The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 11 to 25.
Digital native: Free speech? You must be joking!
https://cis-india.org/raw/indian-express-nishant-shah-may-14-2017-digital-native-free-speech-you-must-be-joking
<b>India’s digital landscape is dotted with vigilante voices that drown out people’s right to free speech.</b>
<p>The article was published in the <b><a class="external-link" href="http://indianexpress.com/article/technology/tech-news-technology/digital-native-free-speech-you-must-be-joking-4655464/">Indian Express</a></b> on May 14, 2017.</p>
<hr />
<p style="text-align: justify; ">Freedom of speech and expression has always been a tricky issue. While all of us are generally in favour of defending our rights to speak what is in our hearts, we are not equally thrilled about the speech of others that we might not enjoy. While we know that free speech and expression are not absolute — there are blurred lines of things that are offensive, might cause harm, and are directed with malice at different individuals or collectives — we also generally accept that this is a freedom that marks the maturity and sustainability of a stable democratic system.</p>
<p style="text-align: justify; ">Thus, even when confronted with speech and expression that might be undesirable: a political view that contradicts ours, an expression of blasphemy or profanity, a voice of dissent that questions the status quo, or an unsavoury information tidbit that mocks at somebody we admire, we generally take it in good stride, and learn to deal and engage with these actions. We do this, because we know that trying to curtail somebody else’s rights to free speech, would eventually restrict our own capacity for it, thus reducing the scope of an engaged and critical society. Especially in countries like India, where everybody has an opinion, where people offer critiques over chai and join heated debates over paan, there’s no denying that we are fond of our rights and capacity to speak<br /> our minds.</p>
<p style="text-align: justify; ">However, within Digital India, these things seem to be changing fast. Every day we wake up to the cacophonous clamour of social media to realise that increasingly we are becoming an intolerant society filled with vigilantes bent on stopping people from saying things that we might just not like. In the ongoing saga of shrinking spaces of free speech, we now add the shameful incident at the Embassy of Sweden in India. On May 8, following mass populist trolling and complaints from the Twitteratti, the Embassy disinvited two women print and TV journalists — Swati Chaturvedi and Barkha Dutt — and cancelled their event, ironically, in the honour of World Press Freedom, on the topic of women’s participation in the online public space, to talk about trolls.</p>
<p style="text-align: justify; ">I shall wait here for the bitter irony to sink in: two of the strongest women voices in Indian public media, were disinvited to speak from an event where they were to talk about their experience of being trolled, harassed, bullied and intimidated in the newly emerging digital media landscape. Instead of giving them a voice, sharing their experiences, and engaging with their stories, the hypermasculine army of right wing vigilantes who object to these women’s history of critique of the current government and its leaders, decided to show their Twitter might, and celebrated as they succeeded in putting one more nail in the coffin of free and fearless speech in the country.</p>
<p style="text-align: justify; ">Some Twitter users went ahead and tagged their favourite leaders — @Narendramodi and @manekagandhibjp. They demanded, using their freedom of voice, to stop others from speaking. Social media networks have often been celebrated as alternative spaces where new, and unexpected voices can express their opinions without the fear of physical retribution or penalisation. While this has been consistently proven wrong by government authorities who have regularly policed, penalised and punished voices of dissent or disfavour, that at least is something we can notice, challenge and contest through legal redressal. However, with this new mob justice where the volume of voices engineered to amplify their disapproval, coupled with threats of violence and economic downfall (the users this time threatened to make a list of Swedish products and boycott them) is a recurring and disturbingly new phenomenon.</p>
<p style="text-align: justify; ">Crowds have always had the power to demand and leverage change of their liking. However, on social media, this can take up more sinister forms, because a handful of people through Twitter bots and chat scripts can create the illusion of a hugely amplified voice that can then be used to threaten and restrict the scope of free speech. The mass bullying effect needs a strong counterpoint in the form of better internet governance policies and regulations that nurture safe spaces for the tinier voices to be heard.</p>
<p style="text-align: justify; ">At the same time, however, the stifling attempts require another strategy — the need to speak up against such acts of intimidation and silencing, not only from the regular people on the web, but from the officials and leaders who have sworn to protect our constitutional rights. And this is, perhaps, where our leaders are failing us. Because, in an age of hypervisibility, where every step they take is a selfie moment, where every move they make makes it to the headlines, and they take pride in documenting their life in exceedingly boring detail, it creates a deafening silence when the leaders remain mute to the slow dissipation of the rights to free speech and expression by the angry mobs of networked digitality.</p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-express-nishant-shah-may-14-2017-digital-native-free-speech-you-must-be-joking'>https://cis-india.org/raw/indian-express-nishant-shah-may-14-2017-digital-native-free-speech-you-must-be-joking</a>
</p>
No publishernishantFreedom of Speech and ExpressionResearchers at WorkDigital India2017-06-08T01:16:01ZBlog EntryAn Urgent Need for the Right to Privacy
https://cis-india.org/internet-governance/blog/an-urgent-need-for-the-right-to-privacy
<b>Along with a group of individuals and organisations from academia and civil society, we have drafted and are signatories to an open letter addressed to the Union government and urging the same to "urgently take steps to uphold the constitutional basis to the right to privacy and fulfil it’s constitutional and international obligations." Here we publish the text of the open letter. Please follow the link below to support it by joining the signatories.</b>
<p> </p>
<h4><a href="http://goo.gl/forms/hw4huFcc4b" target="_blank">Read and sign the open letter.</a></h4>
<p> </p>
<h2>Text of the Open Letter</h2>
<p>As our everyday lives are conducted increasingly through electronic communications the necessity for privacy protections has also increased. While several countries across the globe have recognised this by furthering the right to privacy of their citizens the Union Government has adopted a regressive attitude towards this core civil liberty. We urge the Union Government to take urgent measures to safeguard the right to privacy in India.</p>
<p>Our concerns are based on a continuing pattern of disregard for the right to privacy by several governments in the past. This trend has increased as can be plainly viewed from the following developments.</p>
<p>In 2015, the Attorney General in the case of *K.S. Puttaswamy v. Union of India*, argued before the Hon’ble Supreme Court that there is no right to privacy under the Constitution of India. The Hon'ble Court was persuaded to re-examine the basis of the right to privacy upsetting 45 years of judicial precedent. This has thrown the constitutional right to privacy in doubt and the several judgements that have been given under it. This includes the 1997 PUCL Telephone Tapping judgement as well. We urge the Union Government to take whatever steps are necessary and urge the Supreme Court to hold that a right to privacy exists under the Constitution of India.</p>
<p>Recently Mr. Arun Jaitley, Minister for Finance introduced the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. This bill was passed on March 11, 2016 in the middle of budget discussion on a short notice as a money bill in the Lok Sabha when only 73 of 545 members were present. Its timing and introduction as a money bill prevents necessary scrutiny given the large privacy risks that arise under it. This version of the bill was never put up for public consultation and is being rushed through without adequate discussion. Even substantively it fails to give accountable privacy safeguards while making Aadhaar mandatory for availing any government subsidy, benefit, or service.</p>
<p>We urge the Union Government to urgently take steps to uphold the constitutional basis to the right to privacy and fulfil it’s constitutional and international obligations. We encourage the Government to have extensive public discussions on the Aadhaar Bill before notifying it. We further call upon them to constitute a drafting committee with members of civil society to draft a comprehensive statute as suggested by the Justice A.P. Shah Committee Report of 2012.</p>
<p>Signatories:</p>
<ul><li>Amber Sinha, the Centre for Internet and Society</li>
<li>Japreet Grewal, the Centre for Internet and Society</li>
<li>Joshita Pai, Centre for Communication Governance, National Law University</li>
<li>Raman Jit Singh Chima, Access Now</li>
<li>Sarvjeet Singh, Centre for Communication Governance, National Law University</li>
<li>Sumandro Chattapadhyay, the Centre for Internet and Society</li>
<li>Sunil Abraham, the Centre for Internet and Society</li>
<li>Vanya Rakesh, the Centre for Internet and Society</li></ul>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/an-urgent-need-for-the-right-to-privacy'>https://cis-india.org/internet-governance/blog/an-urgent-need-for-the-right-to-privacy</a>
</p>
No publishersumandroUIDBig DataPrivacyInternet GovernanceDigital IndiaAadhaarBiometrics2016-03-17T07:40:12ZBlog EntryPress Release, March 15, 2016: The New Bill Makes Aadhaar Compulsory!
