The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 1 to 15.
Zomato hack: You need to enhance online security with a password manager
https://cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-may-23-2017-zomato-hack-you-need-to-enhance-online-security-with-a-password-manager
<b>Hacking incident at Zomato underlines need to employ different passwords for different accounts.</b>
<p style="text-align: justify; ">The article by Sanjay Kumar Singh was published in the <a class="external-link" href="http://www.business-standard.com/article/companies/zomato-hack-you-need-to-enhance-online-security-with-a-password-manager-117052201261_1.html">Business Standard</a> on May 23, 2017.</p>
<hr />
<p style="text-align: justify; "><span class="p-content"> </span></p>
<p style="text-align: justify; ">Recently, food-tech company <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Zomato" target="_blank">Zomato </a>suffered a security breach where 17 million user records were stolen, including email addresses and passwords. Such hacking incidents can have wider consequences, including, in the gravest of scenarios, financial losses. They emphasise the need for people to adopt newer protection mechanisms, such as <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>managers.</p>
<p style="text-align: justify; ">In Zomato's case, the passwords are said to be hashed, which means they were converted into unintelligible characters. However, experts say that depending on the hashing protocol used, hashes can be re-engineered to generate the <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password.</a></p>
<div style="text-align: justify; ">
<div style="float: left; "></div>
</div>
<p style="text-align: justify; ">The hacking of one account can have wider ramifications. "By hacking one account, hackers get access to your email ID and <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password.</a> To save themselves the bother of remembering many passwords, users often use the same <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>in all their accounts. So, the hackers get access to your email and other accounts. Sometimes, they use your email account to reset the passwords in your other accounts," explains Shomiron Das Gupta of NetMonastery, a threat management provider. He adds that people often store sensitive information, including their net banking and credit card numbers and passwords within their email accounts. Also, on a website like Amazon, you can only view the last four digits of your credit card number. Other websites may not blur this information, in which case hackers would get access to this and other sensitive information.</p>
<p style="text-align: justify; "><span class="p-content"> </span></p>
<p style="text-align: justify; ">Experts recommend you create complex passwords and use different ones for different accounts. Since generating complex passwords and remembering them all is difficult, you should use a <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager. Some of the good ones are LastPass, 1Password, Dashlane and TrueKey.</p>
<p style="text-align: justify; "><span class="p-content"><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">Password </a>managers can generate long and complex passwords that are difficult to replicate. They also remember on your behalf the passwords on all the sites and apps you use. Also, hackers sometimes steal passwords by inserting a malware that copies keystrokes. Since a <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager inputs the password, you don't have to type them in, thereby doing away with the risk of your keystrokes being captured and stolen.</span></p>
<p><span class="p-content"><span class="p-content"> </span></span></p>
<div style="text-align: justify; ">
<div style="float: left; "><img align="left" alt="graph" class="imgCont" height="352" src="http://bsmedia.business-standard.com/_media/bs/img/article/2017-05/22/full/1495477165-3235.jpg" style="float: left; " title="graph" width="220" /></div>
A <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager is a secure vault that stores all your passwords. You get access to the vault with a master <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password.</a> Instead of remembering many passwords, you have to remember just one.</div>
<p> </p>
<p style="text-align: justify; ">Browsers like <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Google+Chrome" target="_blank">Google Chrome </a>and <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Mozilla+Firefox" target="_blank">Mozilla Firefox </a>also offer <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>managers. However, if you wish to use your <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager across browsers and apps, use a third-party one like those mentioned above. And while a <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager that is stored locally is safer, one that is cloud-based is more convenient, since you can use it across devices having internet connection. <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">Password </a>managers also offer two-factor authentication. They either send a <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>to your phone or generate it on your device. Unless your device also gets stolen, the <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager is difficult to break into.</p>
<p><span class="p-content"> </span></p>
<p style="text-align: justify; ">As for whether <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>managers are themselves safe, experts concede they are a prime target for hackers who know that the information stored within will be valuable. "The <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>manager is safe provided you set a strong master <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password.</a> Your <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>should have at least 13 characters of which two should be small, two should be in capital, two should be random numbers, and two should be special characters. Using a word that is not there in the dictionary will enhance its strength. Keep changing your master <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>every three-six months," says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru. Since their primary job is to provide security, most <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>managers do have strong security practices, he adds.</p>
<p><span class="p-content">Most <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Password" target="_blank">password </a>managers offer a free account but you have to pay to use their advanced security features.</span></p>
<div></div>
<div style="text-align: justify; "></div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-may-23-2017-zomato-hack-you-need-to-enhance-online-security-with-a-password-manager'>https://cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-may-23-2017-zomato-hack-you-need-to-enhance-online-security-with-a-password-manager</a>
</p>
No publisherpraskrishnaCyber SecurityInternet GovernancePrivacy2017-05-23T15:54:50ZNews ItemYour telco could help spy on you
https://cis-india.org/news/livemint-july-30-2013-joji-thomas-philip-leslie-d-monte-shauvik-ghosh-your-telco-could-help-spy-on-you
<b>Telecom minister gives approval to changes in rules for mobile licences to enable such mass surveillance.</b>
<hr />
<p style="text-align: justify; ">The article by Joji Thomas Philip, Leslie D'Monte and Shauvik Ghosh was originally <a class="external-link" href="http://www.livemint.com/Politics/rpWFiDJroLgpLQ6yKdR3pJ/Telcos-to-soon-link-with-government-monitoring-system.html">published in Livemint</a> on July 30, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Telecom companies and Internet service providers will soon help the government monitor every call made, every email sent and every website visited, with the Centre deciding to connect their networks to its automated surveillance platform known as the Centralised Monitoring System (CMS).</p>
<p style="text-align: justify; ">Communications minister <span class="person"><a href="http://www.livemint.com/Search/Link/Keyword/Kapil%20Sibal">Kapil Sibal</a></span> has approved changes in existing rules and new clauses to be inserted in mobile licences for enabling such mass surveillance, copies of documents reviewed by <i>Mint</i> reveal.</p>
<table class="invisible">
<tbody>
<tr>
<th><iframe frameborder="0" height="250" src="http://www.youtube.com/embed/o1r6OSv-WyI" width="320"></iframe></th>
<td style="text-align: justify; ">
<p>The department of telecommunications (DoT) will shortly send a letter to all telcos asking them to connect their “lawful interception system (LIS)” to the CMS “at a regional monitoring centre through an interception, store and forward (ISF) server placed in the licensee’s premises”, according to the documents.</p>
<p>Telcos including <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Bharat%20Sanchar%20Nigam%20Ltd">Bharat Sanchar Nigam Ltd</a></span> (<span class="brand"><a href="http://www.livemint.com/Search/Link/Keyword/BSNL">BSNL</a></span>), <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Mahanagar%20Telephone%20Nigam%20Ltd">Mahanagar Telephone Nigam Ltd </a></span>(MTNL), <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Reliance%20Communications%20Ltd">Reliance Communications Ltd</a></span>, <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Bharti%20Airtel%20Ltd">Bharti Airtel Ltd</a></span>, <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Vodafone%20India%20Ltd">Vodafone India Ltd</a></span> and <span class="company"><a href="http://www.livemint.com/Search/Link/Keyword/Tata%20TeleServices%20Ltd">Tata TeleServices Ltd</a></span> declined to comment on questions emailed in this regard.</p>
<p> </p>
</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">“The automated process of the CMS will be subjected to the same regulatory scrutiny as is available in the present manual system under Section 5(2) of Indian Telegraph Act and Rules 419-A thereunder, with the added advantage of having a safeguard against any illegal provisioning by the telecom service providers in the present system, however, remote it may be,” DoT said in an email reply to a questionnaire with a brief on CMS.</p>
<p style="text-align: justify; ">“Safeguard has also been built against any unauthorized provisioning by having a different interception provisioning agency than the interception requisitioning and monitoring agencies thus having an inbuilt system of checks and balances. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” DoT said.</p>
<p style="text-align: justify; ">The CMS was approved by the cabinet committee on security (CCS) on 16 June 2011, with government funding of Rs.400 crore. It is expected to enable the government to monitor all forms of communication, from emails to online activity to phone calls, text messages and faxes by automating the existing process of interception and monitoring. The government completed a pilot project in September 2011 under which the Centre for Development of Telematics (C-DoT) installed two ISF servers, one of them for MTNL.</p>
<p style="text-align: justify; ">“The interception services have been integrated and tested successfully for these two telecom services providers (TSPs),” the note said, referring to MTNL and Tata Communications Ltd. MTNL officials declined to comment. There was no response to queries by Tata Communications.</p>
<p style="text-align: justify; ">It added that training had been imparted to six law enforcement agencies—the Intelligence Bureau, the Central Bureau of Investigation, the Directorate of Revenue Intelligence, the Research and Analysis Wing, the Delhi Police and the National Investigation Agency.</p>
<p style="text-align: justify; ">However, the documents also reveal that the CMS project is getting delayed over technical issues such as lawful interception systems sending the intercept-related information (IRI) in “their own proprietary format”; difficulty in tracing the movement of “the target from the home network to the roaming network”; and how to independently provision voice and data interception of mobile users.</p>
