Centre for Internet and Society

World Wide Rule

nishant — 2013-07-01T10:26:24Z

Nishant Shah's review of Schmidt and Cohen's book was published in the Indian Express on June 14, 2013.

Click to read the original published in the Indian Express here

Book: The New Digital Age
Author: Eric Schmidt & Jared Cohen
Publisher: Hachette
Price: Rs 650
Pages: 315

When I first heard that Eric Schmidt the chairman of Google and Jared Cohen, the director of the techno-political think-tank Google Ideas, are co-authoring a book about our future and how it is going to be re-shaped with the emergence of digital technologies, I must confess I was sceptical. When people who do things that you like start writing about those things, it is not always a pretty picture. Or an easy read. However, like all sceptics, I am only a romantic waiting to be validated. So, when I picked up The New Digital Age I was hoping to be entertained, informed and shaken out of my socks as the gurus of the interwebz spin science fiction futures for our times. Sadly, I have been taught my lesson and have slid back into hardened scepticism.

Here is the short version of the book: Technology is good. Technology is going to be exciting. There are loads of people who haven't had it yet. There are not enough people who have figured out how things work. Everybody needs to go online because no matter what, technologies are here to stay and they are going to be the biggest corpus of power. They write, "There is a canyon dividing people who understand technology and people charged with addressing the world's toughest geopolitical issues, and no one has built a bridge…As global connectivity continues its unprecedented advance, many old institutions and hierarchies will have to adapt or risk becoming obsolete, irrelevant to modern society." So the handful who hold the reigns of the digital (states, corporates, artificial intelligence clusters) are either going to rule the world, or, well, write books about it.

The long version is slightly more nuanced, even though it fails to give us what we have grown to expect of all things Google — the bleeding edge of back and beyond. For a lay person, observations that Schmidt and Cohen make about the future of the digital age might be mildly interesting in the way title credits to your favourite movie can be. Once they have convinced us, many, many times, that the internet is fast and fluid and that it makes things fast and fluid and hence the future we imagine is going to be fast and fluid, the authors tell us that the internet is spawning a new "caste system" of haves, have-nots, and wants-but-does-not-haves.

Citing the internet as "the largest experiment involving anarchy in history" they look at the new negotiations of power around the digital. Virulent viruses from the "Middle East" make their appearance. Predictably wars of censorship and free information in China get due attention. Telcos get a big hand for building the infrastructure which can sell Google phones to people in Somalia. The book offers a straightforward (read military) reading of drones and less-than-expected biased views on cyberterrorism, which at least escapes the jingoism that the USA has been passing off in the service of a surveillance state. And more than anything else, the book shows politicos and governments around the world, that the future is messy, anarchy is at hand, but as long as they put their trust in Big Internet Brothers, the world will be a manageable place.

So while you can clearly see where my review for the book is heading, I must give it its due credit.

There are three things about this book that make it interesting. The first is how Schmidt and Cohen seem to be in a seesaw dialogue with themselves. They realise that five billion people are going to get connected online. They gush a little about what this net-universality is going to mean. And then immediately, they also realise that we have to prepare ourselves for a "Brave New World," which is going to be infinitely more messy and scary. They recognise that the days of anonymity on the Web are gone, with real life identities becoming our primary digital avatars. However, they also hint at a potential future of pseudonymity that propels free speech in countries with authoritarian regimes. This oscillation between the good, the bad, the plain and the incredible, keeps their writing grounded without erring too much either on the side of techno-euphoria or dystopic visions of the future.

Second, and perhaps justly so, the book doles out a lot of useful information not just for the techno-neophytes but also the amateur savant. There are stories about "Currygate" in Singapore, or of what Vodaphone did in Egypt after the Arab Spring, or of the "Human Flesh Search Engine" in China, which offer a comprehensive, if not critical, view of the way things are. Schmidt and Cohen have been everywhere on the ether and they have cyberjockeyed for decades to tell us stories that might be familiar but are still worth the effort of writing.

Third, it is a readable book. It doesn't require you to Telnet your way into obscure meaning sets in the history of computing. It is written for people who are still mystified not only about the past of the Net but also its future, and treads a surprisingly balanced ground in both directions. It is a book you can give to your grandmother, and she might be inspired to get herself a Facebook (or maybe a Google +) account.

But all said and done, I expected more. It is almost as if Schmidt and Cohen are sitting on a minefield of ideas which they want to hint at but don't yet want to share because they might be able to turn it into a new app for the Nexus instead. It is a book that could have been. It wasn't. It is ironic how silent the book is about the role that big corporations play in shaping our techno-futures, and the fact that it is printed on dead-tree books with closed licensing so I couldn't get a free copy online. For people claiming to build new and political futures, the fact that this wisdom could not come out in more accessible forms and formats, speaks a lot about how seriously we can take their views of the future.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-june-14-2013-nishant-shah-world-wide-rule

Internet firms deny existence of PRISM

praskrishna — 2013-07-02T07:47:27Z

Nothing is private anymore. According to a leak in the US, which revealed the wide reach of a mass surveillance programme by intelligence agencies, messages, posts, chats on your computer or phone are all vulnerable to interception, thanks to direct access to servers of major tech companies.

The article by Javed Anwer and Ishan Srivastava was published in the Times of India on June 8, 2013. Sunil Abraham and Pranesh Prakash are quoted.

The existence of the programme, called Prism, was first reported by the Washington Post and the Guardian newspaper after they received a tip-off from a whistleblower in National Security Agency in the US. The whistleblower claimed that NSA has direct access to all the data that flows through the servers of Google, Facebook, Microsoft, Apple, Sykpe, Youtube, AOL and Paltalk.

Later, the NSA reportedly acknowledged the existence of the programme but said that it collected data only from foreign nationals. While it may come as a relief to the US citizens, it underscores the fact that people not residing in the US, including Indians, are fair game. What is even more alarming is the fact that US authorities are using the technology companies headquartered in the country to spy on the rest of the world.

All companies named in the leaks have denied the existence of Prism. A Yahoo spokesperson said on Friday, ""Yahoo! takes users' privacy very seriously. We do not provide the government with direct access to our servers, systems, or network."

Privacy International, a privacy watchdog organisation, said it is possible that companies would not be aware of the government tapping into their servers. "Until we know whether this information was obtained through filters, interception, or some another method, it is difficult to know how the breadth of access the NSA has."

However, Indian users would seem to have no way to defend themselves if the US government wants to access their data. Pavan Duggal, a specialist in cyber law, said, "Indian users don't have any protection against the US authorities seeking their data from the US companies."

Technology companies said they comply with local laws while dealing with issues related to personal data of a user. In response to queries from TOI, both Google and Facebook said that they used "mutual legal assistance treaty" to handle international requests for data.

Mutual legal assistance treaty is understood to have governed by actual treaties that two nations may have between them for sharing of user data. A Facebook official said that if a US agency wanted to access the data belonging to an Indian citizen, the sleuths would have to follow the diplomatic channels and get the data only when Indian authorities have approved it.

Google too talked "mutual legal assistance treaty" but it didn't clarify how it worked. Google officials pointed out the company guidelines which noted that any non-US government agency would have to use mutual legal assistance treaty to access user data. But the company public guidelines don't make any mention of the procedure followed in the cases where a US agency requests data on non-US users.

Microsoft directed TOI to its official statement denying the existence of Prism. It refused to discuss how it handled the requests from US authorities seeking data of foreigners.

Pranesh Prakash, a policy director with Centre for Internet and Society (CIS), said that it was high time the Indian government stood up for its citizens.

"Indian government needs to come with a strong and clear law to protect the privacy of Indian users. The law has to make it clear to companies operating in India that they need to respect the privacy of Indian users, even when they are dealing with the governments outside India," he said.

However, providing direct access to servers to an agency like NSA may not necessarily be a breach of agreement between the users of websites like Google and Facebook and its owners. Sunil Abraham, executive director at CIS said, "I have not studied end-user agreements carefully, but usually they have provisions for communication interception and data access in accordance with legal procedure."

"But more importantly, this is a violation of US data access and interception law. The US government has been going around the world preaching Internet freedom to authoritarian regimes. And now it turns out that their practices are worse that many of the regimes they have been criticizing. That is why it is a complete scandal," Abraham said.

Besides, the surveillance may run contrary to a whole range of international legal instruments. For example, the ICCPR, ratified by the USA, says that "no one shall be subject to arbitrary or unlawful interference with his private life, family, home or correspondence," said Joe McNamee, executive director of European Digital Rights, a privacy watchdog based in Europe.

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-ishan-srivastava-june-8-2013-internet-firms-deny-existence-of-prism

‘Hacking’ sparks row over exam evaluation

praskrishna — 2013-07-02T08:58:17Z

Over the past two days, Cornell University student Debarghya Das’ blog post on ‘Hacking the Indian Education System’ has kicked off a debate across the country over the security of data published online and the practice of moderation of marks obtained by school students in board examinations.

The article by Vasudha Venugopal and Karthik Subramanian was published in the Hindu on June 7, 2013. Pranesh Prakash is quoted.

The 20-year-old Cornell student extracted large amounts of class X and XII student results from a website that hosted the ICSE results using an automated program. Over 1,760 schools are affiliated to the ICSE and more than 1.2 lakh students took the board exams. Based on interpretation of the data sets, he raised allegations of large-scale “tampering” of marks by the authorities, ostensibly to maintain a healthy graph on the results.

Information Security experts said what the student did could not be viewed as a major security breach as much as it was exploiting a loophole. “Anyone with basic programming skills will be able to pull it off,” said Pranesh Prakash, policy director at the Bangalore-based Center for Internet and Society. “There are add-ons available on popular internet browers that allow users to read the embedded codes on a website and run programs to mine data.”

