city-standard-good-news-cities

^{^[15]} World Council for City Data, http://www.dataforcities.org/wccd/

^{^[16]} Global City Indicators Facility, http://www.cityindicators.org/

^{^[17]} How to measure the performance of smart cities, Maria Lazarte, 5th October 2015

http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref2001

^{^[18]} http://iet.jrc.ec.europa.eu/energyefficiency/sites/energyefficiency/files/files/documents/events/slideslairoctober2014.pdf

^{^[19]} A standard for improving communities reaches final stage, Clare Naden, 12th February 2015,

http://www.iso.org/iso/news.htm?refid=Ref1932

^{^[20]} http://iet.jrc.ec.europa.eu/energyefficiency/sites/energyefficiency/files/files/documents/events/slideslairoctober2014.pdf

^{^[21]} ISO/TR 12859:2009 Intelligent transport systems -- System architecture -- Privacy aspects in ITS standards and systems, http://www.iso.org/iso/catalogue_detail.htm?csnumber=52052

^{^[22]} ISO/IEC JTC 1 Information technology, WG 11 Smart Cities, http://www.iec.ch/dyn/www/f?p=103:14:0::::FSP_ORG_ID,FSP_LANG_ID:12973,25

^{^[23]} Work of ISO/IEC JTC1 Smart Ci4es Study group , https://interact.innovateuk.org/documents/3158891/17680585/2+JTC1+Smart+Cities+Group/e639c7f6-4354-4184-99bf-31abc87b5760

^{^[24]} JTC1 SAC - Meeting 13 , February 2015, http://www.finance.gov.au/blog/2015/08/05/jtc1-sac-meeting-13-february-2015/

^{^[25]} The German Standardization Roadmap Smart City Version 1.1, May 2015, https://www.vde.com/en/dke/std/documents/nr_smartcity_en_v1.1.pdf

^{^[26]} The German Standardization Roadmap Smart City Version 1.1, May 2015, https://www.vde.com/en/dke/std/documents/nr_smartcity_en_v1.1.pdf

^{^[27]} ITU standards to integrate Internet of Things in Smart Cities, 10th June 2015, https://www.itu.int/net/pressoffice/press_releases/2015/22.aspx

^{^[28]} ITU-T Focus Group Smart Sustainable Cities, https://www.itu.int/dms_pub/itu-t/oth/0b/04/T0B0400004F2C01PDFE.pdf

^{^[29]} Focus Group on Smart Sustainable Cities, http://www.itu.int/en/ITU-T/focusgroups/ssc/Pages/default.aspx

^{^[30]} The German Standardization Roadmap Smart City Version 1.1, May 2015, https://www.vde.com/en/dke/std/documents/nr_smartcity_en_v1.1.pdf

^{^[31]} 7001 - PRIPARE Smart City Strategy, https://eu-smartcities.eu/commitment/7001

^{^[32]} Financing Tomorrow's Cities: How Standards Can Support the Development of Smart Cities, http://www.longfinance.net/groups7/viewdiscussion/72-financing-financing-tomorrow-s-cities-how-standards-can-support-the-development-of-smart-cities.html?groupid=3

^{^[33]} BSI-Smart Cities, http://www.bsigroup.com/en-GB/smart-cities/

^{^[34]} New Set of Smart Cities Standards in Spain, https://eu-smartcities.eu/content/new-set-smart-cities-standards-spain

^{^[35]} Technical Report, M2M & ICT Enablement in Smart Cities, Telecommunication Engineering Centre, Department of Telecommunications, Ministry of Communications and Information Technology, Government of India, November 2015, http://tec.gov.in/pdf/M2M/ICT%20deployment%20and%20strategies%20for%20%20Smart%20Cities.pdf

^{^[36]} Smart City Development in China, Don Johnson, 17th June 2014, http://www.chinabusinessreview.com/smart-city-development-in-china/

^{^[37]} China to continue develop standards on smart cities, 17th December 2015, http://www.chinadaily.com.cn/world/2015wic/2015-12/17/content_22732897.htm

^{^[38]} The German Standardization Roadmap Smart City, April 2014, https://www.dke.de/de/std/documents/nr_smart%20city_en_version%201.0.pdf

^{^[39]} This version of the Smart City Standardization Roadmap, Version 1.1, is an incremental revision of Version 1.0. In Version 1.1, a special focus is placed on giving an overview of current standardization activities and interim results, thus illustrating German ambitions in this area.

