Centre for Internet and Society

Ahead of hosting Modi, Facebook rebrands internet.org as Free Basics

praskrishna — 2015-10-18T14:21:52Z

Hinting at what could be vital points of discussion when Prime Minister Narendra Modi visits Facebook founder Mark Zuckerberg on Sunday, the social media giant has rebranded its internet access enabling platform Internet.org as Free Basics.

The article was published by Business Standard on September 26, 2015. Pranesh Prakash was quoted.

This was announced by Chris Daniels, vice-president of Internet.org, at a press meet in Menlo Park on Friday. Zuckerberg confirmed the same and wrote on his Facebook wall.

Facebook has opened up its Free Basics platform, which means any app developer can now include their services on it. “This gives people the power to choose what apps they want to use.” Zuckerberg in his post also said the company has improved the security and privacy of Internet.org, which will support HTTPS web services as well. “Connectivity isn't an end in itself. It’s what people do with it that matters. We hope the improvements we've made help even more people get connected — so that our whole global community can benefit together,” Zuckerberg said in his post, in which he quoted the example of a soybean farmer from Maharashtra, Asif Mujhawar, who uses parenting app BabyCenter for free through Internet.org.

This is a significant move by Facebook, considering the backlash it had from various quarters in India following debates on net neutrality. Internet.org is an open platform by Facebook across 19 developing countries, including India, to enable easy access of selected apps and app-based services to people at zero cost. In India, it had partnered with Reliance Communications to offer free access to about 30 websites.

“One of the concerns was calling the service ‘Internet.org’, despite it representing only a tiny sliver of the Internet,” said Pranesh Prakash, policy director at the centre for Internet and Society, a nonprofit entity to promote safe internet access in the country.

He said by removing the Internet word, Facebook is now talking of its own larger internet affordability project and allowing app developers to build apps and host it on the Free Basic platform. “This gives people the power to choose what apps they want to use,” Prakash said.

For more details visit https://cis-india.org/internet-governance/news/business-standard-september-26-2015-ahead-of-hosting-modi-facebook-rebrands-internet-dot-org-as-free-basics

Ahead of data protection law roll out, experts caution that it shouldn't limit collection and use of data

Admin — 2018-01-02T15:20:48Z

With India planning to roll out a new data protection regime following the landmark Supreme Court judgment upholding right to privacy as fundamental right, experts have cautioned that the new law should not limit collection and use of data.

The article was published by First Post on October 12, 2017. Sunil Abraham was quoted.

"The new data protection law should have data-driven innovation at its core," said Kamlesh Bajaj, Founder-CEO, Data Security Council of India (DSCI).

"It should not limit data collection and use, but limit harm to citizens," Bajaj added at a seminar on "Data Protection and Privacy" organised by non-profit industry body Internet and Mobile Association of India (IAMAI).

In a major boost to individual freedom, the Supreme Court in August declared that right to privacy was a fundamental right and protected as an intrinsic part of life and personal liberty and freedoms guaranteed by the Constitution.

"The Supreme Court judgment calls for production of a new law," said Sunil Abraham, Executive Director of Bangaluru-based research organisation, Centre for Internet and Society (CIS).

The experts noted that the Supreme Court judgment remains meaningless for digital Indians without a proper data protection law in place as all other existing laws, such as the Information Technology Act, 2000, do not adequately address the question of right to privacy.

Recognising the importance of data protection and keeping personal data of citizens secure and protected, the Ministry of Electronics and Information Technology (MeitY) on 31 July, constituted a Committee of Experts under the chairmanship of its former judge Justice BN Srikrishna to study and identify key data protection issues and recommend methods for addressing them. The committee will also suggest a draft Data Protection Bill.

"While the regulator should be given tools to make companies behave better, it should not start with harsh punitive actions," Abraham noted, adding that big fines could challenge the very logic of regulation.

In a question to whether a robust data protection regime should come in conflict with issue such as national security, he said that lawmakers should find a way to maximise both imperatives.

"Surveillance is like salt in cooking. It is necessary, but in limited quantity," he added.

Participating in a chat with Google's Public Policy Director Chetan Krishnaswamy at the event, MP Rajeev Chandrasekhar, however, said that regulation should start with the process of data collection itself and consumers cannot be expected to demonstrate harm or inappropriate use of their data to enjoy the right to privacy.

"It should not be a free run for companies to mine consumer data," the independent Rajya Sabha member said.

He emphasised that the process of formulating a data protection law is as important as the law itself and all stakeholders should be able to openly put forward their views and apprehensions and it is only with such a consultative process that the opportunities for the technology space can be safeguarded.

For more details visit https://cis-india.org/internet-governance/news/first-post-october-12-2017-ahead-of-data-protection-law-roll-out-experts-caution-that-it-shouldnt-limit-collection-and-use-of-data

Agriculture, ICT and Community

radha — 2011-04-05T04:29:16Z

Sampada Foundation in collaboration with Centre for Internet and Society, Bangalore and Institution of Agricultural Technologists present: 'Agriculture, ICT and Community'

Sampada Foundation in collaboration with Centre for Internet and Society, Bangalore and Institution of Agricultural Technologists present:
Agriculture, ICT and Community on the 21st of September, 2009 at 10am. The agenda for the day will be as follows:

Sampada Community - an overview (15 minutes)
Introduction: Krushi Sampada (15 minutes)
Launch of e-book - By Nagesh Hegde
Talk by Addoor Krishna Rao: “Transformations in Agricultural Sector”
Discussion: Agriculture, ICT and Community

There will be no entry or registration fees. All are invited and are welcome to bring their friends along.

For more details visit https://cis-india.org/events/agriculture-ict-and-community

After the Lockdown

Shyam Ponappa — 2020-04-09T10:05:49Z

This post was first published in the Business Standard, on April 2, 2020.

This is a time when, as the authorities deal with a lockdown, there needs to be an equal emphasis on providing for large numbers of people without the money for food and necessities, while the rest of us wait it out. Hard as it is, an MIT scholar writes that after the Spanish flu in 1918, cities that restricted public gatherings sooner and longer had fewer fatalities, and emerged with stronger economic growth.1 It is likely that costs and benefits vary with economic and social capacity, and we may have a harder time with it here. Going forward, government action to help provide relief, rehabilitate people and deal with loss needs to be well planned, including targeting aid to the urban and displaced poor.2

As important now as to ensure the lockdown continues is to plan on how to revive productive activity and the economy, and restore public confidence. A systematic approach will likely yield better results.

A major element of the recovery plan is steps such as liberal credit and amortisation terms, perhaps much more than the three-month extension the Reserve Bank of India (RBI) has announced. A primary purpose is the re-initiation of large-scale activities such as construction, of which there are reportedly about 200,000 large projects around the country. These have to be nursed back to being going concerns. The RBI may need to consider doing more, including lowering rates.

An ominous development that has grown as the economy slowed is financial stress that could swell non-performing assets (NPAs). At the half-year ending September 2019, about half of non-financial large corporations in India, excluding telecom, showed financial stress (see table).

Source: Krishna Kant: "Coronavirus shutdown puts Rs 15-trillion debt at risk, to impact finances", BS, March 30, 2020:

https://www.business-standard.com/article/markets/coronavirus-shutdown-puts-rs-15-trillion-debt-at-risk-to-impact-finances-120032901036_1.html

These include some of India’s largest companies, producing power, steel, and chemicals. The 201 companies have total debt of nearly Rs 15 trillion, more than half of all borrowings. There is also the debt overhang of the National Highways Authority of India, and of the telecom companies. Ironically, the telecom companies are our lifeline now, despite having nearly collapsed under debt because of ill-advised policies in the past, which have still not changed. Perhaps our obvious dependence telecom services now will spark well conceived, convergent policies for this sector, so that we can function effectively.

A start with immediate changes in administrative rules for 60GHz, 70-80GHz, and 500-700MHz wireless use, modelled on the US FCC regulations as was done for the 5GHz Wi-Fi in October 2018, could change the game. It will provide the opportunity in India for the innovation of devices, their production, and use, possibly unleashing this sector. This can help offset our reliance on imported technology and equipment. However, such changes in policies and purchasing support have eluded us thus far. Now, the only way our high-technology manufacturers can thrive is to succeed internationally, in order to be able to sell to the domestic market. Imagine how hard that might be, and you begin to get an inkling of why we have few domestic product champions, struggling against odds in areas such as optical switches, networking equipment, and wireless devices. For order-of-magnitude change, however, structural changes need to be worked out in consultation with operators in the organisation of services through shared infrastructure.

For the longer term, a fundamental reconsideration for allocating resources is needed through coherent, orchestrated policy planning and support. What the government can do as a primary responsibility, besides ensuring law and order and security, is to develop our inadequate and unreliable infrastructure, including facilities and services that enable efficient production clusters, their integrated functioning, and skilling. For instance, Apple’s recent decision against moving iPhone production from China to India was reportedly because similar large facilities (factories of 250,000) are not feasible here, and second, our logistics are inadequate. Such considerations should be factored into our planning, although Apple may well have to revisit the very sustainability of the concept of outsize facilities that require the sort of repressive conditions prevailing in China. However, we need not aim for building unsustainable mega-factories. Instead, a more practical approach may be to plan for building agglomerations of smaller, sustainable units, that can aggregate their activity and output effectively and efficiently. Such developments could form the basis of numerous viable clusters, and where possible, capitalise on existing incipient clusters of activities. Such infrastructure needs to be extended to the countryside for agriculture and allied activities as well, so that productivity increases with a change from rain-fed, extensive cultivation to intensive practices, with more controlled conditions.

