The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 31 to 40.
Mufti Aijaz Arshad Qasmi v. Facebook and Ors (Order dated December 20, 2011)
https://cis-india.org/internet-governance/resources/order-2011-12-20-mufti-aijaz-arshad-qasmi-v-facebook-and-ors
<b>This is the order passed on December 20, 2011 by Addl. Civil Judge Mukesh Kumar of the Rohini Courts, New Delhi. All errors of spelling, syntax, logic, and law are present in the original.</b>
<p>Suit No 505/11</p>
<p>Mufti Aijaz Arshad Qasmi<br />
vs.<br />
Facebook etc.</p>
<p>20.12.11</p>
<p>Fresh suit received by assignment. It be checked and registered.</p>
<p>Present: Plaintiff in person with Ld. Counsel.</p>
<p>Ld. Counsel for plaintiff prayed for ex-parte ad-interim injunction. He has filed the present suit for permanent and mandatory injunction against 22 defendants who are running their social networking websites under the name of Facebook, Google India (P) Ltd., Yahoo India (P) Ltd., Microsoft India (P) Ltd., Orkut, Youtube etc as shown in the memo of parties in the plaint. It is submitted that plaintiff is an active citizen of India and residing at the given address and he believes in Secular, Socialist and Democratic India professing Muslim religion. It is further submitted that the contents which are uploaded by some of the miscreants through these social networking websites mentioned above are highly objectionable and unacceptable by any set of the society as the contents being published through the aforesaid websites are derogatory, per-se inflammatory and defamatory which cannot be acceptable by any of the society professing any religion. Even if the same is allowed to be published through these social networking websites and if anybody will take out the print and circulated amongst any of the community whether it is Muslim or Hindu or Sikh, then definitely there would be rioting at mass level which may result into serious law and order problem in the country. Where the miscreants have not even spare any of the religion, even they have created defamatory articles and pictures against the Prophet Mohammad, the Hindu goddess Durga, Laxmi, Lord Ganesha and many other Hindu gods which are being worshiped by the people of Hindu community. It is prayed by the counsel for plaintiff that the defendants may be directed to remove these defamatory and derogatory articles and pictures from their social websites and they should be restrained from publishing the same anywhere through Internet or in any manner. It is further submitted that the social websites are being utilised by the every person of whatever age of he is whether he is 7 years old or 80 years old. These defamatory articles will certainly corrupt not only young minds below the 18 years of age but also corrupt the minds of all age group persons. It is further submitted that even the miscreants have not spared the leaders of any political party whether it is BJP, Congress, Shiv Sena or any other political party doing their political activities in India, which may further vitiate the minds of every individual and may result into political rivalry by raising allegations against each other.</p>
<p>I have gone through the record carefully wherein the plaintiff has also filed a CD containing all the defamatory articles and photographs, plaintiff also wants to file certain defamatory and obscene photographs of the Prophet Mohammad and Hindu Gods and Goddesses. Photographs are returned to the plaintiff, although, the defamatory written articles are taken on record. Same be kept in sealed cover.</p>
<p>In my considered opinion, the photographs shown by the plaintiff having content of defamation and derogation against the sentiments of every community. In such circumstances, I am of the view that the plaintiff has a prima facie case in his favour. Moreover, balance of convenience also lies against the defendants and in favour of the plaintiff. Moreover, if the defendants will not be directed to remove the defamatory articles and contents from their social networking websites, then not only the plaintiff but every individual who is having religious sentiments would suffer irreparable loss and injury which cannot be compensated in terms of money. Accordingly, in view of the above discussion, taking in consideration the facts and circumstances and nature of the suit filed by the plaintiff where every time these social networking websites are being used by the public at large and there is every apprehension of mischief in the public, the defendants are hereby restrained from publishing the defamatory articles shown by the plaintiff and contained in the CD filed by the plaintiff immediately on service of this order and notice. Defendants are further directed to remove the same from their social networking websites.</p>
<p>Application under Order 39 Rule 1 & 2 CPC stands allowed and disposed of accordingly.</p>
<p>Summons be issued to the defendants on filing of PF/RO/Speed Post. The defendants having their addresses in different places may be served as per the provisions of Order 5 CPC. Reader of this court is directed to keep the documents and CD in a sealed cover. Plaintiff is directed to get served the defendants along with all the documents. Plaintiff is further directed to ensure the compliance of the provisions under Order 39 Rule 3 CPC and file an affidavit in this regard. Copy of this order be given dasti.</p>
<p>Put up for further proceedings on 24.12.11.</p>
<p>Sd/-<br />
(Mukesh Kumar)<br />
ACJ-cum-ARC, N-W<br />
Rohini Courts, Delhi<br /></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/resources/order-2011-12-20-mufti-aijaz-arshad-qasmi-v-facebook-and-ors'>https://cis-india.org/internet-governance/resources/order-2011-12-20-mufti-aijaz-arshad-qasmi-v-facebook-and-ors</a>
</p>
No publisherpraneshIT ActGoogleCourt CaseObscenityFreedom of Speech and ExpressionFacebookCensorshipResources2012-02-20T18:02:44ZPageCambridge Analytica scandal: How India can save democracy from Facebook
https://cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook
<b>Hegemonic incumbents like Google and Facebook need to be tackled with regulation; govt should use procurement power to fund open source alternatives.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.business-standard.com/article/economy-policy/cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook-118032800146_1.html">Business Standard</a> on March 28, 2018</p>
<hr />
<p style="text-align: justify; "><strong><em>The Cambridge Analytica scandal came to light when <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=whistleblower" target="_blank">whistleblower </a>Wylie accused Cambridge Analytica of gathering details of 50 million Facebook users. Cambridge Analytica used this data to psychologically profile these users and manipulated their opinion in favour of Donald Trump. BJP and Congress have accused each other of using the services of Cambridge Analytica in India as well. How can India safeguard the democratic process against such intervention? The author tries to answer this question in this Business Standard Special.</em></strong></p>
<p style="text-align: justify; "><strong><em></em></strong>Those that celebrate the big data/artificial intelligence moment claim that traditional approaches to data protection are no longer relevant and therefore must be abandoned. The Cambridge Analytica episode, if anything, demonstrates how wrong they are. The principles of data protection need to be reinvented and weaponized, not discarded. In this article I shall discuss the reinvention of three such data protection principles. Apart from this I shall also briefly explore competition law solutions.</p>
<p style="text-align: justify; "><strong><em>Collect data only if mandated by regulation</em></strong></p>
<p style="text-align: justify; "><strong><em></em></strong>One, data minimization is the principle that requires the data controller to collect data only if mandated to do so by regulation or because it is a prerequisite for providing a functionality. For example, Facebook’s messenger app on Android harvests call records and meta-data, without any consumer facing feature on the app that justifies such collection. Therefore, this is a clear violation of the data minimization principle. One of the ways to reinvent this principle is by borrowing from the best practices around warnings and labels on packaging introduced by the global anti-tobacco campaign. A permanent bar could be required in all apps, stating ‘Facebook holds W number of records across X databases over the time period Y, which totals Z Gb’. Each of these alphabets could be a hyperlink, allowing the user to easily drill down to the individual data record.</p>
<p style="text-align: justify; "><em><strong>Consent must be explicit, informed and voluntary</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>Two, the principle of consent requires that the data controller secure explicit, informed and voluntary consent from the data subject unless there are exceptional circumstances. Unfortunately, consent has been reduced to a mockery today through obfuscation by lawyers in verbose “privacy notices” and “terms of services”. To reinvent consent we need to bring ‘Do Not Dial’ registries into the era of big data. A website maintained by the future Indian data protection regulator could allow individuals to check against their unique identifiers (email, phone number, Aadhaar). The website would provide a list of all data controllers that are holding personal information against a particular unique identifier. The data subject should then be able to revoke consent with one-click. Once consent is revoked, the data controller would have to delete all personal information that they hold, unless retention of such information is required under law (for example, in banking law). One-click revocation of consent will make data controllers like Facebook treat data subjects with greater respect.</p>
<p style="text-align: justify; "><em><strong>There must be a right to </strong></em><em><strong>explanation</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>Three, the right to explanation, most commonly associated with the General Data Protection Directive from the EU, is a principle that requires the data controller to make transparent the automated decision-making process when personal information is implicated. So far it has been seen as a reactive measure for user empowerment. In other words, the explanation is provided only when there is a demand for it.</p>
<p style="text-align: justify; ">The Facebook feeds that were used for manipulation through micro-targeting of content is an example of such automated decision making. Regulation in India should require a user empowerment panel accessible through a prominent icon that appears repeatedly in the feed. On clicking the icon the user will be able to modify the objectives that the algorithm is maximizing for. She can then choose to see content that targets a bisexual rather than a heterosexual, a Muslim rather than a Hindu, a conservative rather a liberal, etc. At the moment, Facebook only allows the user to stop being targeted for advertisements based on certain categories. However, to be less susceptible to psychological manipulation, the user should be allowed to define these categories, for both content and advertisements.</p>
<p style="text-align: justify; "><em><strong>How to fix the business model?</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>From a competition perspective, Google and Facebook have destroyed the business model for real news, and replaced it with a business model for fake news, by monopolizing digital advertising revenues. Their algorithms are designed to maximize the amount of time that users spend on their platforms, and therefore, don’t have any incentive to distinguish between truth and falsehood. This contemporary crisis requires three types of interventions: one, appropriate taxation and transparency to the public, so that the revenue streams for fake news factories can be ended; two, the construction of a common infrastructure that can be shared by all traditional and new media companies in order to recapture digital advertising revenues; and three, immediate action by the competition regulator to protect competition between advertising networks operating in India.</p>
