The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 2821 to 2835.
Twitter India Workshop
https://cis-india.org/internet-governance/news/twitter-india-workshop
<b>Manasa Rao attended a workshop organized by Twitter titled "The Network Effort". It was an effort by the Public Policy and Government team at Twitter to enable NGOs and non-profits to conduct successful Twitter campaigns and teach them best practices.</b>
<p>The handbook for the workshop <a class="external-link" href="https://about.twitter.com/content/dam/about-twitter/values/twitter-for-good/NGO-Handbook-Eng-Digital.pdf">is here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/twitter-india-workshop'>https://cis-india.org/internet-governance/news/twitter-india-workshop</a>
</p>
No publisherAdminInternet Governance2018-01-01T16:10:28ZNews ItemIndia’s Data Protection Regime Must Be Built Through an Inclusive and Truly Co-Regulatory Approach
https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime
<b>We must move India past its existing consultative processes for rule-making, which often prompts stakeholders to take adversarial and extremely one-sided positions.
</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://thewire.in/201123/inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime/">Wire</a> on December 1, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Earlier this week, the Ministry of Electronics and Information Technology released <a title="a white paper" href="http://meity.gov.in/white-paper-data-protection-framework-india-public-comments-invited" target="_blank"><span style="text-decoration: underline;">a white paper</span></a> by a “committee of experts” appointed a few months back led by former Supreme Court judge, Justice B.N. Srikrishna, on a data protection framework for India. The other members of the committee are Aruna Sundararajan, Ajay Bhushan Pandey, Ajay Kumar, Rajat Moona, Gulshan Rai, Rishikesha Krishnan, Arghya Sengupta and Rama Vedashree.</p>
<p style="text-align: justify; ">With the exception of Justice Srikrishna and Krishnan, the rest of the committee members are either part of the government or part of organisations that have worked closely with the government on separate issues relating to technology, with some of them also having taken positions against the fundamental right to privacy.</p>
<p style="text-align: justify; ">Refreshingly, the committee and the ministry has opted for a consultative process outlining the issues they felt relevant to a data protection law, and espousing provisional views on each of the issues and seeking public responses on them. The paper states that on the basis of the response received, the committee will conduct public consultations with citizens and stakeholders. Legitimate concerns <a title="were raised earlier" href="http://indianexpress.com/article/india/citizens-group-questions-data-privacy-panel-composition-aadhaar-4924220/" target="_blank"><span style="text-decoration: underline;">were raised earlier</span></a> about the constitution of the committee and the lack of inclusion of different voices on it. However, if the committee follows an inclusive, transparent and consultative process in the drafting of the data protection legislation, it would go a long way in addressing these concerns.</p>
<p style="text-align: justify; ">The paper seeks response to as many as 231 questions covering a broad spectrum of issues relating to data protection – including definitions of terms such as personal data, sensitive personal data, processing, data controller and processor – the purposes for which exemptions should be available, cross border flow of data, data localisation and the right to be forgotten.</p>
<p style="text-align: justify; ">While a thorough analysis of all the issues up for discussion would require a more detailed evaluation, at this point, the process of rule-making and the kind of governance model envisaged in this paper are extremely important issues to consider.</p>
<p style="text-align: justify; ">In part IV of the paper on ‘Regulation and Enforcement’, there is a discussion on a co-regulatory approach for the governance of data protection in India. The paper goes so far as to provisionally take a view that it may be appropriate to pursue a co-regulatory approach which involves “a spectrum of frameworks involving varying levels of government involvement and industry participation”.</p>
<p style="text-align: justify; ">However, the discussion on co-regulation in the white paper is limited to the section on regulation and enforcement. A truly inclusive and co-regulatory approach ought to involve active participation from non-governmental stakeholders in the rule-making process itself. In India, unfortunately, we lack a strong tradition of lawmakers engaging in public consultations and participation of other stakeholders in the process of drafting laws and regulation. One notable exception has been the Telecom Regulatory Authority of India (TRAI), which periodically seeks public responses on consultation papers it releases and also holds open houses occasionally. It is heartening to see the committee of experts and the ministry follow a similar process in this case.</p>
<p style="text-align: justify; ">However, these are essentially examples of ‘notice and comment’ rulemaking where the government actors stand as neutral arbiters who must decide on written briefs submitted to it in response to consultation papers or draft regulations that it notifies to the public.</p>
<p style="text-align: justify; ">This process is, by its very nature, adversarial, and often means that different stakeholders do not reveal their true priorities but must take extreme one-sided positions, as parties tend to at the beginning of a negotiation.This also prevents the stakeholders from sharing an honest assessment of the actual regulatory challenge they may face, lest it undermine their position.</p>
<p style="text-align: justify; ">This often pits industry and public interest proponents against each other, sometimes also leading to different kinds of industry actors in adversarial positions. An excellent example of this kind of posturing, also relevant to this paper, is visible in the responses submitted to the TRAI on the its recent consultation paper on ‘Privacy, Security and Ownership of data in Telecom Sector’. One of the more contentious issue raised by the TRAI was about the adequacy of the existing data protection framework under the license agreement with telecom companies, and if there was a need to bring about greater parity in regulation between telecom companies and over-the-top (OTT) service providers. Rather than facilitating an actual discussion on what is a complex regulatory issues, and the real practical challenges it poses for the stakeholders, this form of consultation simply led to the telecom companies and OTT services providers submitting contrasting extreme positions without much scope for engagement between two polar arguments.</p>
<p style="text-align: justify; ">A truly co-regulatory approach which also extends to rulemaking would involve collaborative processes which are far less adversarial in their design and facilitate joint problem solving through multiple face to face meetings. Such processes are also more likely to lead to better rule making by using the more specialised knowledge of the different stakeholders about technology, domain-specific issues, industry realities and low cost solutions. Further, by bringing the regulated parties into the rulemaking process, the ownership of the policy is shared, often leading to better compliance.</p>
<p style="text-align: justify; ">Within the domain of data protection law itself, we have a few existing models of robust co-regulation which entail the involvement of stakeholders not just at the level of enforcement but also at the level of drafting. The oldest and most developed form of this kind of privacy governance can be seen in the study of the Dutch privacy statute. It involved a central privacy legislations with broad principles, sectoral industry-drafted “codes of conduct”, government evaluations and certifications of these codes; and a legal safe harbour for those companies that follow the approved code for their sector. Over a period of 20 years, the Dutch experience saw the approval of 20 sectoral codes across a variety of sectors such as banking, insurance, pharmaceuticals, recruitment and medical research.</p>
<p style="text-align: justify; ">Other examples of policies espousing this approach include two documents from the US – first, a draft bill titled ‘Commercial Privacy Bill of Rights Act of 2011’ introduced before the Congress by John McCain and John Kerry, and second, a White House Paper titled ‘Consumer Data Privacy In A Networked World: A Framework For Protecting Privacy And Promoting Innovation In The Global Digital Economy’ released by the Obama administration. Neither of these documents have so far led to a concrete policy. Both of these policies envisioned broadly worded privacy requirements to be passed by the Congress, followed by the detailed rules to be<span> drafted</span>. The Obama administration white paper is more inclusive in mandating that ‘multi-stakeholder groups’ draft the codes that include not only industry representatives but also privacy advocates, consumer groups, crime victims, academics, international partners, federal and state civil and criminal law enforcement representatives and other relevant groups.</p>
<p style="text-align: justify; ">The principles that emerge out this consultative process are likely to guide the data protection law in India for a long time to come. Among democratic regimes with a significant data-driven market, India is extremely late in arriving at a data protection law. The least that it can do at this point is to learn from the international experience and scholarship which has shown that merits of a co-regulatory approach which entails active participation of the government, industry, civil society and academia in the drafting and enforcement of a robust data protection law.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime'>https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-december-1-2017-inclusive-co-regulatory-approach-possible-building-indias-data-protection-regime</a>
</p>
No publisheramberAadhaarInternet GovernancePrivacy2018-01-01T16:18:54ZBlog EntryFIGI Symposium 2017
https://cis-india.org/internet-governance/news/figi-symposium-2017
<b>Innovative Approaches to Digital Financial Inclusion Challenges. </b>
<p style="text-align: justify; ">The <strong>first edition of the Financial Inclusion Global Initiative (FIGI) Symposium </strong>was held in Bangalore, India, from 29 November to 1 December 2017. The Symposium was organized jointly by the Telecommunication Standardization Bureau (TSB) of the International Telecommunication Union (ITU), jointly with the Bill & Melinda Gates Foundation, the World Bank and the Committee on Payments and Market Infrastructure (CPMI) and the kind support of the Government of India. </p>
<p style="text-align: justify; ">Elonnai Hickok participated in the symposium and spoke in the "Security, Infrastructure, and Trust" working group on big data and privacy in DFS. For more info on the symposium, <a class="external-link" href="https://www.itu.int/en/ITU-T/extcoop/figisymposium/2017/Pages/default.aspx">see here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/figi-symposium-2017'>https://cis-india.org/internet-governance/news/figi-symposium-2017</a>
</p>
No publisherAdminInternet GovernancePrivacy2018-01-01T16:29:42ZNews ItemSex, drugs and the dark web
https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web
<b>Blend anonymity and bitcoins for a ‘guaranteed safe’ cocktail of terrifying potential.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.thehindu.com/sci-tech/technology/internet/sex-drugs-and-the-dark-web/article19818872.ece">Hindu</a> on October 7, 2017.</p>
<hr />
<p style="text-align: justify; "><span>It’s hardly a secret that marijuana’s quite easy to get nowadays. Cigarette shop owners, paanwaalas, and otherwise innocuous dealers of innocuous goods hide their stash just out of sight of the unaware. Rustom Juneja is just another marijuana-smoking adult in one of India’s biggest cities. He used to get his ‘stuff’ from local dealers. Till he “got bored of Indian produce,” as he says. So, in 2015, he decided to go to the dark web.</span></p>
<p style="text-align: justify; ">“I brought strains of marijuana from the U.S. and Canada, from a marketplace on the dark web,” Juneja says. The packages were shipped from their respective countries, they traversed borders, bypassed stringent security and checks, crossed continents, and landed at Juneja’s doorstep.</p>
<p style="text-align: justify; ">That is the dark web for you. Completely unpoliced, willing users can find anything, from the aforementioned marijuana, to “hard” drugs, to military grade-weaponry and even sex workers. All delivered to your doorstep just like books or designer watches from Amazon, Flipkart, or Snapdeal. And yes, some even offer cash-on-delivery. Returns might not be as simple, though.</p>
<p style="text-align: justify; ">Earlier this year, a group of students were arrested in Hyderabad on charges of purchasing LSD (also called ‘acid’) on the dark web. But they weren’t arrested because they had made the transaction on the dark web; they were arrested because the purchase and/ or use of LSD is illegal under Indian law (Narcotic Drugs and Psychotropic Substances Act, 1985).</p>
<p style="text-align: justify; ">In India, transactions on the dark web belong to a legal grey area. More importantly, the transactions here are mostly untraceable.</p>
<p style="text-align: justify; ">So, just what is the dark web?</p>
<h3 style="text-align: justify; "><span>Shadow world</span></h3>
<p style="text-align: justify; ">The world wide web is a Brobdingnagian mass of data, parts of which are ‘indexed’ so that they may be found by users through search engines (Google, Bing, etc). The parts of the web that aren’t indexed, and therefore available for public access, are known as the ‘deep web’. This was the part initially known as the dark web, with the ‘dark’ being more an allusion to being kept away from the light of regular access than its now more nefarious association. While it’s near impossible to put a number to it, unofficial estimates mostly concur that the vast majority of the web is unindexed.</p>