The automotive industry, the largest employer in manufacturing, provides an example for other sectors. It was a success story like telecom until recently, but is now floundering, partly because of inappropriate policies, despite its systematic efforts at incorporating collaborative planning and working with the government. It has achieved the remarkable transformation of moving from BS-IV to BS-VI emission regulations in just three years, upgrading by two levels with an investment of Rs 70,000 crore, whereas European companies have taken five to six years to upgrade by one level. This has meant that there was no time for local sourcing, and therefore heavy reliance on global suppliers, including China. While the collaborative planning model adopted by the industry provides a model for other sectors, the question here is, what now. In a sense, it was not just the radical change in market demand with the advent of ridesharing and e-vehicles, but also the government’s approach to policies and taxation that aggravated its difficulties.

Going forward, policies that are more congruent in terms of societal goals, including employment that support the development of large manufacturing opportunities, need to be thought through from a perspective of aligning and integrating objectives (in this case, transportation). Areas such as automotive and other industries for the manufacture of road and rail transport vehicles need to be considered from the perspective of reconfiguring the purpose, flow, and value-added, to achieve both low-cost, accessible mass transport, and vehicles for private use that complement transportation objectives as also employment and welfare.

Systematic and convergent planning and implementation across sectors could help achieve a better revival.

Shyam (no space) Ponappa at gmail dot com

1: https://www.reuters.com/article/us-health-coronavirus-usa-reopen-analysi/the-u-s-weighs-the-grim-math-of-death-vs-the-economy-idUSKBN21H1B4

2: https://www.financialexpress.com/opinion/the-coronavirus-lockdown-and-indias-urban-vulnerables/1915316/

For more details visit https://cis-india.org/internet-governance/blog/after-the-lockdown

After Supreme Court Setback, Fintech Firms Await Clarity On Aadhaar

Admin — 2018-10-01T23:39:42Z

The 12-digit Aadhaar number is now out of bounds for fintech companies in India.

The article by Nishant Sharma was published in Bloomberg Quint on September 27, 2018. Pranesh Prakash was quoted.

Video

With the Supreme Court on Wednesday terming Aadhaar authentication by private companies as “unconstitutional”, companies such as online wallets and e-tailers, among others, will now have to make changes to how they onboard and verify customers, in addition to how they transact.

In a 567-page majority judgment authored by Justice Sikri and concurred upon by two other judges—Chief Justice Dipak Misra and Justice AM Khanwilkar—it said that Section 57 of the Aadhaar Act, which allows private companies to use Aadhaar for authentication services based on a contract between the corporate and an individual, would enable commercial exploitation of private data and hence is unconstitutional.

“What it essentially means is that the private bodies, such as lending platforms, wallets, or any private entity, cannot use Aadhaar for authentication,” said Anirudh Rastogi founder at Ikigai Law (formerly TRA), a law firm that specialises in representing businesses on data privacy.

The decision is set to impact private companies right from Flipkart-owned PhonePe, Paytm, Reliance Jio and Amazon, among others, which rely on Aadhaar for e-verification. Amazon recently launched cardless equated monthly installments on Amazon Pay through the digital finance platform Capital Float and asked customers to provide Aadhaar numbers or virtual ID and PAN details on the Amazon app for verification.

'Aadhaar Is Just Another ID'

Pranesh Prakash, fellow, Centre for Internet and Society, said that with this judgment Aadhaar is no longer an identity infrastructure as its creators have dreamt of. “It is now just another ID.”

For those opposed to Aadhaar, on privacy and security grounds, this may be a part victory. But for the Fintech industry it stymies the use of quick Aadhaar-based e-KYC (know your customer norms) to onboard customers. “The fintech industry thrives on the instant paperless mantra, and this move will curb its rapid growth, ” Amrish Rau, co-founder of PayU, said in a text message.

The verdict is also set to push up costs for the industry. Rau said: “Conducting physical KYC would be a costly affair, with every physical KYC costing about Rs 100 per person.”

Companies like PhonePe await more clarity. “We are waiting to hear from bodies like the Reserve Bank of India, UIDAI on what KYC that will be required for wallets moving ahead," Sameer Nigam, cofounder of PhonePe, said. "Whether we go to no KYC, lower limit environment or go to the physical KYC environment."

The judgment also stated that the identification number will not be mandatory for opening bank accounts, mobile-phone connections or for admissions into educational institutions. However, Aadhaar will continue to be mandatory for the distribution of state-sponsored welfare schemes including direct benefit transfers and the public distribution system. Taxpayers will have to link their Permanent Account Numbers to the biometric database.

Aadhaar-Based KYC: Allowed With Consent?

The Supreme Court has concluded that the part of section 57 which enables body corporate and individuals also to seek authentication, that too on the basis of a contract between the individual and such body corporate or person, would impinge upon the right to privacy of such individuals.

Prasanna S, a Supreme Court advocate and lawyer for one of the petitioners in the Aadhaar matter interpreted it to mean that even if a customer voluntarily wants to use Aadhaar for e-KYC, businesses cannot accept it.

They have struck down the part of Section 57 that allows use of Aadhaar based on a contract. A contract, by nature is voluntary, But since the court has struck down this part, even voluntary use won’t be permitted.

Prasanna S, Advocate, Supreme Court

Jaitley Hints At Legal Backing

Meanwhile, Finance Minister Arun Jaitley on Wednesday hinted that the Centre is likely to examine whether separate legal backing is needed for Section 57 of the Aadhaar Act, the newswire PTI reported. “So, let us first read the judgement. There are two-three prohibited areas. Are they because they are totally prohibited or are they because they need legal backing,” Jaitley was quoted as saying.

Rastogi of Ikigai Law said that the court has left open for the government to promulgate a law to enable private parties to use Aadhaar that can withstand judicial scrutiny.

Rahul Matthan, a technology partner at law firm Trilegal differed with this view. He said that since the apex court has ruled that private entities cannot access the Aadhaar infrastructure, it means that even if the government brings a specific law to allow for that, it would be unconstitutional.

Prasanna agreed with this interpretation.

The court has hinted that commercial exploitation of personal information will fail the proportionality test laid down by it in the Right to Privacy judgment. This is one of the grounds for them to conclude that Section 57 is unconstitutional. So even a law is introduced, private access will be impermissible.

Prasanna S, Advocate, Supreme Court

Are Aadhaar-Based KYCs Tainted?

Since the use of Aadhaar by private entities has been struck down, does it mean entities who have used it for KYC so far have to re-do that exercise? And data that was collected as part of Aadhaar-based KYC- does that need to be deleted?

The majority order hasn’t specifically addressed these questions, Matthan pointed out. But went on to explain that his reading of the judgment is that the court wants things to remain as they are.

The Supreme Court has said that collection of data before the Aadhaar Act was introduced is valid. If you follow that sentiment, may be we can argue that there’s no requirement to delete the data.

Rahul Matthan, Partner, Trilegal

Whatever has been done without the authority of law has to go, Prasanna said. But this outcome may not be practical and another hearing before the Supreme Court may be required to clear these questions, he added.

Private entities such as the online cab aggregator Ola have already removed eKYC from its e-wallet when BloombergQuint last checked. Others may follow suit.

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-nishant-sharma-september-27-2018-after-sc-setback-fintech-firms-await-clarity-on-aadhaar

After Securing Net Neutrality In India, TRAI Goes To Bat For Data Privacy

Admin — 2018-07-29T05:28:20Z

This will be a stop-gap measure before the creation of a privacy bill.

The article by Gopal Sathe was published in Huffington Post on July 16, 2018. Pranesh Prakash was quoted.

Last week, the Department of Telecom gave the nod to net neutrality regulations, ensuring that there would be no discrimination of data at a time when the US is moving in the opposite direction. The net neutrality norms were based on the recommendations from the Telecom Regulatory Authority of India (TRAI) - which the BBC in November described as the world's strongest - but the regulator isn't celebrating right now - it's moved on to another equally important topic - privacy and data protection.

On Monday, TRAI announced its recommendations on privacy, security, and ownership of data in the telecom sector, and the 77 page document serves as the first major public guidelines on privacy and data protection in India.

TRAI has outlined a consent based framework, where users have to clearly choose what data is being used, which bears some similarities to Europes GDPR. TRAI noted that while the right to privacy should not be treated solely as a property right, it must be noted that the controllers of personal data are mere custodians without any primary right over the same. In other words, your data should belong to you, and not to Google, or Facebook, or any other company which holds your data.

"The Right to Choice, Notice, Consent, Data Portability, and Right to be Forgotten should be conferred upon the telecommunication consumers," TRAI recommended

In section 2.3, it also notes that meta-data is personal information and as such should be given the same protections. This is an important point given that even metadata can be used to track and identify people accurately. It also noted that there needs to be a right to be forgotten, and once you stop using a service it should not store your data beyond what's mandated by the law, according to section 2.46. Section 2.49 also allows users the right to withdraw consent, which means that even if people have given consent to gathering your data, users will be able to stop tracking on demand.

At the same time, TRAI also noted the stop-gap nature of its recommendations, and said, "till such time a general data protection law is notified by the government, the existing Rules/ License conditions applicable to the Telecom Service Providers for protection of users should be made applicable to all the entities in the digital eco-system."

