Centre for Internet and Society

Parsing the Cyber Security Policy

chinmayi — 2013-07-22T06:37:56Z

An effective cyber-security policy must keep up with the rapid evolution of technology, and must never become obsolete. The standard-setting and review bodies will therefore need to be very nimble, says Chinmayi Arun.

Chinmayi Arun's article was published in the Hoot on July 13, 2013 and later cross-posted in the Free Speech Initiative the same day.

We often forget how vulnerable the World Wide Web leaves us. If walls of code prevent us from entering each other’s systems and networks, there are those who can easily pick their way past them or disable essential digital platforms. We are reminded of this by the doings of Anonymous, which carried out a series of attacks, including the website run by Computer Emergency Response Team India (CERT-In) which is the government agency in charge of cyber-security. Even more serious, are cyber-attacks (arguably cyber warfare) carried out by other states, using digital weapons such as Stuxnet, the digital worm. More proximate and personal are perhaps the phishing attacks, which are on the rise.

We therefore run a great risk if we leave air-traffic control, defense resources or databases containing several citizens’ personal data vulnerable. Sure, there is no doubt that efforts towards better cyber-security are needed. A cyber-security policy is meant to address this need, and to help manage threats to individuals, businesses and government agencies. We need to carefully examine the government’s efforts to handle cyber-security, how effective it is and whether its actions do not have too many negative spillovers.

The National Cyber-Security Policy, unveiled last week, is merely a statement of intention in broad terms. Much of its real impact will be ascertainable only after the language to be used in the law is available. Nevertheless, the scope of the policy remains ambiguous so far, leading to much speculation about the different ways in which it might be intrusive.

One Size Fits All?

The policy covers very different kinds of entities: government agencies, private companies or businesses, non-governmental entities and individual users. These entities may need to be handled differently depending on their nature. Therefore, while direct state action may be most appropriate to secure government agencies’ networks, it may be less appropriate in the context of purely private business.

For example, securing police records would involve the government directly purchasing or developing sufficiently secure technology. However, different private businesses and non-governmental entities may be left to manage their own security. Depending on the size of each entity, each may be differently placed to acquire sophisticated security systems. A good policy would encourage innovation by those with the capacity to do this, while ensuring that others have access to reasonably sound technology, and that they use it. Grey-areas might emerge in contexts where a private party is manages critical infrastructure.

It will also be important to distinguish between smaller and larger organisations whilst creating obligations. Unless this distinction is made at the implementation stage, start-up businesses and civil society organisations may find requirements such as earmarking a budget for cyber security implementation or appointing a Chief Information Security Officer onerous. Additionally, the policy will need to translate into a regulatory solution that provides under-resourced entities with ready solutions to enable them to make their information systems secure, while encouraging larger entities with greater purchasing power to invest in procuring the best possible solutions.

Race to the Top

Security on the Internet works only if it stays one step ahead the people trying to break in. An effective cyber-security policy must keep up with the rapid evolution of technology, and must never become obsolete. The standard-setting and review bodies will therefore need to be very nimble.

The policy contemplates working with industry and supporting academic research and development to achieve this. However the actual manner in which resources are distributed and progress is monitored may make the crucial difference between a waste of public funds and acquisition of capacity to achieve a reasonable degree of cyber security.

Additionally the flow of public funds under this policy, particularly to purchase technology, should be examined very carefully to see whether it is justified. For example, if the government chooses to fund (even by way of subsidy) a private company’s cyber-security research and development rather than an equivalent public university’s endeavour, this decision should be scrutinized to see whether it was necessary. Similarly, if extensive public funds are spent training young people as a capacity-building exercise, we should watch to see how many of these people stay in India and how many leave such that other countries end up benefiting from the Indian government’s investment in them!

Investigation of Security Threats

Although much of the policy focuses on defensive measures that can be taken against security breaches, it is intended not only to cover investigation subsequent to an attack but also to pinpoint ‘potential cyber threats’ so that proactive measures may be taken.

The policy has outlined the need for a ‘Cyber Crisis Management Plan’ to handle incidents that impact ‘critical national processes or endanger public safety and security of the nation’. This portion of the policy will need to be watched closely to ensure that the language used is very narrow and allows absolutely no scope for misinterpretation or misuse that would affect citizens’ rights in any manner.

This caution will be necessary both in view of the manner in which restraints on freedom of speech permitted in the interests of public safety have been flagrantly abused, and because of the kind of paternalistic state intrusion that might be conceived to give effect to this.

Additionally, since the policy also mentions information sharing with internal and international security, defence, law enforcement and other such agencies, it will also be important to find out the exact nature of information to be shared. Of course, how the policy will be put into place will only become clear as the terms governing its various parts emerge. But one hopes the necessary internal direct action to ensure the government agencies’ information networks are secure is already well underway.

It is also to be hoped that the government chooses to take implementation of privacy rights at least as seriously as cyber-security. If some parts of cyber security involve ensuring that user data is protected, the decision about what data needs protection will be important to this exercise.

Additionally, although the policy discusses various enabling and standard-setting measures, it does not discuss the punitive consequences of failure to take reasonable steps to safeguard individuals’ personal data online. These consequences will also presumably form a part of the privacy policy, and should be put in place as early as possible.

For more details visit https://cis-india.org/internet-governance/blog/the-hoot-july-13-2013-chinmayi-arun-parsing-the-cyber-security-policy

You Have the Right to Remain Silent

nishant — 2013-07-22T06:59:53Z

Reflecting upon the state of freedom of speech and expression in India, in the wake of the shut-down of the political satire website narendramodiplans.com.

Nishant Shah's column was published in Down to Earth on July 17, 2013.

It took less than a day for narendramodiplans.com, a political satire website that had more than 60,000 hits in the 20 hours of its existence, to be taken down. A simple webpage that showed a smiling picture of Narendra Modi, the touted candidate for India’s next Prime Ministerial campaign, flashing his now trademark ‘V’ for ~~Vengeance~~ Victory sign. At the first glimpse it looked like another smart media campaign by the net-savvy minister who has already made use of the social web quite effectively, to connect with his constituencies and influence the younger voting population in the country. Below the image of Mr. Modi was a text that said, "For a detailed explanation of how Mr. Narendra Modi plans to run the nation if elected to the house as a Prime Minister and also for his view/perspective on 2002 riots please click the link below." The button, reminiscent of 'sale' signs on shops that offer permanent discounts, promised to reveal, for once and for all, the puppy plight of Mr. Modi's politics and his plans for the country that he seeks to lead.

However, when one tried to click on the button, hoping, at least for a manifesto that combined the powers of Machiavelli with the sinister beauty of Kafka, it proved to be an impossible task. The button wiggled, and jiggled, and slithered all over the page, running away from the mouse following it. Referencing the layers of evasive answers, the engineered Public Relations campaigns that try to obfuscate the history to some of the most pointed questions that have been posited to the Modi government through judicial and public forums, the button never stayed still enough to actually reveal the promised answers. For people who are familiar with the history of such political satire and protest online would immediately recognise that this wasn’t the most original of ideas. In fact, it was borrowed from another website - http://www.thepmlnvision.com/ that levelled similar accusations of lack of transparency and accountability on the part of Nawaz Sharif of Pakistan. Another instance, which is now also shut down, had a similar deployment where the webpage claimed to give a comprehensive view into Rahul Gandhi’s achievements, to question his proclaimed intentions of being the next prime-minister. In short, this is an internet meme, where a simple web page and a java script allowed for a critical commentary on the future of the next elections and the strengthening battle between #feku and #pappu that has already taken epic proportions on Twitter.

The early demise of these two websites (please do note, when you click on the links that the Nawaz Sharif website is still working) warns us of the tightening noose around freedom of speech and expression that politicos are responsible for in India. It has been a dreary last couple of years already, with the passing of the Intermediaries Liabilities Rules as an amendment to the IT Act of India, Dr. Sibal proposing to pre-censor the social web in a quest to save the face of erring political figures, teenagers being arrested for voicing political dissent, and artists being prosecuted for exercising their rights to question the state of governance in our country. Despite battles to keep the web an open space that embodies the democratic potentials and the constitutional rights of freedom of speech and expression in the country, it has been a losing fight to keep up with the ad hoc and dictatorial mandates that seem to govern the web.


Above is a screen shot from narendramodiplans.com website

We have no indication of why this latest piece of satirical expression, which should be granted immunity as a work of art, if not as an individual’s right to free speech, was suddenly taken down. The website now has a message that says, “I quit. In a country with freedom of speech, I assumed that I was allowed to make decent satire on any politician more particularly if it is constructive. Clearly, I was wrong.” The web is already abuzz with conspiracy theories, each sounding scarier than the other because they seem so plausible and possible in a country that has easily sacrificed our right to free speech and expression at the altar of political egos. And whether you subscribe to any of the theories or not, whether your sympathies lie with the BJP or with the UPA, whether or not you approve of the political directions that the country seems to be headed in, there is no doubt that you should be as agitated as I am, about the fact that we are in a fast-car to blanket censorship, and we are going there in style.

What happens online is not just about this one website or the one person or the one political party – it is a reflection on the rising surveillance and bully state that presumes that making voices (and sometimes people) invisible, is enough to resolve the problems that they create. And what happens on the web is soon going to also affect the ways in which we live our everyday lives. So the next time, you call some friends over for dinner, and then sit arguing about the state of politics in the country, make sure your windows are all shut, you are wearing tin-foil hats and if possible, direct all conversations to the task of finally finding Mamta Kulkarni. Because anything else that you say might either be censored or land you in a soup, and the only recourse you might have would be a website that shows the glorious political figures of the country, with a sign that says “To defend your right to free speech and expression, please click here”. And you know that you are never going to be able to click on that sign. Ever.

For more details visit https://cis-india.org/internet-governance/blog/down-to-earth-july-17-2013-nishant-shah-you-have-the-right-to-remain-silent

Snooping technology: Will CMS work in India?

praskrishna — 2013-07-22T07:19:02Z

The Indian government plans to spend $132 million on setting up its brand new Central Monitoring System this year.

Pierre Fitter's article was published in FirstPost on July 17, 2013. Pranesh Prakash is quoted.

Several articles have raised valid questions about privacy violations, including this one by Danish Raza. Elsewhere, Pranesh Prakash has raised important points about how CMS may actually violate several laws and at least one Supreme Court verdict.

