Centre for Internet and Society

India WhatsApp Privacy Fight May Affect Multinationals

praskrishna — 2017-02-02T02:28:23Z

The Indian Supreme Court’s review of Facebook Inc.'s and WhatsApp Inc.'s data security practices may lack teeth but also presages a desire for a stronger privacy regime and oversight of multinationals, internet and privacy specialists told Bloomberg BNA.

The article by Nayanima Basu was published by Bloomberg BNA on February 1, 2017. Pranesh Prakash was quoted.

WhatsApp revised its privacy policy in August 2016 to share data with owner Facebook and allow targeted ads and messages from businesses, laying the groundwork for the free messaging service to monetize such data. But a public interest complaint, akin to a class action in the U.S., filed by two Indian students and regulatory inquiries have resulted in India’s top court asking Facebook and WhatsApp about their data protection practices.

The court’s move Jan. 17 to seek the information may make multinational companies jittery, Rahul Khullar, former secretary of commerce for India’s Ministry of Commerce and Industry, told Bloomberg BNA. Although stronger data privacy enforcement is needed, all the high court has done is aggravate Facebook and other large multinationals, he said.

Facebook is the second largest media company in the world with a $367 billion market capitalization, Bloomberg data show. It acquired WhatsApp in 2014 for approximately $18 billion, data show. Facebook didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.

Khullar, who is also the former chairman of the Telecom Regulatory Authority of India, said multinationals need to be more careful in sharing their data because of the “distinction between digital non-commercial data and digitally sensitive data,” he said. A strong national data privacy law would resolve some of these issues, he said.

An U.S. official based at the U.S. Embassy in New Delhi, speaking on background, told Bloomberg BNA that any maneuver that restricts the free flow of data may harm the operations of U.S.-based multinationals and similar companies.

Clarity, Stronger Laws Needed

Some internet and privacy specialists say that Facebook and WhatsApp failed to provide effective data protection under Indian law.

Pranesh Prakash, policy director at the nonprofit digital technologies advocate Centre for Internet and Society, told Bloomberg BNA that Facebook and WhatsApp are in violation of Section 43A of the Information Technology Act that lays out “reasonable security practices and procedures.”

Indian citizens are reaching out to the courts for data protection enforcement because lawmakers have “failed to do so,” he said. That highlights the need for robust data protection laws in India and, he said, hopefully “goads the government and Parliament into enacting a privacy and data protection law.”

In lieu of further legislative action, companies may be able to resolve some issues by establishing clearer privacy policies, Niraj Gunde, a Mumbai-based attorney and consumer advocate, told Bloomberg BNA. Most software agreements have a clandestine clause that allows companies to access user data, but those agreements should also state how the data will be used, stored and eventually disposed of, he said.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals

For India’s complaints department, visit Facebook Live

praskrishna — 2017-01-25T02:03:03Z

Notebook: Social media cuts through red tape in a country beset by inertia.

The article by Amy Kazmin was published in the Financial Times on January 23, 2017. Sunil Abraham was quoted.

Rarely has a soldier’s lament about bad food received such attention. But Tej Bahadur Yadav, of India’s Border Security Force, made national headlines with Facebook videos complaining about his rations along India’s tense line-of-control with neighbouring Pakistan.

Standing against a landscape of desolate, snow-covered mountains, Mr Yadav bemoaned the fried flatbread and tea that constitutes breakfast, and the watery lentils, seasoned only with salt and turmeric, of his lunch. It was unclear whether his main complaint was about the poor cooking quality or limited food quantity but the video of the offending meals, including a burnt chapati, suggested both.

“I do not want to blame the government,” he said calmly in Hindi. “The government provides everything for us but these higher officers sell everything. Sometimes, we soldiers go hungry.”

Reaction to the videos, which were covered widely by the mainstream media, came fast and furious. The BSF publicly accused Mr Yadav of indiscipline, saying he was a chronic malcontent previously subjected to a court martial for aiming his weapon at a superior. It also noted he was taking voluntary retirement soon.

But many Indians found it easy to believe that their country’s troops are short-changed on food and they rallied to the disgruntled soldier as a courageous whistleblower. Prime Minister Narendra Modi ordered an investigation, and a dietitian was reportedly sent to the border to assess the soldiers’ food.

Analysts pointed out that Mr Yadav’s gripe echoed official critiques of deficiencies in the army’s food procurement. “One can imagine the toil our jawans [junior soldiers] go through while guarding the border in chilling conditions. And the least they can expect is a good meal after long hours of hard duty,” an Indian Express editorial declared.

That a soldier posted in a remote border area could unleash such a kerfuffle via a video highlights how Indians armed with mobile phones are taking to social media to hold to account the traditionally non-responsive political and bureaucratic establishment.

Smartphones make up nearly 30 per cent of phones in use in India and that number is rising fast, according to the Asian research group CLSA. Sushma Swaraj, India’s foreign minister, has garnered attention for her rapid responses to individual Twitter pleas for help — whether from Indians in trouble abroad or those struggling to renew a passport or secure a visa for a visitor.

Now other ministers and government agencies, including local police forces, have begun to respond personally to pleas for help and public complaints on Twitter. It’s a big change from a time I recall well, when Indians tangled in red tape had no option but to find those with connections to try to influence, or prod, the seemingly impenetrable bureaucracy.

“Bureaucrats and politicians are now active and available on social media — ordinary citizens tweet politicians and there is a spectacle of immediate redress of complaints,” Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, told me. When New Delhi’s police department set up an office to receive complaints against corrupt officers, for example, many citizens provided audio or visual recordings of the alleged wrongdoing. It’s only a matter of time before such footage finds its way to social media — or beyond. Ironically, those whose plights gain traction on social media, and are then amplified by mainstream media, are sometimes low-ranking civil servants harassed by their superiors.

This week brought news of a female railway clerk punished for dereliction of duty after she refused to sing “one particular” duet with her senior manager at his farewell party. A friend who works for a major western social media platform here in India (who ironically can’t be identified as he wasn’t authorised to speak to me), tells me that “the power structures that governed who used to be heard and who wouldn’t be heard have changed”. As technology spreads further and deeper in India, we can expect that noise to amplify.

For more details visit https://cis-india.org/internet-governance/news/financial-times-amy-kazmin-january-23-2017-for-indias-complaints-department-visit-facebook-live

Supreme Court issues notice to WhatsApp, Centre on data privacy

praskrishna — 2017-01-17T15:06:08Z

Analysts said India lacked data protection laws.

The article by MJ Antony, Ayan Pramanik and Apurva Venkat was published in the Business Standard on January 17, 2017. Sunil Abraham was quoted.

The Supreme Court on Monday issued notices to the Centre and WhatsApp over an appeal alleging the instant messaging service did not ensure the privacy of its users and seeking regulations to protect personal information.

Chief Justice J S Khehar granted urgent hearing when Harish Salve, counsel for the petitioner, submitted that the service provided free by the platform to 155 million subscribers violated constitutional provisions protecting privacy.

The government and WhatsApp would file their replies within two weeks, the court directed after Salve sought its intervention to protect consumer data till India enacted data protection laws.

The Supreme Court heard the petition after the Delhi High Court in September directed WhatsApp not to share its users’ data with its parent Facebook and asked it to provide users with the option to opt out. The court was hearing a public interest litigation over a change in WhatsApp’s user policies that explicitly allowed Facebook to access to WhatsApp users’ data.

A Facebook spokesperson said the company could not comment immediately.

Analysts said India lacked data protection laws that prohibit global Internet firms from harvesting user data for their business. “We used to think that we had some privacy jurisprudence in the country. If you asked a lawyer 1.5 years ago, he would say privacy in India was a constitutionally guaranteed right,” said Sunil Abraham, director of the Centre for Internet Society. “It is not explicitly referenced into the law.”

Saroj Kumar Jha, partner, SRGR Law Offices, said, “Along with the lack of policies and laws, there are very few judgments on privacy issues based on constitutional rights. Thus, it makes it very difficult to judge a case.”

Salve argued that till the government enacted legislation to protect user data, the court should provide protection. The Telecom Regulatory Authority of India should introduce a clause in telecom licences that if calls were intercepted the licence would be cancelled, he said.

The court sought the assistance of Attorney-General Mukul Rohatgi to sort out the issues.

Rohatgi, while arguing an earlier case related to alleged violation of privacy, had taken the stand that the Constitution did not protect the right to privacy. According to him, neither the fundamental rights nor Supreme Court judgments recognises a citizen’s right to privacy. The bench hearing that case referred the question to a constitution bench last year.