Good, with some caveats

Early reactions to the recommendations are largely positive. On Twitter, lawyer Apar Gupta, who is one of the founding members of the Internet Freedom Foundation shared some quick thoughts about the recommendations. Describing this as a substantive document he called it "partly positive since it calls for interim safeguards", but added that the "form of some seems problematic."

On the plus side, he noted that many of the protections in the recommendations "focus on a user rights model, which includes notice, choice, consent, portability, deletion and erasure." He also praised the recommendations for not taking a view on data localisation, and that the protections need to apply to private as well as state entities.

However, he criticized the fact that TRAI is planning to impose license conditions on all OTT providers - that is to say, all third party services. He also noted that the recommendations did not directly address state surveillance. He also pointed out that an Electronic Consent Framework as described in the recommendations may "centralise consent requests thereby may end up generating more personal data and unifying them into a single portal managed by the govt/regulators."

"We are happy with the TRAI's recommendations on Privacy, Security and Ownership of Data as the regulator is calling for all digital entities to be brought under data protection framework. This would include all devices, operating systems, browsers, and applications and would be welcome stop-gap measure till rules and regulations of the telecom services providers are applicable to them," said Rajan Matthews, DG Cellular Operators Association of India.

"This will ensure, in prevailing circumstances, that the privacy of users is protected and maintained. National security and privacy issues are of paramount importance. Accordingly, the regulator by making this recommendation, is ensuring that no exception is made for any service provider, while subjecting them to the rules to meet the national security and privacy norms. However, this is our preliminary view and we will need to review the other recommendations to determine their implications."

Speaking in a television interview, Pranesh Prakash, Policy Director at the Centre for Internet and Society, said he's still processing the document, but "on the face of it it seems good."

"There are still certain concerns I have which haven't been addressed. The telecom licenses themselves, which are issued by the Government of India, require a whole lot of data to be collected, metadata to be collected, by telecom companies. So I'm not sure how that requirement by the Government of India squares off with what is now being recommended by TRAI."

"Let me also point out that one of the things that TRAI says, and it might be exceeding its brief a little bit, is that it says this should not only cover telecom operators, but also device manufacturers, operating systems, application creators, and other kinds of software. What TRAI seems to want to do is actually quite a bit more than what I think the DoT has, or really ought to be doing. I really don't understand whether this will find any favour in the interim before the government decides to take up the Justice Srikrishna Committee report."

Justice Srikrishna committee report still due

Although TRAI's recommendations are an important document, and will serve as stopgap privacy rules, India is also on the verge of a data protection and privacy bill, which will be based on the recommendations of the Justice BN Srikrishna committee on the subject. The committee was formed in August and was expected to deliver its report in June, but sources say that disagreements over the Aadhaar have caused some delays.

The committee is expected to send its recommendations to the government soon, at which point things could change, but for now, TRAI's recommendations are an important development as India moves to secure the privacy of its people.

Ahead of that though, you can read the full TRAI recommendations here.

For more details visit https://cis-india.org/internet-governance/news/huffington-post-gopal-sathe-july-16-2018-after-securing-net-neutrality-in-india-trai-goes-to-bat-for-data-privacy

After data leak row, Facebook imposes restrictions on user data access

Admin — 2018-04-07T15:30:31Z

MEIT issues notice to Facebook even as experts debate absolute impact on the second largest developer community.

The article by Romita Majumdar and Kiran Rathee was published in Business Standard on April 6, 2018.

Social media giant Facebook has finally reacted to the global storm around its data privacy policies by bringing in a new set of restrictions on developers and data aggregators using the platform for data harvesting.

“Two weeks ago we promised to take a hard look at the information apps can use when you connect them to Facebook as well as other data practices. We will remove a developer’s ability to request data people shared with them if it appears they have not used the app in the last 3 months,” said Facebook Chief Technology Officer Mark Schroepfer in a blog.

Facebook has also disabled the feature to search a user by their email address or phone number which has been abused by malicious actors and reduced the overall control that the app will have on user data.

Facebook has also submitted its response to the Indian government saying over 500,000 people in India have been potentially affected by the data breach involving Cambridge Analytica. The government sources said as the social networking firm has now accepted that Indians’ data was compromised; it makes the issue much more important and serious. “We will wait for Cambridge Analytica’s reply and then, we will take our stand,” sources in Electronics and IT Ministry said.

The Ministry had issued notices to both Facebook and Cambridge Analytica, seeking their responses regarding the data breach of Indians and if it was used to influence elections.

The new set of restrictions clamp down on how much data app developers access on the platform and also prevent third part data providers from offering targeted marketing services on Facebook.

"India is the second largest Facebook developer base and the restriction on users' data access is going to impact all of them. There will be more scrutiny in Facebook apps, leading to slower approvals. Virality will reduce as explicit consent will be required for accessing friends' data and contacts list, “ said Vivek Prakash, CTO and Co-Founder, HackerEarth.

He added that there could be tighter terms of service making developers also liable for unauthorized processing of data that they collect from the apps.

Executive Director of Center for Internet and Society Sunil Abraham says that while Facebook says “apps need to agree to strict requirements” and “tightening our review process” it is still not clear what these requirements are. “Instead of the promised link to whether user data was accessed by Cambridge Analytica, it would make sense for them to say Facebook holds W number of records across X databases over the time period Y, which totals Z Gb while explaining what these variables stand for,” he said.

Consumer data marketing company Hansa Cequity believes that digital marketing arms of most companies will finally have to consider building their own user database given the strict clampdown on third party data.“Businesses can no more use data from third party aggregators for targeted advertising. Consumer goods and entertainment related brands are likely to face some impact because they depend on access to such data,” said S Swaminathan, Co-Founder and CEO, Hansa Cequity.

Some experts also believe that this move might force platforms like Twitter, Google and YouTube to rethink their policies on how much access they give advertisers and data aggregators to user data. Abraham also added that app developers and their investors have to evaluate business models that depend more on value to user rather than the amount of personal data harvested. The data that has already been harvested by the likes of Cambridge Analytica and other unknown parties, however, is beyond user control forever.

For more details visit https://cis-india.org/internet-governance/news/business-standard-romita-majumdar-and-kiran-rathee-after-data-leak-row-facebook-imposes-restrictions-on-user-data-access

Advancing Cyberstability Final Report

Admin — 2019-11-13T14:25:59Z

Centre for Internet & Society (CIS) was acknowledged in the final report of the Global Commission on Stability of Cyberspace

CIS had engaged with the Commission throughout the process. An issue brief authored by Elonnai Hickok and Arindrajit Basu was published by them last year. A submission made by Gurshabad Grover, Elonnai Hickok, Karan Saini and Arindrajit Basu was also acknowledged. See the list of acknowledgements here.

For more details visit https://cis-india.org/internet-governance/news/advancing-cyberstability-final-report

Advanced biometric technologies and new market entries tackle fraud, chase digital ID billions

Chris Burt — 2021-06-28T01:13:05Z

Amid forecasts of rapid growth and huge market potential, digital ID platforms launches by Techsign and Ping Identity, new services, features and even an investment fund have been launched.

The blog post by Chris Burt was published by Biometric Update on June 26, 2021.

A new camera solution for under-display 3D face biometrics from Infineon and partners, and IPO filings by Clear and SenseTime show parallel investment activity in biometrics, meanwhile, and experts from Veridium and Intellicheck provide insight into the shifting technology and fraud landscapes, among the most widely-read stories this week on Biometric Update.

Top biometrics news of the week

Several areas of the digital identity market continued to be very active, with a new investment fund launched to support startups in digital commerce and payments, Yoti joining a regulatory sandbox, Techsign launching a digital ID platform, and Mastercard and b.well reporting positive results from a recent pilot for their biometric healthcare platform. All this activity contributes to explaining Juniper Research’s forecast of rapid growth in the sector to $16.7 billion in 2026, driven largely by spending on remote onboarding.

Okta CEO Todd McKinnon, meanwhile, told Barron’s that the total addressable market for identity and access management providers like Okta is something like $80 billion, as well as that effective integration is the key to solving biometrics challenges in the space. Entrust and Yubico formed an integration partnership, LoginRadius launched a new feature, Jamf launched a biometric tool for enterprises, and a certification program for IAM professionals was launched.

A list of goods for sale on the dark web includes a listing for selfies holding an American ID credential, which in theory could be used in a biometric spoofing attack. Cybersecurity researcher Luana Pascu helps guide readers through the report, and shares insights such as on the status of faked vaccination certificates on dark web marketplaces.

Ensuring the validity of the ID document a biometric identity verification process is based on, without adding too much friction, often means adopting layered risk profiling, Intellicheck CEO Bryan Lewis tells Biometric Update in a sponsored post. The company has deep roots in detecting fraudulent documents and has found that even scanning the barcode on an identity document will not necessarily catch a fake if the unique security elements are not validated as part of the scan.

Fourthline Anti-Financial Crime Head Ro Paddock writes in a Biometric Update guest post about the ever-increasing sophistication of fraud attacks, which reached the level of computer-generated 3D masks and deepfakes during the pandemic,. In response, information-sharing between organizations will be necessary to understand the scope of these new threats, and how to defend against them.

Philippines’ election commission has launched an app to allow people to preregister for the voter roll online before enrolling their biometrics in person, as the country continues digitizing its public services. Governments in Pakistan, Haiti and Nigeria are also making moves to improve the accessibility and trustworthiness of their electoral processes.

