Centre for Internet and Society

ISO/IEC JTC1/SC 27 Meetings

praskrishna — 2017-04-27T16:38:46Z

Udbhav Tiwari represented the Centre for Internet & Society in a series of meetings held at University of Waikato and Novotel in Hamilton, New Zealand between April 18 and 25, 2017.

The participation was by the virtue of our institutional membership in Information Systems Security Sectional Committee (LITD 17) at the Bureau of Indian Standards.

The first 5 days of the meetings (18 to 23 April, 2017) were the working group meetings, where Udbhav participated in Working Group 1 - Information security management systems and Working Group 5 - Identity management and privacy technologies. Udbhav's participation in WG1 was largely exploratory, where I made some connections and tagged projects for us to comment on prior to the next set of meetings. These projects were Cyber Security, Cyber Insurance, Government Use of the ISO 27001 Standards, International Framework for Cyber Security and the Standing Document on Regulatory Use of 27001.

In WG5, Udbhav was appointed as Co-Rapporteur in the Study Period on Smart Cities, which will go on for another 6 months. The plenary of SC 27 was held on April 24 and 25, 2017. The final resolutions from the Working Groups plenary can be accessed below:

WG1 Recommendations and Resolutions

WG5 Resolutions

For more details visit https://cis-india.org/internet-governance/news/iso-iec-jtc1-sc-27-meetings

Now, Aadhaar details displayed in Mizoram too

praskrishna — 2017-04-27T16:59:37Z

Contrary to the Centre’s assurances, government websites are revealing digital details of the poor, leaving them vulnerable to financial frauds and identity theft.

The article by Sebastian PT was published in the National Herald on April 26, 2017. Sunil Abraham was quoted.

Could there be a method to the madness? Or is it just carelessness? From the Jharkhand Government to the Union Territory of Chandigarh to the Union Ministry of Water and Sanitation to even Mizoram’s Food and Civil Supplies Department, government websites are found to have displayed Aadhaar details of citizens, a crime under the law.

In Jharkhand, details of 16 lakh beneficiaries – their bank account details, ration card and the 12-digit Aadhaar number – were displayed on the website of the Directorate of Social Security. Similar blunders were witnessed from different corners of the country from Chandigarh to Kerala, where details of 35 lakh people have been breached. This flies in the face of the Government’s repeated claims on data privacy, that Aadhaar details are completely safe.

The law doesn’t allow this. The displaying of the Aadhaar data, for instance, is in clear violation of Section 29 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016. The provision clearly says that “no” Aadhaar number or core biometric information of an Aadhaar number holder shall be “published, displayed or posted publicly”.

“There appears to be no regulation worth the name as far as the Aadhaar project is concerned,” says economist Reetika Khera from IIT Delhi.

So, will these officials responsible be punished according to the Act? More importantly, what about the damage of leaking such sensitive, apparently confidential data?

Irreparable Damage

Several cyber security experts have been warning of the possibility of precisely such leaks and Opposition parties were vociferously pointing this out while the Centre was brazenly violating the Supreme Court’s orders and forcibly extending Aadhaar to almost everything – including it being linked to one’s Permanent Account Number (PAN), used for filing income tax.

“What has been broken through technology, can’t be fixed with the law,” says Sunil Abraham, Executive Director of Bangalore-based research organisation, the Centre for Internet and Society.

The data breach just made it easy for players in the black market for ID (identification) documents to be lapped up to create false ID cards, for instance.

When demonetisation was being implemented, sources say that black money hoarders apparently bought fake IDs which were made from stolen Aadhaar details to get the old notes exchanged – one way for doing this was perhaps by opening new bank accounts or to, say, utilise unused Jan Dhan accounts to deposit the money. Now, one can only imagine what terrorists can do with these details.

So far, perhaps, the only solace is that the biometric details of the beneficiaries weren’t leaked. But, in the backdrop of the lax attitude of the various government departments, even that too is just waiting to happen, fear experts.

Abraham warns that Aadhaar was always a risky proposition as it was based on biometrics, which “made it very insecure”. He terms it as a “mass surveillance technology” – that too a poorly-designed technology – which, in fact, “undermines security”. Once biometric data are compromised, it cannot be secured again. Instead of biometrics, he suggests the UIDAI shift to using smart cards.

The unfettered forcible linking of almost everything – from bank accounts to one’s PAN card – to Aadhaar only makes things worse. “The Centre is ‘seeding’ the various data bases with the Aadhaar number, which is a very bad move. And, involving various private and public agencies in this only makes the entire thing very precarious,” warns Abraham. He points out that, for instance, when the PAN cards are linked with the Aadhaar number, breach made possible.

Instead, he says, the government should adopt the ‘tokenisation approach’, instead of the ‘seeding approach’. What this means is that, say, if the PAN card is to be linked to Aadhaar, then UIDAI issues a token number and not the original 12-digit Aadhaar number. So, even if a breach happens, the hacker will not be able to get all the Aadhaar details, he says.

However, the government does not seem to be taking the issue of privacy very seriously. What perhaps is not being understood is that this is not just a privacy issue, but making the masses vulnerable to frauds. Instead of treading cautiously in implementing Aadhaar, the government seems to be in a hurry to extend it to almost every possible silo in an individual’s life.

“Given the callous attitude of central and state governments, I hope that the Supreme Court will stop the government from a forced linking of Aadhaar, on the one hand, and bank accounts and PAN numbers on the other hand,” says Khera.

For more details visit https://cis-india.org/internet-governance/news/national-herald-sebastian-pt-april-26-2017-now-aadhaar-details-displayed-in-mizoram-too

‘The IT Act is fine, but its interpretation is not’

praskrishna — 2012-12-21T10:08:43Z

Several organisations such as the Alternate Law Forum and Centre for Internet and Society are campaigning to amend the IT Act 2000. However, SV Raghavan, scientific secretary, office of PSA to the government of India, stated that the law in place is fine but the stakeholders need to be educated on implementing it better.

The article was published in DNA on December 19, 2012.

Raghavan, who was at the National Institute of Advanced Studies (NIAS) in the Indian Institute of Science (IISc) on Tuesday to give a lecture on cyber security, specifically singled out the controversial Section 66 that can hold a person viable for posting ‘offensive’ content online. The IT Act 2000 is constituted to keep such law breakers under check.

“The IT Act 2000 gives specific powers to some of the law agencies to take action. In cyberspace, nearly 90% of the users don’t come with any malicious intentions. Now there is a large concerted effort across the country, to teach policemen how to apply this law and interpret it. There is also an effort to teach the judiciary to interpret the law correctly, so that the right people are held accountable,” he said.

“No matter what you do, when the law is written in English, sometimes it comes across two dimensional and the original intent of the law may be lost, which is why there are agencies who are dedicated to teaching the judiciary on how to interpret it,” he added.

As for cyber security amongst civilians, vigilance is simply all it takes.

For more details visit https://cis-india.org/news/dna-bangalore-december-19-2012-the-it-act-is-fine-but-its-interpretation-is-not

Internet-driven Developments — Structural Changes and Tipping Points

elonnai — 2012-12-28T15:34:51Z

A symposium on Internet Driven Developments: Structural Changes and Tipping Points was held in Cambridge, Massachusetts at Harvard University from December 6 to 8, 2012. The symposium was sponsored by the Ford Foundation and the MacArthur Foundation and was hosted by the Berkman Center for Internet & Society. In this blog post, I summarize the discussions that took place over the two days and add my own personal reflections on the issues.

The symposium served as an inaugural event for the Global Network of Interdisciplinary Centers, which currently includes as its members:

The Berkman Center for Internet and Society at Harvard University
The Alexander von Humboldt Institute for Internet & Society
The Centre for Internet and Society, Bangalore
The Center for Technology & Society at the Fundacao Getulio Vargas Law School, Keio University
The MIT Media Lab and its Center for Civic Media
The NEXA Center for Internet & Society at Politicnico di Torino.

Individuals and researchers from the Centers focused on understanding the effects of internet and society. The participants were brought together to explore the past, present, and future tipping points of the internet, to identify knowledge gaps, and to find areas of collaboration and future action between institutes and individuals. Specifically, the symposium set out to examine fundamental questions about the internet, identify structural changes that are occurring because of the internet, and the forces that are catalyzing these changes. Questions asked and discussed included:

What forces are changing production and service models?
What forces are influencing entrepreneurship and innovation? and
What forces are changing political participation?