^{^[40]} SSCC-CG Final report Smart and Sustainable Cities and Communities Coordination Group, January 2015, https://www.etsi.org/images/files/SSCC-CG_Final_Report-recommendations_Jan_2015.pdf

^{^[41]} Orchestrating infrastructure for sustainable Smart Cities , http://www.iec.ch/whitepaper/pdf/iecWP-smartcities-LR-en.pdf

^{^[42]} Urbanization- Why do we need standardization?, http://www.din.de/en/innovation-and-research/smart-cities-en

^{^[43]} CEN-CENELEC-ETSI Coordination Group 'Smart and Sustainable Cities and Communities' (SSCC-CG), http://www.cencenelec.eu/standards/Sectors/SmartLiving/smartcities/Pages/SSCC-CG.aspx

^{^[44]} Final report of the CEN/CENELEC/ETSI Joint Working Group on Standards for Smart Grids, https://www.etsi.org/WebSite/document/Report_CENCLCETSI_Standards_Smart%20Grids.pdf

^{^[45]} SPRING Singapore Supported Close to 600 Companies in Standards Adoption, and Service Excellence Projects , 12th August 2015, http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx

For more details visit https://cis-india.org/internet-governance/blog/database-on-big-data-and-smart-cities-international-standards

Data Usage by Political Parties

Admin — 2018-05-03T03:14:02Z

Sunil Abraham spoke to ANI regarding collection of data and its use by political parties for electoral gains.

In law, if bio metrics, passwords & health info are collected, only then consent is needed. The more a political party has in its database, the more they can micro-target you. It'll be an influence: Sunil Abraham,cyber expert on date usage by political parties #KarnatakaElections pic.twitter.com/eUk478jJbB
— ANI (@ANI) 1 May 2018

See the original here

For more details visit https://cis-india.org/internet-governance/news/ani-may-2-2018-data-usage-by-political-parties

Data Retention in India

elonnai — 2013-07-12T15:51:13Z

As part of its privacy research, the Centre for Internet and Society has been researching upon data retention mandates from the Government of India and data retention practices by service providers. Globally, data retention has become a contested practice with regards to privacy, as many governments require service providers to retain more data for extensive time periods, for security purposes. Many argue that the scope of the retention is becoming disproportional to the purpose of investigating crimes.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Debate around Data Retention

According to the EU, data retention “refers to the storage of traffic and location data resulting from electronic communications (not data on the content of the communications)”.[1]

The debate around data retention has many sides, and walks a fine line of balancing necessity with proportionality. For example, some argue that the actual retention of data is not harmful, and at least some data retention is necessary to assist law enforcement in investigations. Following this argument, the abuse of information is not found in the retention of data, but instead is found by who accesses the data and how it is used. Others argue that any blanket or a priori data retention requirements are increasingly becoming disproportional and can lead to harm and misuse. When discussing data retention it is also important to take into consideration what type of data is being collected and by what standard is access being granted. Increasingly, governments are mandating that service providers retain communication metadata for law enforcement purposes. The type of authorization required to access retained communication metadata varies from context to context. However, it is often lower than what is required for law enforcement to access the contents of communications. The retention and lower access standards to metadata is controversial because metadata can encompass a wide variety of information, including IP address, transaction records, and location information — all of which can reveal a great deal about an individual.[2] Furthermore, the definition of metadata changes and evolves depending on the context and the type of information being generated by new technologies.