A partnership between Research ICT Africa and the Centre for Internet and Society, supported by the Omidyar Network, to explore the development of digital ID systems for the African context is explained in a blog post. The project will be based on an adaptation of the Evaluation Framework for Digital Identities which the CIS used to assess India’s Aadhaar system, with rule of law, rights and risk-based tests, and presented in a series of posts.

Details of Clear’s IPO plans emerged, including its intention to raise up to $396 million on the NYSE. The $2.2 billion valuation aligns with some comparable companies, by revenue multiple, but the lower voting power of the shares on offer could be a restraining factor.

An even bigger IPO could be held by SenseTime later this year, with the Chinese AI firm looking to raise up to $2 billion on the Hong Kong exchange. The company has been talking about a public stock launch since before the company was hit with restrictions to U.S. trade, which it indicates have had little impact.

The latest major funding round in digital identity is the largest yet, with Transmit Security raising $543 million at a $2.2 billion valuation to expand the market reach of its passwordless biometric authentication technology. The company claims it is the highest ever Series A funding round in cybersecurity.

Bob Eckel, Aware CEO and International Biometrics + Identity Association (IBIA) Director and Board Member, discusses why people should own their own identity, identifying things and protecting supply chains, and his background in setting up air traffic control systems used all over the world with the Requis Supply Chain Next podcast. In the longer term Eckel sees biometric replacing passwords, and in the shorter term being used to make processes touchless.

Veridium CTO John Callahan guides Biometric Update through recent NIST guidance on the interoperable use of contactless fingerprints with contact-based back-end AFIS systems. The guidance, which changes definitions within the NIST ITL biometric container standard, but advises that the associated image quality metric does not apply to contactless prints, could spark further investment in the modality.

A new time-of-flight 3D imaging solution that could be used to implement facial authentication from under the display of mobile devices without notches or bezels has been developed by partners Infineon, pmdtechnologies and ArcSoft. Based on the REAL3 sensor and ArcSoft’s computer vision algorithms, the solution is expected to reach availability in Q3 2021.

Ping Identity has acquired SecuredTouch in a deal with undisclosed financial details to integrate its behavioral biometrics-based continuous user authentication with the PingOne enterprise cloud platform. Ping also launched a consumer application for reusable credentials and added unified management features to its cloud platform at its Identiverse 2021 event.

Notre Dame-IBM Technology Ethics Lab Founding Director Elizabeth Renieris joins the MIT Sloan Management Review’s Me, Myself and AI podcast to discuss the role of the lab, her path past and through some of the digital identity space’s key ethical developments, and the need to take the long view on technology to understand its ethical implications. Renieris makes a pitch for process-oriented regulations, based on the best understanding we have at the time.

ProctorU’s announcement that it will no longer sell fully-automated remote proctoring services is seen as a win in the battle against “the AI shell game” by the Electronic Frontier Foundation. The descriptions of the balance between the automated and human decision-making by AI proctoring providers amount to doublespeak, the EFF says, before panning their human review processes, accuracy rates, and use of facial recognition.

For more details visit https://cis-india.org/internet-governance/news/biometric-update-june-26-2021-chris-burt-advanced-biometric-technologies-and-new-market-entries-tackle-fraud-chase-digital-id-billions

Adoption of Standards in Smart Cities - Way Forward for India

vanya — 2016-04-11T03:04:46Z

With a paradigm shift towards the concept of “Smart Cities’ globally, as well as India, such cities have been defined by several international standardization bodies and countries, however, there is no uniform definition adopted globally. The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient.

Click here to download the full file

Globally, the pace of urbanization is increasing exponentially. The world’s urban population is projected to rise from 3.6 billion to 6.3 billion between 2011 and 2050. A solution for the same has been development of sustainable cities by improving efficiency and integrating infrastructure and services [1]. It has been estimated that during the next 20 years, 30 Indians will leave rural India for urban areas every minute, necessitating smart and sustainable cities to accommodate them [2]. The Smart Cities Mission of the Ministry of Urban Development was announced in the year 2014, followed by selection of 100 cities in the year 2015 and 20 of them being selected for the first Phase of the project in the year 2016. The Mission [3] lists the “core infrastructural elements” that a smart city would incorporate like adequate water supply, assured electricity, sanitation, efficient public transport, affordable housing (especially for the poor), robust IT connectivity and digitisation, e-governance and citizen participation, sustainable environment, safety and security for citizens, health and education.

With a paradigm shift towards the concept of “Smart Cities’ globally, as well as India, such cities have been defined by several international standardization bodies and countries, however, there is no uniform definition adopted globally. The envisioned modern and smart city promises delivery of high quality services to the citizens and will harness data capture and communication management technologies. The performance of such cities would be monitored on the basis of physical as well as the social structure comprising of smart approaches and solution to utilities and transport.

The glue that allows infrastructures to link and operate efficiently is standards as they make technologies interoperable and efficient. Interoperability is essential and to ensure smart integration of various systems in a smart city, internationally agreed standards that include technical specifications and classifications must be adhered to. Development of international standards ensure seamless interaction between components from different suppliers and technologies [4].

Standardized indicators within standards benefit smart cities in the following ways:

Effective governance and efficient delivery of services.
International and Local targets, benchmarking and planning.
Informed decision making and policy formulation.
Leverage for funding and recognition in international entities.
Transparency and open data for investment attractiveness.
A reliable foundation for use of big data and the information explosion to assist cities in building core knowledge for city decision-making, and enable comparative insight.

The adoption of standards for smart cities has been advocated across the world as they are perceived to be an effective tool to foster development of the cities. The Director of the ITU Telecommunication Standardization Bureau Chaesub Lee is of the view that “Smart cities will employ an abundance of technologies in the family of the Internet of Things (IoT) and standards will assist the harmonized implementation of IoT data and applications , contributing to effective horizontal integration of a city’s subsystems” [5].

Smart Cities standards in India

National Association of Software and Services Companies (NASSCOM) partnered with Accenture [6] to prepare a report called ‘Integrated ICT and Geospatial Technologies Framework for 100 Smart Cities Mission’ [7] to explore the role of ICT in developing smart cities [8], after the announcement of the Mission by Indian Government. The report, released in May 2015, lists down 55 global standards, keeping in view several city sub-systems like urban planning, transport, governance, energy, climate and pollution management, etc which could be applicable to the smart cities in India.

Though NASSCOM is working closely with the Ministry of Urban Development to create a sustainable model for smart cities [9], due to lack of regulatory standards for smart cities, the Bureau of Indian Standards (BIS) in India has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area [10].

Developing national standards in line with these international standards would enable interoperability (i.e. devices and systems working together) and provide a roadmap to address key issues like data protection, privacy and other inherent risks in the digital delivery and use of public services in the envisioned smart cities, which call for comprehensive data management standards in India to instill public confidence and trust [11].

Key International Smart Cities Standards

Following are the key internationally accepted and recognized Smart Cities standards developed by leading organisations and the national standardization bodies of several countries that India could adopt or develop national standards in line with these.

The International Organization for Standardization (ISO) - Smart Cities Standards

ISO is an instrumental body advocating and developing for smart cities to safeguard rights of the people against a liveable and sustainable environment. The ISO Smart Cities Strategic Advisory Group uses the following working definition: A ‘Smart City’ is one that dramatically increases the pace at which it improves its social, economic and environmental (sustainability) outcomes, responding to challenges such as climate change, rapid population growth, and political and economic instability by fundamentally improving how it engages society, how it applies collaborative leadership methods, how it works across disciplines and city systems, and how it uses data information and modern technologies in order to transform services and quality of life for those in and involved with the city (residents, businesses, visitors), now and for the foreseeable future, without unfair disadvantage of others or degradation of the natural environment. [For details see ISO/TMB Smart Cities Strategic Advisory Group Final Report, September 2015 ( ISO Definition, June 2015)].

The ISO Technical Committee 268 works on standardization in the field of Sustainable Development in Communities [12] to encourage the development and implementation of holistic, cross-sector and area-based approaches to sustainable development in communities. The Committee comprises of 3 Working Groups [13]:

Working Group 1: System Management ISO 37101- This standard sets requirements, guidance and supporting techniques for sustainable development in communities. It is designed to help all kinds of communities manage their sustainability, smartness and resilience to improve the contribution of communities to sustainable development and assess their performance in this area [14].
Working Group 2 : City Indicators- The key Smart Cities Standards developed by ISO TC 268 WG 2 (City Indicators) are:

ISO 37120 Sustainable Development of Communities — Indicators for City Services and Quality of Life

One of the key standards and an important step in this regard was ISO 37120:2014 under the ISO’s Technical Committee 268 (See Working on Standardization in the field of Sustainable Development in Communities) providing clearly defined city performance indicators (divided into core and supporting indicators) as a benchmark for city services and quality of life, along with a standard approach for measuring each for city leaders and citizens [15]. The standard is global in scope and can help cities prioritize city budgets, improve operational transparency, support open data and applications [16]. It follows the principles [17] set out and can be used in conjunction with ISO 37101.

ISO 37120 was the first ISO Standard on Global City Indicators published in the year 2014, developed on the basis of a set of indicators developed and extensively tested by the Global City Indicators Facility (a project by University of Toronto) and its 250+ member cities globally. GCIF is committed to build standardized city indicators for performance management including a database of comparable statistics that allow cities to track their effectiveness on everything from planning and economic growth to transportation, safety and education [18].