Production and Service Models

Discussion

When participants discussed the changes that are happening to production and service models, concepts such as big data, algorithms, peer based models of production, and intermediaries were identified as actors and tools that are driving change in production and service models in the context of the internet. For example, big data and algorithms are being used to alter the nature, scope, and reach of business by allowing for the personalization and customization of services. To this end, many organizations have incorporated customer participation into business models, and provide platforms for feedback and input. The personalization of services has placed greater emphasis on the voice of the customer, allowing customers to guide and influence business by voicing preferences, satisfaction levels, etc. In this way, consumers can determine what type of service they want, and can also make political statements through their choices and feedback. In the process, however, such platforms generate and depend on large amounts of data and thus raise concerns about privacy.

Knowledge gaps that were identified during the conversation included how to predict what would make a participatory platform and peer based model successful, and how these platforms can be effectively researched. When looking at big data, a knowledge gap that was identified included how to ensure that data are collected ethically and accurately, as well as the related question: once large data sets are collected, how can the data be analyzed and used in a meaningful way?

There was also discussion about the increasingly critical and powerful role that intermediaries serve within the scope of the internet as they act as the platform provider and regulator for internet content. Intermediaries both allow for content to be posted on the internet, and determine what information is accessed through the filtering of web searches. Increasingly, governments are seeking to regulate intermediaries and create strict rules of compliance with governmental mandates. At the same time governments are placing the responsibility and liability of regulating what content is posted on internet on intermediaries, essentially placing them in the role of an adjudicator. This is one example of how the relationship between the private sector, the government, and the individual is changing, because it is only recently that private intermediaries have been held responsible first to governments, and only secondarily to customers.

Knowledge gaps identified in the discussion on intermediaries included understanding and researching how intermediaries decide to filter content found through searches. On what basis is each filter done? Are there actors influencing this process? And what are the economics behind the process?

Personal Thoughts

When reflecting on how the internet is changing and influencing the production of goods and services, I personally would add to the points discussed in the meeting the fact that the internet has also impacted the job economy. Reports show that jobs in the extraction and manufacturing sector are decreasing, as the internet has created a mandatory new tech oriented skill set that often outweighs the need for other skill sets. This change is far reaching as the job economy influences what skills students choose to learn, why and for what purposes individuals migrate across borders for employment, and in what industries governments invest money towards domestic development. In addition to changing the nature of skills in demand, the nature of the services themselves is changing. Though services are becoming more personalized and tailored to the individual, this personalization is automated, and replacing the ‘human touch’ that was once prized in business. Whether customers care if the service they are given is generated by an algorithm or delivered by an individual may depend on a person’s preference, but the European Union has seen this shift as being significant enough to address automated decision making in Article 15 of the EU directive, which provides individuals the right to not be subject to a decision which legally impacts him/her which is based only on automated processing of data. This directive encompasses decisions such as evaluation of a person’s performance at work, creditworthiness, reliability, conduct, etc.

The internet has also increased the cost of small mistakes made by businesses, as any mistake will now potentially impact millions of customers. The impact of any mistake makes risk management much more important and difficult, as businesses must seek to anticipate and mitigate any and all mistakes. The internet has also created a new level of dependency on the network, as businesses shift all of their services and functions over to the internet. Thus, if the network goes down, businesses will lose revenue and customers. This level of dependency on the network that exists today is different from past reliance’s on technology — in the sense that in the past there was not one single type of technology that would be essential for many businesses to run. The closest analogue was transportation: if trucks, trains, or ships were unavailable, multiple industries would be impacted. The difference is that those who relied on rail could shift temporarily to ships or trucks. Those relying on the network have no alternatives. Furthermore, past technologies were constantly evolving in the resources they depended on — from coal to gas, etc, but for the internet, it seems that the resource is not evolving, so much as expanding as increased bandwidth and connectivity are the solution to allowing technological evolution and innovation through the internet.

As discussed above, intermediaries are becoming key and powerful players, but they also seem to be increasingly placed between a rock and a hard place, as governments around the world are asking national and multinational intermediaries to filter content that violates national laws in one context, but not another context. Furthermore, intermediaries are increasingly being asked to comply with law enforcement requests for access to data that is often not within the jurisdiction of the requesting country. The difficult position intermediaries are placed in demonstrates how the architecture of the internet is borderless but the regulation and use of the internet is still tied to borders and jurisdiction.

Entrepreneurship and Innovation

Discussion

When discussing entrepreneurship and innovation it was pointed out by participants that grey markets and market failures are important indicators for possibilities of new business models and forms of innovation. Because of that, it is important to study what has failed and why when identifying new possibilities and trends. The importance of policies and laws that allow for innovation and entrepreneurship was also highlighted.

Personal Thoughts

When thinking about entrepreneurship and innovation on the internet and forces driving them, it seems clear that tethering, conglomerating, and organizing information from multiple sources is one direction that innovation is headed. Services are coming out that have the ability to search the internet based on individual preferences and provide more accurate data quickly. This removes the need for individuals to search the internet at length to find the information or products they want. Along the same lines, it seems that there is a greater trend towards personalization. Services are finding new and innovative ways to bring individuals customized products. Another trend is the digitization of all services — from moving libraries online, to bookstores online, to grocery stores online. Lastly, there is a constant demand for new applications to be developed. These can range from applications enabling communication through social networking, to applications that act as personal financial consultants, to applications that act as personal trainers. The ability for concepts, trends, etc to go viral on the internet has also added another dimension to entrepreneurship and innovation as any individual can potentially become successful by something going viral. The ability for something to go viral on the internet does not just impact entrepreneurship and innovation, but also impacts political participation and production and service models.

Political Participation

Discussions also centered on how political participation is changing as the internet is being used as a new platform for participation. For example, it is now possible for individuals to leverage their voice and message to local and global communities. Furthermore, this message can be communicated on a seemingly personal scale. Individuals from one community are able to connect to communities from another location — both local and abroad, and to work together to catalyze change. Messages and communications can be spread easily to millions of people and can go viral. This ability has changed and created new public spheres, where anyone can contribute to a dialogue from anywhere. Empowerment is shifting as well, because the internet allows for new power structures to be created by any actor who knows how to leverage the network. These factors allow for more voices to be heard and for greater citizen participation. The role of the youth in political movements was also emphasized in the discussions. On the other hand governments have responded by more heavily regulating speech and content on the internet when dissenting voices and campaigns are seen as a threat. It was also brought out that though emerging forms of online political participation have been heralded by many for achievements such as facilitating democracy, transparency, and bringing a voice to the silenced — many have warned that analysis of these political forms of participation overlook individual contributions and time. Other critiques that were discussed included the fact that digital revolutions also exclude individuals who do not have access to the internet or to platforms/applications and overlook actions and movements that take place offline.

Knowledge gaps that were identified included understanding the basics of the change that is happening in political participation through the internet. For example, it is unclear who the actors are that determine the conditions and scope for these changes, and like participatory forms of business, what enables and mobilizes change. Furthermore, it is unclear who specifically benefits from these changes and how, and who participates in the changes — and in what capacity. Additionally, much of the change has been quantified in the dialogue of the ‘global’ — global voices, global movements — but that dialogue ignores the local.

Personal Thoughts

In addition to the discussions on political participation, I believe the internet has created the possibility for ‘social governance’. To address situations in which there is no particular law against an action, but individuals come together and speak out against actions that they see on the internet that they believe should be stopped or changed. Depending on the extent individuals choose to enforce these decisions, this can be potentially dangerous as individuals are essentially rewriting laws and social norms without subjecting them to the crucible of consensus decision-making or review. In addition, forms of political participation are not changing just in terms of how the individual engages politically with states and governments, but also in the ways that politicians are engaging with citizens. For example, politicians are using Facebook and Twitter as means to communicate and gather feedback from supporters. Politicians are also using technology to reach more individuals with their messages — from experimenting with 3D holograms, to web casting, to using technology like CCTV cameras to prove transparency. The impact of this could be interesting, as technology is becoming a mediating tool that works in both directions between citizens and governments. Is this changing the traditional understandings of the State and the relationship between the State and the citizen?

Conclusion and ways forward

The discussions also pulled out dichotomies that apply to the internet and illustrate tensions arising from different forces. These dichotomies can be shaped by individuals and actors attempting to regulate the internet, as for example with new models of regulation vs. old models of regulation, private vs. public, local vs. global, owned vs. unowned, and zoned vs. unzoned. These dichotomies can be shaped by how the internet is used. For example, fair vs. unfair, just vs. unjust, represented vs. silenced, and uniform vs. diverse.

Common questions being asked and areas for potential research that came out of these discussions included information communication and media, how to address different and at times contradictory policies and levels of development in different countries, and what is the impact of big data on different sectors and industries like e-health and journalism? What is the importance of ICT in creating economic progress? How is the Internet changing the nature of democracy?

