Centre for Internet and Society

Behind Modi’s Heartwarming Diwali Ad for Soldiers, An App That’s Primed for Political Messaging

praskrishna — 2016-10-30T07:33:57Z

The campaign, which allows users to send Modi quotes on themes like Ayodhya and the perfidy of the Opposition, raises questions about the boundaries between government, party and personal promotion.

The article by Sangeeta Barooah Pisharoty was published in the Wire on October 29, 2016. Sunil Abraham was quoted.

On October 22, Prime Minister Narendra Modi launched a public campaign, Sandesh2Soldiers, urging the people to be a part of it. The prime minister prodded people to express their gratitude to soldiers guarding the borders through the campaign by sending them personalised messages on the occasion of Diwali.

Such messages can be sent through the Narendra Modi mobile app, the “official app of the prime minister”, or by logging on to www.mygov.in, a central government platform launched by the prime minister in 2014 to facilitate participatory governance by engaging the public. One can also send a message by recording it after dialing a 10-digit number – which would then be aired by All India Radio (AIR).

Media reports said a special module had been created within the mobile app to not only enable people to send text messages to soldiers but also to upload handwritten letters, decorated cards and videos to them expressing their Diwali wishes and feelings for the armed forces.

A special video that carried Modi’s appeal to the public to send messages to the armed forces was shared on social media along with a few other videos to promote the prime minister’s idea. One such video features a child sending a ‘thank you rocket’ to soldiers for defending the nation under hostile circumstances. That the call to send a personal message has come from the prime minister has upped the profile of this campaign.

Bollywood stars like Akshay Kumar, Aamir Khan and Salman Khan, and cricketers such as Virat Kohli, Virendra Sehwag and Mohammad Kaif have also posted their messages to soldiers on Twitter by using the prime minister’s campaign hashtag #Sandesh2Soldiers. Many Bharatiya Janata Party (BJP) politicians and ministers have also joined in.

As per a tweet by AIR on October 26, “Around 9,800 persons sent their good wishes to jawans of security forces so far during this festive season”. Last checked, www.mygov.in, run by the National Informatics Centre under the the Ministry of Electronics and Information Technology, showed 13,000 messages and video uploads recorded. The number is going up by the minute.

While the registration requirement at the government’s www.mygov.in portal only requires the sender to provide her or his name and e-mail address to be able to send a message or upload a video – a usual cyber safety procedure – those who want to use the Modi app for the purpose will have to do more: they will first have to agree to be personally profiled by the prime minister’s “official” mobile application.

Personally identifiable information

This is how things work: to register oneself through the app and send a message, a user not only has to disclose her name, mobile number and email address but also profession, the state and the district she belongs to, her voter identification card number, specific areas of interests and a personal description within “500 characters”.

This has left many potential senders and experts flummoxed. Why does a citizen, in order to express her gratitude to the armed forces on the occasion of Diwali at the call of her prime minister need to share additional information with the app, which amounts to profiling? At a time when the Supreme Court is hearing a bunch of petitions on the mandatory use of Aadhar cards by the government, some of which deal with issues of privacy and the possible misuse of the collected data, this is a relevant question.

“There was absolutely no need for the app to ask for additional information from a user just to send a message to the armed forces. As far as the additional information sought from a user is concerned, it allows the data collector to build a profile of the user but it is not profiling in the modern big data sense wherein multiple data sources are combined to create a complete profile of the data subject,” says Sunil Abraham, director of the Bangalore-based Centre for Internet and Society.

Abraham adds, “There is no guarantee that the data collected (through the app) won’t be used illegally by some commercial enterprise, etc. because our data protection law, Section 43A of the Information and Technology Act, doesn’t apply to the state but only to the private sector. In other words, if the personal information is shared with the government, then it is perfectly legal for the government to disclose the personal information to other government or commercial entities.”

Unlike the MyGov portal, where a user can type or upload a message, the Narendra Modi mobile app also automatically adds a quote from the prime minister below the one typed by the user. It expresses the prime minister’s pride over “the indomitable valour and supreme sacrifice of our armed forces etched in the memory of every Indian”.

The prime minister launched his official mobile app in August last year at a function reportedly organised by MyGov, thus making him the first prime minister to have a mobile app named after him. Designed by a team of six students from Delhi Technical University after winning a two-phased contest launched by MyGov in March last year, the app has been described as “a one-stop destination for knowing about all the latest day-to-day activities of the prime minister.”As per media reports, the app would correspond to the prime minister’s official website, www.pmindia.gov.in.

Obviously then, information on how to access the app and take part in the campaign have been publicised through his portal, www.pmindia.gov.in.

This raises another question. Even though www.pmindia.gov.in is not directly accepting public messages for the armed forces but is only promoting the campaign and giving information on how to download the mobile app for it (thereby proving that it corresponds to the app), it does direct an interested user to the prime minister’s personal website, www.narendramodi.in on clicking its publicity window designed for the campaign.

The user can then download the Modi app from his personal website, which was used extensively during the run-up to the 2014 parliamentary elections by Modi to reach out to voters. So the app not only corresponds to the official website of the prime minister but also with his personal website through the official website. Curiously, it is not possible to access the app from the MyGov portal even though the entity under the Ministry of Electronics and Information launched the app at a function on August 6 in New Delhi reportedly organised by it.

Thus, while the app that seemed to have been developed and launched by a government department can’t be accessed directly through a government portal, it can be accessed through the prime minister’s personal portal. Also, features in the app like “forget password” are handled by his personal website, which communicates with an app user as its “Admin”.

So who runs the app? Is it not the official app of the prime minister of the country? Who owns it? Is it his personal app that he considers “official”? These are questions to which answers are not easily available.

No answers

The Wire made multiple attempts to get an official response, both from the government and the BJP Cyber Cell, about these queries but failed to get an answer. The Wire also failed to get any official clarification to why the app seeks personal details of a user to just send messages to the armed forces.

Calls and text messages to the social media cell of the Press Information Bureau (PIB) – the government’s media interface in the digital space – the office of Anurag Jain, listed in the www.pmindia.gov.in as the “web information office”, and to MyGov, which launched the app at the second anniversary function of the Modi government on August 6 last year in New Delhi, failed to receive a reply. All that a PIB official was willing to say on condition of anonymity to this correspondent, “I think it has been outsourced, we don’t deal with it. May be you can contact the PMO.”

Anurag Jain’s office at the PMO said, “You won’t get any information here on the app and the response of the people for the campaign through it. Call the appointments section, it might know.” But that section didn’t respond.

A mail sent to Arvind Gupta of the BJP’s Cyber Cell too has so far remained unanswered. A BJP source, however, pointed out, “If you go to @narendramodi_in, it clearly mentions that it is the twitter account of narendramodi.in, the personal website of Narendra Modi and also of the Narendra Modi mobile app. So it is his personal app.”

The question of why a personal app of the prime minister is then called his “official” app remains unanswered. Also, why is it then that the bulk text messages sent by a government entity, MyGov, direct the public to the prime minister’s personal app to send a message to the armed forces? Is it personal or official?

Meanwhile, the traffic directed by the prime minister’s official website to his personal portal can make use of the e-greeting section in it to send a Diwali e-card to family, relatives, colleagues, etc.

To send such an e-card, the user needs to follow four mandatory steps – choosing a card from the available options, selecting a pre-written Diwali message; selecting a quote of the prime minister from an exhaustive list made available to the user, and adding the name, salutation and email address of the recipient of the card.

The list of quotes – in English and Hindi – have been culled out of the prime minister’s speeches that straddle a variety of categories including Pakistan, terrorism, ASEAN, Nepal, Bhutan, Swacchh Bharat mission, the idea of India, secularism, disability, caste, dalits, governance, yoga, youth, et al.

It also has “motivation” as a category of prime minister’s sayings. Clicking it will give a user the choice of a long list of the prime minister’s quotes which begins with the need for the world to recognise the sacrifice made by Indian soldiers in the two world wars and ends with a quote on the 2010 judgment given by the Allahabad high court on the disputed site at Ayodhya:

Diwali greetings that can be sent along with the prime minister’s quote on the Ayodhya judgement which has been stayed by the Supreme Court

The quote said, “The Ayodhya judgment will work as a catalyst to maintain peace and unity in the country. This judgment has given a respect to belief and self esteem of the people of India, and it should be linked to self esteem of the country.”