The World Council on City Data (WCCD) [19] - a sister organization of the GCI/GCIF - was established in the year 2014 to operationalize ISO 37120 across cities globally. The standards encompasses 100 indicators developed around 17 themes to support city services and quality of life, and is accessible through the WCCD Open City Data Portal which allows for cutting-edge visualizations and comparisons. Indian cities are not yet listed with WCCD [20].

The indicators are listed under the following heads [21]:

Economy
Education
Environment
Energy
Finance
Fire and Emergency Responses
Governance
Health
Safety
Shelter
Recreation
Solid Waste
Telecommunication and innovation
Transportation
Urban Planning
Waste water
Water and Sanitation

This International Standard is applicable to any city, municipality or local government that undertakes to measure its performance in a comparable and verifiable manner, irrespective of size and location or level of development. City indicators have the potential to be used as critical tools for city managers, politicians, researchers, business leaders, planners, designers and other professionals [22]. The WCCD forum highlights need for cities to have a set of globally standardized indicators to [23]:

Manage and make informed decisions through data analysis
Benchmark and target
Leverage Funding with senior levels of government
Plan and establish new frameworks for sustainable urban development
Evaluate the impact of infrastructure projects on the overall performance of a city.

ISO/DTR 37121- Inventory and Review of Existing Indicators on Sustainable Development and Resilience in Cities

The second standard under ISO TC 268 WG 2 is ISO 37121, which defines additional indicators related to sustainable development and resilience in cities. Some of the indicators include: Smart Cities, Smart Grid, Economic Resilience, Green Buildings, Political Resilience, Protection of biodiversity, etc. The complete list can be viewed on the Resilient Cities website [24].

Working Group 3: Terminology - There are no publicly available documents so far, giving details about the status of the activities of this group. The ISO Technical Committee 268 also includes Sub Committee 1 (Smart Community Infrastructure) [25], comprising of the following Working Groups: 1) WG 1 Infrastructure metrics, and 2) WG 2 Smart Community Infrastructure.

The key Smart Cities Standards developed by ISO under this are:

ISO 37151:2015 Smart community infrastructures — Principles and Requirements for Performance Metrics
In the year 2015, a new ISO technical specification for smart cities- 37151:2015 for Principles and requirements for performance metrics was released. The purpose of standardization in the field of smart community infrastructures such as energy, water, transportation, waste, information and communications technology (ICT), etc. is to promote the international trade of community infrastructure products and services and improve sustainability in communities by establishing harmonized product standards [26]. The metrics in this standard will support city and community managers in planning and measuring performance, and also compare and select procurement proposals for products and services geared at improving community infrastructures [27].
This Technical Specification gives principles and specifies requirements for the definition,identification, optimization, and harmonization of community infrastructure performance metrics, and gives recommendations for analysis, regarding interoperability, safety, security of community infrastructures [28]. This new Technical Specification supports the use of the ISO 37120 [29].
ISO/TR 37150:2014 Smart Community Infrastructures - Review of Existing Activities Relevant to Metrics
This standard addresses community infrastructures such as energy, water, transportation, waste and information and communications technology (ICT). Smart community infrastructures take into consideration environmental impact, economic efficiency and quality of life by using information and communications technology (ICT) and renewable energies to achieve integrated management and optimized control of infrastructures. Integrating smart community infrastructures for a community helps improve the lifestyles of its citizens by, for example: reducing costs, increasing mobility and accessibility, and reducing environmental pollutants.
ISO/TR 37150 reviews relevant metrics for smart community infrastructures and provides stakeholders with a better understanding of the smart community infrastructures available around the world to help promote international trade of community infrastructure products and give information about leading-edge technologies to improve sustainability in communities [30]. This standard, along with the above mentioned standards [31] supports the multi-billion dollar smart cities technology industry.

Several other ISO Working Groups developing standards applicable to smart and sustainable cities have been listed in our website [32].

The International Telecommunications Union (ITU)

The ITU is another global body working on development of standards regarding smart cities.

A study group was formed in the year 2015 to tackle standardization requirements for the Internet of Things, with an initial focus on IoT applications in smart cities to address urban development challenges [33], to enable the coordinated development of IoT technologies, including machine-to-machine communications and ubiquitous sensor networks. The group is titled “ITU-T Study Group 20: IoT and its applications, including smart cities and communities”, established to develop standards that leverage IoT technologies to address urban-development challenges and the mechanisms for the interoperability of IoT applications and datasets employed by various vertically oriented industry sectors [34].

ITU-T also concluded a focused study group looking at smart sustainable cities in May 2015, acting as an open platform for smart city stakeholders to exchange knowledge in the interests of identifying the standardized frameworks needed to support the integration of ICT services in smart cities. Its parent group is ITU-T Study Group 5, which has agreed on the following definition of a Smart Sustainable City:
"A smart sustainable city is an innovative city that uses information and communication technologies (ICTs) and other means to improve quality of life, efficiency of urban operation and services, and competitiveness, while ensuring that it meets the needs of present and future generations with respect to economic, social, environmental as well as cultural aspects".

UK - British Standards Institution

Apart from the global standards setting organisations, many countries have been looking at developing standards to address the growth of smart cities across the globe. In the UK, the British Standards Institution (BSI) has been commissioned by the UK Department of Business, Innovation and Skills (BIS) to conceive a Smart Cities Standards Strategy to identify vectors of smart city development where standards are needed. The standards would be developed through a consensus-driven process under the BSI to ensure good practise is shared between all the actors. The BIS launched the City's Standards Institute to bring together cities and key industry leaders and innovators to work together in identifying the challenges facing cities, providing solutions to common problems and defining the future of smart city standards [35].

PAS 181 Smart city framework- Guide to establishing strategies for smart cities and communities establishes a good practice framework for city leaders to develop, agree and deliver smart city strategies that can help transform their city’s ability to meet challenges faced in the future and meet the goals. The smart city framework (SCF) does not intend to describe a one-size-fits-all model for the future of UK cities but focuses on the enabling processes by which the innovative use of technology and data, together with organizational change, can help deliver the diverse visions for future UK cities in more efficient, effective and sustainable ways [36].
PD 8101 Smart cities- Guide to the role of the planning and development process gives guidance regarding planning for new development for smart city plans and provides an overview of the key issues to be considered and prioritized. The document is for use by local authority planning and regeneration officers to identify good practice in a UK context, and what tools they could use to implement this good practice. This aims to enable new developments to be built in a way that will support smart city aspirations at minimal cost [37].
PAS 182 Smart city concept model. Guide to establishing a model for data establishes an interoperability framework and data-sharing between agencies for smart cities for the following purposes:
1. To have a city where information can be shared and understood between organizations and people at each level
2. The derivation of data in each layer can be linked back to data in the previous layer
3. The impact of a decision can be observed back in operational data. The smart city concept model (SCCM) provides a framework that can normalize and classify information from many sources so that data sets can be discovered and combined to gain a better picture of the needs and behaviours of a city’s citizens (residents and businesses) to help identify issues and devise solutions. PAS 182 is aimed at organizations that provide services to communities in cities, and manage the resulting data, as well as decision-makers and policy developers in cities [38].
PAS 180 Smart cities Vocabulary helps build a strong foundation for future standardization and good practices by providing an industry-agreed understanding of smart city terms and definitions to be used in the UK. It provides a working definition of a Smart City- “Smart Cities” is a term denoting the effective integration of physical, digital and human systems in the built environment to deliver a sustainable, prosperous and inclusive future for its citizens [39]. This aims to help improve communication and understanding of smart cities by providing a common language for developers, designers, manufacturers and clients. The standard also defines smart city concepts across different infrastructure and systems’ elements used across all service delivery channels and is intended for city authorities and planners, buyers of smart city services and solutions [40], as well as product and service providers.

Endnotes

[1] See: http://www.iec.ch/whitepaper/pdf/iecWP-smartcities-LR-en.pdf.

[2] See: http://www.ibm.com/smarterplanet/in/en/sustainable_cities/ideas/.

[3] See: http://www.thehindubusinessline.com/economy/smart-cities-mission-welcome-to-tomorrows-world/article8163690.ece.

[4] See: http://www.iec.ch/whitepaper/pdf/iecWP-smartcities-LR-en.pdf.

[5] See: http://www.iso.org/iso/news.htm?refid=Ref2042.

[6] See: http://www.livemint.com/Companies/5Twmf8dUutLsJceegZ7I9K/Nasscom-partners-Accenture-to-form-ICT-framework-for-smart-c.html.

[7] See: http://www.nasscom.in/integrated-ict-and-geospatial-technologies-framework-100-smart-cities-mission.

[8] See: http://www.cxotoday.com/story/nasscom-creates-framework-for-smart-cities-project/.

[9] See: http://www.livemint.com/Companies/5Twmf8dUutLsJceegZ7I9K/Nasscom-partners-Accenture-to-form-ICT-framework-for-smart-c.html.

[10] See: http://www.business-standard.com/article/economy-policy/in-a-first-bis-to-come-up-with-standards-for-smart-cities-115060400931_1.html.

[11] See: http://www.longfinance.net/groups7/viewdiscussion/72-financing-financing-tomorrow-s-cities-how-standards-can-support-the-development-of-smart-cities.html?groupid=3.

[12] See: http://www.iso.org/iso/iso_technical_committee?commid=656906.

[13] See: http://cityminded.org/wp-content/uploads/2014/11/Patricia_McCarney_PDF.pdf.