<p style="text-align: justify; ">Then, in the early 2000s, programmers began developing techniques that would be able to offer anonymous access to these hidden bits of the web. In 2002, the U.S. Naval Laboratory released one of the earliest versions of The Onion Router (TOR), a software that would allow anonymous communication between American intelligence agents and operatives on foreign soil.</p>
<p style="text-align: justify; ">This didn’t go quite according to plan, though. Tor was soon appropriated by cyberpunks, who began using the protocol to give access to websites that would host, share, and trade illicit goods. Today, the dark web is a sub-section of the deep web, accessed using specialised software like Tor that ensures absolute anonymity.</p>
<h3 style="text-align: justify; "><span>The onion protocol</span></h3>
<p style="text-align: justify; ">“If you want to track anything on the <a href="http://www.thehindu.com/tag/541-428/internet/?utm=bodytag"><span>Internet, </span></a>it can happen at three levels — the level of the person who sends a request, at the level of the person responding to this request, or it can happen in between these two ends,” says Udbhav Tiwari, Policy Officer at the Centre for Internet and Society.</p>
<p style="text-align: justify; ">“Because of this structure, it is easy to track actions and resources across the Internet, using the same terminology that makes it so easy to index and search. So, people began thinking this might become a problem.”</p>
<p style="text-align: justify; ">Most of us have heard of the Hyper Text Transfer Protocol Secure or HTTPS, a protocol that ensures that information is encrypted and secure the moment it leaves a computer till the time it reaches a destination computer. But this protocol only protects one of the three levels on which information might be tracked. The dark web is built to ensure that the remaining levels are also protected and kept anonymous.</p>
<p style="text-align: justify; ">“The reason it’s called the ‘onion’ protocol is because there are bits of information that are encrypted over and over again. So, when something leaves one computer, it is encrypted with a layer, then it hits another computer and is encrypted with another layer, and it hits another computer, where it is encrypted yet again. When this information returns, each layer is peeled off, so that you get the information you requested, with none of the encryption,” Tiwari says.</p>
<p style="text-align: justify; ">This kind of encryption makes it borderline impossible to figure out who is communicating with who and what they are talking about, unless the physical machines at either end are compromised, or a vulnerability on these machines is exploited by setting up a fake website on the Internet — a technique the FBI uses to track child pornography.</p>
<p style="text-align: justify; ">And what does it all mean? A level of guaranteed secrecy with terrifying potential. A 2015 study found that light drugs were the most traded commodity on the dark web, and that as much as 26% of its content could be classified as ‘child exploitation’.</p>
<p style="text-align: justify; ">A 2016 study found that almost 57% of live websites on the dark web hosted illicit material. The ease of access and the minimal chances of being caught has meant a steady rise in the use of the dark web and the murk it peddles.</p>
<p style="text-align: justify; ">It’s a market where both buyer and vendor are rated, like Uber. This establishes trust, and authenticates the veracity of a potential transaction. Thus, for instance, buyers are obviously more inclined to buy an assault rifle from a highly-rated seller. And you will be sold grenades only if your ratings assure the vendor you’ll fulfil your end of the transaction.</p>
<p style="text-align: justify; ">Once a transaction is finalised, the payment is held ‘in escrow’ — a third party arbitration system which ensures the buyer is paid only after they have met their end of the bargain. The third parties also arbitrate in the event of a dispute.</p>
<h3 style="text-align: justify; "><span>As easy as pie</span></h3>
<p style="text-align: justify; ">Juneja bought marijuana three times, all from the same vendor, but only two shipments reached him. The third time, the parcel never landed, but the arbiters decided in favour of the vendor because he had a much better rating and Juneja lost his money.</p>
<p style="text-align: justify; ">With no proper method to find out whether the vendor has shipped a product or the buyer has received it, this adjudication is seen as the best stop-gap arrangement. For Juneja, as for many others, the loss was a deal breaker, and he didn’t go back to the dark web.</p>
<p style="text-align: justify; ">When the first two shipments did arrive though, they came with absolute swagger and nonchalance. “The product was sealed and flattened out, as if it were a magazine or postcard.” It does say something of international security that it can’t differentiate between a shipment of <em>The New Yorker</em> and marijuana.</p>
<p style="text-align: justify; ">Dark web transactions were initially carried out using legal state-issued currencies. However, the simplicity of tracking online transactions made with property monitored by the government led to the rise of cryptocurrencies — digital or virtual currency that uses cryptographic techniques for security and which would be beyond state control. Besides the need to go underground, there was a political angle.</p>
<p style="text-align: justify; ">“These people see money as a state incursion into private affairs,” says Jyotirmoy Bhattacharya, economics professor at Delhi’s Ambedkar University.</p>
<p style="text-align: justify; ">The first, and still most popular, cryptocurrency was released in 2009 — bitcoin. Created by an unknown person or group of people, going only by the pseudonym Satashi Nakamoto, bitcoin was intended as a ‘peer-to-peer electronic cash system’, which would be completely decentralised, with no central server or state authority. This meant that the value and proliferation of bitcoin would be determined by its creators and users.</p>
<p style="text-align: justify; "><span>The idea of a virtual currency has been around since before Nakamoto, but a large problem was in limiting creation and supply. Bitcoin was the first to solve this problem. “Bitcoin uses a technique known as the ‘proof-of-work’ (POW). So, to create a new set of this currency, you have to spend some amount of computational resources. This limits how much currency you can generate, thus ensuring that the currency has a value,” says Bhattacharya.</span></p>
<h3 style="text-align: justify; "><span>What is bitcoin?</span></h3>
<p style="text-align: justify; ">“A bitcoin is simply a solution to a puzzle. If there are a set of puzzles that are a part of the bitcoin protocol, one bitcoin is simply one of the solved puzzles of that set, along with a digital signature of who solved the puzzle,” says Bhattacharya. A public ledger tracks the ownership of bitcoins, which ensures that the same one is not used again by the same person.</p>
<p style="text-align: justify; ">“Since there is no central authority, your transaction has to match the globally agreed ledger.” To ensure that ownership of bitcoin is legitimate, every transaction is published in the ledger, thus creating a ‘chain of transactions’ known as a blockchain.</p>
<p style="text-align: justify; ">Over the past few years, the value of bitcoin has skyrocketed, so much so that people have begun investing in it, as an asset. When bitcoin was first used as tender in early 2010, it was valued at around $0.003. For a brief while in August, one bitcoin was valued at $4,500, a record high.</p>
<p style="text-align: justify; ">In the everyday world of eggs and bread, though, bitcoin has limited use. It is still unrecognised by several nations, and deemed illegal in many others. It’s in the dark web that it finds its most votaries. While it would be flippant to suggest that bitcoin is used on the dark web solely for illicit uses, it is difficult to deny its origins for that purpose, and its continuing use there.</p>
<p style="text-align: justify; ">Bedavyasa Mohanty, an Associate Fellow at Observer Research Foundation Cyber Initiative, says that there are Indian users transacting on the dark web using bitcoin and claims that this number is only likely to increase as accessibility increases. “Bitcoin cannot be tracked,” says Mohanty. “With the ledger and the blockchain, you can trace the trail of a certain bitcoin, but it is anonymised. You can’t point out who owns that bitcoin.”</p>
<p style="text-align: justify; ">This, in effect, means an entirely anonymous transaction may be made on the dark web for any number of illegal goods or services using a currency that leaves a trail which goes nowhere and leaves no fingerprints. This, in a nutshell, is the danger when bitcoin combines with the dark web.</p>
<p style="text-align: justify; ">Several users I spoke to either claimed that fears about the dark web were mostly unfounded, or that the freedom it offered was an essential facet of the Internet. But it can’t be denied that the sheer possibility that somebody can deal in child porn or hard drugs or deadly weapons right under the nose of the law is a terrifying one.</p>
<p style="text-align: justify; ">From the perspective of Indian law enforcement, given the technical knowhow they have to track down owners and users of bitcoins, the chances of discovery are minimal, says Mohanty. The currency uses a system of public and private ‘keys’, ensuring that an intercepted bitcoin transmission is useless without those keys. To top it, India does not have any clear laws to regulate cryptocurrencies.</p>
<p style="text-align: justify; ">“For India to regulate cryptocurrencies, it would need to legally recognise their existence,” says Mohanty. “And if you do recognise them, what do you treat them as? As a security? Or as a currency that can be traded openly, and so on. That’s part of the reason why the Reserve Bank hasn’t formally recognised cryptocurrencies.”</p>
<h3 style="text-align: justify; "><span>Flagging illegal trades</span></h3>
<p style="text-align: justify; ">Bitcoin exchanges in India insist that they follow strict guidelines and e-KYC (Know Your Customer) rules, ensuring that the identity of every customer on the exchange is verified. “If somebody tries to use a bitcoin from Zebpay or any other recognised exchange, they will definitely be tracked down,” says Saurabh Agrawal, co-founder of Zebpay, one of India’s largest bitcoin exchanges.</p>
<p style="text-align: justify; ">“We use strong software; if any of our users use bitcoins for illegal purposes, we close their accounts. We’ve done this in the past and will do so in future as well.” He claims their software maintains a list of web addresses deemed ‘red alert’ sites, and the moment a bitcoin is sent to such a site, the transaction is flagged.</p>
<p style="text-align: justify; ">Others are less positive. “While we can track whether a transaction is made through illegal routes, to some extent it’s true that we cannot track all transactions in real time as this takes a large amount of data,” says Sathvik Vishwanath, CEO, Unocoin.</p>
<p style="text-align: justify; ">“But if someone is trying to buy or sell from illegal marketplaces, we have a mechanism where we can — and do — stop it.” Given that customers are KYC-verified, “they don’t try to indulge in malicious activities,” he says.</p>
<p style="text-align: justify; ">Pan to Rustom Juneja. Juneja made three transactions in 2015, using bitcoins purchased entirely legally from an exchange. “You have to create an account on any of the markets online, and transfer your bitcoins to that account,” Juneja informs me. His account too was KYC-verified, and they had all his details — PAN number, Aadhar, and so on. He had no clue then that the exchanges had tracking methods. “Look, if these actually worked, there’s no way we wouldn’t have been caught,” he says.</p>
<p style="text-align: justify; ">Part of the problem, of course, is that Indian law does not recognise the dark web as a separate entity from the ‘surface’ web; there are no special laws for it. Yet, even if laws were put in place, there are few ways in which states can monitor or block the use of the dark web owing to a host of technical and legal reasons.</p>
<p style="text-align: justify; ">“A sense of urgency [regarding the dark web], especially relating to the use of bitcoin for illicit activities, hasn’t been instilled in the government yet,” says Mohanty. “What they are worried about is terrorism, and the use of anonymous technologies and chatrooms for radicalisation, terror planning, or buying and selling weapons.”</p>
<p style="text-align: justify; ">Juneja is one of a few thousand active Indian users on the dark web. Nothing stops them from buying a strain of marijuana from Canada. But nothing stops them from buying a Kalashnikov either.</p>
<h3 style="text-align: justify; "><span>Sunny side up</span></h3>
<p style="text-align: justify; ">The dark web isn’t necessarily only a marketplace for all of the world’s nefarious practices. The very anonymity and shrouds that the dark web offers can be used for general practices by users looking merely for privacy.</p>
<p style="text-align: justify; ">Aritra Ghosh, a Ph.D student of Computational Astrophysics at Yale University says, “(The dark web is) possibly the only way to do something in “secret” away from any kind of surveillance. Onion routing still hasn’t been broken. So, it can play a substantial role in movements against companies, governments and so on.”</p>
<p style="text-align: justify; ">And this is a quality that many frequenters of the dark web swear by. Even the ability to use anonymous messenger service with a near-complete guarantee of not being ‘watched’ drives a lot of people here.</p>