https://cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory
<b>We published and circulated the following press release on March 15, 2016, to highlight the fact that the Section 7 of the Aadhaar Bill, 2016 states that authentication of the person using her/his Aadhaar number can be made mandatory for the
purpose of disbursement of government subsidies, benefits, and services; and in case the person does not have an Aadhaar number, s/he will have to apply for Aadhaar enrolment. </b>
<p> </p>
<p>Nandan Nilekani, the former chairperson of the Unique Identification Authority of India had repeatedly stated that Aadhaar is not mandatory. However, in the last few years various agencies and departments of the government, both at the central and state level, had made it mandatory in order to be able to avail beneficiary schemes or for the arrangement of salary, provident fund disbursals, promotion, scholarship, opening bank account, marriages and property registrations. In August 2015, the Supreme Court passed an order mandating that the Aadhaar number shall
remain optional for welfare schemes, stating that no person should be denied any benefit for reason of not having an Aadhaar number, barring a few specified services.</p>
<p>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, however, has not followed this mandate. Section 7 of the Bill states that “a person should be authenticated or give proof of the Aadhaar number to establish his/her identity” “as a condition for receiving subsidy, benefit or service”. Further, it reads, “In the case a person does not have an Aadhaar number, he/she should make an application for enrollment.” The language of the provision is very clear in making enrollment in Aadhaar mandatory, in order to be entitled for welfare services. Section 7 also says that “the person will be offered viable and alternate means of identification for receiving the subsidy, benefit or service. However, these unspecified alternate means will be made available in the event “an Aadhaar number is not assigned”. This language is vague and it is not clear whether it mandates alternate means of identification for those who choose not to apply for an Aadhaar number for any reason. The fact that it does make it mandatory to apply for an Aadhaar number for persons without it, may lead to the presumption that the alternate means are to be made available for those who may have applied for an Aadhaar number but it has not been assigned for any reason. It is also noteworthy that draft legislation is silent on what the “viable and
alternate means of identification” could be. There are a number of means of identification, which are recognised by the state, and a schedule with an inclusive list could have gone a long way in reducing the ambiguity in this provision.</p>
<p>Another aspect of Section 7 which is at odds with the Supreme Court order is that it allows making an Aadhaar number mandatory for “for receipt of a subsidy, benefit or service for which the expenditure is incurred” from the Consolidated Fund of India. The Supreme Court had been very specific in articulating that having an Aadhaar number could not be made compulsory except for “any purpose other than the PDS Scheme and in particular for the purpose of distribution of foodgrains, etc. and cooking fuel, such as kerosene” or for the purpose of the LPG scheme. The restriction in the Supreme Court order was with respect to the welfare schemes, however, instead of specifying the schemes, Section 7 specified the source of expenditure from which subsidies, benefits and services can be funded, making the scope much broader. Section 7, in effect, allows the Central Government to circumvent the Supreme Court
order if they choose to tie more subsidies, benefits and services to the Consolidated Fund of India.</p>
<p>These provisions run counter to the repeated claims of the government for the last six years that Aadhaar is not compulsory, nor is the specification by the Supreme Court for restricting use of Aadhaar to a few services only, reflected anywhere in the Bill. The “viable and alternate means” clause is too vague and inadequate to prevent denial of benefits to those without an Aadhaar number. The sum effect of these factors is to give the Central Government powers to make Aadhaar mandatory, for all practical purposes.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory'>https://cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory</a>
</p>
No publisherAmber SinhaUIDBig DataPrivacyInternet GovernanceDigital IndiaAadhaarBiometrics2016-03-16T10:11:32ZBlog EntryAnalysis of Aadhaar Act in the Context of A.P. Shah Committee Principles
https://cis-india.org/internet-governance/blog/analysis-of-aadhaar-act-in-context-of-shah-committee-principles
<b>Whilst there are a number of controversies relating to the Aadhaar Act including the fact that it was introduced in a manner so as to circumvent the majority of the opposition in the upper house of the Parliament and that it was rushed through the Lok Sabha in a mere eight days, in this paper we shall discuss the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. In October 2012, the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee submitted its report which listed nine principles of privacy which all legislations, especially those dealing with personal should adhere to. In this paper, we shall discuss how the Aadhaar Act fares vis-à-vis these nine principles.</b>
<p> </p>
<h2>Introduction</h2>
<p>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “Aadhaar Act”) was introduced in the Lok Sabha (lower house of the Parliament) by Minister of Finance, Mr. Arun Jaitley, in on March 3, 2016, and was passed by the Lok Sabha on March 11, 2016. It was sent back by the Rajya Sabha with suggestions but the Lok Sabha rejected those suggestions, which means that the Act is now deemed to have been passed by both houses as it was originally introduced as a Money Bill. Whilst there are a number of controversies relating to the Aadhaar Act including the fact that it was introduced in a manner so as to circumvent the majority of the opposition in the upper house of the Parliament and that it was rushed through the Lok Sabha in a mere eight days, in this paper we shall discuss the substantial aspects of the Act in relation to privacy concerns which have been raised by a number of experts. In October 2012, the Group of Experts on Privacy constituted by the Planning Commission under the chairmanship of Justice AP Shah Committee submitted its report which listed nine principles of privacy which all legislations, especially those dealing with personal should adhere to. In this paper, we shall discuss how the Aadhaar Act fares vis-à-vis these nine principles.</p>
<p>In order for the reader to better understand the frame of reference on which we shall analyse the Aadhaar Act, the nine principles contained in the report of the Group of Experts on Privacy are explained in brief below:</p>
<ul><li><strong>Principle 1: Notice</strong> - Does the legislation/regulation require that entities governed by the Act give simple to understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them.</li>
<li><strong>Principle 2: Choice and Consent</strong> - Does the legislation/regulation require that entities governed under the Act provide the individual with the option to opt in/opt out of providing their personal information.</li>
<li><strong>Principle 3: Collection Limitation</strong> - Does the legislation/regulation require that entities governed under the Act collect personal information from individuals only as is necessary for a purpose identified.</li>
<li><strong>Principle 4: Purpose Limitation</strong> - Does the legislation/regulation require that personal data collected and processed by entities governed by the Act be adequate and relevant to the purposes for which they are processed.</li>
<li><strong>Principle 5: Access and Correction</strong> - Does the legislation/regulation allow individuals: access to personal information about them held by an entity governed by the Act; the ability to seek correction, amendments, or deletion of such information where it is inaccurate, etc.</li>
<li><strong>Principle 6: Disclosure</strong> - Does the legislation ensure that information is only disclosed to third parties after notice and informed consent is obtained. Is disclosure allowed for law enforcement purposes done in accordance with laws in force.</li>
<li><strong>Principle 7: Security</strong> - Does the legislation/regulation ensure that information that is collected and processed under that Act, is done so in a manner that protects against loss, unauthorized access, destruction, etc.</li>
<li><strong>Principle 8: Openness</strong> - Does the legislation/regulation require that any entity processing data take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data that is collected and processed and is this information made available to all individuals in an intelligible form, using clear and plain language?</li>
<li><strong>Principle 9: Accountability</strong> - Does the legislation/regulation provide for measures that ensure compliance of the privacy principles? This would include measures such as mechanisms to implement privacy policies; including tools, training, and education; and external and internal audits.</li></ul>
<p> </p>
<h2>Analysis of the Aadhaar Act</h2>
<p>The Aadhaar Act has been brought about to give legislative backing to the most ambitious individual identity programme in the world which aims to provide a unique identity number to the entire population of India. The rationale behind this scheme is to correctly identify the beneficiaries of government schemes and subsidies so that leakages in government subsidies may be reduced. In furtherance of this rationale the Aadhaar Act gives the Unique Identification Authority of India (“UIDAI”) the power to enroll individuals by collecting their demographic and biometric information and issuing an Aadhaar number to them. Below is an analysis of the Act based on the privacy principles enumerated I the A.P. Shah Committee Report.</p>
<h3>Collection Limitation</h3>
<p><strong>Collection of Biometric and Demographic Information:</strong> The Aadhaar Act entitles every “resident”
<strong>[1]</strong> to obtain an Aadhaar number by submitting his/her biometric (photograph, finger print, Iris scan) and demographic information (name, date of birth, address <strong>[2]</strong>) <strong>[3]</strong>. It must be noted that the Act leaves scope for further information to be included in the collection process if so specified by regulations. It must be noted that although the Act specifically provides what information can be collected, it does not specifically prohibit the collection of further information. This becomes relevant because it makes it possible for enrolling agencies to collect extra information relating to individuals without any legal implications of such act.</p>
<p><strong>Authentication Records:</strong> The UIDAI is mandated to maintain authentication records for a period which is yet to be specified (and shall be specified in the regulations) but it cannot collect or keep any information regarding the purpose for which the authentication request was made <strong>[4]</strong>.</p>
<p><strong>Unauthorized Collection:</strong> Any person who in not authorized to collect information under the Act, and pretends that he is authorized to do so, shall be punishable with imprisonment for a term which may extend to three years or with a fine which may extend to Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- <strong>[5]</strong>. It must be noted that the section, as it is currently worded seems to criminalize the act of impersonation of authorized individuals and the actual collection of information is not required to complete this offence. It is not clear if this section will apply if a person who is authorized to collect information under the Act in general, collects some information that he/she is not authorized to collect.</p>
<h3>Notice</h3>
<p><strong>Notice during Collection:</strong> The Aadhaar Act requires that the agencies enrolling people for distribution of Aadhaar numbers should give people notice regarding: (a) the manner in which the information shall be used; (b) the nature of recipients with whom the information is intended to be shared during authentication; and (c) the existence of a right to access information, the procedure for making requests for such access, and details of the person or department in-charge to whom such requests can be made <strong>[6]</strong>. A failure to comply with this requirement will make the agency liable for imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- <strong>[7]</strong>. It must be noted that the Act leaves the manner of giving such notice in the realm of regulations and does not specify how this notice is to be provided, which leaves important specifics to the realm of the executive.</p>