Reacting to the judgment in 2010, the Rashtriya Swayamsevak Sangh chief Mohan Bhagwat had expressed “satisfaction”, adding, “The judgment has paved the way for the construction of Ram temple in Ayodhya. The judgment is not a win or loss for anybody. We invite everybody, including Muslims, to help build the temple.”

Constructing the Ram temple in Ayodhya was also in the manifesto of the BJP for the 2014 Lok Sabha polls with Modi as the party’s prime ministerial candidate.

So, even if the Supreme Court had put a stay on the judgment and has been hearing some petitions for and against it, this Diwali, if you wish to send an e-card using that quote of the prime minister to express his mind on the issue, you can.

“I think it is not only improper of the prime minister to allow such a quote to feature in an e-card with his name but it is also contempt of court. Being the prime minister of the country, he has to maintain neutrality. As per the constitution, there is separation of the state from religion. So being the prime minister, he can’t possibly allow someone to use that quote of him,” says well-known constitutional expert and senior Supreme Court lawyer Rajeev Dhavan.

Dhavan points out a precedent: “In 1969, the Supreme Court held as contempt a comment made by the then West Bengal chief minister P.C. Sen in a speech aired by All India Radio. The speech was made at a time when someone had challenged an order of the state government on milk production. Sen’s adverse comment supporting the order was presented first in front of the West Bengal High Court which took cognisance of it and termed it contempt of court. Thereafter, the case came to the SC which also termed it contempt of court as the comment was made while the case was pending in the court.”

Swaying public opinion

As per media reports, the comment on the September 30, 2010, HC order was made by Modi, then the Gujarat chief minister, on the same day, before the SC stayed that order in May, 2011.

Dhavan felt, “That he, as the prime minister, is now openly allowing a user to circulate that quote after the SC has begun hearing the case will attract criminal contempt of court as it can be seen as interfering with the working of the judiciary. He can obviously affect public opinion and can be seen as trying to decide the question. It can be seen as usurping the function of the Judiciary by the Executive.”

The traffic directed by the prime minister’s official website to the personal portal can also make use of any Diwali e-greeting card by picking a quote from a category named “political-general”. Many of the quotes under that category are from the prime minister’s multiple attacks on the main opposition party, the Congress, some of which must have been made before the 2014 Lok Sabha polls, such as this one: “The UPA government is non-serious, it has taken the people for granted & it is not bothered about the youth. Their approach shows lack of faith in democracy. Our goal is to win the trust of the people & give dignity to them…”

“That the prime minister’s official website links people to surf his personal website where they can send e-cards using anti-opposition quotes of the prime minister is extremely contentious. Whichever party had come to power, there has always been a Chinese wall between the institution of the prime minister and the politician. Unfortunately, both have come together in the current dispensation. The common man doesn’t understand it well, so it is taking advantage of technology to erase that difference,” former Information and Broadcasting minister and Congress spokesperson Manish Tiwari said.

Such e-cards are not restricted to Diwali. You can send them on occasions like “Holi, Rakshabandhan, Navaratri, Christmas, Independence Day, Gudi Padwa, Kite Festival, Namo Birthday, Ram Navami, Swami Vivekananda Janma Jayanti” and at any other time by opting for the “political (general)” category.

Narendra Modi implemented the idea of launching e-cards that could go with his quotes in the run-up to the 2014 parliamentary elections. Reports said that “Narendra Modi E-cards” were used by the BJP as a “new marketing strategy” to canvas for its prime ministerial candidate before Holi to bypass the Election Commission of India’s model code of conduct as there was “no mention of rules for social media usage by political parties”.

Meanwhile, those who have signed up for the Narendra Modi mobile app only to send a message to the armed forces have begun receiving regular “infographics” based on the prime minister’s speeches, and also data culled out of news and study reports that are deemed favourable to him and his government. A registered user can further pass on those “infographics” by sharing them on her Facebook page and twitter handle.

The app, though termed “official”, also forwards to a registered user tweets posted only from his personal twitter handle and not from his official handle, @pmoindia. One such tweet that this correspondent received through the app had little to do with the government and entirely with the persona of the politician behind the prime minister. The tweet said, “When @narendramodi demonstrated true leadership at the Patna rally, on this day in 2013…”

Clicking on the link in the tweet takes you to a write-up that talks of the “true grit” of the “BJP’s then prime ministerial candidate” by addressing a rally after a bomb blast in Patna.

For more details visit https://cis-india.org/internet-governance/news/the-wire-october-29-2016-sangeeta-barooah-pisharoty-behind-modis-heartwarming-diwal-ad-for-soldiers-an-app-that-is-primed-for-political-messaging

Here is why government twitter handles have been posting offensive and partisan messages

praskrishna — 2016-10-16T03:24:45Z

You have failed us big time Mr Kejriwal, for your petty political gains you can become headlines for Pakistani press,” read a tweet on October 5 from @IndiaPostOffice, the official twitter handle of the Indian postal service.

The article by Danish Raza was published in the Hindustan Times on October 15, 2016. Nishant Shah was quoted.

It was a reference to Delhi Chief Minister Arvind Kejriwal urging the Prime Minister to counter Pakistan’s propaganda over surgical strikes.

Within hours, India Post tweeted an apology saying that the account was hacked.

This is the latest in a series of opinions and statements posted from official twitter handles of government departments and bodies. Of late, the Twitter handles meant to broadcast information related to government programmes have appeared like personal accounts tweeting slander and criticism.

Last month, the Twitter handle of Digital India tweeted a poem in Hindi calling on the Indian Army to persistently fire at protesters in Kashmir.

In August, the Twitter handle of Startup India retweeted a post suggesting that the Indian Army should ‘take care’ of #Presstitutes, a reference to sections of Indian media critical of the government.

The tweets expose loopholes in the government’s social media policy and raise questions about the norms followed in the recruitment of social media professionals for ministries and government institutions.

Work in Progress

The process of adopting new tools is work in progress. While the government agencies are trying to leverage social media to enhance citizen engagement, for the vast majority of government bodies, it is unexplored territory. Babus who have traditionally been dealing in paperwork and file notings are overwhelmed to see hash tags and trends. With a tech- savvy Prime Minister at the helm, every government department is trying to increase its digital footprint. At the same time, they face the challenge of reinterpreting existing work ethics and codes of conduct and applying them to the use of social media. Ministries such as the Ministry of External Affairs, Information & Broadcasting and the Prime Minister’s Office which have cohesive programmes and big mandate, have separate social media wings of their own with well- defined protocols. But these are exceptions.

Overall, the government bodies lack social media guidelines for their own efforts or which others can learn from. According to Chinmayi Arun, executive director, Centre for Communication Governance, National Law University, Delhi, mistakes are bound to happen given that everyone is new to social media. But it should be non-negotiable that when anything is said using an official governmental handle, the government should take more responsibility than just saying ‘oops’. “One of course is a clear and unequivocal statement apologising and taking back whatever was said. However, it should take pro-active measures to train and test people who handle its public-facing accounts and publish a clear monitoring and accountability mechanism by which they can be called to account. It should not be open to anyone to misuse the government’s official handles in this manner,” said Arun.

One of the areas where the lack of sensitisation is apparent is the usage of the same mobile device for multiple twitter handles – the most common reason for such goof-ups cited by social media consultants attached to various government departments. “I believe these were inadvertently posted by people handling these accounts. It may neither have been their mandate nor their intention. It happens when the person has configured multiple twitter handles from the same device and ends up posting from the wrong account,” said Amit Malviya, BJP’s National Convener, IT.

The majority of ministries and government departments do not give phones to members of the social media teams. It is up to the individual to use his personal device or get an additional one to manage the professional handle (s). A mistake will happen if a comment which was to be posted from the personal handle is posted from the official handle.

Twitter Goof-ups from GoI Accounts

“Because of the personalised and individual nature of social media, it is easy to forget that they are representing an institution and not themselves when using these handles. This also suggests the lack of public usage training in these organisations, and the need to educate our public actors in using social media with more responsibility as office bearers of an institution rather than a personal expression or an opinion,” said Nishant Shah, co-founder of the Centre for Internet and Society, Bangalore.