[14] See: http://www.iso.org/iso/news.htm?refid=Ref1877.

[15] See: http://smartcitiescouncil.com/article/new-iso-standard-gives-cities-common-performance-yardstick.

[16] See: http://smartcitiescouncil.com/article/dissecting-iso-37120-why-new-smart-city-standard-good-news-cities.

[17] See: http://www.iso.org/iso/catalogue_detail?csnumber=62436.

[18] See: http://www.cityindicators.org/.

[19] See: http://www.dataforcities.org/.

[20] See: http://news.dataforcities.org/2015/12/world-council-on-city-data-and-hatch.html.

[21] See: http://news.dataforcities.org/2015/12/world-council-on-city-data-and-hatch.html.

[22] See: http://www.iso.org/iso/37120_briefing_note.pdf.

[23] See: http://www.dataforcities.org/wccd/.

[24] See: http://resilient-cities.iclei.org/fileadmin/sites/resilient-cities/files/Webinar_Series/HERNANDEZ_-_ICLEI_Resilient_Cities_Webinar__FINAL_.pdf.

[25] See: http://www.iso.org/iso/iso_technical_committee?commid=656967.

[26] See: https://www.iso.org/obp/ui/#iso:std:iso:ts:37151:ed-1:v1:en.

[27] See: http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref2001&utm_medium=email&utm_campaign=ISO+Newsletter+November&utm_content=ISO+Newsletter+November+CID_4182720c31ca2e71fa93d7c1f1e66e2f&utm_source=Email%20marketing%20software&utm_term=Read%20more.

[28] See: http://www.iso.org/iso/37120_briefing_note.pdf.

[29] See: http://standardsforum.com/isots-37151-smart-cities-metrics/.

[30] See: http://www.iso.org/iso/executive_summary_iso_37150.pdf.

[31] See: http://standardsforum.com/isots-37151-smart-cities-metrics/.

[32] See: http://cis-india.org/internet-governance/blog/database-on-big-data-and-smart-cities-international-standards.

[33] See: http://smartcitiescouncil.com/article/itu-takes-internet-things-standards-smart-cities.

[34] See: https://www.itu.int/net/pressoffice/press_releases/2015/22.aspx.

[35] See: http://www.bsigroup.com/en-GB/smart-cities/.

[36] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-181-smart-cities-framework/.

[37] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8101-smart-cities-planning-guidelines/.

[38] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-182-smart-cities-data-concept-model/.

[39] See: http://www.iso.org/iso/smart_cities_report-jtc1.pdf.

[40] See: http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-180-smart-cities-terminology/.

For more details visit https://cis-india.org/internet-governance/blog/adoption-of-standards-in-smart-cities-way-forward-for-india

Activists welcome privacy Bill, but point out concerns

praskrishna — 2011-04-02T11:42:47Z

Experts have welcomed the government's move to bring in a law for protecting individual privacy, amid concerns about the potential misuse of personal data it is collecting to execute social welfare and security schemes.

But they warn that overlaps with existing laws, a limited consultation process and failure to keep up with technological advances could undercut the utility of the planned legislation.

The Union government has set up a panel of secretary-level officials to prepare a blueprint for a law to protect individual privacy and personal data from misuse, even by the government, Mint reported on Monday.

The government is collecting personal data to operate schemes such as Aadhaar--a project to provide numeric identity cards to all residents, and the National Intelligence Grid (Natgrid), which will track information obtained by 11 law enforcement and intelligence agencies.

These agencies can access details of phone calls, credit card transactions, visa, immigration and property records, and driving licences of all citizens, as well as their iris and thumb-prints.

Lawrence Liang, a lawyer who works with Bangalore-based Alternative Law Forum, said the planned law will check the manner in which private companies use the personal data of citizens.

"Currently, there are only private contracts between individuals and companies on how personal data is used. With this legislation, the individual is more empowered. The state can back him better in case of a dispute," he said.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, which has protested Aadhaar's project structure, also welcomed the move.

"The privacy Bill guidelines are fairly broad. It is early days yet. Their will be a large overlap between the privacy and Aadhaar Bills," he said.

Faking biometric data, for instance, isn't a violation of privacy in the proposed law but could be criminally cognizable under the Aadhaar Bill, Abraham said. "It will be interesting to see how these issues are tackled as there are several nuances and grey areas."

A scientist at the Institute for Genomics and Integrative Biology in New Delhi said new kinds of privacy issues will emerge because of the imminent rise of bioinformatics applications.

There are no products or applications today that rely solely on biometric information to breach individual privacy, he said, requesting anonymity.

"But within five years, it will be easier to collect biometric information and link it to other details such as credit card information and driving licence numbers on a large scale. There could then be issues of privacy that will emerge," he added.

Leo Saldanah, coordinator at the Bangalore-based Environment Support Group and another critic of Aadhaar, said the planned privacy Bill is a sham.

"Privacy is anyway enumerated in our constitutional rights under Article 21. But governments have anyway accessed information via phone taps unencumbered," he said. "I don't think the existence of legislation per se will change matters on the ground."

Link to the article on DailyMe

For the article in Livemint

For more details visit https://cis-india.org/news/privacy-bill

Activists demand judicial probe into WhatsApp snooping

KV Kurmanath — 2019-11-15T00:53:02Z

Calls for Parliamentary supervision over Government interception, legal hacking.

The article by K.V. Kurmanath was published in the Hindu Businessline on November 1, 2019. Sunil Abraham was quoted.

With reports of Israeli spyware being used to snoop on scores of WhatsApp subscribers, cyber security activists have appealed to the Supreme Court to take up the issue suo moto and order an inquiry. Kiran Chandra, a leader of the Free Software Movement of India, has said that the Government should rein in WhatsApp and mandate it to submit the source code, stating that the privacy of individuals is at stake.

Though reports of a breach of the WhatsApp network hit the headlines in the US six months ago, it is only in the last few days that the impact in India has become a burning issue.

“We, for long, have been arguing that the privacy of individuals on the Internet is at risk. The Government should have enough safeguards to ensure their safety,” said Chandra.

Sunil Abraham, Executive Director of the Centre for Internet and Society, has called for a dedicated law to ensure Parliamentary supervision for all Government interception and legal hacking programmes. "The data protection law which is being contemplated by the current administration will not address the surveillance policy question in totality," he pointed out.

"It is a truly worrying development that members of civil society are being targeted using sophisticated surveillance technologies without proper legal basis and without any oversight," he said.

Cyber security and privacy experts took to social media to express concern about the vulnerabilities that expose people to potential risks.

Srinivas Kodali, a privacy activist, said the use of Israeli firm NSO Group’s Pegasus spyware to monitor human rights defenders and academics is a clear violation of their fundamental rights. “The Supreme Court judgement on right to privacy has been very loud and clear that Indians’ fundamental rights can’t be exempted under national security without defining it,” he said, responding to a query on the breach of WhatsApp subscribers’ privacy.

“The operations of national security agencies are completely hidden and are not subjected to any legislative or judicial oversight. This cannot continue as they misuse the powers bestowed on themselves without any law on surveillance from Parliament,” he said.

The Internet Freedom Foundation has expressed concerns about the breaches. It wanted the Government to explain on how this spyware was used in India to hack citizens.

“The Government must issue an official public statement providing complete information. It must also clarify which law empowers it to install such spyware,” it said in a statement.

The US-based social media platform has started sending messages to subscribers whose accounts may have been compromised. It contains information about the breach and a link with a to-do list to stay safe.

The victims of the attack, which purportedly took place in April-May 2019, included human rights activists, journalists and Dalit activists.

At least two victims of the spyware attack confirmed receipt of alert messages from WhatsApp. “I received a call (from abroad) in the first week of October. But I ignored it as it was from an unknown number. I received a message from WhatsApp, alerting me about a probable intrusion,” a civil rights lawyer said.

How it happened

“In May, we stopped an attack where an advanced cyber actor exploited our video calling to install malware on user devices. There’s a possibility this phone number was impacted, and we want to make sure you know how to keep your mobile phone secure,” the message received by the victim said.

WhatsApp, a Facebook arm, sent these special messages to about 1,400 users who may have been impacted by the spyware attack. It is working with The Citizen Lab, a research group with the University of Toronto’s Munk School, to assess the impact of the attack on civil society.

In a statement, WhatsApp said: “We provide end-to-end encryption for all messages and calls by default. (But) This attack was developed to access messages after they were decrypted on an infected device, abusing in-app vulnerabilities and the operating systems that power our mobile phones.”

WhatsApp moved a US court against the Israeli company NSO Group, and its parent company Q Cyber Technologies, alleging that they violated both US and California laws and WhatsApp’s Terms of Service, which prohibited such intrusions.

For more details visit https://cis-india.org/internet-governance/news/hindu-businessline-november-1-2019-kv-kurmanath-activists-demand-judicial-probe-into-whatsapp-snooping

Activists cry foul against Aadhaar

praskrishna — 2012-01-31T04:24:39Z

Biometric experts, jurists and social activists today urged the state government to immediately snap ties with the Unique Identification Authority of India (UIDAI) and stop offering Aadhaar numbers to residents.

Arguing that the creation of Aadhaar numbers had no legislative base as the National Identification Authority of India Bill, 2010, was pending with Parliament, civil society members said UIDAI’s project was unconstitutional.

They pointed out that the parliamentary standing committee had termed the biometric project “directionless”.