<p><strong>Notice during Authentication:</strong> The Aadhaar Act requires that authenticating agencies shall give information to the individuals whose information is to be authenticated regarding (a) the nature of information that may be shared upon authentication; (b) the uses to which the information received during authentication may be put by the requesting entity; and (c) alternatives to submission of identity information to the requesting entity <strong>[8]</strong>. A failure to comply with this requirement will make the agency liable for imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/- <strong>[9]</strong>. Just as in the case of notice during collection, the manner in which the notice is required to be given is left to regulations leaving an unclear picture as to how comprehensive, accessible, and frequent this notice must be.</p>
<h3>Access and Correction</h3>
<p><strong>Updating Information:</strong> The Aadhaar Act give the UIDAI the power to require residents to update their demographic and biometric information from time to time so as to maintain its accuracy <strong>[10]</strong>.</p>
<p><strong>Access to Information:</strong> The Aadhaar Act provides that Aadhaar number holders may request the UIDAI to provide access to their identity information expect their core biometric information <strong>[11]</strong>. It is not clear why access to the core biometric information <strong>[12]</strong> is not provided to an individual. Further, since section 6 seems to place the responsibility of updation and accuracy of biometric information on the individual, it is not clear how a person is supposed to know that the biometric information contained in the database has changed if he/she does not have access to the same. It may also be noted that the Aadhaar Act provides only for a request to the UIDAI for access to the information and does not make access to the information a right of the individual, this would mean that it would be entirely upon the discretion of the UIDAI to refuse to grant access to the information once a request has been made.</p>
<p><strong>Alteration of Information:</strong> The Aadhaar Act gives individuals the right to request the UIDAI to alter their demographic if the same is incorrect or has changed and biometric information if it is lost or has changed. Upon receipt of such a request, if the UIDAI is satisfied, then it may make the necessary alteration and inform the individual accordingly. The Act also provides that no identity information in the Central database shall be altered except as provided in the regulations <strong>[13]</strong>. This section provides for alteration of identity information but only in the circumstances given in the section, for example demographic information cannot be changed if it has been lost, similarly biometric information cannot be changed if it is inaccurate. Further, the section does not give a right to the individual to get the information altered but only entitles him/her to request the UIDAI to make a change and the final decision is left to the “satisfaction” of the UIDAI.</p>
<p><strong>Access to Authentication Record:</strong> Every individual is given the right to obtain his/her authentication record in a manner to be specified by regulations. [14]</p>
<h3>Disclosure</h3>
<p><strong>Sharing during Authentication:</strong> The UIDAI is entitled to reply to any authentication query with a positive, negative or any other response which may be appropriate and may share identity information except core biometric information with the requesting entity <strong>[15]</strong>. The language in this provision is ambiguous and it is unclear what 'identity information' may be shared and why it would be necessary to share such information as Aadhaar is meant to be only a means of authentication so as to remove duplication.</p>
<p><strong>Potential Disclosure during Maintenance of CIDR:</strong> The UIDAI has been given the power to appoint any one or more entities to establish and maintain the Central Identities Data Repository (CIDR) <strong>[16]</strong>. If a private entity is involved in the maintenance and establishment of the CIDR it can be presumed that there is the possibilty that they would, to some degree, have access to the information stored in the CIDR, yet there are no clear standards in the Act regarding this potential access. And the process for appointing such entities. The fact that the UIDAI has been given the freedom to appoint an outside entity to maintain a sensitive asset such as the CIDR raises security concerns.</p>
<p><strong>Restriction on Sharing Information:</strong> The Aadhaar Act creates a blanket prohibition on the usage of core biometric information for any purpose other than generation of Aadhaar numbers and also prohibits its sharing for any reason whatsoever <strong>[17]</strong>. Other identity information is allowed to be shared in the manner specified under the Act or as may be specified in the regulations <strong>[18]</strong>. The Act further provides that the requesting entities shall not disclose the identity information except with the prior consent of the individual to whom the information relates <strong>[19]</strong>. There is also a prohibition on publicly displaying Aadhaar number or core biometric information except as specified by regulations <strong>[20]</strong>. Officers or the UIDAI or the employees of the agencies employed to maintain the CIDR are prohibited from revealing the information stored in the CIDR or authentication record to anyone <strong>[21]</strong>. It is not clear why an exception has been carved out and what circumstances would require publicly displaying Aadhaar numbers and core biometric information, especially since the reasons for which such important information may be displayed has been left up to regulations which have relatively less oversight. The section also provides the requesting entities with an option to further disclose information if they take consent of the individuals. This may lead to a situation where a requesting entity, perhaps the of an essential service, may take the consent of the individual to disclose his/her information in a standard form contract, without the option of saying no to such a request. It may lead to situations where the option is between giving consent to disclosure or denial or service altogether. For this reason it is necessary that there should be an opt in and opt out provision wherever a requesting entity has the power to ask for disclosure of information, so that people are not coerced into giving consent.</p>
<p><strong>Disclosure in Specific Cases:</strong> The prohibition on disclosure of information (except for core biometric information) does not apply in case of any disclosure made pursuant to an order of a court not below that of a District Judge <strong>[22]</strong>. There is another exception to the prohibition on disclosure of information (including core biometric information) in the interest of national security if so directed by an officer not below the rank of a Joint Secretary to the Government of India specially authorised in this behalf by an order of the Central Government. Before any such direction can take effect, it will be reviewed by an oversight committee consisting of the Cabinet Secretary and the Secretaries to the Government of India in the Department of Legal Affairs and the Department of Electronics and Information Technology. Any such direction shall be valid for a period of three months and may be extended by another three months after the review by the Oversight Committee <strong>[23]</strong>. Although this provision has been criticized, and rightly so, for the lack of accountability since the entire process is being handled within the executive and there is no independent oversight, however it must be mentioned that the level of oversight provided here is similar to that provided to interception requests, which involve a much graver if not the same level of invasion of privacy.</p>
<p><strong>Penalty for Disclosure:</strong> Any person who intentionally and in an unauthorized manner discloses, transmits, copies or otherwise disseminates any identity information collected in the course of enrolment or authentication shall be punishable with imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/ <strong>[24]</strong>. Further any person who intentionally and in an unathorised manner, accesses information in the CIDR <strong>[25]</strong>, downloads, copies or extracts any data from the CIDR <strong>[26]</strong>, or reveals or shares or distributes any identity information, shall be punishable with imprisonment of upto 3 years and a fine of not less than Rs. 10,00,000/-.</p>
<h3>Consent</h3>
<p><strong>Consent for Authentication:</strong> A requesting entity has to take the consent of the individual before collecting his/her identity information for the purposes of authentication and also has to inform the individual of the alternatives to submission of the identity information <strong>[27]</strong>. Although this provision requires entities to take consent from the individuals before collecting information for authentication, however how useful this requirement of consent would be, still remains to be seen. There may be instances where a requesting entity may take the consent of the individual in a standard form contract, without the individual realizing what he/she is consenting to.</p>
<p><strong>Note:</strong> The Aadhaar Act provides no requirement or standard for the form of consent that must be taken during enrollment. This is significant as it is the point at which individuals are providing raw biometric material and during previous enrollment, has been a point of weakness as the consent taken is an enabler to function creep as it allows the UIDAI to share information with engaged in delivery of welfare services <strong>[28]</strong>.</p>
<h3>Purpose</h3>
<p><strong>Use of Information:</strong> The authenticating entities are allowed to use the identity information only for the purpose of submission to the CIDR for authentication <strong>[29]</strong>. Further, the Act specifies that identity information available with a requesting entity shall not be used for any purpose other than that specified to the individual at the time of submitting the information for authentication <strong>[30]</strong>. The Act also provides that any authentication entity which uses the information for any purpose not already specified will be liable to punishment of imprisonment of upto 3 years or a fine of Rs. 10,000/- or both. In case of companies the maximum fine amount would be increased to Rs. 10,00,000/ <strong>[31]</strong>.</p>
<h3>Security</h3>
<p><strong>Security and Confidentiality of Information:</strong> It is the responsibility of the UIDAI to ensure the security and confidentiality of the identity and authentication information and it is required to take all necessary action to ensure that the information in the CIDR is protected against unauthorized access, use or disclosure and against accidental or intentional destruction, loss or damage <strong>[32]</strong>. The UIDAI is required to adopt and implement appropriate technical and organisational security measures and also ensure that its contractors do the same <strong>[33]</strong>. It is also required to ensure that the agreements entered into with its contractors impose the same conditions as are imposed on the UIDAI under the Act and that they shall act only upon the instructions of the UIDAI <strong>[34]</strong>.</p>
<p><strong>Biometric Information to be Electronic Record:</strong> The biometric information collected by the UIDAI has been deemed to be an “electronic record” as well as “sensitive personal data or information”, which would mean that in addition to the provisions of the Aadhaar Act, the provisions contained in the Information Technology Act, 2000 will also apply to such information <strong>[35]</strong>. It must be noted that while the Act lays down the principle that UIDAI is required to ensure the saecurity of the information, it does not lay down any guidelines as to the minimum security standards to be implemented by the Authority. However, through this section the legislature has linked the security standards contained in the IT Act to the information contained in this Act. While this is a clean way of dealing with the issue, some people may argue that the extremely sensitive nature of the information contained in the CIDR requires the standards for security to be much stricter than those provided in the IT Act. However, a perusal of Rule 8 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 shows that the Rules themselves provide that the standard of security must be commensurate with the information assets being protected. It would thus seem that the Act provides enough room to protect such important information, but perhaps leaves too much room for interpretation for such an important issue.</p>
<p><strong>Penalty for Unauthorised Access:</strong> Apart from the security provisions included in the legislation, the Aadhaar Act also provides for punishment of imprisonment of upto 3 years and a fine which shall not be less than Rs. 10,00,000/-, in case of the following offences:</p>