When discussing ways forward and areas for future collaboration it was brought out that exploring ways to leverage open data, ways to effectively use and build off of perspectives and experiences from other contexts and cultures, and ways to share resources across borders including funding, human presence, and expertise were important questions to answer. Common challenges that were identified by participants ranged from cyber security and the rise of state and non-state actors in cyber warfare, finding adequate funding to support research, sustaining international collaborations, ensuring that research is meaningful and can translate into useful resources for policy and law makers, and ensuring that projects are designed with a long-term objective and vision in mind.

The discussions, presentations, and contributions by participants during the two day symposium were interesting and important as they demonstrated just how multi-faced the internet is, and how it is never one dimensional. How the internet is researched, how it is used, and how it is regulated will be constantly changing. Whether this change is a step forward, or a re-invention of what has already been done, is up to all who use the internet including the individual, the corporation, the researcher, the policy maker, and the government.

For more details visit https://cis-india.org/internet-governance/blog/internet-driven-developments

The Worldwide Web of Concerns

pranesh — 2012-12-27T04:31:39Z

The International Telecommunication Union’s World Conference on International Telecommunications (WCIT-12) is currently under way in Dubai, after a gap of 25 years. At this conference, the Inter-national Telecommunication Regulations — a binding treaty containing high-level principles — are to be revised.

Pranesh Prakash's column was published in the Deccan Chronicle on December 10, 2012.

Much has changed since the 1988 Melbourne conference. Since 1988, mobile telephony has grown by leaps and bounds, the Internet has expanded and the World Wide Web has come into existence.

Telecommunications is now, by and large, driven by the private sector and not by state monopolies.

While there are welcome proposals (consumer protection relating to billing of international roaming), there have also been contentious issues that Internet activists have raised: a) process-related problems with the ITU; b) scope of the ITRs, and of ITU’s authority; c) content-related proposals and “evil governments” clamping down on free speech; d) IP traffic routing and distribution of revenues.

Process-related problems: The ITU is a closed-door body with only governments having a voice, and only they and exorbitant fees-paying sector members have access to documents and proposals. Further, governments generally haven’t held public consultations before forming their positions. This lack of transparency and public participation is anathema to any form of global governance and is clearly one of the strongest points of Internet activists who’ve raised alarm bells over WCIT.

w Scope of ITRs: Most telecom regulators around the world distinguish between information services and telecom services, with regulators often not having authority over the former. A few countries even believe that the wide definition of telecommunications in the ITU constitution and the existing ITRs already covers certain aspects of the Internet, and contend that the revisions are in line with the ITU constitution. This view should be roundly rejected, while noting that there are some legitimate concerns about the shift of traditional telephony to IP-based networks and the ability of existing telecom regulations (such as those for mandatory emergency services) to cope with this shift.

ITU’s relationship with Internet governance has been complicated. In 1997, it was happy to take a hands-off approach, cooperating with Internet Society and others, only to seek a larger role in Internet governance soon after. In part this has been because the United States cocked a snook at the ITU and the world community in 1998 through the way it established Internet Corporation for Assigned Names and Numbers (ICANN) as a body to look after the Internet’s domain name system. While the fact that the US has oversight over ICANN needs to change (with de-nationalisation being the best option), Russia wants to supersede ICANN and that too through current revisions of the ITRs. Russia’s proposal is a dreadful idea, and must not just be discarded lightly but thrown away with great force. The ITU should remain but one among multiple equal stakeholders concerned with Internet governance.

One important, but relatively unnoticed, proposed change to ITU’s authority is that of making the standards that ITU’s technical wing churns out mandatory. This is a terrible idea (especially in view of the ITU’s track record at such standards) that only a stuffy bureaucrat without any real-world insight into standards adoption could have dreamt up.

Content-related proposals: Internet activists, especially US-based ones, have been most vocal about the spectre of undemocratic governments trying to control online speech through the ITRs. Their concerns are overblown, especially given that worse provisions already exist in the ITU’s constitution. A more real threat is that of increasing national regulation of the Internet and its subsequent balkanisation, and this is increasingly becoming reality even without revisions to the ITRs.

Having said that, we must ensure that issues like harmonisation of cyber-security and spam laws, which India has been pushing, should not come under ITU’s authority. A further worry is the increasing militarisation of cyberspace, and an appropriate space must be found by nation-states to address this pressing issue, without bringing it under the same umbrella as online protests by groups like Anonymous.

Division of revenue: Another set of proposals is being pushed by a group of European telecom companies hoping to revive their hard-hit industry. They want the ITU to regulate how payments are made for the flow of Internet traffic, and to prevent socalled “net neutrality” laws that aim to protect consumers and prevent monopolistic market abuse. They are concerned that the Googles and Facebooks of the world are free-riding on their investments. That all these companies pay to use networks just as all home users do, is conveniently forgotten. Thankfully, most countries don’t seem to be considering these proposals seriously.

Can general criteria be framed for judging these proposals? In submissions to the Indian government, the Centre for Internet and Society suggested that any proposed revision of the ITRs be considered favourably only if it passes all the following tests: if international regulation is required, rather than just national-level regulation (i.e., the principle of subsidiarity); if it is a technical issue limited to telecommunications networks and services, and their interoperability; if it is an issue that has to be decided exclusively at the level of nation-states; if the precautionary principle is satisfied; and if there is no better place than the ITRs to address that issue. If all of the above are satisfied, then it must be seen if it furthers substantive principles, such as equity and development, competition and prevention of monopolies, etc. If it does, then we should ask what kind of regulation is needed: whether it should be mandatory, whether it is the correct sort of intervention required to achieve the policy objectives.

The threat of a “UN takeover” of the Internet through the WCIT is non-existent. Since the ITU’s secretary-general is insisting on consensus (as is tradition) rather than voting, the possibility of bad proposals (of which there are many) going through is slim. However, that doesn’t mean that activists have been crying themselves hoarse in vain. That people around the world are a bit more aware about the linkage between the technical features of the Internet and its potential as a vehicle for free speech, commerce and development, is worth having to hear some shriller voices out there.

The writer is policy director at the Centre for Internet and Society, Bengaluru

For more details visit https://cis-india.org/internet-governance/blog/deccan-chronicle-pranesh-prakash-december-10-2012-the-worldwide-web-of-concerns

The year social media came of age in India

praskrishna — 2012-12-31T03:33:19Z

Sambhavi Saxena, 19, was at Jantar Mantar on December 25 protesting against Nirbhaya's brutal rape when Delhi Police swooped down, rounded her up along with other agitators and took them to the Parliament Street police station. Sambhavi fired tweet after tweet even as she was bundled into a van.

The article by Javed Anwer and Rukmini Shrinivasan was published in the Times of India on December 31, 2012. Sunil Abraham is quoted.

She went on broadcasting to the world all that was happening around her. "Illegally being held here at Parliament St Police Station Delhi w/ 15 other women. Terrified, pls RT," she tweeted. It worked. In a flash, more than 1,700 people retweeted her SOS. Social media analytics firm Favstar later said the message reached over two lakh people.

Police later contested many of Sambhavi's claims. Yet, there was no denying it was her voice that was heard. Her tweets triggered a social media frenzy. The media reacted swiftly. Lawyers volunteered, activists landed up at the police station. Celebrities condemned the action. The police stood no chance.

For the government and keepers of law, it was a PR disaster. They had lost a battle they were accustomed to winning hands down. Now, there was a pesky entity — the public — seeking to change the rules of the game. A teenager armed with a smartphone had used the magic platform called social media to devastating effect, catching the agents of the state flatfooted.

India might have tasted the power of the smartphone first in 2011 when Anna Hazare's stinging anti-corruption message rode the social media wave. But this year saw social media creating a new phenomenon — the rise of the virtually connected Indian youth — which is likely to redraw the terms of engagement between the state and its urban population.

The networking tool that's now a weapon

Finance minister P Chidambaram recently tried to sum up the phenomenon by likening social media-driven snap protests to a flash-mob phenomenon. "Flash mob is a new phenomenon... sometimes they gather to dance and sing. But sometimes they gather to protest... I don't think we are fully prepared to deal with it." Going by the last fortnight, when the government fumbled in dealing with widespread protests over Nirbhaya, the minister's admission was an understatement. Let alone being "fully prepared", they didn't have a clue.

The unbridling of the power of the social media was undoubtedly a top, if not no. 1, trend of 2012 in India. In many cases, it set the agenda of public discourse. As in Palghar, where young Shaheen Dhada's Facebook comment on the shutdown of Mumbai after Bal Thackeray's death kicked off a storm, the virtual world triggered several real-world controversies.

In fits and starts, politicians and the government realized the folly of not joining the fast-unfolding revolution, the exceptions being the Twitter-savvy Shashi Tharoor and Omar Abdullah. The @PMOIndia Twitter handle was born, and today 3.5 lakh people follow it. A host of politicians soon hopped on, realizing the freedom the platform offered for comment on issues, which TV studios didn't.