Government websites are most susceptible to loopholes because too many people use them, says Nitesh Betala, Chennai coordinator of Null, a community of programmers that meets regularly to explore these loopholes in public domain websites. “We inform the system administrators directly hoping that they would plug loopholes before others exploit them.”

Debarghya too explained on his blog (deedy.quora.com) on Thursday that what he did was not illegal. “I did not illegally access any database system. All I did was access information that was available to any person who entered a number into the website could access. I simply mined the data.”

The ICSE council, on its part, said it does not publish the examination results in an online manner on its website. Instead, hard copies of results are despatched to schools. But the results are disseminated to third parties such as media organisations.

Krupakar Manukonda, who runs a blog on education for the not-for-profit organisation Takshashila, said: “The online results of all the boards have serious privacy problems. I think the respective boards should issue a passcode along with a hall ticket or entering Date of Birth, First name and Last name should be made mandatory to access marks.”

Das deduced after much data crunching and statistical analysis that the “marks had been tampered with”. His claim is supported by graphs purporting to show that nearly 33 scores, such as 91, 92, 86 and so on, were never awarded to any student.

However, teachers deny the allegation. “The word tampering is wrong. There is moderation that happens across education boards,” explained a teacher, who has worked with ICSE schools in Hyderabad and Chennai. “After the first round of corrections, raw data is given to officials and head examiners who analyse how students have performed. They try to ensure the bell curve of the results does not look awkward. If it does, the implication is that the checking has been either too liberal or very strict.”

After the first moderation, there is a final moderation which is often done by a different set of teachers. “There are some instructions given to us earlier, and some changes made later, depending on analysis by the board,” said a teacher. Teachers are not told about moderation methods in both CBSE and ICSE boards.

The ICSE council says that it does follow the practice of moderation. “In keeping with the practice followed by examination conducting bodies, a process of standardisation is applied to the results, so as to take into account the variations in difficulty level of questions over the years (which may occur despite applying various norms and yardsticks), as well as the marginal variations in evaluation of answer scripts by hundreds of examiners (inter-examiner variability), for each subject.”

Some teachers are however puzzled by the findings. “It is understandable that there are many 35s because a student on the verge of passing, is often pushed to the mark. But I don’t understand why there are no 85, 87, 89, 91 and 93. And, with cut throat competition for every single mark in colleges, teachers are very careful, especially with top scoring papers,” said another senior teacher.

For more details visit https://cis-india.org/news/the-hindu-june-7-2013-vasudha-venugopal-karthik-subramanian-hacking-sparks-row-over-exam-evaluation

Indian Government Quietly Brings In Its 'Central Monitoring System': Total Surveillance Of All Telecommunications

praskrishna — 2013-07-02T09:12:49Z

There's a worrying trend around the world for governments to extend online surveillance capabilities to encompass all citizens -- often justified with the usual excuse of combatting terrorism and/or child pornography.

The blog post was published in tech dirt on June 8, 2013. Pranesh Prakash is quoted.

The latest to join this unhappy club is India, which has put in place what sounds like a massively intrusive system, as this article from The Times of India makes clear:

The government last month quietly began rolling out a project that gives it access to everything that happens over India's telecommunications network -- online activities, phone calls, text messages and even social media conversations. Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

This project has been under development for two years, but in almost total secrecy:

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," warned Pranesh Prakash, director of policy at the Centre for Internet and Society. "Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens."

That combination of total surveillance and zero transparency is a dangerous one, providing the perfect tool for monitoring and controlling political and social dissent. If India wishes to maintain its claim to be "the world's largest democracy", its government would do well to introduce some safeguards against abuse of the new system, such as strong privacy laws, as well as engaging the Indian public in an open debate about what exactly such extraordinary surveillance powers might be used for.

For more details visit https://cis-india.org/news/tech-dirt-june-8-2013-indian-govt-quietly-brings-central-monitoring-system

Issue of duplication of identities of users under control: Nilekani

praskrishna — 2013-07-02T10:13:10Z

Nandan Nilekani says UIDAI system almost completely accurate, duplication of identities virtually negligible.

The article by Anirban Sen was published in Livemint on June 29, 2013. Sunil Abraham is quoted.

The Unique Identification Authority of India (UIDAI) chief Nandan Nilekani said the government agency was in preliminary discussions with some embassies to use the Aadhaar project to simplify visa application procedures and that the issue of duplication of identities of users was well under control.

In March, a UIDAI spokesperson told Mint that it had detected 34,015 cases where one person had been issued two Aadhaar numbers. The figures represented a little over 0.01% of the 290 million people who had been enrolled at the time.

Nilekani, who was delivering a keynote address at a three-day conference on the success and failures of information technology (IT) in the public and private sector at the Indian Institute of Management in Bangalore, said the UIDAI system was almost completely accurate and duplication of identities was virtually negligible.

“Knowing what we know now, we believe we have accuracy of upto 99.99%,” said Nilekani, chairman of the Unique Identification Authority of India (UIDAI).

Nilekani, on Saturday, assured that the project was completely secure and user data and biometrics were safe in the hands of the agencies it works with and brushed aside any concerns on security of user data that have been widely raised by Internet security groups and activists.

“We’re not giving any access to data, except when it is resident authorized. It is shared only when a resident participates in a transaction and authorizes the data which is shared,” said Nilekani, who was one of the seven co-founders of India’s second largest software exporter Infosys Ltd. He served as CEO of Infosys from 2002 to 2007.

“The system is also not open to the internet—the system has rings of authentications of service agencies. There are lots of concentric rings of security,” he added. “The biometric data is not used except for enrolment, re-duplication and authentication.”

Internet rights groups and activists such as Sunil Abraham of the Centre for Internet and Society (CIS), a research thinktank that focuses on issues of Internet governance, have often raised concerns over UID’s overtly broad scope and privacy issues in the project.

“We don’t need Aadhaar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the Internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies,” Abraham wrote in a blog post on the CIS website last year.

Nilekani also acknowledged that the department had faced several challenges, due to the sheer scale of the project that aims to cover the country’s entire population of 1.2 billion.

“We have had lots of challenges on this project—we have backlogs of enrolment because we have more packets than we can process, we backlogs of letter deliveries because we cannot handle so many letters…but fundamentally notwithstanding those challenges, we believe we are on the right track,” said Nilekani.

Both UIDAI and the census department under the National Population Register project are recording biometric data, which includes fingerprint and iris data. Even though both the agencies reached a truce after a cabinet decision in January 2012 and were allowed to co-exist, there have been several reports of duplication between the two agencies in biometric collection.

UIDAI is not just being used as the main platform for rolling out the government’s direct cash transfer scheme, but is also being regarded as an important authentication scheme for financial transactions and other security measures.

For more details visit https://cis-india.org/news/livemint-anirban-sen-june-29-2013-issue-of-duplication-of-identities-of-users-under-control

Facebook, Google deny spying access

praskrishna — 2013-07-02T10:18:48Z

The CEOs of Facebook and Google on Saturday categorically denied that the US National Security Agency had "direct access" to their company servers for snooping on Gmail and Facebook users. But both acknowledged that the companies complied with the 'lawful' requests made by the US government and shared user data with sleuths.

The article by Javed Anwer was published in the Times of India on June 9, 2013. Pranesh Prakash is quoted.

In a post titled "What the ...?" Google's official blog, CEO Larry Page wrote, "We have not joined any program that would give the US governmentâ€”or any other governmentâ€”direct access to our servers. We had not heard of a program called PRISM until yesterday."

A few hours later, Facebook CEO Mark Zuckerberg responded. "Facebook is not and has never been part of any program to give the US or any other government direct access to our servers... We hadn't even heard of PRISM before yesterday," he wrote on his page at the social media site.

According to a few PowerPoint slides allegedly leaked by an NSA official, nine technology companies - Google, AOL, Apple, Yahoo, Microsoft, Skype, Facebook, YouTube and PalTalk - are providing the US government easy access to user data. While all companies have denied being part anything called PRISM, Facebook and Google have been most vocal about it.

A few hours after Facebook and Google statements, the New York Times said in a report that technology companies had "opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users".

"In some cases, they (companies) changed their computer systems to do so," noted the NYT report.

The statements by the CEOs have done little to allay privacy fears. "The denials from the companies look highly coordinated, including similar phrases in all their responses. I don't think they are lying outright, though the NYT report suggests that they are telling a half-truth. They may not provide the US government 'direct access' to all their servers, but may be providing indirect access, or may just be responding to very broad FISA orders," said Pranesh Prakash, a policy director with Centre for Internet and Society in India.

On Friday US president Barack Obama had tacitly acknowledged NSA surveillance programmes aimed at non-US citizens. "You can't have a hundred per cent security and also then have a hundred per cent privacy and zero inconvenience. You know, we're going to have to make some choices as a society," he told reporters in the US.

Page and Zuckerberg also called on the governments to be more open about surveillance programmes. "The level of secrecy around the current legal procedures undermines the freedoms we all cherish," wrote Page.

Added Zuckerberg, "We strongly encourage all governments to be much more transparent about all programs aimed at keeping the public safe. It's the only way to protect everyone's civil liberties and create the safe and free society we all want over the long term."

For more details visit https://cis-india.org/news/times-of-india-javed-anwer-june-9-2013-facebook-google-deny-spying-access

Cyber experts suggest using open source software to protect privacy

praskrishna — 2013-07-03T04:32:48Z

Big Brother is watching. With the Central Monitoring System (CMS) at home and PRISM from the US, millions of users worldwide have become vulnerable to online surveillance by state agencies without even realizing it. No surprise, several cyber security experts feel that building one's own personal firewall is a good way of fortifying online privacy.

The article by Kim Arora was published in the Times of India on June 22, 2013. Sunil Abraham is quoted.