<p style="text-align: justify; ">Akarsh Pandit, 24, says unrestricted access to many resources including books and documents is an area of huge potential. “Another significant pro is the avoidance of national firewalls that exist in some countries. Moreover, you gain access to unindexed search results,” he says.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web'>https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web</a>
</p>
No publisherAdminInternet Governance2018-01-02T16:13:14ZNews ItemAttempted data breach of UIDAI, RBI, ISRO and Flipkart is worrisome
https://cis-india.org/internet-governance/news/daily-o-october-4-2017-attempted-data-breach-of-uidai-rbi-isro-and-flipkart
<b>Perhaps, we got lucky this time, but the ongoing problem of massive cyber-security breaches wouldn't stop at one thwarted attempt to steal sensitive information from the biggest and most important databases. </b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="https://www.dailyo.in/variety/uidai-rbi-isro-flipkart-hack-cyber-security-data-breach-dark-net/story/1/19893.html">DailyO</a> on October 4, 2017.</p>
<hr />
<p style="text-align: justify; "><span>An</span><span> <a href="http://www.moneycontrol.com/news/trends/current-affairs-trends/uidai-bse-among-6000-indian-organisations-reportedly-affected-by-data-breach-2404223.html/amp" rel="nofollow" target="_blank">alarming report </a></span><span>on a potential data breach impacting almost 6,000 Indian organisations — including the Unique Identification Authority of India (UIDAI) that hosts Aadhaar numbers, Reserve Bank of India, Bombay Stock Exchange and Flipkart — has surfaced and supposedly been contained.</span></p>
<p style="text-align: justify; ">A cyber security firm in Pune, Seqrite, had found in its Cyber Intelligence Labs that India's national internet registry, IRINN (Indian Registry for Internet Names and Numbers), which comes under NIXI (National Internet Exchange of India), was compromised, though the issue has reportedly been "addressed".</p>
<p style="text-align: justify; ">Sequite tracked an advertisement on the "dark net" — the digital underworld — offering access to servers and database dump of more than 6,000 Indian businesses and public assets, including the big ones such as UIDAI, RBI, BSE and Flipkart.</p>
<p style="text-align: justify; ">The report states that the "dealer could have had access to usernames, email ids, passwords, organisation name, invoices and billing documents, and few more important fields, and could have potentially shut down an entire organisation".</p>
<p style="text-align: justify; ">The UIDAI has <span><a href="https://twitter.com/UIDAI/status/915528090230517761" rel="nofollow" target="_blank">denied</a></span> the security breach of Aadhaar data in the IRINN attacks, in an expected move. "UIDAI reiterated that its existing security controls and protocols are robust and capable of countering any such attempts or malicious designs of data breach or hacking," said the report, which is basically a rebuttal from the powerful organisation at the heart of centralising all digital information of all Indians.</p>
<p style="text-align: justify; ">Though the aggrieved parties have been notified, and the NCIIPC (National Critical Information Infrastructure Protection Centre) is looking at the issue, what this means is that digital information is a minefield susceptible to all kinds of threats from criminals as well as foreign adversaries, along with being commercially exploited by major conglomerates.</p>
<p style="text-align: justify; ">Till August 2017 alone, around <span><a href="https://www.medianama.com/2017/08/223-ransomware-india-wannacry-petya/" rel="nofollow" target="_blank">37 incidents</a></span> of ransomware attacks have been reported, including the notorious WannaCry attacks. But what makes the attacks very, very threatening is the government's insistence — illegal at that — to link Aadhaar with every service, and create a centralised nodal, superior network of all networks.</p>
<p style="text-align: justify; ">This "map of maps" has been rightly called out as a potential <span><a href="https://thewire.in/118541/national-security-case-aadhaar/" rel="nofollow" target="_blank">national security threat</a></span>, as it makes a huge reservoir of data vulnerable to cyberthreats from mercenaries, the digital underworld and foreign adversaries.</p>
<p style="text-align: justify; "><img alt="A widely circulated report prepared by the Centre for Internet and Society (CIS) underlined the major flaws in the 2016 Aadhaar Act, that makes it vulnerable to several digital threats. Photo: Reuters" src="https://smedia2.intoday.in/dailyo//story/embed/201710/data-inside_100417083834.jpg" title="data-inside_100417083834.jpg" /></p>
<p style="text-align: justify; "><span><strong>A widely circulated report prepared by the Centre for Internet and Society (CIS) underlined the major flaws in the 2016 Aadhaar Act, that makes it vulnerable to several digital threats. Photo: Reuters</strong></span></p>
<p style="text-align: justify; ">That the data dump in the digital black market provides access to entire servers for a meagre sum of Rs 42 lakh, as mentioned in the report, is a sign of how insecure our personal information could be on the servers of the biggest government organisations and commercial/online retail giants. This includes the likes of Flipkart, which store our passwords, emails, phone numbers and other important information linked to our bank details and more.</p>
<p style="text-align: justify; ">Whilst UIDAI was declared a <span><a href="http://meity.gov.in/writereaddata/files/UIDAI%20CII%20notification%20Dec15.pdf" rel="nofollow" target="_blank">"protected system"</a></span> under Section 70 of the Information Technology Act, and a critical information infrastructure, in practice, there are way too many breaches and leaks of Aadhaar data to merit that tag.</p>
<p style="text-align: justify; ">Because the current (officially thwarted) attempt to hack into these nodal databases involved the data of hundreds of millions of Indians, the matter has been dealt with the required seriousness. However, as the report states, "among the companies whose emails they found were Tata Consultancy Services, Wipro, Indian Space Research Organisation, Mastercard/Visa, Spectranet, Hathway, IDBI Bank and EY".</p>
<p style="text-align: justify; ">This is a laundry list of the biggest and most significant organisations, with massive digital footprints, which are sitting on enormous databanks. Hacking into ISRO, for example, could pose a formidable risk to India's space programmes as well as jeopardise information safety of crucial space projects that are jointly conducted with friendly countries such as Russia, China and the US.</p>
<p style="text-align: justify; ">A widely circulated report prepared by the Centre for Internet and Society (CIS) on the Aadhaar Act and <span><a href="https://cis-india.org/internet-governance/blog/aadhaar-act-and-its-non-compliance-with-data-protection-law-in-india" rel="nofollow" target="_blank">its non-compliance with data protection law</a></span> in India underlined the major flaws in the 2016 Aadhaar Act, that makes it vulnerable to several digital threats.</p>
<p style="text-align: justify; ">Moreover, CIS also reported how government websites, especially "those run by National Social Assistance Programme under Ministry of Rural Development, National Rural Employment Guarantee Act (NREGA) run by Ministry of Rural Development, Daily Online Payment Reports under NREGA (Governemnt of Andhra Pradesh) and Chandranna Bima Scheme (also run by Government of Andhra Pradesh) combined were responsible for<a href="http://m.thehindubusinessline.com/info-tech/aadhaar-data-leak-exposes-cyber-security-flaws/article9677360.ece" rel="nofollow" target="_blank"><span> publicly exposing</span> </a>personal and Aadhaar details of over 13 crore citizens".</p>
<p style="text-align: justify; ">The government has been rather lackadaisical about the grave security threats posed by India's shaky digital infrastructure, saying it's robust when it's not: the UIDAI itself has been brushing the allegations of exclusion, data breach and leaking of data from various government and private operators' servers and there have been several documentations of the security threat as well as the human rights violations that the digital breaches pose for India's institutions and its citizens.</p>
<p style="text-align: justify; ">As noted welfare economist Jean Dreze <span><a href="http://indianexpress.com/article/opinion/columns/dissent-and-aadhaar-4645231/" rel="nofollow" target="_blank">says</a></span>, "With Aadhaar immensely reinforcing the government's power to reward loyalty and marginalise dissenters, the embers of democracy are likely to be further smothered."</p>
<p style="text-align: justify; ">Even as India's jurisprudence held privacy and autonomy as supreme, Indians remain vulnerable to institutional failures and an abject lack of awareness on the gravity of digital destabilisation.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/daily-o-october-4-2017-attempted-data-breach-of-uidai-rbi-isro-and-flipkart'>https://cis-india.org/internet-governance/news/daily-o-october-4-2017-attempted-data-breach-of-uidai-rbi-isro-and-flipkart</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-02T16:20:58ZNews ItemTwitter tweaks user policy a day after SC clampdown
https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-and-raghu-krishnan-september-8-2017-twitter-tweaks-user-policy-a-day-after-sc-clampdown
<b>This, when India is looking to crack down on global firms exporting customer data to servers.</b>
<p style="text-align: justify; ">The article by Alnoor Peermohamed and Raghu Krishnan was <a class="external-link" href="http://www.business-standard.com/article/companies/twitter-to-take-user-data-overseas-tweaks-policy-117090701415_1.html">published in the Business Standard</a> on September 8, 2017. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; ">Microblogging platform Twitter on Thursday told its users in India that the data collected from them could be moved outside the country and were within the purview of using its service.</p>
<p style="text-align: justify; ">This comes as the government is considering making it mandatory for internet and mobile <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=companies" target="_blank"><span>companies </span></a>to store user data locally. Global internet giants such as Google, Facebook and Twitter aggressively use user data they gather for targeted advertising.</p>
<p style="text-align: justify; ">This is in the wake of the Supreme Court issuing notices to Twitter and Google on Wednesday seeking their legal views on a petition drawing the court’s attention to the lack of control over data-sharing with cross-border corporate entities in violation of a citizen’s right to privacy. The Bench also asked WhatsApp and Facebook to file sworn statements on whether they shared any data collected from users with third parties.</p>
<p style="text-align: justify; ">India provides the highest number of active daily users for Twitter, which told them on Thursday that its updated terms of service, effective October 2, allowed user data to be moved overseas and shared with affiliates. Twitter did not respond immediately to an email.</p>
<p style="text-align: justify; ">“If private data is located in servers outside India, it will be a violation of privacy,” said Pavan Duggal, <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=cybersecurity" target="_blank"><span>cybersecurity </span></a>expert and lawyer, adding, “India needs to quickly come up with privacy legislation. Data localisation is a distinct option that India should look at.”</p>
<p style="text-align: justify; ">Internet firms collect personal information, contacts and location, apart from activities users share. In India, it is also critical as most users access these platforms on their smartphones, which they also use to do financial transactions with banks and the government.</p>
<p style="text-align: justify; ">The government last month asked 21 smartphone handset makers, the majority of them Chinese, to declare whether the data they collected from users were hosted on servers outside India.</p>
<p style="text-align: justify; ">“The government can come up with rules under Section 83 of the Information Technology Act, mandating steps needed to protect data generated by computers in India. This should be a priority,” Duggal said.</p>
<p style="text-align: justify; ">Not all concur with data localisation. “One of the oft-quoted reasons for data localisation is security, but it doesn’t help improve security at all. The idea that the data taken out of the country somehow become insecure is wrong. It is very easy to copy the data in India as well. It’s not going to help reduce snooping in any way,” said Pranesh Prakash, policy director at the Centre for Internet and Society.<span> </span></p>
<p style="text-align: justify; ">Instead he advocates India to frame laws similar to that of the European Union (EU), which mandates its laws apply to any data collected of an EU citizen.</p>
<p style="text-align: justify; ">“The question is not about whether your data is in India or not; it is about whether India’s laws are applicable to the data. This is the way laws in the EU work, by insisting on it wherever an EU citizen data is taken,” Prakash added.</p>
<p style="text-align: justify; ">“That’s what is most important when one is looking at security and privacy rather than where the data is stored. As long as they have a presence in the country, India should be able to take action against them if they’re breaking any Indian laws. With the internet, you can’t be sure of where the data is saved, and really, it shouldn’t matter,” Prakash said.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-and-raghu-krishnan-september-8-2017-twitter-tweaks-user-policy-a-day-after-sc-clampdown'>https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-and-raghu-krishnan-september-8-2017-twitter-tweaks-user-policy-a-day-after-sc-clampdown</a>
</p>
No publisherAdminInternet Governance2018-01-03T02:00:02ZNews ItemUIDAI denies any breach of Aadhaar database
https://cis-india.org/internet-governance/news/livemint-komal-gupta-january-7-2018-uidai-denies-any-breach-of-aadhaar-database
<b>Personal data, including biometric information, of citizens safe and secure, says UIDAI on Aadhaar data breach.