Another issue is that access to the account is given to multiple people. “Each one of them brings their individual personality and politics to their operation of the handle,” said Shah.

Hiring Issues

Part of the problem lies in the fact that there is no standard protocol on who can access the twitter handle of Indian government bodies and how this person or team is hired.

A few ministries (example: the ministry of railways) have a team comprising of government employees and staff of private agencies handling their account. Others have outsourced the job to agencies.

During the campaigning for the 2009 election, political parties got outside expertise to mark their presence online. The selection parameters of social media consultants – established public relations firms in some cases and individuals in others – was not uniform.

Unlike the traditional public relations officers who are from the Indian Information Services cadre, the social media consultants were selected based on their expertise in the field, political affiliation, and proximity to a party or leader.

Those who started handling social media accounts of political parties and leaders included trolls and social media influencers. “Parties got youngsters who were politically motivated and willing to work for political parties. They became cheaper alternatives for social media experts,” said Ishan Russel, political communication consultant.

After the NDA came to power, almost every ministry outsourced its digital expertise to agencies. Many individuals who were earlier directly working with leaders and parties got back with them via agencies. “If an agency is looking for people to handle the twitter account or Facebook page of a certain ministry in the BJP government, then those who are politically inclined towards the BJP will apply for the vacancies and their chances of getting hired are also much higher than someone who is neutral or known to be an AAP sympathiser,” said Vikas Pandey, 32-year-old software engineer, who headed the “I Support Namo” campaign on Facebook and Twitter, as a volunteer for the BJP.

Last year, the Prime Minister felicitated more than a dozen social media enthusiasts, including Vikas. The move raised eyebrows because many felt that the government was encouraging trolls. “It illuminates the fact that trolls have found gainful employment in the Government of India. Also that the entire edifice of the centre is being taken over by woefully undereducated bigots,” said Swati Chaturvedi, senior journalist and author.

Agency, the Soft Target

Till the time the government staff is well versed with social media tools, attributing the mistakes to an ‘outside agency’ appears to be the norm.

In the case of the twitter goof-up involving Startup India, Commerce and Industry minister Nirmala Sitharaman blamed a private agency that was managing the account of Startup India. “The retweets were done by an employee of the agency hired by the department of industrial policy and promotion. The person assigned by the agency for this particular job is not decided by the department and is the sole prerogative of the agency,” she said.

S Radha Chauhan, CEO of National e-Governance Division, attributed the controversial post from Digital India’s twitter handle to an agency called Trivone. “The person responsible had mistakenly tweeted from the official handle what he wanted to tweet from his personal account,” said Chauhan.

Those familiar with the functioning of the government’s social media verticals say that agencies are mentioned to cover up for mistakes often committed by someone from the government staff. “When in crisis, blame the agency, is the thumbrule the government follows. The fact is that each twitter post is approved by the client before it is posted,” said a senior executive with a digital marketing firm attached to a ministry which has recently earned lot of praise for its social media initiatives.

Nishtha Arora, social media and digital consultant in a reputed ad agency, was handling a political account till very recently. She said that the client required her to just randomly tweet or RT to be heard by the followers of a tech-savvy minister and be his digital mouthpiece. “I often had to draft tweets which looked like press releases,” she said.

“Digital faux pas is blamed on to someone who might be an expert in the field but yet has to bow down to the client pressure so that their agenda for the day is met and the said government body or ministry remains in the news,” she added.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-danish-raza-october-15-2016-here-is-why-government-twitter-handles-have-been-posting-offensive-and-partisan-messages

Tech companies like Gmail, WhatsApp may be asked to store user information

praskrishna — 2016-10-14T01:12:14Z

The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.

The article by Surabhi Agarwal was published in Economic Times on October 14, 2016. Pranesh Prakash was quoted.

What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.

Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.

Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.

The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.

“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."

Google and Facebook did not respond to requests for comment.

‘Huge balancing act’

Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.

While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.

Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.

For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.

Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.

And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information

Services like TwitterSeva aren’t the silver bullets they are made out to be

sunil — 2016-10-06T16:31:51Z

TwitterSeva is great, but it should not be considered a sufficient replacement for proper e-governance systems. This is because there are several serious shortcomings with the TwitterSeva approach, and it is no wonder that enthusiastic police officers and bureaucrats are somewhat upset with the slow deployment of e-governance applications. They are also right in being frustrated with the lack of usability and scalability of existing applications that hold out the promise of adopting private sector platforms to serve citizens better.

Sunil Abraham, executive director of the Centre for Internet and Society, wrote this in response to the FactorDaily story on TwitterSeva, a special feature developed by Twitter’s India team to help citizens connect better with government services. Sunil's article in FactorDaily can be read here.

Let’s take a look at why the TwitterSeva approach is not adequate:

1. Vendor and Technology Neutrality: Providing a level ground for competing technologies in e-governance has been a globally accepted best practice for about 15 years now. This is usually done by using open standards policies and interoperability frameworks.

India does have a national open standards policy, but the National Informatics Centre (NIC) has only published one chapter of the Interoperability Framework for e-Governance .

The thing is, while Twitter might be the preferred choice for urban elites and the middle class, it might not be the choice of millions of Indians coming online. By implicitly signaling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter. Ideally, all interactions that the state has with citizens should be such that citizens can choose which vendor and technology they would like to use. Ideally, the government should have its own work-flow so that it can harvest complaints, feedback and other communications from all social media platforms be it Twitter or Identica, Facebook or Diaspora, and publish responses back onto them.

By implicitly signalling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter

Apart from undermining the power of choice for citizens, lack of vendor and technology neutrality in government use of technology undermines the efficient functioning of a competitive free market, which is the bedrock of future innovation.

When it comes to micro-blogging, Twitter has established a near monopoly in India. There are no clear signs of harm and therefore it would not be wise to advocate that the Competition Commission of India investigate Twitter. However, if the government helps Twitter tighten its grip over the Indian market, it is preventing the next cycle of creative destruction and disruption. Therefore, e-governance applications should ideally only “loosely couple” with the APIs of private firms so that competition and innovation are protected.

2. Holistic Approach and Accountability: Ideally, as the Electronic Service Delivery Bill 2011 had envisaged, every agency within the government was supposed to (within 180 days of the enactment of the Act) do several things: publish a list of services that will be delivered electronically with a deadline for each service; commit to service-level agreements for each service and provide details of the manner of delivery; provide an agency-level grievance redressal mechanism for citizens unhappy with the delivery of these electronic services.

Notwithstanding the 180-day commitment, the Bill required that “all public services shall be delivered in electronic mode within five years” after the enactment of the Bill with a potential three-year extension if the original deadline was not met. The Bill also envisaged the constitution of a Central Electronic Service Delivery Commission with a team of commissioners who “monitor the implementation of this Bill on a regular basis” and publish an annual report which would include “the number of electronic service requests in response to which service was provided in accordance with the applicable service levels and an analysis of the remaining cases.”

The Electronic Service Delivery Bill 2011 had a much more comprehensive and accountable plan for e-governance adoption in the country

Citizens suffering from non-compliance with the provisions of the Bill and unsatisfied with the response from the agency level grievance redressal mechanism could appeal to the Commission. The state or central commissioners after giving the government officials an opportunity to be heard were empowered to impose a fine of Rs 5000.

Unlike the piecemeal approach of TwitterSeva, the Bill had a much more comprehensive and accountable plan for e-governance adoption in the country.

3. Right To Transparency: Some of the interactions that the government has with citizens and firms may have to be disclosed under the obligation emerging from the Right to Information Act for disclosure to the public or to the requesting party. Therefore it is important that the government take its own steps for the retention of all data and records — independent of the goodwill and lifecycles of private firms.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests? Even if the government is not keen on pushing for data portablity as a right for consumers (just like mobile number portability in telecom, so that consumers can seamlessly shift between competing service providers), it absolutely should insist on data portability for all government use.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests?

This will allow it to shift to a) support multiple services, b) shift to competing/emerging services c) incrementally build its own infrastructure and also comply with the requirements of the Right to Information Act.

4. Privacy: Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology.” There is an obsession with collecting as much data as possible from citizens, storing it in centralized databases and providing “dashboards” to bureaucrats and politicians. This is diametrically opposed to the view of the security community.

Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology”

For example, Bruce Schneier posted on his blog in March this year (in a piece titled ‘Data is a Toxic Asset‘) saying: “What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous. This idea has always been part of the data protection law starting with the 2005 EU Data Protection Directive expressed as the principle of “Data Minimization” or “Collection Limitation”. More recently technologists and policy makers also use the phrase “Privacy by Design”. Introducing an unnecessary intermediary or gate-keeper between what is essentially transactions between citizens and the state is an egregious violation of a key privacy principle.”

5. Middle Class and Elite Capture: The use of Twitter amplifies the voices of the English-speaking, elite, and middle class citizens at the expense of the voices of the poor. While elites don’t exhibit fear when tagging police IDs and making public complaints from the comforts of their gated communities with private security guards shielding them the violence of the state, this might be a very intimidating option for the poor and disempowered.

While elites don’t fear tagging police IDs and making public complaints from the comforts of their gated communities, it’s intimidating for the disempowered

While the system may not be discriminatory in its design, it will have disparate impact on different sections of our society. In other words, the introduction of TwitterSeva will exacerbate power asymmetries in our society rather than ameliorating them.

The canonical scholarly reference for this is Kate Crawford’s analysis of City of Boston’s StreetBump smartphone, which resulted in an over-reporting of potholes in elite neighbourhoods and under-reporting from poor and elderly residents. This meant that efficiency in the allocation of the city’s resources was only a cover for increased discrimination against the powerless.

6. Security: The most important conclusion to draw from the Snowden disclosure is that the tin-foil conspiracy theorists who we used to dismiss as lunatics were correct. What has been established beyond doubt is that the United States of America is the world leader when it comes to conducting mass surveillance on netizens across the globe. It is still completely unclear how much access the NSA has to the databases of American social media giants. When the complete police force of a state starts to use Twitter for the delivery of services to the public, then it may be possible for foreign intelligence agencies to use this information to undermine our sovereignty and national security.

For more details visit https://cis-india.org/internet-governance/blog/factordaily-sunil-abraham-october-6-2016-services-like-twitterseva-are-not-the-silver-bullets-they-are-made-out-to-be

WhatsApp ruling: Experts seek privacy law

praskrishna — 2016-09-27T02:35:06Z

On August 25, Whatsapp updated its policy to share user content with social network; the decision opened new monetisation models for the messaging app.

The article by Apurva Venkat and Moulishree Srivastava quoted Sunil Abraham. It was published in the Business Standard on September 24, 2016.

The recent Delhi High Court ruling that messaging app Whatsapp cannot share user data highlights the need for legislation on privacy, according to experts.

On August 25, Whatsapp, a platform with 70 million users in India that was acquired by Facebook in 2014, updated its policy to share user content with the social network. The decision opened new monetisation models for the messaging app.

In response to a PIL, the court ordered WhatsApp to delete data of users who chose to opt out of its policy changes before September 25. It also orderedWhatsApp not to share data collected before September 25 with Facebook for users who had not opted out.

"The decision makes a strong statement on privacy," said Sunil Abraham, executive director of the Centre for Internet Society. According to him, a user trusts a platform and provides access to his data. As another firm acquires the platform, it gains access to the data.

"Facebook owns Whatsapp. It has to look at ways of monetising it," said Nikhil Pahwa, co-founder of SavetheInternet.in.

"With so much digital data being generated, there is a need for a privacy law in the country," said Pahwa.

"Facebook's consent interface is confusing. It can make a person who wants to opt out let the company access his data," said Abraham, adding a law would take care of such intricacies. The government is working on a privacy bill.

Saroj Kumar Jha, partner, SRGR Law Offices, said there were few judgments on privacy in India based on constitutional rights.

"While the Information Technology Act enables courts to pass judgments on global companies on privacy, enforcing the orders is difficult," he said.

"What is required is a privacy law that can protect user data and uphold the individual's right to privacy," he added.

For more details visit https://cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law

When the war’s on WhatsApp

praskrishna — 2016-09-25T16:36:01Z

Slick, jingoistic videos are whipping up pro-war rhetoric on social media after the Uri terror attack.

The article by Manju V was published in the Times of India on September 25, 2016. Nishant Shah was quoted.

It packs a meaner punch than any 140-character tweet. In 140 jingoistic seconds, the cleverly packaged YouTube film veers from Mohammed Rafi to Chandra Shekhar Azad drumming up pro-war rhetoric to avenge the Pathankot attack. Set to the tone of chirping crickets on a moonlit night somewhere along the western border that India shares with its neighbour, the short film has two armymen in fatigues deliberate over the absolute need to respond with a counter attack. It ends in a staccato military drumbeat with a voiceover quoting Azad: "If yet your blood does not rage, then it is water that flows in your veins."

Posted about 10 days after the Pathankot attack in January, the video was resurrected last week after the country woke up to the Uri attack that killed 18 Indian soldiers in the deadliest assault on security forces in Kashmir in over two decades. Even as photographs of a grenade smoke-filled valley, tricolour-draped coffins, grieving sons, daughters and widows made the rounds in media outlets scores of Indians marched onto social media, some armed with incendiary prose and other with slick videos that expressed more anger than anguish.

In another video doing the rounds, a jawan, or someone in uniform, sings a poem warning Pakistan. His mates join in the refrain: "Kashmir toh hoga, lekin Pakistan nahi hoga."

These videos of jawans threatening to decimate Pakistan were shared by thousands. WhatsApp profile pictures and statuses were changed, Facebook posts got longer and vitriolic, Twitter #UriAttack exploded with expletives as the enough-is-enough sentiment peaked. It heralded the beginning of an era where the dynamics of Indo-Pakistan relations will play out not just in the diplomatic corridors of Delhi and Islamabad, the valley of Kashmir or the barracks of security forces; but also on the mobile phones, tablets and laptops of millions of Indians.

When contacted for a comment, the makers of the war-mongering 'Pathankot Tolerance' video didn't endorse war outright. "My individual opinion is that war is not a solution," said producer Santosh Singh, who heads the Mumbai-based V Seven Pictures. "Before we resort to war, we have to solve our internal problems. How can we let infiltration take place so blatantly?" he asked. Why then does the video not talk about this? Singh said that when one hears about such attacks, the instant reaction is to retaliate. "The video is based on that sentiment."

An electronics engineer, Singh also owns an IT recruitment firm. His film production company, which he runs along with his friend Vivek Joshi, made the Mauka Mauka World Cup video that went viral and also produces short films and videos for clients. "We have no political affiliations, in fact we turned down a couple of political parties who approached us," says Singh, adding that his company has made 30-35 films in less than two years. "Of these, about 10 are on issues close to our heart, like those on Afzal Guru and the Pathankot attack. We upload them on YouTube, they are aired without ads. We don't earn money from them," he adds.

Ugly gets outlet

Nitin Pai, director of Takshashila Institution, an independent centre for research and education in public policy, says that social media and some television studios have enabled people to express their subconscious fears and desires. "It is not just today that the people of India have been angry with Pakistan for fomenting terrorism in our country. But it is only now that they have ways to express this anger; unfortunately, social media dynamics amplify this anger in a grotesque, distorted manner, allowing the ugly and less-sensible views to rise to the top of the public discourse," said Pai.

Tracing the many origins of this phenomenon, psychiatrist Harish Shetty says that in an angst-ridden, globalized world, we need a whipping boy. "With the Uri attacks, the entire nation had a common enemy. In expressing collective anger, there's catharsis." The current outpouring is not just over the deaths of soldiers; such an incident also opens up older wounds, he says. "For a long time, Indians have found their leaders to be helpless. It's like a family that is attacked again and again by a neighbour, but the father does nothing about it. There has been a lack of strong response from 'papa figures' across time, which has led to a sense of anger and rage. After the Uri attacks, the collective self-esteem of the country took a beating, and people felt a need to assert themselves on social media. At such times strong action is viewed as legitimate, valid and free of guilt," he adds.

Amplifying angst

If social media brought together protesters in Tunisia and Egypt during the Arab spring, in democratic India it has turned into a platform for expressing mass disenchantment with the government, especially in the wake of such attacks.