One enterprising netizen has compiled a list of services, from social networks to email clients, and even web browsers, that offer better protection from surveillance. They are listed on a web page called prism-break.org.

When asked about steps that a digital native can take to protect his privacy and online data, Sunil Abraham, executive director of Bangalore-based non-profit Center for Internet and Society said, "Stop using proprietary software, shift to free/open source software for your operating system and applications on your computer and phone. Android is not sufficiently free; shift to CyanogenMod. Encrypt all sensitive Internet traffic and email using software like TOR and GNU Privacy Guard. Use community based infrastructure such as Open Street Maps and Wikipedia. Opt for alternatives to mainstream services. For example, replace Google Search with DuckDuckGo."

Use of licensed or proprietary software, which bind users legally when it comes to use and distribution, seems to be losing favour among an informed niche. While alternative software cannot offer absolute protection, it is being seen as a "better-than-nothing" option. Anonymisers like TOR, though also not entirely foolproof, are also a popular option among those who wish to keep their web usage untraceable. Once installed on a browser, anonymisers can hide the route that digital traffic takes when sent from your computer over a network before emerging at an end node.

There is one caveat, though. Some websites can deny service to users operating on certain anonymising networks. Also, anonymisers are known to reduce browsing speeds. In India, where broadband speeds are already abysmally low, anything that slows one down even further would find popularity hard to come by.

Computer and network security expert Aseem Jakhar too recommends open source software since they offer the convenience of customization to suit one's encryption needs and are able to verify the source code. For laypersons, there are other tools. "One can use anonymisers like TOR which encrypt your communication and hide your identity. With these it becomes very difficult to exactly locate the source. For email clients, it is best to use ones that offer end-to-end strong encryption," he says. Jakhar, co-founder of open security community "null", also recommends the use of customized and Linux systems for more advanced users. Default Linux distributions, he points out, may have free online services which can again be analysed by the governments.

The home-bred CMS programme seeks to directly procure data pertaining to call records and internet usage for intelligence purposes without going through telecom service providers. There were fears of abuse when information about the programme, kept under strict wraps by the government, trickled in. Department of Telecom and Ministry of IT and Communication have been reticent about the state of implementation of the 400-crore rupees programme.

PRISM, a similar, international monitoring programme mounted by the US and revealed to the world by the US National Security Authority whistleblower Edward Snowden, has raised concerns of safeguarding digital information the world over.

For more details visit https://cis-india.org/news/times-of-india-june-22-2013-kim-arora-cyber-experts-suggest-open-source-software-to-protect-privacy

In India, Prism-like Surveillance Slips Under the Radar

praskrishna — 2013-07-03T09:31:18Z

Prism, the contentious U.S. data-collection surveillance program, has captured the world’s attention ever since whistle-blower Edward Snowden leaked details of global spying to the Guardian and Washington Post.

The article by Anjan Trivedi was published in Time World on June 30, 2013. Sunil Abraham is quoted.

However, it turns out India, the world’s largest democracy, is building its own version to monitor internal communications in the name of national security. Yet India’s Central Monitoring System, or CMS, was not shrouded in secrecy — New Delhi announced its intentions to watch over its citizens, however mutedly, in 2011, and rollout is slated for August. And while reports that the American system collected 6.3 billion intelligence reports in India led to a lawsuit at the nation’s Supreme Court, comparable indignation has been conspicuously lacking with the domestic equivalent.

CMS is an ambitious surveillance system that monitors text messages, social-media engagement and phone calls on landlines and cell phones, among other communications. That means 900 million landline and cell-phone users and 125 million Internet users. The project, which is being implemented by the government’s Centre for Development of Telematics (C-DOT), is meant to help national law-enforcement agencies save time and avoid manual intervention, according to the Department of Telecommunications’ annual report. This has been in the works since 2008, when C-DOT started working on a proof-of-concept, according to an older report. The government set aside approximately $150 million for the system as part of its 12th five-year plan, although the Cabinet ultimately approved a higher amount.

Within the internal-security ministry though, the surveillance system remains a relatively “hush-hush” topic, a project official unauthorized to speak to the press tells TIME. In April 2011, the Police Modernisation Division of the Home Affairs Ministry put out a 90-page tender to solicit bidders for communication-interception systems in every state and union territory of India. The system requirements included “live listening, recording, storage, playback, analysis, postprocessing” and voice recognition.

Civil-liberties groups concede that states often need to undertake targeted-monitoring operations. However, the move toward extensive “surveillance capabilities enabled by digital communications,” suggests that governments are now “casting the net wide, enabling intrusions into private lives,” according to Meenakshi Ganguly, South Asia director for Human Rights Watch. This extensive communications surveillance through the likes of Prism and CMS are “out of the realm of judicial authorization and allow unregulated, secret surveillance, eliminating any transparency or accountability on the part of the state,” a recent U.N. report stated.

India is no stranger to censorship and monitoring — tweets, blogs, books or songs are frequently blocked and banned. India ranked second only to the U.S. on Google’s list of user-data requests with 4,750 queries, up 52% from two years back, and removal requests from the government increased by 90% over the previous reporting period. While these were largely made through police or court orders, the new system will not require such a legal process. In recent times, India’s democratically elected government has barred access to certain websites and Twitter handles, restricted the number of outgoing text messages to five per person per day and arrested citizens for liking Facebook posts and tweeting. Historically too, censorship has been India’s preferred means of policing social unrest. “Freedom of expression, while broadly available in theory,” Ganguly tells TIME, “is endangered by abuse of various India laws.”

There is a growing discrepancy and power imbalance between citizens and the state, says Anja Kovacs of the Internet Democracy Project. And, in an environment like India where “no checks and balances [are] in place,” that is troubling. The potential for misuse and misunderstanding, Kovacs believes, is increasing enormously. Currently, India’s laws relevant to interception “disempower citizens by relying heavily on the executive to safeguard individuals’ constitutional rights,” a recent editorial noted. The power imbalance is often noticeable at public protests, as in the case of the New Delhi gang-rape incident in December, when the government shut down public transport near protest grounds and unlawfully detained demonstrators.

With an already sizeable and growing population of Internet users, the government’s worries too are on the rise. Netizens in India are set to triple to 330 million by 2016, according to a recent report. “As [governments] around the world grapple with the power of social media that can enable spontaneous street protests, there appears to be increasing surveillance,” Ganguly explains.

India’s junior minister for telecommunications attempted to explain the benefits of this system during a recent Google+ Hangout session. He acknowledged that CMS is something that “most people may not be aware of” because it’s “slightly technical.” A participant noted that the idea of such an intrusive system was worrying and he did not feel safe. The minister, though, insisted that it would “safeguard your privacy” and national security. Given the high-tech nature of CMS, he noted that telecom companies would no longer be part of the government’s surveillance process. India currently does not have formal privacy legislation to prohibit arbitrary monitoring. The new system comes under the jurisdiction of the Indian Telegraph Act of 1885, which allows for monitoring communication in the “interest of public safety.”

The surveillance system is not only an “abuse of privacy rights and security-agency overreach,” critics say, but also counterproductive in terms of security. In the process of collecting data to monitor criminal activity, the data itself may become a target for terrorists and criminals — a “honeypot,” according to Sunil Abraham, executive director of India’s Centre for Internet and Society. Additionally, the wide-ranging tapping undermines financial markets, Abraham says, by compromising confidentiality, trade secrets and intellectual property. What’s more, vulnerabilities will have to be built into the existing cyberinfrastructure to make way for such a system. Whether the nation’s patchy infrastructure will be able to handle a complex web of surveillance and networks, no one can say. That, Abraham contends, is what attackers will target.

National security has widely been cited as the reason for this system, but no one can say whether it will actually help avert terrorist activity. India’s own 9/11 is a case in point: the Indian government was handed intelligence by foreign agencies about the possibility of the 2008 Mumbai terrorist attacks, but did not act. This is a “clear indication that having access to massive amounts of data is not necessarily going to make people safer,” Kovacs tells TIME. However, officers familiar with the new system say it will not increase surveillance or enhance intrusion beyond current levels; it will only strengthen the policy framework of privacy and increase operational efficiency. Spokespersons and officials in the internal-security and telecom departments did not respond to requests or declined to comment.

The government has been cagey about details on implementation and extent. This ability to act however the authorities deems fit “just makes it really easy to slide into authoritarianism, and that is not acceptable for any democratic country,” Kovacs says. Indeed, India has seen that before — almost four decades ago, Indira Gandhi declared a state of emergency for 19 months, which suspended all civil liberties. Indians complaining about Prism may want to look a little closer to home.

For more details visit https://cis-india.org/news/time-world-anjan-trivedi-june-30-2013-in-india-prison-like-surveillance-slips-under-the-radar

April 2013 Bulletin

praskrishna — 2013-05-31T08:07:38Z

The Centre for Internet & Society (CIS) welcomes you to the fourth issue of its newsletter for the year 2013. In this issue we bring you an overview of our research programs, updates of events organised by us, events we participated in, news and media coverage, and videos of some of our recent events.

Celebrating 5 Years of CIS
We at the Centre for Internet and Society celebrate 5 years of existence with an exhibition showcasing our work and accomplishments over this time. The exhibition will be held concurrently at both our Bangalore and Delhi offices from May 20 to 24, 2013, from 10 a.m. to 8 p.m.

Google Policy Fellowship
CIS is inviting applications for the Google Policy Fellowship programme. Google is providing a USD 7,500 stipend to the India fellow who will be selected by July 1, 2013. Fellowship focus areas include Access to Knowledge, Openness in India, Freedom of Expression, Privacy, and Telecom Send in your applications for the position by June 15, 2013.