Data Retention vs. Data Preservation

Countries have taken different stances on what national standards for data retention by service providers should be. For example, in 2006 the EU passed the Data Retention Directive which requires European Internet Service Providers to retain telecom and Internet traffic data from customers' communications for at least six months and upto two years. The stored data can be accessed by authorized officials for law enforcement purposes.[3] Despite the fact that the Directive pertains to the whole of Europe, in 2010 the German Federal Constitutional Court annulled the law that harmonized German law with the Data Retention Directive.[4] Other European countries that have refused to adopt the Directive include the Czech Republic and Romania.[5] Instead of mandating the retention of data, Germany, along with the US, mandates the 'preservation' of data. The difference being that the preservation of data takes place through a specified request by law enforcement, with an identified data set. In some cases, like the US, after submitting a request for preservation, law enforcement must obtain a court order or subpoena for further access to the preserved information.[6]

Data Retention in India

In India, the government has established a regime of data retention. Retention requirements for service providers are found in the ISP and UASL licenses, which are grounded in the Indian Telegraph Act, 1885.

ISP License

According to the ISP License,[7] there are eight categories of records that service providers are required to retain for security purposes that pertain to customer information or transactions. In some cases the license has identified how long records must be maintained, and in other cases the license only states that the records must be made available and provided. This language implies that records will be kept.

According to the ISP License, each ISP must maintain:

Users and Services: A log of all users connected and the service they are using, which must be available in real time to the Telecom Authority. (Section 34.12).

Outward Logins or Telnet: A log of every outward login or telnet through an ISPs computer must be available in real time to the Telecom Authority. (Section 34.12).

Packets: Copies of all packets originating from the Customer Premises Equipment of the ISP must be available in real time to the Telecom Authority. (Section 34.12).

Subscribers: A complete list of subscribers must be made available on the ISP website with password controlled access, available to authorized Intelligence Agencies at any time. (Section 34.12).
Internet Leased Line Customers: A complete list of Internet leased line customers and their sub-customers consisting of the following information: name of customer, IP address allotted, bandwidth provided, address of installation, date of installation/commissioning, and contact person with phone no./email. These must be made available on a password protected website (Section 34.14). The password and login ID must be provided to the DDG (Security), DoT HQ and concerned DDG(VTM) of DoT on a monthly basis. The information should also be accessible to authorized government agencies (Section 34.14).

Diagram Records and Reasons: A record of complete network diagram of set-up at each of the internet leased line customer premises along with details of connectivity must be made available at the site of the service provider. All details of other communication links (PSTN, NLD, ILD, WLL, GSM, other ISP) plus reasons for taking the links by the customer must be recorded before the activation of the link. These records must be readily available for inspection at the respective premises of all internet leased line customers (Section 34.18).
Commercial Records: All commercial records with regard to the communications exchanged on the network must be maintained for a year (Section 34.23).
Location: The service provider should be able to provide the geographical location of any subscriber at a given point of time (Section 34.28(x).

Remote Activities: A complete audit trail of the remote access activities pertaining to the network operated in India. These must be retained for a period of six months, and must be provided on request to the licensor or any other agency authorized by the licensor (Section 34.28 (xv).

UASL License

According to the UASL License[8], there are twelve categories of records that ISP’s are required to retain that pertain to costumer information or transactions for security purposes. In some cases the license has identified how long records must be maintained, and in other cases the license only states that the information must be provided and made available when requested. This language implies that records will be kept.