<p style="text-align: justify; ">The government is simultaneously devising a strategy to counter criticism from the media and privacy lobby groups that this surveillance platform has no privacy safeguards. Mint reported on 13 July that fresh questions were raised on the CMS infringing on the rights of individuals, especially in the wake of the US government’s PRISM surveillance project.</p>
<p style="text-align: justify; ">In an internal note on 16 July to help Sibal brief the media, DoT said even as the CMS will automate the existing process of interception and monitoring “... all safeguards that are currently in place in the manual mode of interception will continue”.</p>
<p style="text-align: justify; ">The note argued that implementation of the CMS “will rather enhance the privacy of the citizens” since it will not be necessary to take the authorization (for tapping) to the nodal officer of the telecom service providers “who comes to know whose or which phone is being intercepted”. The note added that after the CMS is implemented, provisioning of interception will be done by a CMS authority, who would be different from the law enforcement agency authorities.</p>
<p style="text-align: justify; ">“The law enforcement agency (LEA) cannot provision for interception and monitoring and the CMS authority cannot see the content but would be able to provision the request from the LEA.Hence, complete check and balance will be ensured. Further, a non-erasable command log will be maintained by the system, which can be examined anytime for misuse, thus having an additional safeguard,” added the department’s note briefing the minister.</p>
<p style="text-align: justify; ">Also, acknowledging that “questions were being asked about the practices of Indian agencies and the privacy and rights of its citizens”, national security adviser <a href="http://www.livemint.com/Search/Link/Keyword/Shivshankar%20Menon">Shivshankar Menon</a> in a 23 June note to the ministries of home, external affairs and telecom, the department of electronics and information technology, and the cabinet secretary said: “Only home secretaries of the Centre and states can authorize such monitoring; orders are valid for two months, are not extendable beyond six months; records are to be maintained, use of storage is limited and a review committee of cabinet secretary, law secretary and secretary of the telecom department regularly screens all cases.”</p>
<p style="text-align: justify; ">Menon also admitted that when it came to individual privacy rights, there were “larger issues that needed serious consideration and wider consultation with industry, advocacy groups and NGOs (non-governmental organizations) as has been the case so far in the draft privacy Bill... For data protection and retention in India, however, there may be a need to consider legislation or strengthening existing legislation, as the march of technology has made most present laws irrelevant.”</p>
<p style="text-align: justify; ">Privacy experts are convinced that safeguards are needed, especially since India does not have a privacy law.</p>
<p style="text-align: justify; ">“To safeguard public interest, the government should also draft a law that will make it a criminal offence if a CMS authority is found in possession of any personal information culled through the CMS. That will prove to be a deterrent,” said <span class="person"><a href="http://www.livemint.com/Search/Link/Keyword/Sunil%20Abraham">Sunil Abraham</a></span>, executive director of the Centre for Internet and Society, a privacy lobby body. “Also, the government must build an audit trail using PKI (public key encryption) and people as an additional safeguard.”</p>
<p style="text-align: justify; ">“As I understand it, there is also no clear statutory backing for the CMS,” said <span class="person"><a href="http://www.livemint.com/Search/Link/Keyword/Apar%20Gupta">Apar Gupta</a></span>, a partner at law firm Advani and Co. that specializes in information technology (IT) law. “What is important is that every tapping order should be backed by a reason. This was the case with the manual process. Will this be possible in an automated surveillance system such as the CMS?”</p>
<p style="text-align: justify; ">“What is disturbing is that there is no transparency with regard to the CMS. Everything is happening under the radar with media reports periodically giving us glimpses into the project,” he said. “A state should protect its interests but should do so in a manner that safeguards privacy and limits abuse.”</p>
<p style="text-align: justify; ">According to the <i>Freedom on the Net 2012</i> report by Freedom House, an independent privacy watchdog body, of the 47 countries analysed, 19 had introduced new laws or other directives since January 2011 that could affect free speech online, violate users’ privacy, or punish individuals who post certain types of content. India, which scored 39 points out of 100 (score achieved out of 100 for censoring the Internet), was termed partly free by the report, which was released on 24 September.</p>
<p style="text-align: justify; ">Globally, 79% of the respondents in another study said they were concerned about their privacy online, with India (94%), Brazil (90%) and Spain (90%) showing the highest level of concern, according to a June survey undertaken by research firm ComRes, and commissioned by Big Brother Watch, an online privacy campaign.</p>
<p>
For more details visit <a href='https://cis-india.org/news/livemint-july-30-2013-joji-thomas-philip-leslie-d-monte-shauvik-ghosh-your-telco-could-help-spy-on-you'>https://cis-india.org/news/livemint-july-30-2013-joji-thomas-philip-leslie-d-monte-shauvik-ghosh-your-telco-could-help-spy-on-you</a>
</p>
No publisherpraskrishnaTelecomInternet GovernanceCensorshipPrivacy2013-07-30T06:13:07ZNews ItemYour private data may be online, courtesy govt
https://cis-india.org/news/business-standard-october-29-2013-somesh-jha-surabhi-agarwal-your-private-data-may-be-online-courtesy-govt
<b>Some depts have posted bank account & income details on net for transparency; experts cry privacy breach.</b>
<hr />
<p style="text-align: justify; ">The article by Somesh Jha and Surabhi Agarwal was <a class="external-link" href="http://www.business-standard.com/article/economy-policy/your-private-data-may-be-online-courtesy-govt-113102800020_1.html">published in the Business Standard</a> on October 29, 2013. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">To push the government's agenda of greater transparency and accountability, several states and central departments might be, unwittingly, following a bare-it-all approach in posting citizen data online. And, even sensitive and personal information, such as bank account numbers and income status, is not being spared. A Business Standard investigation reveals, with so much citizen data already in the public domain and more getting added every day, the government could be jeopardising the privacy of its 1.2 billion citizens, who stand exposed to a variety of risks, including those of 360-degree profiling and financial frauds.</p>
<p style="text-align: justify; ">For instance, the Centre's National Rural Employment Guarantee Scheme puts out full bank account numbers of its beneficiaries, along with details like the amount they received. So, one can easily know the bank in which most residents of, say, Punjab's Machhiwara district have their accounts. Also, their account numbers are complete, with photographs. In the case of Haryana's 25-year-old Ram (surname withheld), the photograph is not available but one can get his financial details on the portal, along with the first eight digits of his <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Aadhaar" target="_blank">Aadhaar</a> number (the last four have been muted).<br /> <br /> Sample this: The occupation and yearly income of one Amrita of Uttar Pradesh are just a matter of a few clicks and so are her ration card number, full address, age, father's/husband's name, category and poverty status. A farmer from Amethi district, she doesn't have a gas or an electricity connection, but Lucknow-based Manu, who earns Rs 4 lakh a year, does have. Amrita's yearly income is Rs 1.2 lakh a year. These details are all there on their respective ration cards, out in the open on the government website of Uttar Pradesh, a state that might have gone overboard in revealing citizen data under the ongoing computerisation of the public distribution system.<br /> <br /> "If people start publishing information like these and the government doesn't regulate it through a data protection law, criminal minds can harvest and combine all databases accurately," says Sunil Abraham, executive director of Centre for Internet and Society, a Bangalore based think-tank. People often create passwords and pins based on dates and numbers very important to them. "A little bit of intelligence and some amount of social engineering could lead to guesses... and financial fraud." Even by sifting through just three databases, it is quite easy to get a random person's details like voter identity card number, address, name, age, date of birth, ration card number, information on family members, along with income status and photograph.<br /> <br /> One can argue the electoral roll is a public document and there is nothing wrong with a person's voter identity card number, full address, name, age, father's name and even date of birth being easily searcheable online. But a few states like Uttarakhand have even published photographs, an element barred from online posting under the law. Experts argue a massive digitisation exercise is underway in the country and, with the lack of standards and clear advisories from the Centre, the situation could worsen in the future.<br /> <br /> A Cabinet minister, who did not wish to be named, said there was a continuous tug-of-war between the imperative of privacy, which doesn't allow you to share information; and transparency, which says you should share it. "Also, the Right to Information Act says if somebody is receiving government subsidy, it is public information." However, the Indian laws might not be consistent on this issue as "under Section 43a of the Information Technology Act, any kind of financial information is classified as 'sensitive personal information' and can't be put online," says an official of the communications and information technology ministry who has closely worked on drafting of the IT Act.<br /> <br /> But, the IT Act provides an exception for matters covered under the RTI Act. This could infer that when the recently-approved Food Security Act comes into being, the income status of two-thirds of the population (that the Act covers) could be posted online. Also, the law would permit bank account numbers of beneficiaries of various welfare schemes like cooking gas subsidy under the ongoing direct benefit transfer scheme to be made public, as subsidies are transferred directly to accounts under the project.<br /> <br /> A statement from the office of Rural Development Minister <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Jairam+Ramesh" target="_blank">Jairam Ramesh</a> explained the National Rural Employment Guarantee Act provided for "making available for public scrutiny" all accounts and records related to the scheme. It added "there appears to be no evident risk of misappropriation or financial fraud". Sudhir Kumar, secretary in the Department of Food and Public Distribution, says the whole system needs to be transparent, especially when huge government subsidy is going out in the case of PDS. However, "if states are putting unnecessary details online, it can be looked into". Deputy Election Commissioner Alok Shukla says, according to an EC order, states are not allowed to put photographs of voters online to ensure their privacy is safeguarded. These will be removed if such cases are found. He adds a standard protocol is also being worked out for states.</p>
<p>
For more details visit <a href='https://cis-india.org/news/business-standard-october-29-2013-somesh-jha-surabhi-agarwal-your-private-data-may-be-online-courtesy-govt'>https://cis-india.org/news/business-standard-october-29-2013-somesh-jha-surabhi-agarwal-your-private-data-may-be-online-courtesy-govt</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2013-10-29T05:50:59ZNews ItemYour mobile apps have the permission to spy on you
