Centre for Internet and Society

'Aadhaar' Of Your Existence Or Card Of Controversy?

praskrishna — 2017-05-20T12:24:20Z

recent report estimates that details of 13 crore Aadhaar card holders have been leaked from four government websites. These include bank account details, income levels, addresses, even caste and religion details.

This was telecasted by NDTV on May 3, 2017. Amber Sinha was a panelist.

As the Supreme Court questioned the government about this, the centre admitted for the first time that the leaks had taken place but passed the onus on to state governments. It also argued that no technology was a 100 per cent foolproof but that couldn't be the basis for a constitutional challenge. Those who have petitioned against making Aadhar mandatory for filing income tax say no other democratic country has such a requirement and allege that it shows the sinisterness of the government.

Video

For more details visit https://cis-india.org/internet-governance/news/ndtv-may-3-2017-aadhaar-of-your-existence-or-card-of-controversy

#NetNeutrality, Data Protection Laws among topics at ITechLaw Conference

praskrishna — 2016-01-30T09:21:20Z

The who’s-who of the technology law sector convened at the ITechLaw India International Conference held from January 27-29 in Bangalore.

The last three days saw panel discussions being held on a varied set of topics related to technology law. The debates were led by a number of Indian and international legal professionals from law firms, companies and policy houses.

On Day 2, some of the panel discussions included Commercialization of Data, Aggregator Model – Licensing and Regulatory Issues Faced by Shared Economy Models, Digital Underworld, and Legal Challenges faced in New Media and Entertainment, among others.

The speakers present at these sessions included lawyers like Talha Salaria, Founder of Lawyers at Work; JSA Partner Sajai Singh; Trilegal Partner Rahul Matthan; MCM Law Partner Samuel Mani, apart from a host of In-House counsel from Intel, Amazon, IBM, Cognizant et al.

The highlight of Day 3 was a debate on Net Neutrality; Deepali Liberhan from Facebook, Pranesh Prakash from Centre for Internet and Society and Rohan George from Samvad Partners were among the panelists.

For more info, click here.

For more details visit https://cis-india.org/internet-governance/news/netneutrality-data-protection-laws-among-topics-at-itechlaw-conference

#NAMAprivacy: The economics and business models of IoT and other issues

Admin — 2017-11-08T02:09:51Z

On 5th October, MediaNama held a #NAMAprivacy conference in Bangalore focused on Privacy in the context of Artificial Intelligence, Internet of Things (IoT) and the issue of consent, supported by Google, Amazon, Mozilla, ISOC, E2E Networks and Info Edge, with community partners HasGeek and Takshashila Institution.

Link to the original published by Medianama on October 18, 2017 here

Part 1 of the notes from the discussion on IoT are here. Part 2:

The session on IoT shifted gears and the participants spoke more about the economics and business IoT. Participants expressed concern that data could be linked to very private aspects of their lives and build business models around them. For example, data from fitness trackers can be linked to a user’s insurance premiums. Or sensors on a car that monitors a user’s driving behavior and link motor insurance.

“I work for Zoomcar, and these are devices which our lives depend and are collecting and reporting data. And that data can be used against you. So it is very hard to know what is fair and what is unfair. Someone mentioned insurance, I feel it is useful to collect a lot of data and decide on insurance based on your driving behaviour and we have had markers for that. But is it fair to the user? The same kind of questions crops up elsewhere like in the US when it comes to healthcare,” Vinayak Hegde said.

An audience member pointed out to that in such a scenario, privacy can help businesses rather than inhibit them and cited a research study in UC Berkely. “If I use a health tracking device, some of those devices can be valuable for health insurance companies and using that data, they might increase the premiums. But I don’t know actually who might sell my data to someone,” he explained.

“Because I don’t know which tracking devices sell my data, I would like not to own the devices itself. So that itself harms the entire health tracker industry itself. He (the researcher) defines privacy as contextual integrity. So a health tracking device is supposed to help me track my health and not supposed to be used by insurance people to determine my premium. If the regulation mandates the contextual integrity of that, it helps that particular industry to avoid those feedback loops,” he explained.