<ol><li>introduction of any virus or other computer contaminant in the CIDR <strong>[36]</strong>;</li>
<li>causing damage to the data in the CIDR <strong>[37]</strong>;</li>
<li>disruption of access to the CIDR <strong>[38]</strong>;</li>
<li>denial of access to any person who is authorised to access the CIDR <strong>[39]</strong>;</li>
<li>destruction, deletion or alteration of any information stored in any removable storage media or in the CIDR or diminishing its value or utility or affecting it injuriously by any means <strong>[40]</strong>;</li>
<li>stealing, concealing, destroying or altering any computer source code used by the Authority with an intention to cause damage <strong>[41]</strong>.</li></ol>
<p>Further, unauthorized usage or tampering with the data in the CIDR or in any removable storage medium with the intent of modifying information relating to Aadhaar number holder or discovering any information thereof, is also punishable with imprisonment for a term which may extend to 3 years and also a fine which may extend to Rs. 10,000/- <strong>[42]</strong>.</p>
<h3>Accountability</h3>
<p><strong>Inspections and Audits:</strong> One of the functions listed in the powers and functions of the UIDAI is the power to call for information and records, conduct inspections, inquiries and audit of the operations of the CIDR, Registrars, enrolling agencies and other agencies appointed under the Aadhaar Act <strong>[43]</strong>.</p>
<p><strong>Grievance Redressal:</strong> Another function of the UIDAI is to set up facilitation centres and grievance redressal mechanisms for redressal of grievances of individuals, Registrars, enrolling agencies and other service providers <strong>[44]</strong>. It must be said here that considering the importance that the government has given to and intends to give to Aadhaar in the future, an essential task such as grievance redressal should not be left entirely to the discretion of the UIDAI and some grievance redressal mechanism should be incorporated into the Act itself.</p>
<h3>Openness</h3>
<p>There does not seem to be any provision in the Aadhaar Act which requires the UIDAI to make its privacy policies and procedure available to the public in general even though the UIDAI has the responsibility to maintain the security and confidentiality of the information.</p>
<p> </p>
<h2>Endnotes</h2>
<p><strong>[1]</strong> A resident is defined as any person who has resided in India for a period of atleasy 182 days in the previous 12 months.</p>
<p><strong>[2]</strong> It has been specified that demographic information will not include race, religion, caste, tribe, ethnicity, language, records of entitlement, income or medical history.</p>
<p><strong>[3]</strong> Section 3(1) of the Aadhaar Act.</p>
<p><strong>[4]</strong> Section 32(1) and 32(3) of the Aadhaar Act.</p>
<p><strong>[5]</strong> Section 36 of the Aadhaar Act.</p>
<p><strong>[6]</strong> Section 3(2) of the Aadhaar Act.</p>
<p><strong>[7]</strong> Section 41 of the Aadhaar Act.</p>
<p><strong>[8]</strong> Section 8(3) of the Aadhaar Act.</p>
<p><strong>[9]</strong> Section 41 of the Aadhaar Act.</p>
<p><strong>[10]</strong> Section 6 of the Aadhaar Act.</p>
<p><strong>[11]</strong> Section 28, <em>proviso</em> of the Aadhaar Act.</p>
<p><strong>[12]</strong> Core biometric information is defined as fingerprints, iris scan or other biological attributes which may be specified by regulations.</p>
<p><strong>[13]</strong> Section 31 of the Aadhaar Act.</p>
<p><strong>[14]</strong> Section 32(2) of the Aadhaar Act.</p>
<p><strong>[15]</strong> Section 8(4) of the Aadhaar Act.</p>
<p><strong>[16]</strong> Section 10 of the Aadhaar Act.</p>
<p><strong>[17]</strong> Section 29(1) of the Aadhaar Act.</p>
<p><strong>[18]</strong> Section 29(2) of the Aadhaar Act.</p>
<p><strong>[19]</strong> Section 29(3)(b) of the Aadhaar Act.</p>
<p><strong>[20]</strong> Section 29(4) of the Aadhaar Act.</p>
<p><strong>[21]</strong> Section 28(5) of the Aadhaar Act.</p>
<p><strong>[22]</strong> Section 33(1) of the Aadhaar Act.</p>
<p><strong>[23]</strong> Section 33(2) of the Aadhaar Act.</p>
<p><strong>[24]</strong> Section 37 of the Aadhaar Act.</p>
<p><strong>[25]</strong> Section 38(a) of the Aadhaar Act.</p>
<p><strong>[26]</strong> Section 38(b) of the Aadhaar Act.</p>
<p><strong>[27]</strong> Section 8(2)(a) and (c) of the Aadhaar Act.</p>
<p><strong>[28]</strong> For example, see: <a href="http://www.karnataka.gov.in/aadhaar/Downloads/Application%20form%20-%20English.pdf">http://www.karnataka.gov.in/aadhaar/Downloads /Application%20form%20-%20English.pdf</a>.</p>
<p><strong>[29]</strong> Section 8(2)(b) of the Aadhaar Act.</p>
<p><strong>[30]</strong> Section 29(3)(a) of the Aadhaar Act.</p>
<p><strong>[31]</strong> Section 37 of the Aadhaar Act.</p>
<p><strong>[32]</strong> Section 28(1), (2) and (3) of the Aadhaar Act.</p>
<p><strong>[33]</strong> Section 28(4)(a) and (b) of the Aadhaar Act.</p>
<p><strong>[34]</strong> Section 28(4)(c) of the Aadhaar Act.</p>
<p><strong>[35]</strong> Section 30 of the Aadhaar Act.</p>
<p><strong>[36]</strong> Section 38(c) of the Aadhaar Act.</p>
<p><strong>[37]</strong> Section 38(d) of the Aadhaar Act.</p>
<p><strong>[38]</strong> Section 38(e) of the Aadhaar Act.</p>
<p><strong>[39]</strong> Section 38(f) of the Aadhaar Act.</p>
<p><strong>[40]</strong> Section 38(h) of the Aadhaar Act.</p>
<p><strong>[41]</strong> Section 38(i) of the Aadhaar Act.</p>
<p><strong>[42]</strong> Section 39 of the Aadhaar Act.</p>
<p><strong>[43]</strong> Section 23(2)(l) of the Aadhaar Act.</p>
<p><strong>[44]</strong> Section 23(2)(s) of the Aadhaar Act.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/analysis-of-aadhaar-act-in-context-of-shah-committee-principles'>https://cis-india.org/internet-governance/blog/analysis-of-aadhaar-act-in-context-of-shah-committee-principles</a>
</p>
No publisherVipul KharbandaBig DataPrivacyInternet GovernanceFeaturedDigital IndiaAadhaarBiometricsHomepage2016-03-17T19:43:53ZBlog EntryAadhaar Bill 2016 Evaluated against the National Privacy Principles
https://cis-india.org/internet-governance/aadhaar-bill-2016-evaluated-against-the-national-privacy-principles
<b>In this infographic, we evaluate the privacy provisions of the Aadhaar Bill 2016 against the national privacy principles developed by the Group of Experts on Privacy led by the Former Chief Justice A.P. Shah in 2012. The infographic is based on Vipul Kharbanda’s article 'Analysis of Aadhaar Act in the Context of A.P. Shah Committee Principles,' and is designed by Pooja Saxena, with inputs from Amber Sinha.</b>
<p> </p>
<h4>Download the infographic: <a href="https://github.com/cis-india/website/raw/master/infographics/CIS_Aadhaar-2016-Vs-Privacy-Principles_v.1.0.pdf">PDF</a> and <a href="https://github.com/cis-india/website/raw/master/infographics/CIS_Aadhaar-2016-Vs-Privacy-Principles_v.1.0.png">PNG</a>.</h4>
<p> </p>
<p><strong>License:</strong> It is shared under Creative Commons <a href="https://creativecommons.org/licenses/by/4.0/">Attribution 4.0 International</a> License.</p>
<p> </p>
<img src="https://github.com/cis-india/website/raw/master/infographics/CIS_Aadhaar-2016-Vs-Privacy-Principles_v.1.0.png" alt="Aadhaar Bill 2016 Evaluated against the National Privacy Principles" />
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/aadhaar-bill-2016-evaluated-against-the-national-privacy-principles'>https://cis-india.org/internet-governance/aadhaar-bill-2016-evaluated-against-the-national-privacy-principles</a>
</p>
No publisherPooja Saxena and Amber SinhaUIDBig DataPrivacyInternet GovernanceInfographicDigital IndiaAadhaarBiometrics2016-03-21T08:38:34ZBlog EntryMedia Market Risk Ratings: India
https://cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india
<b>The Centre for Internet and Society (CIS) and the Global Disinformation Index (GDI) are launching a study into the risk of disinformation on digital news platforms in India, creating an index that is intended to serve donors and brands with a neutral assessment of news sites that they can utilise to defund disinformation.</b>
<h2>Introduction</h2>
<p style="text-align: justify;">The harms of disinformation are proliferating around the globe—threatening our elections, our health, and our shared sense of facts.</p>
<p style="text-align: justify;">The infodemic laid bare by COVID-19 conspiracy theories clearly shows that disinformation costs peoples’ lives. Websites masquerading as news outlets are driving and profiting financially from the situation.</p>
<p style="text-align: justify;">The goal of the Global Disinformation Index (GDI) is to cut off the revenue streams that incentivise and sustain the spread of disinformation. Using both artificial and human intelligence, the GDI has created an assessment framework to rate the disinformation risk of news domains.</p>
<p style="text-align: justify;">The GDI risk rating provides advertisers, ad tech companies and platforms with greater information about a range of disinformation flags related to a site’s <strong>content</strong> (i.e. reliability of content), <strong>operations</strong> (i.e. operational and editorial integrity) and <strong>context</strong> (i.e. perceptions of brand trust). The findings in this report are based on the human review of these three pillars: <strong>Content, Operations</strong>, and <strong>Context</strong>.</p>
<p style="text-align: justify;">A site’s disinformation risk level is based on that site’s aggregated score across all of the reviewed pillars and indicators. A site’s overall score ranges from zero (maximum risk level) to 100 (minimum risk level). Each indicator that is included in the framework is scored from zero to 100. The output of the index is therefore the site’s overall disinformation risk level, rather than the truthfulness or journalistic quality of the site.</p>
<h2 style="text-align: justify;">Key Findings</h2>
<p>In reviewing the media landscape for India, the assessment found that:</p>
<p><strong><em>Nearly a third of the sites in our sample had a high risk of disinforming their online users.</em></strong></p>
<ul>
<li style="text-align: justify;">Eighteen sites were found to have a high disinformation risk rating. This group includes sites that are published in all the three languages in our scope: English, Hindi and Bengali.</li>
<li style="text-align: justify;">Around half of the websites in our sample had a ‘medium’ risk rating. No site performed exceptionally on all fronts, resulting in no sites having a minimum risk rating. On the other hand, no site performed so poorly as to earn a maximum risk rating.</li></ul>
<p><strong><em>Only a limited number of Indian sites present low levels of disinformation risks.</em></strong></p>
<ul>
<li>No website was rated as having a ‘minimum’ disinformation risk.</li>
<li>Eight sites were rated with a ‘low’ level of disinformation risk. Seven out of these websites served content primarily in English, one in Hindi.</li></ul>
<p><strong><em>The media sites assessed in India tend to perform very poorly on publishing transparent operational checks and balances.</em></strong></p>
<ul>
<li style="text-align: justify;">Over one-third of the sites in our sample published little information about their ownership structure, and also failed to be transparent about their revenue sources.</li>
<li style="text-align: justify;">Only ten of the sites in our sample publish any information about their policies on how they correct errors in their reporting.</li></ul>
<p><strong><em>Association with traditional media did not play a significant factor in determining risk of disinformation.</em></strong></p>
<ul>
<li>On average, websites associated with TV or print did not perform any differently when compared to websites that solely serve digital content.</li></ul>
<p style="text-align: justify;">The findings show that on the whole, Indian websites can substantially increase their trustworthiness by taking measures to address these shortfalls in their operational checks and balances. For example, they could increase transparency on the structure of their businesses and have clear policies on how they address errors in their reporting. Both of these measures are in line with universal standards of good journalistic practices, as agreed by the Journalism Trust Initiative.</p>
<hr />
<p style="text-align: justify;">Click to download the <a href="https://cis-india.org/internet-governance/media-market-risk-ratings.pdf" class="internal-link">full report here</a>. To read the report in Hindi, <a class="external-link" href="https://cis-india.org/internet-governance/resources/media-bazaar-jokhim-rating.pdf">click here</a>. The authors extend their thanks to Anna Liz Thomas, Sanah Javed, Sagnik Chatterjee, and Raghav Ahooja for their assistance.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india'>https://cis-india.org/internet-governance/blog/gdi-and-cis-torsha-sarkar-pranav-m-bidare-and-gurshabad-grover-july-12-2021-media-market-risk-ratings-india</a>