https://cis-india.org/internet-governance/news/economic-times-march-30-2018-your-mobile-apps-have-the-permission-to-spy-on-you
<b>The top applications on the Android Play store in India seek permission like access to your camera, microphone, modify contacts and download files without notifications depending on the use of the app.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://economictimes.indiatimes.com/small-biz/startups/newsbuzz/your-mobile-apps-have-the-permission-to-spy-on-you/articleshow/63541312.cms">Economic Times</a> on March 30, 2018. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; ">“What we need is, not just knowing what permissions are being sought, but <span>why they need such permissions,” said Pranesh Prakash, policy director of the Centre for Internet and Society.</span></p>
<p style="text-align: justify; "><img alt="Untitled-2" src="https://economictimes.indiatimes.com/img/63541363/Master.jpg" /></p>
<p style="text-align: justify; ">Companies such as TrueCaller say that app developers should only be permitted to collect data that they can demonstrate as proportionate and “necessary for the stated purpose of their service”.</p>
<p style="text-align: justify; ">An Uber spokesperson said they provide users with an option to turn off certain permissions like location and phone contacts within the privacy settings on app along with explanations on what data they collect and the reason behind it. Others declined comment.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/economic-times-march-30-2018-your-mobile-apps-have-the-permission-to-spy-on-you'>https://cis-india.org/internet-governance/news/economic-times-march-30-2018-your-mobile-apps-have-the-permission-to-spy-on-you</a>
</p>
No publisherAdminInternet GovernancePrivacy2018-04-03T15:48:47ZNews ItemYour life's an open Facebook
https://cis-india.org/news/dna-july-21-2013-shikha-kumar-your-life-is-an-open-facebook
<b>The jury's out on Facebook's newly introduced Graph Search. While some argue that it's a stalker's dream come true, others say it's a great tool for social research. Shikha Kumar jumps right into the debate.</b>
<hr />
<p style="text-align: justify; "><a class="external-link" href="http://www.dnaindia.com/lifestyle/1863603/report-your-life-s-an-open-facebook">Shikha Kumar's article was published in DNA on July 21, 2013</a>. Sunil Abraham is quoted.</p>
<hr />
<p style="text-align: justify; ">Do this little exercise. Log on to Facebook and type ‘friends of friends who are single’ or ‘friends of friends who like dancing’ in the search bar on the top left hand of the screen. A long list of names with photographs of people you may have never seen in your life will pop up in front of you. Better still (or worse, depending on perspective), you can refine this search further with the drop down menu on the right hand side of the screen; you can filter the results on the basis of gender, employer, current city, hometown and so on.</p>
<p style="text-align: justify; ">Now, depending on whether you are paranoid about your privacy, or don’t give a damn (since the government is snooping on us anyway), you will either view this feature as a stalker’s dream come true or just another irritant to rant about for a day and then forget.</p>
<p style="text-align: justify; ">Whatever your reaction, Graph Search, an upgrade on Facebook’s rudimentary ‘search’, is here to stay and it holds the potential to forever change the ‘search’ behaviour of its members.</p>
<p style="text-align: justify; ">HOW DOES IT WORK?<br /> Put simply, Graph Search is the Google search of Facebook. It indexes every little detail you have shared on Facebook — every drunken ‘like’, every status update, every unflattering photograph you are tagged in, every joke you’ve shared — so that a simple search can throw up pretty specific answers. A beta version was unveiled to a select audience in January but it went live for all English (US) users early last week.</p>
<p style="text-align: justify; ">A look at a Tumblr blog called ‘Actual Facebook Graph Searches’ gives an indication of how specific the results can get. Ranging from humorous to downright outrageous, some queries posted included ‘Single women who live nearby and who are interested in men and like Getting Drunk’ and ‘Married people who like Prostitutes.’</p>
<p style="text-align: justify; ">This is exactly why people like Adarsh Matham, a 29-year-old tech writer, cite as reason for never having been on Facebook. While he does admit the new feature can be very useful in finding jobs, dates, new friends and local businesses, he says the downsides trump the benefits. “Imagine if some pervert searches for ‘girls who like Fifty Shades of Grey in Mumbai’… It will make it easier for him to stalk them,” says Matham.</p>
<p style="text-align: justify; ">If you use your imagination, the list won’t end. Imagine what perverts at your workplace and in your apartment complex who are not ‘friends’ with you on Facebook can do with information they glean about you thanks to Graph Search.</p>
<p style="text-align: justify; ">Matham is particularly concerned with Graph Search’s misuse in India because of our social attitudes and tendency to slot people into types and judge them immediately. “One of the first things that people do when they go for a job or on a date is a Google search. Soon they will do a Graph Search too. This is a complete intrusion of one’s privacy.”</p>
<p style="text-align: justify; ">Sunil Abraham, director at the Bangalore-based Centre for Internet and Society, thinks the privacy implications are worrying because the average Indian user is not a ‘power’ user who fully exploits the site’s advanced features and is thus unclear about what personal information is public or private. “People need to be very cautious as they’re leaving behind a digital trail that is always searchable unlike on other platforms like Twitter. It’s like tattooing yourself, it’s permanent but you may not be comfortable with it in the future,” he says.</p>
<p style="text-align: justify; "><b>A brilliant format</b><br /> Privacy concerns aside, many have warmed up to the benefits of Graph Search. Raghu Mohan, a Bangalore-based writer with YourStory.in, has used it for over six months and has only good things to say about it. “I think it’s a remarkable engineering feat. Any platform with a user data of over a billion people needs to come up with such a search facility,” says Mohan, adding that the tool has been very useful in finding work-related data.</p>
<p style="text-align: justify; ">Chetan Asher, founder and CEO of Tonic Media, a social media agency, agrees with him, saying the new feature is “very exciting” purely because of its ability to index information that was always there, but was buried somewhere. “The simple phrase-like format is brilliant… It completely changes the way you network and mine for information.”</p>
<p style="text-align: justify; ">Mohan adds that start-ups can benefit with what the feature offers. “Though not a complete marketing tool, Graph Search patterns can also provide more targeted behaviour for advertisers.” Mohan also looks at the feature as a social influencer. “If I’m looking to buy a new car, I’d rather use Graph Search to find out opinions based on my friends’ recommendations than a web search involving strangers,” he says.</p>
<p style="text-align: justify; ">From his experience, Asher says that the site doesn’t compromise the privacy settings that the user has set. But Ankit Tuteja, a 23-year-old technology expert in Delhi, would beg to differ with this. Tuteja has experimented with random searches to gauge how the feature worked with different privacy settings and found that Facebook tends to override certain security settings. “The security of your photographs are a major cause for concern,” he cautions.</p>
<p style="text-align: justify; ">For those concerned about privacy, it’s best to think carefully before ‘liking’ or uploading anything as it will remain in the digital realm forever, says Abraham. Mohan shrugs off privacy concerns as overrated. “You lost your personal life when you went online. Stalking can happen otherwise too.”</p>
<p style="text-align: justify; ">This innovation is clearly important to the company. While Asher says it is part of Facebook’s long-term plans to move beyond networking, Abraham says that faced with slow overall growth globally (except in markets like India), such innovations are just an attempt to keep its user base intact.</p>
<p style="text-align: justify; "><b>The more things change...</b><br /> Whatever the reaction, Facebook is probably banking on the fact that after initial protests and social media debates, people will come around to accepting this intrusion into their private lives.</p>
<p style="text-align: justify; ">The American news satire website The Onion pretty much nailed this when, in a satirical piece, it ‘quoted’ Zuckerberg as saying: “Facebook will introduce a bunch of new features that everyone will hate, that will make your experience worse, you will complain about it, and then you will realize you are utterly powerless to do anything about these new features, at which point you will move on and continue to use our product every single day. Any users who strongly disagree with their policy should feel free to deactivate their accounts and reactivate them two days later.”</p>
<p style="text-align: justify; ">Admit it, you’ll probably be one of them.</p>
<p>
For more details visit <a href='https://cis-india.org/news/dna-july-21-2013-shikha-kumar-your-life-is-an-open-facebook'>https://cis-india.org/news/dna-july-21-2013-shikha-kumar-your-life-is-an-open-facebook</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2013-07-26T04:53:11ZNews ItemYour digital wallet can be a ‘pickpocket’
https://cis-india.org/internet-governance/news/hindu-samarth-bansal-december-5-2016-your-digital-wallet-can-be-a-pickpocket
<b>If you have installed a wallet app on your smartphone, be careful. Many such apps can access data, even sensitive personal information, and have features that do more than just make payments. All that, with your due “permission”.
</b>
<p style="text-align: justify; ">The article by Samarth Bansal was <a href="http://www.thehindu.com/news/national/Your-digital-wallet-can-be-a-%E2%80%98pickpocket%E2%80%99/article16760772.ece?utm_source=RSS_Feed&utm_medium=RSS&utm_campaign=RSS_Syndication">published in the Hindu</a> on December 5, 2016. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; "><br />When installing them, the apps display a list of permissions. The user is prompted to either grant permission to access to SMSs, call records and so on or decline, but the latter means rejecting the download. Barring a small fraction of tech-savvy users, most go with the flow, ignoring the permissions section.<br /><br />The Hindu reviewed permissions sought by five wallet applications: MobiKwik, Freecharge, PayTM, Jio Money and Airtel Money.<br /><br />Freecharge and Jio Money seek permission to “directly call phone numbers”. The app can call up numbers without notifying you. In fact, Freecharge asks to “read call log”. All five require permission to “read contacts”, which, as PayTM mentions, “gives you the ability to pick a number from contacts for a quick recharge or bill payment” or “helps you send and request money from friends”. FreeCharge and PayTM ask permission to “modify contacts” and “record audio”.<br /><br />PayTM is the only one that requests to “read your web bookmarks and history”. According to AndroidPit, an Android-centred news portal, this permission is needed for alternative browsers, back-up tools and possibly some social networking apps. For the rest, it is possibly a way to “spy on user’s browsing behaviour”, the portal says.<br />Wealth of data<br /><br />Pranesh Prakash, policy director at the Centre for Internet and Society, told The Hindu that access to a wealth of data about the user enables various other business models.<br /><br />“A mobile wallet application, using location tracking data, can tell a user about the discounts available on a nearby store if the payment is conducted using that platform. If the user is not explicitly made aware of such usage of data, I would call it a misuse of information,” he said. Note that “precise” location tracking feature, via GPS or mobile network, is a feature requested by all.<br /><br />For PayTM, there is a mismatch between the complete set of permissions it asks for — as stated in the app store — and the ones it mentions on a dedicated page on its website explaining “PayTM app permissions”. Apart from the six basic features, there is no mention about functions like location tracking or reading web history — which it requires — on the web page.<br /><br />“In this regard, PhonePe [another wallet app] is the model to follow: it clearly states the permissions it is seeking and explains why it needs each one of those at the time of set-up.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/hindu-samarth-bansal-december-5-2016-your-digital-wallet-can-be-a-pickpocket'>https://cis-india.org/internet-governance/news/hindu-samarth-bansal-december-5-2016-your-digital-wallet-can-be-a-pickpocket</a>