Are fitness trackers in the hardware or services business?

Kiran Jonnalagadda of HasGeek added to the point on fitness trackers. He said that all of IoT is not in the business of hardware and that they are in the services business. “I had an unusual experience for the past one week, I was out in an area with no Internet connection. But I have two fitness trackers. I bought them mostly because I’m curious about how these companies operate and what they’re doing. And the differences between them are the way they think about things. Now both of these are capable of counting steps without an Internet connection…. But they cannot do anything to show the step count on my phone which it connects to until the data is sent to the Internet and brought back. So my phone would keep telling me that I am not moving and tell me the move but the watch is saying that I am doing 20,000 steps a day and that I am trekking a lot,” he explained.

“For whatever reason, these companies have decided to operate in this manner where validation of data happens on the cloud and not on the device. You only get the most rudimentary data from your device and your phone is just a conduit and not a processing centre at all,” Jonnalagadda said.

He explained both the devices were in the device sales business and has not asked money from them for enabling this sort of Internet-based processing of data. “It calls into question, what is the model here. One could bring the conspiracy theory that they’re selling my data and therefore they don’t worry about collecting data from me. The second is to say: be a little bit more charitable and they recognize that if they piss me off, I won’t buy their device again. And then just assume that a device has a lifetime of just 2-3 years and if you keep a person happy for 2-3 years, they will buy the device from you again. What’s interesting is ultimately not about devices and that it is about services. And this is what I want to say about IoT that it is not about hardware at all it is entirely about services. Without services, the entire business model of IoT breaks down. You do not get software updates, you get vulnerabilities, you get broken design, things have stopped working and no one supports you.”

The economics of processing data locally on a device

Thejesh GN, co-founder of DataMeet, questioned the need for data to be processed on the Internet and asked whether the data will be better protected and have better privacy if it were processed locally. “Considering the fact that we have such powerful phones which are affordable, and can do a lot of things without the Internet. I mean the biggest concept we had in IoT was that we didn’t have CPU or memory and processing power. Given that and the availability of EDGE devices, how long will we have economic cases where privacy can be sold as part of IoT. The processing happens 99% of the times locally without Internet and requires the Internet only when there is messaging. This could be true for your fitness trackers that can be connected to your phone. Your phone has all the capabilities to do all the analysis and doesn’t need to go to the server,” he said.

Pranesh Prakash of the CIS countered him and said that the economics for processing data works out cheaper for the companies.

“One on local processing, this I think is a perennial problem and it really is a question of economics versus principles. Free software is losing out the battle against using other people’s computers for computing—cloud computing—because of economics. So, you no longer own the software that you purchase and even the hardware, very often, with IOT might not actually be yours. It might come with a license, it might come with data that is tied to the company that is actually providing you the device. So the economics of this are for me clear: it’s much cheaper to do it on other computers than to do it locally,” Prakash explained.

He made a case for asserting for individual user’s rights to privacy in this kind of scenario. “It is a question of principles. Should we allow for that or should we assert for consumer protection laws and assert other manners of laws to say that ‘no, people who are purchasing devices’ ought to have greater control of the devices and the data that they produce,” he added.

Group privacy

The audience also suggested that privacy laws should not just look at protecting the rights of individuals but should look at protecting the rights of groups as well. They raised concerns that even in a group and if the data has been anonymized, it still can be weaponized and cause harms.

“For example, if there are 10-15 of us in this room and given our detailed medical histories, I can find a correlation between some of that. And then I can use that data in some other form when I run a test to see if I am vulnerable to something or use it as a way to discriminate further down the line. As a group, privacy matters a lot because when we talk about devices, we are talking about individuals. Maybe you can target via ethnicity or by age or by class and that can also be weaponized,” an audience member suggested.

Vinayak Hegde gave an example of how weather data captured by IoT can cause harms to a society at large. “If I’m using the weather sensor data and because of global warming, some places like Florida and south of India are going to be extremely hot, I can use surge pricing for a person’s electricity. Again I am not getting targeted as an individual, but as a group, I am being targeted. And sensors are closing that loop really fast.” he explained.