“The biometric database of citizens, management of which will remain in the hands of some private companies, severely infringes on the right of citizens to privacy. A rule relating to security of biometric data is yet to come up, but UIDAI is going on generating them,” said Usha Ramanathan, a jurist from Delhi at a meeting on the UID project here.

The meet on Aadhaar was convened in the state capital by the Indian Social Action Forum. The participants included social activist Dayamani Barla, director of Bangalore-based Centre for Internet and Society Sunil Abraham, biometric expert from Mumbai J.T. D’ Souza and member of Citizens’ Forum for Civil Liberties Gopal Krishna, among others.

The unique numbers are expected to be utilised extensively, from opening bank accounts to applying for LPG connections. UIDAI has already generated roughly 10 crore unique numbers.

Neither the Citizenship Act, 1955, nor Citizenship Rules of 2003 permit collection of biometrics, the experts added. “Both the UID and National Population Registrar projects adopt technology that risks national and individual security,” observed D’ Souza.

The news was published in the Telegraph on Thursday, 12 January 2012. Read the original story here

For more details visit https://cis-india.org/news/activists-cry-foul-against-aadhaar

Act now to protect yourself against future ransomware attacks

praskrishna — 2017-07-10T14:46:14Z

There was Wannacry, then Petya, and several other lesser-known ones: With ransomware attacks coming thick and fast, get proactive about protecting yourself.

The article by Sanjay Kumar Singh was published by Business Standard on July 5, 2017.

The Wannacry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates like Maersk and Merck. In India it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October that year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks.

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. "Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator," says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in future.

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: if you download a malicious email attachment, visit a code-carrying web site, via an infected pen drive, and so on.

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say, such .doc files. The user is then informed that his files have been encrypted along with the warning that unless he pays up within the next few hours his files will be deleted. Says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files."

A ransomware attack can be dealt with in two ways: either pay the money and get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Safeguard measure you should adopt
Back up important files regularly. Check periodically that these files have not got damaged Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions like “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (like hot-chics.avi.exe or doc.scr) If you discover an unknown process on your machine, cut off the Internet connection immediately If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored. For restoration tools visit https://www.nomoreransom.org/

Among the safeguard measures you should adopt, first and foremost, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.

Most malware exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the Wannacry attack, Microsoft had issued a patch. People who updated their computers immediately didn't get affected by it. Also, use the latest version of an OS.

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading.

One option is to use an OS that is less vulnerable, like Mac and Linux. Fewer malware are designed for these OS as fewer people use them.

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.

For more details visit https://cis-india.org/internet-governance/news/business-standard-july-5-2017-sanjay-kumar-singh-act-now-to-protect-yourself-against-future-ransomware-attacks

Accountability of ICANN

smarika — 2014-05-28T10:50:22Z

The issue of how to ensure the legitimacy and accountability of ICANN is a concern which finds voice in many of the proposals. Four broad stands can be gleaned from the submissions to NETmundial '14 on this issue.

The issue of how to ensure the legitimacy and accountability of ICANN is a concern which finds voice in many of the proposals. Generally speaking, the issue of representation, and legitimacy of ICANN members is a point which all proposals regarding ICANN accountability consider. The issue of funding also came up in several of the submissions. The Brazilian Internet Steering Committee, Joint Contribution of Civil Society from Latin America, submissions from University of Gezira in Sudan and NIC Mexico, called for increased funding for participation of stakeholders from developing countries in ICANN and other multistakeholder meetings. The Government of Austria expressed concern over dwindling funding of IGF and called for improvement of the same. In this scenario of crunched funds, submissions by Article 19 and BestBits as well as Net Coalition proposed the use of a percentage of ICANN’s gTLD revenues to fund inclusive participation in the multistakeholder process.

Apart from these concerns, submissions to NetMundial '14 also raised a myriad of different issues around the functioning of ICANN. Nevertheless, four broad stands can be gleaned from the issue of accountability of ICANN. These are as follows:

I. Submissions which suggest that oversight over ICANN should end, and ICANN accountability should be internalised.

8 submissions to the NetMundial 2014 were of the opinion that ICANN should become an independent body with no oversight exercised by any other body on it. In other words, these proposals opposed the replacement of current US government oversight on ICANN, by oversight through any other body. In such a case, accountability of ICANN was sought to be ensured through strengthening multistakeholderism and reform within the ICANN structure.

Most of these submissions came from the civil society (4) or the technical community (2); 1 from Panel on Global Internet Cooperation and Governance Mechanisms, which identifies as “other”, and 1 from the Government of France. 3 of these proposals represent a global community, 2 come from North America or USA, 1 from France, 1 from New Zealand and 1 from the Democratic Republic of Congo.

The ICANN model proposed in the submission from Internet Governance Project (IGP), from the North American civil society, found support among other contributors in this category. The proposal was based on the principle that oversight of ICANN must not be internationalised but ended. The rationale behind such proposal was that giving additional stakeholders besides the NTIA a say in IANA function and ICANN oversight will only politicise ICANN and make it a subject of possible geopolitical power struggles by governments, ultimately ignoring the interests of internet users all over the world. While calling for an end to ICANN oversight through any or all government agencies, the proposal also called for the strengthening of multistakeholderism within ICANN. This proposal was explicitly supported by InternetNZ, from the New Zealand technical community, in its proposal, as well as to quite an extent by Article 19 and BestBits, from the global civil society, in their proposal.

IGP’s submission also suggested whittling down of ICANN’s powers in order to separate management of IANA functions from ICANN’s present mandate. This is a point where the submissions in this category diverge. Submissions from IGP with Article 19 and BestBits, Association for Progressive Communications (APC) from the civil society and InternetNZ and Avri Doria, from the technical community, recommended the separation of IANA functions from the ICANN. The French Government submission, on the other hand, did not envisage separation of management IANA function from ICANN, but rather the internalisation of the former within the latter, even as proposing an independent and multistakeholder structure for ICANN with suitable accountability mechanisms for all stakeholders.

The submission from Article 19 and BestBits, in fact, suggested further narrowing of ICANN’s mandate by explicitly including a clause in its bylaws to prevent it from engaging in content regulation or conduct that could violate freedom of expression or privacy on the internet, including technical policy making involving trademarks and intellectual property. Such suggestions were made based on the fear that, if unregulated, ICANN might increasingly make its foray into public policy issues like content regulation, as happened in the .xxx controversy. Consequently, the submission from Article 19 and BestBits also suggested that ICANN’s bylaws include a provision whereby private parties can legally challenge ICANN’s actions on grounds of human rights violations before local courts or arbitration tribunals.

This approval for local dispute resolution when the submission agrees with the suitability of Californian law for ICANN incorporation is, however, likely to cause consternation amongst non-American stakeholders. While the submission is not averse to the idea of ICANN expanding its reach globally through creation of subsidiaries (preferably in western Europe), it also takes a firm stand on ICANN not moving its headquarters out of the US. The advantages of such status quo are seen in stability of current agreements with registrars etc., but the idea of ICANN being ultimately subject to Californian law and its courts is unlikely to go down well with other global stakeholders.

One concern found across board, but more explicitly in submissions of Article 19 and BestBits and Avri Doria was the strengthening of ICANN board by making it more representative and accountable through mechanisms of internal accountability like the ATRT2 Transparency and Accountability Review process. Avri Doria of USA, in her submission suggested, the improvement of accountability mechanisms in ICANN by supplementing the ATRT process with a strong appeals mechanism, as found in IETF, for accountability process and results with powers to remove officers from their roles if they do not fulfil their responsibilities. Strengthening of GAC within ICANN by making it more participatory and representative is another concern which is highlighted.

II. Submissions which suggest that oversight of ICANN should be transferred to a multilateral or intergovernmental body

A second, small category of 4 submissions argued that the oversight function of the ICANN should be transferred from the present unilateral U.S. government (NTIA) oversight, to oversight by all countries. This was suggested to counter the power imbalance exercised by one country over critical internet infrastructure, over others, by sharing oversight of ICANN with all others.

In their details, submissions in this category can be vague. While some of them envisioned transfer of ICANN control by the US Government to an intergovernmental body like the ITU, others do not specify the details of the transfer, but merely mention that ICANN oversight should be multilateral in nature. Submissions from CIPIT, part of the Kenyan academia and The Society for Knowledge Commons, civil society stakeholder covering India and Brazil, mentioned that the oversight of technical policy functions should be “multilateral” in nature, while the submission by the Government of Iran called for restructuring ICANN as an “international” organisation.

The submission by Swiss civil society organisation, Association for Proper Internet Governance, referred to the response by the Syrian representative in ITU to RFC sought by the US Department of Commerce, to bring ICANN in the aegis of ITU by signing of a MoU between the two entities, as far as technical policy decisions (eg. development of policies relating to operation of root servers and those relating to operation and administration of gTLDs and ccTLDs) are concerned. Such a proposal was found necessary in light of the non-binding advisory nature of GAC in ICANN, especially when technical policy decisions by ICANN have public policy implications. In such a scenario, the submission dubs it “strange” to relegate government to a subsidiary role within ICANN and “unusual (to say the least)” for governments to constitute a sub-committee of the board of a private company like ICANN. Consequently, the MoU between ITU and ICANN is sought to make GAC a group within ITU so as to strengthen its legitimacy and accountability.

III. Submissions which suggest that oversight of ICANN should be transferred to another body not intergovernmental in nature.