Jobs
CIS invites applications for the posts of Developer (NVDA Screen Reader Project), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org. CIS also invites applications for the post of Programme Officer (Access to Knowledge, Pilot Projects). To apply for this position send your resume to vishnu@cis-india.org.

Accessibility

CIS is doing two projects in partnership with the Hans Foundation. One is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and another is for developing a screen reader and text-to- speech synthesizer for Indian languages. CIS is also working with the World Blind Union and many other organisations to develop a Treaty for the Visually Impaired helped by the WIPO:

National Resource Kit for Persons with Disabilities
Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Draft chapters have been published. Feedback and comments are invited from readers for the chapters on Himachal Pradesh, Goa, Jammu and Kashmir and Rajasthan:

The Himachal Pradesh Chapter (by Anandhi Viswanathan, April 30, 2013).
Goa Chapter (by Anandhi Viswanathan, April 30, 2013).
The Jammu & Kashmir Chapter (by Anandhi Viswanathan, April 30, 2013).
The Rajasthan Chapter (by Manojna Yeluri, April 30, 2013).

Note: All of these are early drafts and will be reviewed and updated.

Events Organised

Girls in ICT Day (April 25, 2013, Mitra Jyothi Auditorium, HSR Layout, Bangalore). Dr. U.B. Pavanaja gave a talk on Social Media and Kannada Language for Women with Disabilities. Sara Morais wrote an event report.
Global Accessibility Awareness Day (May 9, 2013, TERI, Southern Regional Centre, Domlur, Bangalore).

Announcement

CIS Gets ITU-D Sector Membership: CIS has become a sector member of ITU-D.

Access to Knowledge and Openness

The Wikimedia Foundation awarded CIS a two year grant of INR 26,000,000 to support and develop the growth of Indic language communities and projects by community collaborations and partnerships. This is being carried out by the Access to Knowledge team based in Delhi. CIS is also doing a project (Pervasive Technologies) on examining the relationship between production of pervasive technologies and intellectual property. CIS also promotes openness including open government data, open standards, open access, and free/libre/open source software through its Openness programme.

Wikipedia
Beginning from September 1, 2012, Wikimedia Foundation awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon and Subhashish Panigrahi, and one team member Dr. U.B. Pavanaja who is working from Bangalore office. Noopur Raval, Programme Officer has left the organisation. April 24, 2013 was her last working day.

Indic Wikipedia Visualisation Project

Indic Wikipedia Visualisation Project #2: Visualising Page Views and Project Pages.

Blog Entries

Indian WikiWomen celebrate Women’s History Month (by Netha Hussain, April 29, 2013).
Analysis of Konkani Wikipedia: Facts & Challenges (by Nitika Tandon, April 30, 2013).
Odia Wikipedia: Needs Assessment (by Subhashish Panigrahi, April 30, 2013).

Event Organised

Kannada Wikipedia Workshop (April 29, 2013, Govinda Pai Research Centre, MGM College Udupi). Dr. U.B. Pavanaja led the workshop and gave a talk on Kannada Wikipedia.

Events Co-organised
The following events were organised in the month of March but reports were written during the month of April. Vishnu Vardhan and Subhashish Panigrahi held meetings with wikipedians:

Kolkata Wiki Community Meetup (organised by CIS and Kolkata Wiki Community, March 14, 2013).
Odia Wikipedia - Cuttack Community Meetup (organised by CIS and Odia Wiki Community, Cuttack, March 16, 2013).
Odia Wikipedia – Bhubaneswar Community Meetup (organised by CIS and Odia Wiki Community, Bhubaneswar, March 17, 2013).

The following event was organised in the month of April. We will be publishing the report soon:

Telugu Wiki Mahotsavam 2013 (organised by Telugu Wikipedia Community and CIS, Hyderabad, April 9 – 11, 2013). Vishnu Vardhan was one of the trainers at the Wikipedia Academy at Centre for Good Governance on April 9, 2013. Vishnu Vardhan spoke about the Access to Knowledge work in one of the sessions of Wikimedia Meeting with Media Heads on April 10, 2013. Vishnu Vardhan gave a talk on A2K’s plans for the growth of Telegu Wikipedia in 2013-14 at the Telegu Wikipedia general meeting on April 11, 2013. Vishnu Vardhan also gave a talk about Access to Knowledge in the digital era at the Wiki Chaitanya Vedika on April 11, 2013.

Other Access to Knowledge Updates

WIPO

CIS Intervention on the Treaty for the Visually Impaired at SCCR/SS/GE/2/13 (Geneva, April 18 – 20, 2013). Pranesh Prakash participated in the session and spoke about the rights of the visually impaired.

Internet Governance

The Internet Governance programme conducts research around the various social, technical, and political underpinnings of global and national Internet governance, and includes online privacy, freedom of speech, and Internet governance mechanisms and processes. Currently, CIS is doing a project with Privacy International, London to facilitate research and events around surveillance, and freedom of speech and expression.

Information Technology

IT (Amendment) Act, 2008, 69A Rules: Draft and Final Version Comparison (by Jadine Lannon, April 27, 2013).
Indian Telegraph Act, 1885, 419A Rules and IT (Amendment) Act, 2008, 69 Rules (by Jadine Lannon, April 28, 2013).
IT (Amendment) Act, 2008, 69 Rules: Draft and Final Version Comparison (by Jadine Lannon, April 30, 2013).
IT (Amendment) Act, 2008, 69B Rules: Draft and Final Version Comparison (by Jadine Lannon, April 30, 2013).

Resources
The below rules were published recently:

Newspaper Column

Off the Record (by Nishant Shah, Indian Express, April 6, 2013).

Privacy

India´s ´Big Brother´: The Central Monitoring System (CMS) (by Maria Xynou, April 8, 2013).

Events Organised
Maria Xynou gives an overview of the discussions and recommendations from the privacy round tables held in Delhi and Bangalore:

A Privacy Round Table in Delhi (organized by CIS and Federation of Indian Chambers of Commerce and Industry, FICCI Federation House, Tansen Marg, New Delhi, April 3, 2013).
A Privacy Round Table in Bangalore (organized by CIS and Federation of Indian Chambers of Commerce and Industry, Jayamahal Palace, Jayamahal Road, Bangalore, April 20, 2013).

Announcements

2nd Expert Committee meeting on draft 'Human DNA Profiling Bill 2012': The Department of Biotechnology has constituted an Expert Committee to discuss various issues of this Bill in detail. Sunil Abraham has been nominated as one of the members of this Committee. A meeting of this Expert Committee has been scheduled for May 13, 2013 under the Chairmanship of Dr. T. S. Rao, Adviser, DBT.
Chinmayi Arun is one of the international experts supporting the Internet & Jurisdiction project, a global multi-stakeholder dialogue process.

Upcoming Events

A Privacy Round Table in Chennai (co-organised with Data Security Council of India and the Federation of Indian Chambers of Commerce and Industry, Residency Towers, Sir Thyagaraja Road, T Nagar, Chennai, May 18, 10.30 a.m. to 4.00 p.m.).
Consilience – 2013 (National Law School of India University, Bangalore, May 26 – 27, 2013).

Other Event Hosted

Or-bits.com — A Talk by Marialaura Ghidini (CIS, Bangalore, April 19, 2013). Marialaura Ghidini gave a talk abou the creation and activities of or-bits.com, a web-based curatorial platform that she founded in 2009.

News and Media

Clarify and define terms in IT rules, panel tells govt. (by Prashant Jha, Hindu, April 1, 2013).
India takes its first serious step toward privacy regulation – but it may be misguided (Privacy Surgeon, April 9, 2013).
Regulating Social Media: Unrealistic, Impossible, Necessary? (NDTV, April 11, 2013). Pranesh Prakash participated in a discussion on social media aired on NDTV.
Social media may influence 160 LS seats in 2014 (by Zia Haq, Hindustan Times, April 12, 2013).
Vote: Will Social Media Impact the Election? (by R. Jai Krishna, Wall Street Journal, April 15, 2013).
Untangling the web of India's 'ungovernable' Net (Deutsche Welle, April 15, 2013).
CIS in GNI Annual Report (April 25, 2013). CIS gets mentioned in GNI Annual Report. Sunil Abraham is quoted in it.
Is free speech an Indian value? (by Satarupa Sen Bhattacharya, India Together, April 27, 2013).

Knowledge Repository on Internet Access

CIS in partnership with the Ford Foundation is executing a project on Internet Access. It covers the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access and will touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for formulation policies related to internet access. The blog posts and modules will be published in a new website: www.internet-institute.in.

Upcoming Event
We are hosting an “Institute on Internet and Society” with the support of Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registration and relevant details have been announced.

The following units have been published:

Internet Infrastructure (by Srividya Vaidyanathan, April 30, 2013).
Internet Service Provider – Introduction (by Srividya Vaidyanathan, April 30, 2013).

Telecom

CIS is involved in promoting access and accessibility of telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Prioritizing Communications & Energy (by Shyam Ponappa, Business Standard and Organizing India Blogspot, April 4, 2013).

Blog Entry

From Open Citizen Radio Networks to the Race for .RADIO gTLD (by Sharath Chandra Ram, April 30, 2013).

Event Participated

Broadband Policy Course (organised by Lirne Asia, Bangalore, April 5 – 6, 2013). Nirmita Narasimhan and Snehashish Ghosh attended the course.

About CIS

The Centre for Internet and Society is a non-profit research organization that works on policy issues relating to freedom of expression, privacy, accessibility for persons with disabilities, access to knowledge and IPR reform, and openness (including open government, FOSS, open standards, etc.), and engages in academic research on digital natives and digital humanities.
Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us
Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration
We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/april-2013-bulletin

Report on CIS' Workshop at the IGF:'An Evidence Based Framework for Intermediary Liability'

jyoti — 2014-09-24T10:47:30Z

An evidence based framework for intermediary liability' was organised to present evidence and discuss ongoing research on the changing definition, function and responsibilities of intermediaries across jurisdictions.