For Bollywood celebs and cricketers, it became a great way to keep in touch with fans. But the real power of this irreverent and often insolent medium lay with the young aam admi who used social media fearlessly. They voiced their opinion and unsparingly ridiculed leaders with hashtags like #theekhai, making powerful headlines out of what otherwise would have been just whistling in the air.

What's the USP of the social media? On this platform, free speech is unhindered. It's a virtual megaphone with a global reach, as the numbers show. Whether it's Twitter or Facebook, India is a huge presence. Facebook has more than 65 million active users here, putting the country among the top five worldwide in terms of users. Twitter, which has 200 million active users globally, doesn't provide country-specific numbers. But SemioCast, a Paris-based research firm, said in a report in July that India had around 18 million Twitter accounts, placing it sixth among the biggest Twitter nations.

A lot of this social media boom happened in 2012. Research firm SocialBakers estimated in November that the number of Indian Facebook users swelled by 14 million in the past six months. While internet penetration in India is just 11% — three times lower than the global average — around 137million users make the country third biggest in terms of web-connected citizens. Most of these users are urban and young. A Comscore report says 75% of web users here are under-35.

Unlike youngsters in many other countries, Indians are politically active on the web. A Pew Research study this December established that nearly 45% of Indian web users, most of them from urban areas, connect on social media to discuss politics. Only Arab countries scored higher than India on this account. The numbers are backed by GlobalWebIndex, which noted in a September report that India is the third most socially active country with around 78 points.

But this unfettered, unfiltered flow of information and messages showed its ugly side as well. The mischievous rumour-mongering in the wake of the Assam riots was a case in point, as MMSs and incendiary text messages triggered an exodus of people belonging to the northeast from Bangalore, Pune, Chennai and Hyderabad.

Facebook and Twitter started off as friendship and networking tools. But, they have evolved into potent weapons of social mobilization. In a way, India Against Corruption can be credited with starting it in mid-2010. "If you have a worthy cause, social media provides you an unbiased, unfiltered avenue," says Shivendra Chauhan, social media manager for the outfit. "Without it, we wouldn't have got the kind of overwhelming support we received from the youth."

But Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, cautions against being overly technologically deterministic. "Technology doesn't have agency; human beings do. Transferring energy from social media on to the streets isn't something that'll happen every time. It depends on whether the message resonates," he says.

While the anti-corruption movement ran on a sophisticated social media strategy and campaign, the ongoing anti-rape protests have no single organizer or banner, just a message that resonates, says Abraham. On the other hand, when Anonymous India called for boots on the ground at its protests against internet censorship, the turnout was poor, far lower than the number of hashtags on Twitter would have indicated, he adds.

Abraham points out there are close linkages between internet, text messages, social media and mainstream media. "These channels leak into each other and the causal connection becomes unclear," he says. Madhuresh Kumar, national coordinator of the National Alliance of People's Movements (NAPM), an umbrella organization of grassroots movements of the marginalized, agrees. "We use social media, not so much to mobilize people to come to our protests, but to mobilize the mainstream media."

The message determines the power of the medium. If it's something that connects viscerally, like the Nirbhaya protests, its power and reach can be beyond imagination. If it is a more niche message, like an SOS for a dwindling fish species, it will reach a smaller, targeted audience such as environmentalists. But it will reach — unhindered in the palm of your hand.

Look at it any which way, it is here to stay. So, it's time for the state to learn to deal with the new power of the ordinary citizen.

For more details visit https://cis-india.org/news/times-of-india-december-31-2012-javed-anwer-and-rukmini-shrinivasan-the-year-social-media-came-of-age-in-india

Tomorrow, Today

nishant — 2013-01-02T05:00:41Z

Our present is the future that our past had imagined. Around the same time last year, I remember taking stock of the technologies that we live with and wondering what 2012 would bring in.

Nishant Shah's end of the year column was published in the Indian Express on December 29, 2012.

And I find myself in a similar frame of mind, celebrating with joy the promises that were kept, reflecting sombrely on the opportunities we missed, and speculating about what the new year is going to bring in for the future of digital and internet technologies, and how they are going to change the ways in which we understand what it means to be human, to be social, and to be the political architects of our lives.

We all know that dramatic change is rare. Nothing transforms overnight, and a lot of what we can look forward to in the next year, is going to be contingent on how we have lived in this one. And yet, the rapid pace at which digital technologies change and morph, and the ways in which they produce new networked conditions of living, make it worthwhile to speculate on what are the top five things to look out for in 2013, when it comes to the internet and how it is going to affect our techno-social lives.

Head in the Cloud

If the last year was the year of the mobile, as more and more smartphones started penetrating societies, providing new conditions of portable and easy computing, making ‘app’ the word of the year, then the next year definitely promises to be the year of the cloud. As internet broadband and mobile data access become affordable, increasingly we are going to see services that no longer require personal computing power. All you will need is a screen and a Wi-Fi connection and everything else will happen in the cloud. No more hard drives, no more storage, no more disconnectivity, and data in the cloud.

More Talk

One of the biggest problems with the internet has been that it has been extremely text heavy. We often forget that the text is still a matter of privilege as questions of illiteracy and translation still hound a large section of the global population. However, with the new protocols of access, availability of 4G spectrum and the release of IPV6 as the new standard, we can expect faster voice and video-based communication at almost zero costs. It might be soon time to say goodbye to the SMS.

Big Data

You think you are suffering from information overload now? Wait for the next year as mobile and internet penetration are estimated to rise by 30 per cent around the world! This is going to be the year of Big Data — data so big that it can no longer be fathomed or understood by human beings. We will be dependent on machines to read it, process it, and show us patterns and trends because we are now at a point in our information societies where we are producing data faster than we can process it. Our governments, markets and societies are going to have to produce new ways of governing these data landscapes, leading to dramatic changes in notions of privacy, property and safety.

No Next Big Thing

If you haven’t noticed it, the pace of dramatic innovation has slowed down in the last few years and it will slow down even more. We have been riding the wave of the next big thing, in the last few years, constantly in search of new gadgets, platforms and ways of networking. However, the coming year is going to make innovation granular. It will be a year where things become better, and innovation happens behind the scene. So if you thought this was the year that Facebook will finally become obsolete and something else will take over, you might want to reconsider deleting your account, and start looking at the changes that shall happen behind the scenes, for better or for worse.

The Return of the Human

The rise of the social network has distracted us from looking at the human conditions. We have been so engaged in understanding friendship in the time of Facebook, analysing relationships, networked existences and our own performance as actors of information, that we haven’t given much thought to what it means to be human in our rapidly digitising worlds. And yet, the revolutions and the uprisings we have witnessed have been about people using these social networks to reinforce the ideas of equity, justice, inclusion, peace and rights across the world. As these processes strengthen and find new public spaces of collaboration, we will hopefully see social and political movements which reinforce, that at the end of the day, what really counts, is being human.

The future, specially in our superconnected times, is always unpredictable. But the rise of digital technologies has helped us revisit some of the problems that have been central to a lot of emerging societies — problems of inequity, injustice, violence and violation of rights. And here is hoping that the tech trends in the coming year, will be trends that help create a better version of today, tomorrow.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-nishant-shah-december-29-2012-tomorrow-today

Bangalore CryptoParty!

praskrishna — 2013-01-06T13:47:02Z

Care about your privacy and online security? Want to fight against pervasive governmental surveillance and corporate invasions of privacy? The Centre for Internet & Society invites you to the CryptoParty tonight (Friday) at 6.00 p.m. Make sure to bring friends (and your laptop and smart phones)!

We will discuss, install and use digital security and privacy tools and practices.

Hosts

Thejesh GN
Kaustubh Srikanth
Pranesh Prakash

Details

We Will Provide

Food and drinks: Snacks - Samosas + Kachoris + Biscuits + Tea + Soft Drinks
Software: Security-in-a-box toolkits + Ubuntu Live USBs + software + internet connection
Expertise: Kaustubh Srikanth + Thejesh GN + Pranesh Prakash

You need to bring

Your own laptop (highly recommended)
Desire to learn about secure and private communications and storage (mandatory! :D)
Expertise, to share with others (if possible)

Intro

(20 mins)

Privacy vs. convenience
Importance of Free and Open Source Software and Open Standards
Basics of Passwords

Choosing secure passwords

Dropbox Register Page

Storing comes later
2FA - Google Authenticator

Securing online Identities

Show and tell

Browsing (45 mins)
(5 mins)

Firefox (multiple platforms) / offline

(15 mins):

AdBlockPlus
RequestPolicy
HTTPSEverywhere
Ghostery / DoNotTrackMe
Noscript

(5 mins)

Anti-Google Surveillance

DuckDuckGo
GoogleSharing

(10 mins)

Password management

Keepass + Password Safe
Cloud Services

LastPass
Keepass + Dropbox

Email + IM (1 hour)
(10 mins)

Thunderbird (multiple platforms) / available offline

Enigmail

(30 mins)

GPG4Win + GPGTools / offline
Seahorse (on Ubuntu Fresh Install)
Enigmail + Key Management (Kaustubh)
Key-signing party!