</p>
No publisherpraskrishnaInternet GovernanceData ManagementPrivacy2016-12-05T01:44:29ZNews ItemWSIS+10 High-Level Event: Open Consultation Process
https://cis-india.org/news/wsis-high-level-event-open-consultation-process
<b>Jyoti Panday represented the Centre for Internet and Society (CIS) at the WSIS+10 High-Level Event:Open Consultation Process held in Geneva from May 28 to 31, 2014. </b>
<p style="text-align: justify; ">The Fifth Physical Meeting marked Phase Six of the Open Consultation Process for the WSIS+10 High-Level Event (HLE) to be held in Geneva from June 10 to 13, 2014.</p>
<p style="text-align: justify; ">The meeting saw the culmination of the multistakeholder review process on the WSIS+10 Statement on the Implementation of the WSIS Outcomes and the WSIS+10 Vision for WSIS Beyond 2015.</p>
<p style="text-align: justify; ">CIS made interventions on text related to increasing women's participation, freedom of expression, media rights, data privacy, network security and human rights.</p>
<p style="text-align: justify; ">CIS also endorsed text on action line 'Media' which reaffirmed committment to freedom of expression, data privacy and media rights offline and online including protection of sources, publishers and journalists.</p>
<hr />
<p style="text-align: justify; "><a href="https://cis-india.org/internet-governance/blog/wsis-final-agreed-draft.pdf" class="internal-link">Download the final agreed draft</a> of the WSIS+10 Statement on the Implementation of WSIS Outcomes that will be deliberated upon and agreed at the HLE, for your reference.</p>
<p>
For more details visit <a href='https://cis-india.org/news/wsis-high-level-event-open-consultation-process'>https://cis-india.org/news/wsis-high-level-event-open-consultation-process</a>
</p>
No publisherpraskrishnaFreedom of Speech and ExpressionInternet GovernancePrivacy2014-06-04T10:14:01ZNews ItemWSIS+10 High Level Event: A Bird's Eye Report
https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report
<b>The WSIS+10 High Level was organised by the ITU and collaborative UN entities on June 9-13, 2014. It aimed to evaluate the progress on implementation of WSIS Outcomes from Geneva 2003 and Tunis 2005, and to envision a post-2015 Development Agenda. Geetha Hariharan attended the event on CIS' behalf.</b>
<p style="text-align: justify; "><span>The World Summit on Information Society (WSIS) +10 </span><a href="http://www.itu.int/wsis/implementation/2014/forum/">High Level Event</a><span> (HLE) was hosted at the ITU Headquarters in Geneva, from June 9-13, 2014. The HLE aimed to review the implementation and progress made on information and communication technology (ICT) across the globe, in light of WSIS outcomes (</span><a href="http://www.itu.int/wsis/index-p1.html">Geneva 2003</a><span> and </span><a href="http://www.itu.int/wsis/index-p2.html">Tunis 2005</a><span>). Organised in three parallel tracks, the HLE sought to take stock of progress in ICTs in the last decade (High Level track), initiate High Level Dialogues to formulate the post-2015 development agenda, as well as host thematic workshops for participants (Forum track).</span><span> </span></p>
<h3 style="text-align: justify; ">The High Level Track:</h3>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/copy2_of_HighLevelTrack.jpg/@@images/be5f993c-3553-4d63-bb66-7cd16f8407dc.jpeg" alt="High Level Track" class="image-inline" title="High Level Track" /></p>
<p style="text-align: justify; "><i>Opening Ceremony, WSIS+10 High Level Event </i>(<a class="external-link" href="https://twitter.com/ITU/status/334587247556960256/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level track opened officially on June 10, 2014, and culminated with the endorsement by acclamation (as is ITU tradition) of two <a href="http://www.itu.int/wsis/implementation/2014/forum/inc/doc/outcome/362828V2E.pdf">Outcome Documents</a>. These were: (1) WSIS+10 Statement on the Implementation of WSIS Outcomes, taking stock of ICT developments since the WSIS summits, (2) WSIS+10 Vision for WSIS Beyond 2015, aiming to develop a vision for the post-2015 global information society. These documents were the result of the WSIS+10 <a href="http://www.itu.int/wsis/review/mpp/">Multi-stakeholder Preparatory Platform</a> (MPP), which involved WSIS stakeholders (governments, private sector, civil society, international organizations and relevant regional organizations).</p>
<p style="text-align: justify; ">The <strong>MPP</strong> met in six phases, convened as an open, inclusive consultation among WSIS stakeholders. It was not without its misadventures. While ITU Secretary General Dr. Hamadoun I. Touré consistently lauded the multi-stakeholder process, and Ambassador Janis Karklins urged all parties, especially governments, to “<i>let the UN General Assembly know that the multi-stakeholder model works for Internet governance at all levels</i>”, participants in the process shared stories of discomfort, disagreement and discord amongst stakeholders on various IG issues, not least human rights on the Internet, surveillance and privacy, and multi-stakeholderism. Richard Hill of the Association for Proper Internet Governance (<a href="http://www.apig.ch/">APIG</a>) and the Just Net Coalition writes that like NETmundial, the MPP was rich in a diversity of views and knowledge exchange, but stakeholders <a href="http://www.ip-watch.org/2014/06/16/what-questions-did-the-wsis10-high-level-event-answer/">failed to reach consensus</a> on crucial issues. Indeed, Prof. Vlamidir Minkin, Chairman of the MPP, expressed his dismay at the lack of consensus over action line C9. A compromise was agreed upon in relation to C9 later.<span> </span></p>
<p style="text-align: justify; ">Some members of civil society expressed their satisfaction with the extensive references to human rights and rights-centred development in the Outcome Documents. While governmental opposition was seen as frustrating, they felt that the <strong><span style="text-decoration: underline;">MPP had sought and achieved a common understanding</span></strong>, a sentiment <a href="https://twitter.com/covertlight/status/476748168051580928">echoed</a> by the ITU Secretary General. Indeed, even Iran, a state that had expressed major reservations during the MPP and felt itself unable to agree with the text, <a href="https://twitter.com/covertlight/status/476748723750711297">agreed</a> that the MPP had worked hard to draft a document beneficial to all.</p>
<p style="text-align: justify; ">Concerns around the MPP did not affect the <strong><span style="text-decoration: underline;">review of ICT developments</span></strong> over the last decade. High Level Panels with Ministers of ICT from states such as Uganda, Bangladesh, Sweden, Nigeria, Saudi Arabia and others, heads of the UN Development Programme, UNCTAD, Food and Agriculture Organisation, UN-WOMEN and others spoke at length of rapid advances in ICTs. The focus was largely on ICT access and affordability in developing states. John E. Davies of Intel repeatedly drew attention to innovative uses of ICTs in Africa and Asia, which have helped bridge divides of affordability, gender, education and capacity-building. Public-private partnerships were the best solution, he said, to affordability and access. At a ceremony evaluating implementation of WSIS action-lines, the Centre for Development of Advanced Computing (C-DAC), India, <a href="https://twitter.com/covertlight/status/476748723750711297">won an award</a> for its e-health application MOTHER.</p>
<p style="text-align: justify; "><span>The Outcome Documents themselves shall be analysed in a separate post. But in sum, the dialogue around Internet governance at the HLE centred around the success of the MPP. Most participants on panels and in the audience felt this was a crucial achievement within the realm of the UN, where the Tunis Summit had delineated strict roles for stakeholders in paragraph 35 of the </span><a href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">Tunis Agenda</a><span>. Indeed, there was palpable relief in Conference Room 1 at the </span><a href="http://www.cicg.ch/en/">CICG</a><span>, Geneva, when on June 11, Dr. Touré announced that the Outcome Documents would be adopted without a vote, in keeping with ITU tradition, even if consensus was achieved by compromise.</span></p>
<h3 style="text-align: justify; ">The High Level Dialogues:</h3>
<p style="text-align: justify; "><img src="https://cis-india.org/internet-governance/blog/HighLevelDialogues.jpg/@@images/3c30d94f-7a65-4912-bb42-2ccd3b85a18d.jpeg" alt="High Level Dialogues" class="image-inline" title="High Level Dialogues" /></p>
<p style="text-align: justify; "><i>Prof. Vladimir Minkin delivers a statement.</i> (<a class="external-link" href="https://twitter.com/JaroslawPONDER/status/476288845013843968/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The High Level Dialogues on developing a post-2015 Development Agenda, based on WSIS action lines, were active on June 12. Introducing the Dialogue, Dr. Touré lamented the Millennium Development Goals as a “<i>lost opportunity</i>”, emphasizing the need to alert the UN General Assembly and its committees as to the importance of ICTs for development.</p>
<p style="text-align: justify; ">As on previous panels, there was <strong><span style="text-decoration: underline;">intense focus on access, affordability and reach in developing countries</span></strong>, with Rwanda and Bangladesh expounding upon their successes in implementing ICT innovations domestically. The world is more connected than it was in 2005, and the ITU in 2014 is no longer what it was in 2003, said speakers. But we lack data on ICT deployment across the globe, said Minister Knutssen of Sweden, recalling the gathering to the need to engage all stakeholders in this task. Speakers on multiple panels, including the Rwandan Minister for CIT, Marilyn Cade of ICANN and Petra Lantz of the UNDP, emphasized the need for ‘smart engagement’ and capacity-building for ICT development and deployment.</p>
<p style="text-align: justify; ">A crucial session on cybersecurity saw Dr. Touré envision a global peace treaty accommodating multiple stakeholders. On the panel were Minister Omobola Johnson of Nigeria, Prof. Udo Helmbrecht of the European Union Agency for Network and Information Security (ENISA), Prof. A.A. Wahab of Cybersecurity Malaysia and Simon Muller of Facebook. The focus was primarily on building laws and regulations for secure communication and business, while child protection was equally considered.<span> </span></p>
<p style="text-align: justify; ">The lack of laws/regulations for cybersecurity (child pornography and jurisdictional issues, for instance), or other legal protections (privacy, data protection, freedom of speech) in rapidly connecting developing states was noted. But the <strong><span style="text-decoration: underline;">question of cross-border surveillance and wanton violations of privacy went unaddressed</span></strong> except for the customary, unavoidable mention. This was expected. Debates in Internet governance have, in the past year, been silently and invisibly driven by the Snowden revelations. So too, at WSIS+10 Cybersecurity, speakers emphasized open data, information exchange, data ownership and control (the <a href="https://cis-india.org/internet-governance/blog/ecj-rules-internet-search-engine-operator-responsible-for-processing-personal-data-published-by-third-parties">right to be forgotten</a>), but did not openly address surveillance. Indeed, Simon Muller of Facebook called upon governments to publish their own transparency reports: A laudable suggestion, even accounting for Facebook’s own undetailed and truncated reports.</p>