For more details visit https://cis-india.org/internet-governance/news/business-standard-mj-antony-ayan-pramanik-apurva-venkat-supreme-court-issues-notice-to-whatsapp-centre-on-data-privacy

Social Media Monitoring

amber — 2017-01-16T14:23:13Z

We see a trend of social media and communication monitoring and surveillance initiatives in India which have the potential to create a chilling effect on free speech online and raises question about the privacy of individuals. In this paper, Amber Sinha looks at social media monitoring as a tool for surveillance, the current state of social media surveillance in India, and evaluate how the existing regulatory framework in India may deal with such practices in future.

Social Media Monitoring: Download (PDF)

Introduction

In 2014, the Government of India launched the much lauded and popular citizen outreach website called MyGov.in. A press release by the government announced that they had roped in global consulting firm PwC to assist in the data mining exercise to process and filter key points emerging from debates on Mygov.in. While this was a welcome move, the release also mentioned that the government intended to monitor social media sites in order to gauge popular opinion. Further, earlier this year, the government set up National Media Analytics Centre (NMAC) to monitor blogs, media channels, news outlets and social media platforms. The tracking software used by NMAC will generate tags to classify post and comments on social media into negative, positive and neutral categories, paying special attention to “belligerent” comments, and also look at the past patterns of posts. A project called NETRA has already been reported in the media a few years back which would intercept and analyse internet traffic using pre-defined filters. Alongside, we see other initiatives which intend to use social media data for predictive policing purposes such as CCTNS and Social Media Labs.

Thus, we see a trend of social media and communication monitoring and surveillance initiatives announced by the government which have the potential to create a chilling effect on free speech online and raises question about the privacy of individuals. Various commentators have raised concerns about the legal validity of such programmes and whether they were in violation of the fundamental rights to privacy and free expression, and the existing surveillance laws in India. The lack of legislation governing these programmes often translates into an absence of transparency and due procedure. Further, a lot of personal communication now exists in the public domain which renders traditional principles which govern interception and monitoring of personal communications futile. In the last few years, the blogosphere and social media websites in India have also changed and become platforms for more dissemination of political content, often also accompanied by significant vitriol, ‘trolling’ and abuse. Thus, we see greater policing of public or semi-public spaces online. In this paper, we look at social media monitoring as a tool for surveillance, the current state of social media surveillance in India and evaluate how the existing regulatory framework in India may deal with such practices in future.

For more details visit https://cis-india.org/internet-governance/blog/social-media-monitoring

India’s ruling party takes online abuse to a professional level

praskrishna — 2016-12-31T02:19:14Z

Indian prime minister Narendra Modi’s Bharatiya Janata Party (BJP) employs an army of trolls to harass and intimidate critics through social media, a new book claims.

The article by Samanth Subramanian was published in the National on December 31, 2016. Pranesh Prakash was quoted.

I Am a Troll: Inside the Secret World of the BJP’s Digital Army, by the journalist Swati Chaturvedi, alleges that the party’s social media warriors carry out organised harassment, threatening critics of the BJP with assault, sexual violence and even murder.

Although other parties also have social media units, the BJP’s is particularly well organised and vociferous, Chaturvedi wrote.

The BJP social media cell is active on Twitter and Facebook, as well as in the comments sections of articles on news websites, Chaturvedi found. Some of the abusive PRO-BJP Twitter handles are still followed by Mr Modi’s official Twitter account.

I Am a Troll is based largely upon the account of Sadhavi Khosla, now an activist but formerly a volunteer for two years in the BJP’s social media cell, which went into top gear during the parliamentary elections in 2014 when Mr Modi beat the incumbent Congress party led by Sonia Gandhi and her son Rahul.

Mr Modi campaigned on a platform of fervent nationalism, drawing upon the BJP’s Hindu chauvinist credentials to attract votes. His party’s social media cell responded accordingly.

"It was a never-ending drip feed of hate and bigotry against the minorities, the Gandhi family, journalists on the hit list, liberals, anyone perceived as anti-Modi," Ms Khosla told Chaturvedi.

The BJP has responded to the claims made in the book by accusing Ms Khosla of political bias, saying she "supports the Congress [and] has all reasons to publish unsubstantiated claims". -In fact, she has never revealed her own political leanings, or even whether she has any.

Arvind Gupta, the head of the BJP’s information technology cell, denies the party encouraged trolling or that Ms Khosla had been a member of any BJP unit.

By way of evidence, Ms Khosla shared with Chaturvedi screenshots of instructions that were purportedly sent by Mr Gupta to the operators of the social media cell. "If there was even an unfavourable mention of [Modi] anywhere, Gupta’s digital tracking tools would pick it up and the pack of hyena-like trolls would descend," Ms Khosla said.

One specific campaign cited in I Am a Troll took place in November last year, after the actor Aamir Khan, speaking as the chief guest at a journalism awards ceremony, remarked upon the growing intolerance in India. "There is a growing sense of disquiet and despondency," he said.

Ms Khosla said the BJP’s social media cell was instructed to launch an all-out attack on Khan. She and her colleagues were also asked to spread a petition calling upon SnapDeal, a shopping website, to drop Khan as its brand ambassador.

"I realised that my hero had become a ‘Muslim’," Ms Khosla said in the book. "For me he had just been an Indian actor. I felt like my country was changing."

SnapDeal cut its ties with Khan in February. Ms Khosla, who said she had been growing increasingly uncomfortable with the social media cell’s tactics, quit not long after.

"I simply could not follow directions anymore when I saw rape threats made against female journalists," she said. "Every day some new person was a target and they would attack like a swarm of bees with vile sexual innuendoes, slander, rape and death threats."

Chaturvedi’s book calls for social media companies and police agencies to take such threats more seriously.

"In the United States, which is a beacon for free speech laws, thousands are arrested each year — and the courts uphold these allegations as ‘actionable’ — based on complaints from people who have received violent threats on social media," she wrote.

"Hate speech, targeted harassment, threats of rape with graphic details of assault, incitement to violence — all this is ‘actionable’ too but our police does not act."

Pranesh Prakash, the policy director at the Centre for internet and Society, a Bengaluru-based non-profit organisation, noted that although there are no Indian laws specifically against abusive online behaviour, the general laws that deal with verbal assault cover online cases as well.

"But I’m not sure how much these cases can be taken forward, given jurisdictional problems," Mr Prakash told The National.

When a person complains to police about online abuse, "the first step would be to establish against whom the case is being made, and doing that is difficult", he said.

Since most social media companies are based in the US, police agencies would have to approach India’s foreign ministry which could then invoke a bilateral treaty to gain this information.

"This can take several months if not longer," Mr Prakash said. "And most police stations are not equipped to handle such treaty-based cases."

"Even if the police takes such complaints seriously — and it’s not always clear that they do — there’s no easy way to proceed."

For more details visit https://cis-india.org/internet-governance/news/the-national-december-31-2016-samanth-subramanian-indias-ruling-party-takes-online-abuse-to-a-professional-level

The Curious Case of Poor Security in the Indian Twitterverse

udbhav — 2016-12-17T00:28:05Z

What are the technical, legal and jurisdictional issues around the recent Twitter and email hacks claimed by the ‘Legion Crew’, and what can targeted entities do to better protect themselves?

The article was originally published in the Wire on December 15, 2016.

The term legion, an oft-referred identity in popular culture, has begun to attain recent notoriety in Indian cyberspace due to the spate of hacks being carried out by a group of hackers calling themselves ‘Legion Crew’. The group has compromised four Twitter and/or email accounts in the past two weeks, with confirmed hacks of Rahul Gandhi, Vijay Mallya, Barkha Dutt and Ravish Kumar. Lalit Modi, Apollo Hospitals and the parliament (sansad) have been singled out as future targets, with dire warnings of catastrophic data leaks if the group were to be investigated by the authorities. The ethical impression of the hacks have been divided, with some segments of the public supporting the supposedly hacktivist outlook of the group while others condemning their actions as reckless and invasive. In the meantime, no individuals or entities have been accused of the hacks by the police, with most reports claiming the foreign origin of the hacks being the biggest impediment to the investigations.

A technical and legal perspective

The hacks first began against the politician Gandhi, whose Twitter account was hacked almost two weeks ago, with various demeaning tweets being posted for a few hours before access to the account was restored to the rightful owner. The same hacks were then carried out on business tycoon Mallya’s Twitter account last Friday but this time around, his bank details (apparently obtained from his compromised email accounts) were also leaked to the public via Twitter. Similar hacks targeting both the Twitter and email accounts of Dutt and Kumar were also carried out the past weekend. Sensitive details and data dumps (around 1.5 GB in size) of the journalists were released to the public, along with escalating warnings about future attacks. The data dumps released by the hackers seemed to be indicative that the hackers obtained far more information than they had disclosed via the Twitter hacks and were willing to leverage this data as ransom. Twitter, via both their Indian policy representatives and their international office, has denied any compromise to their systems and has claimed that all accounts were legitimately accessed with valid credentials at the time of the hacks. This leads to three main questions: How were the Twitter and email accounts hacked? What is the recourse, especially in terms of investigation, available to the afflicted parties and the authorities? What can potential targets do to secure their online presence from such attacks?