<p style="text-align: justify; "><em><strong>The Google challenge</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>With Google, the situation is even worse, since Google has dominance in both the ad network market and in the operating system market. During the birth of competition law, policy-makers and decision-makers acted to protect competition per se. This is because they saw competition as an essential component of democracy, open society, innovation, and a functioning market. When the economists from the Chicago school began to influence competition policy in the USA, they advocated for a singular focus on the maximization of consumer interest. The adoption of this ideology has resulted in competition regulators standing powerlessly by while internet giants wreck our economy and polity. We need to return to the foundational principles of competition law, which might even mean breaking Google into two companies. The operating system should be divorced from other services and products to prevent them from taking advantage of vertical integration. We as a nation need to start discussing the possible end stages of such a breakup.</p>
<p style="text-align: justify; ">In conclusion, all the fixes that have been listed above require either the enactment of a data protection law, or the amendment of our existing competition law. This, as we all know, can take many years. However, there is an opportunity for the government to act immediately if it wishes to. By utilizing procurement power, the central and state governments of India could support free and open source software alternatives to Google’s products especially in the education sector. The government could also stop using Facebook, Google and Twitter for e-governance, and thereby stop providing free advertising for these companies for print and broadcast media. This will make it easier for emerging firms to dislodge hegemonic incumbents.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook'>https://cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook</a>
</p>
No publishersunilSocial MediaFacebookInternet GovernancePrivacy2018-03-28T15:44:00ZBlog EntryDigital Native: Delete Facebook?
https://cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook
<b>You can check out any time you like, but you can never leave.</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://indianexpress.com/article/technology/social/digital-native-delete-facebook-5127198/">published in Indian Express</a> on April 8, 2018.</p>
<hr />
<p style="text-align: justify; "><span>One fine day, we all woke up and were told that </span><a href="http://indianexpress.com/about/facebook/">Facebook</a><span> sold our data to Cambridge Analytica and then they made dastardly profiles of us to target us with advertisement and political propaganda, so, we made a beeline for #DeleteFacebook. The most surprising part about the expose is how much of a non-event it is. We have been warned, at least since the Edward Snowden revelations, if not earlier, that our data is the new oil, coal and gold. It is being used as a resource, it is being mined from our everyday digital transactions, and it is precious because it can result in a massive social engineering without our consent or knowledge. Ever since Facebook started expanding its domain from being a friends-poke-friends-with-livestock website, we have been warned that the ambition of Facebook was never to connect you with your friends but to be your friend.</span></p>
<p style="text-align: justify; "><span><span>Time and again, we have been told that the sapient Facebook algorithm remembers everything you say and do, anticipates all your future needs, and listens to the most banal litany of your life. More than your mom, your partner or your shrink, it’s the Facebook algorithm which is interested in all your quotidian uselessness. It is not the stranger who accesses your post that should worry you. The biggest perpetrator of privacy violations on Facebook is Facebook itself. There is good reason why a company that offers its prime products for free is valuated as one of the richest corporations in the world. The product of Facebook – it has always been known – is us.</span></span></p>
<p style="text-align: justify; "><span><span><span>Why, then, are we suddenly taken aback at the fact that Facebook sold us? And while we are sharing our thoughts (ironically on Facebook) about deleting our profiles, the question that remains is this: How much of your digital life are you willing to erase? Because, and I am sorry if this pricks your filter bubble, Facebook’s problem is not really a Facebook problem. It is almost the entire World Wide Web, where we lost the battle for data ownership and platform openness more than two decades ago. Name one privately owned free service that you use on the internet and I will show you the section in its “terms and services” where you have surrendered your data. In fact, you can’t even find government services, tied up with their private partners, where your data is safe and stored in privacy vaults where it won’t be abused.</span></span></span></p>
<p style="text-align: justify; "><span><span><span><span>It is time to realise that the popular ’90s meme “All your base are belong to us” is the lived reality of our digital lives. As we forego ownership for convenience, as our governments sold our sovereignty for profits, and as digital corporations became behemoths that now have the capacity to challenge and write our constitutional and fundamental rights, we are waking up to a battle that has already been fought and resolved. A large part of our physical hardware to access the internet is privately owned. This means that almost all our PCs, tablets, phones, servers are owned and open to exploitation by private companies. Every time your phone does an automatic update or your PC goes into house-cleaning mode, you have to realise that you are being stored, somewhere in the cloud in ways that you cannot imagine.</span></span></span></span></p>
<p style="text-align: justify; "><span><span><span><span><span>It is tiring to hear this alarm and panic around Facebook’s data trading. Not only is it legal, it is something that has been happening for a while, most of us have been aware of it, and we have resolutely ignored it because, you know, cute cats. If somebody tells you that they are against privately owned physical property and are going to start a revolution to take away all private property and make it equally shared with the public, you would laugh at them because they are arriving at the battle scene after the war is over. This digital wokeness trend to #DeleteFacebook is the digital equivalent of that moment. If you want to fight, fight the governments and nations who can still protect us. Participate in conversations around Internet governance. Take responsibility to educate yourself about the politics of how the digital world operates. But stop trying to feel virtuous because you pulled out of a social media network, pretending that that is the end of the problem.</span></span></span></span></span></p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook'>https://cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook</a>
</p>
No publishernishantSocial MediaPrivacyInternet GovernanceFacebookResearchers at Work2018-05-06T03:08:25ZBlog EntryIt Took Just 355 Indians to Mine the Data of 5.6 Lakh Facebook Users. Here's How
https://cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk
<b>Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. Often, it is seen that those who open an account are not aware of the privacy concerns.</b>
<p style="text-align: justify; ">The blog post by Subhajit Sengupta was published in <a class="external-link" href="https://www.news18.com/news/india/how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk-1710845.html">CNN-News 18</a> on April 7, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">Over 5.6 lakh Indian Facebook profiles have allegedly been compromised and their data leaked to the controversial data analytics firm Cambridge Analytica. As per the company, only 335 people in India installed the App yet they managed to penetrate over half a million profiles. <br /><br />So, how does this work?<br /><br />Once a user downloaded the quiz app called “thisisyourdigitallife”, Global Science Research Limited got access to the entire treasure trove of data. There are two mechanisms which are used for this.<br /><br />First, the Application Program Interface (API) of Facebook called ‘Social Graph’ allows any app to harvest the entire contact list and everything else that could be seen on a users’ friend’s profile. This would take place even for private profiles, says Sunil Abraham, Executive Director of Bangalore based research organization ‘Centre for Internet and Society’.<br /><br />The second way is when users have a public profile. The algorithm seeks out public profiles from the friend list and would go on multiplying from one public profile to another without any of the users even coming to know what is happening. This is like the ‘True Caller’ application, for it to get your number, you don’t need to download the software. If anyone has the app and your number, then it gets automatically logged there.<br /><br />Facebook says "Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr Aleksandr Kogan and his company Global Science Research Limited (GSR) happened without our authorisation and was an explicit violation of our Platform policies." <br /><br />GSR continued to access this data from all the Facebook profiles throughout the entire lifespan of the app on the Facebook platform, which was roughly two years between 2013 and 2015. This means, even if a user is careful enough to not download the application but his/her profile’s privacy settings are weak, the algorithm would infiltrate the data bank.<br /><br />Amit Dubey, a Cyber Security Expert goes into the details of what the app did, “The app called 'thisisyourdigitallife', which was created for research work by Aleksandr Kogan, was eventually used for psychometric profiling of users and then manipulating their political biases. The app was offered to users on the pretext to take a personality test and it agreed to have their data collected for academic use only. But the app has exploited a security vulnerability of Facebook application.”<br /><br />Facebook “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it from being sold or used for advertising. <br /><br />But this kind of data scrapping is not just limited to Cambridge Analytica. The Social Media Algorithm is often abused in the world of data scavenging and analytics. Even law enforcement agencies have often used similar means to locate possible miscreants. <br /><br />According to Shesh Sarangdhar, Chief Executive Officer in Seclabs & Systems Pvt Ltd, similar data scrapping helped them unearth the terror module behind one of the attacks at an airbase last year. Shesh said that through Social Media Algorithm they would often narrow down on unknown terror modules. What his team did was to connect to the profile the whereabouts of multiple known nods converging. That is how the mastermind was located.<br /><br />Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. <br /><br />Often, it is seen that those who open an account are not aware of the privacy concerns. But as Sunil Abraham puts it, Caveat emptor or ‘Let the Buyers Beware’ does not even apply here. It is not possible for anyone to go through the entire privacy policy. <br /><br />“So it is not even right to ask if the consumer can protect his/her own interest. Thus, the state should proactively regulate the industry,” said Abraham.<br /><br />Facebook has brought in a number of changes to its privacy settings. It now allows you to remove third-party apps in bulk. This welcome change has come after sustained pressure on the tech giant from users and a number of regulatory bodies across the world.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk'>https://cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk</a>
</p>
No publisherAdminFacebookInternet GovernancePrivacy2018-04-07T15:33:46ZNews ItemIs This The Beginning Of The End For Facebook?