According to the license, service providers must maintain and make available:

Numbers: Called/calling party mobile/PSTN numbers when required. Telephone numbers of any call-forwarding feature when required (Section 41.10).
Interception records: Time, date and duration of interception when required (Section 41.10).
Location: Location of target subscribers. For the present, cell ID should be provided for location of the target subscriber when required (Section 41.10).
All call records: All call data records handled by the system when required (Section 41.10). This includes:
1. Failed call records: Call data records of failed call attempts when required. (Section 41.10).
2. Roaming subscriber records: Call data records of roaming subscribers when required. (Section 41.10)
Commercial records: All commercial records with regards to the communications exchanged on the network must be retained for one year (Section 41.17).
Outgoing call records: A record of checks made on outgoing calls completed by customers who are making large outgoing calls day and night to various customers (Section 41.19(ii)).
Calling line Identification: A list of subscribers including address and details using calling line identification should be kept in a password protected website accessible to authorized government agencies (Section 41.19 (iv)).
Location: The service provider must be able to provide the geographical location of any subscriber at any point of time (Section 41.20(x)).
Remote access activities: Complete audit trail of the remote access activities pertaining to the network operated in India for a period of six months (Section 41.20 (xv)).

RTI Request to BSNL and MTNL

On September 10, 2012, the Centre for Internet and Society sent an RTI to MTNL and BSNL with the following questions related to the respective data retention practices:

Does MTNL/BSNL store the following information/data:

Text message detail (To and from cell numbers, timestamps)
Text message content (The text and/or data content of the SMS or MMS)
Call detail records (Inbound and outbound phone numbers, call duration)
Bill copies for postpaid and recharge/top-up billing details for prepaid
Location data (Based on cell tower, GPS, Wi-Fi hotspots or any combination thereof)

If it does store data then

For what period does MTNL/BSNL store: SMS and MMS messages, cellular and mobile data, customer data?
What procedures for retention does MTNL/BSNL have for: SMS and MMS messages, cellular and mobile data, and customer data?
What procedures for deletion of: SMS and MMS messages, cellular and mobile data, and customer data?
What security procedures are in place for SMS and MMS messages, cellular and mobile data, and customer data?

BSNL Response

BSNL replied by stating that it stores at least three types of information including:

IP session information - connection start end time, bytes in and out (three years offline)
MAC address of the modem/router/device (three years offline)
Bill copies for post paid and recharge/top up billing details for prepaid. Billing information of post paid Broadband are available in CDR system under ITPC, prepaid voucher details (last six months).

MTNL Response

MTNL replied by stating that it stores at least () types of information including:

Text message details (to and from cell number, timestamps) in the form of CDRs (one year)
Call detail records including inbound and outbound phone numbers and call duration (one year)
Bill copies from postpaid (one year)
Recharge details for prepaid (three months)
Location of the mobile number if it has used the MTNL GSM/3GCDMA network (one year)

It is interesting that BSNL stores information that is beyond the required time period required in both the ISP and the UASL licenses. The responses to the RTI showed that each service provider also stores different types of information. This could or could not be the actual case, as each question could have been interpreted differently by the responding officer.

Conclusion

The responses to the RTI from BSNL and MTNL are a step towards understanding data retention practices in India, but there are still many aspects about data retention in India which are unclear including:

What constitutes a ‘commercial record’ which must be stored for one year by service providers?
How much data is retained by service providers on an annual basis?
What is the cost involved in retaining data? For the service provider? For the public?
How frequently is retained information accessed by law enforcement? What percentage of the data is accessed by law enforcement?
How many criminal and civil cases rely on retained data?
What is the authorization process for access to retained records? Are these standards for access the same for all types of retained data?

Having answers to these questions would be useful for determining if the Indian data retention regime is proportional and effective. It would also be useful in determining if it would be meaningful to maintain a regime of data retention or switch over to a more targeted regime of data preservation.