</p>
No publisherTorsha Sarkar, Pranav M Bidare, and Gurshabad GroverDigital NewsDigital AccessInternet GovernanceDigital IndiaHomepage2022-01-25T13:29:06ZBlog EntryIron out contradictions in the Digital India programme
https://cis-india.org/internet-governance/blog/hindustan-times-july-15-2015-sumandro-chattapadhyay-iron-out-contradictions-in-the-digital-india-programme
<b>The Digital India initiative takes an ambitious 'Phir Bhi Dil Hai Hindustani' approach to develop communication infrastructure, government information systems, and general capacity to digitise public life in India. I of course use 'public life' in the sense of the wide sphere of interactions between people and public institutions.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.hindustantimes.com/analysis/iron-out-contradictions-in-the-digital-india-programme/article1-1369276.aspx">Hindustan Times</a> on July 15, 2015.</p>
<hr />
<p style="text-align: justify; ">The 'Phir Bhi Dil Hai Hindustani' approach involves putting together Japanese shoes, British trousers, and a Russian cap to make an entertainer with a pure Indian heart. In this case, the analogy must not be understood as different components of the initiative coming from different countries, but as coming from different efforts to use digital technologies for governance in India.</p>
<p style="text-align: justify; ">It is deploying the Public Information Infrastructure vision, inclusive of the National Optical Fibre Network (now renamed as BharatNet) and the national cloud computing platform titled Meghraj, so passionately conceptualised and pursued by Sam Pitroda. It has chosen the Aadhaar ID and the authentication-as-a-service infrastructure built by Nandan Nilekani, Ram Sewak Sharma, and the team, as the identity platform for all governmental processes across Digital India projects. It has closely embraced the mandate proposed by Jaswant Singh led National Task Force on Information Technology and Software Development for completely electronic interface for paper-free citizen-government interactions.</p>
<p style="text-align: justify; ">The digital literacy and online education aspects of the initiative build upon the National Mission on Education through ICT driven by Kapil Sibal. Two of the three vision areas of the Digital India initiative, namely 'Digital infrastructure as a utility to every citizen' and 'governance and service on demand,' are directly drawn from the two core emphasis clusters of the National e-Governance Plan designed by R. Chandrashekhar and team, namely the creation of the national and state-level network and data infrastructures, and the National Mission Mode projects to enable electronic delivery of services across ministries.</p>
<p style="text-align: justify; ">And this is not a bad thing at all. In fact, the need for this programmatic and strategic convergence has been felt for quite some time now, and it is wonderful to see the Prime Minister directly addressing this need. Although, while drawing benefits from the existing programmes, the DI initiative must also deal with the challenges inherited in the process.</p>
<p style="text-align: justify; ">Recently circulated documents describes that the institutional framework for Digital India will be headed by a Monitoring Committee overseeing two main drivers of the initiative: the Digital India Advisory Group led by the minister of communication and information technology, and the Apex Committee chaired by the cabinet secretary. While the former will function primarily through guiding the implementation works by the Department of Electronics and Information Technology (DeitY), the latter will lead the activities of both the DeitY and the various sectoral ministries.</p>
<p style="text-align: justify; ">Here lies one possible institutional bottleneck that the Digital India architecture inherits from the National e-Governance Plan. Putting the DeitY in the driving seat of the digital transformation agenda in parallel with all other central government departments indicate an understanding that the transformation is fundamentally a technical issue. However, most often what is needed is administrative reform at a larger scale, and re-engineering of processes at a smaller scale.</p>
<p style="text-align: justify; ">Government agencies that have addressed such challenges in the past, such as the department of administrative reforms and public grievances, is not mentioned explicitly within the institutional framework, and instead DeitY has been trusted with a range of tasks that may be beyond its scope and core skills.</p>
<p style="text-align: justify; ">The danger of this is that the Digital India initiative will end up initiating more infrastructural and software projects, without transforming the underlying governmental processes. For example, the recently launched eBasta website creates a centralised online shop for publishers of educational materials to make books available for teachers to browse and select for their classes, and for the students to directly download, against payment or otherwise. The website has been developed by the Centre for Development of Advanced Computing and DeitY. At the same time, the ministry of human resource development, which is responsible for matters related to public education, has already collaborated with the Central Institute of Educational Technology and the Homi Bhabha Centre for Science Education in TIFR to build a comprehensive platform for multi-media resources for education – the National Repository of Open Educational Resources. The initial plans of the DI initiative are yet to explicitly recognise that the key challenge is not in building new applications and websites, but aligning existing efforts.</p>
<p style="text-align: justify; ">This mismatch, between what the Digital India initiative proposes to achieve and how it plans to achieve it, is further demonstrated in the 'e-Governance Policy Initiatives under Digital India' document. The compilation lists the key policies to govern designing and implementation of the Digital India programmes, but surprisingly fails to mention any policies, acts, and pending bills approved or initiated by any previous government. This is remarkably counter-productive as the existing policy frameworks, such as the Framework for Mobile Governance, the National Data Sharing and Accessibility Policy, and the Interoperability Framework for e-Governance, are suitably placed to complement the new policies around use of free of open source softwares for e-governance systems, so as to ensure their transparency, interoperability, and inclusive outreach. Several pending bills like The National Identification Authority of India Bill, 2010, The Electronic Delivery of Services Bill, 2011, and The Privacy (Protection) Bill, 2013, are absolutely fundamental for comprehensive and secure implementation of the various programmes under the Digital India initiative.</p>
<p style="text-align: justify; ">The next year will complete a decade of development of national e-governance systems in India, since the launch of National e-Governance Plan in 2006. Given this history of information systems sometimes partially implemented and sometimes working in isolation, a 'Phir Bhi Dil Hai Hindustani' approach to digitise India is a very pragmatic one. What we surely do not need is increased contradiction among e-governance systems. Simultaneously, we neither need digital systems that centralise governmental power within one ministry on technical grounds, or expose citizens to abuse of their digital identity and assets due to lack of sufficient legal frameworks.</p>
<p style="text-align: justify; "><i><b>(Sumandro Chattapadhyay is research director, The Centre for Internet and Society. The views expressed are personal.)</b></i></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/hindustan-times-july-15-2015-sumandro-chattapadhyay-iron-out-contradictions-in-the-digital-india-programme'>https://cis-india.org/internet-governance/blog/hindustan-times-july-15-2015-sumandro-chattapadhyay-iron-out-contradictions-in-the-digital-india-programme</a>
</p>
No publishersumandroDigital IndiaInternet GovernanceE-GovernanceICT2015-07-28T01:04:28ZBlog EntryAmutha Arunachalam - Stand Shielded of Digital Rights (Delhi, May 05, 4 pm)
https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05
<b>We are proud to announce that Amutha Arunachalam will be the speaker at the May #FirstFriday event at the CIS Delhi office. Amutha is Principal Technical Officer in the Council Of Scientific and Industrial Research. The talk will be on digital signatures, traceability of time-stamps, and setting up an Indian Standard (Digital) Time. If you are joining us, please RSVP at the soonest as we have only limited space in our office.</b>
<p> </p>
<h3><strong>Amutha Arunachalam</strong></h3>
<h4>Principal Technical Officer, Council of Scientific and Industrial Research</h4>
<p> </p>
<p><img src="https://cis-india.org/internet-governance/files/amutha-arunachalam/image" alt="Amutha Arunachalam" class="image-inline" title="Amutha Arunachalam" /></p>
<p> </p>
<p>Amutha Arunachalam entered the Indian Government service as an Intelligence Officer in Ministry of Home Affairs in 1988 after working at the Indian Institute of Technology Madras in Fibre Optic communication Laboratory. She later moved to the Council of Scientific and Industrial Research in the field of Information Technology. She managed the IT infrastructure of the CSIR lab (Central Road Research Institute) till 2006 and moved to CSIR Head Quarters and contributed in the ICT refurbishment drive, mainly in the IT with a major contribution in establishing DATA Centre, implementing network security, linking CSIR HQ to the National Knowledge Network facility extended by National Information Centre(NIC) before joining UIDAI.</p>
<p>In UIDAI (National Identity Project) she managed the Data Center operations that includes critical CIDR (Central Identification Repository) and was responsible for setting up Infrastructure to roll out Disaster recovery centre, Aadhaar Enrolment Service, Benchmarking of UIDAI Enrolment , Authentication Applications and setting up of Backend infrastructure of the Authentication Service for Roll out to citizens. After the five year Deputation at UIDAI (Feb 2016), she is currently posted in the Council of Scientific and Industrial Research working in the Area of Policy in Cyber Security for CSIR, Enhancing Research with collaborative, networking and Building unified CSIR Ecosystem with Enterprise platform.</p>
<p> </p>
<h3><strong>RSVP</strong></h3>
<iframe src="https://docs.google.com/forms/d/e/1FAIpQLSfWGNDezfJOi3UU7GpAWkrKn0uOMlCsV2P_6QEHqPWCb6JSqA/viewform?embedded=true" frameborder="0" marginwidth="0" marginheight="0" height="666" width="600">Loading...</iframe>
<p> </p>
<h3><strong>Location</strong></h3>
<iframe src="https://www.google.com/maps/embed?pb=!1m18!1m12!1m3!1d876.157470894426!2d77.20553462919722!3d28.550842498903158!2m3!1f0!2f0!3f0!3m2!1i1024!2i768!4f13.1!3m3!1m2!1s0x0%3A0x834072df81ffcb39!2sCentre+for+Internet+and+Society!5e0!3m2!1sen!2sin!4v1493818109951" frameborder="0" height="450" width="600"></iframe>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05'>https://cis-india.org/internet-governance/events/firstfridayatcis-amutha-arunachalam-stand-shielded-of-digital-rights-may-05</a>
</p>
No publishersumandroCybersecurityInternet GovernanceDigital India#FirstFridayAtCISE-Governance2017-05-03T13:30:32ZEventDigital Native: Getting through an election made for the social media gaze
https://cis-india.org/raw/indian-express-april-21-2019-nishant-shah-getting-through-an-election-made-for-social-media-gaze
<b>In the poll season, social media platforms thrive on wounded outrage disguised as politics.</b>
<p style="text-align: justify; ">The article by Nishant Shah was <a class="external-link" href="https://indianexpress.com/article/express-sunday-eye/digital-native-the-gaze-5682831/">published in Indian Express</a> on April 21, 2019.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">There is palpable excitement as the most populous democracy in the world goes out to vote. Last election, which saw the saffron sweep, we realised the role of social media platforms in electoral politics. From the controversial selfie by the aspiring Prime Minister flaunting the lotus symbol, that was reported as violating the advertisement rules set by the Election Commission, to the mass mobilisation of ideology-based voters, orchestrated by automated bots and the hashtag brigades of #acchedin, there was no denying that digital strategies are going to form the backend of a robust political campaign.</p>