</b>
<p style="text-align: justify; ">The article by Komal Gupta was published by <a class="external-link" href="http://www.livemint.com/Politics/bw5gRWcZoFYOjixGVVSqiP/UIDAI-says-Aadhaar-misuse-traceable-system-secure.html">Livemint</a> on January 7, 2018</p>
<hr />
<p style="text-align: justify; ">The Unique Identification Authority of India (UIDAI) on Thursday clarified that there has not been any breach in the Aadhaar database and the personal data of citizens, including biometric information, is safe and secure.</p>
<p style="text-align: justify; ">The clarification comes in response to a news report titled ‘Rs 500, 10 minutes, and you have access to a billion Aadhaar details’ published in The Tribune on Thursday. The report claims that a WhatsApp group sold all Aadhaar data available with UIDAI for a sum of Rs. 500.</p>
<p id="_mcePaste" style="text-align: justify; ">UIDAI maintained that the reported case appeared to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete logs and traceability of the facility, legal action including lodging of FIR against the persons involved in the case is being undertaken.</p>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<div id="_mcePaste" style="text-align: justify; "></div>
<p style="text-align: justify; ">UIDAI maintained that the reported case appeared to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete logs and traceability of the facility, legal action including lodging of FIR against the persons involved in the case is being undertaken. UIDAI maintained that the reported case appeared to be an instance of misuse of the grievance redressal search facility. As UIDAI maintains complete logs and traceability of the facility, legal action including lodging of FIR against the persons involved in the case is being undertaken. UIDAI clarified in a press statement that displayed demographic information cannot be misused; it would need to be paired with an individual’s biometrics.</p>
<p style="text-align: justify; ">There are more than 1.19 billion Aadhaar card holders in the country.</p>
<p style="text-align: justify; "><span>“If it is not a data breach, then this means that some people who have legitimate access to the data are selling it illegitimately. This poses a greater problem,” said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bengaluru-based think tank.</span></p>
<h2></h2>
<h2></h2>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/livemint-komal-gupta-january-7-2018-uidai-denies-any-breach-of-aadhaar-database'>https://cis-india.org/internet-governance/news/livemint-komal-gupta-january-7-2018-uidai-denies-any-breach-of-aadhaar-database</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-07T12:03:13ZNews ItemOctober 2017 Newsletter
https://cis-india.org/about/newsletters/october-2017-newsletter
<b>October 2017 Newsletter</b>
<p style="text-align: justify; "><span>Dear readers,</span></p>
<p style="text-align: justify; ">Previous issues of the newsletters can be <a class="external-link" href="http://cis-india.org/about/newsletters">accessed here</a>.</p>
<hr style="text-align: justify; " />
<table class="plain">
<tbody>
<tr>
<th>Highlights</th>
</tr>
<tr>
<td>
<ul>
<li>CIS <a class="external-link" href="https://cis-india.org/accessibility/blog/cis-comments-on-mobile-accessibility-guidelines">submitted its comments </a>on mobile accessibility guidelines to the Ministry of Electronics & IT, Govt. of India. </li>
<li>
<div id="_mcePaste" style="text-align: justify; ">Between 1 to 16 September, an online discussion took place on the creation of social media guidelines and strategy for Telugu Wikimedia handles online. Manasa Rao <a class="external-link" href="https://cis-india.org/a2k/blogs/discussion-on-creation-of-social-media-guidelines-strategy-for-telugu-wikimedia">captured the developments in a blog post</a>.</div>
</li>
<li>
<div id="_mcePaste" style="text-align: justify; ">Padma Venkataraman in a blog entry <a class="external-link" href="https://cis-india.org/internet-governance/blog/cis2019-efforts-towards-greater-financial-disclosure-by-icann">chronologically mapped</a> CIS’ efforts at enhancing financial transparency and accountability at ICANN, while providing an outline of what remains to be done.</div>
</li>
<li>
<div id="_mcePaste" style="text-align: justify; ">Shyam Ponappa's article on NPAs and structural issues was published in the <a class="external-link" href="https://cis-india.org/telecom/blog/business-standard-shyam-ponappa-october-5-2017-npas-and-structural-issues">Business Standard</a> on October 5, 2017.</div>
</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>CIS in the News:</p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/daily-o-october-4-2017-attempted-data-breach-of-uidai-rbi-isro-and-flipkart">Attempted data breach of UIDAI, RBI, ISRO and Flipkart is worrisome</a> (DailyO, October 4, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/the-hindu-saurya-sengupta-sex-drugs-and-the-dark-web">Sex, drugs and the dark web</a> (Hindu; October 7, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/first-post-october-12-2017-ahead-of-data-protection-law-roll-out-experts-caution-that-it-shouldnt-limit-collection-and-use-of-data">Ahead of data protection law roll out, experts caution that it shouldn't limit collection and use of data</a> (First Post; October 12, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/medianama-october-18-2017-namaprivacy-economics-and-business-models-of-iot">#NAMAprivacy: The economics and business models of IoT and other issues</a> (Medianama; October 18, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/medianama-october-18-2017-namaprivacy-data-standards-for-iot">#NAMAprivacy: Data standards for IoT and home automation systems</a> (Medianama; October 18, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/deccan-herald-furquan-moharkan-october-24-2017-majority-of-top-politicians-twitter-followers-fake">Majority of top politicians' Twitter followers fake: audit </a>(Furquan Moharkan; Deccan Herald; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/accessibility/news/eastern-mirror-october-23-2017-awards-for-those-working-on-employment-opportunities-for-disabled">Awards for those working on employment opportunities for disabled</a> (Eastern Mirror; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/new-indian-express-october-25-2017-nibbling-away-into-your-bank-account-salami-attackers-cart-away-a-fortune">Nibbling away into your bank account, salami attackers cart away a fortune</a> (New Indian Express; October 25, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/accessibility/news/nirmita-narasimhan-wins-the-18th-ncpedp-mindtree-helen-keller-award-2017">Nirmita Narasimhan wins the 18th NCPEDP-Mindtree Helen Keller Award 2017!</a> (National Centre for Promotion of Employment for Disabled People; October 31, 2017).</li>
</ul>
<p style="text-align: justify; "><strong>-----------------------------------</strong><br /><a href="http://cis-india.org/a2k">Access to Knowledge</a> <br /><strong>----------------------------------- </strong><br />Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.</p>
<p style="text-align: justify; "><span>►</span>Wikipedia</p>
<p style="text-align: justify; "><strong>Blog Entries</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/odia-wikisource-turns-3">Odia Wikisource Turns 3</a> (Manasa Rao; October 22, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/wikimedia-workshop-at-ismailsaheb-mulla-law-college-satara">Wikimedia Workshop at Ismailsaheb Mulla Law College, Satara</a> (Subodh Kulkarni; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/marathi-wikipedia-edit-a-thon-at-dalit-mahila-vikas-mandal-satara">Marathi Wikipedia Edit-a-thon at Dalit Mahila Vikas Mandal, Satara</a> (Subodh Kulkarni; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/marathi-wikipedia-workshop-at-mgm-trusts-college-of-journalism-and-mass-communication-aurangabad">Marathi Wikipedia Workshop at MGM Trust's College of Journalism and Mass Communication, Aurangabad</a> (Subodh Kulkarni; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/orientation-program-at-kannada-university-hampi">Orientation Program at Kannada University, Hampi</a> (A. Gopalakrishna; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/marathi-wikipedia-workshop-at-solapur-university">Marathi Wikipedia Workshop at Solapur University</a> (Subodh Kulkarni; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/discussion-on-creation-of-social-media-guidelines-strategy-for-telugu-wikimedia">Discussion on Creation of Social Media Guidelines & Strategy for Telugu Wikimedia</a> (Manasa Rao; October 24, 2017).</li>
</ul>
<p style="text-align: justify; "><span>►Openness</span></p>
<div style="text-align: justify; ">Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.</div>
<div style="text-align: justify; "><strong>-----------------------------------</strong><span style="text-align: justify; "> </span>
<p style="text-align: justify; "><a href="http://cis-india.org/internet-governance">Internet Governance</a> <br /><strong>-----------------------------------</strong></p>
<p style="text-align: justify; ">As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.</p>
<ul style="text-align: justify; ">
</ul>
<p style="text-align: justify; "><span>►</span>Freedom of Expression</p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/icann2019s-problems-with-accountability-and-the-web-controversy">ICANN’s Problems with Accountability and the .WEB Controversy</a> (Padma Venkataraman; October 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/why-presumption-of-renewal-is-unsuitable-for-the-current-registry-market-structure">Why Presumption of Renewal is Unsuitable for the Current Registry Market Structure</a> (Padma Venkataraman; October 29, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/cis2019-efforts-towards-greater-financial-disclosure-by-icann">CIS’ Efforts Towards Greater Financial Disclosure by ICANN</a> (Padma Venkataraman; October 29, 2017).</li>
</ul>
<br />
<p style="text-align: justify; "><strong>►</strong>Cyber Security</p>
<p style="text-align: justify; "><strong>Participation in Event</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/cy-fy-2017">CyFy 2017</a> (Organized by Observer Research Foundation; New Delhi; October 2 - 4, 2017). Sunil Abraham was a speaker.</li>
</ul>
<br />
<p style="text-align: justify; ">►Privacy</p>
<ul style="text-align: justify; ">
</ul>
<p style="text-align: justify; "><strong>Blog Entry</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/gdpr-and-india-a-comparative-analysis">GDPR and India: A Comparative Analysis</a> (Aditi Chaturvedi; October 17, 2017).</li>
</ul>
</div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "><strong>Participation in Event</strong></div>
<div style="text-align: justify; ">
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/securing-the-digital-payments-ecosystem">Securing The Digital Payments Ecosystem</a> (Organized by NITI Aayog; October 9, 2017).</li>
</ul>
</div>
<div style="text-align: justify; "><br />
<div><strong>
<p style="text-align: justify; "><strong>►</strong>Big Data</p>
<p style="text-align: justify; "><strong>Blog Entry</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/revisiting-per-se-vs-rule-of-reason-in-light-of-the-intel-conditional-rebate-case">Revisiting Per Se vs Rule of Reason in Light of the Intel Conditional Rebate Case</a> (Shruthi Anand; October 4, 2017).</li>
</ul>
</strong></div>
<div><br /><strong>Event Organized</strong></div>
<div>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/events/emerging-issues-in-the-internet-of-things">Emerging Issues in the Internet of Things</a> (CIS, Bengaluru; October 23, 2017). Andrew Rens gave a talk.</li>
</ul>
</div>
<div><span style="text-align: justify; "><strong><strong>-----------------------------------</strong></strong><span style="text-align: justify; "> </span>
<p style="text-align: justify; "><strong><a href="http://cis-india.org/telecom">Telecom</a> <br /><strong>----------------------------------- </strong><br /></strong><span>CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:</span></p>
<p style="text-align: justify; "><strong>Article </strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/telecom/blog/business-standard-shyam-ponappa-october-5-2017-npas-and-structural-issues">NPAs & Structural Issues</a> (Shyam Ponappa; Business Standard; October 4, 2017).</li>
</ul>
<div>
<p style="text-align: justify; "><strong>-----------------------------------</strong><br /><a href="http://cis-india.org/raw">Researchers at Work</a> <br /><strong>----------------------------------- </strong><br /><span>The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:</span></p>
<p style="text-align: justify; "><strong>Articles</strong></p>
<ul>
<li><strong><a class="external-link" href="http://cis-india.org/raw/indian-express-nishant-shah-october-9-digital-native-there-is-no-spoon-there-is-no-privacy">Digital Native: There is no spoon, There is no privacy</a> (Nishant Shah; October 9, 2017).</strong></li>
<li><strong><a class="external-link" href="http://cis-india.org/raw/indian-express-nishant-shah-october-22-2017-digital-native-finger-on-the-buzzer">Digital Native: Finger on the buzzer</a> (Nishant Shah; October 22, 2017).</strong></li>
</ul>
<p style="text-align: justify; "><span>-----------------------------------<br /></span><a href="http://cis-india.org/">About CIS<br /></a><span>----------------------------------- </span></p>
<div class="keyResearch">
<div id="parent-fieldname-text-8a5942eb6f4249c5b6113fdd372e636c">
<div style="text-align: justify; ">
<p>The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.</p>
<p>► Follow us elsewhere</p>
<div>
<ul>
<li>Twitter:<a href="http://twitter.com/cis_india"> http://twitter.com/cis_india</a></li>
<li>Twitter - Access to Knowledge: <a href="https://twitter.com/CISA2K">https://twitter.com/CISA2K</a></li>
<li>Twitter - Information Policy: <a href="https://twitter.com/CIS_InfoPolicy">https://twitter.com/CIS_InfoPolicy</a></li>
<li>Facebook - Access to Knowledge:<a href="https://www.facebook.com/cisa2k"> https://www.facebook.com/cisa2k</a></li>
<li>E-Mail - Access to Knowledge: <a>a2k@cis-india.org</a></li>
<li>E-Mail - Researchers at Work: <a>raw@cis-india.org</a></li>
<li>List - Researchers at Work: <a href="https://lists.ghserv.net/mailman/listinfo/researchers">https://lists.ghserv.net/mailman/listinfo/researchers</a></li>
</ul>
</div>
<p>► Support Us</p>
<div>Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.</div>
<p>► Request for Collaboration</p>
<div>
<p>We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at <a>tanveer@cis-india.org</a>.</p>
<div><em>CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects</em>.</div>
</div>
<div></div>
</div>
<ul style="text-align: justify; ">
</ul>
</div>
</div>
<div id="viewlet-below-content-body">
<div class="visualClear"></div>
<div class="documentActions"></div>
</div>
<ul style="text-align: justify; ">
</ul>
</div>
<ul style="text-align: justify; ">
</ul>
</span></div>
<ul style="text-align: justify; ">
</ul>
</div>
<div></div>
<ul>
</ul>
<p>
For more details visit <a href='https://cis-india.org/about/newsletters/october-2017-newsletter'>https://cis-india.org/about/newsletters/october-2017-newsletter</a>
</p>
No publisherpraskrishnaAccess to KnowledgeTelecomAccessibilityInternet GovernanceResearchers at Work2018-01-10T00:53:03ZPageNovember 2017 Newsletter
https://cis-india.org/about/newsletters/november-2017-newsletter
<b>November 2017 Newsletter</b>
<p style="text-align: justify; "><span>Dear readers,</span></p>
<p style="text-align: justify; ">Previous issues of the newsletters can be <a class="external-link" href="http://cis-india.org/about/newsletters">accessed here</a>.</p>