Srinivas P, head of security at Infosys, gave another example where gyroscopes in a phone could target a family. “Some companies in the US use gyroscope in a phone to surreptitiously monitor TV viewing habits. The mobile phone gets activated and over a period of time, they can tweak the advertisements. It is an interesting example, because in TV, when you watch at home, you cannot pinpoint TV a user, because it is shared by a family. This is because the guy who is watching the maximum amount of TV, their data gets circulated and the ads will be tailored to them. The person who does not watch that much amount of TV gets baffled to see advertisements that are not relevant to them. So when you want to process data, you want to assume that, this TV belongs to a user. The TV belongs to a group. And what if the viewing habits are so different, that once your privacy is violated, you don’t want your other family member to know what you are watching,” he added.

Perception of permissions for sensors

Rohini Lakshane of CIS raised an important point during the discussion. The users have different perceptions about the sensors that are embedded in smartphones. She pointed out that users are generally unaware that accelerometers are sensors and capture data and most apps do not ask permissions for the same. An accelerometer is a device used to measure acceleration forces. It is usually used in devices to measure movement and vibrations in devices such as fitness trackers.

“A researcher surveyed a control group and asked them if their GPS data was taken and their camera was made accessible, whether they would be comfortable with it? They were hugely uncomfortable. The question came to the accelerometer on the phone and the respondents said that ‘we are not all that afraid’. The accelerometer only counts the acceleration. So in that app which counts how many steps we have taken in a day, it uses the accelerometer and there is no permission required for it. The accelerometer is still on the phone and is still generating the data and you don’t see it because you don’t have an interface directly with it,” she commented.

#NAMAprivacy Bangalore:

Will artificial Intelligence and Machine Learning kill privacy? [read]
Regulating Artificial Intelligence algorithms [read]
Data standards for IoT and home automation systems [read]
The economics and business models of IoT and other issues [read]

#NAMAprivacy Delhi:

Blockchains and the role of differential privacy [read]
Setting up purpose limitation for data collected by companies [read]
The role of app ecosystems and nature of permissions in data collection [read]
Rights-based approach vs rules-based approach to data collection [read]
Data colonisation and regulating cross border data flows [read]
Challenges with consent; the Right to Privacy judgment [read]
Consent and the need for a data protection regulator [read]
Making consent work in India [read]

For more details visit https://cis-india.org/internet-governance/news/medianama-october-18-2017-namaprivacy-economics-and-business-models-of-iot

#NAMAprivacy: Data standards for IoT and home automation systems

Admin — 2017-11-08T02:15:52Z

Link to the original published by Medianama on October 18 here

The second session of the #NAMAprivacy in Bangalore dealt with the data privacy in the Internet of Things (IoT) framework. All three panelists for the session – Kiran Jonnalagadda from HasGeek, Vinayak Hegde, a big data consultant working with ZoomCar and Rohini Lakshane a policy researcher from CIS – said that they were scared about the spread of IoT at the moment. This led to a discussion on the standards which will apply to IoT, still nascent at this stage, and how it could include privacy as well.

Hedge, a volunteer with the Internet Engineering Task Force (IETF) which was instrumental in developing internet protocols and standards such as DNS, TCP/IP and HTTP, said that IETF took a political stand recently when it came to privacy. “One of the discussions in the IETF was whether security is really important? For a long time, the pendulum swung the other way and said that it’s important and that it’s not big enough a trade-off until the bomb dropped with the Snowden revelations. The IETF has always avoided taking any political stance. But for the first time, they did take a political position and they published a request for comments which said: “Pervasive monitoring is an attack on the Internet” and that has become a guiding standard for developing the standards,” he explained.

He added that this led the development of new standards which took privacy into consideration by default.

“The repercussions has been pervasive across all the layers of the stack whether it is DNS and the development of DNS Sec. The next version of HTTP, does not actually mandate encryption but if you look at all the implementation on the browser side, all of them without exception have incorporated encryption,” he added.