https://cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook
<b>After two days of congressional hearings that collectively lasted over ten hours, there are many questions about Facebook, its policies and its future that experts are debating.</b>
<p style="text-align: justify; ">The article by Aayush Ailawadi was <a class="external-link" href="https://www.bloombergquint.com/technology/2018/04/15/is-this-the-beginning-of-the-end-for-facebook">published in Bloomberg Quint</a> on April 15, 2018. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Do Facebook’s privacy policies confuse more than they inform? Is the platform a near monopoly that may need to be broken? And how do you ensure that the vast wealth of data that Facebook has is not misused, particularly in elections?</p>
<p style="text-align: justify; ">BloombergQuint has collected views on some of these issues.</p>
<h3 style="text-align: justify; ">Privacy Policy Or Legalese?</h3>
<p style="text-align: justify; ">Since the Cambrdge Analytica <a href="https://www.bloombergquint.com/quicktakes/2018/03/21/understanding-the-facebook-cambridge-analytica-story-quicktake" target="_blank">scandal came to light</a>, Facebook has been receiving a lot of flak for its ambiguous and verbose privacy and data policy. Lawmakers quizzed founder Mark Zuckerberg about how an ordinary user was expected to decipher the terms of the user agreement, something even some of the lawmakers grilling him couldn’t comprehend.</p>
<p style="text-align: justify; ">Jitendra Waral of Bloomberg Intelligence says, “It’s so complicated that nobody reads it. Essentially the data sharing beyond the Facebook ecosystem came into question here. Is it just necessary to have data sharing for the service to work? Is it restricted to you sharing your content with your friends in your network or do the restrictions go beyond that? So basically they have a lot of work to do in terms of transparency, in terms how the data is used and shared.”</p>
<p style="text-align: justify; ">During the conversations, it also came to light that Facebook collects data even on those who don’t use the platform.</p>
<p style="text-align: justify; ">“In general we collect data on people who are not signed up for Facebook for security purposes," Zuckerberg said Wednesday <a href="https://www.bloomberg.com/news/articles/2018-04-11/zuckerberg-says-facebook-collects-internet-data-on-non-users" target="_blank">in a hearing about the social network’s privacy practices in Washington</a>before the House Energy and Commerce Committee.</p>
<p style="text-align: justify; ">While privacy experts and tech geeks have been crying foul for years about the data collection and storage practices adopted by tech behemoths like Facebook, this revelation by the Facebook founder was the first public acknowledgement of the fact.</p>
<h3 style="text-align: justify; ">Is Facebook A Monopoly?</h3>
<p style="text-align: justify; ">It’s not just data concerns that were brought up at the hearings.</p>
<p style="text-align: justify; ">Sen. Lindsey Graham asked Zuckerberg if Facebook enjoys a monopoly on the type of service it provides to its users. He asked, “If I buy a Ford and it doesn’t work well and I don’t like it, I can buy a Chevy, if I’m upset with Facebook, what’s the equivalent product that I can go sign up for?”</p>
<p style="text-align: justify; ">Zuckerberg responded to say that there are other tech companies which operate in the same sphere as Facebook does. He offered statistics of how many Americans use different social apps nowadays, in support of his argument that Facebook does not enjoy a monopoly in the tech world.</p>
<p style="text-align: justify; ">Jeff Hauser, executive director of the Revolving Door Project at the non-partisan Center for Economic and Policy Research says, “ Zuckerberg's answer to who his competitor was kind of comically unsatisfying because there is no competition for Facebook and they do have monopoly power in the United States and in many other countries across the world. ”</p>
<blockquote style="text-align: justify; ">So one idea is to take Facebook and break it into many other parts that it acquired through previous acquisitions. Instagram would be a powerful competitor to Facebook if it was independent of Facebook. WhatsApp would be a powerful competitor to Facebook if it was an independent competitor to Facebook.</blockquote>
<p style="text-align: justify; ">Jeff Hauser, Center for Economic and Policy Research</p>
<h3 style="text-align: justify; ">Time To Regulate The Internet?</h3>
<p style="text-align: justify; ">Another big moment during the testimony was when Zuckerberg conceded that it was only a matter of time before the internet would be regulated.</p>
<blockquote style="text-align: justify; ">He said, “The internet is growing in importance around the world in people’s lives and I think that it is inevitable that there will need to be some regulation.”</blockquote>
<p style="text-align: justify; ">Waral agrees that light touch regulation is the way to prevent a Cambridge Analytica like scandal from occurring again in the future. But, he believes that regulation will only raise costs for a company like Facebook. He explains, “What it does is raise compliance costs through out the ecosystem. So, the impact on Facebook from this is that the company is going to increase expenses due to compliance costs.”</p>
<h3 style="text-align: justify; ">The Big Election(s) Year</h3>
<p style="text-align: justify; ">During his testimony, Zuckerberg did acknowledge that a lot needs to be done to ensure data does not get misused, particularly in elections. Concerns about misuse of user data have emerged in countries like the U.S., but also in India.</p>
<p style="text-align: justify; ">Last month, the Union Minister for Law and Information Technology, Ravi Shankar Prasad warned Zuckerberg that if there was any data theft of Indian users due to Facebook’s data collection practices, he would stop at nothing short of summoning the Facebook founder to India.</p>
<p style="text-align: justify; ">While Pranesh Prakash, policy director at the Centre For Internet and Society, doesn’t believe the government would actually summon Zuckerberg to India, he says, “One new concern that's valid across the world, where there are limitations put on freedom of expression during times of campaigning and elections, how do they translate online? There is no typical answer to this.”</p>
<blockquote style="text-align: justify; ">Most of the speech regulations apply to candidates and apply to media platforms, which are largely mass media platforms. Now, social media platforms where individuals express themselves might not be regulated the same way or currently at least aren’t regulated the same way.</blockquote>
<p style="text-align: justify; ">Pranesh Prakash, Policy Director, Centre For Internet and Society</p>
<p style="text-align: justify; ">Pranesh thinks it is time to re-look at the existing election laws which might not prove to be as useful now as they were some time ago.</p>
<p style="text-align: justify; "><img src="https://cis-india.org/home-images/copy3_of_Facebook.png" alt="Facebook" class="image-inline" title="Facebook" /></p>
<p style="text-align: justify; ">Hauser thinks Facebook should help users discern between fakes news and a legitimate source of news.</p>
<blockquote style="text-align: justify; ">In the 2016 elections cycle, for fake news, a lot of bots and trolls liked them and they started appearing in the lot of users’ feeds. So the algorithm of Facebook encouraged manipulation. Facebook needs to address these concerns. I don’t think we can trust Facebook if it doesn’t make hard decisions about its algorithms. Right now, Facebook needs to say this is what the algorithm does.</blockquote>
<p style="text-align: justify; ">Jeff Hauser, Center for Economic and Policy Research</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook'>https://cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook</a>
</p>
No publisherAdminSocial MediaFacebookInternet Governance2018-04-17T14:44:23ZNews ItemDoes the Safe-Harbor Program Adequately Address Third Parties Online?