I ask a much more basic question: will CMS work? Can it really help security agencies eavesdrop on criminals and terrorists, despite several known technical hurdles?

	Encryption In 2008, a prominent Brazilian banker and investor named Daniel Dantas was arrested and charged with money laundering and tax evasion along with a former mayor of Sao Paulo. For five months, the Brazilian National Institute of Criminology tried to read the contents of his hard drive but failed to crack it. Dantas had encrypted his data using a free program called Truecrypt. The INC sent the hard drive to the FBI in the US, which spent a whole year trying to crack it; it too failed. Dantas’s use of encryption likely helped him escape the money laundering and tax evasion charges. He was ultimately convicted of attempting to bribe a police officer.

Encryption

In 2008, a prominent Brazilian banker and investor named Daniel Dantas was arrested and charged with money laundering and tax evasion along with a former mayor of Sao Paulo. For five months, the Brazilian National Institute of Criminology tried to read the contents of his hard drive but failed to crack it. Dantas had encrypted his data using a free program called Truecrypt. The INC sent the hard drive to the FBI in the US, which spent a whole year trying to crack it; it too failed. Dantas’s use of encryption likely helped him escape the money laundering and tax evasion charges. He was ultimately convicted of attempting to bribe a police officer.

This story illustrates a fundamental loophole at the heart of CMS. A criminal, using free and easy-to-use software, can protect his data from even the most advanced surveillance tools available in law enforcement. NSA whistle blower Edward Snowden himself used encrypted email to communicate with journalists at the Guardian. In an online chat where he took questions from the public, Snowden noted that encryption was “one of the few things that you can rely on” to protect you from the eavesdropping behemoth created of the NSA.

It should hardly be surprising then, that terror groups have been encrypting their emails and data for at least the last five years. In fact Al Qaeda developed its own encryption software called ‘Mujahideen Secrets’, to encrypt emails, chat sessions and files. Version two of Mujahideen Secrets even included a tool to delete files securely so that they could not be recovered using special software if the computer was captured. Al Qaeda’s links to several terror groups operating in India has been widely reported in the past. It is not inconceivable that they have shared their encryption software with their comrades-in-arms.

Over the years it has become easier to encrypt one’s communication. YouTube tutorials train even novice users to set up email encryption within minutes. Phone calls, text messages and online chats can also be encrypted with free, easy-to-install apps.

The biggest problem with encryption is that it is virtually impossible to break the code in a time frame that’s useful for law-enforcement purposes. Without getting too technical, modern encryption relies calculating the prime factors of very, very large integers. In 2009, a group of some of the world’s best-known mathematicians and cryptographers reported that it took them four years to factor a 768-bit integer. They estimated it would take 1,000 times longer to factorise a 1024-bit integer. GPG, which is the most widely-used email encryption software, allows users up to 4096-bit encryption. Unless you have the password to the encrypted files, it would take you a very long time to crack the encryption.

Here’s an example to help you understand why encryption makes CMS redundant. Let’s say the system intercepts an encrypted email sent by a LeT handler in Karachi to a sleeper cell in Mumbai. The email contains instructions to detonate a bomb in a specific market at a specific time four days from now. Even if India’s intelligence agencies managed to link up every computer they had available to process the encryption, they would still not be able to crack it in time to learn the details and stop the attack.

What about ‘Metadata’?

It should be noted that encryption only protects the body of the email. The metadata, including the sender’s and receiver’s email addresses remain unencrypted, else the service provider would be unable to send the email to its destination. Law enforcement agencies often partner with email providers to track down the exact computer on which tell-tale emails were read.

However, this method of tracing criminals has a limitation. Programs such as TOR and Hotspot Shield disguise the IP address of a user’s PC. For example, when I use TOR, Facebook will often ask me to confirm my identity as it sees me as logging in from an unfamiliar location. TOR has thousands of servers around the world through which it bounces your data before sending it to its destination.

There is another limitation to using metadata. Due to obvious legal hurdles, CMS will only be deployed to capture communication within India. If terrorists were planning an attack from elsewhere in India’s neighbourhood (as happened with 26/11), we would have to rely on that country’s intelligence services for an alert. Good luck with that!

To make untraceable phone calls, terrorists have been known to use “burner” phones. These are pre-paid phones that are easily available in the US and other countries that do not require an ID for such mobile connections. They can be topped up using cash, which makes their prolonged using even more untraceable.

Even if CMS allowed spooks to listen to these calls, it would not be able to tell who was talking to whom. From details that emerged following the Abbottabad operation that killed Osama bin Laden, we also know that terrorists have been trained to turn off their phones and remove the battery to prevent being tracked even while not on a call.

So what is CMS good for?

If terrorist communications can easily be hidden from CMS, you have to wonder why the government is going through all the effort and expense to set up such a system. What good can come off the mass hoovering of data of ordinary citizens’?

Imagine if CMS intercepted a ‘BBM chat’ between two businessmen, who were discussing a contract that could affect the business interests of a government MP.

Imagine the government getting access to emails exchanged between a journalist and a source in the IAS who wants to expose a major corruption scandal involving a cabinet minister.

Imagine if the government had access to phone calls between two opposition politicians discussing election strategies.

What if CMS tracks a PhD candidate who is researching Naxal terror and has downloaded Naxal pamphlets? What if this researcher has been able to establish contact with Naxals for an interview. Can the government use such data to charge him with participating in a Naxal conspiracy, even if his only intention was to research their motivations? In a country where chief ministers label their critics as “Naxals” for merely raising questions, are we certain we want such unmitigated power in the government’s hands?

These are all questions well worth asking, especially since the ostensible reason for setting up the CMS—monitoring terrorists and criminals—is a fool’s errand at best.

For more details visit https://cis-india.org/news/firstpost-pierre-fitter-july-17-2013-snooping-technology

Data protection experts slam state for sending mass SMSes

praskrishna — 2012-03-27T03:46:00Z

Experts in the field of data protection, privacy law and media have criticised the West Bengal government's mass SMS sent to individuals, companies and media houses through private mobile networks last Friday. Lara Choksey reports this in an article published in the Statesman on March 25, 2012.

The government's use of private data in order to spread political messages is ethically dubious and dangerous, say some. The SMS indirectly refers to The Telegraph's publication of the Poonam Pandey tweet, warning against the transmission of “provocative and indecent photographs for hurting the religious sentiments of people and disrupting communal harmony.” It urges recipients to “frustrate the designs of … unscrupulous people and maintain peace and communal harmony,” and is signed by “Mamata Banerjee, Chief Minister”.

Speaking to The Statesman on Saturday, Mumbai-based media lecturer Ms Geeta Seshu identified two issues with the government sending out political messages through mobile phone networks.

Firstly, from an ethical standpoint, the unchecked freedom of mobile phone companies to hand out private data is “completely wrong”, she said.

Secondly, the use of government funds for such dissemination needs to be transparent. If the state government has used public funds to distribute its message through a mobile phone network, then this information should be readily available, said Ms Seshu.

The Telecom Regulation Authority of India's (Trai) unsolicited commercial communications regulations allow unsolicited advertising through mobile phone networks.

Mr Apar Gupta, partner of Delhi-based law firm Advani and Co., explained, “The regulations are not wide enough to prohibit communications from a political party.” He observed, “Using SMS messages is a very efficient propaganda tool because so many people have access to mobile phones.”

Mobile phone networks such as Vodafone make it clear in their privacy policies that the personal data of its customers “may be used for inclusion in any telephone or similar directory or directory enquiry service provided or operated by us or by a third party” (source Vodafone website).

Any third party ~ governmental or corporate ~ can therefore access the company's directory of private mobile numbers at the discretion of the network in question.

It is not yet clear which government department coordinated the SMS, or what funds were used to cover the costs. Representatives from the ministry of information and cultural affairs were not able to shed a light on the matter. “I know that a message was sent out,” said the I & CA director Umapada Chatterjee, "But it was not sent from this department. I do not know that information.”

Some commentators did not condemn the government's SMS. Delhi High Court lawyer and cyber law expert, Mr Praveen Dalal, criticised the publication of the Poonam Pandey tweet on the grounds of it violating the due diligence guidelines of the Cyber Law of India. He commented, “If casual and careless publications … continue, there would be no other option left for the government but to regulate their affairs in a more intrusive manner.”

However, executive director of the Centre for Internet and Society, Mr Sunil Abraham, called the state government's use of unsolicited SMS a “clear abuse of the powers afforded by elected office.” Mr Abraham explained that elected representatives would be justified in such measures, and in utilising public funds, in the event of a disaster, or when public order, public health or national security are compromised.

“However in this case, the government is abusing the provisions of the law and using this incident as a pretext to threaten media professionals with surveillance and to intimidate for the purposes of reigning in free speech,” he told The Statesman. The chief minister was unavailable to make a comment on the matter.

Read the original published in the Statesman

For more details visit https://cis-india.org/news/data-protection-experts-slam-state-for-sending-mass-smses

UN agrees to review agencies governing Internet

praskrishna — 2012-12-31T02:40:20Z

Although India’s proposal has been criticized as an effort to control the Net, govt says this will ensure it has more say in policymaking.

The article by Surabhi Agarwal was published in Livemint on December 27, 2012. Pranesh Prakash is quoted.

In the fierce debate on who governs the Internet, the Indian government can claim a small victory of sorts after the UN decided to establish a working group to review the mandate of agencies administering the worldwide network of computers.

India last year proposed creating an UN agency, dubbed the Committee on Internet-Related Policies (CIRP), that would decide on issues related to the Internet, including control of resources such as domain names and Internet Protocol (IP) addresses. The Internet Corporation for Assigned Names and Numbers (Icann), a non-governmental organization based in the US, currently administers these.

The US, the UK and Canada refused to sign a new communications treaty proposed at the 3-14 December Dubai conference of the International Telecommunications Union (ITU), which sets global telecom technical standards, on fears that it will give national governments greater control over the Internet and may restrict free speech. India, too, hasn’t signed the pact.

“Even though the United Nations has not yet accepted India’s proposal for constituting CIRP, it (the formation of a working group) is a step forward, as now the working group on enhanced cooperation will deliberate on the need for CIRP,” a government official said, requesting anonymity.

Although India’s proposal has been criticized as an effort to control the Internet, the government has said this will ensure it has a greater say in Internet policymaking.