(15 mins)

Instant Messaging with OTR

Pidgin + Adium / offline
OTR / offline

Tell (27 mins)
(5 mins)

Tor (Pranesh)

(5 mins)

VPNs and SSH tunnel

RiseUp (Kaustubh)
SSH tunneling using AWS / RackSpace (Thej)

(12 mins)

Mobiles

APG + K9 (Pranesh)
WhisperCore (Kaustubh mentions)
Text Secure (Thej)
Gibbberbot (Pranesh)

(3 mins)

Full-disk encryption

Ubuntu (Pranesh demoes quickly)
BitLocker
TrueCrypt

(2 mins)

Virtual machines

VirtualBox (Kaustubh demoes quickly)

For more details visit https://cis-india.org/internet-governance/events/bangalore-crypto-party

National Consultation on Media Law

praskrishna — 2014-09-30T06:52:50Z

The Law Commission of India and the National University, Delhi have joined hands to organize the National Consultation on Media Law at the India Habitat Centre in New Delhi on September 27 and 28, 2014. Nehaa Chaudhari participated in this event.

Click to view the:

For more details visit https://cis-india.org/internet-governance/news/national-consultation-on-media-law

Big Data and Positive Social Change in the Developing World: A White Paper for Practitioners and Researchers

nishant — 2014-10-01T03:52:35Z

I was a part of a working group writing a white paper on big data and social change, over the last six months. This white paper was produced by a group of activists, researchers and data experts who met at the Rockefeller Foundation’s Bellagio Centre to discuss the question of whether, and how, big data is becoming a resource for positive social change in low- and middle-income countries (LMICs).

Bellagio Big Data Workshop Participants. (2014). “Big data and positive social change in the developing world: A white paper for practitioners and researchers.” Oxford: Oxford Internet Institute. Available online: http://ssrn.com/abstract=2491555.

Summary

Our working definition of big data includes, but is not limited to, sources such as social media, mobile phone use, digitally mediated transactions, the online news media, and administrative records. It can be categorised as data that is provided explicitly (e.g. social media feedback); data that is observed (e.g. mobile phone call records); and data that is inferred and derived by algorithms (for example social network structure or inflation rates). We defined four main areas where big data has potential for those interested in promoting positive social change: advocating and facilitating; describing and predicting; facilitating information exchange and promoting accountability and transparency.

In terms of advocating and facilitating, we discussed ways in which volunteered data may help organisations to open up new public spaces for discussion and awareness-building; how both aggregating data and working across different databases can be tools for building awareness, and howthe digital data commons can also configure new communities and actions (sometimes serendipitously) through data science and aggregation. Finally, we also looked at the problem of overexposure and howactivists and organisations can protect themselves and hide their digital footprints. The challenges we identified in this area were how to interpret data correctly when supplementary information may be lacking; organisational capacity constraints around processing and storing data, and issues around data dissemination, i.e. the possible negative consequences of inadvertently identifying groups or individuals.

Next, we looked at the way big data can help describe and predict, functions which are particularly important in the academic, development and humanitarian areas of work where researchers can combine data into new dynamic, high-resolution datasets to detect new correlations and surface new questions. With data such as mobile phone data and Twitter analytics, understanding the data’s comprehensiveness, meaning and bias are the main challenges, accompanied by the problem of developing new and more comprehensive ethical systems to protect data subjects where data is observed rather than volunteered.

The next group of activities discussed was facilitating information exchange. We looked at mobile-based information services, where it is possible for a platform created around a particular aim (e.g. agricultural knowledge-building) to incorporate multiple feedback loops which feed into both research and action. The pitfalls include the technical challenge of developing a platform which is lean yet multifaceted in terms of its uses, and particularly making it reliably available to low-income users. This kind of platform, addressed by big data analytics, also offers new insights through data discovery and allows the provider to steer service provision according to users’ revealed needs and priorities.

Our last category for big data use was accountability and transparency, where organisations are using crowdsourcing methods to aggregate and analyse information in real time to establish new spaces for critical discussion, awareness and action. Flows of digital information can be managed to prioritise participation and feedback, provide a safe space to engage with policy decisions and expose abuse. The main challenges are how to keep sensitive information (and informants) safe while also exposing data and making authorities accountable; how to make the work sustainable without selling data, and how to establish feedback loops so that users remain involved in the work beyond an initial posting. In the crowdsourcing context, new challenges are also arising in terms of how to verify and moderate real-time flows of information, and how to make this process itself transparent.

Finally, we also discussed the relationship between big and open data. Open data can be seen as a system of governance and a knowledge commons, whereas big data does not by its nature involve the idea of the commons, so we leaned toward the term ‘opening data’, i.e. processes which could apply to commercially generated as much as public-sector datasets. It is also important to understand where to prioritise opening, and where this may exclude people who are not using the ‘right’ technologies: for example, analogue methods (e.g. nailing a local authority budget to a town hall door every month) may be more open than ‘open’ digital data that’s available online.

Our discussion surfaced many questions to do with representation and meaning: must datasets be interpreted by people with local knowledge? For researchers to get access to data that is fully representative, do we need a data commons? How are data proprietors engaging with the power dynamics and inequalities in the research field, and how can civil society engage with the private sector on its own terms if data access is skewed towards elites? We also looked at issues of privacy and risk: do we need a contextual risk perspective rather than a single set of standards? What is the role of local knowledge in protecting data subjects, and what kinds of institutions and practices are necessary? We concluded that there is a case to be made for building a data commons for private/public data, and for setting up new and more appropriate ethical guidelines to deal with big data, since aggregating, linking and merging data present new kinds of privacy risk. In particular, organisations advocating for opening datasets must admit the limitations of anonymisation, which is currently being ascribed more power to protect data subjects than it merits in the era of big data.

Our analysis makes a strong case that it is time for civil society groups in particular to become part of the conversation about the power of data. These groups are the connectors between individuals and governments, corporations and governance institutions, and have the potential to promote big data analysis that is locally driven and rooted. Civil society groups are also crucially important but currently underrepresented in debates about privacy and the rights of technology users, and civil society as a whole has a responsibility for building critical awareness of the ways big data is being used to sort, categorise and intervene in LMICs by corporations, governments and other actors. Big data is shaping up to be one of the key battlefields of our era, incorporating many of the issues civil society activists worldwide have been working on for decades. We hope that this paper can inform organisations and
individuals as to where their particular interests may gain traction in the debate, and what their contribution may look like.

Click to download the full white paper here. (PDF, 1.95 Mb)

For more details visit https://cis-india.org/internet-governance/blog/big-data-and-positive-social-change-in-developing-world

Implications of post-Snowden Internet Localization Proposals

praskrishna — 2014-10-05T08:59:27Z

Sunil Abraham was a speaker in this workshop organized by Center for Democracy and Technology on September 2, 2014.

Following the 2013-2014 disclosures of large-scale pervasive surveillance of Internet traffic, various proposals to "localize" Internet users' data and change the path that Internet traffic would take have started to emerge.

Examples include mandatory storage of citizens' data within country, mandatory location of servers within country (e.g. Google, Facebook), launching state-run services (e.g. email services), restricted transborder Internet traffic routes, investment in alternate backbone infrastructure (e.g. submarine cables, IXPs), etc.

Localization of data and traffic routing strategies can be powerful tools for improving Internet experience for end-users, especially when done in response to Internet development needs. On the other hand, done uniquely in response to external factors (e.g. foreign surveillance), less optimal choices may be made in reactive moves.

How can we judge between Internet-useful versus Internet-harmful localisation and traffic routing approaches? What are the promises of data localization from the personal, community and business perspectives? What are the potential drawbacks? What are implications for innovation, user choice and the availability of online services in the global economy? What impact might they have on a global and interoperable Internet? What impact (if any) might these proposals have on user trust and expectations of privacy?

The objective of the session is to gather diverse perspectives and experiences to better understand the technical, social and economic implications of these proposals.

For full details see the IGF website.

For more details visit https://cis-india.org/internet-governance/news/implications-of-post-snowden-internet-localization-proposals

When revolutions go viral

praskrishna — 2011-09-01T04:46:38Z

Thanks to Facebook and Twitter, the urban Indian youth, famously detached from the goings-on in the country, came out on the streets to support the anti-corruption movement - not only here but abroad as well. TOI-Crest looks at the anatomy of a modern protest movement.