<hr style="text-align: justify; " />
<table class="plain">
<tbody>
<tr>
<th>Highlights</th>
</tr>
<tr>
<td>
<ul>
<li style="text-align: justify; ">Anubha Sinha took part in the 35th Session of the World Intellectual Property Organization (“WIPO”) Standing Committee on Copyright and Related Rights (“SCCR”) at Geneva from 13 November, 2017 to 18 November, 2017. <a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-question-to-dr-rostama-on-her-study-on-the-impact-of-the-digital-environment-on-copyright-legislation">She posed a question on the agenda</a> 'Other Matters' on behalf of CIS on Day 5, 17 November, 2017. CIS also gave statements on <a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-statement-on-limitations-and-exceptions-for-libraries-and-archives">Limitations and Exceptions for Libraries and Archives</a> and <a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-statement-on-grulac-proposal-for-analysis-of-copyright-in-the-digital-environment">GRULAC Proposal for Analysis of Copyright in the Digital Environment</a>.</li>
<li style="text-align: justify; "><a class="external-link" href="https://cis-india.org/a2k/blogs/cis-a2k-signs-mou-with-telangana-government">CIS-A2K signed a Memorandum of Understanding</a> with the Telangana Government’s IT, Electronics & Communications Department with to catalyse the development of the Wikimedia movement in Telangana and improve the state of free-licensed digital content in Telugu and Urdu.</li>
<li style="text-align: justify; ">The Ministry of Electronics & Information Technology, Government of India has published the Guidelines for Indian Government Websites (GIGW). Nirmita Narasimhan on behalf of the Centre for Internet & Society <a class="external-link" href="https://cis-india.org/accessibility/blog/comments-on-guidelines-for-indian-government-websites">gave comments on GIGW</a>.</li>
<li style="text-align: justify; ">The government has already set up a Nudge unit; now, it should apply the Nobel laureate's insights on auctions relating to essential infrastructure wrote Shyam Ponappa in <a class="external-link" href="https://cis-india.org/telecom/blog/business-standard-november-1-2017-nobel-laureate-richard-thaler-views-on-auctions">an article in the Business Standard</a> on November 1, 2017.</li>
<li style="text-align: justify; ">DataMeet and CIS have <a class="external-link" href="https://cis-india.org/openness/steps-towards-integrated-open-water-data">collaborated on identifying and addressing the challenges to open up and integrate data and information</a> in the water sector.</li>
<li style="text-align: justify; ">CIS <a class="external-link" href="https://cis-india.org/internet-governance/blog/counter-comments-on-trais-consultation-paper-on-privacy-security-and-ownership-of-data-in-telecom-sector">commented on the Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector</a> published by the Telecom Regulatory Authority of India on August 9, 2017.</li>
<li style="text-align: justify; ">CIS <a class="external-link" href="https://cis-india.org/internet-governance/blog/a-comparison-of-legal-and-regulatory-approaches-to-cyber-security-in-india-and-the-united-kingdom">published a report that compares laws and regulations in the United Kingdom and India</a> to see the similarities and disjunctions in cyber security policy between them.</li>
<li style="text-align: justify; ">CIS <a class="external-link" href="https://cis-india.org/telecom/blog/cis-comments-on-promoting-local-telecom-equipment-manufacturing">sent comments on TRAI consultation paper on promoting local telecom equipment manufacturing</a>. The submission drew on research primarily done in the Pervasive Technologies project.</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>CIS in the News:</p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/telangana-today-november-8-2017-alekhya-hanumanthu-big-data-for-governance">Big Data for governance</a> (Alekhya Hanumanthu; Telangana Today; November 4, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/accessibility/news/the-times-of-india-shalini-umachandrani-november-7-2017-how-tech-is-making-life-easier-for-differently-abled">How tech is making life easier for differently-abled</a> (Shalini Umachandrani; November 7, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/india-today-priya-pathak-november-8-2017-india-today-conclave-next-2017-aadhaar-was-rushed-says-mp-rajeev-chandrashekhar">India Today Conclave Next 2017: Aadhaar was rushed, says MP Rajeev Chandrashekhar</a> (Priya Pathak; India Today; November 8, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/youth-ki-awaaz-roopa-sudarshan-what-you-need-to-worry-about-before-linking-your-mobile-number-with-aadhaar">What You Need To Worry About Before Linking Your Mobile Number With Aadhaar </a>(Roopa Raju and Shekhar Rai; Youth Ki Awaaz; November 8, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/news-18-lt-general-retd-ds-hooda-data-is-new-oil-and-human-mind-the-new-battlefield-india-must-wake-up-now">OPINION | Data is New Oil and Human Mind the New Battlefield. India Must Wake Up Now</a> (Lt. General (Retd.) D. S. Hooda; News18.com; November 11, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/shaikh-zoaib-saleem-livemint-november-14-2017-aadhaar-seeding-benefits-and-concerns">Aadhaar seeding: benefits and concerns</a> (Shaikh Zoaib Saleem; Livemint; November 14, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/livemint-november-23-2017-ronald-abraham-privacy-issues-exist-even-without-aadhaar">Privacy issues exist even without Aadhaar</a> (Ronald Abraham; November 15, 2017).</li>
<li style="text-align: justify; "><a class="external-link" href="https://cis-india.org/accessibility/news/cima-sarah-oh-november-15-2017-openness-nine-ways-civil-society-groups-have-mobilized-to-defend-internet-freedom">Advocating for Openness: Nine Ways Civil Society Groups Have Mobilized to Defend Internet Freedom</a> (Centre for International Media Assistance; November 15, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/livemint-november-16-2017-komal-gupta-govt-working-to-set-up-financial-cert-to-tackle-cyber-threats">Govt working to set up financial CERT to tackle cyber threats</a> (Komal Gupta; Livemint; November 16, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/ciso-mag-financial-cert-to-combat-cyber-threats-says-mos-home-affairs">Financial CERT to combat cyber threats, says MoS home affairs</a> (CISO MAG; November 17, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/financial-express-november-20-2017-government-websites-made-aadhaar-details-public">UIDAI admits 210 government websites made Aadhaar details public</a> (Financial Express; November 20, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/sunny-sen-livemint-november-23-2017-indias-internet-missionaries">India’s internet missionaries: The women Google is relying on to spread its Next Billion message</a> (Sunny Sen; Livemint; November 21, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-november-23-2017-fcc-plan-to-repeal-net-neutrality-may-not-impact-india">FCC’s plan to repeal net neutrality may not impact India</a> (Surabhi Agarwal; Economic Times; November 23, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/hindustan-times-kul-bhushan-november-23-2017-indian-activists-slam-fcc-decision-to-ditch-net-neutrality">Indian activists slam FCC decision to ditch net neutrality</a> (Kul Bhushan; Hindustan Times; November 23, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/economic-times-surabhi-agarwal-november-23-2017-fcc-plan-to-repeal-net-neutrality-may-not-impact-india">FCC’s plan to repeal net neutrality may not impact India</a> (Surabhi Agarwal; Economic Times; November 23, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/digit-subhrojit-mallick-november-24-2017-why-should-you-keep-a-close-eye-on-net-neutrality-debate-in-us">Why should you keep a close eye on the net neutrality debate in the US</a> (Subhrojit Mallick; Digit; November 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/livemint-november-24-2017-komal-gupta-cyberattacks-a-significant-threat-to-democracy-modi">Cyberattacks a significant threat to democracy: Modi</a> (Komal Gupta; Livemint; November 24, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/hindustan-times-aman-sethi-november-27-2017-aadhaar-verification-at-airports-raises-need-for-stricter-data-privacy-regulations">Aadhaar verification at airports raises need for stricter data privacy regulations</a> (Aman Sethi; Hindustan Times, November 27, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/accessibility/news/idap-interview-series-interview-x-with-nirmita-narasimhan">IDAP Interview Series: Interview with Nirmita Narasimhan</a> (IDIA Law; November 27, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/livemint-november-28-2017-komal-gupta-govt-releases-white-paper-on-data-protection-framework">Govt releases white paper on data protection framework</a> (Komal Gupta; Livemint; November 28, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/accessibility/news/deccan-herald-november-30-2017-bengalureans-to-receive-helen-keller-award">Bengalureans to receive Helen Keller award</a> (Deccan Herald; November 30, 2017).</li>
</ul>
<p style="text-align: justify; ">-------------------------------------<br /><a href="http://cis-india.org/accessibility">Accessibility & Inclusion</a> <br />------------------------------------- <br />India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed <a href="http://cis-india.org/accessibility/resources/nvda-text-to-speech-synthesizer">here</a>.</p>
<div><strong>Submission</strong></div>
<div>
<ul>
<li><a class="external-link" href="https://cis-india.org/accessibility/blog/comments-on-guidelines-for-indian-government-websites">Comments on Guidelines for Indian Government Websites</a> (Nirmita Narasimhan; November 26, 2017).</li>
</ul>
</div>
<p style="text-align: justify; "><strong>-----------------------------------</strong><br /><a href="http://cis-india.org/a2k">Access to Knowledge</a> <br /><strong>----------------------------------- </strong><br />Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.</p>
<p style="text-align: justify; "><span style="text-align: justify; ">►</span>Copyright & Patent</p>
<ul>
<li>
<div id="_mcePaste"><a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-statement-on-limitations-and-exceptions-for-libraries-and-archives">35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives</a> (Anubha Sinha; November 15, 2017).</div>
</li>
<li>
<div id="_mcePaste"><a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-statement-on-grulac-proposal-for-analysis-of-copyright-in-the-digital-environment">35th SCCR: CIS Statement on Limitations and Exceptions for Libraries and Archives</a> (Anubha Sinha; November 17, 2017).</div>
</li>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/35th-sccr-cis-question-to-dr-rostama-on-her-study-on-the-impact-of-the-digital-environment-on-copyright-legislation">35th SCCR: CIS' Question to Dr. Rostama on her Study on the Impact of the Digital Environment on Copyright Legislation</a> (Anubha Sinha; November 19, 2017).</li>
</ul>
<p> </p>
<p style="text-align: justify; ">►Wikipedia</p>
<p style="text-align: justify; ">Blog Entry</p>
<ul>
<li><a class="external-link" href="https://cis-india.org/a2k/blogs/cis-a2k-signs-mou-with-telangana-government">CIS-A2K signs MoU with Telangana Government </a>(Manasa Rao; November 8, 2017).</li>
</ul>
<p> </p>
<p>►Openness</p>
<div style="text-align: justify; ">Our work in the Openness programme focuses on open data, especially open government data, open access, open education resources, open knowledge in Indic languages, open media, and open technologies and standards - hardware and software. We approach openness as a cross-cutting principle for knowledge production and distribution, and not as a thing-in-itself.</div>
<div style="text-align: justify; "><strong>-----------------------------------</strong><span style="text-align: justify; "> </span>
<p style="text-align: justify; "><a href="http://cis-india.org/internet-governance">Internet Governance</a> <br /><strong>-----------------------------------</strong></p>
<p style="text-align: justify; ">As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.</p>
<ul style="text-align: justify; ">
</ul>
<p style="text-align: justify; "><span>►Privacy</span></p>
<ul style="text-align: justify; ">
</ul>
<p style="text-align: justify; "><strong>Blog Entries</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/a-comparison-of-legal-and-regulatory-approaches-to-cyber-security-in-india-and-the-united-kingdom">A Comparison of Legal and Regulatory Approaches to Cyber Security in India and the United Kingdom</a> (Divij Joshi; edited by Elonnai Hickok; November 12, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/counter-comments-on-trais-consultation-paper-on-privacy-security-and-ownership-of-data-in-telecom-sector">Counter Comments on TRAI's Consultation Paper on Privacy, Security and Ownership of Data in Telecom Sector</a> (Amber Sinha; November 23, 2017).</li>
</ul>
</div>
<div style="text-align: justify; ">
<ul>
</ul>
<p style="text-align: justify; "><strong>Participation in Event</strong></p>
<ul style="text-align: justify; ">
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/bis-international-seminar-on-internet-of-things">BIS International Seminar on Internet of Things</a> (Organized by BIS; November 15, 2017; India Habitat Centre, New Delhi). Amber Sinha attended the event.</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/internet-universality-indicators-for-a-safe-secure-and-inclusive-cyberspace-for-sustainable-development">Internet Universality Indicators for a Safe, Secure and Inclusive Cyberspace for Sustainable Development</a> (Organized by UNESCO in collaboration with the Ministry of Electronics and IT, Government of India; UNESCO Conference Room, Chanakyapuri, New Delhi; November 17, 2017). Amber Sinha attended the event.</li>
</ul>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/roundtable-on-data-integrity-and-privacy">Roundtable on Data Integrity and Privacy</a> (Organized by Observer Research Foundation; November 18, 2017). The round table discussion was chaired by Shri Baijayant Panda, Hon'ble Member of Parliament.</li>
</ul>
<br />
<p style="text-align: justify; "><strong><span style="text-align: justify; ">►</span>Cyber Security</strong></p>
<p style="text-align: justify; "><strong>Blog Entry</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/blog/breach-notifications-a-step-towards-cyber-security-for-consumers-and-citizens">Breach Notifications: A Step towards Cyber Security for Consumers and Citizens</a> (Amelia Andersdotter; November 14, 2017).</li>
</ul>
<p style="text-align: justify; "><strong>Event Organized</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/events/roundtable-on-enhancing-indian-cyber-security-through-multi-stakeholder-cooperation">Roundtable on Enhancing Indian Cyber Security through Multi-Stakeholder Cooperation</a> (Indian Islamic Centre; Lodhi Road; New Delhi; November 4, 2017).</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/events/open-house-on-security-practices-in-fintech">Open House on Security Practices in FinTech</a> (Organized by CIS and Has Geek; November 17, 2017).</li>
</ul>
<p style="text-align: justify; "><strong>Participation in Event</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/multinational-cyber-security-forum-at-university-of-haifa">Multinational Cyber Security Forum at University of Haifa</a> (Organized by Center for Cyber, Law and Policy and University of Haifa in collaboration with the Hewlett Foundation Cyber Initiative; November 5 - 7, 2017). Sunil Abraham participated in the meeting held in Israel.</li>