The Commission on Science and Technology for Development, a UN body, has been asked to establish a working group on enhanced cooperation to examine the mandate of the World Summit on the Information Society, which issues non-binding guidelines on the Internet, “through seeking, compiling and reviewing inputs from all member states and all other stakeholders,” according to a 12 December letter from the UN to the Indian government. The working group has been asked to submit its report to the commission in 2014.

Mint has reviewed a copy of the letter and also India’s response to the UN welcoming the move.

The UN’s move reflected India’s growing influence in multilateral policymaking bodies, according to Rajat Kathuria, chief executive and director of Indian Council for Research on International Economic Relations, a think tank.

“India’s increasing clout not only in the WTO (World Trade Organisation) but also in these kinds of forums is fairly obvious,” he said. The country should be able to stand its ground and use its negotiating powers well, he added. “Everybody is looking at India now and it should not be forced into getting into things it doesn’t want to.” Kathuria also agreed with India’s decision to consider in detail the new global telecom pact, which contains a resolution on the Internet, before signing it.

“We don’t have enough information on the impact of signing this treaty,” Kathuria said. “I agree with what India has done. We need to do our homework and understand clearly what it means.”

Although the treaty is restricted to telecom standards, it contained a non-binding resolution on the Internet. The treaty stated that its purview doesn’t include content over telecommunications networks or the Internet.

However, there have been divergent views on its implications. While some have argued that signing it would mean giving the ITU dominance over Internet governance, others dismiss it as harmless.

“This wasn’t an ITU takeover of the Internet and India’s signing of the treaty will not make it one,” said Pranesh Prakash, policy director at Centre for Internet Studies, a Bangalore-based think tank.

However, India’s cautious approach is a good sign, he said. “I hope civil society is consulted before the decision is taken whether to support ITR (International Telecommunication Regulations) and the resolutions which were passed in Dubai.”

Critical Internet resources such as domain names and IP addresses are like natural resources and no one country should monetize them or have control over them, said another government official.

“It is of utmost importance for India to have a say in the matters of the Internet as the country has huge untapped potential in the area of Internet and technology,” said the official, who too declined to be named.

A white paper on Internet governance by Research and Information System for Developing Countries, chaired by Shyam Saran, former Indian diplomat, has said the Internet continues to be managed by private entities such as Icann “under contractual arrangements with the US government”.

Icann is not controlled by the US government, an official of the Internet administrator said on condition of anonymity. It follows a multi-stakeholder model.

The paper on Internet governance argued against the allegation that India’s proposal of CIRP will lead to government’s control of the Internet.

“India’s proposal for CIRP, a multilateral and multi-stakeholder mechanism, is not intended to control content,” it said. “It does not insist that the governments have the last word in regulating the Internet.”

The paper had argued that India should pursue the establishment of a working group on enhanced cooperation, which will pave the way for further consideration of India’s proposal for the establishment of CIRP.

For more details visit https://cis-india.org/news/livemint-december-27-2012-surabhi-agarwal-un-agrees-to-review-agencies-governing-internet

No Civil Society Members in the Cyber Regulations Advisory Committee

pranesh — 2013-01-09T17:56:57Z

The Government of India has taken our advice and reconstituted the Cyber Regulations Advisory Commitee. But there is no representation of Internet users, citizens, and consumers — only government and industry interests.

In multiple op-eds (Indian Express and Mint), I have pointed out the need for the government to reconstitute the "Cyber Regulations Advisory Committee" (CRAC) under section 88 of the Information Technology Act. That it be reconstituted along the model of the Brazilian Internet Steering Committee was also part of the suggestions that CIS sent to the government after a meeting FICCI had convened along with the government on September 4, 2012.

Section 88 requires that people "representing the interests principally affected" by Internet policy or "having special knowledge of the subject matter" be present in this advisory body. The main function of the CRAC is to advise the the Central Government "either generally as regards any rules or for any other purpose connected with this Act".

Despite this important function, the CRAC had — till November 2012 — only ever met twice, both times in 2001. The response to an RTI informed us that the body had never provided any advice to the government.

Government Not Serious

The increasing pressure on the government for botching up Internet regulations has led it to reconstitute the CRAC. However, the list of members of the committee shows that the government is not serious about this committee representing "the interests primarily affected" by Internet policy.

Importantly, this goes against the express wish of the Shri Kapil Sibal, the Union Minister for Communications and IT, who has repeatedly stated that he believes that Internet-related policymaking should be an inclusive process. Most recently, at the 2012 Internet Governance Forum he stated that we need systems that are:

"collaborative, consultative, inclusive and consensual, for dealing with all public policies involving the Internet"

Interestingly, despite the Hon'ble Minster verbally inviting civil society organizations (on November 23, 2012) for a meeting of the CRAC that happened on November 25, 2012, the Department of Electronics and Information Technology refused to send us invitations for the meeting. This hints at a disconnect between the political and bureaucratic wings of the government, at least at some levels.

Interestingly, this isn't the first time this has been pointed out. Na. Vijayashankar was levelling similar criticisms against the CRAC way back in August 2000 when the original CRAC was constituted.

Breakdown by Stakeholder Groupings

While there is no one universal division of stakeholders in Internet governance, but four goups are widely recognized: governments (national and intergovernmental), industry, technical community, and civil society. Using that division, we get:

Government - 15 out of 22 members
Industry bodies - 6 out of 22 members
Technical community / Academia - 1 out of 22 members
Civil society - 0 out of 22 members.

List of Members of Cyber Regulatory Advisory Committee

The official notification (G.S.R. 827(E)) is available on the DEIT website and came into force on November 16, 2012.

(Note: Names with ~~strikethroughs~~ have been removed from the CRAC since 2000, and those with emphasis have been added.)

Minister, Ministry of Communication and Information Technology - Chairman
Minister of State, Ministry of Communications and Information Technology - Member
Secretary, Ministry of Communication and Information Technology, Department of Electronics and Information Technology - Member
Secretary, Department of Telecommunications - Member
~~Finance Secretary - Member~~
Secretary, Legislative Department - Member
Secretary, Department of Legal Affairs - Member
~~Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member~~
Secretary, Ministry of Commerce - Member
Secretary, Ministry of Home Affairs - Member
Secretary, Ministry of Defence - Member
Deputy Governor, Reserve Bank of India - Member
Information Technology Secretary from the states by rotation - Member
Director, IIT by rotation from the IITs - Member
Director General of Police from the States by rotation - Member
President, NASSCOM - Member
President, Internet Service Provider Association - Member
Director, Central Bureau of Investigation - Member
Controller of Certifying Authority - Member
Representative of CII - Member
Representative of FICCI - Member
Representative of ASSOCHAM - Member
President, Computer Society of India - Member
Group Coordinator, Department of Electronic and Information Technology - Member Secretary

For more details visit https://cis-india.org/internet-governance/blog/cyber-regulations-advisory-committee-no-civil-society

Smart Cities in India: An Overview

vanya — 2016-01-11T01:30:07Z

The Government of India is in the process of developing 100 smart cities in India which it sees as the key to the country's economic and social growth. This blog post gives an overview of the Smart Cities project currently underway in India. The smart cities mission in India is at a nascent stage and an evolving area for research. The Centre for Internet and Society will continue work in this area.

Overview of the 100 Smart Cities Mission

The Government of India announced its flagship programme- the 100 Smart Cities mission in the year 2014 and was launched in June 2015 to achieve urban transformation, drive economic growth and improve the quality of life of people by enabling local area development and harnessing technology. Initially, the Mission aims to cover 100 cities across the countries (which have been shortlisted on the basis of a Smart Cities Proposal prepared by every city) and its duration will be five years (FY 2015-16 to FY 2019-20). The Mission may be continued thereafter in the light of an evaluation to be done by the Ministry of Urban Development (MoUD) and incorporation of the learnings into the Mission. The Mission aims to focus on area-based development in the form of redevelopment of existing spaces, or the development of new areas (Greenfield) to accommodate the growing urban population and ensure comprehensive planning to improve quality of life, create employment and enhance incomes for all - especially the poor and the disadvantaged. ^{^[1]} On 27th August 2015 the Centre unveiled 98 smart cities across India which were selected for this Project. Across the selected cities, 13 crore population ( 35% of the urban population will be included in the development plans. ^{^[2]} The mission has been developed for the purpose of achieving urban transformation. The vision is to preserve India's traditional architecture, culture & ethnicity while implementing modern technology to make cities livable, use resources in a sustainable manner and create an inclusive environment. ^{^[3]}

The promises of the Smart City mission include reduction of carbon footprint, adequate water and electricity supply, proper sanitation, including solid waste management, efficient urban mobility and public transport, affordable housing, robust IT connectivity and digitalization, good governance, citizen participation, security of citizens, health and education.

Questions unanswered

Why and How was the Smart Cities project conceptualized in India? What was the need for such a project in India?
What was the role of the public/citizens at the ideation and conceptualization stage of the project?
Which actors from the Government, Private industry and the civil society are involved in this mission? Though the smart cities mission has been initiated by the Government of India under the Ministry of Urban Development, there is no clarity about the involvement of the associated offices and departments of the Ministry.

How are the Smart Cities being selected?

The 100 cities were supposed to be selected on the basis of Smart cities challenge^{^[4]} involving two stages. Stage I of the challenge involved Intra-State city selection on objective criteria to identify cities to compete in stage-II. In August 2015, The Ministry of Urban Development, Government of India announced 100 smart cities ^{^[5]} evaluated on parameters such as service levels, financial and institutional capacity, past track record, called as the 'shortlisted cities' for this purpose. The selected cities are now competing for selection in the Second stage of the challenge, which is an All India competition. For this crucial stage, the potential 100 smart cities are required to prepare a Smart City Proposal (SCP) stating the model chosen (retrofitting, redevelopment, Greenfield development or a mix), along with a Pan-City dimension with Smart Solutions. The proposal must also include suggestions collected by way of consultations held with city residents and other stakeholders, along with the proposal for financing of the smart city plan including the revenue model to attract private participation. The country saw wide participation from the citizens to voice their aspirations and concerns regarding the smart city. 15th December 2015 has been declared as the deadline for submission of the SCP, which must be in consonance with evaluation criteria set by The MoUD, set on the basis of professional advice. ^{^[6]} On the basis of this, 20 cities will be selected for the first year. According to the latest reports, the Centre is planning to fund only 10 cities for the first phase in case the proposals sent by the states do not match the expected quality standards and are unable to submit complete area-development plans by the deadline, i.e. 15th December, 2015. ^{^[7]}

Questions unanswered

Who would be undertaking the task of evaluating and selecting the cities for this project?
What are the criteria for selection of a city to qualify in the first 20 (or 10, depending on the Central Government) for the first phase of implementation?