Regarding their technical nature, all of these hacks were sustained compromises that lasted for a few hours each (a long time in cyberspace) and seemed to be reflective of only a fragment of the power the hackers held over the individual’s online presence. Considering Twitter’s denial that the attacks were due to a security flaw on their end as well as the fact that legitimate login details were used to gain access to the accounts, a rather simple investigation can show that the most likely attack vector used by the Legion Crew for these hacks was a DNS Hijacking attack in combination with a Man in the Middle (MITM) attack. These methods abuse the rather simple and (by default) insecure DNS system that is responsible for directing the world’s Internet traffic including email. While the use of DNS to map websites to the IP address of the systems where they are physically hosted (for instance, www.thewire.in maps to 52.76.81.135 at the time of writing this article) is fairly well known, the DNS system also directs most of the world’s email. Similar to DNS A and AAA name records regarding websites, DNS MX records direct email sent to domain names to the correct email servers where they are processed for storage or forwarding, as required. If these MX records are compromised, then hackers can easily redirect emails sent to legitimate email address of the domain name (for instance, xyz@thewire.in) to whatever system they want, including other compromised email addresses.

The original operator of the email account is unaware of any email that is redirected in such a way and has no way of knowing the account has been hacked until they notice they are not consistently receiving emails sent to them, which in well planned hacks can be as for many weeks or even months. These attacks can also be further augmented if the hackers also decide to implement an MITM. In an MITM attack, hackers can redirect all traffic attempting to reach an email account via the MX records to a system they operate by changing the MX records on the domain name server to a malicious system. They can access and store all these emails (along with attachments) via the malicious system and also manipulate the information contained in these emails. Then, either in bulk or selectively, they can re-send the emails to the original email accounts they were intended for from their own servers. The owner will then receive the emails in their inboxes with the apparent impression they are private and being received for the first time. This entire MITM process can be setup in a manner that the emails are rerouted to compromised servers by MX records changes, stored for future analysis and then forwarded to the original recipient account in a matter of seconds.

Given the reliance placed by most websites on email IDs being a primary form of identity authentication, compromising an email ID can give access to most of the social networking, entertainment and even banking websites’ login details of the owner to any individual who has the login details of the account. This is because of the password reset or forgotten password feature available in most services that use only email IDs by default as a form of authenticating account ownership and allowing the user to reset their passwords by setting a reset email to their registered email accounts. Once they gain access to the compromised accounts, hackers can perform these resets with impunity, granting them unrestricted access to the online presence of the owner. In fact, hackers can use these attacks to perform password resets on the email accounts themselves, allowing them unlimited access to past conversation, records and login details that may be stored in the email accounts.

Keeping this background in mind, the most likely methodology behind the hacks is quite simple to explain. The Legion Crew most likely first compromised the email systems of these celebrities by changing the DNS MX records of the email IDs which were registered with Twitter as login IDs for these accounts. This allowed them to redirect emails sent to these email IDs to an alternative system of their choosing. They then used the password reset feature of Twitter, which is similar to those provided by most social networking services, to reset the password of these accounts. However, due to the compromise of the MX records of the domain names used by these celebrities, instead of reaching the inboxes of the entities operating the accounts, the password reset emails were sent to the alternative systems set up by the hackers solely for receiving such emails. After receiving this email, it was a simple matter of resetting the account credentials by clicking on the password reset link on the email and changing the passwords of these accounts to unique passwords only known to the hackers.

The hackers then would (and did) have complete control of the account until the service provider itself intervened and provided an emergency reset along with recommending rectifying the MX records from the malicious one’s inserted by the hackers. The only question left to be answered in the methodology followed by the hackers is how they gained access to the MX records, as DNS records can only be changed using the dashboard of the domain name provider, which in turn is protected by a login password. Allegations have arisen that most (if not all) of the compromised accounts used ‘Net4india’ as their domain name provider. Therefore, it is very possible either that it is a vulnerability on the Net4india systems, an internal compromise of the personnel Net4india and so on leading to access detail to domain name accounts from being compromised. Such security and personnel breaches could have been responsible for providing access to the domain name management dashboard of the hacked celebrities email IDs, after which the attack would have followed the methodology described above by changing the MX records to a malicious system.

Jurisdictional issues

The legal avenues available to the affected parties are fairly clear within the Information Technology Act, 2000 and the Indian Penal Code, 1862. Section 66 and Section 66C of the IT Act, which govern hacking and misuse of passwords respectively, would apply along with possible application of the provisions concerning mischief (Section 425), cheating (Section 420) and extortion (Section 383) of the IPC. However, recent investigations have already begun to show that the various jurisdictional symptoms that plague cybercrimes investigations are also hindering investigations for these hacks. The global nature of the internet ensures that the operating servers, attackers, compromised users and unwitting intermediaries are more often than not all located in different jurisdictions, each with their own set of protections, vulnerabilities and laws. For example, investigations by the Delhi police into IP addresses that accessed Gandhi’s Twitter account during the hack have shown that in the period of few hours the account was accessed from the US, Sweden, Canada, Thailand and Romania. Of course, given the pervasive availability of IP spoofing tools, none of these countries is indicative of the actual location of the hacker. Gaining information from these different servers, in order to trace a route of the hacker’s digital geographical journey, is a bureaucratic and legal nightmare with long delays, unanswered Mutual Legal Assistance Treaty requests and unresponsive service providers being the norm. Like in most cybercrime investigation, if the hackers take certain basic steps to mask their identities and geographical location, their odds being caught by traditional law enforcement are negligible. Investigations that have successfully managed to catch such hacker groups, such as the Project Safe Childhood by the FBI against child pornography on the Tor web, take millions of dollars, months of efforts and a high level of skill. Whether these Twitter hacks will generate the sustained, multijurisdictional effort across law enforcement agencies in India required to catch such crimes remains to be seen. Until then, the questions of attribution, liability and justice will remain unanswered like in a majority of large scale cyber hacks.

Possible measures

Given that various other targets have already been singled out by the hacker group, the need for vigilance and improved security is greater than ever. One basic measure, easily available within Twitter and most other services, that should be carried out is enabling two factor authentication (2FA) on both email and social media accounts. 2FA ensures that the user has to input a One Time Password (OTP) generated on a separate device (such as a mobile phone) at the time of logging in or resetting the password for the account. This would mean that even if the hackers obtain the password or compromise the emails being sent to an account, they will be unable to login into an account without also being in physical possession of the device with the OTP generation application. If this option, which is already available within Twitter, was enabled for the four accounts that were hacked, for example, they would have remained protected despite the email account compromise. Further, domain name service providers should also implement Domain Name System Security Extensions and Domain Keys Identified Mail to prevent DNS and email hijacking, as was carried out on Net4India servers in these Twitter attacks. Using HTTPS on all pages on websites will also go a long way in preventing spoofing and securing user information in transit. Finally, nothing can replace customer education and awareness as the most effective tool to combat the growing cyber threats faced by the average netizen. The weakest link in a digital system is often the end user. A core set of security measures that can be percolated into common practice will serve as the first and best line of defence against such attacks in the future, for both the common man and celebrities alike.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-udbhav-tiwari-december-15-2016-curious-case-of-poor-security-in-indian-twitterverse

ISIS and Recruitment using Social Media – Roundtable Report

Vidushi Marda, Aditya Tejus, Megha Nambiar and Japreet Grewal — 2016-12-16T02:19:16Z

The Centre for Internet and Society in collaboration with the Takshashila Institution held a roundtable discussion on “ISIS and Recruitment using Social Media” on 1 September 2016 from 5.00 p.m. to 7.30 p.m. at TERI in Bengaluru.

The objective of this roundtable was to explore the recruitment process and methods followed by ISIS on social media platforms like Facebook and Twitter and to understand the difficulties faced by law enforcement agencies and platforms in countering the problem while understanding existing counter measures, with a focus on the Indian experience.

Reviewing Existing Literature

To provide context to the discussion, a few key pieces of existing literature on online extremism were highlighted. Discussing Charlie Winter’s “Documenting the Virtual Caliphate”, a participant outlined the multiple stages of the radicalisation process that begins with a person being exposed to general ISIS releases, entering an online filter bubble of like minded people, initial contact, followed by persuasion by the contact person to isolate the potential recruit from his/her family and friends. This culminates with the assignment of an ISIS task to such person. The takeaway from the paper, was the colossal scale of information and events put out by ISIS on the social media. It was pointed out that contrary to popular belief, ISIS publishes content under six broad themes: mercy, belonging, brutality, victimhood, war and utopia, least of which falls under the category of brutality which in fact garners the most attention worldwide. It was further elaborated that ISIS employs positive imagery in the form of nature and landscapes, and appeals to the civilian life within its borders. This strategy is that of prioritising quantity, quality, adaptability and differentiation while producing media. This strategy of producing media that is precise, adaptable and effective, according to the author, must be emulated by Governments in their counter measures, although there is no universal counter narrative that is effective. This effort, he stressed cannot be exclusively state-driven.

JM Berger’s “Making Countering Violent Extremism Work” was also discussed. Here, a slightly different model of radicalisation has been identified with potential recruits going through 4 stages: the first being that of Curiosity where there is exposure to violent extremist ideology, the second stage is Consideration where the potential recruit evaluates the ideology, the third being Identification where the individual begins to self identify with extremist ideology, and the last being that of Self-Critique which is revisited periodically. According to Berger, law enforcement need only be involved in the third stage identified in this taxonomy, through situational awareness programs and investigations. This paper stated that counter-messaging policies need not mimic the ISIS pattern of slick messaging. A data-driven study had found that suspending and suppressing the reach of violent extremist accounts and individuals on online platform was effective in reducing the reach of these ideologies, though not universally so. It also found that generic counter strategies used in the US was more efficient than targeted strategies followed in Europe.

Lack of Co-ordination, Fragmentation between the States and Centre

Speaking of the Indian scenario in particular, another participant brought to light the lack of co-ordination and consensus between the State and Central Governments and law enforcement agencies with respect to countering violent extremism with leads to a breakage in the chain of action. Another participant added that the underestimation of the problem at the state level coupled with the theoretical and abstract nature of work done at the Centre is another pitfall. While the fragmentation of agencies was stated to be ineffective, bringing them under the purview of a single agency was also proposed as an ineffective measure. It was instead suggested that a neutral policy body, and not an implementing body, should coordinate the efforts of the multiple groups involved.

Unreliable Intelligence Infrastructure

It was pointed out that countries are presently underequipped due to the lack of intelligence infrastructure and technical expertise. This was primarily because agencies in India tend to use off-the shelf hardware and software produced by foreign companies, and such heavy dependence on unreliable parts will necessarily be detrimental to building reliable security infrastructure. Emphasis was laid on the significance of collaboration and open-source intelligence in countering online radicalisation. An appeal was made to inculcate a higher IT proficiency, indigenous production of resources, funding, collaboration, integration of lower level agencies and more research to be produced in this regard.

Proactive Counter Narratives

The importance of proactive counter-narratives to extremist content was stressed on, with the possibility of generating inputs from government agencies and private bodies backing the government being discussed. Another solution identified was the creation and internal circulation of a clear strategy to counter the ISIS narrative and the public dissemination of research on online radicalization in the Indian context.

Policies of Social Media Platforms

The conversation moved towards understanding policies of social media. One participant shed light on a popular platform’s strategies against extremism, wherein it was pointed out that the site’s tolerance policy extends not only to directly extremist content but also content created by people who support violent extremism .The involvement of the platform with several countries and platforms in order to create anti-extremist messaging and its intention to expand these initiatives was in furtherance of its philosophy to prevent any celebration of violence. The participant further explained that research shows that anti-extremist content that made use of humour and a lighter tone was more effective than media which relied on gravitas.

Having identified the existing literature and current challenges, the roundtable concluded with suggestions for further areas of research:

Understanding the use of encrypted messaging services like Whatsapp and Telegram for extremism, and an analysis of these platforms in the Indian context. A deeper understanding of these services is essential to gauge the dimensions of the problem and identify counter measures.
A lexical analysis of Indian social media accounts to identify ISIS supporters and group them into meta-communities, similar to research done by the RAND Corporation
Collation of ISIS media packages was also flagged off as an important measure in order to have a dossier to present to the government. This would help policymakers gain context around the issue, and also help them understand the scale of the problem.

For more details visit https://cis-india.org/internet-governance/blog/isis-and-recruitment-using-social-media-2013-roundtable-report

Caught in a filter bubble

praskrishna — 2016-11-24T01:45:35Z

The country seems to be polarised over demonetisation and its after-effects. And more likely than not, you’ve had plenty of news stories to read that corroborate what you believe, regardless of whether you think the scrapping of the Rs 500 and Rs 1,000 notes was an ingenious plan or not, especially if you get most of your news on social media.

The article by Chetana Divya Vasudev was published by Deccan Herald on November 22, 2016. Rohini Lakshané was quoted.

However, does the news you’re consuming give you a clear picture of everything going on around you or is it merely helping you live in your own bubble? This has become a hot topic of discussions post the US Presidential elections, with Facebook also coming under fire for it.

Social media sites in particular and the internet in general have been serving people stories that put forth points of view they largely agree with. “This is a phenomenon called the social media filter bubble,” says Rohini Lakshane, programme officer, Centre for Internet and Society. This means that because most people in your network think like you, what you read mostly concurs with your opinions, reinforces your bias, reducing your chances of coming across opposing viewpoints, she explains. “It’s all-pervasive, Twitter also tailors your feeds and the ‘while you were away’ section, unless you uncheck it in your settings,” she says. Using incognito mode for Google searches and clearing cookies are a couple of other steps you could take to check this filter bubble, she adds.

“As someone into policy research, I can’t let my personal prejudices affect what I read or understand,” she offers. “So I also ensure I constantly interact with people from different walks of life.” Keeping an open mind to multiple perspectives could help people remain more informed, she suggests.

Entrepreneur Devashish Mamgain says he makes a conscious effort to search for stories he knows he wouldn’t agree with. “I do this because I’m already up to date with what I like or support, and I think it’s important to know the other side as well,” he says. He doesn’t rely on social media for his news but knows many who do and thinks it limits their knowledge.

Savitha A Isaac, a content writer, says she unsubscribes to newsfeeds on Facebook she doesn’t want to read. “I get annoyed when it shows up what’s trending — videos and memes that are going viral. I feel most of this is US-centric; almost like it’s telling us we have to care about what’s happening there. My husband and I have noticed that Google keeps tabs on what you’re searching for and comes up with suggestions,” she says. This is also true of Facebook.

“I usually read a lot of investigative and feminist stories from certain sites. And when such links pop up as suggestions on your wall — or is reflected in the adds you see — it feels really nice. But it also feels wrong,” she says. “It’s creepy, almost as if someone’s stalking you.”

Uroosa Ayman Fathima, her colleague, believes most content on social media is not accurate. “I only click on a link if it’s that of a news website I trust to be at least 80 per cent accurate,” she says. And she verifies what catches her interest with news in the print media, a more credible source, she believes.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-november-22-2016-chetana-divya-vasudev-caught-in-a-filter-bubble

How The U.K. Got A Better Deal From Facebook Than India Did

praskrishna — 2016-11-18T01:56:49Z

The U.K.’s Information Commissioner’s Office (ICO) and India’s Karmanya Sareen shared a similar concern – how messenger application WhatsApp’s decision to share user data with parent Facebook is a violation of the promise of privacy.

The blog post by Payaswini Upadhyay was published in Bloomberg Quint on November 17, 2016. Sunil Abraham was quoted.

Last week, Facebook agreed to address the concerns of the ICO; in India, it didn’t have to.

WhatsApp: New Privacy Policy

In August 2016, WhatsApp issued a revised privacy policy that allowed it to share user information with parent company Facebook. Any user who didn’t want her information to be shared with Facebook had a 30-day period to opt out of the policy. Opting out meant that a user’s account information would not be shared with Facebook to improve ads and product experiences. But, there was a caveat.

The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities.
WhatsApp Support Team statement on its website

Facebook’s Commitment To ICO

The ICO decided to delve deeper into what Facebook intended to do with the WhatsApp user data. Elizabeth Denham, Information Commissioner, ICO stated in her blog that users haven’t been given enough information about what Facebook plans to do with the information, and WhatsApp hasn’t got valid consent from users to share the information.

I also believe users should be given ongoing control over how their information is used, not just a 30-day window.
Elizabeth Denham, Information Commissioner, ICO

Denham further elaborated ICO’s stand - that it’s important users have control over their personal information, even if services don’t charge them a fee.

We’ve set out the law clearly to Facebook, and we’re pleased that they’ve agreed to pause using data from U.K. WhatsApp users for advertisements or product improvement purposes.
Elizabeth Denham, Information Commissioner, ICO

The ICO has now asked Facebook and WhatsApp to sign an undertaking committing to better explaining to users how their data will be used, and to giving users ongoing control over that information. Additionally, the ICO also wants WhatsApp to give users an unambiguous choice before Facebook starts using that information and for them to be given the opportunity to change that decision at any point in the future. Facebook and WhatsApp are yet to agree to this, Denham stated.

If Facebook starts using the data without valid consent, it may face enforcement action from my office.
Elizabeth Denham, Information Commissioner, ICO

In the U.K., protections in the European Data Protection Directive have been incorporated into local law via the Data Protection Act 1998. The ICO is both the privacy regulator and the transparency (right to information) regulator, Sunil Abraham, executive director at the Centre for Internet and Society pointed out. The regulator can issue enforcement notices and also fine errant actors in the market place, he said.

This is a regulator with expertise, experience and teeth. Come May 25, 2018, the General Data Protection Regulation will come into force and this will give more comprehensive powers to the regulator to investigate and remedy cases like this. The regulator will take each principle from the Directive or Regulation and examine Facebook’s actions comprehensively before deciding on a response.
Sunil Abraham, Executive Director, Centre for Internet and Society

For example, if the regulator determines that the principle of choice and consent has not been complied with, it can force Facebook to reverse its decisions and provide greater transparency and clearer choices, Abraham added.

Karmanya Sareen’s Grievance

Back home in India, just two months ago, Karmanya Sareen, a WhatsApp user, argued before the Delhi High Court against the company’s new privacy policy. The argument was that WhatsApp’s August 2016 notice to its users about the proposed change in the privacy policy violated the fundamental rights of users under Article 21 of the Constitution. Article 21 promises protection of life and personal liberty.

Proposed change in the privacy policy of WhatsApp would result in altering/changing the most valuable, basic and essential feature of WhatsApp i.e. the complete protection provided to the privacy of details and data of its users.
Karmanya Sareen vs Union of India

The Delhi High Court struck down the Article 21 argument saying that the Supreme Court was still deliberating over including right to privacy as a fundamental right. It also pointed to WhatsApp’s 2012 Privacy Policy that allowed the company to transfer user information in case of an acquisition or merger with a third party. The 2012 policy also allowed WhatsApp to change the terms periodically.

Consequently, the Delhi High Court held that it is not open to the users now to contend that WhatsApp should be compelled to continue the same terms of service. However, the court gave WhatsApp two directions to protect users.

WhatsApp to delete from its servers and not share with Facebook or its group companies any information belonging to users who delete their account.

Users who continue to be on WhatsApp, their existing information up to September 25, 2016 cannot be shared with Facebook or any of its group companies.

Did The Delhi High Court Go Easy On Facebook And WhatsApp?

Apar Gupta, an advocate specializing in information technology, points out that the directions given by the Delhi High Court to WhatsApp did not contemplate any additional protection to a user than what was already provided by WhatsApp.

The Delhi Court essentially reproduced WhatsApp’s privacy policy. It did not compel or provide any additional safeguard.
Apar Gupta, Lawyer

Apar attributes this to the absence of a regulatory framework.

The lack of substantive safeguard and enforcement framework in India led to the Delhi High Court upholding WhatsApp’s new privacy policy.
Apar Gupta, Lawyer

Abraham added that the court did not examine the privacy policy from the perspective of data protection principles as would have been the case in EU or any other jurisdictions with a proper data protection law.

The court too admitted this in its order that there existed a regulatory vacuum in India and asked TRAI to look into the matter. Facebook did not respond to BloombergQuint’s query on whether it would implement its U.K. commitments in India as well.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-november-17-2016-payaswini-upadhyay-how-the-uk-got-a-better-deal-from-facebook-than-india-did

Google, Facebook will not place ads on sites distributing fake news

praskrishna — 2016-11-15T13:59:40Z

Google plans to update its AdSense program policies to prevent placement of its ads on sites distributing fake news.

The article by John Riberio originally published by IDG News Service was mirrored on CIO on November 14, 2016. Pranesh Prakash was quoted.

Facebook also said Monday it had updated the policy for its Audience Network, which places ads on websites and mobile apps, to explicitly clarify that it applies to fake news.

“In accordance with the Audience Network Policy, we do not integrate or display ads in apps or sites containing content that is illegal, misleading or deceptive, which includes fake news,” Facebook said in a statement. The company said its team will continue to closely vet all prospective publishers and monitor existing ones to ensure compliance.

False news stories have become a sore point after the U.S. presidential elections with critics blaming internet companies like Twitter and Facebook for having had an influence on the outcome of the elections as a result of the fake content.

The controversy also reflects concerns about the growing power of social networks to influence people and events, as well as help people to communicate and organize. Facebook promotes democracy by letting candidates communicate directly with people, Facebook CEO Mark Zuckerberg said recently in an interview.

Google had its own embarrassing moments on Sunday with a false story that claimed that President-elect Donald Trump had won the popular vote in the U.S. presidential elections figuring atop some Google search results. Trump’s Democratic rival Hillary Clinton is leading in the popular vote.

“We've been working on an update to our publisher policies and will start prohibiting Google ads from being placed on misrepresentative content, just as we disallow misrepresentation in our ads policies,” Google said Monday in a statement. “Moving forward, we will restrict ad serving on pages that misrepresent, misstate, or conceal information about the publisher, the publisher's content, or the primary purpose of the web property.”

Google evidently expects that the threat of a cut in revenue from ads will dissuade sites from publishing fake content.

Zuckerberg has described as “crazy” the criticism that fake news on Facebook's news feed had influenced the vote in favor of Trump. “Of all the content on Facebook, more than 99% of what people see is authentic. Only a very small amount is fake news and hoaxes,” Zuckerberg said in a post over the weekend. The hoaxes are not limited to one partisan view, or even to politics, he added.

Identifying the "truth" is complicated, as while some hoaxes can be clearly identified, a greater amount of content, including from mainstream sources, often gets the basic idea right but some details wrong or omitted, or expresses a view that some people will disagree with and flag as incorrect even when it is factual, Zuckerberg wrote.

There are concerns that the monitoring of sites for fake news and the penalties could give internet companies more power. "We have to be wary of Facebook and Google being allowed to decide what's 'fake' and what's 'true' news. That only increases their power," said Pranesh Prakash, policy director at the Centre for Internet & Society in Bangalore.

For more details visit https://cis-india.org/internet-governance/news/cio-november-14-2016-john-riberio-google-facebook-will-not-place-ads-on-sites-distributing-fake-news

Behind Modi’s Heartwarming Diwali Ad for Soldiers, An App That’s Primed for Political Messaging

praskrishna — 2016-10-30T07:33:57Z

The campaign, which allows users to send Modi quotes on themes like Ayodhya and the perfidy of the Opposition, raises questions about the boundaries between government, party and personal promotion.

The article by Sangeeta Barooah Pisharoty was published in the Wire on October 29, 2016. Sunil Abraham was quoted.

On October 22, Prime Minister Narendra Modi launched a public campaign, Sandesh2Soldiers, urging the people to be a part of it. The prime minister prodded people to express their gratitude to soldiers guarding the borders through the campaign by sending them personalised messages on the occasion of Diwali.

Such messages can be sent through the Narendra Modi mobile app, the “official app of the prime minister”, or by logging on to www.mygov.in, a central government platform launched by the prime minister in 2014 to facilitate participatory governance by engaging the public. One can also send a message by recording it after dialing a 10-digit number – which would then be aired by All India Radio (AIR).

Media reports said a special module had been created within the mobile app to not only enable people to send text messages to soldiers but also to upload handwritten letters, decorated cards and videos to them expressing their Diwali wishes and feelings for the armed forces.

A special video that carried Modi’s appeal to the public to send messages to the armed forces was shared on social media along with a few other videos to promote the prime minister’s idea. One such video features a child sending a ‘thank you rocket’ to soldiers for defending the nation under hostile circumstances. That the call to send a personal message has come from the prime minister has upped the profile of this campaign.

Bollywood stars like Akshay Kumar, Aamir Khan and Salman Khan, and cricketers such as Virat Kohli, Virendra Sehwag and Mohammad Kaif have also posted their messages to soldiers on Twitter by using the prime minister’s campaign hashtag #Sandesh2Soldiers. Many Bharatiya Janata Party (BJP) politicians and ministers have also joined in.

As per a tweet by AIR on October 26, “Around 9,800 persons sent their good wishes to jawans of security forces so far during this festive season”. Last checked, www.mygov.in, run by the National Informatics Centre under the the Ministry of Electronics and Information Technology, showed 13,000 messages and video uploads recorded. The number is going up by the minute.

While the registration requirement at the government’s www.mygov.in portal only requires the sender to provide her or his name and e-mail address to be able to send a message or upload a video – a usual cyber safety procedure – those who want to use the Modi app for the purpose will have to do more: they will first have to agree to be personally profiled by the prime minister’s “official” mobile application.

Personally identifiable information

This is how things work: to register oneself through the app and send a message, a user not only has to disclose her name, mobile number and email address but also profession, the state and the district she belongs to, her voter identification card number, specific areas of interests and a personal description within “500 characters”.

This has left many potential senders and experts flummoxed. Why does a citizen, in order to express her gratitude to the armed forces on the occasion of Diwali at the call of her prime minister need to share additional information with the app, which amounts to profiling? At a time when the Supreme Court is hearing a bunch of petitions on the mandatory use of Aadhar cards by the government, some of which deal with issues of privacy and the possible misuse of the collected data, this is a relevant question.

“There was absolutely no need for the app to ask for additional information from a user just to send a message to the armed forces. As far as the additional information sought from a user is concerned, it allows the data collector to build a profile of the user but it is not profiling in the modern big data sense wherein multiple data sources are combined to create a complete profile of the data subject,” says Sunil Abraham, director of the Bangalore-based Centre for Internet and Society.

Abraham adds, “There is no guarantee that the data collected (through the app) won’t be used illegally by some commercial enterprise, etc. because our data protection law, Section 43A of the Information and Technology Act, doesn’t apply to the state but only to the private sector. In other words, if the personal information is shared with the government, then it is perfectly legal for the government to disclose the personal information to other government or commercial entities.”

Unlike the MyGov portal, where a user can type or upload a message, the Narendra Modi mobile app also automatically adds a quote from the prime minister below the one typed by the user. It expresses the prime minister’s pride over “the indomitable valour and supreme sacrifice of our armed forces etched in the memory of every Indian”.

The prime minister launched his official mobile app in August last year at a function reportedly organised by MyGov, thus making him the first prime minister to have a mobile app named after him. Designed by a team of six students from Delhi Technical University after winning a two-phased contest launched by MyGov in March last year, the app has been described as “a one-stop destination for knowing about all the latest day-to-day activities of the prime minister.”As per media reports, the app would correspond to the prime minister’s official website, www.pmindia.gov.in.

Obviously then, information on how to access the app and take part in the campaign have been publicised through his portal, www.pmindia.gov.in.

This raises another question. Even though www.pmindia.gov.in is not directly accepting public messages for the armed forces but is only promoting the campaign and giving information on how to download the mobile app for it (thereby proving that it corresponds to the app), it does direct an interested user to the prime minister’s personal website, www.narendramodi.in on clicking its publicity window designed for the campaign.

The user can then download the Modi app from his personal website, which was used extensively during the run-up to the 2014 parliamentary elections by Modi to reach out to voters. So the app not only corresponds to the official website of the prime minister but also with his personal website through the official website. Curiously, it is not possible to access the app from the MyGov portal even though the entity under the Ministry of Electronics and Information launched the app at a function on August 6 in New Delhi reportedly organised by it.

Thus, while the app that seemed to have been developed and launched by a government department can’t be accessed directly through a government portal, it can be accessed through the prime minister’s personal portal. Also, features in the app like “forget password” are handled by his personal website, which communicates with an app user as its “Admin”.

So who runs the app? Is it not the official app of the prime minister of the country? Who owns it? Is it his personal app that he considers “official”? These are questions to which answers are not easily available.

No answers

The Wire made multiple attempts to get an official response, both from the government and the BJP Cyber Cell, about these queries but failed to get an answer. The Wire also failed to get any official clarification to why the app seeks personal details of a user to just send messages to the armed forces.

Calls and text messages to the social media cell of the Press Information Bureau (PIB) – the government’s media interface in the digital space – the office of Anurag Jain, listed in the www.pmindia.gov.in as the “web information office”, and to MyGov, which launched the app at the second anniversary function of the Modi government on August 6 last year in New Delhi, failed to receive a reply. All that a PIB official was willing to say on condition of anonymity to this correspondent, “I think it has been outsourced, we don’t deal with it. May be you can contact the PMO.”

Anurag Jain’s office at the PMO said, “You won’t get any information here on the app and the response of the people for the campaign through it. Call the appointments section, it might know.” But that section didn’t respond.

A mail sent to Arvind Gupta of the BJP’s Cyber Cell too has so far remained unanswered. A BJP source, however, pointed out, “If you go to @narendramodi_in, it clearly mentions that it is the twitter account of narendramodi.in, the personal website of Narendra Modi and also of the Narendra Modi mobile app. So it is his personal app.”

The question of why a personal app of the prime minister is then called his “official” app remains unanswered. Also, why is it then that the bulk text messages sent by a government entity, MyGov, direct the public to the prime minister’s personal app to send a message to the armed forces? Is it personal or official?

Meanwhile, the traffic directed by the prime minister’s official website to his personal portal can make use of the e-greeting section in it to send a Diwali e-card to family, relatives, colleagues, etc.

To send such an e-card, the user needs to follow four mandatory steps – choosing a card from the available options, selecting a pre-written Diwali message; selecting a quote of the prime minister from an exhaustive list made available to the user, and adding the name, salutation and email address of the recipient of the card.

The list of quotes – in English and Hindi – have been culled out of the prime minister’s speeches that straddle a variety of categories including Pakistan, terrorism, ASEAN, Nepal, Bhutan, Swacchh Bharat mission, the idea of India, secularism, disability, caste, dalits, governance, yoga, youth, et al.

It also has “motivation” as a category of prime minister’s sayings. Clicking it will give a user the choice of a long list of the prime minister’s quotes which begins with the need for the world to recognise the sacrifice made by Indian soldiers in the two world wars and ends with a quote on the 2010 judgment given by the Allahabad high court on the disputed site at Ayodhya:

Diwali greetings that can be sent along with the prime minister’s quote on the Ayodhya judgement which has been stayed by the Supreme Court

The quote said, “The Ayodhya judgment will work as a catalyst to maintain peace and unity in the country. This judgment has given a respect to belief and self esteem of the people of India, and it should be linked to self esteem of the country.”

Reacting to the judgment in 2010, the Rashtriya Swayamsevak Sangh chief Mohan Bhagwat had expressed “satisfaction”, adding, “The judgment has paved the way for the construction of Ram temple in Ayodhya. The judgment is not a win or loss for anybody. We invite everybody, including Muslims, to help build the temple.”

Constructing the Ram temple in Ayodhya was also in the manifesto of the BJP for the 2014 Lok Sabha polls with Modi as the party’s prime ministerial candidate.

So, even if the Supreme Court had put a stay on the judgment and has been hearing some petitions for and against it, this Diwali, if you wish to send an e-card using that quote of the prime minister to express his mind on the issue, you can.

“I think it is not only improper of the prime minister to allow such a quote to feature in an e-card with his name but it is also contempt of court. Being the prime minister of the country, he has to maintain neutrality. As per the constitution, there is separation of the state from religion. So being the prime minister, he can’t possibly allow someone to use that quote of him,” says well-known constitutional expert and senior Supreme Court lawyer Rajeev Dhavan.

Dhavan points out a precedent: “In 1969, the Supreme Court held as contempt a comment made by the then West Bengal chief minister P.C. Sen in a speech aired by All India Radio. The speech was made at a time when someone had challenged an order of the state government on milk production. Sen’s adverse comment supporting the order was presented first in front of the West Bengal High Court which took cognisance of it and termed it contempt of court. Thereafter, the case came to the SC which also termed it contempt of court as the comment was made while the case was pending in the court.”

Swaying public opinion

As per media reports, the comment on the September 30, 2010, HC order was made by Modi, then the Gujarat chief minister, on the same day, before the SC stayed that order in May, 2011.

Dhavan felt, “That he, as the prime minister, is now openly allowing a user to circulate that quote after the SC has begun hearing the case will attract criminal contempt of court as it can be seen as interfering with the working of the judiciary. He can obviously affect public opinion and can be seen as trying to decide the question. It can be seen as usurping the function of the Judiciary by the Executive.”

The traffic directed by the prime minister’s official website to the personal portal can also make use of any Diwali e-greeting card by picking a quote from a category named “political-general”. Many of the quotes under that category are from the prime minister’s multiple attacks on the main opposition party, the Congress, some of which must have been made before the 2014 Lok Sabha polls, such as this one: “The UPA government is non-serious, it has taken the people for granted & it is not bothered about the youth. Their approach shows lack of faith in democracy. Our goal is to win the trust of the people & give dignity to them…”

“That the prime minister’s official website links people to surf his personal website where they can send e-cards using anti-opposition quotes of the prime minister is extremely contentious. Whichever party had come to power, there has always been a Chinese wall between the institution of the prime minister and the politician. Unfortunately, both have come together in the current dispensation. The common man doesn’t understand it well, so it is taking advantage of technology to erase that difference,” former Information and Broadcasting minister and Congress spokesperson Manish Tiwari said.

Such e-cards are not restricted to Diwali. You can send them on occasions like “Holi, Rakshabandhan, Navaratri, Christmas, Independence Day, Gudi Padwa, Kite Festival, Namo Birthday, Ram Navami, Swami Vivekananda Janma Jayanti” and at any other time by opting for the “political (general)” category.

Narendra Modi implemented the idea of launching e-cards that could go with his quotes in the run-up to the 2014 parliamentary elections. Reports said that “Narendra Modi E-cards” were used by the BJP as a “new marketing strategy” to canvas for its prime ministerial candidate before Holi to bypass the Election Commission of India’s model code of conduct as there was “no mention of rules for social media usage by political parties”.

Meanwhile, those who have signed up for the Narendra Modi mobile app only to send a message to the armed forces have begun receiving regular “infographics” based on the prime minister’s speeches, and also data culled out of news and study reports that are deemed favourable to him and his government. A registered user can further pass on those “infographics” by sharing them on her Facebook page and twitter handle.

The app, though termed “official”, also forwards to a registered user tweets posted only from his personal twitter handle and not from his official handle, @pmoindia. One such tweet that this correspondent received through the app had little to do with the government and entirely with the persona of the politician behind the prime minister. The tweet said, “When @narendramodi demonstrated true leadership at the Patna rally, on this day in 2013…”

Clicking on the link in the tweet takes you to a write-up that talks of the “true grit” of the “BJP’s then prime ministerial candidate” by addressing a rally after a bomb blast in Patna.

For more details visit https://cis-india.org/internet-governance/news/the-wire-october-29-2016-sangeeta-barooah-pisharoty-behind-modis-heartwarming-diwal-ad-for-soldiers-an-app-that-is-primed-for-political-messaging

Here is why government twitter handles have been posting offensive and partisan messages

praskrishna — 2016-10-16T03:24:45Z

You have failed us big time Mr Kejriwal, for your petty political gains you can become headlines for Pakistani press,” read a tweet on October 5 from @IndiaPostOffice, the official twitter handle of the Indian postal service.

The article by Danish Raza was published in the Hindustan Times on October 15, 2016. Nishant Shah was quoted.

It was a reference to Delhi Chief Minister Arvind Kejriwal urging the Prime Minister to counter Pakistan’s propaganda over surgical strikes.

Within hours, India Post tweeted an apology saying that the account was hacked.

This is the latest in a series of opinions and statements posted from official twitter handles of government departments and bodies. Of late, the Twitter handles meant to broadcast information related to government programmes have appeared like personal accounts tweeting slander and criticism.

Last month, the Twitter handle of Digital India tweeted a poem in Hindi calling on the Indian Army to persistently fire at protesters in Kashmir.

In August, the Twitter handle of Startup India retweeted a post suggesting that the Indian Army should ‘take care’ of #Presstitutes, a reference to sections of Indian media critical of the government.

The tweets expose loopholes in the government’s social media policy and raise questions about the norms followed in the recruitment of social media professionals for ministries and government institutions.

Work in Progress

The process of adopting new tools is work in progress. While the government agencies are trying to leverage social media to enhance citizen engagement, for the vast majority of government bodies, it is unexplored territory. Babus who have traditionally been dealing in paperwork and file notings are overwhelmed to see hash tags and trends. With a tech- savvy Prime Minister at the helm, every government department is trying to increase its digital footprint. At the same time, they face the challenge of reinterpreting existing work ethics and codes of conduct and applying them to the use of social media. Ministries such as the Ministry of External Affairs, Information & Broadcasting and the Prime Minister’s Office which have cohesive programmes and big mandate, have separate social media wings of their own with well- defined protocols. But these are exceptions.

Overall, the government bodies lack social media guidelines for their own efforts or which others can learn from. According to Chinmayi Arun, executive director, Centre for Communication Governance, National Law University, Delhi, mistakes are bound to happen given that everyone is new to social media. But it should be non-negotiable that when anything is said using an official governmental handle, the government should take more responsibility than just saying ‘oops’. “One of course is a clear and unequivocal statement apologising and taking back whatever was said. However, it should take pro-active measures to train and test people who handle its public-facing accounts and publish a clear monitoring and accountability mechanism by which they can be called to account. It should not be open to anyone to misuse the government’s official handles in this manner,” said Arun.

One of the areas where the lack of sensitisation is apparent is the usage of the same mobile device for multiple twitter handles – the most common reason for such goof-ups cited by social media consultants attached to various government departments. “I believe these were inadvertently posted by people handling these accounts. It may neither have been their mandate nor their intention. It happens when the person has configured multiple twitter handles from the same device and ends up posting from the wrong account,” said Amit Malviya, BJP’s National Convener, IT.

The majority of ministries and government departments do not give phones to members of the social media teams. It is up to the individual to use his personal device or get an additional one to manage the professional handle (s). A mistake will happen if a comment which was to be posted from the personal handle is posted from the official handle.

Twitter Goof-ups from GoI Accounts

“Because of the personalised and individual nature of social media, it is easy to forget that they are representing an institution and not themselves when using these handles. This also suggests the lack of public usage training in these organisations, and the need to educate our public actors in using social media with more responsibility as office bearers of an institution rather than a personal expression or an opinion,” said Nishant Shah, co-founder of the Centre for Internet and Society, Bangalore.

Another issue is that access to the account is given to multiple people. “Each one of them brings their individual personality and politics to their operation of the handle,” said Shah.

Hiring Issues

Part of the problem lies in the fact that there is no standard protocol on who can access the twitter handle of Indian government bodies and how this person or team is hired.

A few ministries (example: the ministry of railways) have a team comprising of government employees and staff of private agencies handling their account. Others have outsourced the job to agencies.

During the campaigning for the 2009 election, political parties got outside expertise to mark their presence online. The selection parameters of social media consultants – established public relations firms in some cases and individuals in others – was not uniform.

Unlike the traditional public relations officers who are from the Indian Information Services cadre, the social media consultants were selected based on their expertise in the field, political affiliation, and proximity to a party or leader.

Those who started handling social media accounts of political parties and leaders included trolls and social media influencers. “Parties got youngsters who were politically motivated and willing to work for political parties. They became cheaper alternatives for social media experts,” said Ishan Russel, political communication consultant.

After the NDA came to power, almost every ministry outsourced its digital expertise to agencies. Many individuals who were earlier directly working with leaders and parties got back with them via agencies. “If an agency is looking for people to handle the twitter account or Facebook page of a certain ministry in the BJP government, then those who are politically inclined towards the BJP will apply for the vacancies and their chances of getting hired are also much higher than someone who is neutral or known to be an AAP sympathiser,” said Vikas Pandey, 32-year-old software engineer, who headed the “I Support Namo” campaign on Facebook and Twitter, as a volunteer for the BJP.

Last year, the Prime Minister felicitated more than a dozen social media enthusiasts, including Vikas. The move raised eyebrows because many felt that the government was encouraging trolls. “It illuminates the fact that trolls have found gainful employment in the Government of India. Also that the entire edifice of the centre is being taken over by woefully undereducated bigots,” said Swati Chaturvedi, senior journalist and author.

Agency, the Soft Target

Till the time the government staff is well versed with social media tools, attributing the mistakes to an ‘outside agency’ appears to be the norm.

In the case of the twitter goof-up involving Startup India, Commerce and Industry minister Nirmala Sitharaman blamed a private agency that was managing the account of Startup India. “The retweets were done by an employee of the agency hired by the department of industrial policy and promotion. The person assigned by the agency for this particular job is not decided by the department and is the sole prerogative of the agency,” she said.

S Radha Chauhan, CEO of National e-Governance Division, attributed the controversial post from Digital India’s twitter handle to an agency called Trivone. “The person responsible had mistakenly tweeted from the official handle what he wanted to tweet from his personal account,” said Chauhan.

Those familiar with the functioning of the government’s social media verticals say that agencies are mentioned to cover up for mistakes often committed by someone from the government staff. “When in crisis, blame the agency, is the thumbrule the government follows. The fact is that each twitter post is approved by the client before it is posted,” said a senior executive with a digital marketing firm attached to a ministry which has recently earned lot of praise for its social media initiatives.

Nishtha Arora, social media and digital consultant in a reputed ad agency, was handling a political account till very recently. She said that the client required her to just randomly tweet or RT to be heard by the followers of a tech-savvy minister and be his digital mouthpiece. “I often had to draft tweets which looked like press releases,” she said.

“Digital faux pas is blamed on to someone who might be an expert in the field but yet has to bow down to the client pressure so that their agenda for the day is met and the said government body or ministry remains in the news,” she added.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-danish-raza-october-15-2016-here-is-why-government-twitter-handles-have-been-posting-offensive-and-partisan-messages

Tech companies like Gmail, WhatsApp may be asked to store user information

praskrishna — 2016-10-14T01:12:14Z

The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.

The article by Surabhi Agarwal was published in Economic Times on October 14, 2016. Pranesh Prakash was quoted.

What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.

Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.

Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.

The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.

“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."

Google and Facebook did not respond to requests for comment.

‘Huge balancing act’

Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.

While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.

Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.

For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.

Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.

And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.

For more details visit https://cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information

Services like TwitterSeva aren’t the silver bullets they are made out to be

sunil — 2016-10-06T16:31:51Z

TwitterSeva is great, but it should not be considered a sufficient replacement for proper e-governance systems. This is because there are several serious shortcomings with the TwitterSeva approach, and it is no wonder that enthusiastic police officers and bureaucrats are somewhat upset with the slow deployment of e-governance applications. They are also right in being frustrated with the lack of usability and scalability of existing applications that hold out the promise of adopting private sector platforms to serve citizens better.

Sunil Abraham, executive director of the Centre for Internet and Society, wrote this in response to the FactorDaily story on TwitterSeva, a special feature developed by Twitter’s India team to help citizens connect better with government services. Sunil's article in FactorDaily can be read here.

Let’s take a look at why the TwitterSeva approach is not adequate:

1. Vendor and Technology Neutrality: Providing a level ground for competing technologies in e-governance has been a globally accepted best practice for about 15 years now. This is usually done by using open standards policies and interoperability frameworks.

India does have a national open standards policy, but the National Informatics Centre (NIC) has only published one chapter of the Interoperability Framework for e-Governance .

The thing is, while Twitter might be the preferred choice for urban elites and the middle class, it might not be the choice of millions of Indians coming online. By implicitly signaling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter. Ideally, all interactions that the state has with citizens should be such that citizens can choose which vendor and technology they would like to use. Ideally, the government should have its own work-flow so that it can harvest complaints, feedback and other communications from all social media platforms be it Twitter or Identica, Facebook or Diaspora, and publish responses back onto them.

By implicitly signalling to citizens that Twitter complaints will be taken more seriously than e-mail or SMS complaints, the government is becoming a salesperson for Twitter

Apart from undermining the power of choice for citizens, lack of vendor and technology neutrality in government use of technology undermines the efficient functioning of a competitive free market, which is the bedrock of future innovation.

When it comes to micro-blogging, Twitter has established a near monopoly in India. There are no clear signs of harm and therefore it would not be wise to advocate that the Competition Commission of India investigate Twitter. However, if the government helps Twitter tighten its grip over the Indian market, it is preventing the next cycle of creative destruction and disruption. Therefore, e-governance applications should ideally only “loosely couple” with the APIs of private firms so that competition and innovation are protected.

2. Holistic Approach and Accountability: Ideally, as the Electronic Service Delivery Bill 2011 had envisaged, every agency within the government was supposed to (within 180 days of the enactment of the Act) do several things: publish a list of services that will be delivered electronically with a deadline for each service; commit to service-level agreements for each service and provide details of the manner of delivery; provide an agency-level grievance redressal mechanism for citizens unhappy with the delivery of these electronic services.

Notwithstanding the 180-day commitment, the Bill required that “all public services shall be delivered in electronic mode within five years” after the enactment of the Bill with a potential three-year extension if the original deadline was not met. The Bill also envisaged the constitution of a Central Electronic Service Delivery Commission with a team of commissioners who “monitor the implementation of this Bill on a regular basis” and publish an annual report which would include “the number of electronic service requests in response to which service was provided in accordance with the applicable service levels and an analysis of the remaining cases.”

The Electronic Service Delivery Bill 2011 had a much more comprehensive and accountable plan for e-governance adoption in the country

Citizens suffering from non-compliance with the provisions of the Bill and unsatisfied with the response from the agency level grievance redressal mechanism could appeal to the Commission. The state or central commissioners after giving the government officials an opportunity to be heard were empowered to impose a fine of Rs 5000.

Unlike the piecemeal approach of TwitterSeva, the Bill had a much more comprehensive and accountable plan for e-governance adoption in the country.

3. Right To Transparency: Some of the interactions that the government has with citizens and firms may have to be disclosed under the obligation emerging from the Right to Information Act for disclosure to the public or to the requesting party. Therefore it is important that the government take its own steps for the retention of all data and records — independent of the goodwill and lifecycles of private firms.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests? Even if the government is not keen on pushing for data portablity as a right for consumers (just like mobile number portability in telecom, so that consumers can seamlessly shift between competing service providers), it absolutely should insist on data portability for all government use.

Twitter is only 10 years old. It took 10 years for Orkut to shut down. Maybe Twitter will shut down in the next 10 years. How then will the government comply with RTI requests?

This will allow it to shift to a) support multiple services, b) shift to competing/emerging services c) incrementally build its own infrastructure and also comply with the requirements of the Right to Information Act.

4. Privacy: Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology.” There is an obsession with collecting as much data as possible from citizens, storing it in centralized databases and providing “dashboards” to bureaucrats and politicians. This is diametrically opposed to the view of the security community.

Unfortunately, thanks to the techno-utopians behind the Aadhaar project, the current government is infected with “data ideology”

For example, Bruce Schneier posted on his blog in March this year (in a piece titled ‘Data is a Toxic Asset‘) saying: “What all these data breaches are teaching us is that data is a toxic asset and saving it is dangerous. This idea has always been part of the data protection law starting with the 2005 EU Data Protection Directive expressed as the principle of “Data Minimization” or “Collection Limitation”. More recently technologists and policy makers also use the phrase “Privacy by Design”. Introducing an unnecessary intermediary or gate-keeper between what is essentially transactions between citizens and the state is an egregious violation of a key privacy principle.”

5. Middle Class and Elite Capture: The use of Twitter amplifies the voices of the English-speaking, elite, and middle class citizens at the expense of the voices of the poor. While elites don’t exhibit fear when tagging police IDs and making public complaints from the comforts of their gated communities with private security guards shielding them the violence of the state, this might be a very intimidating option for the poor and disempowered.

While elites don’t fear tagging police IDs and making public complaints from the comforts of their gated communities, it’s intimidating for the disempowered

While the system may not be discriminatory in its design, it will have disparate impact on different sections of our society. In other words, the introduction of TwitterSeva will exacerbate power asymmetries in our society rather than ameliorating them.

The canonical scholarly reference for this is Kate Crawford’s analysis of City of Boston’s StreetBump smartphone, which resulted in an over-reporting of potholes in elite neighbourhoods and under-reporting from poor and elderly residents. This meant that efficiency in the allocation of the city’s resources was only a cover for increased discrimination against the powerless.

6. Security: The most important conclusion to draw from the Snowden disclosure is that the tin-foil conspiracy theorists who we used to dismiss as lunatics were correct. What has been established beyond doubt is that the United States of America is the world leader when it comes to conducting mass surveillance on netizens across the globe. It is still completely unclear how much access the NSA has to the databases of American social media giants. When the complete police force of a state starts to use Twitter for the delivery of services to the public, then it may be possible for foreign intelligence agencies to use this information to undermine our sovereignty and national security.

For more details visit https://cis-india.org/internet-governance/blog/factordaily-sunil-abraham-october-6-2016-services-like-twitterseva-are-not-the-silver-bullets-they-are-made-out-to-be

WhatsApp ruling: Experts seek privacy law

praskrishna — 2016-09-27T02:35:06Z

On August 25, Whatsapp updated its policy to share user content with social network; the decision opened new monetisation models for the messaging app.

The article by Apurva Venkat and Moulishree Srivastava quoted Sunil Abraham. It was published in the Business Standard on September 24, 2016.

The recent Delhi High Court ruling that messaging app Whatsapp cannot share user data highlights the need for legislation on privacy, according to experts.

On August 25, Whatsapp, a platform with 70 million users in India that was acquired by Facebook in 2014, updated its policy to share user content with the social network. The decision opened new monetisation models for the messaging app.

In response to a PIL, the court ordered WhatsApp to delete data of users who chose to opt out of its policy changes before September 25. It also orderedWhatsApp not to share data collected before September 25 with Facebook for users who had not opted out.

"The decision makes a strong statement on privacy," said Sunil Abraham, executive director of the Centre for Internet Society. According to him, a user trusts a platform and provides access to his data. As another firm acquires the platform, it gains access to the data.

"Facebook owns Whatsapp. It has to look at ways of monetising it," said Nikhil Pahwa, co-founder of SavetheInternet.in.

"With so much digital data being generated, there is a need for a privacy law in the country," said Pahwa.

"Facebook's consent interface is confusing. It can make a person who wants to opt out let the company access his data," said Abraham, adding a law would take care of such intricacies. The government is working on a privacy bill.

Saroj Kumar Jha, partner, SRGR Law Offices, said there were few judgments on privacy in India based on constitutional rights.

"While the Information Technology Act enables courts to pass judgments on global companies on privacy, enforcing the orders is difficult," he said.

"What is required is a privacy law that can protect user data and uphold the individual's right to privacy," he added.

For more details visit https://cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law