https://cis-india.org/internet-governance/blog/does-the-safe-harbor-program-adequately-address-third-parties-online
<b>While many citizens outside of the US and EU benefit from the data privacy provisions the Safe Harbor Program, it remains unclear how successfully the program can govern privacy practices when third-parties continue to gain more rights over personal data. Using Facebook as a site of analysis, I will attempt to shed light on the deficiencies of the framework for addressing the complexity of data flows in the online ecosystem. </b>
<p>To date, the EU-US Safe Harbor Program leads in governing
the complex and multi-directional flows of personal information online. As commerce began to thrive in the online
context, the European Union was faced with the challenge of ensuring that personal
information exchanged through online services were granted
levels of protect on par with provisions set out in EU privacy law. This was important, notably as the piecemeal
and sectoral approach to privacy legislation in the United states was deemed incompatible
with the EU approach. While the Safe
Harbor program did not aim to protect the privacy of citizens outside of the
European Union per say, the program has in practice set minimum standards for
online data privacy due to the international success of American online
services.</p>
<p>While many citizens outside of the US and EU benefit from
the Safe Harbor Program, it remains unclear how successful the program will be in an
online ecosystem where third-parties are being granted increasingly more rights
over the data they receive from first parties.
Using Facebook as a site of analysis, I will attempt to shed light on
the deficiencies of the framework for addressing the complexity of data flows
in the online ecosystem. First, I will argue
that the safe harbor program does not do enough to ensure that participants are
held reasonably responsible third party privacy practices. Second, I will argue that the information
asymmetries created between first party sites, citizens, and governance bodies
vis-à-vis third parties obscures the application of the Safe Harbor Model.</p>
<p><strong>The EU-US
Safe-Harbor Agreement</strong></p>
<p>In 1995, and based on earlier <a href="http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html">OECD
guidelines</a>, the EU Data Directive on the “protection of individuals with
regard to the processing of personal data and the free movement of such data”
was passed<a name="_ednref1" href="#_edn1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [1]. The original purpose of the EU Privacy
Directive was not only to increase privacy protection within the European
Union, but to also promote trade liberalization and a single integrated market
in the EU. After the Data Directive was
passed, each member state of the EU incorporated the principles of
the directive into national laws accordingly. </p>
<p>While the Directive was successful in harmonizing data
privacy in the European Union, it also embodied extraterritorial
provisions, giving in reach<a name="_ednref2" href="#_edn2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> beyond the EU. Article 25 of the Directive states that the
EU commission may ban data transfers to third countries that do not ensure “an
adequate level of protect’ of data privacy rights<a name="_ednref3" href="#_edn3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [2]. Also, Article 26 of the Directive, expanding
on Article 25, states that personal data cannot be <em>transferred </em>to a country that “does not ensure an adequate level of
protection” if the data controller does not enter into a contract that adduces
adequate privacy safeguards<a name="_ednref4" href="#_edn4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [3].
</p>
<p>In light of the increased occurrence of cross-border
information flows, the Data Directive itself was not effective enough to ensure that
privacy principles were enforced outside of the EU. Articles 25 and 26 of the Directive had essentially deemed all cross-border data-flows to the US in contravention of EU privacy law. Therefor, the EU-US Safe-Harbor was established by the
EU Council and the US Department of Commerce as a way of mending the variant
levels of privacy protection set out in these jurisdictions, while also promoting
online commerce. </p>
<p><strong>Social Networking
Sites and the Safe-Harbor Principles</strong></p>
<p>The case of social networking sites exemplifies the ease
with which data is transferred, processed, and stored between jurisdictionas. While many of the top social networking sites
are registered American entities, they continue to attract users not only from
the EU, but also internationally. In agreement
to the EU law, many social networking sites, including LinkedIn, Facebook,
Myspace, and Bebo, now adhere to the principles of the program. The enforcement of the Safe Harbor takes
place in the United States in accordance with U.S. law and relies, to a great
degree, on enforcement by the private sector.
TRUSTe, an independent certification program and dispute mechanism, has become the most popular governance mechanism for the safe harbor program
among social networking sites. </p>
<p>Drawing broadly on the principles embodied within the EU
Data Directive and the OECD Guidelines, the seven principles of the Safe-Harbor
were developed. These principles include
Notice, Choice, Onward Transfer, Access and Accuracy, Security, Data Integrity
and Enforcement. The principle of “Notice”
sets out that organizations must inform individuals about the purposes for
which it collects and uses information about them, how to contact the
organization with any inquiries or complaints, the types of third parties to
which it disclosures the information, and the choices and means the organization
offers individuals for limiting its use and disclosure. </p>
<p>“Choice” ensures that individuals have the opportunity to
choose to opt out whether their personal information is disclosed to a third
party, and to ensure that information is not used for purposes incompatible with the purposes for
which it was originally collected. The
“Onward Transfer” principle ensures that third parties receiving information
subscribes to the Safe Harbor principles, is subject to the Directive, or
enters into a written agreement which requires that the third party provide at
least the same level of privacy protection as is requires by the relevant
principles.</p>
<p>The principles of “Security” and “Data Integrity” seek to
ensure that reasonable precautions are taken to protect the loss or misuse of
data, and that information is not used in a manner which is incompatible with
the purposes for it is has been collected—minimizing the risk that personal
information would be misused or abused.
Individuals are also granted the right, through the access principle, to
view the personal information about them that an organization holds, and to
ensure that it is up-to-date and accurate.
The “Enforcement” principle works to ensure that an effective mechanism
for assuring compliance with the principles, and that there are consequences
for the organization when the principles are not followed.</p>
<p>The principles of the program are rather quite clear and
enforceable in the first party context, despite some prevailing ambiguities. The privacy policies of most social
networking services have become increasingly clear and straightforward since
their inception. Facebook, for example,
has revamped its <a href="http://www.facebook.com/privacy/explanation.php">privacy
regime</a> several times, and gives explicit notice to users how their
information is being used. The privacy
policy also explains the relationship between third parties and your personal information—including
how it may be used by advertisers, search engines, and fellow members. </p>
<p>With respect to third party advertisers, principles of
“choice” are clearly granted by most social networking services. For example, the <a href="http://www.networkadvertising.org/">Network Advertising Initiative</a>, a
self-regulatory initiative of the online advertising industry, clearly lists
its member websites and allows individuals to opt out of any targeted
advertising conducted by its members. In
Facebook’s description of “cookies” in their privacy policy, a direct link to NAI’s
opt out features is given, allowing individuals to make somewhat informed
choices about their participation in such programs. This point is, of course, in light of the
fact that most users do not read or understand the privacy policies provided by
social networking sites<a name="_ednref5" href="#_edn5"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [4].