How are the smart cities going to be Funded?

The Smart City Mission will be operated as a Centrally Sponsored Scheme (CSS) and the Central Government proposes to give financial support to the Mission to the extent of Rs. 48,000 crores over five years i.e. on an average Rs. 100 crore per city per year. ^{^[8]} The additional resources will have to be mobilized by the State/ ULBs from external/internal sources. According to the scheme, once list of shortlisted Smart Cities is finalized, Rs. 2 crore would have been disbursed to each city for proposal preparation.^{^[9]}

According to estimates of the Central Government, around Rs 4 lakh crore of funds will be infused mainly through private investments and loans from multilateral institutions among other sources, which accounts to 80% of the total spending on the mission. ^{^[10]} For this purpose, the Government will approach the World Bank and the Asian Development Bank (ADB) for a loan costing £500 million and £1 billion each for 2015-20. If ADB approves the loan, it would be it will be the bank's highest funding to India's urban sector so far.^{^[11]} Foreign Direct Investment regulations have been relaxed to invite foreign capital and help into the Smart City Mission. ^{^[12]}

Questions unanswered

The Government notes on Financing of the project mentions PPPs for private funding and leveraging of resources from internal and external resources. There is lack of clarity on the external resources the Government has/will approach and the varied PPP agreements the Government is or is planning to enter into for the purpose of private investment in the smart cities.

How is the scheme being implemented?

Under this scheme, each city is required to establish a Special Purpose Vehicle (SPV) having flexibility regarding planning, implementation, management and operations. The body will be headed by a full-time CEO, with nominees of Central Government, State Government and ULB on its Board. The SPV will be a limited company incorporated under the Companies Act, 2013 at the city-level, in which the State/UT and the Urban Local Body (ULB) will be the promoters having equity shareholding in the ratio 50:50. The private sector or financial institutions could be considered for taking equity stake in the SPV, provided the shareholding pattern of 50:50 of the State/UT and the ULB is maintained and the State/UT and the ULB together have majority shareholding and control of the SPV. Funds provided by the Government of India in the Smart Cities Mission to the SPV will be in the form of tied grant and kept in a separate Grant Fund.^{^[13]}

For the purpose of implementation and monitoring of the projects, the MoUD has also established an Apex Committee and National Mission Directorate for National Level Monitoring^{^[14]}, a State Level High Powered Steering Committee (HPSC) for State Level Monitoring^{^[15]} and a Smart City Advisory Forum at the City Level ^{^[16]}.

Also, several consulting firms^{^[17]} have been assigned to the 100 cities to help them prepare action plans.^{^[18]} Some of them include CRISIL, KPMG, McKinsey, etc. ^{^[19]}

Questions unanswered

What policies and regulations have been put in place to account for the smart cities, apart from policies looking at issues of security, privacy, etc.?
What international/national standards will be adopted while development of the smart cities? Though the Bureau of Indian Standards is in the process of formulating standardized guidelines for the smart cities in India^{^[20]}, yet there is lack of clarity on adoption of these national standards, along with the role of international standards like the ones formulated by ISO.

What is the role of Foreign Governments and bodies in the Smart cities mission?

Ever since the government's ambitious project has been announced and cities have been shortlisted, many countries across the globe have shown keen interest to help specific shortlisted cities in building the smart cities and are willing to invest financially. Countries like Sweden, Malaysia, UAE, USA, etc. have agreed to partner with India for the mission.^{^[21]} For example, UK has partnered with the Government to develop three India cities-Pune, Amravati and Indore.^{^[22]} Israel's start-up city Tel Aviv also entered into an agreement to help with urban transformation in the Indian cities of Pune, Nagpur and Nashik to foster innovation and share its technical know-how.^{^[23]} France has piqued interest for Nagpur and Puducherry, while the United States is interested in Ajmer, Vizag and Allahabad. Also, Spain's Barcelona Regional Agency has expressed interest in exchanging technology with the Delhi. Apart from foreign government, many organizations and multilateral agencies are also keen to partner with the Indian government and have offered financial assistance by way of loans. Some of them include the UK government-owned Department for International Development, German government KfW development bank, Japan International Cooperation Agency, the US Trade and Development Agency, United Nations Industrial Development Organization and United Nations Human Settlements Programme. ^{^[24]}

Questions unanswered

Do these governments or organization have influence on any other component of the Smart cities?
How much are the foreign governments and multilateral bodies spending on the respective cities?
What kind of technical know-how is being shared with the Indian government and cities?

What is the way ahead?

On the basis of the SCP, the MoUD will evaluate, assess the credibility and select 20 smart cities out of the short-listed ones for execution of the plan in the first phase. The selected city will set up a SPV and receive funding from the Government.

Questions unanswered

Will the deadline of submission of the Smart Cities Proposal be pushed back?
After the SCP is submitted on the basis of consultation with the citizens and public, will they be further involved in the implementation of the project and what will be their role?
How will the MoUD and other associated organizations as well as actors consider the implementation realities of the project, like consideration of land displacement, rehabilitation of the slum people, etc.
How are ICT based systems going to be utilized to make the cities and the infrastructure "smart"?
How is the MoUD going to respond to the concerns and criticism emerging from various sections of the society, as being reflected in the news items?
How will the smart cities impact and integrate the existing laws, regulations and policies? Does the Government intend to use the existing legislations in entirety, or update and amend the laws for implementation of the Smart Cities Mission?

^{^[1]} Smart Cities, Mission Statement and Guidelines, Ministry of Urban Development, Government of India, June 2015, Available at : http://smartcities.gov.in/writereaddata/SmartCityGuidelines.pdf

^{^[2]} http://articles.economictimes.indiatimes.com/2015-08-27/news/65929187_1_jammu-and-kashmir-12-cities-urban-development-venkaiah-naidu

^{^[3]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[4]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[5]} Full list : http://www.scribd.com/doc/276467963/Smart-Cities-Full-List

^{^[6]} http://smartcities.gov.in/writereaddata/Process%20of%20Selection.pdf

^{^[7]} http://www.ibtimes.co.in/modi-govt-select-only-10-cities-under-smart-city-project-this-year-report-658888

^{^[8]} http://smartcities.gov.in/writereaddata/Financing%20of%20Smart%20Cities.pdf

^{^[9]} Smart Cities presentation by MoUD : http://smartcities.gov.in/writereaddata/Presentation%20on%20Smart%20Cities%20Mission.pdf

^{^[10]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/

^{^[11]} http://indianexpress.com/article/india/india-others/funding-for-smart-cities-key-to-coffer-lies-outside-india/#sthash.5lnW9Jsq.dpuf

^{^[12]} http://india.gov.in/spotlight/smart-cities-mission-step-towards-smart-india

^{^[13]} http://smartcities.gov.in/writereaddata/SPVs.pdf

^{^[14]} http://smartcities.gov.in/writereaddata/National%20Level%20Monitoring.pdf

^{^[15]} http://smartcities.gov.in/writereaddata/State%20Level%20Monitoring.pdf

^{^[16]} http://smartcities.gov.in/writereaddata/City%20Level%20Monitoring.pdf

^{^[17]} http://smartcities.gov.in/writereaddata/List_of_Consulting_Firms.pdf

^{^[18]} http://pib.nic.in/newsite/PrintRelease.aspx?relid=128457

^{^[19]} http://economictimes.indiatimes.com/articleshow/49242050.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^{^[20]} http://www.business-standard.com/article/economy-policy/in-a-first-bis-to-come-up-with-standards-for-smart-cities-115060400931_1.html

^{^[21]} http://accommodationtimes.com/foreign-countries-have-keen-interest-in-development-of-smart-cities/

^{^[22]} http://articles.economictimes.indiatimes.com/2015-11-20/news/68440402_1_uk-trade-three-smart-cities-british-deputy-high-commissioner

^{^[23]} http://www.jpost.com/Business-and-Innovation/Tech/Tel-Aviv-to-help-India-build-smart-cities-435161?utm_campaign=shareaholic&utm_medium=twitter&utm_source=socialnetwork

^{^[24]} http://indianexpress.com/article/india/india-others/smart-cities-projectfrom-france-to-us-a-rush-to-offer-assistance-funds/#sthash.nCMxEKkc.dpuf

For more details visit https://cis-india.org/internet-governance/blog/smart-cities-in-india-an-overview

Start-up India turns the heat on Facebook Free Basics

praskrishna — 2015-12-29T15:54:30Z

Facebook launched its "Save Free Basics" campaign last week, asking users to support "digital equality" in India.

The article by Anita Babu was published in Business Standard on December 22, 2015. Pranesh Prakash gave inputs.

Nearly a week after Facebook launched its controversial "Save Free Basics" campaign in India, the net neutrality debate has come to the fore again. This time around, India's star internet entrepreneurs such as Vijay Shekhar Sharma, founder and chief executive of Paytm, and Dippak Khurana of Vserv have joined the crusade for free internet.

"Oh my fellow Indians, either choose this and do a jihad for independent internet later or pick net neutrality today," Sharma of Paytm, India's largest digital wallet, tweeted on Tuesday. "Digital world war heads! We have to load http://www.savetheinternet.in for #NetNeutrality," said Sharma in another tweet. Savetheinternet.in, a volunteer group, has urged people to lend their support for an unfettered internet in India.

Facebook launched its "Save Free Basics" campaign last week, asking users to support "digital equality" in India, in response to a paper by the telecom regulator which is seeking comments on differential pricing practices like Airtel Zero of Facebook's Free Basics, which was earlier called Internet.org.

Facebook launched a print and digital media campaign for a "connected India" asking users to give a missed call, automatically sending a message to the regulator in support of Free Basics.

Facebook has also been asking its users to send an e-mail to Telecom Regulatory Authority of India (TRAI) supporting "essential internet for all". The social network claims to have gained support from 3.2 million of its 130 million users in India.

On Tuesday, the social media giant earned flak for soliciting support from international users for the campaign. Later, Facebook withdrew the campaign outside India claiming it was an "accident".

However, some net neutrality volunteers said that many of Facebook's 3.2 million supporters for Free Basics were non-Indians.