I try to change my display picture, update my BBM status and send out a tweet as often as possible. I feel like I really need to do my bit for the country, " a college student was overheard saying outside Mumbai's Azad Maidan where protests against the anti-corruption movement are still under way. Once used to reconnect with long-lost school friends or to post vacation pictures, social networking sites have surfaced as the new forum for political activism. The world's attention is now on the potential of the digital sphere in historical revolutions as witnessed in Egypt and Tunisia. Though set in a vastly different political context, and used to different ends, the power of social media to drive citizen action in India has become apparent as Team Anna's call to action resonates through the Internet.

From earlier this year at Jantar Mantar to the culmination of the protests when Anna Hazare became a household name, the anti-corruption movement has harnessed technology and social media tools to engineer large-scale protests. Not only has the movement deviated from traditional methods of mass mobilisation, but it has also brought young urban India into the fold of political activism. Ritesh Singh, a third-year computer science student at IIT Khargapur, created the 'India Against Corruption' Facebook page in December last year. Since then, the page has gathered more than four lakh supporters. There are also several regional chapters and over 150 unofficial Facebook pages devoted to Anna Hazare and India Against Corruption.

The 'Students Against Corruption' group has been encouraging students to use social media for the cause by sending out messages such as "Students should share and promote this page for the goodness (sic) of the nation . . . This is the thing dat we can do for our nation. . . This is wat India needs. . . Promote it, share it, blog it, discuss it . . . then feel the change. " Petitions, calls to action and encouragement to join Hazare's fast also became commonplace in the last three months. The blog post '10 Ways to Support Anna Hazare on Social Media' by social media manager Sorav Jain has been shared 256 times on Facebook.

Relying on symbolism such as Gandhian photographs and references to the freedom struggle, Team Anna has created a media phenomenon. Text messages such as 'Behri sarkar ko janta ki aawaz sunai nahi de rahi hain! Lets show ppls anger!' and 'ANNA ki aag shuru ho gayi hai, Inquilab Zindabad' have helped in creating mass support. Meanwhile twitter has been abuzz with dialogue, support and reactions to the protests, as Anna Hazare's campaign became the top trending topic in India over the past few weeks. While the image of Hazare meditating at Raj Ghat became iconic on August 15, 2011, Team Anna's voice was heard on the TV, on mobile phones, YouTube and even on T-shirts. Developers are in the process of launching an India Against Corruption game, India Against Corruption mobile applications, India Against Corruption browser toolbars and more.

Though digital activism is often criticised as passive armchair activism or slacktivism, the use of technology in organising social protests has brought a different kind of activist on the street: young, urban India. "It's not as if what is happening is new, but it is happening on an unprecedented scale, " says Nishant Shah, research director for the Centre for Internet and Society, Bangalore. "Traditional media has also done this in different ways, but in the past the protesters have been the disenfranchised. The use of social media has mobilised a new constituency - it has brought the urban middle class to the street. However, the use of such tools is producing a different kind of exclusion. There is a noticeable lack of poor urban people in the protests. This is not the representation of 1. 2 billion Indians as it is being made out to be. "

The use of social media has garnered support for Team Anna from the unlikeliest parts, catapulting 'India Against Corruption' (IAC) into a global phenomenon. Young Indians living in places like New York, Singapore, London and Hong Kong are tweeting, facebooking, organising and gathering to talk about Hazare and his cause. Some young professionals have even taken time off from their careers to fly down to India and physically support the cause.

Sunil Khaitan, an investment banker working with Deutsche Bank in Hong Kong flew down last Friday to attend the protests at the Ramlila ground and address the crowd at Mumbai's Azad Maidan. Khaitan, 28, is originally from Kolkata and graduated from IIM Bangalore in 2006. "I was involved in the Right to Information movement in 2005, have been in touch with Professor Trilochan Sastry at IIM Bangalore, and have been tracking this movement from the days of Jantar Mantar, " he says.

Khaitan is also active in the Hong Kong chapter of IAC, which organised a meeting on August 21, 2011, attended by over 300 people. "There is a clearly outlined process on the IAC website which tells you how to conduct a meeting, " says Khaitan. "As the news channels are not available in HK, so many people are not aware of the real cause. So we talked about the points of contention and showed videos with Arvind Kejriwal, Kiran Bedi and Hazare addressing the crowd. " He argues that harnessing social media has helped get people from different walks of life involved with the Hazare movement.

Social networking sites have also helped create a close-knit Indian community in Hong Kong. "Anna has also made a big point about the youth being present in the protests, and it is easier to connect with the youth through social media, " says Khaitan.

"Peer pressure also comes into the picture in that age group - people want to get involved to appear impressive to their friends. " But though technology has brought a new demographic of Indians into the realm of protest, it manifests its power through the oldest form of networking - word of mouth.

This article was published in the Times of India (Crescent Edition) on 27 August 2011, read the original story here

For more details visit https://cis-india.org/news/revolutions-viral

Digital divide: Why Irom Sharmila can’t do an Anna

praskrishna — 2011-09-01T05:55:13Z

Irom Sharmila has been on hunger strike for 10 years to protest against military abuses, force-fed by tubes through her nose. But the tragedy for the world’s longest hunger strike is that she is on the wrong side of India’s digital divide.

Twitter, Facebook and aggressive private TV have helped rally India’s biggest protests in decades to support civil activist Anna Hazare, a digital groundswell of a wired middle class that echoes the Arab Spring and has taken a Congress party-led government of elderly politicians by surprise.

But Sharmila, who has been on a hunger strike in the northeastern Manipur state to demand an end to the army’s sweeping emergency powers there, has only managed a small following, a footnote in media coverage.

“We also once tried to take our fight to New Delhi … but we did not get support from the rest of the nation,” Sharmila told Tehelka magazine.

She must be frustrated. The Hazare phenomenon has rallied Indians from the start with social media. Hazare’s India Against Corruption website says it has had 13 million phone calls of support. Its Facebook page has nearly 500,000 “likes”.

Its leaders have tweeted each step of the whirlwind crisis, whether describing their arrests in real time or negotiations with the government, outmanoeuvring Prime Minister Manmohan Singh and his ministers at every step.

“Protest at PM’s residence: 35 people detained, taken to Tughlaq Rd. PS, hundreds still there, come if you can #Janlokpal,” twitter user @janlokpal sent its followers in just one example of how the movement was rallying support.

Cases like Sharmila expose the digital divide of Asia’s third-largest economy and underscore how a growing urban middle class may be getting its political voice heard while millions of poor remain off the digital protest map.

In response to Anna’s invitiation to join the anti-corruption movement, Sharmila said "Please try to reach the concerned legislators (read authorities) to let me get free, like yours, to join your amazing crusade to root out corruption."

She added that ” I cannot get the advantage of exercising my non-violent protest for justice against my concerned authority as a democratic citizen of a democratic country, unlike your environment. This is the problem I cannot understand.”

"This is the first time digital social media has resonated with such a large number of people," said Nishant Shah, head of research at the Centre for Internet and Society think-tank.

"But this is far more of a middle class, urban movement, than a national movement. Many people in India are excluded from it."

Twitter and Facebook are barely used in many of India’s social causes, including battles over land rights that are one of India’s most pressing problems involving millions of farmers.

Huge social issues in India, from caste discrimination to high food prices, from the building of dams to protests by farmers against nuclear power plants, have failed to create the kind of digital mobilisation that Hazare enjoys.

Digital Divide

India’s internet users have grown 1,400 percent between 2000 and 2010, behind only China and Vietnam among Asian countries, according to a report by Burson-Marsteller, a consulting firm. But that masks India’s low base. Internet penetration is around 8 percent in India, the lowest among major Asian countries.

That compares with nearly 40 percent in China. Out of a population of 1.2 billion, there are only 29 million people active in digital social networks. A report by Maplecroft consultancy warned that India was lagging other BRICs, Brazil, China and Russia in “digital inclusion”.

"India, for example, the wealthier, more affluent segment of the population, primarily based in urban areas, has embraced the use of modern communications technology,” the report said. “The vast majority of the population has, however, been excluded from this process."

Those statistics highlight that while the middle class has found a voice, electorally the centre-left Congress party will still need to pander to its traditional vote base of millions of farmers and poor Indians ahead of a 2014 general election.

Congress, in power for most of the life of independent India, has failed to use social media tools. One minister lost his job for tweeting too frankly, in a sign of government unease over the web, and the party lags behind an opposition that has embraced Twitter.

Libya overshadowed

So far, private TV channels have provided 24-hour coverage of the protests— the news from Libya is hardly to be seen. Urban Indians with mobile phones in hand have dominated rallies in the open grounds where Hazare was on his second week of fasting.