<li><a class="external-link" href="https://cis-india.org/internet-governance/news/global-commission-on-the-stability-of-cyberspace-gcsc">Global Commission on the Stability of Cyberspace</a> (GCSC) (Organized by GCSC; November 21, 2017; New Delhi). Pranesh Prakash participated in the event.</li>
</ul>
<div><strong>
<p style="text-align: justify; "><span>-----------------------------------<br /></span><a href="http://cis-india.org/telecom">Telecom<br /></a><span>----------------------------------- </span></p>
</strong></div>
<div><span style="text-align: justify; ">
<p style="text-align: justify; "><span>CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:</span></p>
<p style="text-align: justify; "><strong>Article </strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/telecom/blog/business-standard-november-1-2017-nobel-laureate-richard-thaler-views-on-auctions">Nobel Laureate Richard Thaler's Views On Auctions</a> (Shyam Ponappa; Business Standard; November 1, 2017).</li>
</ul>
</span></div>
<p>Submission</p>
<ul>
<li><a class="external-link" href="https://cis-india.org/telecom/blog/cis-comments-on-promoting-local-telecom-equipment-manufacturing">Comments on TRAI Consultation Paper on Promoting Local Telecom Equipment Manufacturing</a> (Anubha Sinha; November 26, 2017).</li>
</ul>
<div><span style="text-align: justify; ">
<ul>
</ul>
<div>
<p style="text-align: justify; "><strong>-----------------------------------</strong><br /><a href="http://cis-india.org/raw">Researchers at Work</a> <br /><strong>----------------------------------- </strong><br /><span>The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:</span></p>
<p style="text-align: justify; "><strong>Articles</strong></p>
<ul>
<li><a class="external-link" href="https://cis-india.org/raw/indian-express-nishant-shah-november-5-2017-digital-native-rebellion-by-google-doc">Digital native: Rebellion by Google Doc </a>(Nishant Shah; Indian Express; November 4, 2017)</li>
<li><a class="external-link" href="https://cis-india.org/raw/indian-express-november-19-2017-nishant-shah-digital-native-let-there-be-life">Digital native: Let there be life</a> (Nishant Shah; Indian Express; November 19, 2017).</li>
</ul>
<div class="keyResearch">
<div id="parent-fieldname-text-8a5942eb6f4249c5b6113fdd372e636c">
<div style="text-align: justify; ">
<div><strong>-----------------------------------</strong></div>
<p><a href="http://cis-india.org/">About CIS</a> <br /><strong>----------------------------------- </strong><br />The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.</p>
<p>► Follow us elsewhere</p>
<div>
<ul>
<li>Twitter:<a href="http://twitter.com/cis_india"> http://twitter.com/cis_india</a></li>
<li>Twitter - Access to Knowledge: <a href="https://twitter.com/CISA2K">https://twitter.com/CISA2K</a></li>
<li>Twitter - Information Policy: <a href="https://twitter.com/CIS_InfoPolicy">https://twitter.com/CIS_InfoPolicy</a></li>
<li>Facebook - Access to Knowledge:<a href="https://www.facebook.com/cisa2k"> https://www.facebook.com/cisa2k</a></li>
<li>E-Mail - Access to Knowledge: <a>a2k@cis-india.org</a></li>
<li>E-Mail - Researchers at Work: <a>raw@cis-india.org</a></li>
<li>List - Researchers at Work: <a href="https://lists.ghserv.net/mailman/listinfo/researchers">https://lists.ghserv.net/mailman/listinfo/researchers</a></li>
</ul>
</div>
<p>► Support Us</p>
<div>Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.</div>
<p>► Request for Collaboration</p>
<div>
<p>We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at <a>tanveer@cis-india.org</a>.</p>
<div><em>CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects</em>.</div>
</div>
<div></div>
</div>
<ul style="text-align: justify; ">
</ul>
</div>
</div>
<div id="viewlet-below-content-body">
<div class="visualClear"></div>
<div class="documentActions"></div>
</div>
<ul style="text-align: justify; ">
</ul>
</div>
<ul style="text-align: justify; ">
</ul>
</span></div>
<ul style="text-align: justify; ">
</ul>
</div>
<div></div>
<ul>
</ul>
<p>
For more details visit <a href='https://cis-india.org/about/newsletters/november-2017-newsletter'>https://cis-india.org/about/newsletters/november-2017-newsletter</a>
</p>
No publisherpraskrishnaAccess to KnowledgeTelecomAccessibilityInternet GovernanceResearchers at Work2018-01-10T01:57:29ZPageUIDAI introduces new two-layer security system to improve Aadhaar privacy
https://cis-india.org/internet-governance/news/economic-times-january-11-2018-uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy
<b>The Unique Identification Authority of India (UIDAI) has introduced a system of virtual authentication for citizens enrolled on its database and limited the access available to service providers in a move aimed at allaying widespread concern over security breaches that have dogged the world's largest repository of citizen data. </b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="https://economictimes.indiatimes.com/news/economy/policy/uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy/articleshow/62442873.cms">Economic Times</a> on January 11, 2018.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In one of the most significant security upgrades by the eightyear old agency, the UIDAI announced the creation of a "virtual ID" which can be used in lieu of the 12-digit Aadhaar number at the time of authentication for any service.</p>
<p style="text-align: justify; ">The UIDAI has also limited access to stored personal information and mandated the use of unique tokens through which authenticating agencies can access required data. It claims that the measures will strengthen privacy and also prevent combining of databases linked to Aadhaar.</p>
<p style="text-align: justify; ">ET was the first to report about the UIDAI plan to introduce virtual numbers to address security concerns in its November 20 edition last year.</p>
<p style="text-align: justify; ">A top government official told ET that UIDAI has been working on this technology since July of 2016. "This is going to be one of the biggest innovations ever, people can change their virtual ID whenever they want or after every authentication or every 10 seconds." He added that this will silence most critics of Aadhaar.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">"The Aadhaar number being the permanent ID for life, there is need to provide a mechanism to ensure its continued use while optimally protecting the collection and storage in many databases," the UIDAI said in a notification on Wednesday while announcing the new measures.</p>
<h3 style="text-align: justify; ">More Needed to be Done: Experts</h3>
<p style="text-align: justify; ">"The collection and storage of Aadhaar number by various entities has heightened privacy concerns," it stated.</p>
<p style="text-align: justify; ">Under the new regime, for every Aadhaar number, the authority will issue a 16-digit virtual identity number which will be "temporary and revocable at any time."</p>
<p style="text-align: justify; ">This virtual ID can be generated only by the individual Aadhaar holder and can be replaced by a new one after a minimum validity period.</p>
<p style="text-align: justify; ">In addition, while some Authentication User Agencies (AUA) — categorised by the UIDAI as 'Global' — will have access to all the details or the e-KYC of a specific Aadhaar number, all other agencies will only have access to limited data through the virtual identity number.</p>
<p style="text-align: justify; ">"So this is a very very significant thing and I think this is a great step forward," said Nandan Nilekani, former chairman of UIDAI, in an interview to television channel ET Now on Wednesday.</p>
<p style="text-align: justify; ">Nilekani, widely regarded as the architect of Aadhaar, said that through these new security measures the possibility of the Aadhaar number being stored in many databases also goes away.</p>
<p style="text-align: justify; ">It will make a huge difference in allaying the concerns and it really "eliminates all the arguments against Aadhaar," he told ET Now.</p>
<p style="text-align: justify; ">Last week, Chandigarh-based daily The Tribune reported that demographic data from the Aadhaar database could be accessed for as little as Rs 500. The expose led to the UIDAI barring over 5,000 officials from accessing its portal through login ids and passwords. It also introduced biometric authentication for future access, as reported by ET on Tuesday.</p>
<p style="text-align: justify; ">The widespread fear of misuse of demographic data is heightened by the fact that India still does not have a data protection legislation. The country's apex court is scheduled to resume its hearing on the validity of the Aadhaar scheme next week on January 17.</p>
<p style="text-align: justify; ">Kamlesh Bajaj, former CEO of the Data Security Council of India said by limiting access to only those agencies mandated by law, the UIDAI has ensured that "someone will not be able to combine database. It's a positive development in my view and technologically feasible," he said</p>
<h3 style="text-align: justify; ">Expert Views</h3>
<p style="text-align: justify; ">Privacy experts and activists were of the view that more needs to be done to ensure foolproof security for critical personal information.</p>
<p style="text-align: justify; ">The Bengaluru-based research organisation Centre for Internet and Society has suggested that all the Aadhaar seeding with all the existing databases should be revoked. "Until then, it is one step ahead and but not enough," said Sunil Abraham, executive director of CIS.</p>
<p style="text-align: justify; ">To enable a speedy rollout of the new safety standards, the UIDAI plans to release the required technical updates by March 1, 2018 and all the Authentication agencies using the Aadhaar database will need to upgrade their systems latest by June 1, 2018.</p>
<p style="text-align: justify; ">In its circular, UIDAI has also said that agencies not allowed to use or store the Aadhaar number should make changes inside their systems to replace Aadhaar number within their databases with UID Token.</p>
<p style="text-align: justify; ">"Unless there is complete revocation, some database with Aadhaar numbers will still float around and secondly there is no reason why some data controllers should be trusted, the tokenisation should be implemented for everyone," said CIS's Abraham.</p>
<p style="text-align: justify; ">The circular said that authentication using virtual ID will be performed in the same manner as the Aadhaar number and people can generate or retrieve their virtual numbers (in case they forget) at the UIDAI's resident portal, Aadhaar Enrolment Centers, or through the Aadhaar mobile application.</p>
<p style="text-align: justify; ">In addition to the virtual numbers, UIDAI will also provide "unique tokens" to each agency against an Aadhaar number to ensure that they are to establish the uniqueness of beneficiaries in their database such as for distributing government subsidies under cooking gas or scholarships.</p>
<p style="text-align: justify; ">Activists argue that most service providers — even digital ones — work with a paper ID card system. "They don't cross-check it with the UIDAI database. UIDAI is not issuing virtual ids for paper cards, and a new category of so called Global AUAs are exempted from using the virtual ids, so citizens are not protected almost anywhere that they need to use Aadhaar," said Kiran Jonnalagadda, co-founder of the Internet Freedom Foundation, who said the change doesn't help enough to secure the ecosystem.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/economic-times-january-11-2018-uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy'>https://cis-india.org/internet-governance/news/economic-times-january-11-2018-uidai-introduces-new-two-layer-security-system-to-improve-aadhaar-privacy</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-16T23:08:34ZNews ItemHammered government offers Virtual ID firewall to protect your Aadhaar
https://cis-india.org/internet-governance/news/indian-express-january-11-2018-
<b>Days after reports surfaced claiming security breaches, the Unique Identification Authority of India (UIDAI) on Wednesday announced the implementation of a new security protocol that would remove the need to divulge Aadhaar numbers during authentication processes and limit third-party access to KYC details.</b>
<p>The article was published in <a class="external-link" href="http://www.newindianexpress.com/nation/2018/jan/11/hammered-government-offers-virtual-id-firewall-to-protect-your-aadhaar-1750466.html">New Indian Express</a> on January 11, 2018.</p>
<hr />
<p style="text-align: justify; ">Admitting that the “collection and storage of Aadhaar numbers by various entities has heightened privacy concerns”, the UIDAI circular said Authentication User Agencies (AUAs) providing Aadhaar services have to be ready to implement the protocol from March 1, 2018. From June 1 use of Virtual ID for authentication would be mandatory.</p>
<p style="text-align: justify; ">The linchpin of the new protocol will be the virtual ID (VID) — a “temporary, revocable 16-digit random number” that can be used instead of Aadhaar to verify or link services. VIDs will have a limited validity and can be generated only by the Aadhaar holder. “UIDAI will provide various options to generate, retrieve and replace VIDs… these will be made available via UIDAI’s resident portal, Aadhaar Enrolment Centre, mAadhaar mobile application, etc.,” it said. While only one VID per Aadhaar number will be valid at a time, users can revoke and generate new VIDs as many times as desired.</p>
<p style="text-align: justify; ">UIDAI will also limit KYC details accessible by AUAs by classifying them as Global AUAs, which are required to use Aadhaar e-KYC by law, and Local AUAs. Only the former will have full access to e-KYC details and can store Aadhaar numbers. Local AUAs will only have access to limited KYC details and be prohibited from storing Aadhaar numbers. UIDAI will also generate UID tokens which will be used to identify customers within agencies’ systems, but these will not be usable by other AUAs.</p>
<p style="text-align: justify; ">However, cybersecurity experts say that even if the new “patch” is effective, verification processes will have to be redone to prevent misuse of already-leaked Aadhaar numbers. “The concept is attractive, but the devil is in the details,” observed Pavan Duggal, cyberlaw expert, adding that the new system does not address those who have already gained unauthorised access to Aadhaar numbers. Sunil Abraham, executive director, Centre for Internet and Society, was more categorical. “If it has to be effective, they will have to redo (Aadhaar-KYC) from scratch.”</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/indian-express-january-11-2018-'>https://cis-india.org/internet-governance/news/indian-express-january-11-2018-</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-16T23:34:12ZNews ItemAadhaar Body Talked About Virtual ID 7 Years Ago, Put It Off: UIDAI Chief
https://cis-india.org/internet-governance/news/ndtv-sukriti-dwivedi-january-13-2018-aadhaar-body-talked-about-virtual-id-7-years-ago-put-it-off-uidai-chief
<b>"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced," Ajay Bhushan Pandey, the chief executive officer of UIDAI, or the Unique Identification Authority of India said in an interview to NDTV this week. He called it an "extra layer of security" for the 119 crore people issued Aadhaar numbers.</b>