<p style="text-align: justify; "><aside class="o-story-content__related--large o-story-content__related">I<span>n a country of hypervisible lynch mobs staged via WhatsApp, polarised hatred exacerbated by armies of trolls, and the fluency with which hate speech has been normalised on the tweetosphere, social media and digital apps are front and centre in this election. People are coming out of voting booths and, even before the exit pollsters catch them, they are making Snapchat videos and “I voted” selfies, clearly identifying the parties they support. The verified social media accounts of leading political parties are doubling down on their poll promises of a communal purge of “infiltrators”, divine curses for the heretic who doesn’t vote for the “party of gods”, and threats of profiling if a community voted for the correct party and subsequent dire consequences. The door-to-door campaigning of the past has obviously been replaced by the tweet-to-tweet mixture of threats, cajoling, and blood lust that seems to set the tone for our current political climate.</span></aside></p>
<p style="text-align: justify; ">At the same time, the manifestos of the two leading coalitions, as well as the affidavits of the people running for office, are under deep public scrutiny. The <a href="https://indianexpress.com/about/bjp/">BJP</a>, in a Freudian blooper, announced itself as working for violence on women, incurring the sarcastic wrath of Twitter. One minister, who has been running through various cabinet positions, including education, was called to task to explain her wide repertoire of unverified degrees that change every voting season. Complaints against suspicious Electronic Voting Machines (EVMs) have made themselves heard loudly on social-media discussion forums. And lately, the YouTube videos of people allegedly showing the easy removal of the indelible ink from the voting fingers, exploded into public view, jeopardising the integrity of the one-person-one-vote paradigm.</p>
<p style="text-align: justify; ">Social media, it would seem, is everywhere. And its ubiquity is ensuring that all stakeholders of the electoral process are performing for the social media gaze. Our leaders are talking in tweet-sized morsels, hoping to get their last messages in. The organisers of the massive process have taken to debunking false claims, providing verified information, and guiding people to their voting processes. The voters are not only wearing their party colours, but also canvassing for their favourite leaders, either through proclamations of patriotism or through emotional messages of voting against hate and discrimination. Voting groups are scrutinising and discussing the party manifestos and also the unexpected alliances coming into being in the quest of reaching the majority mark.</p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-express-april-21-2019-nishant-shah-getting-through-an-election-made-for-social-media-gaze'>https://cis-india.org/raw/indian-express-april-21-2019-nishant-shah-getting-through-an-election-made-for-social-media-gaze</a>
</p>
No publishernishantResearchers at WorkDigital ActivismDigital IndiaDigital Natives2019-04-28T04:12:45ZBlog EntryWorkshop on Democratic Accountability in the Digital Age (Delhi, November 14-15)
https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15
<b>IT for Change, along with Centre for Internet and Society (CIS), Digital Empowerment Foundation (DEF), Mazdoor Kisan Shakti Sangathan (MKSS) and National Campaign for People’s Right to Information (NCPRI), is organising a two day workshop on ‘Democratic Accountability in the Digital Age’. The workshop will focus on evolving a comprehensive policy approach to data based governance and digital democracy, grounded in a rights and social justice framework. It will be held at the United Service Institution of India, Delhi, during November 14-15, 2016. The CIS team to participate in the workshop includes Sumandro Chattapadhyay (speaker), Amber Sinha (speaker), Vanya Rakesh (participant), and Himadri Chatterjee (participant).</b>
<p> </p>
<p>The workshop aims to:</p>
<ul><li>
<p>Discuss the institutional norms, rules and practices appropriate to the rise of ‘governance by networks’ and ‘rule by data’ that can guarantee democratic accountability and citizen participation, and</p>
</li>
<li>
<p>Articulate the steps to claim the civic-public value of digital technologies so that data and the new possibilities for networking are harnessed for a vibrant grassroots democracy.</p>
</li></ul>
<p>We hope the workshop can create a civil society coalition that can build effective strategies for legal and policy reform to further participatory democracy in the digital age. On the first day, the workshop will set the context through knowledge sharing and thematic presentations and discussions. On the second day, we aim to concretize strategies for collective action to further democratic accountability in the digital age.</p>
<hr />
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/11/Workshop-Agenda-Democratic-accountability-in-the-digital-age-14-to-15-Nov-2016-2.pdf">Workshop Agenda</a> (PDF)</h4>
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/10/Background-note-for-workshop-on-Democracy-in-Digital-Age-Sep21.odt">Background Note</a> (ODT)</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15'>https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15</a>
</p>
No publishersumandroDigital IDDigital GovernancePrivacyUIDInternet GovernanceAccountabilityDigital IndiaAadhaarWelfare GovernanceE-GovernanceDigital Rights2016-12-15T09:27:22ZEventSeminar on Understanding Financial Technology, Cashless India, and Forced Digitalisation (Delhi, January 24)
https://cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017
<b>The Centre for Financial Accountability is organising a seminar on "Understanding Financial Technology, Cashless India, and Forced Digitalisation" on Tuesday, January 24, at YWCA, Ashoka Road, New Delhi. Sumandro Chattapadhyay will participate in the seminar and speak on the emerging architecture of FinTech in India, as being developed and deployed by UIDAI and NPCI.</b>
<p> </p>
<p><em>Cross-posted from <a href="https://letstalkfinancialaccountability.wordpress.com/2017/01/20/understanding-financial-technology-cashless-india-forced-digitalisation/">Centre for Financial Accountability</a>.</em></p>
<hr />
<h2>Programme Schedule</h2>
<h4>09.30 - Registration</h4>
<h4>10:00 - Introduction to the Seminar & Setting the Context</h4>
<p>Madhuresh Kumar, National Alliance of People’s Movements</p>
<h4>10:15–11:30 - Session 1 - Understanding the Political Context of FinTech</h4>
<p>B P Mathur, Former Dy CAG</p>
<p>Prabir Purkayastha, Free Software Movement of India and Knowledge Commons</p>
<p>C P Chandrasekhar, Centre for Economic Studies and Planning, JNU</p>
<h4>11:30-11:45 – Tea / Coffee break</h4>
<h4>11:45-13:15 - Session 2 - How will FinTech Impact the Poor, and Labour and Banking Sector?</h4>
<p>Ashim Roy, New Trade Union of India</p>
<p>Nikhil Dey, Mazdoor Kisan Shakti Sangathan</p>
<p>Ravinder Gupta, General Secretary, State Bank of India Officers Association</p>
<h4>13:15-14:00 – Lunch</h4>
<h4>14:00-15:30 - Session 3 - Understanding the Economic Context of FinTech</h4>
<p>Indira Rajaraman, Former Director, RBI</p>
<p>Tony Joseph, Sr. Journalist</p>
<h4>15:30-17:00 - Session 4 - Understanding the Architecture of FinTech: Linkages to Aadhaar, IndiaStack etc</h4>
<p>Sumandro Chattapadhyay, the Centre for Internet and Society</p>
<p>Gopal Krishna, ToxicsWatch</p>
<h4>17:00 – Tea</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017'>https://cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017</a>
</p>
No publishersumandroUnified Payments InterfaceFinancial TechnologyDigital IDBig DataDigital EconomyUIDInternet GovernanceDigital IndiaAadhaarFinancial InclusionBiometricsDigital Payment2017-01-23T13:17:19ZBlog Entry"Will the Magic Number Deliver?" - Roundtable on Aadhaar at CSLG, JNU, April 26
https://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016
<b>The Centre for the Study of Law and Governance (CSLG), Jawaharlal Nehru University (JNU), will organise a roundtable discussion on Tuesday, April 26, to discuss the Aadhaar project and Act. Along with Rajeev Chandrasekhar, Prasanna S, Apar Gupta, and Chirashree Dasgupta, Sumandro Chattapadhyay will be one of the discussants. It will take place in the CSLG Conference Room at 6 pm.</b>
<p> </p>
<h3>Discussion Note</h3>
<p>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, was enacted by the Parliament on March 16. Thereafter it has been notified on March 26.</p>
<p>The Act empowers the UIDAI (Unique Identification Authority of India) to collect biometric and demographic information of residents to provide them with a unique number. This unique number is to be used for enumeration, identification and targeting of beneficiaries of government subsidies and services.</p>
<p>Since the creation of the UIDAI as an executive authority in 2009, this process of enumeration has been ongoing. Recently, it was announced that more than 100 crore residents have been given their aadhaar cards. Alongside, however, legal challenges have continued in the Supreme Court.</p>
<p>Given this context, this Roundatable Discussion will focus on the following set of questions (among others):</p>
<ul><li>
<p>Can the Aadhaar Number enable better delivery of government subsidies and services?</p>
</li>
<li>
<p>How does the Act ensure data protection?</p>
</li>
<li>
<p>Is there a right to privacy in India? What are the implications in the context of Aadhaar?</p>
</li>
<li>
<p>Does the Act ensure public access to statutory remedies in case of violations?</p>
</li>
<li>
<p>Did the Aadhaar Bill fulfil the requirements of a money bill?</p>
</li></ul>
<p> </p>
<h3>Discussion Format</h3>
<p>Setting the Theme - Short Introduction to the Topic by Natasha Goyal</p>
<p>Speakers' comments, 15 minutes each, consecutive, no power points</p>
<ul><li>
<p><a href="https://twitter.com/rajeev_mp">Rajeev Chandrasekhar</a>, Member of Parliament, Rajya Sabha</p>
</li>
<li>
<p><a href="https://twitter.com/ajantriks">Sumandro Chattapadhyay</a>, the Centre for Internet and Society</p>
</li>
<li>
<p><a href="https://twitter.com/prasanna_s">Prasanna S</a>, Lawyer</p>
</li>
<li>
<p><a href="https://twitter.com/aparatbar">Apar Gupta</a>, Advocate, Delhi High Court</p>
</li>
<li>
<p><a href="http://www.jnu.ac.in/FacultyStaff/ShowProfile.asp?SendUserName=chirashree">Dr. Chirashree Dasgupta</a>, Centre for the Study of Law and Governance</p>
</li></ul>
<p>Open Session (Moderated Q and A)</p>
<p>Followed by Tea</p>
<h3>Directions to Venue</h3>
<p>From JNU main gate, proceed straight until you get to a T-junction. Turn left. Continue until you reach a second T-junction. Turn right. Follow the road for just 0.7 km until you see a bus stop labelled “Paschimmabad.” About 50 m past the bus stop turn right at a sign that reads: “Centre for the Study of Law and Governance”. The CSLG building is on the right. The conference room is on the first floor.</p>
<h3>Poster</h3>
<img src="http://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016/leadImage" alt="CSLG Roundtable Discussion - Will the Magic Number Deliver? - April 26, 6 pm" />
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016'>https://cis-india.org/internet-governance/news/will-the-magic-number-deliver-aadhaar-cslg-26042016</a>
</p>
No publishersumandroUIDPrivacyDigital IndiaAadhaarBiometrics2016-04-20T10:49:58ZEventDigital native: The View from My Bubble
https://cis-india.org/raw/indian-express-december-4-2016-nishant-shah-digital-native-the-view-from-my-bubble
<b>In the digital world, the privileged have the power to deny a devastating crisis for the poor.</b>
<p>The article was <a class="external-link" href="http://indianexpress.com/article/technology/digital-native-the-view-from-my-bubble/">published by Indian Express</a> on December 4, 2016.</p>
<hr />
<p style="text-align: justify; ">For weeks now, my timeline on almost all social media feeds has been dominated by stories of demonetisation. Over the last few years, I have been spending time in countries where I, more or less, live a cashless life. Every transaction is enabled by a digital connection — my contactless debit card pays most of the bills for groceries, my phone works as an automatic wallet at my favourite stores, and the larger purchases are done online, through direct bank transfers. Most days, I leave home with such little cash that I would not even be able to buy a decent meal with it.</p>
<p style="text-align: justify; ">While the continent is different, this experience is not much different from my days spent in India. I don’t really remember the last time I made huge cash deposits or withdrawals, and the services that I am used to would almost all have facilitated digital transactions, ensuring a smooth continuation of my life except, perhaps, for renouncing the occasional binge on street food, and letting go of the habit of hailing an auto on a busy road.</p>