Social media plays several roles in times of crises, says Nishant Shah, professor of digital media and co-founder of the Centre for Internet & Society, Bengaluru. One, it amplifies what is already being said in friend circles and living-room conversations in front of the telly, but spreads it to a larger audience. "The second role it plays is distribution: social media allows people to inherit other people's opinions, thus exposing them to new ways of thinking but also find corroborators for their own viewpoints," he says. The third is catalysis — social media also has the capacity to generate new information. "The format creates new kinds of truths. Things that can be caught in Snapchat videos, or visuals which can be remixed, all become a part of this zeitgeist," Shah says.

Virtual wars

But in India at least, social media is no indicator of considered public opinion, points out Pai. Shah adds: "What we are seeing is a filter bubble of a privileged set of people who are engaging in this debate."

Then again, what's said on social media needn't be endorsed in real life. Vivek Joshi, who wrote and directed the Pathankot video, says nobody in the world would want a war. "But when it comes to the lives of our soldiers, an answer has to be given. If the government had taken any visible action, then there would have been no need to put out a video like this," Joshi adds. And therein probably comes the new-age heuristic of venting out on social media.

For more details visit https://cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp

Indians Ask: Is Visiting a Torrent Site Really A Crime?

subha — 2016-09-06T14:09:26Z

India has banned various large-scale torrent sites for a long time — this is old news. But under a new federal policy in India, one can be jailed for three years and fined 300,000 Indian Rupees (~US $4464) for downloading content on any of these blocked websites.

The blog post was first published in Global Voices on September 5, 2016.

Netizens who regularly use these and similar services have become anxious about what the rule may mean for them. Last week, a new legal notice concerning copyright violations sparked widespread rumors that users could be penalized for simply viewing torrent sites.

The notice now appears when one visits any of the banned websites. It reads:

This URL has been blocked under the instructions of the Competent Government Authority or in compliance with the orders of a Court of competent jurisdiction. Viewing, downloading, exhibiting or duplicating an illicit copy of the contents under this URL is punishable as an offence under the laws of India, including but not limited to under Sections 63, 63-A, 65 and 65-A of the Copyright Act, 1957 which prescribe imprisonment for 3 years and also fine of upto Rs. 3,00,000/-. Any person aggrieved by any such blocking of this URL may contact at urlblock@tatacommunications.com who will, within 48 hours, provide you the details of relevant proceedings under which you can approach the relevant High Court or Authority for redressal of your grievance.

Soon after news of the notice began to circulate, the Chennai High Court – one of the oldest courts in India — issued a John Doe order to block as many as 830 websites, including several torrent websites such as thepiratebay.se, torrenthound.com, and kickasstorrents.come.in.

Indian tech news portal Medianama published a blog post arguing that it is the downloading of pirated content from certain banned websites and not accessing those website that should lead to the legal issues. The problem, it seems, lies in the poor wording of the notice. Medianama described this as “bizarre by any rational standard” and noted that, taken literally, it does not comply with the Indian Copyright Act. Digital piracy legislation in India has been modified quite a lot in the recent times in general and over last five years in particular (Sections 63, 63A and 65 of the Indian Copyright Act of 1957 in particular.) But it has not been implemented with such force in the past.	What is a torrent? A torrent is part of a system that enables peer-to-peer file sharing (“P2P”) that is used to distribute data and electronic files over the Internet. Known as BitTorrent, this file distribution system is one of the most common technical protocols for transferring large files, such as digital audio files containing TV shows or video clips or digital audio files containing songs. Within this system, files labeled with the .torrent extension contain meta data about files — e.g. file names, their sizes, folder structure and cryptographic hash value for integrity verification. They do not contain the content to be distributed, but without them, the system does not work. (via Wikipedia)

This is not the first time India has put a blanket ban on such sites. In December 2014, 32 websites — including including code repository Github, video streaming sites Vimeo and Dailymotion, online archive Internet Archive, free software hosting site Sourceforge — were banned in India. They were later unblocked after agreeing to remove some ISIS-related content.

As they have in the past, tech-savvy netizens began suggesting hacks to mask or fake one's IP address. Sumiteshwar Choudhary, a practicing criminal and matrimony lawyer, described on Quora how the law had existed for quite some time but the government had never fully enforced it:

[..] The only reason that India has not been able to successfully ban these services is because the servers rest outside India and we don’t have any law to extend our jurisdiction to that extent today. As an end user if you download a pirated version of things you are not entitled to, you can be booked criminally under this Act and can face prison for up to 2 years…

Twitter user Prisma Mama Thakur criticized the ban, arguing that it should be a low priority in a moment when India has many other important problems to solve:

For more details visit https://cis-india.org/internet-governance/blog/global-voices-september-5-2016-subhashish-panigrahi-indians-ask-is-visiting-a-torrent-site-really-a-crime

Talking Point: Futile Battle Against Torrents

praskrishna — 2016-09-01T14:36:01Z

Sunil Abraham spoke to Deccan Herald to clear the air about rumours surrounding a jail threat for those logging on to Torrent sites.

Video

This was originally published by Deccan Herald on August 30, 2016

For more details visit https://cis-india.org/internet-governance/news/talking-point-futile-battle-against-torrents

We Truly are the Product being Sold

vidushi — 2016-09-01T02:08:37Z

WhatsApp has announced it will begin sharing user data such as names, phone numbers, and other analytics with its parent company, Facebook, and with the Facebook family of companies. This change to its terms of service was effected in order to enable users to “communicate with businesses that matter” to them. How does this have anything to do with Facebook?

The article was published in the Hindustan Times on August 31, 2016.

WhatsApp clarifies in its blog post, “... by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.”

WhatsApp’s further clarifies that it will not post your number on Facebook or share this data with advertisers. This means little because it will share your number with Facebook for advertisement. It is simply doing indirectly, what it has said it won’t do directly. This new development also leads to the collapsing of different personae of a user, even making public their private life that they have so far chosen not to share online. Last week, Facebook published a list of 98 data points it collects on users. These data points combined with your WhatsApp phone number, profile picture, status message, last seen status, frequency of conversation with other users, and the names of these users (and their data) could lead to a severely uncomfortable invasion of privacy.

Consider a situation where you have spoken to a divorce lawyer in confidence over WhatsApp’s encrypted channel, and are then flooded with advertisements for marriage counselling and divorce attorneys when you next log in to Facebook at home. Or, you are desperately seeking loans and get in touch with several loan officers; and when you log in to Facebook at work, colleagues notice your News Feed flooded with ads for loans, articles on financial management, and support groups for people in debt.

It is no secret that Facebook makes money off interactions on its platform, and the more information that is shared and consumed, the more Facebook is benefitted. However, the company’s complete disregard for user consent in its efforts to grow is worrying, particularly because Facebook is a monopoly. In order for one to talk to friends and family and keep in touch, Facebook is the obvious, if not the only, choice. It is also increasingly becoming the most accessible way to engage with government agencies. For example, Indian embassies around the world have recently set up Facebook portals, the Bangalore Traffic Police is most easily contacted through Facebook, and heads of states are also turning to the platform to engage with people. It is crucial that such private and collective interactions of citizens with their respective government agencies are protected from becoming data points to which market researchers have access.

Given Facebook’s proclivity for unilaterally compromising user privacy, the Federal Trade Commission (FTC) in 2011 charged the company for deceiving consumers by misleading them about the privacy of their information. Following these charges, Facebook reached an agreement to give consumers clear notice and obtain consumers’ express consent before extending privacy settings that they had established. The latest modification to WhatsApp’s terms of service seems to amount to a clear violation of this agreement and brings out the grave need to treat user consent more seriously.

There is a way to opt out of sharing data for Facebook ads targeting that is outlined by WhatsApp on its blog, which is the best example for a case of invasion-of-privacy-by-design. WhatsApp plans to ask the users to untick a small green arrow, and then click on a large green button that says “Agree” (which is the only button) so as to indicate that they are opting-out. The interface of the notice seems to be consciously designed to confuse users by using the power of default option. For most users, agreeing to terms and conditions is a hasty click on a box and the last part of an installation process. Predictably, most users choose to go with default options, and this specific design of the opt-out option is not meaningful at all.