The discussion from the workshop will contribute to a comprehensible framework for liability, consistent with the capacity of the intermediary and with international human-rights standards.

Electronic Frontier Foundation (USA), Article 19 (UK) and Centre for Internet and Society (India) have come together towards the development of best practices and principles related to the regulation of online content through intermediaries. The nine principles are: Transparency, Consistency, Clarity, Mindful Community Policy Making, Necessity and Proportionality in Content Restrictions, Privacy, Access to Remedy, Accountability, and Due Process in both Legal and Private Enforcement. The workshop discussion will contribute to a comprehensible framework for liability that is consistent with the capacity of the intermediary and with international human-rights standards. The session was hosted by Centre for Internet and Society (India) and Centre for Internet and Society, Stanford (USA) and attended by 7 speakers and 40 participants.

Jeremy Malcolm, Senior Global Policy Analyst EFF kicked off the workshop highlighting the need to develop a liability framework for intermediaries that is derived out of an understanding of their different functions, their role within the economy and their impact on human rights. He went on to structure the discussion which would follow to focus on ongoing projects and examples that highlight central issues related to gathering and presenting evidence to inform the policy space.

Martin Husovec from the International Max Planck Research School for Competition and Innovation, began his presentation, tracking the development of safe harbour frameworks within social contract theory. Opining that safe harbour was created as a balancing mechanism between a return of investments of the right holders and public interest for Internet as a public space, he introduced emerging claims that technological advancement have altered this equilibrium. Citing injunctions and private lawsuits as instruments, often used against law abiding intermediaries, he pointed to the problem within existing liability frameoworks, where even intermediaries, who diligently deal with illegitimate content on their services, can be still subject to a forced cooperation to the benefit of right holders. He added that for liability frameworks to be effective, they must keep pace with advances in technology and are fair to right holders and the public interest.

He also pointed that in any liability framework because the ‘law’ that prescribes an interference, must be always sufficiently clear and foreseeable, as to both the meaning and nature of the applicable measures, so it sufficiently outlines the scope and manner of exercise of the power of interference in the exercise of the rights guaranteed. He illustrated this with the example of the German Federal Supreme Court attempts with Wi-Fi policy-making in 2010. He also raised issues of costs of uncertainty in seeking courts as the only means to balance rights as they often, do not have the necessary information. Similarly, society also does not benefit from open ended accountability of intermediaries and called for a balanced approach to regulation.

The need for consistency in liability regimes across jurisdictions, was raised by Giancarlo Frosio, Intermediary Liability Fellow at Stanford's Centre for Internet and Society. He introduced the World Intermediary Liability Map, a project mapping legislation and case law across 70 countries towards creating a repository of information that informs policymaking and helps create accountability. Highlighting key takeaways from his research, he stressed the necessity of having clear definitions in the field of intermediary liability and the need to develop taxonomy of issues to deepen our understanding of the issues at stake towards an understanding of type of liability appropriate for a particular jurisdiction.

Nicolo Zingales, Assistant Professor of Law at Tilburg University highlighted the need for due process and safeguards for human rights and called for more user involvement in systems that are in place in different countries to respond to requests of takedown. Presenting his research findings, he pointed to the imbalance in the way notice and takedown regimes are structured, where content is taken down presumptively, but the possibility of restoring user content is provided only at a subsequent stage or not at all in many cases. He cited several examples of enhancing user participation in liability mechanisms including notice and notice, strict litigation sanction inferring the knowledge that the content might have been legal and shifting the presumption in favor of the users and the reverse notice and takedown procedure. He also raised the important question, if multistakeholder cooperation is sufficient or adequate to enable the users to have a say and enter as part of the social construct in this space? Reminding the participants of the failure of the multistakeholder agreement process regarding the cost for the filters in the UK, that would be imposed according to judicial procedure, he called for strengthening our efforts to enable users to get more involved in protecting their rights online.

Gabrielle Guillemin from Article 19 presented her research on the types of intermediaries and models of liability in place across jurisdictions. Pointing to the problems associated with intermediaries having to monitor content and determine legality of content, she called for procedural safeguards and stressed the need to place the dispute back in the hands of users and content owners and the person who has written the content rather than the intermediary. She goes on to provide some useful and practically-grounded solutions to strengthen existing takedown mechanisms including, adding details to the notices, introducing fees in order to extend the number of claims that are made and defining procedure regards criminal content.

Elonnai Hickok introduced CIS' research to the UNESCO report Fostering Freedom Online: the Role of Internet Intermediaries, comparing a range of liability models in different stages of development and provisions across jurisdictions. She argued for a liability framework that tackles procedural and regulatory uncertainty, lack of due process, lack of remedy and varying content criteria.

Francisco Vera, Advocacy Director, Derechos Digitales from Chile raised issues related to mindful community policy-making expounding on Chile's implementation of intermediary liability obligation with the USA, the introduction of judicial oversight under Chilean legislation which led to US objection to Chile on grounds of not fulfilling their standards in terms of Internet property protection. He highlighted the tensions that arise in balancing the needs of the multiple communities and interests engaged over common resources and stressed the need for evidence in policy-making to balance the needs of rights holders and public interest. He stressed the need for evidence to inform policy-making and ensure it keeps pace with technological developments citing the example of the ongoing Transpacific Partnership Agreement negotiations that call for exporting provisions DMCA provisions to 11 countries even though there is no evidence of the success of the system for public interest. He concluded by cautioning against the development of frameworks that are or have the potential to be used as anti-competitive mechanisms that curtail innovation and therby do not serve public interest.

Malcolm Hutty associated with the European Internet Service Providers Association, Chair of the Intermediary Reliability Committee and London Internet Exchange brought in the intermediaries' perspective into the discussion. He argued for challenging the link between liability and forced cooperation, understated the problems arising from distinction without a difference and incentives built in within existing regimes. He raised issues arising from the expectancy on the part of those engaged in pre-emptive regulation of unwanted or undesirable content for intermediaries to automate content. Pointing to the increasing impact of intermediaries in our lives he underscored how exposing vast areas of people's lives to regulatory enforce, which enhances power of the state to implement public policy in the public interest and expect it to be executed, can have both positive and negative implications on issues such as privacy and freedom of expression.

He called out practices in regulatory regimes that focus on one size fits all solutions such as seeking automating filters on a massive scale and instead called for context and content specific solutions, that factor the commercial imperatives of intermediaries. He also addressed the economic consequences of liability frameworks to the industry including cost effectiveness of balancing rights, barriers to investments that arise in heavily regulated or new types of online services that are likely to be the targeted for specific enforcement measures and the long term costs of adapting old enforcement mechanisms that apply, while networks need to be updated to extend services to users.

The workshop presented evidence of a variety of approaches and the issues that arise in applying those approaches to impose liability on intermediaries. Two choices emerged towards developing frameworks for enforcing responsibility on intermediaries. We could either rely on a traditional approach, essentially court-based and off-line mechanisms for regulating behaviour and disputes. The downside of this is it will be slow and costly to the public purse. In particular, we will lose a great deal of the opportunity to extend regulation much more deeply into people's lives so as to implement the public interest.

Alternatively, we could rely on intermediaries to develop and automate systems to control our online behaviour. While this approach does not suffer from efficiency problems of the earlier approach it does lack, both in terms of hindering the developments of the Information Society, and potentially yielding up many of the traditionally expected protections under a free and liberal society. The right approach lies somewhere in the middle and development of International Principles for Intermediary Liability, announced at the end of the workshop, is a step closer to the developing a balanced framework for liability.

See the transcript on IGF website.

For more details visit https://cis-india.org/internet-governance/report-on-cis-workshop-at-igf

CIS contributes to ABLI Compendium on Regulation of Cross-Border Transfers of Personal Data in Asia

Amber Sinha and Elonnai Hickok — 2018-06-03T15:10:11Z

The Asian Business Law Institute, based in Singapore published a compendium on “Regulation of cross-border transfer of personal data in Asia”. This was part of an exercise to explore legal convergence around issues such as data protection, enforcement of foreign judgments and principle of restructuring in Asia.

The compendium contains 14 detailed reports written by legal practitioners, legal scholars and researchers in their respective jurisdictions, on the regulation of cross-border data transfers in the wider Asian region (Australia, China, Hong Kong SAR, India, Indonesia, Japan, South Korea, Macau SAR, Malaysia, New Zealand, Philippines, Singapore, Thailand, and Vietnam).

The compendium is intended to act as a springboard for the next phase of ABLI's project, which will be devoted to the in-depth study of the differences and commonalities between Asian legal systems on these issues and – where feasible – the drafting of recommendations and/or policy options to achieve convergence in this area of law in Asia.

The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok. The compendium can be accessed here.

For more details visit https://cis-india.org/internet-governance/blog/regulation-of-cross-border-transfers-of-personal-data-in-asia

Election Experiment Proves Facebook Just Doesn't Care About Fake News In India

Admin — 2018-05-31T22:56:48Z

Much-hyped fact-checking initiative identified only 30 bits of fake news in month-long Karnataka campaign. Yup — 30!

The article by Visvak was published in Huffington Post on May 30, 2018. Pranesh Prakash was quoted.

On April 16, a little less than a month before Karnataka went to the polls, Facebook announced a partnership with Boom Live, an Indian fact-checking website, to fight fake news during the Karnataka assembly polls.

Five days before the partnership was announced, an embattled Mark Zuckerberg stood before the the US Congress. Under fire for having allowed his platform to be used to manipulate elections, he declared that his company would do everything it could to protect the integrity of elections in India and elsewhere.