Small protests across the country, from demonstrations outside ministers’ houses to rallies outside metro stations, have been organised through Twitter and Facebook.

An app that can be downloaded on to smartphones running the Android operating system gives users the latest news on the campaign for a tough “Jan lokpal”, or anti-corruption bill, and details of the latest meetings.

Watch video: A group of people who came together on facebook reached the Ramlila Maidan to show solidarity with Anna Hazare.

"Social media has been huge for us, it has a life of its own," said Shazia Ilmi, in charge of Hazare media strategy.

Even before Hazare was arrested last week, organisers had prepared a pre-recorded video from him that went on YouTube.

The movement does have deep roots and social media has widened the protests, if not caused them. Many of Hazare’s protests have also been through word of mouth. Corruption also affects the poor more than middle classes with endemic bribes, whether permission for street food stands or driving licences.

"It’s not an up and down, national movement. It is largely a middle class cause," said Sagarika Ghose, a novelist and journalist at the CNN-IBN news television channel. "But it’s hugely important one. For a younger generation, corruption has become a catch-all phrase for the failure of development."

Some activists are already criticising Hazare as a hype of an elitist social media.

"Those thronging the Ramlila grounds or marching in support of Anna in the metros are not necessarily 'the people' of the country, and it is dangerous to take the two as identical," academic Prabhat Patnaik wrote in The Hindu newspaper.

You can view Irom Sharmila’s reply to Anna’s invitation below

Irom Sharmila Letter to Anna Hazare

This article was published in FirstPost.Ideas on 25 August 2011. The original story can be read here.

For more details visit https://cis-india.org/news/digital-divide

Moving Towards a Surveillance State

atreya — 2013-07-15T05:57:15Z

The cyberspace is a modern construct of communication and today, a large part of human activity takes place in cyberspace. It has become the universal platform where business is executed, discourse is conducted and personal information is exchanged. However, the underbelly of the internet is also seen to host activities and persons who are motivated by nefarious intent.

Note: The original tender document of the Assam Police dated 28.02.2013 along with other several other tender documents for procurement of Internet and Voice Monitoring Systems is attached as a zip folder.

As highlighted in the International Principles on the Application of Human Rights to Communications Surveillance, logistical barriers to surveillance have decreased in recent decades and the application of legal principles in new technological contexts has become unclear. It is often feared that in light of the explosion of digital communications content and information about communications, or "communications metadata," coupled with the decreasing costs of storing and mining large sets of data and the provision of personal content through third party service providers make State surveillance possible at an unprecedented scale. Communications surveillance in the modern environment encompasses the monitoring, interception, collection, preservation and retention of, interference with, or access to information that includes, reflects, arises from or is about a person's communications in the past, present or future.[*] These fears are now turning into a reality with the introduction of mass surveillance systems which penetrate into the lives of every person who uses any form of communications. There is ample evidence in the form of tenders for Internet Monitoring Systems (IMS) and Telecom Interception Systems (TCIS) put out by the Central government and various state governments that the Indian state is steadily turning into an extensive surveillance state.

While surveillance and intelligence gathering is essential for the maintenance of national security, the creation and working of a mass surveillance system as it is envisioned today may not necessarily be in absolute conformity with the existing law. A mass surveillance system like the Central Monitoring System (CMS) not only threatens to completely eradicate any vestige of the right to privacy but in the absence of a concrete set of procedural guidelines creates a tremendous risk of abuse.

Although information regarding the Central Monitoring System is quite limited on the public forum at the moment it can be gathered that a centralized system for monitoring of all communication was first proposed by the Government of India in 2009 as indicated by the press release of the Ministry of Communications & Information. Implementation of the system started subsequently as indicated by another government press release and the Center for Development of Telematics (C-DOT) was entrusted with the responsibility of implementing the system. As per the C-DOT annual report 2011-12, research, development, trials and progressive scaling up of a Central Monitoring System were conducted by the organization in the past 4 years and the requisite hardware and CMS solutions which support voice and data interception have been installed and commissioned at various Telecom Service Providers (TSP) in Delhi and Haryana as part of the pilot project. Media reports indicate that the project will be fully functional by 2014. While an extensive surveillance system is being stealthily introduced by the state, several concerns with regard to its extent of use, functioning, and real world impact have been raised owing to ambiguities and wide gaps in procedure and law. Moreover, the lack of a concrete privacy legislation coupled with the absence of public discourse indicates the lack of interest of the state over the rights of an ordinary citizen. It is under these circumstances that awareness must first be brought regarding the risks of the mass surveillance on civil liberties which in the absence of established procedures protecting the rights of the citizens of the state can result in the abuse of powers by the state or its agencies and lead to the demise of civil freedoms even in democratic states.

The architecture and working of a proposed Internet Monitoring System must be examined in an attempt to better understand the functioning, capabilities and possible impact of a Central Monitoring System on our society and lives. This can perhaps allow more open discourse and a committed effort to preserve the rights of the citizens especially the right to privacy can be made while allowing for the creation of strong procedural guidelines which will help maintain legitimate intelligence gathering and surveillance.

Internet Monitoring System: Setup and Working
Very broadly, The Internet Monitoring System enables an agency of the state to intercept and monitor all content which passes through the Internet Service Provider’s (ISP) server which includes all electronic correspondence (emails, chats or IM’s, transcribed call logs), web forms, video and audio files, and other forms of internet content. The electronic data is stored and also subject to various types of analysis. While Internet Monitoring Systems are installed locally and their function is limited to specific geographic region, the Central Monitoring System will consolidate the data acquired from the different voice and data interception systems located across the country and create a centralized architecture for interception, monitoring and analysis of communications. Although the exact specifications and functions of the central monitoring system still remain unclear and ambiguous, some parallels regarding the functioning of the CMS can be drawn from the the specifications revealed in the Assam Police tender document for the procurement of an Internet Monitoring System.

Setup
The deployment architecture of an Internet Monitoring System (IMS) contains probe servers which are installed at the Internet Service Provider’s (ISP) premises and the probes are installed at various tapping points within the entire ISP network. A collection server is also installed and hosted at the site of the ISP. The collection server is used to either collect, analyze, filter or simple aggregate the data from the ISP servers and the data is transferred to a master aggregation server located a central data center. The central data center may also contain more servers specifically for analysis and storage. This type of architecture is being referred to as a ‘high availability clustered setup’ which is supposed to provide security in case of a failure or outage.

The Assam Police Internet Monitoring System tender document specifically indicates that the deployment in the state of Assam shall require 8 taps or probes to be installed at different ISPs, out of which 6 taps/probes shall be of 10 GBPS and 2 taps are of 1 GBPS. The document however mentions that the specifications are preliminary and subject to change.

Types of data
The proposed internet monitoring system of the Assam state can provide network traffic interception and a variety of internet protocols including Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Simple Mail Transfer Protocol (SMTP), Internet Message Access Protocol (IMAP) and Session Initiation Protocol (SIP), Voice over Internet Protocol (VoIP) can be intercepted and monitored. The system can also support monitoring of Internet Relay Chat and various other messaging applications (such as Google Talk, Yahoo Chat, MSN Messenger, ICQ, etc.). The system can be equipped to capture and display multiple file types like text (.doc, .pdf), zipped (.zip) and executable applications (.exe). Further, information regarding login details, login pattern, login location, DNS address, routing address can be acquired along with the IP address and other details of the user.

Web crawling capabilities can be installed on the system which can provide data from various data sources like social networking sites, web based communities, wikis, blogs and other forms of web content. Social media websites (such as Twitter, Facebook, Orkut, MySpace etc.), web pages and data on hosted applications can also be intercepted, monitored and analyzed. The system also allows capture of additional pages if updated; log periodical updates and other changes. This allows the monitoring agencies the capability of gathering internet traffic based on several parameters like Protocols, Keywords, Filters and Watch lists. Keyword matching is achieved by including phonetically similar words in various languages including local languages.

More specific functions of the IMS can include complete email extraction which will disclose the address book, inbox, sent mail folder, drafts folder, personal folders, delete folders, custom folders etc. and can also provide identification of dead drop mails. The system can also be equipped to allow country wise tracking of instant messages, chats and mails.

Regarding retention and storage of data, the tender document specifies that the system shall be technically capable of retaining the metadata of Internet traffic for at least one year and the defined traffic/payload/content is to be retained in the storage server at least for a week. However, the data may be retained for a longer period if required. The metadata and qualified data after analysis are integrated to a designated main intelligence repository for storage.