In 2005, Facebook’s default profile settings were such that anyone on Facebook could see your name, profile picture, gender and network. Your photos, wall posts and friends list were viewable by people in your network. Your contact information, birthday and other data could be seen by friends and only you could view the posts that you liked. Fast forward to 2010, and the entire internet, not just all Facebook users, can see your name, profile picture, gender, network, wall posts, photos, likes, friends list and other profile data. There hasn’t been a comprehensive study since 2010, but one can safely assume that Facebook’s privacy settings will only get progressively worse for users, and exponentially better for Facebook’s revenues. The service is free and we truly are the product being sold.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold

Festival scan on social media

praskrishna — 2016-08-26T03:20:36Z

Authorities in a south Karnataka district have started keeping tighter watch on rumour-mongering and hate messages on social media platforms ahead of religious festivals.

The article was published in the Telegraph on August 26, 2016. Sunil Abraham was quoted.

Police in the communally sensitive Dakshina Kannada district have cautioned people not to start or circulate any hate message or rumours that could affect law and order.

"Anyone spreading rumours or hate messages can be charged under IPC Section 505 as we have all the technical capability to find out the origins of such messages," said Mangalore city police commissioner M. Chandra Sekhar.

This section is applied in the event of any statement or rumour with the intent to cause alarm among the public. "We do get several messages that later turn out to be a hoax," the officer said, citing instances of false rumours.

The officer exhorted citizens to alert the police the moment they get any such messages so that it could minimise or even prevent any damage, especially if the content is communally sensitive.

The district authorities have already ramped up police presence to prevent anything untoward in view of the activities of cow vigilantes who recently lynched a BJP worker for transporting calves in neighbouring Udupi district.

A source in the state police department hinted the measure could be replicated across the state, although other districts are not as communally sensitive like Dakshina Kannada.

The district - Mangalore is its administrative headquarters - had been in the thick of communal tension for decades.

Bhushan Gulabrao Borase, superintendent of police in charge of the Dakshina Kannada rural district, that is the rest of the district except Mangalore city, said keeping a watch on social media had become imperative. "Rural people may be using social media less frequently. But even then we need to be careful," he said.

Cow vigilantism by Hindutva groups is a major concern.

He said people could land in trouble for a seemingly harmless message if it causes some serious issue. "It is better not to start such messages. But it's also important not to forward if one receives them," said Borase.

Sunil Abraham, executive director of The Centre for Internet and Society, had a word of caution, although he appreciated the intent behind the police move.

"It's a reasonable approach if they stick to the scope of the law (Section 505). The problem is only if police overstep their limits, like we have seen on several occasions."

But he agreed there was a need to keep an eye on what goes on in social media since many users abuse messaging platforms like WhatsApp.

"What we don't want is a Nazi Germany where the wife is asked to spy on her husband and the son on the father. But we also don't want the opposite when citizens just ignore everything," he said, asserting that it was the duty of civil society to inform the police if they found anything dangerous being circulated.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-august-26-2016-festival-scan-on-social-media

Do I Want to Say Happy B’day?

nishant — 2016-08-22T09:53:03Z

When it comes to greeting friends on their birthdays, social media prompts are a great reminder. So why does an online message leave us cold?

This article was published in Indian Express on August 7, 2016

Every morning, I wake up to a Facebook notification that reminds me of the birthdays in my friends group. A simple click takes me to a calendar view that shows me people who are celebrating the day, prompting me to wish them and let them know that I am thinking of them. Just so that I don’t miss the idea, the notifications are surrounded by ribbons and balloons in gold and blue. The message is simple. Somebody I know has a birthday. Social convention says that I should wish them and Facebook has designed a special interface that makes the communication so much simpler, faster, easier.

And yet, every morning I seem to face a small crisis, not sure how to respond to this prompt. Now, I am notorious for forgetting dates and numbers, so I do appreciate this personalised reminder which has enabled me to wish people I love and care for. But I generally find myself hovering tentatively, trying to figure out whether I want to greet these people.

This has perplexed me for a while now. Why would I hesitate in leaving a message on Facebook for people who I have added as “friends”? Why would I not just post on their wall, adding to the chorus of greetings that would have also emerged from the automated reminder on Facebook? I went on to the hive-mind of the social web to figure out if this was a unique problem, customised to specific neuroses, or whether this is more universal. It was a great surprise (and relief) to realise that I’m not alone.

When trying to figure out our conflicted sociality on social media, several conversations pointed to three things worth dwelling on. Almost everybody on that long discussion thread pointed out that the entire process is mechanised.

It feels like Facebook has a script for us, and we are just supposed to follow through. There is very little effort spent in crafting a message, writing something thoughtful, and creating a specific connection because it is going to get submerged in a cacophony of similar messages. Also, the message, though personal, is public. So anything that is personal and affective just gets scrubbed, and most people end up mechanically posting “Happy Birthday” with a few emojis of choice, finding the whole process and the final performance devoid of the personal.

Another emerging concern was that social media sustains itself on reciprocity. However, it is almost impossible to expect the birthday person to respond to every single message and post that comes their way. In fact, as somebody pointed out, if your friend spends their entire day on Facebook, responding to 500 comments and thanking everybody who spent three seconds writing a banal post, you should stage an intervention because it is a clear cry for help. You should have been a better friend and made their day more special by being with them. So the message feels like shouting in a ravine, expecting an echo and getting nothing. This lack of reciprocity, even when expected, is still disconcerting enough for people to shy away from it.

The most frequent experience that was shared was by people who wanted to make the person feel special and cherished. Facebook and the social media sites are now so quotidian and pedestrian that it seems an almost uncaring space. It was intriguing to figure out that people made choices of whom to wish based on their actual proximity and intimacy with the person. If it is a colleague, a distant acquaintance, or just a companion at work, they throw a quick greeting on their wall and move on. But for actual friends, loved ones, families, they take the prompt but then refuse to follow the script. They take that moment to call, to write, to meet, but not perform it on Facebook.

This need for connectivity and the suspicion of its meaning continues to mark our social media interaction. If it were not for social media networks, a lot of us would feel distinctly disconnected, unable to get glimpses in the lives of the large number of people we know.

At the same time, this thinned out connection that characterises most of social media also seems to make us realise that not all friends are the same friends, and that Facebook might be social media, but it isn’t quite personal media.

For more details visit https://cis-india.org/raw/blog_do-i-want-to-say-happy-bday

It's That Eavesdrop Endemic

praskrishna — 2016-07-30T15:45:31Z

Whatsapp Says It’s Snoop-Proof Now, But There’s Always A Way In

The article by Arindam Mukherjee was published in Outlook on July 25, 2016. Pranesh Prakash was quoted.

Lock and Key

WhatsApp says it has end-to-end encryption, so no one, not even WhatsApp, can snoop into calls.

Experts say any encryption can be broken by security agencies. Android phones can also get infected by malware.

For years, a Delhi power-broker used to call from nondescript landline numbers, changing them ever so often. Of late, he has started using WhatsApp calls for ‘sensitive’ conversations. He’s not alone. WhatsApp has revealed that over 100 million voice calls are being made on the social network every day. That’s over 1,100 calls a second! India is one of the biggest user bases of WhatsApp. And many Indian users are making the app their main engine for voice calls.

One reason for this shift is that WhatsApp calls are seen to be essentially free (though they indeed have data charges). But for a lot of people, the chief allure lies in the touted fact that WhatsApp calling is far more secure than mobile calling. In April, the app introduced end-to-end encryption for its messages and voice calls.

Consequent to this, Sudhir Yadav, a Gurgaon-based software engineer filed a PIL in the Supreme Court seeking a ban on WhatsApp on the grounds that its calls are so safe that it could be misused by ‘terrorists’. Last month, a court in Brazil issued orders to block WhatsApp for 72 hours after it failed to provide the authorities access to encrypted data.

Are WhatsApp calls really impenetrable? WhatsApp believes so and says that the encryption key is held by the two persons at the two ends of the message or call and no one, not even the company, can snoop in. “The calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them,” a WhatsApp spokesperson told Outlook. This is precisely Yadav’s concern. “Because the encryption is end to end, the government can’t break it and WhatsApp cannot provide the decryption key,” he says.