<p style="text-align: justify; ">In a nutshell, the post-2015 Development Agenda dialogues repeatedly emphasized the importance of ICTs in global connectivity, and their impact on GDP growth and socio-cultural change and progress. The focus was on taking this message to the UN General Assembly, engaging all stakeholders and creating an achievable set of action lines post-2015.</p>
<h3 style="text-align: justify; ">The Forum Track:</h3>
<p><img src="https://cis-india.org/internet-governance/blog/copy_of_ForumTrack.jpg/@@images/dfcce68a-18d7-4f1e-897b-7208bb60abc9.jpeg" alt="Forum Track" class="image-inline" title="Forum Track" /></p>
<p><i>Participants at the UNESCO session on its Comprehensive Study on Internet-related Issues</i> (<a class="external-link" href="https://twitter.com/leakaspar/status/476690921644646400/photo/1">Source</a>)</p>
<p style="text-align: justify; ">The HLE was organized as an extended version of the WSIS Forum, which hosts thematic workshops and networking opportunities, much like any other conference. Running in parallel sessions over 5 days, the WSIS Forum hosted sessions by the ITU, UNESCO, UNDP, ICANN, ISOC, APIG, etc., on issues as diverse as the WSIS Action Lines, the future of Internet governance, the successes and failures of <a href="http://www.internetgovernance.org/2012/12/18/itu-phobia-why-wcit-was-derailed/">WCIT-2012</a>, UNESCO’s <a href="http://www.unesco.org/new/internetstudy">Comprehensive Study on Internet-related Issues</a>, spam and a taxonomy of Internet governance.<span> </span></p>
<p style="text-align: justify; ">Detailed explanation of each session I attended is beyond the scope of this report, so I will limit myself to the interesting issues raised.<span> </span></p>
<p style="text-align: justify; ">At ICANN’s session on its own future (June 9), Ms. Marilyn Cade emphasized the <strong><span style="text-decoration: underline;">importance of national and regional IGFs</span></strong> for both issue-awareness and capacity-building. Mr. Nigel Hickson spoke of engagement at multiple Internet governance fora: “<i>Internet governance is not shaped by individual events</i>”. In light of <a href="http://www.internetgovernance.org/2014/04/16/icann-anything-that-doesnt-give-iana-to-me-is-out-of-scope/">criticism</a> of ICANN’s apparent monopoly over IANA stewardship transition, this has been ICANN’s continual <a href="https://www.icann.org/resources/pages/process-next-steps-2014-06-06-en">response</a> (often repeated at the HLE itself). Also widely discussed was the <strong><span style="text-decoration: underline;">role of stakeholders in Internet governance</span></strong>, given the delineation of roles and responsibilities in the Tunis Agenda, and governments’ preference for policy-monopoly (At WSIS+10, Indian Ambassador Dilip Sinha seemed wistful that multilateralism is a “<i>distant dream</i>”).<span> </span></p>
<p style="text-align: justify; ">This discussion bore greater fruit in a session on Internet governance ‘taxonomy’. The session saw <a href="https://www.icann.org/profiles/george-sadowsky">Mr. George Sadowsky</a>, <a href="http://www.diplomacy.edu/courses/faculty/kurbalija">Dr. Jovan Kurbalija</a>, <a href="http://www.williamdrake.org/">Mr. William Drake</a> and <a href="http://www.itu.int/wsis/implementation/2014/forum/agenda/session_docs/170/ThoughtsOnIG.pdf">Mr. Eliot Lear</a> (there is surprisingly no official profile-page on Mr. Lear) expound on dense structures of Internet governance, involving multiple methods of classification of Internet infrastructure, CIRs, public policy issues, etc. across a spectrum of ‘baskets’ – socio-cultural, economic, legal, technical. Such studies, though each attempting clarity in Internet governance studies, indicate that the closer you get to IG, the more diverse and interconnected the eco-system gets. David Souter’s diagrams almost capture the flux of dynamic debate in this area (please see pages 9 and 22 of <a href="http://www.internetsociety.org/sites/default/files/ISOC%20framework%20for%20IG%20assessments%20-%20D%20Souter%20-%20final_0.pdf">this ISOC study</a>).</p>
<p style="text-align: justify; ">There were, for most part, insightful interventions from session participants. Mr. Sadowsky questioned the effectiveness of the Tunis Agenda delineation of stakeholder-roles, while Mr. Lear pleaded that techies be let to do their jobs without interference. <a href="http://internetdemocracy.in/">Ms. Anja Kovacs</a> raised pertinent concerns about <strong><span style="text-decoration: underline;">including voiceless minorities in a ‘rough consensus’ model</span></strong>. Across sessions, <strong><span style="text-decoration: underline;">questions of mass surveillance, privacy and data ownership rose</span></strong> from participants. The protection of human rights on the Internet – especially freedom of expression and privacy – made continual appearance, across issues like spam (<a href="http://www.itu.int/ITU-D/CDS/sg/rgqlist.asp?lg=1&sp=2010&rgq=D10-RGQ22.1.1&stg=1">Question 22-1/1</a> of ITU-D Study Group 1) and cybersecurity.</p>
<h3 style="text-align: justify; ">Conclusion:</h3>
<p style="text-align: justify; ">The HLE was widely attended by participants across WSIS stakeholder-groups. At the event, a great many relevant questions such as the future of ICTs, inclusions in the post-2015 Development Agenda, the value of muti-stakeholder models, and human rights such as free speech and privacy were raised across the board. Not only were these raised, but cognizance was taken of them by Ministers, members of the ITU and other collaborative UN bodies, private sector entities such as ICANN, technical community such as the ISOC and IETF, as well as (obviously) civil society.<span> </span></p>
<p style="text-align: justify; ">Substantively, the HLE did not address mass surveillance and privacy, nor of expanding roles of WSIS stakeholders and beyond. Processually, the MPP failed to reach consensus on several issues comfortably, and a compromise had to be brokered.</p>
<p style="text-align: justify; "><span>But perhaps a big change at the HLE was the positive attitude to multi-stakeholder models from many quarters, not least the ITU Secretary General Dr. Hamadoun Touré. His repeated calls for acceptance of multi-stakeholderism left many members of civil society surprised and tentatively pleased. Going forward, it will be interesting to track the ITU and the rest of UN’s (and of course, member states’) stances on multi-stakeholderism at the ITU Plenipot, the WSIS+10 Review and the UN General Assembly session, at the least.</span></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report'>https://cis-india.org/internet-governance/blog/wsis-10-high-level-event-a-birds-eye-report</a>
</p>
No publishergeethaWSIS+10PrivacyCybersecurityHuman Rights OnlineSurveillanceFreedom of Speech and ExpressionInternet GovernanceFacebookData ProtectionMulti-stakeholderICANNInternet AccessITUInternet StudiesE-GovernanceICT2014-06-20T15:57:32ZBlog EntryWorldwide: International Privacy - 2013 Year in Review - Asia
https://cis-india.org/news/mondaq-january-8-2014-gonzalo-s-zeballos-james-a-sherer-alan-m-pate-worldwide-international-privacy-2013-year-in-review-asia
<b>Asian Data Privacy Updates</b>
<p>The article by Gonzalo S. Zeballos, James A. Sherer and Alan M. Pate was <a class="external-link" href="http://www.mondaq.com/x/284334/Data+Protection+Privacy/International+Privacy+2013+Year+in+Review+Asia">published in Mondaq's yearly review</a> on January 8, 2014.</p>
<hr />
<h3>China</h3>
<p style="text-align: justify; ">China's Personal Information Protection Law Proposal was submitted to the State Council in 2008, which was followed by the Ministry of Industry and Information Technology's non-binding <a href="http://www.taylorwessing.com/globaldatahub/article_china_dp.html." target="_blank">Internet Information Services Market Order Provisions of 2011</a>. However, little direct progress was made until the standing committee of the National People's Congress (NPC) introduced its <a href="http://www.loc.gov/lawweb/servlet/lloc_news?disp3_l205403445_text." target="_blank">Decision on Strengthening Internet Information</a> Protection (the Decision) on December 28, 2012. Echoing Directive 95/46/EC in the EU by stipulating that the collection and use of information will be "legitimate, proper, and necessary," the Decision seeks to protect network information security; the lawful interest of citizens, legal persons, and other organizations; and safeguard <a href="http://privacylaw.proskauer.com/2013/02/articles/online-privacy/china-introduces-new-data-privacy-law/" target="_blank">China's security and social order</a> through its Articles.</p>
<p style="text-align: justify; ">he Decision's first Article states that "[n]o organization or individual may steal or obtain in other illegal manners [ ] citizens' individual electronic information, sell or illegally provide citizens' individual <a href="http://chinacopyrightandmedia.wordpress.com/2012/12/28/national-peoples-congress-standing-committee-decision-concerning-strengthening-network-information-protection/" target="_blank">electronic information to other persons</a>." Instruction to Internet Service Providers (ISPs) continues, where providers must, among other activities:</p>
<ul>
<li> Clearly indicate the purposes, methods, and scope of collection and use of citizens' data; </li>
<li> Obtain agreement from citizens before collecting their data; </li>
<li> Publicize rules for the collection and use of personal data; </li>
<li> Preserve the secrecy of collected data; </li>
<li> Not divulge, distort, or damage the data; </li>
<li> Refrain from selling or otherwise illegally providing the data to others; and </li>
<li> Adopt technical measures and other methods to ensure information security and prevent damage to or loss of the data. </li>
</ul>
<p style="text-align: justify; ">Among the provisions of the Decision is Article Six, specifically directed at network service providers, whereby users of the services must "provide real identity information" prior to "website access," "fixed telephone, mobile telephone," "other surfing formalities," or "information publication services." In response to criticism that Article Six would be used to discourage whistleblowers and other Chinese dissention, the government-sponsored Xinhua News Agency argued that the Decision "<a href="http://news.xinhuanet.com/english/indepth/2012-12/28/c_132069782.htm." target="_blank">will help, rather than harm, the country's netizens</a>."</p>
<h3>Japan</h3>
<p style="text-align: justify; ">On May 24, 2013, the LDP-led ruling coalition directed the passage of the "Common Number" Bill through both Diet chambers. The Common Number Bill plans to assign every Japanese resident, including <a href="http://www.yomiuri.co.jp/adv/chuo/dy/research/20120510.htm" target="_blank">mid-to-long-stay foreigners and special permanent residents</a>, a personal identification number beginning in January 2016. Additionally, a portal site through which people can check their social security records and other information <a href="http://www.japantimes.co.jp/news/2013/06/11/reference/new-id-system-for-keeping-tax-tabs-finding-cheats/" target="_blank">via the Internet is planned for 2017</a>. The numbering system was originally proposed in 2009, but remained quiescent until the LDP-New Komeito ruling coalition mustered sufficient support based, in part, on a philosophical foundation for fair social welfare and tax systems.</p>