<p style="text-align: justify; ">Hence, like many people who live in the same privileged combination of class, urbanity, education and affordability, my initial reaction to this move was reflective and speculative. In an abstract manner, I was curious about what this means to the theory of value, what this would achieve in the long-term visions of the state, and wondering what the costs of currency re-introductions might be. The earlier debates with family and friends were all marked by this elitist inquiry into the nature of things, feasting our minds on economic and political conundrums, well aware that there is going to be no crisis on the horizon. The social media also reflected this filter bubble. We made pithy jokes and offered polarised opinions about whether or not this is going to achieve the whitening of black money, and what its long term effects on the economic future would be.</p>
<p style="text-align: justify; ">Now that we know, however, that this state of emergency is going to last well into the end of this year, and as reports trickle in of the deprivation, exploitation and precariousness that destabilise lives and push them towards the precipice, I take a deep introspective breath. I don’t want to go into the discussions of the impact and measures of this move on lives that I do not live, and people who are so unlike me that I cannot even imagine what it means to live on the edge of a demonetised currency note. My opinions on this cannot be more informed or valid than the millions of voices that have flooded the social web with commentary, discussions and outright abusive fighting around the issue.</p>
<p style="text-align: justify; ">Instead, I want to reflect on what it means to consume a lived crisis, an embodied reality, a precarious condition through the mediated bubble of the digital web. For years now, activists have lamented that the web is an alienating medium. It allows people to become armchair clicktivists, removed from the reality of messy life and able to profess care, concern and commitment as long as it does not inconvenience or disrupt their everyday life. However, this has often been seen as a knee-jerk reaction to change, with enough evidence to prove that these technologies of connectivity also produce new collective forms of action, engendering trust, empathy, and care for people who are often made invisible in the systemic violence of everyday life. The debate is unresolved. However, the ways in which the demonetisation crisis — because it has officially become a crisis — is being consumed online, remotely, makes me wonder how the digital web allows a space for performance without experience, and articulation without politics.</p>
<p style="text-align: justify; ">Almost unanimously, the continued chatter of how the common man must bear some inconvenience for the greater good of our collective futures comes from people who embody the same privileges I do. From the comfort of their well-stocked kitchens and their insurances that would cover any health crises, these voices continue to parrot the idea that all that this means for anybody is just a bit of a hassle, but nothing to worry about.</p>
<p style="text-align: justify; ">In the growing face of evidence that the poor are being pushed to the limits of their downward precipitation, they continue to invoke the sacrifices that must be made towards making India great again. Every day, I hear them valiantly champion the Prime Minister for his authoritative decision, and defend the logistics that have failed to protect the economic survival of the silent sufferers in the favour of recovering untold wealth which might turn out to be mythical after all.</p>
<p style="text-align: justify; ">And, each time I read these reports, I wonder how the digital allows them, protects them, and produces a performative space from which they can speak, without any experience, about the lives of others, reducing their struggles to lifestyle logistics and ambulatory adjustments.</p>
<p>
For more details visit <a href='https://cis-india.org/raw/indian-express-december-4-2016-nishant-shah-digital-native-the-view-from-my-bubble'>https://cis-india.org/raw/indian-express-december-4-2016-nishant-shah-digital-native-the-view-from-my-bubble</a>
</p>
No publishernishantResearchers at WorkDemonetisationDigital IndiaRAW Blog2016-12-05T15:15:07ZBlog EntryFake Narendra Modi apps aplenty, but it’s up to users to protect themselves
https://cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves
<b>The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.</b>
<p>The article was <a class="external-link" href="http://indianexpress.com/article/india/this-fake-narendra-modi-app-can-secretly-take-pictures-shoot-videos-using-your-phone-4407400/">published by Indian Express</a> on December 2, 2016. Pranesh Prakash was quoted. Also see Nandini Yadav's blog post in <a class="external-link" href="http://www.bgr.in/news/beware-of-the-fake-narendra-modi-app-on-google-play-store/">BGR</a> on December 3, 2016.</p>
<hr />
<p style="text-align: justify; "><img alt="modi3" class="size-full wp-image-4407413" src="http://images.indianexpress.com/2016/12/modi3.jpeg" /></p>
<p style="text-align: justify; ">The app, hosted on Google Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded.</p>
<p style="text-align: justify; ">A “<a href="http://indianexpress.com/about/narendra-modi">Narendra Modi</a>” app, purportedly offered by the Government of India, caught the attention of Internet expert Pranesh Prakash on Thursday as the app developer was found to be using a Bangladesh-based web host and e-mail address. Suggesting that this could be the work of a con-artist, Prakash underlined that granting access to fake apps could lead to security breach. The app, hosted on <a href="http://indianexpress.com/about/google/">Google</a> Play store, automatically gets excessive permission including full network access and ability to take pictures and videos once downloaded. The original NaMo, however, only gets access to read, modify and delete the user’s media files. The “fake” app was downloaded more than 1 lakh times and has an average rating of 4.4 from over 2,000 reviews. A simple search on the play store throws up dozens of Narendra Modi apps, some even calling themselves fake apps. The original app was published by Narendramodi.in and Government Of India. But there are scores of other apps trying to imitate the original.</p>
<p style="text-align: justify; "><img src="https://cis-india.org/home-images/NMApp.png" alt="Narendra Modi App" class="image-inline" title="Narendra Modi App" /></p>
<p style="text-align: justify; "><img src="https://cis-india.org/home-images/NMApp.png" alt="Narendra Modi App" class="image-inline" title="Narendra Modi App" /></p>
<p style="text-align: justify; ">Pranesh, who is Policy Director at The Centre for Internet and Society, also questioned how users can differentiate between fake and genuine apps when even the official app was registered using a gmail address. While the Government of India Narendra Modi app has been published using info@narendramodi.press, the one by Narendramodi.in has been published using a simple Gmail app. He also highlighted how the play store was flooded with fake banking apps, with one such “SBI app” gaining full access to the user’s files. Incidentally, the fake Modi Ki Note app which has been in the limelight since the demonetisation on high value notes and issue of new ones itself has many duplicates.</p>
<p style="text-align: justify; ">In the last two days, the Congress and its vice-president Rahul Gandhi fell victim to hacking as their verified Twitter accounts were compromised. Profane content was shared from both accounts, targeting the Gandhi and his family. This lead to the Congress questioning Prime Minister Narendra Modi’s digital India push as security remains a huge concern.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves'>https://cis-india.org/internet-governance/news/indian-express-december-2-2016-fake-narendra-modi-apps-aplenty-but-it-is-up-to-users-to-protect-themselves</a>
</p>
No publisherpraskrishnaDigital IndiaInternet GovernanceDigital GovernancePrivacy2016-12-10T04:24:24ZNews ItemComments on the Report of the Committee on Digital Payments (December 2016)
https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016
<b>The Committee on Digital Payments constituted by the Ministry of Finance and chaired by Ratan P. Watal, Principal Advisor, NITI Aayog, submitted its report on the "Medium Term Recommendations to Strengthen Digital Payments Ecosystem" on December 09, 2016. The report was made public on December 27, and comments were sought from the general public. Here are the comments submitted by the Centre for Internet and Society.</b>
<p> </p>
<h3><strong>1. Preliminary</strong></h3>
<p><strong>1.1.</strong> This submission presents comments by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> in response to the report of the Committee on Digital Payments, chaired by Mr. Ratan P. Watal, Principal Advisor, NITI Aayog, and constituted by the Ministry of Finance, Government of India (“the report”) <strong>[2]</strong>.</p>
<h3><strong>2. The Centre for Internet and Society</strong></h3>
<p><strong>2.1.</strong> The Centre for Internet and Society, CIS, is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.</p>
<p><strong>2.2.</strong> CIS is not an expert organisation in the domain of banking in general and payments in particular. Our expertise is in matters of internet and communication governance, data privacy and security, and technology regulation. We deeply appreciate and are most inspired by the Ministry of Finance’s decision to invite entities from both the sectors of finance and information technology. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the citizens and the users. CIS is thankful to the Ministry of Finance for this opportunity to provide a general response on the report.</p>
<h3><strong>3. Comments</strong></h3>
<p><strong>3.1.</strong> CIS observes that the decision by the Government of India to withdraw the legal tender character of the old high denomination banknotes (that is, Rs. 500 Rs. 1,000 notes), declared on November 08, 2016 <strong>[3]</strong>, have generated <strong>unprecedented data about the user base and transaction patterns of digital payments systems in India, when pushed to its extreme use due to the circumstances</strong>. The majority of this data is available with the National Payments Corporation of India and the Reserve Bank of India. CIS requests the authorities concerned to consider <strong>opening up this data for analysis and discussion by public at large and experts in particular, before any specific policy and regulatory decisions are taken</strong> towards advancing digital payments proliferation in India. This is a crucial opportunity for the Ministry of Finance to embrace (open) data-driven regulation and policy-making.</p>
<p><strong>3.2.</strong> While the report makes a reference to the European General Data Protection Directive, it does not make a reference to any substantive provisions in the Directive which may be relevant to digital payments. Aside from the recommendation that privacy protections around the purpose limitation principle be relaxed to ensure that payment service providers be allowed to process data to improve fraud monitoring and anti-money laundering services, the report is silent on significant privacy and data protection concerns posed by digital payments services. <strong>CIS strongly warns that the existing data protection and security regulations under Information Technology (Reasonable security practices and procedures and sensitive personal data or information), Rules are woefully inadequate in their scope and application to effectively deal with potential privacy concerns posed by digital payments applications and services.</strong> Some key privacy issues that must be addressed either under a comprehensive data protection legislation or a sector specific financial regulation are listed below. The process of obtaining consent must be specific, informed and unambiguous and through a clear affirmative action by the data subject based upon a genuine choice provided along with an option to opt out at any stage. The data subjects should have clear and easily enforceable right to access and correct their data. Further, data subjects should have the right to restrict the usage of their data in circumstances such as inaccuracy of data, unlawful purpose and data no longer required in order to fulfill the original purpose.</p>
<p><strong>3.3.</strong> The initial recommendation of the report is to “[m]ake regulation of payments independent from the function of central banking” (page 22). This involves a fundamental transformation of the payment and settlement system in India and its regulation. <strong>We submit that a decision regarding transformation of such scale and implications is taken after a more comprehensive policy discussion, especially involving a wider range of stakeholders</strong>. The report itself notes that “[d]igital payments also have the potential of becoming a gateway to other financial services such as credit facilities for small businesses and low-income households” (page 32). Thus, a clear functional, and hence regulatory, separation between the (digital) payments industry and the lending/borrowing industry may be either effective or desirable. Global experience tells us that digital transactions data, along with other alternative data, are fast becoming the basis of provision of financial and other services, by both banking and non-banking (payments) companies. We appeal to the Ministry of Finance to adopt a comprehensive and concerted approach to regulating, enabling competition, and upholding consumers’ rights in the banking sector at large.</p>