Rohini added that discussion around the upcoming 5G standard, where large-scale IoT will be deployed, also included increased emphasis on privacy. “It is essentially a lot of devices connected to the Internet and talking to each other and the user. The standards for security and privacy for 5G are being built and some of them are in the process of discussion. Different standard-setting bodies have been working on them and there is a race of sorts for setting them up by stakeholders, technology companies, etc to get their tech into the standard,” she said.

“The good thing about those is that they will have time to get security and privacy. Here, I would like to mention RERUM which is formed from a mix of letters which stands for Reliable, Resilient, and Secure IoT for smart cities being piloted in the EU. It essentially believes that security should include reliability and privacy by design. This pilot project was thought to allow IoT applications to consider security and privacy mechanisms early in the design, so that they could balance reliability. Because once a standard is out or a mechanism is out, and you implement something as large as a smart city, it is very difficult to retrofit these considerations,” she explained.

Privacy issues in home automation and IoT

Rohini pointed out a report which illustrates the staggering amount of data collection which will be generated by home automation. “I was looking for figures, and I found an FTC report published in 2015 where one IoT company revealed in a workshop that it provides home automation to less than 10,000 households but all of them put together account for 150 million data points per day. So that’s one data point for every six seconds per household. So this is IoT for home automation and there is IoT for health and fitness, medical devices, IoT for personal safety, public transport, environment, connected cars, etc.”

In this sort of situation, the data collected could be used for harms that users did not account for.

“I received some data a couple of years back and the data was from a water flowmeter. It was fitted to a villa in Hoskote and the idea was simple where you could measure the water consumption in the villa and track the consumption. So when I received the data, I figured out by just looking at the water consumption, you can see how many people are in the house, when they get up at night, when they go out, when they are out of station. All of this data can be misused. Data is collected specifically for water consumption and find if there are any leakages in the house. But it could be used for other purposes,” Arvind P from Devopedia said.

Pranesh Prakash, policy director at Centre for Internet and Society (CIS), also provided an example of a Twitter handle called “should I be robbed now” where it correlates a user’s vacation pictures says that they could be robbed. “What we need to remember is that a lot of correlation analysis is not just about the analysis but it is also about the use and misuse of it. A lot of that use and misuse is non-transparent. Not a single company tells you how they use your data, but do take rights on taking your data,” he added.

Vinayak Hedge also added that the governments are using similar methods of data tracking to catch bitcoin miners in China and Venezuela from smart meters.

“In China, there are all these bitcoin miners. I was reading this story in Venezuela, where bitcoin mining is outlawed. The way they’re catching these bitcoin miners is by looking at their electricity consumption. Bitcoin mining uses a huge amount of power and computing capacity. And people have come out with ingenious ways of getting around it. They will draw power from their neighbours or maybe from an industrial setting. This could be a good example for a privacy-infringing activity.”

Pseudonymization

Srinivas P, head of security at Infosys, pointed out that a possible solution to provide privacy in home automation systems could be the concept of pseudonymity. Pseudonymization is a procedure by which the most identifying fields within a data record are replaced by one or more artificial identifiers or pseudonyms.

“There are a number of home automation systems which are similar to NEST, which is extensively used in Silicon Valley homes, that connect to various systems. For example, when you are approaching home, it will know when to switch on your heating system or AC based on the weather. And it also has information on who stays in the house and what room and what time they sleep. And in a the car, it gives a full real-time profile about the situation at home. It can be a threat if it is hacked. This is a very common threat that is being talked about and how to introduce pseudo-anonymity. When we use these identifiers, and when the connectivity happens, how do we do so that the name and user are not there? Pseudonymity can be introduced so that it becomes difficult for the hacker to decipher who this guy is,” Srinivas added.

Ambient data collection

With IoT, it has never been able to capture ambient data. Ambient data is information that lies in areas not generally accessible to the user. An example for this is how users get traffic data from Internet companies. Kiran Jonnalagadda explained how this works:

“When you look at traffic data on a street map, where is that data coming from? It’s not coming from the fact that there is an app on the phone constantly transmitting data from the phone. It’s coming from the fact that cell phone towers record who is coming to them and you know if the cell phone tower is facing the road, and it has so many connections on it, you know that traffic is at a certain level in that area. Now as a user of the map, you are talking to a company which produces this map and it is not a telecom company. Someone who is using a phone is only dealing with a telecom company and how does this data transfer happen and how much user data is being passed on to the last mile user who is actually holding the phone.”