<p style="text-align: justify; ">The blog post by Sukriti Dwivedi was <a class="external-link" href="https://www.ndtv.com/india-news/aadhaar-body-talked-about-virtual-id-7-years-ago-put-it-off-uidai-chief-1799467">published by NDTV</a> on January 13, 2018.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Virtual ID, the 16-digit temporary number, announced by UIDAI this week had been suggested way back in 2009-10 when its architects were still designing the system. But the Aadhaar authority, which has called Virtual ID a unique innovation to enhance privacy and security, decided against rolling it out at that time.</p>
<p id="_mcePaste" style="text-align: justify; ">"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced," Ajay Bhushan Pandey, the chief executive officer of UIDAI, or the Unique Identification Authority of India said in an interview to NDTV this week. He called it an "extra layer of security" for the 119 crore people issued Aadhaar numbers.</p>
<p style="text-align: justify; "><span>It may be a step forward. But not everyone is as convinced.</span></p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Cyber security Jiten Jain is one of them. Mr Jain told NDTV that UIDAI should first of all decide if the Aadhaar number was confidential information or not because it had changed its stance on this aspect on more than one occasion.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Like when government departments put out lakhs of Aadhaar number, the government agency had insisted that there was nothing really confidential about the number which could not be misused. Or when The Tribune earlier this month claimed to have found gaps in UIDAI's security system that let the newspaper demographic details of an individual, UIDAI claimed that "the Aadhaar number is not a secret number" anyways.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Also, a point is being made that if hiding an Aadhaar number enhances privacy, then what about the crores of people who have been forced to share their Aadhaar numbers - and a copy of their Aadhaar cards - all these years.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Experts suggest the timing of the announcement may not have been a coincidence. The initiative came against the backdrop of mounting privacy concerns after the newspaper expose. The hearing by a five-judge Constitution Bench of the Supreme Court to decide if the Aadhaar project violates citizens' privacy is to start hearing from next week, January 17.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Srinivas Kodali, cyber security expert and an Aadhaar researcher, said it was clear that the UIDAI had brought it hurriedly. "They said they will release the codes by March 1. So it clearly looks like they haven't planned this thoroughly," he said.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">There are also concerns about the ability of people living in remote areas to generate the Virtual IDs, in terms of connectivity and literacy. That means a large proportion of people would not be able to generate the Virtual IDs.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">UIDAI chief Mr Pandey said there was nothing to prevent them from continuing to use their Aadhaar number. It is an option, he stressed.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">This, experts at the Bengaluru-based research group, Centre for Internet and Society, which has long advocated for a token system such as the Virtual ID, said was a problem area.</p>
<p style="text-align: justify; ">"And at that time, it was felt that let us first give Aadhaar number, let us see how it plays out and then, at an appropriate time, this will be introduced," Ajay Bhushan Pandey, the chief executive officer of UIDAI, or the Unique Identification Authority of India said in an interview to NDTV this week. He called it an "extra layer of security" for the 119 crore people issued Aadhaar numbers. It may be a step forward. But not everyone is as convinced.</p>
<p style="text-align: justify; ">Cyber security Jiten Jain is one of them. Mr Jain told NDTV that UIDAI should first of all decide if the Aadhaar number was confidential information or not because it had changed its stance on this aspect on more than one occasion.</p>
<p style="text-align: justify; ">Like when government departments put out lakhs of Aadhaar number, the government agency had insisted that there was nothing really confidential about the number which could not be misused. Or when The Tribune earlier this month claimed to have found gaps in UIDAI's security system that let the newspaper demographic details of an individual, UIDAI claimed that "the Aadhaar number is not a secret number" anyways.</p>
<p style="text-align: justify; ">Also, a point is being made that if hiding an Aadhaar number enhances privacy, then what about the crores of people who have been forced to share their Aadhaar numbers - and a copy of their Aadhaar cards - all these years.</p>
<p style="text-align: justify; ">Experts suggest the timing of the announcement may not have been a coincidence. The initiative came against the backdrop of mounting privacy concerns after the newspaper expose. The hearing by a five-judge Constitution Bench of the Supreme Court to decide if the Aadhaar project violates citizens' privacy is to start hearing from next week, January 17.</p>
<p style="text-align: justify; ">Srinivas Kodali, cyber security expert and an Aadhaar researcher, said it was clear that the UIDAI had brought it hurriedly. "They said they will release the codes by March 1. So it clearly looks like they haven't planned this thoroughly," he said.</p>
<p style="text-align: justify; ">There are also concerns about the ability of people living in remote areas to generate the Virtual IDs, in terms of connectivity and literacy. That means a large proportion of people would not be able to generate the Virtual IDs.</p>
<p style="text-align: justify; ">UIDAI chief Mr Pandey said there was nothing to prevent them from continuing to use their Aadhaar number. It is an option, he stressed.</p>
<p style="text-align: justify; ">This, experts at the Bengaluru-based research group, Centre for Internet and Society, which has long advocated for a token system such as the Virtual ID, said was a problem area.</p>
<p style="text-align: justify; ">"Privacy can be protected by design and not by choice," said CIS executive director Sunil Abraham, who believes the biggest flaw with Aadhaar was its design.</p>
<p style="text-align: justify; ">"Since it is not mandatory most people will just use the Aadhaar number instead of getting into the hassle of generating a VID... This is privacy through hurdles instead of privacy by design. I suggest authorities should generate VIDs for people and ensure that third parties only use VID and not the Aadhaar number," Pranesh Prakash at the CIS' policy director told NDTV.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/ndtv-sukriti-dwivedi-january-13-2018-aadhaar-body-talked-about-virtual-id-7-years-ago-put-it-off-uidai-chief'>https://cis-india.org/internet-governance/news/ndtv-sukriti-dwivedi-january-13-2018-aadhaar-body-talked-about-virtual-id-7-years-ago-put-it-off-uidai-chief</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-16T23:42:58ZNews ItemVirtual Aadhaar ID: too little, too late?
https://cis-india.org/internet-governance/news/hindu-yuthika-bhargava-january-11-2018-virtual-aadhaar-id-too-little-too-late
<b>Problems persist as many have already shared their 12-digit number with various entities, say experts</b>
<p style="text-align: justify; ">The article by Yuthika Bhargava was <a class="external-link" href="http://www.thehindu.com/news/national/virtual-aadhaar-id-too-little-too-late/article22423218.ece">published in the Hindu</a> on January 11, 2018</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The move to introduce an “untested” virtual ID to address security concerns over Aadhaar database is a step in the right direction, but may be a case of too little, too late, according to experts, as many of the 119 crore Aadhaar holders have already shared their 12-digit numbers with various entities.</p>
<p style="text-align: justify; ">“What about all the databases that are already linked up with our Aadhaar number? Virtual ID will therefore not attack the root of the problem. At best, it is band-aid,” said Reetika Khera, faculty, Indian Institute of Technology-Delhi.</p>
<p style="text-align: justify; ">“Can we realistically expect rural folks to use this to protect themselves? Or are we pushing the barely literate into the hands of middlemen who will ‘help’ them navigate it?” she questioned.</p>
<p style="text-align: justify; ">The Unique Identification Authority of India (UIDAI) on Wednesday introduced the concept of a virtual ID that can be used in lieu of the Aadhaar number at the time of authentication, thus eliminating the need to share and store Aadhaar numbers. It can be generated only by the Aadhaar number-holder via the UIDAI website, Aadhaar enrolment centre, or its mobile application.</p>
<p style="text-align: justify; ">Experts pointed out that the virtual ID is voluntary and the Aadhaar number will still need to be used at some places.</p>
<p style="text-align: justify; ">“Unless all entities are required to use virtual IDs or UID tokens, and are barred from storing Aadhaar numbers, the new measures won’t really help,” said Pranesh Prakash, Policy Director, Centre for Internet and Society, Bengaluru.</p>
<p style="text-align: justify; ">Kiran Jonnalagadda, co-founder of the Internet Freedom Foundation, agreed. “The idea is good but it should have been done in 2010, as now all the data is already out. Now, what can be done is revoke everybody’s Aadhaar and give new IDs.”</p>
<p style="text-align: justify; ">Mr. Jonnalagadda added that Authentication User Agencies (AUAs) categorised as ‘global AUAs’ by the UIDAI will be exempted from using the virtual IDs. “These are likely to be entities which require de-duplication for subsidy transfer, such as banks and government agencies. All the leaks have happened till now from these entities. So, basically, the move will exempt the parties that are the problem,” he said.</p>
<p style="text-align: justify; ">Vipin Nair, one of the advocates representing the petitioners who have challenged the Aadhaar Act in the Supreme Court said, “It is potentially a case of unmitigated chaos purely from an Information Technology perspective.”</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/hindu-yuthika-bhargava-january-11-2018-virtual-aadhaar-id-too-little-too-late'>https://cis-india.org/internet-governance/news/hindu-yuthika-bhargava-january-11-2018-virtual-aadhaar-id-too-little-too-late</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-16T23:59:21ZNews ItemIndia To Introduce Virtual ID For Aadhaar To Strengthen Privacy
https://cis-india.org/internet-governance/news/bloomberg-quint-january-11-2018-india-to-introduce-virtual-id-for-aadhaar-to-strengthen-privacy
<b>The government will introduce a virtual identification number for Aadhaar to help strengthen privacy following several instances of data leaks.</b>
<p style="text-align: justify; ">The blog post was published by <a class="external-link" href="https://www.bloombergquint.com/aadhaar/2018/01/10/india-to-introduce-virtual-id-for-aadhaar-to-strengthen-privacy">Bloomberg Quint </a>on January 11, 2018.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><span>The additional layer of security is meant to help Aadhaar users avoid sharing their unique identification number at the time of authentication to avail various services and welfare schemes, UIDAI said in a circular seen by BloombergQuint. The virtual ID will be an optional feature and users will be allowed to provide Aadhaar for verification.</span></p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">The Aadhaar-issuing body, Unique Identification Authority of India, will also introduce limited know-your-customer rules to eliminate the need for agencies to store the biometric ID. Migration to the new system will start from June 1, it added.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">Virtual IDs should be made mandatory and the UIDAI should itself generate these codes instead of having the user do it, said Pranesh Prakash, policy director at the Center for Internet Security, which has published reports on the security flaws in the world’s largest database.</p>
<p style="text-align: justify; ">The additional layer of security is meant to help Aadhaar users avoid sharing their unique identification number at the time of authentication to avail various services and welfare schemes, UIDAI said in a circular seen by BloombergQuint. The virtual ID will be an optional feature and users will be allowed to provide Aadhaar for verification.</p>
<p style="text-align: justify; ">The Aadhaar-issuing body, Unique Identification Authority of India, will also introduce limited know-your-customer rules to eliminate the need for agencies to store the biometric ID. Migration to the new system will start from June 1, it added.</p>
<p style="text-align: justify; ">Virtual IDs should be made mandatory and the UIDAI should itself generate these codes instead of having the user do it, said Pranesh Prakash, policy director at the Center for Internet Security, which has published reports on the security flaws in the world’s largest database.</p>
<blockquote class="quoted" style="text-align: justify; ">This takes into account concerns of third-party databases being combined without the consent of the individual but fails to address issues of government surveillance, exclusion and cybersecurity, he added.</blockquote>
<p style="text-align: justify; ">The move comes barely a week after The Tribune, a Chandigarh-based newspaper, reported that it could access the Aadhaar database by paying Rs 500, raising privacy concerns. Petitions challenging the validity of Aadhaar and the government’s decision to make it mandatory for everything from bank accounts to mobile services are pending in the Supreme Court.</p>
<p style="text-align: justify; ">As of now, citizens are required to share their Aadhaar number for authentication to avail certain services. With the introduction of the virtual ID that would change.</p>
<p style="text-align: justify; ">It would be a randomly generated 16-digit number that'd be digitally linked to a person's Aadhaar number. This ID would be temporary and revocable. There can be only one active and valid virtual ID for an Aadhaar number at any given point in time. Aadhaar holders will be able to use the virtual ID whenever authentication is required.</p>
<p class="callout" style="text-align: justify; ">Virtual ID, by design being temporary, cannot be used by agencies for duplication.<br /><span><strong>UIDAI Circular</strong></span></p>
<p style="text-align: justify; ">Only Aadhaar holders themselves can generate a virtual ID and set a minimum validity period for that after which it will have to be replaced by a new one. The virtual IDs can be changed through UIDAI's portal, at an Aadhaar enrolment centre or using the mAadhaar mobile application, the circular said.</p>
<h3 style="text-align: justify; ">Who Can Store Your Aadhaar Data?</h3>
<p style="text-align: justify; ">The UIDAI will limit the number of agencies that can access and store your Aadhaar number. For this purpose, it will divide the agencies that seek to use Aadhaar authentication for services into two categories—global and local.</p>
<p style="text-align: justify; ">Global authentication agencies will be allowed to "securely" store the Aadhaar number, while local agencies won't. The latter would be the ones that’d use the virtual IDs and a unique token for authentication.</p>
<p style="text-align: justify; ">The Aadhaar-issuing body has not clearly defined what would classify as a global agency. It has only said that it will "from time to time" evaluate authentication agencies "based on the laws governing them and categorise them" as global agencies. Any authentication agency that is not classified as global would be local.</p>
<h3 style="text-align: justify; ">Transition To New System</h3>
<p style="text-align: justify; ">UIDAI has told all agencies that use Aadhaar authentication to update their applications and processes for accepting virtual IDs instead of the Aadhaar number and allow authentication using the UID token. This has to be done by June 1.</p>
<p style="text-align: justify; ">If an agency fails to migrate to the new system by then, their authentication services "may be discontinued" and a penalty may be imposed, UIDAI said.</p>
<p style="text-align: justify; ">UIDAI will release the updated tools and protocols required for building the authentication software by March 1. All authentication agencies would also receive technical documents, workshops and training session to ensure smooth implementation.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/bloomberg-quint-january-11-2018-india-to-introduce-virtual-id-for-aadhaar-to-strengthen-privacy'>https://cis-india.org/internet-governance/news/bloomberg-quint-january-11-2018-india-to-introduce-virtual-id-for-aadhaar-to-strengthen-privacy</a>
</p>
No publisherAdminAadhaarInternet GovernancePrivacy2018-01-17T00:11:13ZNews ItemAnother Step towards Privacy Law
https://cis-india.org/internet-governance/blog/governance-now-elonnai-hickok-another-step-towards-privacy-law-data-protection
<b>A comparison between the 2012 experts’ report and the 2017 white paper on data protection.</b>
<p><span style="text-align: justify; ">The column was published in </span><a class="external-link" href="http://www.governancenow.com/views/columns/another-step-towards-privacy-law-data-protection" style="text-align: justify; ">Governance Now</a><span style="text-align: justify; "> in January 15, 2018 issue.</span></p>
<hr />
<table class="plain">
<tbody>
<tr>
<th><img src="https://cis-india.org/home-images/PrivacyLaw.png/@@images/e6aec54f-c20a-4f80-8dfe-b5e48e585ee0.png" style="text-align: justify; " title="Privacy Law" class="image-inline" alt="Privacy Law" /></th>
</tr>
<tr>
<td>(Illustration: Ashish Asthana)</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">On July 31 the ministry of electronics and information technology (MeitY) constituted a committee of experts, headed by justice (retired) BN Srikrishna, to deliberate on a data protection framework for India. The committee is another step in India’s journey in formulating a national-level privacy legislation.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">The formulation of a privacy law started as early as 2010 with an approach paper for a legislation on privacy towards envisioning a privacy framework for India. In 2011, a bill on right to privacy was drafted. In 2012 the planning commission constituted a group of experts, with justice (retired) AP Shah as its chief, which prepared a report recommending a privacy framework.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">A month after the formation of the committee, in August, the sectoral regulator, Telecom Regulatory Authority of India (TRAI), released the consultation paper, ‘Privacy, Security and Ownership of the Data in the Telecom Sector’. In the same month, the supreme court in a landmark decision recognised privacy as a fundamental right.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">In November 2017, the expert group released a ‘White Paper of the Committee of Experts on a Data Protection Framework for India’ to solicit public comments on the contours of a data protection law for India.</p>
<div id="_mcePaste" style="text-align: justify; "></div>
<p id="_mcePaste" style="text-align: justify; ">To understand the evolution of the thinking around a privacy framework for India, this article outlines and analyses common themes and differences between (a) the 2012 group of experts’ report, and the 2017 expert committee’s white paper.</p>
<div style="text-align: justify; "></div>
<p style="text-align: justify; "><span>The white paper seeks to gather inputs from the public on key issues towards the development of a data protection law for India. The paper places itself in the context of the NDA government’s Digital India initiative, the justice Shah committee report, and the judicial developments on the right to privacy in India. It is divided into three substantive parts: (1) scope and exemptions, (2) grounds of processing, obligation and entities, individual rights, and (3) regulation and enforcement. Each part is comprised of deep dives into key issues, international practices, preliminary views of the committee, and questions for public consultation.</span></p>
<p style="text-align: justify; ">Broadly, the 2012 report defined nine national-level privacy principles and recommended a co-regulatory framework that consisted of privacy commissioners, courts, self-regulating organisations, data controllers, and privacy officers at the organisational level. At the outset, the 2017 white paper is different from that report simply by the fact that it is a consultation paper soliciting views as compared to a report that recommends a broad privacy framework for India. In doing so, the white paper explores a broader set of issues than those discussed in the justice Shah report – ranging from the implications of emerging technologies on the relevance of traditional privacy principles, data localisation, child’s consent, individual participation rights, the right to be forgotten, cross-border flow of data, breach notification etc. Given that the white paper is a consultation paper, this article examines the provisional views shared in it with the recommendations of the 2012 report.</p>
<p style="text-align: justify; ">Key areas that the both the documents touch upon (though not necessarily agree on) include:</p>
<h3 style="text-align: justify; ">Applicability</h3>
<p style="text-align: justify; ">The 2012 report of experts recommended a privacy legislation that extends the right to privacy to all persons in India, all data that is processed by a company or equipment located in India, and to data that originate in India.</p>
<p style="text-align: justify; ">Provisional views in the white paper reflect this position, but also offer that applicability could be in part determined by the legitimate interest of the state, carrying on a business or offering services or goods in India, and if, despite location, the entity is processing the personal data of Indian citizens. The provisional views also touch upon retrospective application of a data protection law and agree with the 2012 report by recommending that a law apply to privacy and public bodies. They also go a step further by recommending specific exemptions in application for well defined categories of public or private entities.</p>
<h3 style="text-align: justify; ">Exceptions</h3>
<p style="text-align: justify; ">The experts’ report defined the following exceptions to the right to privacy: artistic and journalistic purposes, household purposes, historic and scientific research, and the Right to Information. Exceptions that must be weighed against the principles of proportionality, legality, and necessary in a democratic state included: national security, public order, disclosure in public <span>interest, prevention, detection, investigation, and prosecution of criminal offences, and protection of the individual or of the rights and freedoms of others.</span></p>
<p style="text-align: justify; ">Provisional views in the 2017 white paper broadly mirror the exemptions defined in the experts’ report, but do not weigh exceptions related to national security and public interest etc. against the principles of proportionality, legality, and necessary in a democratic state and instead explored a review mechanism for these exceptions.</p>
<h3 style="text-align: justify; ">Consent</h3>
<p style="text-align: justify; ">Provisional views in the white paper on consent note that aspects of consent should include that it is freely given, informed and specific and that standards for implied consent need to be evolved.</p>
<p style="text-align: justify; ">Though the 2012 experts’ report defined a principle for choice and consent, this principle did not define aspects of what would constitute valid consent, yet it did incorporate an opt-out mechanism.</p>
<h3 style="text-align: justify; ">Notice</h3>
<p style="text-align: justify; ">Provisional views in the white paper hold that notice is important in enabling consent and explore a number of mechanisms that can be implemented to effect meaningful notice such as codes of practice for designing notice, multilayered notices, assessing notices in privacy impact assessments, assigning ‘data trust scores’ based on their data use policy, and having a ‘consent dashboard’ to help individuals manage their consent across entities.</p>
<p style="text-align: justify; ">These views build upon and complement the principle of notice defined in the 2012 report which defined components of a privacy policy as well as other forms of notice including data breach (also addressed in the white paper) and legal access to personal information.</p>
<h3 style="text-align: justify; ">Purpose limitation/minimisation</h3>
<p style="text-align: justify; ">Provisional views in the white paper recognise the challenges that evolving technology is posing to the principle of purpose limitation and recommend that layered privacy policies and the standard of reasonableness can be used to contextualise this principle to actual purposes and uses.</p>
<p style="text-align: justify; ">Though the 2012 report defined a purpose limitation principle, the principle does not incorporate a standard of reasonableness or explore methods of implementation.</p>
<h3 style="text-align: justify; ">Data Retention and Quality</h3>
<p style="text-align: justify; ">Provisional views in the white paper suggest that the principles of data retention and data quality can be guided by the terms “reasonably and necessary” to ensure that they are not overly burdensome on industry.</p>
<p style="text-align: justify; ">The 2012 report of experts briefly touched on data retention in the principle of purpose limitation –holding that practices should be in compliance with the national privacy principles.</p>
<h3 style="text-align: justify; ">Right to Access</h3>
<p style="text-align: justify; ">Provisional views in the white paper recognise the importance of the right confirmation, access, and rectify personal information of the individual, but note that this is increasingly becoming harder to enforce with respect to data that is observed behavioral data and derived from habits. A suggested solution is to impose a fee on individuals for using these rights to deter frivolous requests.</p>
<p style="text-align: justify; ">Though the 2012 report defined a principle of access and correction it did not propose a fee for using this right and it included the caveat that if the access would affect the privacy rights of others, access may not be given by the data controller.</p>
<h3 style="text-align: justify; ">Enforcement Mechanisms</h3>
<p style="text-align: justify; ">Provisional views in the 2017 white paper broadly agree with the appropriateness of the model of co-regulation and development of codes of practice as suggested in the 2012 report. Within the system envisioned in the 2012 report of experts, self-regulating organisations at the indu<span>stry level will have the ability to develop industry specific norms and standards in compliance with the national privacy principles to be approved by the privacy commissioner.</span></p>
<h3 style="text-align: justify; ">Accountability</h3>
<p style="text-align: justify; ">The provisional views of the white paper go beyond the principle of accountability defined in the 2012 report by suggesting that data controllers should not only be held accountable for implementation of defined data protection standards, but in defined circumstances, also for harm that is caused to an individual.</p>
<h3 style="text-align: justify; ">Additional Obligations and Data Controllers</h3>
<p style="text-align: justify; ">Provisional views in the white paper suggest the following mechanisms as methods towards ensuring accountability of specific categories of data controllers: registration, data protection impact assessment, data audits, and data protection officers that are centres of accountability.</p>
<p style="text-align: justify; ">The 2012 experts’ report also envisioned impact assessments and investigations carried out by the privacy commissioner and the role of a data controller, but did not explore registration of these entities.</p>
<h3 style="text-align: justify; ">Authorities and Adjudication</h3>
<p style="text-align: justify; ">The both documents are in agreement on the need for a privacy commissioner/data protection authority and envision similar functions such as conducting privacy impact assessments, audits, investigation, and levying of fines. The white paper differs from the 2012 experts’ report in its view that the appellate tribunals under the IT Act and bodies like the National Commission Disputes Redressal Commission could potentially be appropriate venues for adjudicating and resolving disputes.</p>
<p style="text-align: justify; ">Though the 2012 experts’ report recommended that complaints can be issued through an alternative dispute resolution mechanism, to central and regional level commissioners, or to the courts – for remedies– enforcement of penalties should involve district and high-level courts and the supreme court. The 2012 report specified that a distinct tribunal should not be created nor should existing tribunals be relied upon as there is the possibility that the institution will not have the capacity to rule on a broad right of privacy. Individuals that can be held liable by individuals include data controllers, organisation directors, agency directors, and heads of governmental departments.</p>
<h3 style="text-align: justify; ">Penalty and Remedy</h3>
<p style="text-align: justify; ">The white paper goes much further in its thinking on penalties, remedies and compensation than the 2012 report of experts – discussing potential models for calculation of civil penalties including nature and extent of violation of the data protection obligation, nature of personal information involved, number of individuals affected, whether infringement was intentional or negligent, measures taken by the data controller to mitigate the damage, and previous track record of the data controller.</p>
<p style="text-align: justify; ">The white paper is a progressive and positive step towards formulating a data protection law for India that is effective and relevant nationally and internationally. It will be interesting to see the public response to it and the response of the committee to the inputs received from the consultation as well as how the final recommendations differ, build upon, and incorporate previous policy steps towards a comprehensive privacy framework for India.</p>
<div style="text-align: justify; "></div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/governance-now-elonnai-hickok-another-step-towards-privacy-law-data-protection'>https://cis-india.org/internet-governance/blog/governance-now-elonnai-hickok-another-step-towards-privacy-law-data-protection</a>
</p>
No publisherelonnaiInternet GovernancePrivacy2018-01-18T01:50:59ZBlog Entry