<p style="text-align: justify; ">To oversee some aspects of the ID system, a third-party independent committee with <a href="http://2013.rigf.asia/wp-content/uploads/2013/09/Privacy%20in%20Asia%20%20Building%20on%20the%20APEC%20Privacy%20Principles%20-%20Taro%20Komukai.pdf" target="_blank">independent authority</a> will oversee allegations of data mishandling by public officials. Those who leak or illegally commercialize ID information will face up to four years in prison or a ¥2 million fine. While the use of a single number system has raised some concerns, including the potential for "forcible data-matching," the government push for support has focused on efficiencies in administration and easier detection of tax evasion and welfare fraud.</p>
<h3 style="text-align: justify; ">Malaysia</h3>
<p style="text-align: justify; ">On November 15, 2013, the Personal Data Protection Act (PDPA) of 2010 was entered into force, introducing an omnibus privacy regime in <a href="http://www.dataguidance.com/news.asp?id=2147" target="_blank">Malaysia for the first time</a>. This new regulation carries a host of requirements, including registration with the Personal Data Protection Department of Malaysia (PDPD) for a number of industries, including (among others) banking and financial institutions. The PDPA also includes the threat of severe consequences for non-compliance, including "fines for companies and/or fines and imprisonment for directors and officers of the company."</p>
<ul>
</ul>
<h3>Khazaksthan</h3>
<p style="text-align: justify; ">On November 26, 2013, <a href="http://online.zakon.kz/Document/?doc_id=31396226" target="_blank">Kazakhstani Law No. 94-V on Personal Data and its Protection</a> came into force, defining such concepts as "personal data" among others, but left some ambiguity in <a href="http://www.dataguidance.com/news.asp?id=2154" target="_blank">how data might be transferred and/or stored internationally</a>. It also contained a number of limitations: <a href="http://www.deloitte.com/assets/Dcom-Kazakhstan/Local%20Assets/Documents/T&L/En/Legislative%20tracking_%D0%92%D0%B5%D1%81%D1%82%D0%BD%D0%B8%D0%BA%20%D0%B8%D0%B7%D0%BC%D0%B5%D0%BD%D0%B5%D0%BD%D0%B8%D0%B9%20%D0%B2%20%D0%B7%D0%B0%D0%BA%D0%BE%D0%BD%D0%BE%D0%B4%D0%B0%D1%82%D0%B5%D0%BB%D1%8C%D1%81%D1%82%D0%B2%D0%BE/2013/Legal%20Alert_May%202013_en.pdf" target="_blank">Law No. 94-V does not extend to</a> the collection of personal data for personal and family needs; the use of information for the Kazakhstani National Archive; the collection, processing, and protection of personal data related to Kazakhstani state secrets; or the use of information related to intelligence, counter-intelligence, and criminal activities, within legal limits.</p>
<h3 style="text-align: justify; ">South Korea</h3>
<p style="text-align: justify; ">Article 16 of <a href="http://koreanlii.or.kr/w/images/0/0e/KoreanDPAct2011.pdf" target="_blank">South Korea's Personal Information Protection Act</a> (effective September 30, 2011) was amended on August 6, 2013 to incorporate an affirmative obligation on the part of a personal information processor, requiring notification to data subjects that data subjects may deny consent for the collection of any personal information other than for any purposes under Article 15(1). This continues South Korea's stringent efforts to promote data privacy, and provides another instance of South Korea's articulation of a minimum data collection regime.</p>
<h3 style="text-align: justify; ">Singapore</h3>
<p style="text-align: justify; ">Singapore's <a href="http://www.pdpc.gov.sg/personal-data-protection-act/the-act" target="_blank">Personal Data Protection Act (PDPA)</a>, passed in 2012, went into effect on January 2, 2013, the same day Singapore's <a href="http://www.pdpc.gov.sg/about-us/who-we-are" target="_blank">Personal Data Protection Commission (PDPC)</a> was established; some portion of PDPA <a href="http://www.out-law.com/en/articles/2013/september/new-data-protection-guidelines-issued-for-businesses-operating-in-singapore-/" target="_blank">does not come into full effect</a> until July 2, 2014. The PDPC followed-up the implementation of the PDPA with a further guidance note on September 24, 2013 which, among other topics, gave direction to organizations regarding notification requirements for the collection, use, or disclosure of personal data <a href="http://www.pdpc.gov.sg/docs/default-source/public-consultation/guidelines-closing-note-%2824-sept%29.pdf?sfvrsn=2" target="_blank">as well as the anonymization of personal data</a>. This guidance outlined the use of 'cookies' for internet user's online activity, distinguishing in part between active consent on one hand, and "<a href="http://www.out-law.com/en/articles/2013/september/new-data-protection-guidelines-issued-for-businesses-operating-in-singapore-/" target="_blank">the mere failure of an individual to actively manage his browser settings</a>" on the other.</p>
<h3 style="text-align: justify; ">Hong Kong</h3>
<p style="text-align: justify; ">Revisions to Hong Kong's Personal Data (Privacy) Ordinance – <a href="http://www.pcpd.org.hk/english/ordinance/files/CCDCode_2013_e.pdf." target="_blank">Code of Practice on Consumer Credit Data</a> – took effect on April 1, 2013. These revisions require consent prior to the use of personal data in the <a href="http://www.legalweek.com/legal-week/analysis/2282712/handle-with-care-hong-kongs-new-data-protection-laws-in-the-spotlight." target="_blank">context of targeted, direct advertising</a>, and instruct individuals that, while direct marketers must notify individuals of their opt-out right prior to using personal data for the first time, individuals may choose to opt out at any time at <a href="http://www.pcpd.org.hk/english/publications/files/opt_out_e.pdf" target="_blank">no cost to the individual opting out</a>. The Ordinance also provides for the following penalties: if "the transfer of personal data to third parties [is] for gain, the maximum penalty is a fine of HK$1,000,000 and imprisonment for 5 years. For other direct marketing contraventions, the maximum penalty is a fine of HK$500,000 and imprisonment for 3 years."</p>
<h3 style="text-align: justify; ">India</h3>
<p style="text-align: justify; ">While India currently adheres to the Information Technology (Reasonable Security Practices and <a href="http://op.bna.com/pl.nsf/id/byul-8gypzn/$File/IndiaIndia.pdf." target="_blank">Procedures and Sensitive Personal Data or Information) Rules, 2011</a> (Rules) enacted in 2011, the Centre for Internet and Society presented a new Privacy (Protection) Bill, <a href="https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-updated-third-draft." target="_blank">2013 (Bill), on September 30, 2013</a>. The Bill seeks to further refine provisions of the Rules, with a focus on protection of personal data through limitations on use and requirements for notice. The collection of personal data would be prohibited unless "necessary for the achievement of a purpose of the person seeking its collection," and, subject to sections 6 and 7 of the Bill, "no personal data may be collected under this Act prior to the data subject being given notice, in such form and manner as may be prescribed, of the collection." The Bill acknowledges the collection of data with and without consent; the regulation of personal data storage, processing, transfer, and security; and discusses the different types of disclosure.</p>
<p style="text-align: justify; "><i>The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances</i>.</p>
<p>
For more details visit <a href='https://cis-india.org/news/mondaq-january-8-2014-gonzalo-s-zeballos-james-a-sherer-alan-m-pate-worldwide-international-privacy-2013-year-in-review-asia'>https://cis-india.org/news/mondaq-january-8-2014-gonzalo-s-zeballos-james-a-sherer-alan-m-pate-worldwide-international-privacy-2013-year-in-review-asia</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2014-01-31T08:44:20ZNews ItemWorkshop on the Unique Identity Number (UID), the National Population Register (NPR) and Governance: What will happen to our data?
https://cis-india.org/internet-governance/blog/workshop-on-the-uid-and-npr
<b>On March 2nd, 2013, the Centre for Internet and Society and the Say No to UID campaign organized a workshop to discuss the present state of the UID and NPR schemes. Some of the questions which were addressed included ´How do the UID and NPR impact citizenship´, ´Why and how is national security linked to UID/NPR´, and ´What is the relationship between UID and Big Data´. </b>
<hr />
<p><i>This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC</i>.</p>
<hr />
<p class="italized" style="text-align: justify; "><i>“The UIDAI will own our data...When we hand over information, we hand over the ownership of that data...”</i>, stated Usha Ramanathan, legal researcher and human rights activist.She also pointed out that, although the UID has been set up by an executive order, there is no statute which legally backs up the UID. In other words, the collection of our data through the UID scheme is currently illegal in India, hinging only on an executive order. However, Usha Ramanathan stated that if the UID scheme is going to be carried out, it is highly significant that a statute for the UID is enacted to prevent potential abuse of human rights, especially since the UIDAI is currently collecting, sharing, using and storing our data on untested grounds.</p>
<blockquote class="italized"><i>´What is alarming is that the Indian government has not even attempted to legalize the UID! When a government does not even care about legalizing its actions, then we have much bigger problems...” </i></blockquote>
<p style="text-align: justify; "><span>The NPR is legally grounded in the provisions of the Citizenship Act 1955 and in the Citizenship Rules 2003 and it is mandatory for every usual resident in India to register with the NPR. Even though the collection of biometrics is not accounted for in the statute or rules, the NPR is currently collecting photographs, iris prints and fingerprints. Concerns regarding the use of biometrics in the UID and NPR schemes were raised during the workshop; biometrics are not infallible and can be spoofed, an individual´s biometrics can change in response to a number of factors (including age, environment and stress), the accuracy of a biometric match depends on the accuracy of the technology used and the larger the population is, the higher the probability of an error. Thus, individuals are required to re-enrol every two to three years, to ensure that the biometric data collected is accurate; but the accuracy of the data is not the only problem. The Indian government is illegally collecting biometrics and as of yet has not amended the 2003 Citizenship Rules to include the collection of biometrics! As Usha Ramanathan stated:</span></p>
<blockquote class="italized" style="text-align: justify; "><span> </span><i>“It´s not really about the UID and the NPR per se...it´s more about the idea of profiling citizens and the technologies which enable this...”</i></blockquote>
<p style="text-align: justify; "><span>In his presentation, Anant Maringanti, from the Hyderabad Urban Labs and Right to the City Foundation, stated that even though seventy seven lakh duplicates have been found, no action has been taken, other than discarding one of them. Despite the fact that enrolment with the UID is considered to be voluntary, children in India are forced to get a unique identification number as a prerequisite of going to school. Anant emphasized that the UID scheme supposedly provides some form of identity to the poor and marginalised groups in India, but it actually targets some of the most vulnerable groups of people, such as HIV patients and sex workers. Furthermore, though Indians living below the poverty line (BPL) are eligible for direct cash transfer programmes, apparently registration with the UID scheme is considered essential to determine whether beneficiaries belong in the BLP category. This is problematic as individuals who have not enrolled in the UID or do not want to enroll in the UID could risk being denied benefits because they did not enroll and thus were not classified in the BPL category. Anant also pointed out that, linking biometric data to a bank account through the UID scheme is basically exposing personal data to fraud. Anant Maringanti characteristically stated: </span></p>
<blockquote class="italized"><span> </span><i>“I wish the 100 people applying the UID scheme had UIDs so that we could track them...!”</i></blockquote>