It is also important to note that Google—a major player in the online
advertising business, does not grant users of Buzz and Orkut the same “opt-out”
options as sites such as Facebook and Bebo.</p>
<p>Under the auspices of the US Federal Trade Commission, the
Safe Harbor Program has also successfully investigated and settled several
privacy-related breaches which have taken place on social networking sites. Of the most famous cases is <a href="http://www.beaconclasssettlement.com/">Lane et al. v. Facebook et al.</a>,
which was a class action suit brought against Facebook’s Beacon Advertising
program. The US Federal Trade Commission
was quick to insight an investigation of the program after many privacy groups
and individuals became critical of its questionable advertising practices. The Beacon program was designed to allow
Facebook users to share information with their friends about actions taken on
affiliated, third party sites. This had included,
for example, the movie rentals a user had made through the Blockbuster website. </p>
<p>The Plaintiffs filed a suit, alleging that Facebook and its
affiliates did not give users adequate notice and choice about Beacon and the
collection and use of users’ personal information. The Beacon program was ultimately found to
be in breach of US law, including the <a href="http://epic.org/privacy/vppa/">Video
Privacy Protection Act</a>, which bans the disclosure of personally identifiable
rental information. Facebook has
announced the settlement of the lawsuit, not bringing individual settlements,
but a marked end to the program and the development of a 9.5 million dollar <a href="http://www.p2pnet.net/story/37119">Facebook Privacy Fund</a> dedicated to
privacy and data-related issues. Other privacy
related investigations of social networking sites launched by the FTC under the
Safe Harbor Program include Facebook’s <a href="http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly">privacy
changes</a> in late 2009, and the Google’s recently released <a href="http://www.networkworld.com/news/2010/032910-lawmakers-ask-for-ftc-investigation.html">Buzz
application</a>.</p>
<p>Despite the headway the Safe Harbor is making, many privacy
related questions remain ambiguous with respect to the responsibilities social networking
sites through the program. For example,
Bebo <a href="http://www.bebo.com/Privacy2.jsp">reserves the right</a> to
supplement a social profile with addition information collected from publicly
available information and information from other companies. Bebo’s does adhere to the “notice principle”—as
it makes know to users how their information will be used through their privacy
policy. However, it remains unclear if appropriate disclosures are given by Bebo
as required by Safe Harbor Framework, notably as the sources of “publicly
available information” as a concept remains broad and obscured in the privacy policy. It is also unclear whether or not Bebo users
are able to, under the “Choice” principle, refuse to having their profiles from
being supplemented by other information sources. Also, under the “access
principle”, do individuals have the right to review all information held about them as “Bebo
users”? The right to review information
held by a social networking site is an important one that should be upheld. This is most notable as supplementary information
from outside social networking services is employed to profile individual users in ways which may
work to categorize individuals in undesirable ways.</p>
<p><strong>The Third Party Problem</strong></p>
<p>Cooperation between social networking sites and the Safe
Harbor has improved, and most of these sites now have privacy policies which
explicitly address the principles of the Program. It should also be noted that public interest
groups, such as Epic, the Center for Digital Democracy, and The Electronic
Frontier Foundation, have played a key role in ensuring that data privacy
breaches are brought to the attention of the FTC under the program. While the program has somewhat adequately
addressed the privacy practices of first party participants, the number of
third parties on social networking sites calls into question the
comprehensiveness and effectiveness of the Safe Harbor program. Facebook itself as a first party site may adhere
to the Safe Harbor Program. However, its
growing number third party platform members may not always adhere to best practices
in the field, nor can Facebook or the Safe Harbor Program guarantee that they
do so.</p>
<p>The Safe Harbor Program does require that all participants
take certain security measures when transferring data to a third party. Third parties must either subscribe to the
safe harbor principles, or be subject to the EU Data Directive. Alternatively, an organization can may also
enter into a written agreement with a third party requiring that they provide
at least the same level of privacy protection as is required by program
principles. Therefore, third parties of
participating program sites are, de facto, bound by the safe harbor principles by
the way of entering into agreement with a first party participant of the
program. This is the approach taken by
most social networking sites and their third parties.</p>
<p>It is important to note, however, that third parties are not
governed directly by the regulatory bodies, such as the FTC. The safe harbor website also <a href="http://www.export.gov/safeharbor/eu/eg_main_018476.asp">explicitly notes</a>
that the program does not apply to third parties. Therefore, as per these provisions, Facebook must
adhere to the principles of the program, while its third party platform members
(such as social gaming companies), only must do so indirectly as per a separate
contract with Facebook. The
effectiveness of this indirect mode of governing of third party privacy
practices is questionable for numerous reasons.</p>
<p>Firstly, while Facebook does take steps to ensure that
third parties use information from Facebook in a manner which is consistent to
the safe harbor principles, the company explicitly <a href="http://www.facebook.com/policy.php">waives any guarantee</a> that third
parties will “follow their rules”. Prior to allowing third parties to access any
information about users, Facebook requires third parties to <a href="http://www.facebook.com/terms.php">agree to terms</a> that limit their
use of information, and also use technical measures to ensure that they only
obtain authorized information. Facebook
also warns users to “always review the policies of third party applications and
websites to make sure you are comfortable with the ways in which they use
information”. Not only are users
required to read the privacy policies of every third party application, but are
also expected to report applications which may be in violation of privacy
principles. In this sense, Facebook not
only waives responsibility for third party privacy breaches, but also places further
regulatory onus upon the user.</p>
<p>As the program guidelines express, the safe harbor relies to
a great degree on enforcement by the private sector. However, it is likely that a self-regulatory
framework may lead the industry into a state of regulatory malaise. Under the safe harbor program, Facebook must
ensure that the privacy practices of third parties are adequate. However, at the same time, the company may
simultaneously waiver their responsibility for third party compliance with safe
harbor principles. Therefore, it remains
questionable as to where responsibility for third parties exactly lies. When third parties are not directly
answerable to the governing bodies of safe harbor program, and when first parties
can to waive responsibility for their practices, from where does the incentive to
effectively regulate third parties to come from? </p>
<p>While Facbeook may in fact take reasonable legal and technical
measures to ensure third party compliance, the room for potential dissonance
between speech and deed is worrisome. Facebook is required to ensure that third
parties provide “<a href="http://www.export.gov/safeharbor/eu/eg_main_018476.asp">at least the same
level of privacy protection</a>” as they do.
However, in practice, this has yet to become the case. A quick survey of twelve of the most popular
Platform Applications in the gaming category showed<a name="_ednref6" href="#_edn6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a>
that third parties are not granting their users the “same level of privacy
protection”[5]. For example, section 9.2.3
of Facebooks “<a href="http://www.facebook.com/terms.php">Rights and
Responsibilities</a>” for Developers/Operators of applications/sites states
that they must “have a privacy policy or otherwise make it clear to users what
user data you are going to use and how you will use, display, or share that
data”. </p>
<p>However, out of the 12 gaming applications surveyed, four
companies failed to make privacy policies available to users <em>before</em> they granted the application
access to the personal information, including that of their friends<a name="_ednref7" href="#_edn7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [6]. After searching for the privacy policies on
the websites of each of the four social gaming companies, two completely failed
to post privacy policies on their central websites. This practice is in direct breach of the
contract made between these companies and Facebook, as mentioned above. In addition to many applications failing to clearly
post privacy policies, many of provisions set out in these policies were
questionable vis-à-vis safe harbor principles. </p>
<p>For example Zynga, makes of popular games Mafia Wars and
Farmville, reserve the right to “maintain copies of your content
indefinitely”. This practice remains contrary
to Safe Harbor principles which states that information should not be kept for
longer than required to run a service.
Electronic Arts also maintains similar provisions for data retention in
its privacy policy. Such practices are
rather worrisome also in light of the fact that both companies also reserve the
right to collect information on users from other sources to supplement profiles
held. This includes (but is not limited
to) newspapers and Internet sources such as blogs, instant messaging services, and
other games. It is also notable to
mention that only one of the twelve social gaming companies surveyed directly
participates in the safe harbor program. </p>
<p>In addition to the difficulties of ensuring that safe harbor
principles are adhered to by third parties, the information asymmetries which
exist between first party sites, citizens, and governance bodies vis-à-vis
third parties complicate this model. Foremost,
it is clear that Facebook, despite its resources, cannot keep tabs on the
practices of all of their applications.