Though it can be simple to say that a regime of data preservation is the most optimal choice as it gives the individual the greatest amount of immediate privacy protection,

A regime of data preservation would mean that all records would be treated like an interception, where the police or security agencies would need to prove that a crime was going to take place or is in the process of taking place and then request the ISP to begin retaining specific records. This approach to solving crime would mean that the police would never use retained data or historical data as part of an investigation – to either solve a case or to take the case to the next level. If Indian law enforcement is at a point where they are able to concisely identify a threat and then begin an investigation is a hard call to make. It is also important to note that though preservation of data can reduce the risk to individual privacy as it is not possible for law enforcement to track individuals based off of their historical data and access large amounts of data about an individual, preservation does not mean that there is no possibility for abuse. Other factors such as:

Any request for preservation and access to records must be legitimate and proportional
Accessed and preserved records must be used only for the purpose indicated

Accessed and preserved records can only be shared with authorized authorities

Any access to preserved records that do not pertain to an investigation must be deleted

These factors must be enforced through the application of penalties for abuse of the system. These factors can also be applied to not only a data preservation regime, but also a data retention regime and are focused on preventing the actual abuse of data after retained. That said, before an argument for either data retention or data preservation can be made for India it is important to understand more about data retention practices in India and use of retained data by Indian law enforcement and access controls in place.

[1]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31st 2012. Available at: http://bit.ly/14qXW6o. Last accessed: January 21st 2013
[2].Draft International Principles on Communications Surveillance and Human Rights: http://bit.ly/UpGA3D
[3]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31^st 2012. Available at: http://bit.ly/14qXW6o . Last accessed: January 21^st 2013.
[4]. European Commission – Press Release. Commission Takes Germany to Court Requesting that Fines be Imposed. May 31^st 2012. Available at: http://bit.ly/14qXW6o. Last accessed: January 21^st 2013.
[5]. Tiffen, S. Sweden passes controversial data retention directive. DW. March 22 2012. Available at: http://bit.ly/WOfzaX. Last Accessed: January 21^st 2013.
[6]. Kristina, R. The European Union's Data Retention Directive and the United State's Data Preservation Laws: Fining the Better Model. 5 Shilder J.L. Com. & Tech. 13 (2009) available at: http://bit.ly/VoQxQ9. Last accessed: January 21^st 2013
[7]. Government of India. Ministry of Communications & IT Department of Telecommunications. License Agreement for Provision of Internet Services.
[8]. Government of India. Ministry of Communications & IT Department of Telecommunications. License Agreement for Provision of Unified Access Services after Migration from CMTS. Amended December 3^rd 2009.

For more details visit https://cis-india.org/internet-governance/blog/data-retention-in-india

Centre for Internet and Society

Debate: Five Aadhaar Myths that Don’t Stand Up to Scrutiny

Debate over #Aadhaar Turns Nasty as Critics Accuse Supporters of Online Trolling

Debate on Section 66A rages on

Debate on Cyber Crime in TV9

Death By WhatsApp

A Timeline of Deaths

CHAPTER 1

The Propaganda Machine

CHAPTER 2

Jharkhand

CHAPTER 3

Tamil Nadu

CHAPTER 4

Andhra Pradesh & Telangana

CHAPTER 5

Karnataka

CHAPTER 6

Assam

Death By Whatsapp

Death by Social Media

Fear of the outsider

Changes in society

The role of WhatsApp

Dear Milind Deora, Prakash Javadekar Deserved The Truth

Deadline For Linking Bank Accounts With Aadhaar To Be Extended To 31 March

Dead and Clicking

In memoriam

Time capsule

Life, beyond

Digital remembering

Do we forget?

De facebook

I Like To Watch

Privacy from Whom?

Days to Derail Work of Two Generations?

Daunting task ahead for investigative agencies with WhatsApp's end-to-end encryption

Database on Big Data and Smart Cities International Standards

[45] SPRING Singapore Supported Close to 600 Companies in Standards Adoption, and Service Excellence Projects , 12th August 2015, http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx

Data Usage by Political Parties

Data Retention in India

The Debate around Data Retention

Data Retention vs. Data Preservation

Data Retention in India

ISP License

UASL License

RTI Request to BSNL and MTNL

BSNL Response

MTNL Response

Conclusion

^{^[45]} SPRING Singapore Supported Close to 600 Companies in Standards Adoption, and Service Excellence Projects , 12th August 2015, http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx