Centre for Internet and Society

Creeped out by Netflix's 'You'? Here's how you can avoid online stalkers, data thieves

Admin — 2019-01-12T02:13:25Z

Several social media users have no idea of how much of their information is stored on the Internet and what kind of information they are allowing the applications to access.

The blog post by Sanyukta Dharmadhikari was published by the New Minute on January 10, 2019. Pranesh Prakash was quoted.

Imagine someone knowing exactly where you are, where you live, what your routine is, where you will be and then waiting there for a ‘chance encounter’ to happen. This near-horror phenomenon is something Netflix’s new show You delves into. It follows a seemingly charming bookstore manager and his ‘love story’ with an aspiring writer – except he stalks her, breaks into her home, steals her phone and keeps tabs on her location in an attempt to be ‘at the right place at the right time’ and weasel into her life.

The nightmarish experience of the woman he pursues in the series led many users to check their own privacy settings on social media. But several users still have no idea of how much of their information is stored on the cloud and what kind of information they are allowing the applications to access.

How social media uses your data

“There might be much more information about you out there on the Internet than you sign up for. People do not really realise how much of their data is out there. Things are made out to be very opaque, so it is difficult to know who stores how much of your data,” says Anja Kovacs, director at Delhi-based Internet Democracy Project.

Pranesh Prakash, a fellow at the Centre for Internet and Society, explains that most websites put the onus of privacy onto the user but recently, there have been some features that social media giants have introduced after privacy concerns were voiced.

“On Twitter, I think you don’t need to use your real name and you do not have to use your location. On Facebook, apart from your name, you can restrict other information to friends only or use the option ‘Only Me’. With these kinds of possibilities existing, one just needs to know how to navigate through these tools,” Pranesh says.

The problem with this, he adds, is that the onus of privacy is put onto the user. “It is a difficult situation for social networks. One of Facebook’s most used feature is the ‘people you may know’ feature. Sometimes, that can go really bad, sometimes it may throw up your ex as a suggestion or let your stalker see your profile or it may allow people who visit a common psychologist to see each other as suggestions without knowing why,” he says.

While it is difficult for social media giants to calibrate such settings, the users have recently been given options to help control what kind of audience sees what information.

After Google Plus was launched, Facebook introduced a feature that allows users to choose who can see their status updates. Pranesh adds that users should make use of such features.

Understanding your data online

Not many users realise that basic information about them can be used against them. Seemingly harmless information like your date of birth, your birthplace or the pages that you follow on social media may contain leads for identity thefts.

“All the information that you put up publicly can be used by police, future employees or even your stalkers as well. For example, your date of birth, which most users add to their social media profiles, is usually used to verify bank accounts. If that is public, anyone can pretend to be you,” says Pranesh.

A way out is to relay this information only to people you trust. Another thing is to remember that on the internet, information received from one website can be used to access information on another website.

“You might upload a picture with your pet and name your pet in that post. However, that name could be the answer to one of the security questions asked on another website. If you use the same email address and username across social media profiles, it is easier to find information about you. Users should be aware that websites can be connected,” Pranesh explains.

Apps and permissions

Another crucial thing to remember is that users must always look into privacy settings of social networks that they use.

When you install new applications on your mobile phones, they often ask for certain permissions – like seeking access to your location – and users usually mechanically click on allow.

Most of these permissions apps request are often based on the type of application – for example, it is natural for Google Maps to ask permission to access your location – and users need to be vigilant if apps ask for absurd permissions.

“I once saw a torchlight app that sought access to my address book. Why would my flashlight need access to my contacts? There are a lot of apps who don't read these permissions. It is quite easy to figure out what kind of permissions an app needs and users need to apply their mind when installing the apps,” Anja adds.

She states that there are a lot of people who do not read through the terms and conditions of a particular website or app or the permissions they seek. And once access is granted, there is no way of taking your data back.

Last year, it was revealed that a Facebook breach had exposed data of 50 million people. Last month, Facebook reported another security breach where nearly 6.8 million users risked their private photos being exposed to third-party apps.

Facebook also found itself refuting serious claims of wrongdoings in giving access to user information to certain device makers, including China-based Huawei, and certain large technology companies and popular apps like Netflix or Spotify.

Anja says users should be more critical of such companies and organisations that store data or sell users' data.

“People feel that things can’t change, but that is because they don't make enough noise. You must ask whether companies can store your data and not just who has what data – ask who can access it,” Anja said. “Think more critically about which companies you trust and why you trust them.”

For more details visit https://cis-india.org/internet-governance/news/news-minute-sanyukta-dharmadhikari-january-10-2019-creeped-out-by-netflixs-you

Response to the Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

Gurshabad Grover, Nikhil Srinath and Aayush Rathi — 2019-01-11T15:59:59Z

For more details visit https://cis-india.org/internet-governance/files/response-to-the-consultation-paper-on-regulatory-framework-for-over-the-top-ott-communication-services

Response to TRAI Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services

gurshabad — 2019-01-11T16:01:09Z

This submission presents a response to the Telecom Regulatory Authority of India’s Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services.

Click here to view the submission (PDF).

This submission presents a response by Gurshabad Grover, Nikhil Srinath and Aayush Rathi (with inputs from Anubha Sinha and Sai Shakti) to the Telecom Regulatory Authority of India’s “Consultation Paper on Regulatory Framework for Over-The-Top (OTT) Communication Services (hereinafter “TRAI Consultation Paper”) released on November 12, 2018 for comments. CIS appreciates the continual efforts of Telecom Regulatory Authority of India (TRAI) to have consultations on the regulatory framework that should be applicable to OTT services and Telecom Service Providers (TSPs). CIS is grateful for the opportunity to put forth its views and comments.

Addendum: Please note that this document differs in certain sections from the submission emailed to TRAI: this document was updated on January 9, 2019 with design and editorial changes to enhance readability. The responses to Q5 and Q9 have been updated. This updated document was also sent to TRAI.

For more details visit https://cis-india.org/internet-governance/blog/response-to-trai-consultation-paper-on-regulatory-framework-for-over-the-top-ott-communication-services

Internet Researchers' Conference 2019 (IRC19): #List, Jan 30 - Feb 1, Lamakaan

sneha-pp — 2019-01-31T06:41:38Z

Who makes lists? How are lists made? Who can be on a list, and who is missing? What new subjectivities - indicative of different asymmetries of power/knowledge - do list-making, and being listed, engender? What makes lists legitimate information artifacts, and what makes their knowledge contentious? Much debate has emerged about specificities and implications of the list as an information artifact, especially in the case of #LoSHA and NRC - its role in creation and curation of information, in building solidarities and communities of practice, its dependencies on networked media infrastructures, its deployment by hegemonic entities and in turn for countering dominant discourses. For the fourth edition of the Internet Researchers’ Conference (IRC19), we invited sessions and papers that engage critically with the form, imagination, and politics of the *list* - to present or propose academic, applied, or creative works that explore its social, economic, cultural, material, political, affective, or aesthetic dimensions. IRC19 will be organised in Lamakaan, Hyderabad, during January 30 - February 1, 2019.

Venue: Lamakaan, Off Road 1, Near GVK Mall, Banjara Hills, Hyderabad 500034

Location: Google Maps

Conference Programme: Read (SlideShare) and Download (PDF)

Code of Conduct and Friendly Space Policy: Download (PDF)

Poster: Download (JPG)

Registration: Directly at the venue, it is a free and open conference

IRC19: #List

For the last several years, #MeToo and #LoSHA have set the course for rousing debates within feminist praxis and contemporary global politics. It also foregrounded the ubiquitous presence of the list in its various forms, not only on the internet but across diverse aspects of media culture. Much debate has emerged about specificities and implications of the list as an information artifact, especially in the case of #LoSHA and NRC - its role in creation and curation of information, in building solidarities and communities of practice, its dependencies on networked media infrastructures, its deployment by hegemonic entities and in turn for countering dominant discourses. Directed by the Supreme Court, the Government of India has initiated the National Register of Citizens process of creating an updated list of all Indian citizens in the state of Assam since 2015. This is a list that sets apart legal citizens from illegal immigrants, based on an extended and multi-phase process of announcement of draft lists and their revisions. NRC is producing a list with a specific question: who is a citizen and who is not? UIDAI has produced a list of unique identification number assigned to individuals: a list to connect/aggregate other lists, a meta-list.

From Mailing Lists to WhatsApp Broadcast Lists, lists have been the very basis of multi-casting capabilities of the early and the recent internets. The list - in terms of list of people receiving a message, list of machines connecting to a router or a tower, list of ‘friends’ and ‘followers’ ‘added’ to your social media persona - structures the open-ended multi-directional information flow possibilities of the internet. It simultaneously engenders networks of connected machines and bodies, topographies of media circulation, and social graphs of affective connections and consumptions. The epistemological, constitutive, and inscriptive functions of the list, as Liam Young documents, have been crucial to the creation of new infrastructures of knowledge, and to understand where the internet emerges as a challenge to these.

As a media format that is easy to create, circulate, and access (as seen in the number of rescue and relief lists that flood the web during national disasters) or one that is essential in classification and cross-referencing (such as public records and memory institutions), the list becomes an essential trope to understand new media forms today, as the skeletal frame on which much digital content and design is structured and consumed through.

Who makes lists?
How are lists made?
Who can be on a list, and who is missing?
Who gets counted on lists, and who is counting?
What new subjectivities - indicative of different asymmetries of power/knowledge - do list-making, and being listed, engender?
What modalities of creation and circulation of lists affords its authority, its simultaneous revelations and obfuscations?
What makes lists legitimate information artifacts, and what makes their knowledge contentious?
What makes lists ephemeral, and what makes their content robust?
What makes lists hegemonic, and what makes them intersectional?
What makes lists ordered, and what makes them unordered?
What do listicles do to habits of reading and creation of knowledge?
What new modes of questioning and meaning-making have manifested today in various practices of list-making?
How and when do lists became digital, and whatever happened to lists on paper?
Are there cultural economies of lists, list-making, and getting listed?
Are lists content or carriage, are they medium or message?

For the fourth edition of the Internet Researchers’ Conference (IRC19), we invited sessions and papers that engage critically with the form, imagination, and politics of the *list* - to present or propose academic, applied, or creative works that explore its social, economic, cultural, material, political, affective, or aesthetic dimensions.

Sessions

#AyushmanBhavah - Arya Lakshmi and Adrij Chakraborty

#ButItIsNotFunny - Madhavi Shivaprasad and Sonali Sahoo

#CallingOutAndIn - Usha Raman, Radhika Gajjala, Riddhima Sharma, Tarishi Varma, Pallavi Guha, Sai Amulya Komarraju, and Sugandha Sehgal

#EnlistingPrivacy - Pawan Singh and Pranjal Jain

#FOMO - Pritha Chakrabarti and Dr. Baidurya Chakrabarti

#LegitLists - Form follows function: List by design - Akriti Rastogi, Ishani Dey, and Sagorika Singha

#ListInterface - Bharath Sivakumar, Rakshita Siva, and Deepak Prince

#LoSHAandWhatFollowed - Anannya Chatterjee, Arunima Singh, Bhanu Priya Gupta, Renu Singh, and Rhea Bose

#PowerListing - Dr. Shubhda Arora, Dr. Smitana Saikia, Prof. Nidhi Kalra, and Prof. Ravikant Kisana

#StoriesRecordsLegendsRituals - Priyanka, Aditya, Bhanu Prakash GS, Aishwarya, and Dinesh

Papers

Orinam: An online list archiving queer history, activism, support, experiences and literature - Brindaalakshmi.K

De-duplicating amidst disaster: how rescue databases were made during 2018 Kerala floods - Gayas Eapen

Making the ‘Other’ Count: Categorizing ‘Self’ using the NRC - Khetrimayum Monish Singh and Ranjit Singh

About the IRC Series

Researchers and practitioners across the domains of arts, humanities, and social sciences have attempted to understand life on the internet, or life after the internet, and the way digital technologies mediate various aspects of our being today. These attempts have in turn raised new questions around understanding of digital objects, online lives, and virtual networks, and have contributed to complicating disciplinary assumptions, methods, conceptualisations, and boundaries.

The researchers@work programme at the Centre for Internet and Society (CIS) initiated the Internet Researchers' Conference (IRC) series to address these concerns, and to create an annual temporary space in India, for internet researchers to gather and share experiences.

The IRC series is driven by the following interests:

creating discussion spaces for researchers and practitioners studying internet in India and in other comparable regions,
foregrounding the multiplicity, hierarchies, tensions, and urgencies of the digital sites and users in India,
accounting for the various layers, conceptual and material, of experiences and usages of internet and networked digital media in India, and
exploring and practicing new modes of research and documentation necessitated by new (digital) objects of power/knowledge.

The first edition of the Internet Researchers' Conference series was held in February 2016. It was hosted by the Centre for Political Studies at Jawaharlal Nehru University, and was supported by the CSCS Digital Innovation Fund. The second Internet Researchers' Conference was organised in partnership with the Centre for Information Technology and Public Policy (CITAPP) at the International Institute of Information Technology Bangalore (IIIT-B) campus on March 03-05, 2017. The third Internet Researchers' Conference was organised at the Sambhaavnaa Institute, Kandbari (Himachal Pradesh) during February 22-24, 2018, and the theme of the conference was *offline*.

For more details visit https://cis-india.org/raw/irc19-list

Registering for Aadhaar in 2019

sunil — 2019-01-03T14:59:04Z

It is a lot less scary registering for Aadhaar in 2019 than it was in 2010, given how the authentication modalities have since evolved.

The article was published in Business Standard on January 2, 2019.

Last November, a global committee of lawmakers from nine countries the UK, Canada, Ireland, Brazil, Argentina, Singapore, Belgium, France and Latvia summoned Mark Zuckerberg to what they called an “international grand committee” in London. Mr. Zuckerberg was too spooked to show up, but Ashkan Soltani, former CTO of the FTC was among those who testified against Facebook. He said “in the US, a lot of the reticence to pass strong policy has been about killing the golden goose” referring to the innovative technology sector. Mr. Soltani went on to argue that “smart legislation will incentivise innovation”. This could be done either intentionally or unintentionally by governments. For example, a poorly thought through blocking of pornography can result in innovative censorship circumvention technologies. On other occasions, this can happen intentionally. I hope to use my inaugural column in these pages to provide an Indian example of such intentional regulatory innovation.

Eight years ago, almost to this date, my colleague Elonnai Hickok wrote an open letter to the Parliamentary Finance Committee on what was then called the UID or Unique Identity. She compared Aadhaar to the digital identity project started by the National Democratic Alliance (NDA) government in 2001. Like the Vajpayee administration which was working in response to the Kargil War, she advocated a decentralised authentication architecture using smart cards based on public key cryptography. Last year, even before the five-judge constitutional bench struck down Section 57 of the Aadhaar Act, the UIDAI preemptively responded to this regulatory development by launching offline Aadhaar cards. This was to be expected especially since from the A.P. Shah Committee report, the Puttaswamy Judgment, the B.N. Srikrishna Committee consultation paper, report and bill, the principle of “privacy by design” was emerging as a key Indian regulatory principle in the domain of data protection.

The introduction of the offline Aadhaar mechanism eliminates the need for biometrics during authentication. I have previously provided 11 reasons why biometrics is inappropriate technology for e-governance applications by democratic governments, and this comes as a massive relief for both human rights activists and security researchers. Second, it decentralises authentication, meaning that there is a no longer a central database that holds a 360-degree view of all incidents of identification and authentication. Third, it dramatically reduces the attack surface for Aadhaar numbers, since only the last four digits remain unmasked on the card. Each data controller using Aadhaar will have to generate his/her own series of unique identifiers to distinguish between residents. If those databases leak or get breached, it won’t tarnish the credibility of Aadhaar or the UIDAI to the same degree. Fourth, it increases the probability of attribution in case a data breach were to occur; if the breached or leaked data contains identifiers issued by a particular data controller, it would become easier to hold them accountable and liable for the associated harms. Fifth, unlike the previous iteration of the Aadhaar “card”, on which the QR code was easy to forge and alter, this mechanism provides for integrity and tamper detection because the demographic information contained within the QR code is digitally signed by the UIDAI. Finally, it retains the earlier benefit of being very cheap to issue, unlike smart cards.

Thanks to the UIDAI, the private sector is also being forced to implement privacy by design. Previously, since everyone was responsible for protecting Aadhaar numbers, nobody was. Data controllers would gladly share the Aadhaar number with their contractors, that is, data processors, since nobody could be held responsible. Now, since their own unique identifiers could be used to trace liability back to them, data controllers will start using tokenisation when they outsource any work that involves processing of the collected data. Skin in the game immediately breeds more responsible behaviour in the ecosystem.

The fintech sector has been rightfully complaining about regulatory and technological uncertainty from last year’s developments. This should be addressed by developing open standards and free software to allow for rapid yet secure implementation of these changes. The QR code standard itself should be an open standard developed by the UIDAI using some of the best practices common to international standard setting organisations like the World Wide Web Consortium, Internet Engineers Task Force and the Institute of Electrical and Electronics Engineers. While the UIDAI might still choose to take the final decision when it comes to various technological choices, it should allow stakeholders to make contributions through comments, mailing lists, wikis and face-to-face meetings. Once a standard has been approved, a reference implementation must be developed by the UIDAI under liberal licences, like the BSD licence that allows for both free software and proprietary software derivative works. For example, a software that can read the QR code as well as send and receive the OTP to authenticate the resident. This would ensure that smaller fintech companies with limited resources can develop secure systems.

Since Justice Dhananjaya Y. Chandrachud’s excellent dissent had no other takers on the bench, holdouts like me must finally register for an Aadhaar number since we cannot delay filing taxes any further. While I would still have preferred a physical digital artefact like a smart card (built on an open standard), I must say it is a lot less scary registering for Aadhaar in 2019 than it was in 2010, given how the authentication modalities have since evolved.

For more details visit https://cis-india.org/internet-governance/blog/business-standard-january-2-2019-registering-for-aadhaar-in-2019

Welcome to r@w blog!

sneha-pp — 2019-01-02T11:48:04Z

We from the researchers@work programme at the Centre for Internet and Society (CIS) are delighted to announce the launch of our new blog, hosted on Medium. It will feature works by researchers and practitioners working in India and elsewhere at the intersections of internet, digital media, and society; and highlights and materials from ongoing research and events at the researchers@work programme.

r@w blog: Visit (Medium)

A space for reflections on internet and society, r@w blog is also an attempt to facilitate conversations around contemporary debates and foster creative engagement with research and practice through text, images, sounds, videos, code, and other media forms offered by the internet.

r@w blog opens with an essay on ‘Information Offline: Labour, Surveillance, and Activism in the Indian IT & ITES Industry’ by Rianka Roy - as part of an essay series exploring social, economic, cultural, political, infrastructural, and aesthetic dimensions of the "offline" - and audio recording from a session titled #ILoveYou by Dhiren Borisa and Dhrubo Jyoti, which was part of the Internet Researchers’ Conference 2018 - #Offline.

We will publish our (including commissioned/supported) writings and works on this blog, as well as submitted and compiled materials. Please write to raw[at]cis-india[dot]org to submit your works to be considered for publication. Copyright to all material published on this blog are owned by CIS and author(s) concerned, and they are shared under Creative Commons Attribution 4.0 International license.

For more details visit https://cis-india.org/raw/welcome-to-raw-blog

Internet Researchers' Conference 2019 (IRC19): #List - Selected Sessions and Papers

sneha-pp — 2019-01-21T12:11:35Z

Here is the list of selected sessions and papers for the Internet Researchers' Conference 2019 (IRC19) - #List. IRC19 will be held in Lamakaan, Hyderabad, from Jan 30 to Feb 1, 2019. The conference announcement, along with the final agenda, will be published on Monday, January 7.

Internet Researchers' Conference 2019 - #List - Call for Sessions

Internet Researchers' Conference 2019 - #List - Call for Papers

Internet Researchers' Conference 2019 - #List - List of Proposed Sessions

Selected Sessions

#AyushmanBhavah - Arya Lakshmi and Adrij Chakraborty (9 votes)

#ButItIsNotFunny - Madhavi Shivaprasad and Sonali Sahoo (9 votes)

#CallingOutAndIn - Usha Raman, Radhika Gajjala, Riddhima Sharma, Tarishi Varma, Pallavi Guha, Sai Amulya Komarraju, and Sugandha Sehgal (9 votes)

#EnlistingPrivacy - Pawan Singh and Pranjal Jain (9 votes)

#FOMO - Pritha Chakrabarti and Dr. Baidurya Chakrabarti (9 votes)

#LegitLists - Form follows function: List by design - Akriti Rastogi, Ishani Dey, and Sagorika Singha (9 votes)

#ListInterface - Bharath Sivakumar, Rakshita Siva, and Deepak Prince (7 votes)

#LoSHAandWhatFollowed - Anannya Chatterjee, Arunima Singh, Bhanu Priya Gupta, Renu Singh, and Rhea Bose (7 votes)

#PowerListing - Dr. Shubhda Arora, Dr. Smitana Saikia, Prof. Nidhi Kalra, and Prof. Ravikant Kisana (10 votes)

#StoriesRecordsLegendsRituals - Priyanka, Aditya, Bhanu Prakash GS, Aishwarya, and Dinesh (11 votes)

Selected Papers

Brindaalakshmi.K

Orinam: An online list archiving queer history, activism, support, experiences and literature

In July 2009, the Delhi High Court legalised homosexual acts among consenting adults. However, in 2013, the Supreme Court of India held that homosexuality between two consenting adults was illegal and reinstated Section 377 of the Indian Penal Code. This section was reinstated under the pretext of the LGBTIQA+ community being a minuscule minority. The Supreme Court saw this as insufficient for declaring that Section 377 as going against Article 14, 15 and 21. However, on September 6, 2018, the Supreme Court of India passed the historic verdict reading down Section 377 to decriminalise homosexuality in India. In the time between 2013 and 2018, the LGBTIQA+ community struggled to their presence and rights. Different groups and organisations have worked on this.

One such collectives has been Orinam, an all-volunteer unregistered Chennai-based collective. Started in 2003, Orinam among other things, has also been recording queer experiences on its website since Dec 2005. These experiences of queer people and their families have been recorded in Tamil and English on Orinam’s blog, Our Voices as poetry, fiction, news, views, podcasts and reviews. The website also archives queer events in India through The Orinam Photo archives. Orinam has also been archiving the legal developments with respect to the rights of LGBTIQA+ community. This included legal documents, landmark verdicts, letters written by the family of queer individuals in multiple Indian languages to the Supreme Court to read down Section 377, among others [1]. These listings along with others, in turn also contributed to building the case for the legal battle to eventually read down Section 377.

This paper looks specifically at the functioning of Orinam based in Chennai that uses lists in a way to support a marginalised community acknowledging their realities and also keeping them alive in different ways. This is being done through its support resources, peer support, activism or archiving queer experiences in the form of literature and other media, both online and offline. This paper will trace Orinam’s work through the fifteen years of its existence as a listing and archiving platform supporting the LGBTIQA+ community.

[1] Orinam@15: talk delivered at 15th Anniversary Celebrations. Dec 23, 2018

Brindaalakshmi is a member/volunteer of the Chennai based queer collective, Orinam; and is currently working with the Centre for Internet and Society, India, on a study on 'Gendering of Development Data in India'.

Gayas Eapen

De-duplicating amidst disaster: how rescue databases were made during 2018 Kerala floods

Natural disasters can be crucial time for making lists: of people in need of assistance, rescue, support, relief and other similar disaster-related operations. In lists concerning rescue, being on the list and not being on it could mean the difference of life and death. In which case it is important to consider: how do the processes which make such lists possible come about? How do they ensure that people are not left out of these lists? How they do they sort out redundancies? I study the lists made during the Kerala floods of 2018 to attempt to answer some of these questions.

As rescue requests started piling up on social media, a group of volunteers set up the web portal, keralarerscue.in, which later became the central database of all the rescue requests. The portal was unique in two fronts. First, the developers building the portal were volunteers from the community instead of being the state employees, but, nonetheless, worked in coordination with the the government and rescue agencies along with the feedback they were getting from people. Second, the rescue requests were being crowdsourced from people directly. This led to the duplication of requests, it wasn’t until much later that it was realized that crowdsourced information was not coming directly from the victims, but from people who were placing requests on their behalf.

In this paper I argue how feedback from the community, coupled with the personal investment of the programmers lead to improvements in the structuring and use of the database. I will delineate the concerns of de-duplication (process of removing redundancies) which posed a serious dilemma, of either deleting crucial information hence posing danger to people’s lives, or incurring loss of precious resources in chasing repeated rescue requests.

I argue that the streamlining of programming operations by developing methods such as ticketing system (of labelling the urgency or marking completion of rescue requests by telephonically confirming them) were made possible because of a participatory model of building lists. Those involved in the technical creation of the lists identified closely with the experiences of the people stuck in the flood. The solution, which involved not deleting names of people but instead undertaking another painstaking scrutinizing operation even in a time sensitive environment, can be placed in stark contrast to how lists have been created by state or corporate agencies in similar crucial situations.

Gayas is an assistant professor of English and Journalism (as part of the Resident Expert Panel, 2018-19) at Dayapuram Arts and Science College, Kozhikode, University of Calicut.

Khetrimayum Monish Singh and Ranjit Singh

Making the ‘Other’ Count: Categorizing ‘Self’ using the NRC

This paper focuses on the National Register of Citizens (NRC) as a case study to discuss legal and administrative challenges in categorizing Assamese residents as citizens of India. At a fundamental level, lists manifest a binary of categories: people who are on the list and others who are not. However, the process of achieving this binary distinction, especially in the exercise of updating NRC, has required bureaucratic accounting of a wide variety of Assameseresidents who neither are completely on the list nor completely off it. This paper specifically focuses on instances of inclusion and exclusion of three categories of Assamese residents in the process of updating the NRC: (i) Original Inhabitants (OI), (ii) Doubtful Voters (D-Voters), and (ii) Women applicants who have been excluded from the list because of the lack of appropriate bureaucratic documents. As an administrative exercise, the NRC as a citizen identification project is a moment where temporalities of NRC as a classification system does not map onto the individual biographies of a variety of Assamese residents as outlined above. In such moments of ‘torque’ (Geoffrey Bowker and Susan Leigh Star, Sorting things out: Classifications and its consequences, 2000), listing (or the process of making a list) is not simply bureaucratic accounting; it is also a lived experience of mismatch and the struggle that follows in efforts to secure representation through listing. We show that while the NRC update in Assam may itself be driven by anxieties around illegal immigration, the attempts to technologically, legally, and politically categorize the ‘other’ using the information infrastructure of NRC have profound consequences on the ‘self’ of India as a nation state.

Monish is a Programme Officer at the Centre for Internet and Society, India; and Ranjit is a PhD candidate at the Department of Science and Technology Studies, Cornell University, and a Research Associate at the Centre for Internet and Society, India.

Notes

The sessions have been selected based on the votes submitted by all the session teams (that proposed a session for IRC19). Please find details of this process in the Call for Sessions page. The papers have been selected by the researchers@work team.

For more details visit https://cis-india.org/raw/irc19-list-selected-sessions-papers

The constitutionality of MHA surveillance order

nehaa — 2018-12-31T14:06:04Z

The rules require review committees to examine all surveillance orders issued under this section every couple of months.

The article by Nehaa Chaudhari was published in Asian Age on December 30, 2018.

The MHA notification authorising 10 agencies to intercept, monitor and decrypt “any information” generated, transmitted, received or stored in “any computer” has kicked up a row. One section calls it electronic surveillance at the behest of the Big Brother. This time the qualitative difference is data stored anywhere, not just data in motion, can be intercepted.

Privacy is a fundamental right in India. Nine Supreme Court judges agreed on this in late August, last year. It is “the constitutional core of human dignity” and flows primarily from the “guarantee of life and personal liberty” of our Constitution, they said, in the case of K.S.Puttaswamy vs Union of India. This meant two rules for the Indian state. Rule number 1.) Do not intrude upon a citizen’s right to life and personal liberty; and rule number 2.) Take all necessary steps to safeguard individual privacy.

However, because no fundamental right is absolute, the Indian state is allowed to deviate from rule number 1 in certain situations. It can restrict individual privacy provided that it first fulfills three conditions: The restriction must be backed by law; it must be for a legitimate state aim; and, it must be proportionate.

All laws (including existing ones) and government actions, with consequences for individual privacy, must meet the three conditions listed above to be valid.

Those that fail to do so are unconstitutional, and must be suitably amended, or will be struck down, as was the case with Section 377 of the Indian Penal Code, earlier this year. Section 69 of the Information Technology Act, under which the Ministry of Home Affairs has issued its recent surveillance order, warrants similar scrutiny.

Section 69 empowers the Centre and all state governments to authorise any of their officers to surveil citizens’ electronic communications and information. They may do so for any of the reasons laid down in the same section, including India’s sovereignty, integrity, defence, security and foreign relations, or public order, or to prevent the incitement of certain offences, or to investigate any offence. Government orders issued under this section must be reasoned, and in writing. These orders, and the resultant surveillance activity, must follow the procedure laid down in a set of rules framed under the Information Technology Act in 2009. The rules require review committees to examine all surveillance orders issued under this section every couple of months. The review committee at the Centre examines the Union government’s surveillance orders, while state governments’ orders are examined by committees at their respective states. But, review committees, whether at the Centre, or at any of the states, only have
three members each, tasked with reviewing hundreds of orders every day. Moreover, they consist only of government officials. Neither the Information Technology Act, nor the accompanying 2009 rules, require Parliamentary or judicial oversight of electronic surveillance by the executive.

In the past week, at least two petitions have been filed before the Supreme Court,which claim that the MHA’s surveillance order violates the fundamental right to privacy and is unconstitutional. This order for electronic surveillance is a clear deviation from rule number 1, and so the question before the court will be if it meets each of the conditions above to be valid.

Is the MHA order lawful? Yes, given as it was framed under the framework of the IT Act. There remains however, a larger question of the constitutionality of Section 69 itself. If the court finds Section 69 itself to be unconstitutional, any action taken pursuant to Section 69, including the recent MHA order, will also be unconstitutional.

Is the MHA order pursuant to a legitimate state aim? The order itself does not specify what in particular the government hopes to achieve. However, given as it was issued under Section 69, the government could well argue that it was only for the six purposes laid down in the statute.

Moreover, according to the Supreme Court in the right to privacy judgment, legitimate state aims are “matters of policy to be considered by the Union government.” The court even offered examples of possible legitimate state aims, which included the grounds listed under Section 69.

Is the MHA order proportionate? No; and neither is the IT Act’s framework dealing with electronic surveillance. The IT Act allows government surveillance of citizens, unchecked by either the legislature, or the judiciary. It creates a scenario where tiny government committees must review the government’s own decisions to curtail citizens’ fundamental rights. Moreover, it penalises individuals with up to seven years in jail, in addition to fines, for not complying with any interception, monitoring, or decryption request by an authorised government agency.

In light of the recent MHA order, this means that individuals must comply with surveillance requests by 10 government agencies including tax authorities, the police, and civil and military intelligence agencies, or be prepared to face jail time. This is unethical, undemocratic, and unconstitutional.

Unchecked government surveillance threatens not just an individual’s fundamental right to privacy, but also her fundamental freedoms of speech, movement, and assembly among others, also guaranteed fundamental rights under the Indian Constitution.

These rights and freedoms are the very essence of what it means to be a free citizen in a modern democracy. A democratic state must only exercise its police powers in the narrowest of circumstances, within bright lines, clearly defined.

In August, 2017, the Supreme Court laid down the framework to identify these narrow circumstances and bright lines in so far as the fundamental right to privacy was concerned. But, the promise of Puttaswamy is only as good as its implementation, and here lies its biggest challenge.

As Pranesh Prakash, Fellow at the Centre for Internet and Society, said on a television channel recently, perhaps it is about time that we stopped relying solely on the courts to step in to safeguard our fundamental rights, and started demanding that our elected law-markers did their jobs, or did them better. After all, a general election is but a few months away.

For more details visit https://cis-india.org/internet-governance/news/nehaa-chaudhari-asian-age-december-30-2018-constitutionality-of-mha-surveillance-order

December 2018 Newsletter

praskrishna — 2019-01-08T16:15:38Z

We at the Centre for Internet & Society (CIS) wish you all a great year ahead and welcome you to the twelfth issue of its newsletter (December) for the year 2018:

Highlights

CIS signed a MoU with Odia Virtual Academy to work on drafting an open content policy for the state, to promote use of Wikimedia projects by various user types and to ensure sustainability of Wikimedia projects, and to facilitate development of relevant free and open source software projects. This partnership between OVA and CIS will be carried out from December 2018 to November 2019.
Natalia Khaniejo, in a four-part report has attempted to document the various approaches that are being adopted by different stakeholders towards incentivizing cybersecurity and the economic challenges of implementing the same. The literature review was edited by Amber Sinha.
Arindrajit Basu, Karan Saini, Aayush Rathi and Swaraj Barooah created an infographic which has mapped the key stakeholder, areas of focus and threat vectors that impact cybersecurity policy in India. The authors have stated that broadly policy-makers should concentrate on establishing a framework where individuals feel secure and trust the growing digital ecosystem.
In April 2018 European Union issued the proposal for a new regime dealing with cross border sharing of data and information by issuing two draft instruments, an E-evidence Regulation (“Regulation”) and an E-evidence Directive (“Directive”), (together the “E-evidence Proposal”). Vipul Kharbanda has analysed how service providers based in India whose services are also available in Europe would be affected by these proposals.
Feminist research methodology is a vast body of knowledge, spanning across multiple disciplines including sociology, media studies, and critical legal studies. A literature review by Ambika Tandon aims to understand key aspects of feminist methodology across these disciplines, with a particular focus on research on technology and its interaction with society.
CIS and design collective Design Beku came together for a workshop on Illustrations and Visual Representations of Cybersecurity. The authors Paromita Bathija, Padmini Ray Murray, and Saumyaa Naidu have stated that images play a vital role in the public’s perception of cybercrime and cybersecurity.
A list of selected sessions and papers for the Internet Researchers' Conference 2019 (IRC19) has been published. IRC19 will be held in Lamakaan, Hyderabad, from Jan 30 to Feb 1, 2019.

Articles

Private-public partnership for cyber security (Arindrajit Basu; Hindu Businessline; December 24, 2018).
Is the new ‘interception’ order old wine in a new bottle? (Elonnai Hickok, Vipul Kharbanda, Shweta Mohandas and Pranav M. Bidare; Newslaundry.com; December 27, 2018).
Digital Native: System Needs a Reboot (Nishant Shah; Indian Express; December 30, 2018).

Media Coverage

Many sites bypass porn ban (Rajitha Menon; Deccan Herald; December 6, 2018).
How data privacy and governance issues have battered Facebook ahead of 2019 polls (Rahul Sachitanand; Economic Times; December 6, 2018).
Is Aadhaar Essential To Achieve Error-Free Electoral Rolls? (Bloomberg Quint; December 16, 2018).
Centre’s order on computer surveillance threatens right to privacy, experts say (Abhishek Dey; Scroll.in; December 22, 2018).
Centre’s order on computer surveillance is backed by law – but the law lacks adequate safeguards (Nehaa Chaudhari and Tuhina Joshi; Scroll.in; December 23, 2018).
Ten Indian government agencies can now snoop on people’s internet data (David Spenser; VPN Compare; December 24, 2018).
Big Brother is here: Amid snooping row, govt report says monitoring system 'practically complete' (Keerthana Sankaran; New Indian Express; December 26, 2018).
MHA snoop order & bid to amend IT rules: China-like clampdown or tracking unlawful content? (Fatima Khan; The Print December 28, 2018).
The dark side of future tech: Where are we headed on privacy, security, truth? (Dipanjan Sinha; Hindustan Times; December 29, 2018).
The constitutionality of MHA surveillance order (Nehaa Chaudhari; Asian Age; December 30, 2018).

Access to Knowledge

Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Punjabi Wikisource Training Workshop, Patiala (Jayanta Nath; December 6, 2018).
Indic Wikisource Community Consultation 2018 (Jayanta Nath; December 8, 2019).
CIS Signs MoU with Odia Virtual Academy (Sailesh Patnaik; December 19, 2018).

Openness

Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.

Guest Lecture

Lecture on Open Access and Open Content Licensing at ICAR (short course) (Organized by ICAR-Indian Institute of Horticultural Research (IIHR) a constituent establishment of Indian Council of Agricultural Research; November 13 - 22, 2018). Anubha Sinha delivered a lecture.

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

Privacy

Guest Lecture

Teaching at Shristi Interlude (Organised by Shristi; Bangalore; December 7, 2018). Shweta Mohandas participated as a mentor.

Gender

Research Paper

Feminist Methodology in Technology Research: A Literature Review (Ambika Tandon with contributions from Mukta Joshi; research assistance by by Kumarjeet Ray and Navya Sharma; design by Saumyaa Naidu; December 23, 2018).

Blog Entry

Event Report on Intermediary Liability and Gender Based Violence (Akriti Bopanna; edited by Ambika Tandon; December 20, 2018).

Participation in Event

International Network on Feminist Approaches to Bioethics 2018 (Co-organized by Feminist Approaches to Bioethics and Sama; St. John's Medical College; Bangalore; December 3 - 5, 2018). Aayush Rathi and Ambika Tandon were speakers at the event.

Cyber Security

Research Papers

European E-Evidence Proposal and Indian Law (Vipul Kharbanda; December 23, 2018).
Economics of Cybersecurity: Literature Review Compendium (Natalia Khaniejo; edited by Amber Sinha; December 31, 2018).

Infographic

Mapping cybersecurity in India: An infographic (information contributed by Arindrajit Basu, Karan Saini, Aayush Rathi and Swaraj Barooah; designed by Saumyaa Naidu; December 23, 2018).

Blog Entry

A Critical Look at the Visual Representation of Cybersecurity (Paromita Bathija, Padmini Ray Murray, and Saumyaa Naidu; December 11, 2018).

Participation in Event

India-China Tech Forum 2018 (Organised by ORF and Peking University at the Ji Xianlin Centre for India-China Studies; Mumbai; December 11 - 12, 2018). Arindrajit Basu was a speaker.

Artificial Intelligence

Participation in Event

Future Tech and Future Law (Organised by Dept. of IT & BT, Government of Karnataka; Palace Grounds; Bangalore; November 29 - December 1, 2018). Arindrajit Basu was a speaker.
AI for Social Good Summit (Co-organised by Google AI and United Nations ESCAP; Bangkok; December 13, 2018).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Selected Papers

Internet Researchers' Conference 2019 (IRC19): #List - Selected Sessions and Papers (P.P. Sneha; January 2, 2019).

-----------------------------------
About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/december-2018-newsletter

Digital Native: System Needs a Reboot

nishant — 2018-12-31T02:06:02Z

It’s time to replace the schizophrenic need for variety with ingenuity — the truthiness of the information.

The article was published in Indian Express on December 30, 2018.

On the internet, we produce information to be forgotten. The life of digital information is shaped by conditions of volume, velocity and variety (the three Vs). The scale of our collective digital content production has now reached massive proportions. We produce more information in a day than we have produced over entire centuries. So trying to make human sense of this information is futile. We can be assured that almost everything we write will be forgotten and archived before it is consumed and remembered. The large volume also means that in order for information to stand out, it needs velocity. The trend of today will be replaced in a few clicks by something else. Fomo, the fear of missing out, is not just a millennial anxiety, it is the new natural. It is because information is continually being forgotten, transferred from memory to storage, it needs to have variety. It needs to be new but familiar, expected but exciting. Let’s call it, same same, but different.

Renewal is the default of all our digital transactions. Our data streams need constant renewal, our platforms demand updating, our habits of social media engagement need maintenance, and we find new ways of doing the same things over and over again. Our devices light up, with frantic energy, with seductive beeps and sounds, reminding us of the need to renew and update. The poetics of hope and regeneration have long since given way to the politics of manipulation and transactions.

It is the state of continual renewal that perpetuates the fake news economies, as people share without verifying, and consume without reflection. It enables lynch mobs and vigilante violence. It is at the heart of why outrageous claims, provocative politics and a state of extreme apathy make their way into our digital conversations and responses. This is why, hate speech has now become acceptable, and actions without consequences is the new ethos online. It perhaps accounts for why we seem to care more about our gadgets and services than the people behind them. This is why, when we see a food-delivery person stealing some food from our expensive orders, we ask for them to be sacked, rather than being shocked by the deep irony of getting food that costs more than anything the person can ever afford. It puts our attention on to things that have more engagement value than things that matter — which perhaps explains why three weddings with their obscene displays of wealth and power had more social media engagement than conversations about #MeToo in the country.

This renewal has been naturalised as our new mode of being and becoming, making us hypermobile drones that are always on the go, always working, always interacting. The state of perpetual renewal is here to stay, and we will have to figure out ways by which to live with these three Vs. As we approach that time of the year, when we make new resolutions, I want to offer the three Is which perhaps need to be brought back into consideration in our unthinking digital actions: intensity, intimacy, ingenuity.

The volume imperative of digital information favours scale. It wants more clicks, more eyeballs, more users. We get passionately invested for a brief period of time and then are moved on to the next thing. Instead of continually looking for volume, let us focus on intensity. We don’t need a thousand likes, we just need people who we care for, to like things that we do. Something doesn’t become important only when it circulates and goes viral — it becomes so because of the people who are involved in it.

Similarly, the velocity of digital networks demands high speed. We click before we think, and we share before we verify. Our relationship with information has been reduced to sharing as opposed to processing. Maybe it is time to replace velocity with intimacy. When we encounter information, let us take a small pause, process and analyse, and instead of just blindly sharing, maybe respond and critique it, so that it is a relationship of value.

The expectations of variety provoke information that is often untrue or removed from reality. Our filter bubble echo chambers often establish this information as true through repetition rather than verification. We need to get out of the schizophrenic need for variety and concentrate instead on ingenuity — the truthiness of the information and our capacity to stand behind things that we say and share.

The three Vs of digital information are machine protocols. They put the computational in the centre and dictate how human behaviour will be shaped. Maybe it is time we think of the three Is instead, to focus on human needs and aspirations, and demand that our technologies measure up to what we can expect from each other.

For more details visit https://cis-india.org/raw/indian-express-nishant-shah-december-30-2018-digital-native-system-needs-a-robot

Economics of Cybersecurity: Literature Review Compendium

Natallia Khaniejo — 2021-05-01T06:09:09Z

The twenty first century has witnessed an unprecedented conflation of everyday experiences and technosocial practices. The emergence of technologies like the Internet of Things, Cloud Computing, Digital Payment infrastructures are all emblematic of this conflation of technology with economic, social and political modes of existence.

Authored by Natallia Khaniejo and edited by Amber Sinha

Politics and economics are increasingly being amalgamated with Cybernetic frameworks and consequently Critical infrastructure has become intrinsically dependent on Information and Communication Technology (ICTs). The rapid evolution of technological platforms has been accompanied by a concomitant rise in the vulnerabilities that accompany them. Recurrent issues include concerns like network externalities, misaligned incentives and information asymmetries. Malignant actors use these vulnerabilities to breach secure systems, access and sell data, and essentially destabilize cyber and network infrastructures. Additionally, given the relative nascence of the realm, establishing regulatory policies without limiting innovation in the space becomes an additional challenge as well. The lack of uniform understanding regarding the definition and scope of what can be defined as Cybersecurity also serves as a barrier preventing the implementation of clear guidelines. Furthermore, the contrast between what is convenient and what is ‘sanitary’ in terms of best practices for cyber infrastructures is also a constant tussle with recommendations often being neglected in favor of efficiency. In order to demystify the security space itself and ascertain methods of effective policy implementation, it is essential to take stock of current initiatives being proposed for the development and implementation of cybersecurity best practices, and examine their adequacy in a rapidly evolving technological environment. This literature review attempts to document the various approaches that are being adopted by different stakeholders towards incentivizing cybersecurity and the economic challenges of implementing the same.

Click on the below links to read the entire story:

Economics of Cybersecurity Part I

Economics of Cybersecurity Part II

Economics of Cybersecurity Part III

Economics of Cybersecurity Part IV

For more details visit https://cis-india.org/internet-governance/blog/natalia-khaniejo-december-31-2018-economics-of-cybersecurity

Economics of Cyber Security Part IV

Admin — 2018-12-31T01:29:05Z

For more details visit https://cis-india.org/internet-governance/files/economics-of-cyber-security-part-iv

Economics of Cyber Security Part III

Admin — 2018-12-31T01:27:59Z

For more details visit https://cis-india.org/internet-governance/files/economics-of-cyber-security-part-iii

Economics of Cyber Security Part II

Admin — 2018-12-31T01:26:51Z

For more details visit https://cis-india.org/internet-governance/files/economics-of-cyber-security-part-ii

Economics of Cyber Security Part I

Admin — 2018-12-31T01:25:46Z

For more details visit https://cis-india.org/internet-governance/files/economics-of-cyber-security-part-i