This puts into question if industry self-regulation can really guarantee
that privacy is respected by third parties in this context. Furthermore, the lack of knowledge or
understanding held by citizens about how third parties user their information
is particularly problematic when a system relies so heavily on users to report
suspected privacy breaches. The same is
likely to be true for governments, too. As
one legal scholar, promoting a more laisse-fair approach to third party
regulation, notes—multiple and invisible third party relationships presents
challenges to traditional forms of legal regulation<a name="_ednref8" href="#_edn8"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a> [7]. </p>
<p>In an “open “social ecosystem, the sheer volume of data
flows between users of social networking sites and third party players appears
to have become increasingly difficult to effectively regulate. While the safe harbor program has been
successful in establishing best practices and minimum standards for data
privacy, it is also clear that governance bodies, and public interest groups,
have focused most attention on large industry players such as Facebook. This has left smaller third party players on
social networking sites in the shadows of any substantive regulatory concern. If
one this has become clear, it is the fact that governments may no longer be
able to effectively govern the flows of data in the burgeoning context of “open
data”. </p>
<p>As I have demonstrated, it remains questionable whether or
not Facebook can regulate third parties data collection practices
effectively. Imposing more stringent
responsibilities on safe harbor participants could be a positive step. It is reasonable to assume that it would be
undue to impose liability on social networking sites for the data breaches of
third parties. However, it is not
unreasonable to require sites like Facebook go beyond setting “minimum
standards” for data privacy, towards taking a more active enforcement, if even
through TRUSTe or another regulatory body.
If the safe harbor is to be effective, it cannot allow program participants
to simply wave the liability for third party privacy practices. The indemnity granted to third parties on social
networking sites may deem the safe harbor program more effective in sustaining
the non-liability of third parties, rather than protecting the data privacy of
citizens.</p>
<div></div>
<div>
<hr align="left" size="1" width="33%" />
</div>
<p class="discreet"><a name="_edn1" href="#_ednref1"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a>[1] Official Directive 95/46/EC</p>
<p class="discreet"><a name="_edn2" href="#_ednref2"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a></p>
<p class="discreet"><a name="_edn3" href="#_ednref3"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a>[2] 95/46/EC</p>
<p class="discreet">[3] Ibid</p>
<p class="discreet"><a name="_edn4" href="#_ednref4"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a><a name="_edn5" href="#_ednref5"><span class="MsoEndnoteReference"></span></a>[4] See Acquisit,
A. a. (n.d.). Imagined Communities: Awareness, Information Sharing, and Privacy
on Facebook. <em>PET 2006</em></p>
<p class="discreet"><a name="_edn6" href="#_ednref6"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a>[5] Of the Privacy Policy browsed include, Zynga, Rock
You!, Crowdstar, Mind Jolt, Electronic Arts, Pop Cap Games, Slash Key, Playdom,
Meteor Games, Broken Bulb Studios, Wooga, and American Global Network.</p>
<p class="discreet"><a name="_edn7" href="#_ednref7"><span class="MsoEndnoteReference"><span class="MsoEndnoteReference"></span></span></a>[6] By adding an application, users are also sharing with
third parties the information of their friends if they do not specifically opt out of this practice.</p>
<p class="discreet">[7]See<strong>
</strong> Milina, S. (2003).
Let the Market Do its Job: Advocating an Integrated Laissez-Faire Approach to
Online Profiling. <em>Cardozo Arts and Entertainment Law Journal</em> .</p>
<pre></pre>
<div>
<p> </p>
<p> </p>
</div>
<h2> </h2>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/does-the-safe-harbor-program-adequately-address-third-parties-online'>https://cis-india.org/internet-governance/blog/does-the-safe-harbor-program-adequately-address-third-parties-online</a>
</p>
No publisherrebeccaPrivacyInternet GovernanceFacebookData ProtectionSocial Networking2011-08-02T07:19:34ZBlog EntryChange has come to all of us
https://cis-india.org/digital-natives/blog/change-has-come
<b>The general focus on a digital generational divide makes us believe that generations are separated by the digital axis, and that the gap is widening. There is a growing anxiety voiced by an older generation that the digital natives they encounter — in their homes, schools and universities and at workplaces — are a new breed with an entirely different set of vocabularies and lifestyles which are unintelligible and inaccessible. It is time we started pushing the boundaries of what it means to be a digital native. </b>
<p><strong>In this connected world, the geek is everyone — from a grandma on Skype to a teen on Second Life.</strong></p>
<p>Two self-proclaimed digital natives,
on a cold autumn morning in Amsterdam, decided to leave the comforts of
their familiar virtual worlds and venture into the brave new territories
of real-life shopping. Though slightly confused by the lack of
click-and-try options and perplexed by the limitations of the physical
spaces of shopping, we plodded along, shop after shop, thinking how much
easier it is to chat on IM while flying through Second Life as opposed
to face-to-face interactions while walking on crowded streets. After we
had run out of shops (and patience), we decided that it was time to rely
on better resources than our own wits. The Dutch girl fished out her
Android smartphone and with the single press of a button, opened up
channels of information. She called her mother. She asked for the
location of the store that was eluding us. And then she looked at me in
silence before bursting into laughter. Her 64-year-old mother, in
response to our question, had said, “Why don’t you just Google it?” <br /></p>
<p>We spent five minutes in stunned
laughter when we realised that we should have instinctively done that
and that we were being asked by somebody from Generation U to “get with
it”. Funny (and slightly embarrassing) as it is, it brings into focus,
the question, “Who is a digital native?” For those of you who have been
reading this column, it has been defined in terms of age and usage. A
digital native is generally somebody young, somebody who is tech-savvy,
somebody who can perform complicated calisthenics with digital
technologies — throwing virtual sheep, having instant relationships,
writing complex stories and pirating their favourite movies — in one
nonchalant click of the mouse. However, these kinds of digital natives
are only stereotypes.
</p>
<p>If we move away from
these descriptions of novelty, of excitement and of youth, a different
kind of digital native emerges for us. A digital native is somebody
whose way of thinking (about himself and the world around) is
significantly informed because of the presence of and familiarity with
the internet and digital technologies. In other words, a digital native
is a person who has experienced (and is often led to) change because of
their interactions with new technologies.
</p>
<p>It can be a
middle-aged man whose business changed when he started tracking his
supplies using complex and sophisticated databases. It can be a mother
of two, finding support and help raising her children on online
communities like Bing. It can be a senior teacher re-discovering
pedagogy through distributed knowledge systems on Wikipedia. It can be
grandparents who interact with their grandchildren over Skype and text
messaging, across international borders and lifestyles. It can be a
mother telling her digital native daughter to “just Google it!” over the
cellphone.
</p>
<p>And as things might
be, Shamini, my 15-year-old bonafide digital native correspondent from
Ahmedabad, recently wrote that she got off Facebook and deleted her
account. “It felt like I had retired from a job,” she said. But she was
away from Facebook only for four months, dissociated from all the “time,
energy and drama that it caused” and was quite enjoying it. After four
months of self-imposed exile, she, however, resurfaced on Facebook. And
it was to stay in touch with her aunt and uncle, who live in faraway
lands, and cannot keep in touch with her unless she is on Facebook.
Shamini was surprised at this. After spending much time convincing them
about trying to use email and phones to keep connected, she finally gave
in and started a new account that nobody knows of. And she asked me the
important question: Who is the digital native now?
</p>
<p>The general focus on
a digital generational divide makes us believe that generations are
separated by the digital axis, and that the gap is widening. There is a
growing anxiety voiced by an older generation that the digital natives
they encounter — in their homes, schools and universities and at
workplaces — are a new breed with an entirely different set of
vocabularies and lifestyles which are unintelligible and inaccessible.
It is time we started pushing the boundaries of what it means to be a
digital native.
</p>
<p>My grandmother used
to tell us, “Nobody is born knowing a language.” I think it is time to
start applying the same logic here. Nobody is born with technologies.
But there are people — perhaps not yet a generation, but still a
population — who are changing their lives and significantly transforming
the world by turning Google and Facebook and Twitter into verbs and a
way of doing things. So the next time, somebody asks you if you know a
digital native, don’t look for somebody out there — it might just be
you! <br /></p>
<p>The original column can be read in <a class="external-link" href="http://http://www.indianexpress.com/news/change-has-come-to-all-of-us/701505/0">The Indian Express</a><br /></p>
<p> </p>
<strong></strong>
<p>
For more details visit <a href='https://cis-india.org/digital-natives/blog/change-has-come'>https://cis-india.org/digital-natives/blog/change-has-come</a>
</p>
No publishernishantGoogleDigital NativesCyberculturesFacebookDigital subjectivities2012-03-13T10:43:38ZBlog EntryFacebook: A Platform with Little Less Sharing of Personal Information
https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-may-8-2016-facebook-a-platform-with-little-less-sharing-of-personal-information
<b>As Facebook becomes less personal, what happens to digital friendship?</b>
<p>The article was <a class="external-link" href="http://indianexpress.com/article/technology/social/eye-2016-facebook-social-personal-information-digital-friendship-2789325/">published in the Indian Express</a> on May 8, 2016.</p>
<hr />
<p style="text-align: justify; "><a href="http://indianexpress.com/tag/facebook/">Facebook</a> is worried. Even though usage is growing, something strange is happening on the social network. For the first time since it started its journey as a website to rate datable people on college campuses, to becoming the global reference point that defined friendship in the connected age, people are sharing less personal information on Facebook. For a social media network that positions itself largely as a space where our everyday, banal doings become newsworthy articulations, this is surprising news. But it is true. On Facebook, the traffic is high, but most of it is now sharing of external information. People are sharing links to news, to listicles, to videos, to blogs entries, to pictures and to information that they find interesting, but they are writing less and less about what it is that they are doing and feeling.</p>
<p style="text-align: justify; ">Ironically, this coincides with the latest change in Facebook’s “response” options, where the ubiquitous “Like” button can now expand to other emojis where you can also be appropriately angry, sad, surprised, or happy about the shared content. Even as Facebook is trying to get its users to qualify how they feel and give emotional value to their likes, people seem to be sharing even less of their private lives on Facebook.</p>
<p style="text-align: justify; ">One of the key ways of understanding this drop in people sharing their personal information is through the concept of “context collapse”. It has been a concern since the first instances of disembodied digital communication. In our everyday life, we make sense of information based on the different contexts that surround us. The person who authors the information, the setting within which that information reaches us, the emotional state that we are in when encountering the information, our sense of where we are when processing it, and the preparedness we have for receiving this information are all crucial parameters by which we make sense of the meaning of the information and also our response to it.</p>
<p style="text-align: justify; ">In the case of Facebook, the context within which information and transactions have made sense is “friendship”. The site’s USP was that you could bring in a variety of information, but you were always sharing it with friends. You could have a large audience, but this audience is formed of people you know, people you trust, people you add to your friend groups — there is a sense of intimacy, privacy, and casualness that marks the flow of information. You are able to talk, in an equal breath, about what you had for breakfast, your crush on a celebrity, your random acts of charity, and your strong political rant, one after the other, without requiring to think about what you are posting and how others will receive it.</p>
<p style="text-align: justify; ">However, Facebook is not really a friendship platform. It is a company interested in selling our interactions and data to advertisers who can target us with content and information based on the patterns of our behaviour. To serve its advertisers better, Facebook started privileging “verified” information trying to ensure news and content producers higher attention and more eyeballs. This was further strengthened by their continued integration with third party vendors, who could push and pull information into the social world of Facebook, and is seen as one of the biggest reasons for this drop. Any newsfeed in the last few months has had equal amounts of professional and amateur content, leading to a context collapse, where you no longer feel like your Facebook feed is a private and intimate conversation with friends.</p>
<p style="text-align: justify; ">Similarly, Facebook’s expansive integration of its products —WhatsApp chats, Instagram updates, and Tumblr posts all can collapse into one — produced a confusing space where the personal information that you were once happy to share with your friends, is suddenly being shared along with news and information. Also, digital behaviour works on mirroring, and we often shape our updates to match what we see on our timelines. If we more and more see external content rather than personal statuses, we also start sharing more third party news and links, thus producing a domino effect of everybody shying away from extremely personal or intimate moments.</p>
<p style="text-align: justify; ">Facebook, for the millennials, has been the context within which friendship got structured. Its own transitions have now collapsed that context, leading people to think of it as a content aggregator. It is going to be interesting to see what happens to our digital friendships and networks if Facebook is no longer the space where they are housed.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-may-8-2016-facebook-a-platform-with-little-less-sharing-of-personal-information'>https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-may-8-2016-facebook-a-platform-with-little-less-sharing-of-personal-information</a>
</p>
No publishernishantFacebookInternet Governance2016-06-05T02:38:22ZBlog EntryFB & Google have already monopolised Indian cyberspace
https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace
<b>In an interview with Catch, Sunil Abraham, executive director of Center for Internet & Society, puts the recent US-India cyber relationship framework into perspective. Abraham also talks about how Indian surveillance policies are outdated and why the country has failed to check the hegemonic tendencies of companies like Facebook and Google.</b>
<p>The <a class="external-link" href="http://www.catchnews.com/science-technology/fb-google-have-already-monopolised-indian-cyberspace-1467505123.html/fullview">interview was published by Catch News</a> on July 3, 2016.</p>
<hr />
<h3 style="text-align: center; "><img src="https://cis-india.org/home-images/copy6_of_Sunil.png/@@images/d7f757de-b4fc-46a2-a9b3-cca0e46e32e7.png" alt="Sunil Abraham" class="image-inline" title="Sunil Abraham" /></h3>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?</span></h3>
<p style="text-align: justify; ">In the framework, both sides have made a "commitment to the multi-stakeholder model of Internet governance" - in immediate practical terms that means India will accept the Internet Assigned Numbers Authority (IANA) transition proposed for the Internet Corporation for Assigned Names and Numbers (ICANN). Unfortunately, as my colleague Pranesh Prakash points out "U.S. state control over the core of the internet's domain name system is not being removed by the transition that is currently underway."</p>
<p style="text-align: justify; ">India along with Brazil and other emerging powers should have insisted that the question of jurisdiction be addressed before the transition. We must remember, that the multi-stakeholder model is just a fancy name for open and participatory self-regulation by the private sector. While the multi-stakeholder model is useful as a complement to traditional state-led regulation, it cannot be used to protect human rights or ensure the security of a nation state.</p>
<p style="text-align: justify; ">[That is precisely why - the very next sentence in the announcement for the the framework for the US-India Cyber Relationship says "a recognition of the leading role for governments in cyber security matters relating to national security". This is because ICANN-style multistakeholderism requires all stakeholders to be on "equal footing" without "distinct roles and responsibilities". In other words, the governments are saying that the multistakeholder model is fine for all Internet Governance areas with the exception of Cyber Security. Given the limits of the multistakeholder model this is indeed the wise thing to do. Since American corporations dominate the Internet, US foreign policy has historically pushed for the multistakeholder model as fig leaf for forbearance and reduced foreign regulatory burden American corporations operating in other jurisdictions. Therefore India must not drink the multistakeholder cool-aid whole sale. It cannot afford a laissez-faire approach where it waits for corporations to self-regulate - it must regulate whenever public interest or human rights are harmed. In other words, it must go beyond the multistakeholder model and produce appropriate regulation where necessary. Needless to add - it must also deregulate in areas where harms don't exist. Apart from this many of the details of the announcement are positive steps that will increase security in India and the USA, and indeed the also across the world.]</p>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?</span></h3>
<p style="text-align: justify; ">There is some language around Intellectual Property Rights (IPR) that should be examined carefully too. The US corporations benefit from a maximalist IP regime. But Make in India, Digital India and Startup India all depend on flexibilities to the IP regime and therefore India should refuse signing. Trans-Pacific Partnership (TPP) obligations like the "Digital 2 Dozen" which the US is actively proselytizing across the Pacific. If we make that mistake, we will make zero progress in indigenous security research and product development and also many other areas of our economy, health sector and education sector will be severely compromised. Therefore it would be best to keep IP rights expansion and enforcement out of the framework for the US-India Cyber Relationship.</p>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?</span></h3>
<p style="text-align: justify; ">Privacy and security are two sides of the same coin. You cannot have one without the other. End-to-end encryption is the basis for online privacy. End-to-end encryption is a pre-requisite for many legitimate actions of law abiding citizens online such as commerce, banking, tele-medicine, protection of intellectual property, witness/source protection, client confidentiality etc. Therefore, banning end-to-end encryption would mean the death of individual privacy and national security.</p>
<p style="text-align: justify; ">If the government wants to promote cyber security it should promote the use of end-to-end encryption amongst law abiding citizens.<br /><br />Terrorist have to be stopped through targeted profiling, surveillance and interception. Big data analytics may be useful to watch for patterns in the meta data but there is no replacement for good old fashioned police work.<br /><br />Once suspects have been identified the encrypted channels can be compromised by:</p>
<ol>
<li>Placing trojans on the end-user devices</li>
<li>Performing man-in-the-middle attacks and</li>
<li>Using brute force attacks with super computers.</li>
</ol>
<p style="text-align: justify; "><br />Snowden's revelations have made it very clear that blanket and mass surveillance does not help foil terror attacks or stop organised crime. So far, research and government reports from across the world indicate that only a minority of terrorists use encryption. However, this situation may change.</p>
<h3 style="text-align: justify; ">We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?</h3>
<p style="text-align: justify; ">We need many different types of encryption policies. We need a policy that mandates encryption and digital signature for all government personnel and also for all government transactions. We need policies that promote research and development in cryptography and mathematics. We need to update our criminal procedure code so that encrypted communications and data can be targeted by law enforcement and used effectively in the criminal justice process.</p>
<p>However, we should not have any broad encryption policy that tries to regulate encryption as a technology. That would be a highly regressive move and will be impossible to enforce. That would breed contempt for rule of law.</p>
<h3>Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?</h3>
<p style="text-align: justify; ">Our surveillance and interception laws are outdated. They need to be modernized to deal with advancements in technology and also global developments when it comes to data protection and privacy law.</p>
<p style="text-align: justify; ">In fact, our organisation was part of a global effort called Necessary and Proportionate which identified 13 principles to modernise surveillance which are connected to various aspects such as Legality, Legitimate aim, Competent judicial authority, Integrity of communications and systems and more. Some of these principles may have to be customised for the Indian context. [For example, given the load on courts perhaps India should stay with executive authorization of interceptions and data access requests. However, getting the law correct is only half the job. For the law cannot fix what the technology has broken. Some surveillance projects are well designed. For ex. the NATGRID - from what I understand it is a standard and platform that which will allow 12 security, intelligence and law enforcement agencies to temporarily make unions of sub-sets of 21 data sources. These automated temporary databases will be created under existing data access provisions of the law. I also hope the NATGRID is also using cryptography to ensure the maintenance of a non-repudiable log that will identify all officers involved in authorizing the each request and accessing the resultant data. Unfortunately, other surveillance projects are unmitigated disasters. For example, UID or Aadhaar. Many Indians don't realize that Aadhaar is a surveillance project. Biometrics is just a fancy name for remote, covert and non-consensual identification technology. Using the UID database the government can identify every single Indian without their consent. The so called "consent layer" in the India Stack is being developed by volunteers outside the UIDAI to avoid transparency under the Right to Information Act. Nothing in the current layer of the "consent layer" allows citizens to revoke consent. There is no facility in the UID Act to delete yourself from the database. Identity information aka the UID number and authentication information aka your biometrics for about a billion Indians have been collected and stored in a centralized location. It is as if our parliamentarians have written an open letter to criminals and foreign governments says "here is the information you need to wreck whole sale damage - come and get it". Hopefully the Supreme Court will save us from this impending disaster.]</p>
<h3>With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?</h3>
<p>I have news for you - they have already monopolised Indian cyberspace. They have completely wiped out competition in certain domains.</p>
<p style="text-align: justify; ">One of the many reasons they have done this is because we don't have laws and regulations to temper their hegemonic tendencies. For example, we could use data portability and interoperability mandates for social media to spark competition in markets where there are entrenched monopolies.</p>
<p style="text-align: justify; ">Competition law can be used to protect other firms from abuse of market power. Consumer protection law and privacy law could be used to ensure that user's rights are not compromised in the race for market share. In addition, a modern privacy law compliant with the best practices in the European Data Protection Regulation 2016, would allow emerging Indian companies to compete with giants like Facebook and Google on a level playing field. [Speaking of level playing field - only recently has the government introduced the "equalization levy". This was long overdue. Imagine the amount of tax that could have been collected so far and damage that has been done to competition. Regardless the current NDA government deserves our kudos for ensuring that Facebook and Google contribute their fair share of taxes. The new IPR Policy was also an opportunity to address the monopoly of Google and Facebook. There should have been a concerted attempt to use free/open source software, open standard and open content to bolster Indic language technologies. A billion dollars from every spectrum auction should be used to create incentives for Indian private sector, research and academic organisation who can contribute openly to the Indic cyberspace. This is the market where we can still build a highly competitive market. Today, given government inaction - millions of Indians are training Google's language platforms every time they use machine translation or speech to text technologies. This corpus of information will not be available for public interest research. Ideally we should also have Indians contributing to commons-based peer production projects like Wikipedia for their Indic language needs. Unfortunately the government totally missed this opportunity.]</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace'>https://cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace</a>
</p>
No publisherpraskrishnaSocial MediaGoogleFacebookInternet Governance2016-07-08T15:59:46ZNews ItemTamil Nadu likely to hold Facebook accountable for suicide case
https://cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case
<b>The recent suicide of a 21-year-old woman from Salem district in Tamil Nadu over her morphed pictures being uploaded on Facebook could turn into a flash-point between the state police and the world's most-popular social networking site.</b>
<p style="text-align: justify; ">The article by V. Prem Shanker was <a class="external-link" href="http://economictimes.indiatimes.com/news/politics-and-nation/tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case/articleshow/53182832.cms">published in the Economic Times</a> on July 13, 2016.</p>
<hr />
<p style="text-align: justify; ">"We are exploring the possibility of holding Facebook accountable for the delay in responding to our requests since that was one of the factors which led to the young lady committing suicide," Salem superintendent of police Amit Kumar Singh told ET in an exclusive interaction. On June 23, the Salem police had received a complaint from the father of the 21-year-old stating that someone had uploaded her morphed nude pictures on Facebook. The father had requested the police to get the photographs removed from the site and also find and warn the perpetrator.</p>
<p style="text-align: justify; ">The police recorded the complaint the same evening and later sent what is called a 'Law Enforcement Online Request' to Facebook asking for details of the IP address from which the morphed photographs were uploaded on the website. Officials also requested Facebook to take down the objectionable photographs of the young woman.</p>
<p style="text-align: justify; ">Five days after the request was sent, Facebook responded with the IP address on June 28 and within 12 hours after that the police cracked the case and nabbed the suspect.</p>
<p style="text-align: justify; ">However, all this was a bit too late because the previous day, on June 27, the young woman had ended her life. Her morphed nude photographs were taken down only on the day of her death, according to the police.</p>
<p style="text-align: justify; ">"Apart from addressing Facebook, we also investigated the case from other angles but couldn't make headway. Thus, there was nothing we could do about the pictures still being online apart from waiting for Facebook to act," Singh said, adding "enforcement of compliance is a matter of grave concern."</p>
<p style="text-align: justify; ">Officials are considering charging Facebook with abetment to suicide and including Facebook in the chargesheet if the site is found culpable after investigations. However, the state police is said to be discussing with legal experts on how this can be done as there is no precedent for a website having been charged in a crime.</p>
<p style="text-align: justify; ">Facebook did not reply to an email seeking comment. Earlier in a communique, responding to criticisms of police inaction in this case, Singh had pointed out that "Only Facebook can block a page and it exercises this discretion as per its Facebook Community Standards and not the law of the land it is being viewed in. Facebook does not provide the police with any special powers to take down a page even if the police receive a cognizable complaint of identity theft and uploading of obscene content. There is no tool available, at least as of now, with the police to coerce or goad Facebook to act expeditiously even if the matter is very urgent and there is a flagrant violation of Indian law."</p>
<p style="text-align: justify; ">Experts point out that the disparity with which Facebook treats child abuse laws and copyright infringements as opposed to violation of women's rights is stark.</p>
<p style="text-align: justify; ">"Look at the war against child pornography. In the United Kingdom there is an independent foundation that has immunity under UK child pornography law. They generate a database and circulate it across all platforms and ensure that it is kept absolutely squeaky clean," points out Sunil Abraham, executive director of Bengaluru based research organisation, Centre for Internet and Society.</p>
<p style="text-align: justify; ">"There definitely needs to be a law to ensure that such platforms do not violate the law of the land, especially when it comes to women's rights. But in interim, the government can create an information escrow or a platform where the victims can place on record their problems and it is there for these sites to see and take action," Abraham added.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case'>https://cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case</a>
</p>
No publisherpraskrishnaSocial MediaFacebookInternet Governance2016-07-13T13:44:58ZNews Item