Jonnalagadda stressed on the need for people to ask who is aggregating this ambient data.

“Now obviously, when you look at the map, you don’t get to see, who is around you. And that would be a clear privacy violation and you only get to see the fact that traffic is at a certain level of density around the street around you. But at what point is the aggregation of data happening from an individually identifiable phone to just a red line or a green line indicating the traffic in an area. We also need to ask who is doing this aggregation. Is it happening on the telecom level? Is it happening on the map person level and what kind of algorithms are required that a particular phone on a cell phone network represents a moving vehicle or a pedestrian? Can a cell phone company do that or does a map company do that? If you start digging and see at what point is your data being anonymized and who is responsible for anonmyzing it and you think that this is the entity that is supposed to be doing it, we start realizing that it is a lot more complicated and a lot more pervasive than we thought it would be,” he said.

#NAMAprivacy Bangalore:

Will artificial Intelligence and Machine Learning kill privacy? [read]
Regulating Artificial Intelligence algorithms [read]
Data standards for IoT and home automation systems [read]
The economics and business models of IoT and other issues [read]

#NAMAprivacy Delhi:

Blockchains and the role of differential privacy [read]
Setting up purpose limitation for data collected by companies [read]
The role of app ecosystems and nature of permissions in data collection [read]
Rights-based approach vs rules-based approach to data collection [read]
Data colonisation and regulating cross border data flows [read]
Challenges with consent; the Right to Privacy judgment [read]
Consent and the need for a data protection regulator [read]
Making consent work in India [read]

For more details visit https://cis-india.org/internet-governance/news/medianama-october-18-2017-namaprivacy-data-standards-for-iot

#NAMAprivacy: Data Protection Authority's regulatory and enforcement challenges

Admin — 2018-09-14T12:26:16Z

This is the second post in our series covering our events in Delhi and Bangalore on India’s Data Protection Law.

The blog post by Rana was published in Medianama on September 9, 2018. Amber Sinha was quoted.

“The Data Protection Authority of India, as it stands, performs legislative, executive and judicial functions. It’s not a bad thing,” said Alok Prasanna Kumar, Senior Resident Fellow at the Vidhi Centre for Legal Policy at the #NAMAprivacy discussion on the data protection bill in Bangalore last week. “But unlike other regulators, the DPA’s ambit is vast. It could potentially deal with every kind of company. So, there’s no way one entity could do this in regards to efficacy and no single entity should do it either.”

That was one of the many challenges that our panelists have suggested that the regulator may face when it is established. Panelists, however, were largely unsure on how the proposed regulator will impact consumers or businesses, given that the most regulations are yet to be defined in the Personal Data Protection Bill, 2018. To this extent, Renuka Sane, Associate Professor at the National Institute of Public Finance and Policy (NIPFP) said, “On most questions about this law, I would have one answer, that it is too early to say anything. We will have to wait and see how it will evolve.”

To reiterate, the draft bill, 2018 proposed establishing a regulatory body that will implement and oversee the data protection law in the country; the Data Protection Authority of India (DPA). The regulatory body will be empowered to impose penalties on data fiduciaries, accept complaints from data principals, prevent misuse of personal data, determine if the data protection law has been violated, and promote awareness of data protection. The authority will consist of six whole-time members and a chairperson, to be appointed by the central government, based on the recommendations of a selection committee that includes the Chief Justice of India (CJI), the Cabinet secretary and one CJI nominated expert.

The following are some of the key points made in both, Delhi and Bengaluru. Please note that these points are not necessarily listed in the order they were made and are not verbatim excerpts of the speakers’ remarks. We’ve edited them for brevity.