Types of Analysis
The Internet Monitoring System apart from intercepting all the data generated through the Internet Service Providers is essentially equipped for various types of data analysis. The solutions that are installed in the internet monitoring system provide the capability for real time as well as historical analysis of network traffic, network perimeter devices and internal sniffers. The kinds of analysis based on ‘slicing and dicing of data’ range from text mining, sentiment analysis, link analysis, geo-spatial analysis, statistical analysis, social network analysis, transaction analysis, locational analysis and fusion based analysis, CDR analysis, timeline analysis and histogram based analysis from various sources.

The solutions installed in the IMS can enable monitoring of specific words or phrases (in various languages) in blogs, websites, forums, media reports, social media websites, media reports, chat rooms and messaging applications, collaboration applications and deep web applications. Phone numbers, addresses, names, locations, age, gender and other such information from content including comments and such can also be monitored. Specifically with regard to social media, the user’s profile and information related to it can be extracted and a detailed ontology of all the social media profiles of the user can be created.

Based on the information, the analysis supposed to provide the capability to identify suspicious behavior based on existing and new patterns as they emerge and are continuously applied to combine incoming and existing information on people, profiles, transactions, social network, type of websites visited, time spent on websites, type of content download or view and any other type of gatherable information. The solutions on the system are also supposed to create single or multiple or parallel scenario build-ups that may occur in blogs, social media forums, chat rooms, specific web hosting server locations or URL, packet route that may be defined from time to time and such scenario build-ups can be based on parameters like sentiments, language or expressions purporting hatred or anti-national expressions, and even emotions like expression of joy, compassion and anger, which as may be defined by the agency depending on operational and intelligence requirement. Based on these parameters, automated alerts can be generated relating to structured or unstructured data (including metadata of contents), events, pattern discovery, phonetically similar words or phrases or actions from users.

Based on the data analysis, reports or dossiers can be generated and visual analysis allowing a wide variety of views can be created. Further, real time visualization showing results from real-time data can be generated which allows alerts, alert categories or discoveries to be ranked (high, medium, and low priority, high value asset, low value asset, moderate value asset, verified information, unverified information, primary evidence, secondary evidence, circumstantial evidence, etc.) based on criteria developed by the agency. The IMS solutions can also be capable of offering web-intelligence and open source intelligence and allow capabilities like simultaneous search capabilities which can be automated providing a powerful tool for exploration of the intercepted data.

Another important requirement mentioned in the tender document is the systems capability to integrate with other interception and monitoring systems for 2G, 3G/UMTS and other evolving mobile carrier technologies including fixed line and Blackberry services and encrypted IP services like Skype services.

Conclusion
It is clear that a system like IMS with its extensive interception and analysis capabilities gives complete access to an agency or authority of all information that is accessed or transmitted by a person on the internet including information which is private and confidential such as email and instant messages. Although the state has the power to issue directions for interception or monitoring of information under the Information Technology Act, 2000 and certain rules are prescribed under section 69B, they are wholly inadequate compared to the scope and extent of the Internet Monitoring System and its scale of operations. The interception and monitoring systems that are either proposed or already in place effectively bypass the existing procedures prescribed under the Information Technology Act.

The issues, concerns and risks are only compounded when it comes to the Central Monitoring System. The solutions installed in present day interception and monitoring systems give the state unprecedented powers to intercept, monitor and analyze all the data of any person who access the internet. Tools like deep packet inspection and extensive data mining solutions in the absence of concrete safeguards and when deployed through a centralized system can be misused to censor any content including legitimate discourse. Also, the perception that access to a larger amount of data or all data can help improve intelligence can also be sometimes misleading and it must be asked whether the fundamental rights of the citizens of the state can be traded away under the pretext of national security. Furthermore, it is essential for the state to weigh the costs of such a project both economically and morally and balance it with sufficient internal measures as well as adequate laws so that the democratic values are persevered and not endangered by any act of reckless force.

Reiterating what has been said earlier, while it is important for the state to improve its intelligence gathering tools and mechanisms, it must not be done at the cost of a citizen’s fundamental right. It is the duty of the democratic state to endure and maintain a fine balance between national interest and fundamental rights through timely creation of equitable laws.

[*]. http://necessaryandproportionate.net/#_edn2

For more details visit https://cis-india.org/internet-governance/blog/moving-towards-surveillance-state

dna exclusive: Geeks have a solution to digital surveillance in India: Cryptography

praskrishna — 2013-07-15T06:24:40Z

While you were thinking of what next to post on Twitter, the government has stealthily put an ambitious surveillance programme in place that tracks your every move in the digital world — through voice calls, SMS and MMS, GPRS, fax communications on landlines, video calls and emails.

The article by Joanna Lobo was published in DNA on July 7, 2013. Pranesh Prakash is quoted.

The programme, conceived in 2011, has now been brought under one umbrella referred to as the centralised monitoring system (CMS). It is the death of privacy.

But as concerned citizens argue for the need to formulate policies and laws to protect privacy, there's a simpler solution in sight for now: a CryptoParty.

At this 'party', an informal gathering of people, non-geeks can learn how to legally encrypt their digital communications and how to store data without the fear of anyone snooping in. Encryption is a process of encoding messages so that it can only be read by authorised parties.

What is it?
"A CryptoParty educates people in the domain of cryptography. It's usually about the basics: how to send encrypted email, how to protect your hardware and how to use free and open source software," says Satyakam Goswami, a free software consultant associated with the Software Freedom Law Centre (SFLC), Delhi (remove this). Goswami was one of the 72 participants at the CryptoParty organised on Saturday at Institute of Informatics & Communication (IIC), Delhi University South Campus On June 30, a CryptoParty organised at the Centre for Internet and Society (CIS) in Bangalore had 30 people in attendance. "We were taught about the what, how and who is watching us. We were also taught how to encrypt emails, chat, video calls or instant messaging,” says Siddhart Prakash Rao, a computer science graduate and a free software and open source enthusiast who is about to pursue a Masters in Cryptography.

The topics may be a mouthful for non-geeks but CryptoParty advocates maintain that all this is taught in the simplest way possible. The choice of subject depends on the composition of the group — if it is a gathering of geeks, like at the Bangalore event, then the topics are more technical.

How can it help?
CryptoParties started in August 2012 by an Australian woman (who goes by the pseudonym Asher Wolf) after a conversation on Twitter about The Australian Parliament's new cybercrime bill that allowed law enforcement to ask Internet Service Providers to monitor and store data.
Attending a CryptoParty is a good way to learn how to overcome government snooping legally.

“Citizens should use encryption to safeguard their private communications against both corporations and the government. Encryption is one of the best ways to react to CMS along with increased civic vigilance and democratic questioning of our government and parliamentarians,” says Pranesh Prakash, policy director, CIS, and one of the frontrunners in the fight to formulate a policy to safeguard privacy in India.

"In India, people tend to be rather ignorant. They are not aware of the kind of surveillance they are subjected to once online. It's a lack of understanding," says Sumandro Chattapadhyay, a researcher with Sarai, a programme of the Centre for the Study of Developing Societies, Delhi.

Bernadette Langle, who also works at CIS has been instrumental in organising the handful of CryptoParties in the country. When dna spoke to her, she was on her way to Delhi after participating in the Bangalore event. Langle will also be part of a CryptoParty being planned for October in Mumbai. "Ten years ago, you had to be a geek to be able to encrypt and protect yourself online. Now, you need software and it's much easier," she says.

The advantage is that the privacy tactics taught at such parties is completely legal. All knowledge is in the public domain. “A government will only deny its citizens basic communications privacy if it is authoritarian,” says Pranesh. “So while it can try social engineering and other means to gain access to what you've encrypted, it simply cannot 'decode' it as long as you have chosen a strong pass phrase and keep that protected, or they create quantum computers capable of breaking your encryption.”

The CIS is currently working on revisions of the Privacy (Protection) Bill 2013 with the objective of contributing to privacy legislation in India. Till that bill becomes an Act and till there's a better way to overcome needless government surveillance, attending a CryptoParty could possibly be the wisest solution for those concerned about privacy.

(For more details on CryptoParties, visit www.cryptoparty.in)

How to encrypt:
SMS: Make content secure by using software like TextSecure (Android) or CryptoSMS (Symbian). However, SMS metadata (who you are sending the message to and at what time) can still be tracked.

Instead of Whatsapp, install Jabbir and add off the record encryption.

For email, you can use OpenPGP in conjunction with Thunderbird to encrypt mails you send from Gmail/Yahoo Mail/Live Mail accounts so that even Google, Yahoo and Microsoft can't read them

For web browsing, use a VPN (which will hide your traffic from your ISP), or Tor (which will help anonymise your traffic, but will slow down your connection slower).

For more details visit https://cis-india.org/news/report-dna-july-7-2013-joanna-lobo-geeks-have-a-solution-to-digital-surveillance-in-india-cryptography