However, experts do not buy this argument. They believe everything on the Internet is vulnerable. “Anything that uses a phone number is vulnerable,” says Kiran Jonnalagadda, founder of technology platform HasGeek. “Anyone can impersonate the phone number by getting a duplicate SIM and get access to a phone. There are also bugs in the system which security agencies use.”

WhatsApp uses a person’s phone number to open an account and authenticate a user. So, if the government or a security agency wants to get access to a WhatsApp call, it would be very easy. “Telecom companies cannot access these calls as they are encrypted before they reach the network. But the government can. It just has to replicate a SIM to access any number and its messages or voice calls,” says Aravind R.S., a volunteer for Save the Internet campaign and founder of community chat app Belong,

There are other modes of attack as well. It is a given that Android phones, which form the majority of mobile phones used in India today, are most vulnerable to malware attacks. So, even if the app itself is secure, the device is not and if the device is attacked, just about everything in it can be tapped into. For instance, there’s the ‘man in the middle’ mode of attack, where a third person gets into a call and mirrors the messages to both the sides and relays the messages or calls to a different server. There is also the SS7 signalling protocol that can help hackers get into networks and calls. These attacks can make even a WhatsApp encryption vulnerable.

Security agencies and hackers routinely implant viruses into the phones of people they are monitoring. Once a phone is “infected”, everything is accessible. And Android phones are extremely prone to attacks from malware. “It's not perfectly secure, especially if there is any virus in an Android phone, which is what security agencies work with. They have many more ways to get into a phone. There is no defence against that,” says Aravind,

Experts believe it is possible that US intelligence agencies like the FBI and the NSA may have access to or are capable of breaking into even the WhatsApp encryption. This is proven by the recent incident where the FBI, after being refused by Apple to open up an iPhone used by a terrorist, broke into the phone by itself.

“If you are on the NSA list, there is nothing you can do to protect yourself,” says Pranesh Prakash, policy director with the Centre for Internet and Society. “They will find a way to get into your phone. In WhatsApp, many things like photographs and videos are not encrypted; these can get access to a person’s account.”

In India, the debate on access to encrypted phones has been on since the government engaged with Blackberry a few years ago. “There is no law governing an Over The Top (OTT) service like WhatsApp. If the government orders decryption of a call and WhatsApp cannot comply, it will become illegal,” says cyber lawyer Asheeta Regidi. The government’s seeming comfort level with all this legal ambiguity is yet another indicator that all is not what is seems with WhatsApp. As for callers, they would do well to speak discreetly on any network.

For more details visit https://cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic

Tamil Nadu likely to hold Facebook accountable for suicide case

praskrishna — 2016-07-13T13:44:58Z

The recent suicide of a 21-year-old woman from Salem district in Tamil Nadu over her morphed pictures being uploaded on Facebook could turn into a flash-point between the state police and the world's most-popular social networking site.

The article by V. Prem Shanker was published in the Economic Times on July 13, 2016.

"We are exploring the possibility of holding Facebook accountable for the delay in responding to our requests since that was one of the factors which led to the young lady committing suicide," Salem superintendent of police Amit Kumar Singh told ET in an exclusive interaction. On June 23, the Salem police had received a complaint from the father of the 21-year-old stating that someone had uploaded her morphed nude pictures on Facebook. The father had requested the police to get the photographs removed from the site and also find and warn the perpetrator.

The police recorded the complaint the same evening and later sent what is called a 'Law Enforcement Online Request' to Facebook asking for details of the IP address from which the morphed photographs were uploaded on the website. Officials also requested Facebook to take down the objectionable photographs of the young woman.

Five days after the request was sent, Facebook responded with the IP address on June 28 and within 12 hours after that the police cracked the case and nabbed the suspect.

However, all this was a bit too late because the previous day, on June 27, the young woman had ended her life. Her morphed nude photographs were taken down only on the day of her death, according to the police.

"Apart from addressing Facebook, we also investigated the case from other angles but couldn't make headway. Thus, there was nothing we could do about the pictures still being online apart from waiting for Facebook to act," Singh said, adding "enforcement of compliance is a matter of grave concern."

Officials are considering charging Facebook with abetment to suicide and including Facebook in the chargesheet if the site is found culpable after investigations. However, the state police is said to be discussing with legal experts on how this can be done as there is no precedent for a website having been charged in a crime.

Facebook did not reply to an email seeking comment. Earlier in a communique, responding to criticisms of police inaction in this case, Singh had pointed out that "Only Facebook can block a page and it exercises this discretion as per its Facebook Community Standards and not the law of the land it is being viewed in. Facebook does not provide the police with any special powers to take down a page even if the police receive a cognizable complaint of identity theft and uploading of obscene content. There is no tool available, at least as of now, with the police to coerce or goad Facebook to act expeditiously even if the matter is very urgent and there is a flagrant violation of Indian law."

Experts point out that the disparity with which Facebook treats child abuse laws and copyright infringements as opposed to violation of women's rights is stark.

"Look at the war against child pornography. In the United Kingdom there is an independent foundation that has immunity under UK child pornography law. They generate a database and circulate it across all platforms and ensure that it is kept absolutely squeaky clean," points out Sunil Abraham, executive director of Bengaluru based research organisation, Centre for Internet and Society.

"There definitely needs to be a law to ensure that such platforms do not violate the law of the land, especially when it comes to women's rights. But in interim, the government can create an information escrow or a platform where the victims can place on record their problems and it is there for these sites to see and take action," Abraham added.

For more details visit https://cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case

FB & Google have already monopolised Indian cyberspace

praskrishna — 2016-07-08T15:59:46Z

In an interview with Catch, Sunil Abraham, executive director of Center for Internet & Society, puts the recent US-India cyber relationship framework into perspective. Abraham also talks about how Indian surveillance policies are outdated and why the country has failed to check the hegemonic tendencies of companies like Facebook and Google.

The interview was published by Catch News on July 3, 2016.

US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?

In the framework, both sides have made a "commitment to the multi-stakeholder model of Internet governance" - in immediate practical terms that means India will accept the Internet Assigned Numbers Authority (IANA) transition proposed for the Internet Corporation for Assigned Names and Numbers (ICANN). Unfortunately, as my colleague Pranesh Prakash points out "U.S. state control over the core of the internet's domain name system is not being removed by the transition that is currently underway."

India along with Brazil and other emerging powers should have insisted that the question of jurisdiction be addressed before the transition. We must remember, that the multi-stakeholder model is just a fancy name for open and participatory self-regulation by the private sector. While the multi-stakeholder model is useful as a complement to traditional state-led regulation, it cannot be used to protect human rights or ensure the security of a nation state.

[That is precisely why - the very next sentence in the announcement for the the framework for the US-India Cyber Relationship says "a recognition of the leading role for governments in cyber security matters relating to national security". This is because ICANN-style multistakeholderism requires all stakeholders to be on "equal footing" without "distinct roles and responsibilities". In other words, the governments are saying that the multistakeholder model is fine for all Internet Governance areas with the exception of Cyber Security. Given the limits of the multistakeholder model this is indeed the wise thing to do. Since American corporations dominate the Internet, US foreign policy has historically pushed for the multistakeholder model as fig leaf for forbearance and reduced foreign regulatory burden American corporations operating in other jurisdictions. Therefore India must not drink the multistakeholder cool-aid whole sale. It cannot afford a laissez-faire approach where it waits for corporations to self-regulate - it must regulate whenever public interest or human rights are harmed. In other words, it must go beyond the multistakeholder model and produce appropriate regulation where necessary. Needless to add - it must also deregulate in areas where harms don't exist. Apart from this many of the details of the announcement are positive steps that will increase security in India and the USA, and indeed the also across the world.]

What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?

There is some language around Intellectual Property Rights (IPR) that should be examined carefully too. The US corporations benefit from a maximalist IP regime. But Make in India, Digital India and Startup India all depend on flexibilities to the IP regime and therefore India should refuse signing. Trans-Pacific Partnership (TPP) obligations like the "Digital 2 Dozen" which the US is actively proselytizing across the Pacific. If we make that mistake, we will make zero progress in indigenous security research and product development and also many other areas of our economy, health sector and education sector will be severely compromised. Therefore it would be best to keep IP rights expansion and enforcement out of the framework for the US-India Cyber Relationship.

The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?