Regulatory and Enforcement by the DPA

Tasks to be undertaken: There are four main functions that the DPA has to undertake at some point of time –
1. The DPA will have to issues licenses to some players
2. It will have to come up with regulations as there are several places in the Act (Bill) that will be determined by regulations,
3. It will have come up with some sort of monitoring mechanism to gauge if you are abiding by the regulations are not and iv. It will have to determine violations and undertake enforcement actions. (Renuka Sane)

To increase transparency and credibility: Regulators have to demonstrate what is the problem that they are trying to solve before passing a regulation. Is the solution they are opting for, the most appropriate way of solving the problem? Have they considered all the available alternative solutions? They need to hold public consultations on all these issues in a transparent manner. Unless all these things are embedded in the law, we are not going to make much progress on the DPA. (Renuka Sane)

Regulatory balance: The regulators in India need to merge the two sides of responsive theory – compliance theory, where we put a lot of faith in businesses to self-regulate and comply with processes, with dissonance theory, where we have punishments, fines and criminal enforcement for noncompliance. (Amber Sinha, Senior Programme Manager at Centre for Internet and Society (CIS))If a DPA were to come in today and regulate everybody who is dealing with personal data at a significant level, there are more than 600 million entities that they have to regulate. (Beni Chugh, Dvara)

Accountability: When you create an extremely powerful agency like the DPA, you will have to put in place a system of regulatory governance, where the DPA is held accountable for its actions or else you will exhaustipate the asymmetry of power between the regulator and the regulated. (Renuka Sane)

One big feature, which has become a standard practice across regulators, that is missing in the DRA is a reporting board structure, where you are internally accountable to the management board and externally, you are accountable through self-reporting mechanisms. The functioning of the Chairperson is not defined well enough for us to see if there is enough internal accountability at the organisation. The internal governance of the regulatory body is what can improve the outcomes of the regulations. (Beni Chugh).

Penalties for violation of privacy laws

Criminal penalties: According to me, the threshold for a criminal offence is low in this bill. If the law were to be implemented today, a vast majority of the businesses would be criminally charged. There are three provision in the bill that deal with criminal penalties, they essentially deal with data processors breaching individual rights in a reckless or in a grossly negligent fashion. There are legal standards on how to construed ‘reckless’ behavior, particularly from the domain of tort law. However, what will trigger an enforcement action is still kind of open to speculation because the language of the bill open to interpretation. (Amber Sinha, CIS)

The bill enables the Data Protection Authorities to impose penalties of up to Rs 15 crores or 4% of the annual global turnover, whichever is higher, for violating privacy laws.

Penalties for govt authorities: Even if you levy a heavy fine on a government authority for breaching any laws, it’s you and I who will be paying for their fault, because its ultimately going from the Budget. I think that’s where the criminal offense part of it becomes important. You can hold people personally liable. (Beni Chugh)An individual liability on a government official or secretary may be the way to go and I find that the bill has that provision In (Bill) 96 (3). (a member of the audience)I think that there are several exceptions given to the state and perhaps that will make it more difficult to define whether there has been a violation by the state. (Renuka Sane)

Impact on consumers and businesses

Onerous task for consumers: The problem with the bill is that it assumes a lot of active understanding of the law. For a consumer to file a grievance, she has to say that there was a violation and it is likely to (or) has caused her harm. But, since harm is not well defined, how are you going to file a grievance? (Beni Chugh)
Uncertainty over regulations: I’m uncertain about the impact the bill would have on businesses because many of the obligations that one needs to abide by, are not well defined. (Beni Chugh)
Bill will become less ambiguous once the DRA creates regulations. (Renuka Sane)

Other notes

One thing that the bill does fairly well is defining the obligations of a data processor. (Amber Sinha)
There are certain discrepancies which exist between the approach that the report seems to espouse and what is actually reflected in the Bill. (Amber Sinha)
On most questions about this law, I would have one answer that it is too early to say and we will see how it will evolve. (Renuka Sane)
There are various metrics based on which you can define if the DRA is an independent organisation. Based on few of them, it could be independent, but based on others, it could not be. (Renuka Sane)
I think that there are several exceptions given to the state and perhaps that will make it more difficult to define whether there has been a violation by the state. (Renuka Sane)
I predict that the DPA will treat NPCI as any other fiduciary, even if the data it processes will be marked as critical. (Manasa Venkataraman, Associate Fellow, The Takshashila Institution)
In the EU, they have had the luxury of spending 10 years (on GDPR) because they already had a data protection law. But for us, we never had one, this is the first one. So, in that sense, it is definitely much more urgent for us. We have to get it right, we can’t rush it but there is much greater urgency in our jurisdiction. (Amber Sinha)