10 submissions suggested the transfer of ICANN oversight to a non-intergovernmental or multilateral body. 2 of these proposals came from governments and 1 from the Brazilian Internet Steering Committee, which identifies as “other”, 3 from the private sector, 2 from civil society and 1 from technical community and academia each. Most of these proposals come from European stakeholders (5), 1 each from Brazil and Argentina, 1 from India, 1 from Nigeria, and 1 from the global civil society group, Just Net Coalition.

Like the last category, these submissions also expressed their dissatisfaction with the unilateral US Government oversight of ICANN, but suggested replacing it with a non-multilateral body. Details of the composition of such bodies vary. Some called for replacement by a technical body, other envision a wholly newly created multistakeholder body, yet others called for signing of the present ICANN AoC with US Government, by a number of stakeholders, which would not include just governments.

One such submission came from Portuguese academic, Luis Magalhaes, which called for the signature of ICANN AoCs with all the stakeholders in internet governance, thus effectively replacing oversight by NTIA to oversight by all stakeholders. This submission also expressed concern over the incorporation of ICANN under Californian law, and suggests that ICANN should be regulated in an international law framework, though without relinquishing its control to merely governments. Submission by the private sector stakeholder Orange Group also looked to expand the AoC of ICANN to include within it, the “ICANN community and stakeholders including Governments represented through the GAC.”

Private sector stakeholder from the UK, Nominet, similarly, called for wider engagement in the ICANN AoC and ensuring wider engagement for transparency and accountability in the AoC process. It also called to end ambiguity about the legal jurisdiction for ICANN, while including and strengthening ITU and IGF in the internet governance ecosystem. Submission by private player, Data Security Council of India, while endorsing “a multistakeholder model with defined roles of relevant stakeholders” was vaguer about the model it sought for ICANN. But it called for nomination of stakeholders by Governments rather than ICANN selecting them without transparency.

The Austrian Government submission, on the other hand, was more ambiguous. It envisaged the extension of AoCs regarding ICANN and IANA while ensuring “the full participation of all stakeholders, from both developed and developing countries, within their respective roles and responsibilities.” In its submission, the Government of Argentina sought to “promote the internationalisation of ICANN through a deep revision of the current structure,” and ensure “active representation from all regions and all actors in the ICANN structure, including representatives of governments on an equal footing,” especially in the structures of ICANN Board, SSAC and GNSO.

The submission by Brazilian Internet Steering Committee similarly, looked to export oversight to entities outside of ICANN in its submission, as long as such entities are recognised as representative of the international public interest. This was suggested with the rationale to avoid a situation where the same organisation is responsible is responsible for policy making as well as its implementation. The Committee also suggested strengthening of ATRT2 process, as well as reform of GNSO and of ALAC so that the latter can have transparent processes for nomination of members, as well as participate in policy development processes in GNSO, along with increased government participation in GNSO. It was also suggested that the number of ICANN Board seats allocated by NomCom should be reduced in order to increase slots for Board members directly elected by the SOs.

Other submissions offered a more detailed view into the composition of the oversight entity recommended to replace NTIA. The submission by global civil society organisation, Just Net Coalition, for example, proposed the formation of a “Internet Technical and Advisory Board” to discharge ICANN oversight function by replacing the present NTIA oversight role. In addition, this board was recommended to advice on public policy perspectives to various technical standards bodies, and thus act as the link between public policy bodies and these standards bodies. The composition of such a board was recommended to consist of people with specialised technical expertise but also with appropriate political legitimacy, ensured via a democratic process. 10-15 members were envisaged in such a board which could include 1 member from each of the Regional Internet Registries (RIRs). 2-3 members from each of the 5 geographic regions as understood in the UN system to be selected through an appropriate process by the relevant technical standards bodies and/or country domain name bodies of all the countries of the respective region were suggested to be part of the board. It was preferred that these members would come from the top recognised technical academic bodies of each country/region, but the entire constitution of the board was left open to other suggestions in Just Net Coalition’s submission.

The technical community stakeholder, Nigeria Internet Registration Association, on the other hand, offered a rather confused proposal for the formation of a “World Internet Governance Organisation (WIGO),”envisaged as “a global organisation with equal participation of the Government, Private sector, Civil Society, Technical Community in a multi-stakeholder consensus building NET-NATIONS.” But while in the beginning the submission suggests a multistakeholder composition of WIGO, seemingly for oversight of ICANN, later the submission sparks the idea that ICANN itself should be changed to WIGO.

Global Geneva’s submission proposed to transfer ICANN oversight to a body called World Internet Forum, which, while part of the UN system, is envisioned as a multistakeholder venue for citizens globally, where constituencies are not governments. ICANN is allowed to pursue technical policy functions like gTLD management under the supervision of WIF, while not encroaching on public policy matters. IANA function is envisaged to be managed separately from the ICANN.

In many of these submissions, like those of Argentinian Government and Brazilian Internet Steering Committee emphasis was also paid on the strengthening of GAC, while taking into consideration stakeholders other than governments.

IV. Submissions which endorse globalisation and multistakeholder governance of ICANN but are vague about the specifics of such governance model

Lastly, there are submissions which call for the globalisation of ICANN and express their dissatisfaction with the U.S. Government oversight of it, while endorsing multistakeholder governance. However, these submissions are also vague about the details of such ICANN globalisation, and the structures in which it will be held accountable. 4 such submissions emerge from governments (Spain, Norway, Mexico and the European Commission), 6 from the private sector, 2 from the technical community, and 2 from the civil society. Europe leads in this category of proposals with 6 of these proposals emerging from there, 2 from Latin America and Mexico each (4 altogether), 1 from Kuwait, 1 from Japan, 1 from the NRO (identifying itself from Mauritius) and 1 from the global GSM Association of mobile operators.

A list of these submissions is provided below.

Sl.No.	Proposal No.	Name of Proposal	Organisation	Sector	Region	Link
	46	Norwegian Contribution to the Sao Paulo Meeting	Norwegian government	Government	Norway, Europe	http://content.netmundial.br/contribution/norwegian-government/137
	50	Contribution from the GSM Association to the Global Multistakeholder Meeting on the Future of Internet Governance	GSMA	Private Sector	Global	http://content.netmundial.br/contribution/contribution-from-the-gsm-association-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/141
	51	Contribution of Telefonica to NETmundial	Telefonica, S.A.	Private Sector	Spain	http://content.netmundial.br/contribution/contribution-of-telefonica-to-netmundial/143
	56	ETNO Contribution to NETmundial	ETNO [European Telecommunications Network Operators' Association]	Private Sector	Belgium	http://content.netmundial.br/contribution/etno-contribution-to-netmundial/148
	64	Submission by AHCIET to the Global Multistakeholder Meeting on the Future of Internet Governance. NETmundial	AHCIET	Private Sector	Latin America	http://content.netmundial.br/contribution/submission-by-ahciet-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance-netmundial/157
	70	Spanish Government Contribution to the Global Multi-stakeholder Meeting on the Future of Internet Governance	Ministry of Industry, Energy and Tourism, Spain	Government	Spain	http://content.netmundial.br/contribution/multistakeholder-human-rights-stability-gac/165
	80	Roadmap for the Further Evolution of the Internet Governance Ecosystem	European Commission	Government	Europe	http://content.netmundial.br/contribution/roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/177
10.	106	Submission on Internet Governance Principles and Roadmap for the Further Evolution of the Internet Governance Ecosystem	Kuwait Information Technology Society	Civil Society	Kuwait	http://content.netmundial.br/contribution/kuwait-information-technology-society-kits-submission-on-internet-governance-principles-and-roadmap-for-the-further-evolution-of-the-internet-governance-ecosystem/214
	111	Content Submission by the Federal Government of Mexico	Secretara de Comunicaciones y Transportes, Mexico	Government	Mexico	http://content.netmundial.br/contribution/content-submission-by-the-federal-government-of-mexico/219
10.	114	Better Understanding and Co-operation for Internet Governance Principles and Its Roadmap	Japan Internet Service Providers Association	Private Sector	Japan	http://content.netmundial.br/contribution/better-understanding-cooperation-for-internet-governance-principles-its-roadmap/222
11.	116	Deutsche Telekom’s Contribution for to the Global Multistakeholder Meeting on the Future of Internet Governance	Deutsche Telekom AG	Private Sector	Germany/Europe	http://content.netmundial.br/contribution/deutsche-telekom-s-contribution-for-to-the-global-multistakeholder-meeting-on-the-future-of-internet-governance/225
12.	135	Joint Contributions of Civil Society Organisations from Latin America to NetMundial	Group of individuals and Civil Society Organizations from Latin America	Civil Society	Latin America	http://content.netmundial.br/contribution/joint-contributions-of-civil-society-organizations-from-latin-america-to-netmundial/251
13.	143	NRO Contribution to NETmundial	NRO (for AFRINIC, APNIC, ARIN, LACNIC, RIPE-NCC)	Technical Community	Mauritius	http://content.netmundial.br/contribution/nro-contribution-to-netmundial/259
14.	183	NETmundial Content Submission- endorsed by NIC Mexico	NIC Mexico	Technical Community	Mexico	http://content.netmundial.br/contribution/netmundial-content-submission-endorsed-by-nic-mexico/302

***

A previous version of this post performed preliminary analysis of the NETmundial submissions. It may be found here.

For more details visit https://cis-india.org/internet-governance/blog/accountability-of-icann