Facebook's press-release promised as much:

We have learned that once a story is rated as false, we have been able to reduce its distribution by 80%, and thereby improve accuracy of information on Facebook and reduce misinformation.

Yet, the pilot project in Karnataka suggests Facebook has a long way to go to keep Zuckerberg's promise. In an election cycle widely acknowledged as rife with misinformation, fake polls and surveys, communally coloured rumours, and blatant lies peddled by campaigners, rating stories as "false" proved to be so difficult and time consuming that the Facebook partnership was only able to debunk 30 pieces of misinformation — 25 in the run-up to the polls, and 5 in the immediate aftermath — in the month long campaign.

The much-ballyhooed partnership added up to a small financial contribution from Facebook that allowed Boom to hire two fact-checkers, one in its offices in Mumbai and one based on the ground in Bengaluru, specifically to track the election. The fact-checkers were also given access to a Facebook dashboard that could be used to discover and counter misinformation on the platform.

Boom did not reveal the sum involved or allow HuffPost India access to the dashboard, citing a non-disclosure agreement. Facebook's representatives declined comment on a detailed questionnaire sent to them.

A Gushing Sewer of Fake News

Globally, Facebook's fact-checking initiative is a little over a year old, but the partnership with Boom marks its advent in India, the company's largest market.

"It's a late start, a very late start." says Pratik Sinha, co-founder of AltNews, another prominent fact-checking website. "But they're doing something now, which is good."

Yet Govindraj Ethiraj, Founder-Editor of Boom Live, said the social networking giant's contribution to their fact-checking efforts was of limited utility. "Facebook's involvement didn't really help us," he said. "This was more about us helping them."

Ethiraj identified Facebook-owned WhatsApp as the primary medium for the propagation of fake news during the Karnataka election. Each of the three major parties in the fray reportedly set up tens of thousands of groups on the platform in an effort to spread their message. Facebook is yet to figure out a way to allow fact-checkers into the platform without breaking the end-to-end encryption which makes it impossible for messages to be tracked.

But even on Facebook, which lends itself far more easily to tracking and monitoring, the tools that the company has built to track fake news are not particularly effective.

Facebook allows advertisers to micro-target content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.

In his office in the aging Sun Mill Compound in Mumbai's Lower Parel, Jency Jacob, Managing Editor of Boom logged into the dashboard and scrolled through the gushing sewer of user-flagged content pouring in from around the world: stories about dinosaur remains and ancient caves, tales of celebrities battling mysterious diseases, and ordinary people undergoing plastic surgeries to look like celebrities, mixed in with news – both real and fake – that users found objectionable. There's one about the rise in fuel prices and there's even a Huffpost India story, about a Dalit being flogged to death in Gujarat. (The HuffPost India story, the editorial board can affirm, is true.)

"I can't claim that it doesn't affect me," admitted Jacob. "This morning, the first thing I saw after waking up was a video of a woman kicking a 3-year-old baby and slamming her on the ground. We are in the rush of it right now, but I don't think we will enjoy doing this all our lives."

"A lot of it is dependent on how users are reporting," Jacob continued, explaining that the dashboard tool relies on users to flag potentially "fake" news. "If the users aren't reporting it, it isn't going to come into the queue."

This is a blind spot as Facebook allows advertisers to micro-target content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.

Everything But English

Facebook's dashboard cannot be used to report non-English content. In India, local language users outnumber English language users and more are coming online every day. The dashboard is also unable to filter stories relevant to a specific location, despite Facebook allowing advertisers to geo-target their advertisements with reasonable accuracy.

Jacob reckons the tool will get better at dealing with the Indian context over time. "This was always intended to be a pilot project. It will take them time to figure out how to get us more relevant leads," he said.

With not much help forthcoming from Facebook, Boom relied on its own tried and tested methods of tracking misinformation. Its fact-checkers monitored pages and websites known to be potential sources of fake news, told friends and family to forward anything suspicious they came across, and maintained their own reporting channel - a dedicated WhatsApp helpline for users to direct suspicious looking links.

These methods threw up about 4-5 actionable leads every day. To fact-check them, Boom deployed a combination of old school journalistic practices, such as getting fact-checkers to call sources, and tech tools like video and image matching software.

Fact-checking is a painstaking process that involves a great deal of manual effort.

"The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."

"Essentially, we are saying what we are saying is true, don't believe others," said Sinha. "That's a very arrogant position to take. To say that in a world full of information, there has to be a process where we take the audience from the claim to the truth. Gathering the information required to do that takes a lot of time."

According to Jacob, it sometimes takes 2-3 people working all day to fact-check a single video. And Boom only has 6 fact-checkers in all, including the two Facebook-funded hires. Given these constraints, they could act on only a fraction of the tip-offs.

"We were not looking at volume, but at impact," said Jacob, indicating that they focused their attention on misinformation that was going viral. "The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."

Jacob admits that there were many more stories that they could have tackled, but he says that it was impossible to address them all with the limited resources available to them.

Sinha reckons that Facebook already has the technology to significantly alleviate the manpower issue. "If you upload a video to Facebook and there's a copyright violation, they pull the video. So they know how to match videos. If they leverage that technology and apply it to fake news, it'll reduce the mundane work we have to do by half," he said.

While Facebook's contribution to Boom's sourcing and fact-checking processes was minimal, it does seem to have had a significant impact on how fact-checks were disseminated. The Facebook dashboard allows fact-checkers to tag content with ratings ranging from 'true' to 'false' with a few options in between and also attach their fact-check articles to the content. The platform then attempts to reduce distribution of the content and display the fact-check article to users whenever they encounter it on the news feed or attempt to share it.

Major Victory

This system claimed its first major victory within a week of the partnership being announced when several major media outlets including NDTV India, India Today and Republic published a list of purported star campaigners for the Congress party that turned out to be fabricated.

Boom rated the articles false and linked their fact-check. Jacob could not verify if this reduced the articles' distribution by the 80% figure touted by Facebook, but said there was a clear impact.

"NDTV India carried the story and we noticed that their traffic dropped after we linked our fact-check to their article," said Jacob. With traffic plummeting and users being shown fake news warnings when interacting with their content, most of the media houses that published the list either issued clarifications or took their articles down.

After the initial success, Boom quickly ran into the limitations of the ratings system. Fact-checks could only be done on links and not on image, video, or text posts. Facebook eventually granted Boom access to image and video posts, but text posts are still beyond the purview of fact-checkers.

While that change was likely a simple fix that only required a switch to be flipped, there are other restrictions on the ratings system that are unlikely to be lifted as easily.

From the beginning of the election cycle, false statements by prominent politicians - including the Prime Minister - were an everyday affair. As is the norm, they were faithfully reported by most media outlets without critique or context. Misinformation masquerading as opinion, wherein a set of legimitate facts are presented out of context to arrive at a blatantly false conclusion, was also a persistent feature during the polls. Such articles add to the whirlwind of campaign misinformation, but are exempted from the rating system.

"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader."

Sinha believes that misinformation that falls into these grey areas cannot be laid at Facebook's door.

But Pranesh Prakash, Fellow at the Centre for Internet and Society, said such restrictions were "extraordinarily stupid."

"As long as the distinction is made that the publication isn't msiquoting and the politician is saying something that is false - and that's easy enough to do - I can't think of a possible justification," he said, regarding false statements made by public figures.

As for misleading opinion pieces Prakash said, "Most falsehoods are not just statements that present incorrect facts, but that present facts in an incorrect context. It's clearly the context that speaks to how people interpret facts. Fact checkers can't be people who only look at facts as black and white things."

Facebook's suggested method of dealing with such articles is to attach fact-check articles to them while assigning them a 'not eligible' rating. Jacob reckons that this is yet another blind spot.

"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader. The way it is designed now, with the article showing up below as a related link, not many people will bother to go and click on that."

The Whatsapp Problem

For all its flaws, the fact-checking initiative appears to be making an attempt at solving the problem of misinformation on Facebook's news feed. But the company hasn't even begun to address the 800-pound gorilla that is WhatsApp.

While Facebook has been castigated for playing fast and loose with privacy on its primary platform, the inherently better privacy features of the fully-encrypted Whatsapp platform have made it lethal when it comes to fake news. The lack of third party access, which has prevented Facebook from monetising WhatsApp chats - thus far - and security agencies from spying on them, has also made Whatsapp messages impossible to fact-check.

In Karnataka, WhatsApp was the primary vector for the spread of a series of fake polls, some of which were eventually picked up and published by mainstream media outlets. Unlike fake news that emerges on the Facebook and Twitter, it is impossible to trace the source of misinformation on Whatsapp.

"Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."

"If Whatsapp had a trending list, our jobs would've been a lot easier," lamented Jacob. "By and large, we have figured out what goes viral on Facebook and Twitter. It might take a day to reach us, but eventually we catch anything that's going viral on these platforms. But Whatsapp is a black box."

Prakash asserts that while encryption is a barrier, it does not make it impossible to police fake news on WhatApp. "Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."

There are indications that WhatsApp is attempting to develop features to tackle fake news. The platform has beta-tested features that would clearly identifyforwarded messages and warn users if a message has been forwarded more than 25 times. Jacob said that Facebook was working on a product that would throw up fact-check articles when a user interacts with a fake news URL on WhatsApp. If or when any of these features actually make it to users is a matter of conjecture.

Prakash said the slow pace of progress on WhatsApp is just a reflection of the company's priorities. "It speaks to how American a company a Facebook is. Whatsapp is the real network for fake news in India, but it gets the least amount of attention."

For more details visit https://cis-india.org/internet-governance/news/huffington-post-visvak-may-30-2018-election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india

India Proposes Law to Give Indians Complete Control of their Digital Health Data

Admin — 2018-06-01T13:57:42Z

India’s health ministry has proposed a law to govern data security in the healthcare sector that would give individuals complete ownership of their health data.