<p><strong>3.4.</strong> The report recognises “banking as an activity is separate from payments, which is more of a technology business” (page 154). Contemporary banking and payment businesses are both are primarily technology businesses where information technology particularly is deployed intimately to extract, process, and drive asset management decisions using financial transaction data. Further, with payment businesses (such as, pre-paid instruments) offering return on deposited money via other means (such as, cashbacks), and potentially competing and/or collaborating with established banks to use financial transaction data to drive lending decisions, including but not limited to micro-loans, it appears unproductive to create a separation between banking as an activity and payments as an activity merely in terms of the respective technology intensity of these sectors. <strong>CIS firmly recommends that regulation of these financial services and activities be undertaken in a technology-agnostic manner, and similar regulatory regimes be deployed on those entities offering similar services irrespective of their technology intensity or choice</strong>.</p>
<p><strong>3.5.</strong> The report highlights two major shortcomings of the current regulatory regime for payments. Firstly “the law does not impose any obligation on the regulator to promote competition and innovation in the payments market” (page 153). It appears to us that the regulator’s role should not be to promote market expansion and innovation but to ensure and oversee competition. <strong>We believe that the current regulator should focus on regulating the existing market, and the work of the expansion of the digital payments market in particular and the digital financial services market in general be carried out by another government agency, as it creates conflict of interest for the regulator otherwise.</strong> Secondly, the report mentions that Payment and Settlement Systems Act does not “focus the regulatory attention on the need for consumer protection in digital payments” and then it notes that a “provision was inserted to protect funds collected from customers” in 2015 (page 153). <strong>This indicates that the regulator already has the responsibility to ensure consumer protection in digital payments. The purview and modalities of how this function of course needs discussion and changes with the growth in digital payments</strong>.</p>
<p><strong>3.6.</strong> The report identifies the high cost of cash as a key reason for the government’s policy push towards digital payments. Further, it mentions that a “sample survey conducted in 2014 across urban and rural neighbourhoods in Delhi and Meerut, shows that despite being keenly aware of the costs associated with transacting in cash, most consumers see three main benefits of cash, viz. freedom of negotiations, faster settlements, and ensuring exact payments” (page 30). It further notes that “[d]igital payments have significant dependencies upon power and telecommunications infrastructure. Therefore, the roll out of robust and user friendly digital payments solutions to unelectrified areas/areas without telecommunications network coverage, remains a challenge.” <strong>CIS much appreciates the discussion of the barriers to universal adoption and rollout of digital payments in the report, and appeals to the Ministry of Finance to undertake a more comprehensive study of the key investments required by the Government of India to ensure that digital payments become ubiquitously viable as well as satisfy the demands of a vast range of consumers that India has</strong>. The estimates about investment required to create a robust digital payment infrastructure, cited in the report, provide a great basis for undertaking studies such as these.</p>
<p><strong>3.7.</strong> CIS is very encouraged to see the report highlighting that “[w]ith the rising number of users of digital payment services, it is absolutely necessary to develop consumer confidence on digital payments. Therefore, it is essential to have legislative safeguards to protect such consumers in-built into the primary law.” <strong>We second this recommendation and would like to add further that financial transaction data is governed under a common data protection and privacy regime, without making any differences between data collected by banking and non-banking entities</strong>.</p>
<p><strong>3.8.</strong> We are, however, very discouraged to see the overtly incorrect use of the word “Open Access” in this report in the context of a payment system disallowing service when the client wants to transact money with a specific entity <strong>[4]</strong>. This is not an uncommon anti-competitive measure adopted by various platform players and services providers so as to disallow users from using competing products (such as, not allowing competing apps in the app store controlled by one software company). <strong>The term “Open Access” is not only the appropriate word to describe the negation of such anti-competitive behaviour, its usage in this context undermines its accepted meaning and creates confusion regarding the recommendation being proposed by the report.</strong> The closest analogy to the recommendation of the report would perhaps be with the principle of “network neutrality” that stands for the network provider not discriminating between data packets being processed by them, either in terms of price or speed.</p>
<p><strong>3.9.</strong> A major recommendation by the report involves creation of “a fund from savings generated from cash-less transactions … by the Central Government,” which will use “the trinity of JAM (Jan Dhan, Adhaar, Mobile) [to] link financial inclusion with social protection, contributing to improved Social and Financial Security and Inclusion of vulnerable groups/ communities” (page 160-161). <strong>This amounts to making Aadhaar a mandatory ID for financial inclusion of citizens, especially the marginal and vulnerable ones, and is in direct contradiction to the government’s statements regarding the optional nature of the Aadhaar ID, as well as the orders by the Supreme Court on this topic</strong>.</p>
<p><strong>3.10.</strong> The report recommends that “Aadhaar should be made the primary identification for KYC with the option of using other IDs for people who have not yet obtained Aadhaar” (page 163) and further that “Aadhaar eKYC and eSign should be a replacement for paper based, costly, and shared central KYC registries” (page 162). <strong>Not only these measures would imply making Aadhaar a mandatory ID for undertaking any legal activity in the country, they assume that the UIDAI has verified and audited the personal documents submitted by Aadhaar number holders during enrollment.</strong> A mandate for <em>replacement</em> of the paper-based central KYC agencies will only remove a much needed redundancy in the the identity verification infrastructure of the government.</p>
<p><strong>3.11.</strong> The report suggests that “[t]ransactions which are permitted in cash without KYC should also be permitted on prepaid wallets without KYC” (page 164-165). This seems to negate the reality that physical verification of a person remains one of the most authoritative identity verification process for a natural person, apart from DNA testing perhaps. <strong>Thus, establishing full equivalency of procedure between a presence-less transaction and one involving a physically present person making the payment will only amount to removal of relatively greater security precautions for the former, and will lead to possibilities of fraud</strong>.</p>
<p><strong>3.12.</strong> In continuation with the previous point, the report recommends promotion of “Aadhaar based KYC where PAN has not been obtained” and making of “quoting Aadhaar compulsory in income tax return for natural persons” (page 163). Both these measures imply a replacement of the PAN by Aadhaar in the long term, and a sharp reduction in growth of new PAN holders in the short term. <strong>We appeal for this recommendation to be reconsidered as integration of all functionally separate national critical information infrastructures (such as PAN and Aadhaar) into a single unified and centralised system (such as Aadhaar) engenders massive national and personal security threats</strong>.</p>
<p><strong>3.13.</strong> The report suggest the establishment of “a ranking and reward framework” to recognise and encourage for the best performing state/district/agency in the proliferation of digital payments. <strong>It appears to us that creation of such a framework will only lead to making of an environment of competition among these entities concerned, which apart from its benefits may also have its costs. For example, the incentivisation of quick rollout of digital payment avenues by state government and various government agencies may lead to implementation without sufficient planning, coordination with stakeholders, and precautions regarding data security and privacy</strong>. The provision of central support for digital payments should be carried out in an environment of cooperation and not competition.</p>
<p><strong>3.14.</strong> CIS welcomes the recommendation by the report to generate greater awareness about cost of cash, including by ensuring that “large merchants including government agencies should account and disclose the cost of cash collection and cash payments incurred by them periodically” (page 164). It, however, is not clear to whom such periodic disclosures should be made. <strong>We would like to add here that the awareness building must simultaneously focus on making public how different entities shoulder these costs. Further, for reasons of comparison and evidence-driven policy making, it is necessary that data for equivalent variables are also made open for digital payments - the total and disaggregate cost, and what proportion of these costs are shouldered by which entities</strong>.</p>
<p><strong>3.15.</strong> The report acknowledges that “[t]oday, most merchants do not accept digital payments” and it goes on to recommend “that the Government should seize the initiative and require all government agencies and merchants where contracts are awarded by the government to provide at-least one suitable digital payment option to its consumers and vendors” (page 165). This requirement for offering digital payment option will only introduce an additional economic barrier for merchants bidding for government contracts. <strong>We appeal to the Ministry of Finance to reconsider this approach of raising the costs of non-digital payments to incentivise proliferation of digital payments, and instead lower the existing economic and other barriers to digital payments that keep the merchants away</strong>. The adoption of digital payments must not lead to increasing costs for merchants and end-users, but must decrease the same instead.</p>
<p><strong>3.16.</strong> As the report was submitted on December 09, 2016, and was made public only on December 27, 2016, <strong>it would have been much appreciated if at least a month-long window was provided to study and comment on the report, instead of fifteen days</strong>. This is especially crucial as the recently implemented demonetisation and the subsequent banking and fiscal policy decisions taken by the government have rapidly transformed the state and dynamics of the payments system landscape in India in general, and digital payments in particular.</p>
<h3><strong>Endnotes</strong></h3>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://finmin.nic.in/reports/Note-watal-report.pdf">http://finmin.nic.in/reports/Note-watal-report.pdf</a> and <a href="http://finmin.nic.in/reports/watal_report271216.pdf">http://finmin.nic.in/reports/watal_report271216.pdf</a>.</p>
<p><strong>[3]</strong> See: <a href="http://finmin.nic.in/cancellation_high_denomination_notes.pdf">http://finmin.nic.in/cancellation_high_denomination_notes.pdf</a>.</p>
<p><strong>[4]</strong> Open Access refers to “free and unrestricted online availability” of scientific and non-scientific literature. See: <a href="http://www.budapestopenaccessinitiative.org/read">http://www.budapestopenaccessinitiative.org/read</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016'>https://cis-india.org/internet-governance/blog/comments-on-the-report-of-the-committee-on-digital-payments-dec-2016</a>
</p>
No publisherSumandro Chattapadhyay and Amber SinhaUIDDigital IDBig DataDigital EconomyDigital AccessPrivacyDigital SecurityData RevolutionDigital PaymentInternet GovernanceDigital IndiaData ProtectionDemonetisationHomepageFeaturedAadhaar2017-01-12T12:32:22ZBlog Entry