<p style="text-align: justify; "><span>Following the end of the workshop on the UID and NPR schemes, CIS interviewed Usha Ramanathan and Anant Maringanti: <iframe frameborder="0" height="250" src="http://www.youtube.com/embed/P1CdCkdKtcU" width="250"></iframe> </span></p>
<p style="text-align: justify; "><span>The workshop can be viewed in two parts: <iframe frameborder="0" height="250" src="http://www.youtube.com/embed/o7X1Af5Jw3s" width="250"></iframe> <iframe frameborder="0" height="250" src="http://www.youtube.com/embed/rSFYOfvtOr8" width="250"></iframe> </span></p>
<p style="text-align: justify; "><span><br /></span></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/workshop-on-the-uid-and-npr'>https://cis-india.org/internet-governance/blog/workshop-on-the-uid-and-npr</a>
</p>
No publishermariaSAFEGUARDSInternet GovernancePrivacy2013-07-12T15:28:50ZBlog EntryWorkshop on Set-top Boxes
https://cis-india.org/telecom/events/workshop-set-top-boxes
<b>The Centre for Internet and Society (CIS) is organising a one-day workshop in Delhi on Tuesday, July 12 on the evolution and state of the set-top box as an access device in India. </b>
<p style="text-align: justify;">The workshop will be conducted by Dr. Rakesh Mehrotra who is a professor at Sharda University. It will be supported by an advisor from the Telecom Regulatory Authority of India to cover the aspect of regulation. The workshop will focus on the expanding functionality and innovations in set-top box (STB) technologies. It will also include an exposition on the regulatory regime applicable to STBs, around issues of interoperability, competition and privacy, and conclude with an outlook on the future of STBs.</p>
<p style="text-align: justify;">We will initiate research collaborations with suitable participants to produce papers after the workshop. Certificates of participation will be provided.</p>
<h3>Apply</h3>
<p style="text-align: justify;">There are limited spots for participants. Please state your interest by filling out this form here- <a class="external-link" href="http://goo.gl/forms/Mj77h0nkeVBJgHJn2">http://goo.gl/forms/Mj77h0nkeVBJgHJn2</a> The deadline for filling application is <strong>July 5, 2016</strong>.</p>
<h3>Fee and Funding</h3>
<p style="text-align: justify;">There is no registration fee for the workshop. Participants will be served lunch and refreshments at the venue. Please note that there is no funding for travel and accommodation.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/telecom/events/workshop-set-top-boxes'>https://cis-india.org/telecom/events/workshop-set-top-boxes</a>
</p>
No publishersinhaTelecomEventPrivacy2016-06-24T15:13:22ZEventWorkshop on Democratic Accountability in the Digital Age (Delhi, November 14-15)
https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15
<b>IT for Change, along with Centre for Internet and Society (CIS), Digital Empowerment Foundation (DEF), Mazdoor Kisan Shakti Sangathan (MKSS) and National Campaign for People’s Right to Information (NCPRI), is organising a two day workshop on ‘Democratic Accountability in the Digital Age’. The workshop will focus on evolving a comprehensive policy approach to data based governance and digital democracy, grounded in a rights and social justice framework. It will be held at the United Service Institution of India, Delhi, during November 14-15, 2016. The CIS team to participate in the workshop includes Sumandro Chattapadhyay (speaker), Amber Sinha (speaker), Vanya Rakesh (participant), and Himadri Chatterjee (participant).</b>
<p> </p>
<p>The workshop aims to:</p>
<ul><li>
<p>Discuss the institutional norms, rules and practices appropriate to the rise of ‘governance by networks’ and ‘rule by data’ that can guarantee democratic accountability and citizen participation, and</p>
</li>
<li>
<p>Articulate the steps to claim the civic-public value of digital technologies so that data and the new possibilities for networking are harnessed for a vibrant grassroots democracy.</p>
</li></ul>
<p>We hope the workshop can create a civil society coalition that can build effective strategies for legal and policy reform to further participatory democracy in the digital age. On the first day, the workshop will set the context through knowledge sharing and thematic presentations and discussions. On the second day, we aim to concretize strategies for collective action to further democratic accountability in the digital age.</p>
<hr />
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/11/Workshop-Agenda-Democratic-accountability-in-the-digital-age-14-to-15-Nov-2016-2.pdf">Workshop Agenda</a> (PDF)</h4>
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/10/Background-note-for-workshop-on-Democracy-in-Digital-Age-Sep21.odt">Background Note</a> (ODT)</h4>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15'>https://cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15</a>
</p>
No publishersumandroDigital IDDigital GovernancePrivacyUIDInternet GovernanceAccountabilityDigital IndiaAadhaarWelfare GovernanceE-GovernanceDigital Rights2016-12-15T09:27:22ZEventWorkshop on 'Urban Data, Inequality and Justice in the Global South'
https://cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south
<b>Aayush Rathi and Ambika Tandon presented our research on video-based surveillance in New Delhi at a workshop on urban data, inequality, and justice in the global South at the University of Manchester on 14 June 2019.</b>
<p style="text-align: justify; ">The agenda for the workshop and the presentations made by CIS can be <a class="external-link" href="https://cis-india.org/raw/unpacking-video-based-surveillance-in-new-delhi-urban-data-justice">accessed here</a>. <span>The research was conducted as part of a grant from the University, as part of a project on justice in data systems within cities. It will bepublished as a working paper by the university in July-August.</span></p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south'>https://cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south</a>
</p>
No publisherAdminSurveillanceInternet GovernancePrivacy2019-07-06T01:30:16ZNews ItemWorkshop on 'Privacy after Big Data' (Delhi, November 12)
https://cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016
<b>The Centre for Internet and Society (CIS) and the Sarai programme, CSDS, invite you to a workshop on 'Privacy after Big Data: What Changes? What should Change?' on Saturday, November 12. This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy. It is an open event. Please register to participate.</b>
<p> </p>
<h4>Invitation note and agenda: <a href="https://github.com/cis-india/website/raw/master/docs/CIS-Sarai_PrivacyAfterBigData_ConceptAgenda.pdf">Download</a> (PDF)</h4>
<hr />
<h3>Venue and RSVP</h3>
<p><strong>Venue:</strong> Centre for the Study of Developing Societies 29, Rajpur Road, Civil Lines, Delhi 110054.</p>
<p><strong>Location on Google Maps:</strong> <a href="https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/">https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/</a>.</p>
<p><strong>Registration:</strong> <a href="https://goo.gl/forms/py0Q0u8rMppu4smE3">Complete this form</a>.</p>
<h3>Concept Note</h3>
<p>In this age of big data, discussions about privacy are intertwined with the use of technology and the data deluge. Though big data possesses enormous value for driving innovation and contributing to productivity and efficiency, privacy concerns have gained significance in the dialogue around regulated use of data and the means by which individual privacy might be compromised through means such as surveillance, or protected. The tremendous opportunities big data creates in varied sectors ranges from financial technology, governance, education, health, welfare schemes, smart cities to name a few.</p>
<p>With the UID (“Aadhaar”) project re-animating the Right to Privacy debate in India, and the financial technology ecosystem growing rapidly, striking a balance between benefits of big data and privacy concerns is a critical policy question that demands public dialogue and research to inform an evidence based decision.</p>
<p>Also, with the advent of potential big data initiatives like the ambitious Smart Cities Mission under the Digital India Scheme, which would rely on harvesting large data sets and the use of analytics in city subsystems to make public utilities and services efficient, the tasks of ensuring data security on one hand and protecting individual privacy on the other become harder.</p>
<p>As key privacy principles are at loggerheads with big data activities, it is important to consider privacy as an embedded component in the processes, systems and projects, rather than being considered as an afterthought. These examples highlight the current state of discourse around data protection and privacy in India and the shapes they are likely to take in near future.</p>
<p>This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy.</p>
<h3>Agenda</h3>
<h4>09:00-09:30 Tea and Coffee</h4>
<h4>09:30-10:00 Introduction</h4>
<p><a href="#amber">Mr. Amber Sinha</a> and <a href="#sandeep">Mr. Sandeep Mertia</a><br />
<em>This session will introduce the topic of the workshop in the context of the ongoing works at CIS and Sarai.</em></p>
<h4>10:00-11:00 From Privacy Bill(s) to ‘Habeas Data’</h4>
<p><a href="#usha">Dr. Usha Ramanathan</a> and <a href="#vipul">Mr. Vipul Kharbanda</a><br />
<em>This session will present a brief history of the privacy bill(s) in India and end with reflections on ‘habeas data’ as a lens for thinking and actualising privacy after big data.</em></p>
<h4>11:00-11:30 Tea and Coffee</h4>
<h4>11:30-12:30 Digital ID, Data Protection, and Exclusion</h4>
<p><a href="#amelia">Ms. Amelia Andersdotter</a> and <a href="#srikanth">Mr. Srikanth Lakshmanan</a><br />
<em>This session will discuss national centralised digital ID systems, often operating at a cross-functional scale, and highlight its implications for discussions on data protection, welfare governance, and exclusion from public and private services.</em></p>
<h4>12:30-13:30 Digital Money and Financial Inclusion</h4>
<p><a href="#anupam">Dr. Anupam Saraph</a> and <a href="#astha">Ms. Astha Kapoor</a><br />
<em>This session will focus on the rise of digital banking and online payments as core instruments of financial inclusion in India, especially in the context of the Jan Dhan Yojana and UPI, and reflect on the concerns around privacy and financial data.</em></p>
<h4>13:30-14:30 Lunch</h4>
<h4>14:30-15:30 Big Data and Mass Surveillance</h4>
<p><a href="#anja">Dr. Anja Kovacs</a> and <a href="#matthew">Mr. Matthew Rice</a><br />
<em>This session will reflect on the rise of mass communication surveillance across the world, and the evolving challenges of regulating il/legal surveillance by government agencies.</em></p>
<h4>15:30-16:15 Privacy is (a) Right</h4>
<p><a href="#apar">Mr. Apar Gupta</a> and <a href="#kritika">Ms. Kritika Bhardwaj</a><br />
<em>This brief session is to share initial ideas and strategies for articulating and actualising a constitutional right to privacy in India.</em></p>
<h4>16:15-16:30 Tea and Coffee</h4>
<h4>16:30-17:30 Round Table</h4>
<p><em>An open discussion session to conclude the workshop.</em></p>
<h3>Speakers</h3>
<h4 id="amber">Mr. Amber Sinha</h4>
<p>Amber works on issues surrounding privacy, big data, and cyber security. He is interested in the impact of emerging technologies like artificial intelligence and learning algorithms on existing legal frameworks, and how they need to evolve in response. Amber studied humanities and law at National Law School of India University, Bangalore.</p>
<p>E-mail: amber at cis-india dot org.</p>
<p>Twitter: <a href="https://twitter.com/ambersinha07">@ambersinha07</a>.</p>
<h4 id="amelia">Ms. Amelia Andersdotter</h4>
<p>Amelia Andersdotter has been a Member of the European Parliament. She works on practical implications of data protection laws and consumer information security in Sweden, and digital rights in the Europe in general. Presently she is residing in Bangalore, where she is a visiting scholar with Centre for Internet and Society. She holds a BSc in Mathematics.</p>