The article by Madhur Singh was published as a cover story in IndiaSpend on May 31, 2018. Shweta Mohandas and Amber Sinha were quoted.

Individuals would have the absolute right to refuse or allow data to be generated, collected, accessed, transmitted or used. And data collectors such as hospitals would be prohibited from refusing treatment to those who do not want their data collected or used.

This would make India one of the world’s foremost jurisdictions in the regulation of healthcare data, at a time when governments around the world are scrambling to keep a check on who gets to generate and use data and how, especially as citizens do not completely understand the data privacy and security implications of the innumerable applications they wittingly or unwittingly use.

The draft Digital Information Security in Healthcare Act was proposed by the health ministry on March 11, 2018. The period for stakeholder comment ended April 21, and a bill is currently being finalised. Experts say the health ministry is possibly waiting for a final verdict from the Supreme Court on petitions challenging the constitutional validity of Aadhaar–on which it has just completed the second-longest oral hearing in the history of the court. The ruling is expected in July or August.

The verdict will guide India’s data privacy framework, which is already being prepared by the Committee of Experts on a Data Protection Framework for India being chaired by Justice B. N. Srikrishna. It will also have implications for the health ministry’s proposed law.

Use of data

Digital health data (DHD), or electronic health records of individuals or the public (when aggregated), typically comprise information such as a patient’s age, contact information, vital signs, lab reports, medical history including immunisations, allergies, and current and past medications.

The use of DHD promises to revolutionise healthcare services by providing more comprehensive care using the most accurate records possible, possibly reducing costs and timelines for all involved.

The law would allow anonymised health data, which cannot be traced to individuals, to be used for specified public health purposes, such as early detection and rapid response to public health emergencies such as bioterror events and infectious disease outbreaks.

However, for data in identifiable form, the draft stipulates that explicit prior permission would be needed from the digital data owner before each transmission or use. For instance, often companies offer free medical checkups to all employees. By revealing a pregnancy or a serious chronic condition, these tests could imperil an employee’s situation with their employer. With the proposed law, an employee could refuse to allow the pathology laboratory to share their data with the employer.

In recognition of the serious privacy and security concerns over uses and misuses of digital health data, the proposed law would completely prohibit use of digital health data for ‘commercial purposes’, whether in an identifiable or anonymised form.

This would mean that insurance companies, employers, human resource consultants and pharmaceutical companies would not be allowed to access or use health data, the law firm Trilegal said in an analysis posted on its website on April 11, 2018.

“Currently, employers can process health data for employee benefits, office records and insurance purposes under labour legislations like Maternity Benefits Act, Employee Compensation Act and Employee State Insurance Corporation Act and as part of their internal policies,” Trilegal said, adding that the proposed law would allow the use of digital data only to the extent required by these laws. “However, access, use or disclosure of [digital health data] to employers or human resource consultants for any other purpose is prohibited,” Trilegal noted.

Similarly, insurance companies and drug makers would not be allowed to access or use digital health data, although use for academic, clinical and public health research would be allowed.

The central government would be tasked with establishing ‘health information exchanges’ that would regulate the exchange of DHD between various clinical establishments–hospitals, clinics, diagnostic centres, pathology laboratories, etc.–for purposes and in manners allowed under the law.

Data breach

The responsibility for ensuring data security and privacy would lie with the entity that has custody of the data, which could be penalised for data breach.

Currently, under Indian law, companies in India are not obligated to inform individuals of data breach, with the exception of banks, which are obligated to inform the Reserve Bank of India within six hours. The result is that individuals are often not aware that their details may have been compromised.

The draft law proposes to make breach notification mandatory. Data breaches would be ranked by severity, and the more serious kind would be punishable with a fine of at least Rs 1 lakh and a jail term of up to five years.

Clinical establishments and health information exchanges would have to notify the owner in case of a breach within three days. Data owners could claim compensation from the person who breached the data, and no limit has been prescribed for the compensation amount.

The draft also specifies punishment for various other offences such as unauthorised access and data theft of up to five years’ imprisonment.

Some concerns

The stringent provisions of the proposed law, particularly the blanket ban on use of DHD by insurance and pharmaceutical companies, has raised concerns among these industries.

“Most data protection laws allow healthcare institutes to process data so long as there exists a legitimate interest in doing so,” Rahul Kumar, country manager and director with security solutions company WinMagic India said, adding that provisions debarring insurance and pharmaceutical companies, “while being protective in nature might be excessively harsh under certain circumstances”.

The stringent privacy provisions also put the future of wearable devices in doubt, Shweta Mohandas of The Centre for Internet and Society (CIS) told IndiaSpend, “Perhaps a revised draft of the law, or rules framed under the final law, would specify these details.”

The draft does not clearly define the security measures that must be followed to prevent data breach, Mohandas and Amber Sinha, also of the CIS, told IndiaSpend. However, a National Electronic Health Authority proposed to be set up under the law could possibly define a clear set standards for maintaining security, they said.

Also, the draft proposes to allow for the withdrawal of consent but does not say how data would be removed from the system, Sinha and Mohandas said, adding that the roles of the various bodies to be established must be clearly defined.

Most commentators expect the finalised bill, which will be drafted after taking into account stakeholder comment, will iron out these issues.

“This law in its current form and further in its revised version will go a long way to help the industry be more secure,” Kumar said, adding, “Compliance is known to bring in a level playing field for industries and also give the end user the confidence that the critical data is secure.”

Many commentators also have questioned the timing of the health ministry’s draft law, given that India is currently in the process of creating a framework and an overarching legislation on data privacy and security. “It is curious that the Ministry has chosen to not wait for the draft law, before framing and releasing their draft,” Sinha and Mohandas said, “This suggests a lack of coordination between the different ministries, and if due care is not taken, could lead to inconsistencies across sectoral regulations of data.”

However, they said, it is possible that the health ministry will wait for the Supreme Court verdict in the Aadhaar litigation before finalising the bill.

(Singh is a contributing editor with IndiaSpend.)

For more details visit https://cis-india.org/internet-governance/news/india-spend-madhur-singh-may-31-2018-india-proposes-law-to-give-indians-complete-control-of-their-digital-data

Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter

Admin — 2018-06-01T14:15:44Z

Swadeshi" messaging app targeted at WhatsApp taken off from app stores hours after launch.

The article by Alnoor Peermohamed and Manavi Kapur was published in the Business Standard on May 31, 2018. Gurshabad Grover was quoted.

The fate of Patanjali’s “swadeshi” instant messaging app Kimbho was sealed in the span of just a few hours, thanks to viral messages being shared on Facebook-owned WhatsApp, the app that the Baba Ramdev-promoted company was trying to combat.

Patanjali on Thursday launched Kimbho with the sole intent of checking the rise of messaging giant WhatsApp in India. However, after Kimbho’s various data vulnerabilities were exposed by the security expert and whistleblower who goes by the pseudonym Elliot Alderson on Twitter, the app made a quiet exit from Google’s Play Store.

Jokes surrounding the app’s quick retreat spread like wildfire on rival platform WhatsApp. It was perhaps the quickest rise and fall in the popularity of a mobile application.

Alderson, who has exposed data breaches in the UIDAI’s website, took to Twitter to rip apart the Kimbho app. “This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app,” he wrote. His next tweet sent alarm bells ringing among users: “The #Kimbho #android #app is a security disaster. I can access the messages of all the users...”

Kimbho, though, claims that every message on its platform is encrypted by the Advance Encryption Standard and that it saves “no data on our servers or cloud”. But Alderson pointed out that the one-time password security could be worked around. “It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted. Kimbho, explained as a Sanskrit greeting by S K Tijarawala, Ramdev’s spokerperson, on Twitter, is also a patched-up application over the existing Bolo messaging app.

This is most likely the reason the app was taken off the Google Play Store. “There were basic authentication and authorisation related vulnerabilities where an end user can see the data of other users. These flaws may be the reason the developers took down the app. Google flags such things,” said Anand Prakash, a Bengaluru-based ethical hacker.

“WhatsApp uses end-to-end encryption that essentially means even they can’t access the messages you send. But Kimbho, on the other hand, was not using end-to-end security and probably even saving every message as plain text on its server,” adds Gurshabad Grover, policy officer at the Centre for Internet and Society.

Google did not respond to queries about whether the developer took the app down or Google flagged it as unsecure. Kimbho declared on its Twitter handle that its app was removed from the Play Store because of heavy traffic, claiming that it was downloaded 150,000 times in a mere three hours since its launch.

On Apple’s App Store, it was trending in the social networking category at the fourth position in India, just below WhatsApp, Facebook and Facebook’s Messenger, and above popular messaging apps such as Skype, LinkedIn and hike messenger.

Tijarawala had announced Kimbho’s launch on Twitter, calling it an app developed by the “shishyas” (disciples) and “navdikshit sadhus” (newly ordained priests) of Ramdev and Acharya Balkrishna, managing director, Patanjali Ayurved and co-founder, Patanjali Yogpeeth in Haridwar. Tijarawala’s tweet also claimed that this app was built using “swadeshi” techniques, though what these are remains a mystery. Emails, text messages and calls to Tijarawala went unanswered.

In keeping with an “Indian” aesthetic, the app’s logo has a “shankh” (conch shell), perhaps signifying a war cry against foreign-born WhatsApp, which has over 200 million active users in India. The conch shell also blends well with Kimbho’s tag line, “Ab Bharat Bolega” (now India will speak). But that is where its tenuous Indianness begins to crumble.

While the app was registered as a product of Patanjali Ayurved on the Play Store, the developer on Apple’s App Store is Appdios Inc, a San Francisco-based app development company. Aditi Kamal and Sumit Kumar are this company’s founders according to LinkedIn. The duo has worked with technology giants such as Google and Apple and hold masters degrees from University of Southern California in the US. A blonde man features on the screenshots that the app has featured on its landing page on the App Store.