Activists and tech leaders are calling the Facebook campaign "misleading" and "destructive".

"People are being tricked into supporting Free Basics under the guise of digital equality," wrote Amol Malviya, former chief technology officer at Flipkart, India's largest e-commerce firm, on his blog. "Notice the language on the page? It makes any critic of Free Basics appear to be an enemy of digital equality. People will listen to the critics' arguments much lesser when there's a question mark on their intent."

Nikhil Pahwa, editor and publisher of MediaNama, said India should question the intent of Facebook and its campaign. "There is misrepresentation in the language they have used. It makes people assume that we can't have universal internet access without net-neutrality violating services such as Free Basics. It is important for a country to take note of how much power a platform with as much reach as Facebook has to influence an important government process," said Pahwa, who led a fight against TRAI's move to allow telecom firms charge for internet services like WhatsApp and Hike.

The basic premise of net neutrality is that of freedom - an open internet that protects and enables free communication. Anything that takes away this freedom violates the fundamentals of free Internet. "Facebook's Free Basics is neither free nor basic - it is a cleverly disguised way of walling a garden, and hardly the philanthropic initiative that it is marketed to be," said Khurana of Vserv. He urged internet users to uninstall the Facebook App from their mobile phones in protest.

Pranesh Prakash, policy director at the Centre for Internet and Society, said, "Facebook, a foreign company, is allowed to campaign with impunity, but NGOs receiving funding from foreign trusts are subject to all manners of restrictions and may not campaign in India."

For more details visit https://cis-india.org/internet-governance/news/business-standard-anita-babu-december-23-2015-start-up-india-turns-the-heat-on-facebook-free-basics

Millions of Indians Slam Facebook's ‘Free Basics’ App

subha — 2015-12-30T14:37:09Z

It has been less than two months since the nationwide launch of the Free Basics app in India. The smart phone application (formerly known as Internet.org) offers free access to Facebook, Facebook-owned products like WhatsApp, and a select suite of other websites for users who do not pay for mobile data plans.

This was published in Global Voices on December 29, 2015.

But the app has already been suspended, at least temporarily, as the Telecommunications Regulatory Authority considers new rules governing network neutrality. Depending on how they're written, the rules could render Free Basics a violation of the policy.

Free Basics, which has been deployed in 30 developing countries across the globe, gives users free access to websites that meet Facebook's technical standards for the application. The application does not give users access to the Internet at large. For open Internet advocates, this undercuts consumer choice and violates the principle of network neutrality, under which Internet providers are to treat all Internet traffic equally. Net neutrality allows users equal access to any website they want to visit, and gives website operators equal opportunities to attract visitors.

Facebook has responded to the pending regulation with an aggressive ad campaign both online and off. Over the last week, Facebook users across India (and some in the US) upon logging into the site have been greeted with notifications urging them to take action. The Free Basics page on Facebook now leads to a pleading form that asks users to contact the Telecom Regulatory Authority of India (TRAI) and voice their support for making Free Basics available in India. The company has also purchased a smattering of billboard advertisements across the country and taken out numerous two-page ads in leading national newspapers, as seen above.

The Indian Internet bites back

Indian netizens and activists have spoken out against the company's actions en masse, protesting heavily on social media, blogs and newspapers.

The grassroots open Internet group, SavetheInternet.in, that has been advocating for net neutrality in India throughout 2015, has launched an email campaign asking users to send letters to TRAI explaining how Free Basics violates net neutrality principles and propagates an inaccurate picture of the Internet for new users by placing it inside the confines of Facebook's application.

Multiple stand-up comedy groups have created videos explaining the regulatory debate and supporting net neutrality, which have gone viral:

Above, the third in a series of videos created by All India Bakchod, in partnership with SavetheInternet.in. Below, a video by East India Comedy.

The issue has also been hotly debated on Twitter, with technology and law experts leading the way.

Internet policy expert and lead staff member of the Center for Internet and Society in Bengaluru Pranesh Prakash tweeted:

New Delhi-based technology lawyer Mishi Choudhary, who leads the legal team at the Software Freedom Law Center, tweeted:

The Free Software Movement of India, a non-profit promoting use of free software and its philosophy in India via their local chapters, also has taken the campaign to the streets where the volunteers raised public awareness about Free Basic's adverse side.

Apart from local experts and activists, companies like Reddit, Truecaller and Indian e-commerce platform Paytm have publicly shared their opposition to Facebook's actions.

Facebook targets open Web activists

Facebook is paying close attention to civil society opposition to its activities in India. Across the globe, the company's Free Basics page now opens to a plea for users to contact TRAI, and includes a statement that directly targets open Internet advocates, suggesting that their motives are somehow driven by financial incentives:

…Free Basics is in danger in India. A small, vocal group of critics are lobbying to have Free Basics banned on the basis of net neutrality. Instead of giving people access to some basic internet services for free, they demand that people pay equally to access all internet services – even if that means 1 billion people can't afford to access any services.

SavetheInternet.in explicitly states in their About page that they are entirely volunteer-run and have no affiliation with any political party in India or elsewhere.

Users also have tweeted screenshots alleging that Facebook is restricting access for individuals sending messages opposing Free Basics. This has not been confirmed, but the tweets have only further stoked public frustration with the company.

Zuckerberg vs. SavetheInternet

On December 28, Facebook CEO Mark Zuckerberg penned a piece in the Times of India arguing that Free Basics will help “achieve digital equality for India,” and claiming that the initiative “isn’t about Facebook’s commercial interests.” India represents the world's largest market of Internet users after the US and China, where Facebook remains blocked.

In response, Nikhil Pawa, founder of online portal MediaNama and a volunteer with Savetheinternet.in, authored a critical opinion piece in the same newspaper:

[…] Why hasn’t Facebook chosen the options that do not violate Net Neutrality? For example, in India, Aircel has begun providing full internet access for free at 64 kbps download speed for the first three months….In Bangladesh, Grameenphone users get free data in exchange for watching an advertisement. In Africa, Orange users get 500 MB of free access on buying a $37 handset…

[…]

Facebook is being disingenuous — as disingenuous as the company’s promotional programmes for Free Basics to its Indian users — when it says that Free Basics is in conformity with Net Neutrality.

Pawa also quoted Naveen Patnaik, Chief Minister of Indian state of Odisha, who wrote to TRAI supporting net neutrality. “If you dictate what the poor should get, you take away their right to choose what they think is best for them,” he wrote.

“If you dictate what the poor should get, you take away their right to choose what they think is best for them.”

Writing for Quartz, technology critic Alice Truong expressed similar sentiment: “Zuckerberg almost portrays net neutrality as a first-world problem that doesn’t apply to India because having some service is better than no service.”

For Mahesh Murthy, an Indian venture capitalist and self-described net neutrality activist, it all comes down to revenue. On the Wire, Murthy offered untempered criticism of Facebook and Zuckerberg's efforts to appease the country's leaders:

[..] Unlike Facebook, who tried to silently slime this thing through last year when it was called Internet.org, and then are spending about Rs. 100 crores on ads – a third of its India revenue? – to try and con us Indians this year again. This is after we’d worked hard to ban these kind of products, technically called “zero rating apps” last year.[..] This Facebook ad [spread] doesn’t include the full-on Mark Zuckerberg love event put up for our Prime Minister when he visited the US, aimed again at greasing the way for this Free Basics thing through our government.

For more details visit https://cis-india.org/telecom/blog/millions-of-indians-slam-facebooks-2018free-basics2019-app

Eight Key Privacy Events in India in the Year 2015

Amber Sinha — 2016-01-03T05:43:42Z

As the year draws to a close, we are enumerating some of the key privacy related events in India that transpired in 2015. Much like the last few years, this year, too, was an eventful one in the context of privacy.

While we did not witness, as one had hoped, any progress in the passage of a privacy law, the year saw significant developments with respect to the ongoing Aadhaar case. The statement by the Attorney General, India's foremost law officer, that there is a lack of clarity over whether the right to privacy is a fundamental right, and the fact the the matter is yet unresolved was a huge setback to the jurisprudence on privacy. [1] However, the court has recognised a purpose limitation as applicable into the Aadhaar scheme, limiting the sharing of any information collected during the enrollment of residents in UID. A draft Encryption Policy was released and almost immediately withdrawn in the face of severe public backlash, and an updated Human DNA Profiling Bill was made available for comments. Prime Minister Narendra Modi's much publicised project "Digital India" was in news throughout the year, and it also attracted its' fair share of criticism in light of the lack of privacy safeguards it offered. Internationally, a lawsuit brought by Maximilian Schrems, an Austrian privacy activist, dealt a body blow to the fifteen year old Safe Harbour Framework in place for data transfers between EU and USA. Below, we look at what were, according to us, the eight most important privacy events in India, in 2015.

1. August 11, 2015 order on Aadhaar not being compulsory

In 2012, a writ petition was filed by Judge K S Puttaswamy challenging the government's policy in its attempt to enroll all residents of India in the UID project and linking the Aadhaar card with various government services. A number of other petitioners who filed cases against the Aadhaar scheme have also been linked with this petition and the court has been hearing them together. On September 11, 2015, the Supreme Court reiterated its position in earlier orders made on September 23, 2013 and March 24, 2014 stating that the Aadhaar card shall not be made compulsory for any government services. [2] Building on its earlier position, the court passed the following orders:

a) The government must give wide publicity in the media that it was not mandatory for a resident to obtain an Aadhaar card,

b) The production of an Aadhaar card would not be a condition for obtaining any benefits otherwise due to a citizen,

c) Aadhaar card would not be used for any purpose other than the PDS Scheme, for distribution of foodgrains and cooking fuel such as kerosene and for the LPG distribution scheme.

d) The information about an individual obtained by the UIDAI while issuing an Aadhaar card shall not be used for any other purpose, save as above, except as may be directed by a Court for the purpose of criminal investigation.[3]

Despite this being the fifth court order given by the Supreme Court[4] stating that the Aadhaar card cannot be a mandatory requirement for access to government services or subsidies, repeated violations continue. One of the violations which has been widely reported is the continued requirement of an Aadhaar number to set up a Digital Locker account which also led to activist, Sudhir Yadav filing a petition in the Supreme Court.[5]

2. No Right to Privacy - Attorney General to SC

The Attorney General, Mukul Rohatgi argued before the Supreme Court in the Aadhaar case that the Constitution of India did not provide for a fundamental Right to Privacy.[6] He referred to the body of case in the Supreme Court dealing with this issue and made a reference to the 1954 case, MP Sharma v. Satish Chandra[7] stating that there was "clear divergence of opinion" on the Right to Privacy and termed it as "a classic case of unclear position of law." He also referred to the discussion on this matter in the Constitutional Assembly Debates and pointed to the fact the framers of the Constitution did not intend for this to be a fundamental right. He said the matter needed to be referred to a nine judge Constitution bench.[8] This raises serious questions over the jurisprudence developed by the Supreme Court on the right to privacy over the last five decades. The matter is currently pending resolution by a larger bench which needs to be constituted by the Chief Justice of India.

3. Shreya Singhal judgment and Section 69A, IT Act

In the much celebrated judgment, Shreya Singhal v. Union of India, in March 2015, the Supreme Court struck down Section 66A of the Information Technology Act, 2000 as unconstitutional and laid down guidelines for online takedowns under the Internet intermediary rules. However, significantly, the court also upheld Section 69A and the blocking rules under this provision. It was held to be a narrowly-drawn provision with adequate safeguards. The rules prescribe a procedure for blocking which involves receipt of a blocking request, examination of the request by the Committee and a review committee which performs oversight functions. However, commentators have pointed to the opacity of the process in the rules under this provisions. While the rules mandate that a hearing is given to the originator of the content, this safeguard is widely disregarded. The judgment did not discuss Section 69 of the Information Technology Act, 2000 which deal with decrypting of electronic communication, however, the Department of Electronic and Information Technology brought up this issue subsequently, through a Draft Encryption Policy, discussed below.

4. Circulation and recall of Draft Encryption Policy

On October 19, 2015, the Department of Electronic and Information Technology (DeitY) released for public comment a draft National Encryption Policy. The draft received an immediate and severe backlash from commentators, and was withdrawn by September 22, 2015. [9] The government blamed a junior official for the poor drafting of the document and noted that it had been released without a review by the Telecom Minister, Ravi Shankar Prasad and other senior officials.[10] The main areas of contention were a requirement that individuals store plain text versions of all encrypted communication for a period of 90 days, to be made available to law enforcement agencies on demand; the government's right to prescribe key-strength, algorithms and ciphers; and only government-notified encryption products and vendors registered with the government being allowed to be used for encryption.[11] The purport of the above was to limit the ways in which citizens could encrypt electronic communication, and to allow adequate access to law enforcement agencies. The requirement to keep all encrypted information in plain text format for a period of 90 days garnered particular criticism as it would allow for creation of a 'honeypot' of unencrypted data, which could attract theft and attacks.[12] The withdrawal of the draft policy is not the final chapter in this story, as the Telecom Minister has promised that the Department will come back with a revised policy. [13] This attempt to put restrictions on use of encryption technologies is not only in line with a host of surveillance initiatives that have mushroomed in India in the last few years,[14] but also finds resonance with a global trend which has seen various governments and law enforcement organisations argue against encryption. [15]

5. Privacy concerns raised about Digital India

The Digital India initiative includes over thirty Mission Mode Projects in various stages of implementation. [16] All of these projects entail collection of vast quantities of personally identifiable information of the citizens. However, most of these initiatives do not have clearly laid down privacy policies.[17] There is also a lack of properly articulated access control mechanisms and doubts over important issues such as data ownership owing to most projects involving public private partnership which involves private organisation collecting, processing and retaining large amounts of data. [18] Ahead of Prime Minister Modi's visit to the US, over 100 hundred prominent US based academics released a statement raising concerns about "lack of safeguards about privacy of information, and thus its potential for abuse" in the Digital India project. [19] It has been pointed out that the initiatives could enable a "cradle-to-grave digital identity that is unique, lifelong, and authenticable, and it plans to widely use the already mired in controversy Aadhaar program as the identification system." [20]

6. Issues with Human DNA Profiling Bill, 2015

The Human DNA Profiling Bill, 2015 envisions the creation of national and regional DNA databases comprising DNA profiles of the categories of persons specified in the Bill.[21] The categories include offenders, suspects, missing persons, unknown deceased persons, volunteers and such other categories specified by the DNA Profiling Board which has oversight over these banks. The Bill grants wide discretionary powers to the Board to introduce new DNA indices and make DNA profiles available for new purposes it may deem fit. [22] These, and the lack of proper safeguards surrounding issues like consent, retention and collection pose serious privacy risks if the Bill becomes a law. Significantly, there is no element of purpose limitation in the proposed law, which would allow the DNA samples to be re-used for unspecified purposes.[23]

7. Impact of the Schrems ruling on India

In Schrems v. Data Protection Commissioner, the Court of Justice in European Union (CJEU) annulled the Commission Decision 2000/520 according to which US data protection rules were deemed sufficient to satisfy EU privacy rules enabling transfers of personal data from EU to US, otherwise known as the 'Safe Harbour' framework. The court ruled that broad formulations of derogations on grounds of national security, public interest and law enforcement in place in the US goes beyond the test of proportionality and necessity under the Data Protection rules.[24] This judgment could also have implications for the data processing industry in India. For a few years now, a framework similar to the Safe Harbour has been under discussion for transfer of data between India and EU. The lack of a privacy legislation has been among the significant hurdles in arriving at a framework.[25] In the absence of a Safe Harbour framework, the companies in India rely on alternate mechanisms such as Binding Corporate Rules (BCR) or Model Contractual Clauses. These contracts impose the obligation on the data exporters and importers to ensure that 'adequate level of data protection' is provided. The Schrems judgement makes it clear that 'adequate level of data protection' entails a regime that is 'essentially equivalent' to that envisioned under Directive 95/46.[26] What this means is that any new framework of protection between EU and other countries like US or India will necessarily have to meet this test of essential equivalence. The PRISM programme in the US and a host of surveillance programmes that have been initiated by the government in India in the last few years could pose problems in satisfying this test of essential equivalence as they do not conform to the proportionality and necessity principles.

8. The definition of "unfair trade practices" in the Consumer Protection Bill, 2015

The Consumer Protection Bill, 2015, tabled in the Parliament towards the end of the monsoon session[27] has introduced an expansive definition of the term "unfair trade practices." The definition as per the Bill includes the disclosure "to any other person any personal information given in confidence by the consumer."[28] This clause exclude from the scope of unfair trade practices, disclosures under provisions of any law in force or in public interest. This provision could have significant impact on the personal data protection law in India. Currently, the only law governing data protection law are the Reasonable security practices and procedures and sensitive personal data or information Rules, 2011[29] prescribed under Section 43A of the Information Technology Act, 2000. Under these rules, sensitive personal data or information is protected in that their disclosure requires prior permission from the data subject. [30] For other kinds of personal information not categorized as sensitive personal data or information, the only recourse of data subjects in case to claim breach of the terms of privacy policy which constitutes a lawful contract. [31] The Consumer Protection Bill, 2015, if enacted as law, could significantly expand the scope of protection available to data subjects. First, unlike the Section 43A rules, the provisions of the Bill would be applicable to physical as well as electronic collection of personal information. Second, disclosure to a third party of personal information other than sensitive personal data or information could also have similar 'prior permission' criteria under the Bill, if it can be shown that the information was shared by the consumer in confidence.

What we see above are events largely built around a few trends that we have been witnessing in the context of privacy in India, in particular and across the world, in general. Lack of privacy safeguards in initiatives like the Aadhaar project and Digital India is symptomatic of policies that are not comprehensive in their scope, and consequently fail to address key concerns. Dr Usha Ramanathan has called these policies "powerpoint based policies" which are implemented based on proposals which are superficial in their scope and do not give due regard to their impact on a host of issues. [32] Second, the privacy concerns posed by the draft Encryption Policy and the Human DNA Profiling Bill point to the motive of surveillance that is in line with other projects introduced with the intent to protect and preserve national security. [33] Third, the incidents that championed the cause of privacy like the Schrems judgment have largely been initiated by activists and civil society actors, and have typically entailed the involvement of the judiciary, often the single recourse of actors in the campaign for the protection of civil rights. It must be noted that jurisprudence on the right to privacy in India has not moved beyond the guidelines set forth by the Supreme Court in PUCL v. Union of India.[34] However, new mass surveillance programmes and massive collection of personal data by both public and private parties through various schemes mandated a re-look at the standards laid down twenty years ago. The privacy issue pending resolution by a larger bench in the Aadhaar case affords an opportunity to revisit those principles in light of how surveillance has changed in the last two decades and strengthen privacy and data protection.

^{^[1]} Right to Privacy not a fundamental right, cannot be invoked to scrap Aadhar: Centre tells Supreme Court, available at http://articles.economictimes.indiatimes.com/2015-07-23/news/64773078_1_fundamental-right-attorney-general-mukul-rohatgi-privacy

^{^[2]} SC allows govt to link Aadhaar card with PDS and LPG subsidies, available at http://timesofindia.indiatimes.com/india/SC-allows-govt-to-link-Aadhaar-card-with-PDS-and-LPG-subsidies/articleshow/48436223.cms

^{^[3]} http://judis.nic.in/supremecourt/imgs1.aspx?filename=42841

^{^[4]} Five SC Orders Later, Aadhaar Requirement Continues to Haunt Many, available at http://thewire.in/2015/09/19/five-sc-orders-later-aadhaar-requirement-continues-to-haunt-many-11065/

[5] Digital Locker scheme challenged in Supreme Court, available at http://www.moneylife.in/article/digital-locker-scheme-challenged-in-supreme-court/42607.html

^{^[6]} Privacy not a fundamental right, argues Mukul Rohatgi for Govt as Govt affidavit says otherwise, available at http://www.legallyindia.com/Constitutional-law/privacy-not-a-fundamental-right-argues-mukul-rohatgi-for-govt-as-govt-affidavit-says-otherwise

^{^[7]} 1954 SCR 1077.

^{^[8]} Supra Note 1.

^{^[9]} Government to withdraw draft encryption policy, available at http://www.thehindu.com/news/national/govt-to-withdraw-draft-encryption-policy/article7677348.ece

^{^[10]} Encryption policy poorly worded by officer: Telecom Minister Ravi Shankar Prasad, available at http://economictimes.indiatimes.com/articleshow/49068406.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

^{^[11]} Updated: India's draft encryption policy puts user privacy in danger, available at http://www.medianama.com/2015/09/223-india-draft-encryption-policy/

^{^[12]} Bhairav Acharya, The short-lived adventure of India's encryption policy, available at http://notacoda.net/2015/10/10/the-short-lived-adventure-of-indias-encryption-policy/

^{^[13]} Supra Note 9.

^{^[14]} Maria Xynou, Big democracy, big surveillance: India's surveillance state, available at https://www.opendemocracy.net/opensecurity/maria-xynou/big-democracy-big-surveillance-indias-surveillance-state

^{^[15]} China passes controversial anti-terrorism law to access encrypted user accounts, available at http://www.theverge.com/2015/12/27/10670346/china-passes-law-to-access-encrypted-communications ; Police renew call against encryption technology that can help hide terrorists, available at http://www.washingtontimes.com/news/2015/nov/16/paris-terror-attacks-renew-encryption-technology-s/?page=all .

^{^[16]} http://www.mmp.cips.org.in/digital-india/

[17] http://slides.com/cisindia/big-data-in-indian-governance-preliminary-findings#/

^{^[18]} Indira Jaising, Digital India Schemes Must Be Preceded by a Data Protection and Privacy Law, available at http://thewire.in/2015/07/04/digital-india-schemes-must-be-preceded-by-a-data-protection-and-privacy-law-5471/

^{^[19]} US academics raise privacy concerns over 'Digital India' campaign, available at http://yourstory.com/2015/08/us-digital-india-campaign/

^{^[20]} Lisa Hayes, Digital India's Impact on Privacy: Aadhaar numbers, biometrics, and more, available at https://cdt.org/blog/digital-indias-impact-on-privacy-aadhaar-numbers-biometrics-and-more/

^{^[21]} http://www.prsindia.org/uploads/media//draft/Draft%20Human%20DNA%20Profiling%20Bill%202015.pdf

^{^[22]} Comments on India's Human DNA Profiling Bill (June 2015 version), available at http://www.genewatch.org/uploads/f03c6d66a9b354535738483c1c3d49e4/IndiaDNABill_FGPI_15.pdf

^{^[23]} Elonnai Hickok, Vanya Rakesh and Vipul Kharbanda, CIS Comments and Recommendations to the Human DNA Profiling Bill, June 2015, available at http://cis-india.org/internet-governance/blog/cis-comments-and-recommendations-to-human-dna-profiling-bill-2015

^{^[24]} http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150117en.pdf

^{^[25]} Jyoti Pandey, Contestations of Data, ECJ Safe Harbor Ruling and Lessons for India, available at http://cis-india.org/internet-governance/blog/contestations-of-data-ecj-safe-harbor-ruling-and-lessons-for-india

^{^[26]} Simon Cox, Case Watch: Making Sense of the Schrems Ruling on Data Transfer, available at https://www.opensocietyfoundations.org/voices/case-watch-making-sense-schrems-ruling-data-transfer

^{^[27]} http://www.prsindia.org/billtrack/the-consumer-protection-bill-2015-3965/

^{^[28]} Section 2(41) (I) of the Consumer Protection Bill, 2015.

^{^[29]} http://www.ijlt.in/pdffiles/IT-%28Reasonable%20Security%20Practices%29-Rules-2011.pdf

^{^[30]} Rule 6 of Reasonable security practices and procedures and sensitive personal data or information Rules, 2011

^{^[31]} Rule 4 of Reasonable security practices and procedures and sensitive personal data or information Rules, 2011

^{^[32]} http://cis-india.org/internet-governance/events/communication-rights-in-the-age-of-digital-technology

^{^[33]} Supra Note 11.

^{^[34]} Chaitanya Ramachandra, PUCL V. Union of India Revisited: Why India's Sureveillance Law must be redesigned for the Digital Age, available at http://nujslawreview.org/wp-content/uploads/2015/10/Chaitanya-Ramachandran.pdf

For more details visit https://cis-india.org/internet-governance/blog/eight-key-privacy-events-in-india-in-the-year-2015

Ground Zero Summit

Amber Sinha — 2016-01-03T06:06:56Z

The Ground Zero Summit which claims to be the largest collaborative platform in Asia for cyber-security was held in New Delhi from 5th to 8th November. The conference was organised by the Indian Infosec Consortium (IIC), a not for profit organisation backed by the Government of India. Cyber security experts, hackers, senior officials from the government and defence establishments, senior professionals from the industry and policymakers attended the event.

Keynote Address

The Union Home Minister, Mr. Rajnath Singh, inaugurated the conference. Mr Singh described cyber-barriers that impact the issues that governments face in ensuring cyber-security. Calling the cyberspace as the fifth dimension of security in addition to land, air, water and space, Mr Singh emphasised the need to curb cyber-crimes in India, which have grown by 70% in 2014 since 2013. He highlighted the fact that changes in location, jurisdiction and language made cybercrime particularly difficult to address. Continuing in the same vein, Mr. Rajnath Singh also mentioned cyber-terrorism as one the big dangers in the time to come. With a number of government initiatives like Digital India, Smart Cities and Make in India leveraging technology, the Home Minister said that the success of these projects would be dependent on having robust cyber-security systems in place.

The Home Minister outlined some initiatives that Government of India is planning to take in order to address concerns around cyber security - such as plans to finalize a new national cyber policy. Significantly, he referred to a committee headed by Dr. Gulshan Rai, the National Cyber Security Coordinator mandated to suggest a roadmap for effectively tackling cybercrime in India. This committee has recommended the setting up of Indian Cyber Crime Coordination Centre (I-4C). This centre is meant to engage in capacity building with key stakeholders to enable them to address cyber crimes, and work with law enforcement agencies. Earlier reports about the recommendation suggest that the I-4C will likely be placed under the National Crime Records Bureau and align with the state police departments through the Crime and Criminal Tracking and Network Systems (CCTNS). I-4C is supposed to be comprised of high quality technical and R&D experts who would be engaged in developing cyber investigation tools.

Other keynote speakers included Alok Joshi, Chairman, NTRO; Dr Gulshan Rai, National Cyber Security Coordinator; Dr. Arvind Gupta, Head of IT Cell, BJP and Air Marshal S B Dep, Chief of the Western Air Command.

Technical Speakers

There were a number of technical speakers who presented on an array of subjects. The first session was by Jiten Jain, a cyber security analyst who spoke on cyber espionage conducted by actors in Pakistan to target defence personnel in India. Jiten Jain talked about how the Indian Infosec Consortium had discovered these attacks in 2014. Most of these websites and mobile apps posed as defence news and carried malware and viruses. An investigation conducted by IIC revealed the domains to be registered in Pakistan. In another session Shesh Sarangdhar, the CEO of Seclabs, an application security company, spoke about the Darknet and ways to break anonymity on it. Sarangdhar mentioned that anonymity on Darknet is dependent on all determinants of the equation in the communication maintaining a specific state. He discussed techniques like using audio files, cross domain on tor, siebel attacks as methods of deanonymization. Dr. Triveni Singh. Assistant Superintendent of Police, Special Task Force, UP Police made a presentation on the trends in cyber crime. Dr. Singh emphasised the amount of uncertainty with regard to the purpose of a computer intrusion. He discussed real life case studies such as data theft, credit card fraud, share trading fraud from the perspective of law enforcement agencies.

Anirudh Anand, CTO of Infosec Labs discussed how web applications are heavily reliant on filters or escaping methods. His talk focused on XSS (cross site scripting) and bypassing regular expression filters. He also announced the release of XSS labs, an XSS test bed for security professionals and developers that includes filter evasion techniques like b-services, weak cryptographic design and cross site request forgery. Jan Siedl, an authority on SCADA presented on TOR tricks which may be used by bots, shells and other tools to better use the TOR network and I2P. His presentation dealt with using obfuscated bridges, Hidden Services based HTTP, multiple C&C addresses and use of OTP. Aneesha, an intern with the Kerala Police spoke about elliptical curve cryptography, its features such as low processing overheads. As this requires elliptic curve paths, efficient Encoding and Decoding techniques need to be developed. Aneesha spoke about an algorithm called Generator-Inverse for encoding and decoding a message using a Single Sign-on mechanism. Other subjects presented included vulnerabilities that remained despite using TLS/SSL, deception technology and cyber kill-chain, credit card frauds, Post-quantum crypto-systems and popular android malware.

Panels

There were also two panels organised at the conference. Samir Saran, Vice President of Observer Research Foundation, moderated the first panel on Cyber Arms Control. The panel included participants like Lt. General A K Sahni from the South Western Air Command; Lt. General A S Lamba, Retired Vice Chief Indian Army, Alok Vijayant, Director of Cyber Security Operation of NTRO and Captain Raghuraman from Reliance Industries. The panel debated the virtues of cyber arms control treaties. It was acknowledged by the panel that there was a need to frame rules and create a governance mechanism for wars in cyberspace. However, this would be effective only if the governments are the primary actors with the capability for building cyber-warfare know-how and tools. The reality was that most kinds of cyber weapons involved non state actors from the hacker community. In light of this, the cyber control treaties would lose most of their effectiveness.

The second panel was on the Make for India’ initiatives. Dinesh Bareja, the CEO of Open Security Alliance and Pyramid Cyber Security was the moderator for this panel which also included Nandakumar Saravade, CEO of Data Security Council of India; Sachin Burman, Director of NCIIPC; Dr. B J Srinath, Director General of ICERT and Amit Sharma, Joint Director of DRDO. The focus of this session was on ‘Make in India’ opportunities in the domain of cyber security. The panelist discussed the role the government and industry could play in creating an ecosystem that supports entrepreneurs in skill development. Among the approaches discussed were: involving actors in knowledge sharing and mentoring chapters which could be backed by organisations like NASSCOM and bringing together industry and government experts in events like the Ground Zero Summit to provide knowledge and training on cyber-security issues.

Exhibitions

The conference was accompanied by a exhibitions showcasing indigenous cybersecurity products. The exhibitors included Smokescreen Technologies, Sempersol Consultancy, Ninja Hackon, Octogence Technologies, Secfence, Amity, Cisco Academy, Robotics Embedded Education Services Pvt. Ltd., Defence Research and Development Organisation (DRDO), Skin Angel, Aksit, Alqimi, Seclabs and Systems, Forensic Guru, Esecforte Technologies, Gade Autonomous Systems, National Critical Information Infrastructure Protection Centre (NCIIPC), Indian Infosec Consortium (IIC), INNEFU, Forensic Guru, Event Social, Esecforte Technologies, National Internet Exchange of India (NIXI) and Robotic Zone.

The conference also witnessed events such Drone Wars, in which selected participants had to navigate a drone, a Hacker Fashion Show and the official launch of the Ground Zero’s Music Album.

For more details visit https://cis-india.org/internet-governance/blog/ground-zero-summit

Facebook’s Free Basics Shuts Down In Egypt, Continuing Troubled Run

praskrishna — 2016-01-03T06:11:51Z

The report was published by TV Newsroom on January 1, 2016. Pranesh Prakash gave inputs.

“This isn’t about Facebook’s commercial interests – there aren’t even any ads in the version of Facebook in Free Basics”, he said. Initiatives like Internet.org are attempting to change that, but not without backlash. A similar proposal called zero internet was put forward later by Airtel.

Facebook now has a Zacks Rank #2 (Buy).

“The India fight is helping shape debates elsewhere”, said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based nonprofit advocacy group.

That prompted Facebook CEO Mark Zuckerberg to write an op-ed piece published in the Times of India that asks, “Who could possibly be against this?” There was fulsome praise for Modi from the young internet billionaire. Etisalat Egypt could not be reached for comment at this time. “For example, Facebook can just provide 50 or 100 megabytes for their data connection free every month”.

On Wednesday, Trai extended the last date for submission of comments and counter comment to 7 and 14 January, respectively.

But Zuckerberg is not having a walk in the park with this Free Basics proposition. It sounds a perfectly good idea.

Internet.org is a partnership, led by Facebook and including Samsung, Ericsson, MediaTek, Opera, Nokia and Qualcomm. Through a deal between Facebook and local mobile operators, the data to access those services is free.

The coalition has said that Facebook is misleading users and cautioned that the free service could be replete with advertising if and when it’s implemented. Similarly, signature drives are going on by those staunchly opposed to it. Now the problem for this is that we had asked for response to the specific question of differential pricing… instead we have got responses on supporting Free Basics.

Those campaigning to protect net neutrality in India suggest data providers should not favour some online services over others by offering cheaper or faster access.

The founders and executives mention that the difference in pricing through zero rating “affects the ability of new players to compete” with well-established companies. A situation where the haves can access the Internet and enjoy its tremendous opportunities and the have nots are kept out. Zuckerberg said that India’s progress depends on providing Web access to the 1 billion Indians without it.

Listing three main flaws within the programme, the scientists urged the Telecom Regulatory Authority of India to “completely reject” Facebook’s “free fundamentals” proposal. Such as providing a tiered system of broad band access.

It would make sense for the government to target free Internet services while it clamps down on physical gathering places.

Read the original here.

For more details visit https://cis-india.org/internet-governance/news/facebook2019s-free-basics-shuts-down-in-egypt-continuing-troubled-run

Foreign Media on Zuckerberg's India Backlash

praskrishna — 2016-01-03T09:20:41Z

When Facebook's co-founder proposed bringing free Web services to India, his stated aim was to help connect millions of impoverished people to unlimited opportunity. Instead, critics have accused him of making a poorly disguised land grab in India's burgeoning Internet sector. The growing backlash could threaten the very premise of Internet.org, his ambitious, two-year-old effort to connect the planet.

The blog post was published in NDTV on December 30, 2015. Pranesh Prakash was quoted.

Indian authorities are circumspect because the Facebook initiative provides access to only a limited set of websites -- undermining the equal-access precepts of net neutrality. The telecommunications regulator is calling for initial comments by Jan 7, extending the deadline from today, on whether wireless carriers can charge differently for data usage across websites, applications and platforms.

Losing this fight could imperil Facebook's Free Basics, which allows customers to access the social network and select services such as Messenger and Microsoft's Bing without a data plan.

"The India fight is helping shape debates elsewhere," said Pranesh Prakash, policy director at the Centre for Internet and Society, a Bangalore-based non-profit advocacy group. "Activists in other countries such as Brazil, Venezuela and Colombia are watching this debate and will seize the momentum created in India."

Zuckerberg's argument for free Web access is based in part on Deloitte research showing that for every 10 people who are connected to the Web, one is lifted out of poverty and one job is created.

Facebook argues that by giving people free access to a small slice of the Internet, they will quickly see the value in paying for the whole thing. Zuckerberg has said his biggest challenge in connecting people to the Web isn't access to cellular networks, but a social hurdle: he needs to prove to people who have never been online that the Internet is useful.

"Who could possibly be against this?" Zuckerberg wrote in an impassioned op-ed in the Times of India this week. "Surprisingly, over the last year there's been a big debate about this in India."

Zuckerberg's pleas underscore what's at stake. Facebook already attracts 1.55 billion people monthly, or about half of the Internet-connected global population. To keep growing, the world's largest social network needs to get more people online. Hence the billions of dollars Facebook is spending on projects to deliver the Web to under-served areas via drones, satellites and lasers. And Internet.org, which now spans 37 nations.

India, as the world's second most populous nation, is arguably the most important piece of Zuckerberg's Free Basics strategy. But the opposition is fierce. Critics note that the Facebook service doesn't offer Web favorites such as Google's search. Facebook has said it would be open to adding more features from competitors, but critics are skeptical of giving the social-networking giant such influence on the Internet.

Critics also say that by offering a limited swath of the Internet at comparatively slow speeds, the company is creating a diluted version of the Web. That could stifle innovation by causing disadvantages for Indian startups building rival apps, or allow Facebook and its telecommunications carrier-partners to act as Internet gatekeepers.

In a sign of the importance he attaches to the issue, Zuckerberg on Tuesday called one of India's most prominent entrepreneurs to make his case.

One97 Communications, the mobile payments startup backed by Alibaba Group Holding, is one of several tech companies that have come out against Facebook's plans.

"We are totally against telcos preferring one developer over another," One97 founder Vijay Shekhar Sharma said in a phone interview before that call. "We are asking for access neutrality. We are hoping that all startups will be treated equally."

Sonia Dhawan, a spokeswoman for One97's payment website Paytm, said the call took place but didn't describe the conversation further. Sharma wasn't available for further comment.

Facebook is now scrambling to drum up support. It's started a "Save Free Basics In India" campaign, asking Indian users to support "digital equality" by filling out a form that shoots an e-mail to regulators. That also has the effect of sending notifications to user's friends unless they opt out.
Facebook has also taken out full-page advertisements, including one featuring a smiling Indian farmer and his family who the ads say used new techniques to double his crop yield.

While countries such as the Philippines have embraced Free Basics, India has been "the outlier and more challenging," Chris Daniels, vice president of Internet.org, said in a Dec. 26 chat on Reddit.

For more details visit https://cis-india.org/internet-governance/news/ndtv-bhuma-shrivastava-december-30-2015-foreign-media-on-zukerberg-india-backlash

Consultation on "Understanding the Freedom of Expression Online and Offline"

praskrishna — 2016-01-03T10:27:08Z

The event organized by Digital Empowerment Foundation and Association for Progressive Communications was held at YMCA, New Delhi on December 10, 2015. Jyoti Panday attended the event as a speaker. She covered imposition of legitimate expression specifically in the context of intermediary liability practices in India.

The sessions were divided as under:

Welcome & Overview of the consultation by Digital Empowerment Foundation
Launch of the Country Research Report & Keynote Address
Introducing the Country Research Report titled “Limited Access and Restricting Expression by Osama Manzar, Founder and Director, Digital Empowerment Foundation
Working Session I: Understanding the “Freedom of Expression Online and Offline” in conversation with experts
Working Session II: “Unboxing the Freedom of Expression Online & Offline”
Sub-Group Presentations
Concluding Remarks

Download the Agenda here

For more details visit https://cis-india.org/internet-governance/news/consultation-on-understanding-the-freedom-of-expression-online-and-offline

Unbundling Issues of Privacy, Data Security, Identity Matrics, for Financial Inclusion

praskrishna — 2016-01-03T10:45:19Z

This event was organized by Indicus Foundation and MicroSave on December 10, 2015 at the Metropolitan Hotel and Spa, New Delhi. Sunil Abraham was a speaker.

While the initiative towards financial inclusion has gathered new impetus with the PMJDY and the accelerated roll out of benefits, there is also a parallel narrative of concerns over the legality and fundamental constitutionality of identity verification, which is a centre piece for delivery of financial benefits and services. These divergent narratives have now reached the Supreme Court.

At one end of the spectrum are the voices that avow the power of biometric technology to irrepudiately establish biological identity; at the other, the alarmism over targeting, concentration and misuse of personal information contained in the world’s biggest personal database. There is also a third extreme position of whether Indian citizens are entitled to the right to privacy constitutionally, and whether the right to privacy includes the right to refuse a national identity number or metric altogether. That India has yet to enact a Privacy Bill and the National Identity Authority Bill on which rests the statutory basis for UIDAI and Aadhaar only adds to the quagmire.

Several issues lie intertwined in this miasma: Privacy as an absolute right; Definition and Limits of Personal Information and Sensitive Personal Information; Consent protocols over use of personal information; Data Security; Appropriate and inclusive technology platforms; and Responsibilities and Liabilities governing the use of personal information for bonafide purposes. These straddle multiple domains: data accuracy and irrepudiability; storage, security and encryption; and sharing of information for transaction processing including across national boundaries. Unfortunately, all of these tend to get lumped together in the public debate.

The aim of this workshop is to unbundle the issues and understand each of them from the perspective of financial inclusion, to be able to answer these questions:

How essential and critical is a unified Identity metric for digital financial transactions? How essential is that such a metric be biometric?
To what extent does the centralised storage of biometric data represent risks of personal safety and national security, compared to the information on election voter lists, passport offices, census data, and bank accounts?
What are the possible sources of transactional risk and security breaches in data sharing, and what are the international best practices?
Is the present Aadhaar architecture robust enough to: address all the genuine and reasonable concerns over leakage and misuse of sensitive personal information; and to ensure that no genuine identity holder is turned away from a service, entitlement or benefit to which (s)he has a right or claim?

In this direction, we have the privilege to interact in this workshop with experts from The Centre for Internet and Society, and Data Security Council of India who have been at the forefront of the discussions on privacy and data security aspects of technology based innovations including for financial inclusion.

Download the Workshop Schedule here

For more details visit https://cis-india.org/internet-governance/news/unbundling-issues-of-privacy-data-security-identity-matrics-for-financial-inclusion