<p>URL: <a href="https://dataskydd.net">https://dataskydd.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/teirdes">@teirdes</a>.</p>
<h4 id="anja">Dr. Anja Kovacs</h4>
<p>Dr. Anja Kovacs directs the Internet Democracy Project in Delhi, India, which works for an Internet that supports free speech, democracy and social justice in India and beyond. Anja’s research and advocacy focuses especially on questions regarding freedom of expression, cybersecurity and the architecture of Internet governance. She has been a member of the of the Investment Committee of the Digital Defenders Partnership and of the Steering Committee of Best Bits, a global network of civil society members. She has also worked as an international consultant on Internet issues, including for the Independent Commission on Multilateralism, the United Nations Development Programme Asia Pacific and the UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, as well as having been a Fellow at the Centre for Internet and Society in Bangalore, India.</p>
<p>Internet Democracy Project: <a href="https://internetdemocracy.in/">https://internetdemocracy.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anjakovacs">@anjakovacs</a>.</p>
<h4 id="anupam">Dr. Anupam Saraph</h4>
<p>Anupam Saraph has extensively researched India's UID number that has been widely regarded as the game changer in development programs. It has come to be linked with both public and private databases and become the requirement for access to entitlements, benefits, services and rights. Dr. Saraph, who has the design of at least two identification programs to his credit has researched the UID’s functional creep since its inception.</p>
<p>He has been dissecting the myths of what the UID is or is not. He has also tracked the consequences of its linkages on databases that protect national security, sovereignty, democratic status and the entire banking and money system in India. He has also highlighted the implications of its use for targeted delivery of cash subsidies from the Consolidated Fund of India. He has written and lectured widely about the devastating impact of the UID number on development programs, national security and the governability of India.</p>
<p>As a Professor of Systems, Governance and Decision Sciences, Environmental Systems and Business he mentors students and teaches systems, information systems, environmental systems and sustainable development at universities in Europe, Asia and the Americas. He has worked with the Rensselaer Polytechnic Institute, Rijksuniversitiet Groningen, RIVM, University of Edinburgh, Resource Use Institute, Systems Research Institute among others. Dr. Saraph has had the unique distinction of being India’s only person who has held the only office of a City CIO in India, in a PPP arrangement with government, industry and himself. He has also been the first e-governance Advisor to a State government. Dr. Saraph has held CxO and ministerial level positions and serves as an independent director on the boards of Public and Private Sector companies and NGOs. He is also the President of the Nagrik Chetna Manch, an NGO charged with the mission to bring accountability in governance.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>As a future designer and recognized as a global expert on complex systems he helps individuals and organisations understand and design the future of their worlds. Together they address the toughest challenges, accomplish missions and achieve business goals. He also supports building capacity to address the challenges of today as well as to build future designs through teams and effective leadership. Since the eighties Dr. Saraph has modeled complex systems of cities, countries, regions and even the planet. His models have been awarded internationally and even placed in 10-year permanent exhibitions.</p>
<p>Dr Saraph works with business and government executives, civil society leaders, politicians, generals, civil servants, police, trade unionists, community activists, United Nations and ASEAN officials, judges, writers, media, architects, designers, technologists, scientists, entrepreneurs, board members and business leaders of small, mid and large single and trans-national companies, religious leaders and artists across a dozen countries and various industry sectors to help them and their organisations succeed in their missions. He advises the World Economic Forum through its Global Agenda Council for Complex Systems and the Club of Rome, Indian National Association as a founder life member.</p>
<p>Dr Saraph holds a PhD in designing sustainable systems from the faculty of Mathematics and Natural Sciences of the Rijksuniversiteit Groningen, the Netherlands.</p>
<p>Website: <a href="http://anupam.saraph.in/">http://anupam.saraph.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anupamsaraph">@anupamsaraph</a>.</p>
<h4 id="apar">Mr. Apar Gupta</h4>
<p>Apar Gupta practices law in Delhi. He is also one of the co-founders of the Internet Freedom Foundation. His work and writing on public interest issues can be accessed at his personal website <a href="http://www.apargupta.com/">www.apargupta.com</a>.</p>
<p>Twitter: <a href="https://twitter.com/aparatbar">@aparatbar</a>.</p>
<h4 id="astha">Ms. Astha Kapoor</h4>
<p>Astha Kapoor is a public policy strategy consultant working on financial inclusion and digital payments. Currently, she is working with MicroSave. Her tasks involve a focus on government to people (G2P) payments - and her work spans strategy, advisory and evaluation with the DBT Mission, Office of the Chief Economic Advisor, NITI Aayog and ministries pertaining to food, fuel and fertilizer. She recently designed a pilot to digitize uptake of fertilizers in Krishna district, and evaluated the newly introduced coupon system in the Public Distribution System in Bengaluru.</p>
<p>Twitter: <a href="https://twitter.com/kapoorastha">@kapoorastha</a>.</p>
<h4 id="kritika">Ms. Kritika Bhardwaj</h4>
<p>Kritika Bhardwaj works as a Programme Officer at the Centre for Communication Governance (CCG), National Law University, Delhi. Her main areas of research are privacy and data protection. At CCG, she has written about the privacy implications of several contemporary issues such as Aadhaar (India's unique identification project), cloud computing and the right to be forgotten. A lawyer by training, Kritika has a keen interest in information law and human rights law.</p>
<p>Centre for Communication Governance, NLU Delhi: <a href="http://ccgdelhi.org/">http://ccgdelhi.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/Kritika12">@Kritika12</a>.</p>
<h4 id="matthew">Mr. Matthew Rice</h4>
<p>Matthew Rice is an Advocacy Officer at Privacy International working across the organisation engaging with international partners and strengthening their capacity on communications surveillance issues. He has previously worked at Privacy International as a consultant building the Surveillance Industry Index, the largest publicly available database on the private surveillance sector ever assembled. Matthew graduated from University of Aberdeen with an LLB (Hons.) and also has an MA in Human Rights from University College London.</p>
<p>Privacy International: <a href="https://privacyinternational.org/">https://privacyinternational.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/mattr3">@mattr3</a>.</p>
<h4 id="sandeep">Mr. Sandeep Mertia</h4>
<p>Sandeep Mertia is a Research Associate at The Sarai Programme, Centre for the Study of Developing Societies, Delhi. He is an ICT engineer by training with research interests in Science & Technology Studies, Software Studies
and Anthropology. He is conducting an ethnographic study of emerging modes of data-driven knowledge production in the social sector.</p>
<p>Sarai: <a href="http://sarai.net/">http://sarai.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/SandeepMertia">@SandeepMertia</a>.</p>
<p>Academia: <a href="https://daiict.academia.edu/SandeepMertia">https://daiict.academia.edu/SandeepMertia</a>.</p>
<h4 id="srikanth">Mr. Srikanth Lakshmanan</h4>
<p>Srikanth is a software professional with interests in Internet, follower of Internet policy discussions, volunteers for multiple online campaigns related to Internet. He is also fascinated by FOSS, opendata, localization,
Wikipedia, maps, public transit, civic tech and occasionally contributes to them.</p>
<p>Site: <a href="http://www.srik.me/">http://www.srik.me</a>.</p>
<p>Twitter: <a href="https://twitter.com/logic">@logic</a>.</p>
<h4 id="vipul">Mr. Vipul Kharbanda</h4>
<p>Vipul Kharbanda is a consultant with the Center for Internet and Society, Bangalore. After finishing his BA.LLB.(Hons.) from National Law School of India University in Bangalore, he worked for India’s largest corporate law firm for two and a half years in their Mumbai office for two years working primarily on the financing of various infrastructure projects such as Power Plants, Roads, Airports, etc. Since quitting his corporate law job, Vipul has been working as the Associate Editor in a legal publishing house which has been publishing legal books and journals for the last 90 years in India. He has also been involved with the Center for Internet and Society as a Consultant working primarily on issues related to privacy and surveillance.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016'>https://cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016</a>
</p>
No publishersumandroData SystemsDigital GovernancePrivacyData RevolutionSurveillanceBig DataDigital IndiaInternet GovernanceBig Data for DevelopmentDigital Rights2016-11-12T10:14:52ZEventWith digitisation at the forefront, government departments need to be cautious about digital security
https://cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned
<b> The huge leak of Aadhar data from four websites belonging to a central ministry and the Andhra Pradesh government has been on the government radar for a while. The leak, caused by poor security protocols, had left around 130 million numbers and their allied information, like bank and post office account details, open to access for several months. As the last website finally plugged loophole, violation echoed in Supreme Court.</b>
<p style="text-align: justify; ">The blog post by Manas Pratap Singh was <a class="external-link" href="http://www.ndtv.com/india-news/government-knew-of-mega-aadhaar-leak-ministries-were-warned-1688970">published by NDTV</a> on May 4, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Deliberate revelation of Aadhaar can lay people open to financial fraud and it is a punishable offence and this is what the Electronics and Information ministry has reminded all government departments.<br /><br />"Aadhaar numbers and demographic information and other sensitive personal data" collected by "ministries/departments, state departments" have been published online, read a letter from the ministry dated April 24.<br /><br />Such publishing, it added, "is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment upto 3 years". Such outing of financial information is also a violation of IT Act, it said.<br /><br />Besides asking web managers to sensitise the ministries, the letter also said that display of such information be stopped immediately. <br /><br />On May 1, a report by non-profit research organisation Centre for Internet & Society said two of the websites from where the data leak took place, belongs to the Union Ministry of Rural Development.<br /><br />One stored data for the MNREGA - the mammoth Central scheme for rural employment which caters to 25.46 crore people. The other was the National Social Assistance Programme, another Central scheme under which pension is provided to the elderly people, widows and persons with disabilities.<br /><br />Amber Sinha, co-author of the CIS report, told NDTV, "For portals that had not masked data, we informed the relevant authorities and asked them to take down the available information."<br /><br />The Rural Development ministry has now decided to form an expert group on IT and cyber security, which will be headed by Kiran Karnik, a former chief of Nasscom. The ministry, however, is yet to comment on the data leak.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned'>https://cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-20T08:33:37ZNews Item