Taking forward Bolo’s keyboard suggestions, cheekily called “Quickies”, Kimbho offers pre-typed messages such as “hugs and kisses”, “what the heck” and “parents are watching”. Whether these millennial-friendly features and Kimbho itself are an attempt to get young millennials in touch with their “swadeshi” roots remains to be seen.

For more details visit https://cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter

May 2018 Newsletter

praskrishna — 2018-06-12T14:03:24Z

CIS newsletter for the month of May 2018.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here. Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty. India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018. Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok. The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok. Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah. Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly. Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report. The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Highlights

The Centre for Internet & Society (CIS) has published a collection of stories of the impact of internet shutdowns on people's lives in the country. The stories were provided by 101 Reporters. The project was funded by Facebook and MacArthur Foundation. The report edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah can be accessed here.
Anubha Sinha on behalf of CIS participated in the 36th Session of WIPO SCCR at Geneva from May 28 to June 1, 2018. CIS made statements on Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities, Draft Action Plan for Libraries, Archives and Museums, Limitations and Exceptions Agenda, and Proposed Treaty for the Protection of Broadcasting Organizations. CIS was one among the 14 NGOs which circulated a letter that raised concerns about the draft Broadcasting Treaty.
India's Department of Telecommunications released a draft new telecom policy, titled ‘Draft National Digital Communications Policy 2018’. Anubha Sinha wrote an analysis on this in the Wire on May 6, 2018.
Singapore based Asian Business Law Institute published a compendium on “Regulation of cross-border transfer of personal data in Asia”. The compendium contains 14 detailed reports. The chapter titled Jurisdictional Report India was authored by Amber Sinha and Elonnai Hickok.
The purpose of privacy notices and choice mechanisms is to notify users of the data practices of a system, so they can make informed privacy decisions, wrote Saumyaa Naidu in a blog post which was edited by Elonnai Hickok.
Divij Joshi wrote a report that assesses the compliance of the Indian intermediary liability framework with the Manila Principles on Intermediary Liability, and recommends substantive legislative changes to bring the legal framework in line with the Manila Principles. The report was edited by Elonnai Hickok and Swaraj Barooah.
Data is potentially a toxic asset, if it is not collected, processed, secured and shared in the appropriate way wrote Amber Sinha in an article published in the Economic & Political Weekly.
Saman Goudarzi, Elonnai Hickok and Amber Sinha wrote a report titled AI in the Banking and Finance Industry in India which seeks to map the present state of use of AI in the banking and financial sector in India. The report was edited by Shyam Ponappa. Mapping was done by Shweta Mohandas. Pranav M Bidare, Sidharth Ray, and Aayush Rathi provided research assistance in preparing this report.
The National Register of Citizens (NRC) exercise in Assam focuses on updating the list of Indian citizens in the state. Khetrimayum Monish Singh and Nazifa Ahmed wrote a research paper that has provided a discourse analysis of media content and user opinions on Facebook, and media responses on the NRC official website. All posts related to this study can be found here.

Articles:

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).

India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).
India's Data Protection Framework Will Need to Treat Privacy as a Social and Not Just an Individual Good (Amber Sinha; Economic & Political Weekly, Volume 53, Issue No. 18, 05 May, 2018).
Digital Native: Web of Wander (Nishant Shah; Indian Express; May 20, 2018).

CIS in the News:

India's National ID Project Brings Pain to Those it Aims to Help (Aayush Soni; Ozy.com; May 11, 2018).
Aadhaar Remains an Unending Security Nightmare for a Billion Indians (Karan Saini; Wire; May 11, 2018).
More errors in Aadhaar data in Andhra Pradesh than in voter database (U Sudhakar Reddy; Times of India; May 18, 2018).
Putting women human rights activists on the world map (Sarumathi K.; Hindu; May 19, 2018).
An open data ecosystem can boost India's GDP by $22 B and double farmer income (Sohini Mitter; Your Story; May 23, 2018).
Complying with Europe’s GDPR will be a “matter of survival” for Indian IT firms (Ananya Bhattacharya; Quartz India; May 24, 2018).
Don't blindly forward WhatsApp messages. You could be sued (Rajitha Menon and Surupasree Sarmmah; Deccan Herald; May 29, 2018).
Alexa’s recording leak in US ‘echoes’ privacy issues here (Mugdha Variyar; Economic Times; May 29, 2018).
Election Experiment Proves Facebook Just Doesn't Care About Fake News In India (Visvak; Huffington Post; May 30, 2018).
India Proposes Law to Give Indians Complete Control of their Digital Health Data (Madhur Singh; India Spend; May 31, 2018).
Patanjali's Kimbho swiftly retreats over security scare, ripped on Twitter (Alnoor Peermohamed and Manavi Kapur; Business Standard; May 31, 2018).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Copyright and Patent

Blog Entries

CIS participated in the 36th SCCR held in Geneva from May 28 to June 1, 2018 and made the following statements:

Statement on the Proposed Treaty for the Protection of Broadcasting Organizations (Anubha Sinha; May 28, 2018).
NGOs circulate letter at WIPO SCCR/36 raising serious concerns about draft Broadcasting Treaty (Anubha Sinha; May 29, 2018).
Draft Action Plan for Educational and Research Institutions and Persons with Other Disabilities (Anubha Sinha; May 31, 2018).
Statement on the Draft Action Plan for Libraries, Archives and Museums (Anubha Sinha; May 31, 2018).
Statement on Limitations and Exceptions Agenda (Anubha Sinha; May 31, 2018).

Participation in Event

RightsCon Toronto 2018 (Organized by RightsCon; Beanfield Centre at Exhibition Place, Toronto; May 17, 2018). Maggie Huang, Amba Kak, Rohini Lakshané, Vidushi Marda, Elonnai Hickok and Anubha Sinha were among the speakers at the event. Amber Sinha remotely participated in a private meeting on 'Strategizing Civil Society Roles in the Artificial Intelligence Debate'. Anubha Sinha, Maggie Huang, Rohini Lakshané and Vidushi Marda presented their findings from the Pervasive Technologies project in a panel titled "Cheap and Chipper: IP in India's Affordable Smartphones". Prof Michael Geist moderated the session. Anubha Sinha and Vidushi Marda participated remotely. Elonnai Hickok participated in these sessions: IDRC cyber policy meeting; GNI board meeting; GNI learning session on MLATs; FOC-AN meeting; GNI session on Intermediary Liability.

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Reports

Methods workshop on researching Future of Work in India (Natallia Khaniejo and Aayush Rathi; May 10, 2018).
AI in the Banking and Finance Industry in India (Saman Goudarzi, Elonnai Hickok and Amber Sinha; May 14, 2018)
Indian Intermediary Liability Regime: Compliance with the Manila Principles on Intermediary Liability (Divij Joshi; May 20, 2018). The report was edited by Elonnai Hickok and Swaraj Barooah.
Jurisdictional Report India (Compendium on Regulation of Cross-Border Transfers of Personal Data in Asia; Amber Sinha and Elonnai Hickok; May 31, 2018).

Blog Entry

Design Concerns in Creating Privacy Notices (Saumyaa Naidu; May 29, 2018). The blog post was edited by Elonnai Hickok.

Participation in Events

Meeting of Coalition for an Inclusive Approach on the Trafficking Bill (Organized by Alternative Law Forum; Bengaluru; May 3, 2018).
Fairness, Transparency and Accountable AI (Organized by DeepMind; London; May 10, 2018). Amber Sinha participated remotely in the inaugural meeting.
Rootconf 2018 (Organized by HasGeek; Bengaluru; May 11 - 12, 2018). Gurshabad Grover, Natallia Khaniejo and Aayush Rathi attended the event.
Inter Movements Open Forum: Trafficking Bill (Organized by Sangram, Naz Foundation, NNSW, Tarshi and VAMP; India International Centre, New Delhi; May 18, 2018).
IETF Indian Community Meetup: RFCs We Love (IoT edition) (Organized by Indian IETF Community; Zoomcar's office; Bengaluru; May 19, 2018). Gurshabad Grover and Sandeep Kumar attended 'RFCs We Love Meetup'.
Emerging Technologies: Issues & Way Forward (Organized by Technology Policy team at the National Institute of Public Finance and Policy; Bengaluru; May 23 - 24, 2018).
Privacy in the Digital Age: Addressing Common Challenges, Seizing Opportunities (Organized by DG Justice and Consumers and European Union; New Delhi; May 25, 2018).

►Free Speech and Expression

Report

Internet Shutdown Stories (Edited by Debasmita Haldar, Ambika Tandon and Swaraj Barooah; Foreword by Sunil Abraham; May 17, 2018). Case studies from the states of Jammu & Kashmir, Haryana, Rajasthan, Gujarat, Telangana, West Bengal, Tripura, Manipur, Nagaland, and Uttar Pradesh have been highlighted in this compilation.

Blog Entry

DIDP Request #30 - Enquiry about the employee pay structure at ICANN (Paul Kurian and Akriti Bopanna; May 26, 2018).

-----------------------------------
Telecom
-----------------------------------

CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Articles

The Huawei pointer (Shyam Ponappa; Business Standard and Organizing India Blogspot; May 3, 2018).
India's Draft Telecom Policy Needs to Bridge the Gap Between Intent and Execution (Anubha Sinha; Wire; May 6, 2018).

-----------------------------------
Researchers at Work
-----------------------------------

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Draft Research Paper

Infrastructure as Digital Politics: Media Practices and the Assam NRC Citizen Identification Project (Khetrimayum Monish Singh and Nafiza Ahmed; May 15, 2018).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/may-2018-newsletter-1