Privacy and security are two sides of the same coin. You cannot have one without the other. End-to-end encryption is the basis for online privacy. End-to-end encryption is a pre-requisite for many legitimate actions of law abiding citizens online such as commerce, banking, tele-medicine, protection of intellectual property, witness/source protection, client confidentiality etc. Therefore, banning end-to-end encryption would mean the death of individual privacy and national security.

If the government wants to promote cyber security it should promote the use of end-to-end encryption amongst law abiding citizens.

Terrorist have to be stopped through targeted profiling, surveillance and interception. Big data analytics may be useful to watch for patterns in the meta data but there is no replacement for good old fashioned police work.

Once suspects have been identified the encrypted channels can be compromised by:

Placing trojans on the end-user devices
Performing man-in-the-middle attacks and
Using brute force attacks with super computers.

Snowden's revelations have made it very clear that blanket and mass surveillance does not help foil terror attacks or stop organised crime. So far, research and government reports from across the world indicate that only a minority of terrorists use encryption. However, this situation may change.

We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?

We need many different types of encryption policies. We need a policy that mandates encryption and digital signature for all government personnel and also for all government transactions. We need policies that promote research and development in cryptography and mathematics. We need to update our criminal procedure code so that encrypted communications and data can be targeted by law enforcement and used effectively in the criminal justice process.

However, we should not have any broad encryption policy that tries to regulate encryption as a technology. That would be a highly regressive move and will be impossible to enforce. That would breed contempt for rule of law.

Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?

Our surveillance and interception laws are outdated. They need to be modernized to deal with advancements in technology and also global developments when it comes to data protection and privacy law.

In fact, our organisation was part of a global effort called Necessary and Proportionate which identified 13 principles to modernise surveillance which are connected to various aspects such as Legality, Legitimate aim, Competent judicial authority, Integrity of communications and systems and more. Some of these principles may have to be customised for the Indian context. [For example, given the load on courts perhaps India should stay with executive authorization of interceptions and data access requests. However, getting the law correct is only half the job. For the law cannot fix what the technology has broken. Some surveillance projects are well designed. For ex. the NATGRID - from what I understand it is a standard and platform that which will allow 12 security, intelligence and law enforcement agencies to temporarily make unions of sub-sets of 21 data sources. These automated temporary databases will be created under existing data access provisions of the law. I also hope the NATGRID is also using cryptography to ensure the maintenance of a non-repudiable log that will identify all officers involved in authorizing the each request and accessing the resultant data. Unfortunately, other surveillance projects are unmitigated disasters. For example, UID or Aadhaar. Many Indians don't realize that Aadhaar is a surveillance project. Biometrics is just a fancy name for remote, covert and non-consensual identification technology. Using the UID database the government can identify every single Indian without their consent. The so called "consent layer" in the India Stack is being developed by volunteers outside the UIDAI to avoid transparency under the Right to Information Act. Nothing in the current layer of the "consent layer" allows citizens to revoke consent. There is no facility in the UID Act to delete yourself from the database. Identity information aka the UID number and authentication information aka your biometrics for about a billion Indians have been collected and stored in a centralized location. It is as if our parliamentarians have written an open letter to criminals and foreign governments says "here is the information you need to wreck whole sale damage - come and get it". Hopefully the Supreme Court will save us from this impending disaster.]

With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?

I have news for you - they have already monopolised Indian cyberspace. They have completely wiped out competition in certain domains.

One of the many reasons they have done this is because we don't have laws and regulations to temper their hegemonic tendencies. For example, we could use data portability and interoperability mandates for social media to spark competition in markets where there are entrenched monopolies.

Competition law can be used to protect other firms from abuse of market power. Consumer protection law and privacy law could be used to ensure that user's rights are not compromised in the race for market share. In addition, a modern privacy law compliant with the best practices in the European Data Protection Regulation 2016, would allow emerging Indian companies to compete with giants like Facebook and Google on a level playing field. [Speaking of level playing field - only recently has the government introduced the "equalization levy". This was long overdue. Imagine the amount of tax that could have been collected so far and damage that has been done to competition. Regardless the current NDA government deserves our kudos for ensuring that Facebook and Google contribute their fair share of taxes. The new IPR Policy was also an opportunity to address the monopoly of Google and Facebook. There should have been a concerted attempt to use free/open source software, open standard and open content to bolster Indic language technologies. A billion dollars from every spectrum auction should be used to create incentives for Indian private sector, research and academic organisation who can contribute openly to the Indic cyberspace. This is the market where we can still build a highly competitive market. Today, given government inaction - millions of Indians are training Google's language platforms every time they use machine translation or speech to text technologies. This corpus of information will not be available for public interest research. Ideally we should also have Indians contributing to commons-based peer production projects like Wikipedia for their Indic language needs. Unfortunately the government totally missed this opportunity.]

For more details visit https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace

Will Facebook, Twitter relocate servers to India?

praskrishna — 2016-04-23T15:26:39Z

The debate to relocate offshore servers of internet and social media firms including Google, Facebook and Twitter has revived.

The article by Taru Bhatia was published in Governance Now on April 23, 2016. Pranesh Prakash gave inputs.

Home minister Rajnath Singh has requested the social media companies, located outside India, to maintain servers in the country, in order to expedite the process of getting information on accounts which spread mischievous messages posing a threat to law and order situation. The move has come in the backdrop of delayed or no response to the government’s requests to these companies, for extracting information of some of its users on security grounds.

In February, the minister claimed Jamaat-ud-Dawa chief Hafiz Saeed’s involvement in the anti-national slogans that were allegedly raised in the campus of Jawaharlal Nehru University (JNU). The claim was based on a tweet that appeared on a fake twitter account of Saeed (@HafeezSaeedJUD), which was later deactivated by Twitter. But the US-based social media company has still not replied to the Indian government as to who was running the account.

It is interesting to note here that India shares mutual legal assistance treaty with the US, wherein, the duo can share information for the purpose of criminal investigation, via judicial route. The process, however, is lengthy.

“Given the nature of the content, sometimes the government cannot afford to wait. The process of issuing direction to get information or blocking certain content from public view is lengthy. The Indian government under the IT law is empowered to ask these companies to maintain servers in India,” says senior advocate, supreme court, and cyber law expert, Pavan Duggal, terming it as a legitimate concern related to national security. As India is a big market for all these companies, it shouldn’t be a problem for them to have servers in India, he says.

“If the police or security agencies want information from these companies, it becomes tall orders since they are not operating from India. They step back and say they are not accountable,” says Virag Gupta, a senior supreme court lawyer, adding that ministries of telecom and finance must join the home ministry in its request and spearhead the matter.

Gupta has filed a petition in the Delhi high court asking such offshore companies to register themselves under the Indian law. On the other hand, Pranesh Prakash, policy director at center for internet and society (CIS), a non-government research organisation supported by Google, feels that instead of requesting these companies to maintain servers in India, it is best for the government to figure out ways to speed up judicial process of the treaty, when it comes to internet governance.

From July to December 2015, India issued 141 requests to Twitter to retrieve information of its users’ accounts for criminal investigation purpose, as per the company’s transparency report. But the compliance rate was only 42 percent, the report says.

While India seeks information on national security grounds, the law here does not clearly define national security, which is still vast and ambiguous.

“I do believe that there is a need for a much clear definition of national security. If the government really wants to have servers of these companies in India then appropriate guidelines must exist, so that companies should not be taken by surprise,” says Duggal.

Security concerns

Data localisation is witnessing a growing trend among many countries. Last year, Russia enforced law to mandate internet companies to store its citizens’ data within the country. The move is generally taken in fear of losing country’s data to hackers. It also means that it would be easier for the government to get information from these internet companies.

And so protecting data and privacy of individuals within the country is also a matter of concern. Not having a strong data privacy law in place could lead to violation of internet rights of citizens.

“Privacy is a legitimate concern but at the end of the day the government is well empowered in the interest of protecting cyber security under the IT Act. But it is necessary for the government to look at the issue from a holistic perspective. There is a need for balancing privacy and security of an individual on one hand and national security on the other hand,” adds Duggal.

For more details visit https://cis-india.org/internet-governance/news/governance-now-april-23-2016-taru-bhatia-will-facebook-twitter-relocate-servers-to-india