For more details visit https://cis-india.org/internet-governance/news/medianama-rana-september-9-2018-namaprivacy-data-protection-authoritys-regulatory-and-enforcement-challenges

#NAMApolicy on Online Content Regulation

Admin — 2018-05-05T01:52:21Z

Swaraj Barooah attended the #NAMApolicy on Online Content Regulation organized by Media Nama at India Habitat Centre in New Delhi on May 3, 2018.

Agenda

01:30 p.m. - 03:00 p.m.: Panel #1 & Open House - News

03:00 p.m. - 03:15 p.m.: Tea break

03:15 p.m. - 04:45 p.m.: Panel #2 & Open House - Entertainment

04:45 p.m. - 05:15 p.m.: Remaining issues

05:15 p.m. - 06:00 p.m.: High-tea

01:30 p.m. - 03:00 p.m.: Panel #1 & Open House - News03:00 p.m. - 03:15 p.m.: Tea break03:15 p.m. - 04:45 p.m.: Panel #2 & Open House - Entertainment
04:45 p.m. - 05:15 p.m.: Remaining issues
05:15 p.m. - 06:00 p.m.: High-tea

For more details visit https://cis-india.org/internet-governance/news/namapolicy-on-online-content-regulation

"Whatever happened to Privacy?" - International Activism Conference

praskrishna — 2014-02-03T05:56:27Z

Maria Xynou gave a keynote speech and participated as a panelist on the "Suspect Societies" panel. The event was organized by Heinrich Boell Foundation in Berlin on December 5 and 6, 2013.

"Whatever happened to privacy" brought together international activists on focal topics and combined bar camp style work sessions and political round tables with a classic public event, It focussed on an issue which has far reaching consequences for politically active people across the world - the issue of privacy and surveillance. The revelations around the NSA and GCHQ as well as other countries secret service digital surveillance activities have spurred political debate. This debate was intensified at "Whatever happened to Privacy?" formulating political demands, developing action strategies and debating questions such as:

What cultural and political value does privacy have today?
What are the societal implications of the wide spread "I have nothing to hide" attitude?
What political actions are necessary to protect citizens from mass surveillance and what tools exist for people to secure their communications, movements and lives?

For video and more info, click here

For more details visit https://cis-india.org/news/whatever-happened-to-privacy

"Privacy matters"

praskrishna — 2011-04-04T07:20:22Z

Privacy India invites individuals to attend the second "Privacy matters" conference, a one-day event on the 5th February 2011 at the TERI Southern Regional Centre, Bangalore. Privacy India, Society in Action Group, and the Centre for Internet & Society have joined hands to organize the event.

The “Privacy matters” conference will focus on discussing the challenges to privacy that India is currently facing. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, e.g., the TRAI Act for telephony or RBI guidelines for banking, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. This lack of uniformity has led to ironically imbalanced results. In India today one has a stronger right to privacy over telephone records than over one’s own medical records. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. – people who most need to know that sensitive information is protected.

The emergence of information and communications technologies over the past two decades has radically transformed the speed and costs of access to information. However, this enhanced climate of access to information has been a mixed blessing. Whilst augmenting our access to knowledge, this new networked information economy has also now made it much easier, quicker, and cheaper to gain access to intimate personal information about individuals than ever before. As people expose more and more of their lives to others through the use of social networks, reliance on mobile phones, global trade, etc., there has emerged a heightened risk of privacy violations in India. As privacy continues to be a growing concern for individuals, nations, and the international community, it is critical that India understands and addresses the questions, challenges, implications and dilemmas that violations of privacy pose.

Who We Are

Privacy India was set up in collaboration with The Centre for Internet and Society (CIS), Bangalore and Society in Action Group (SAG), under the auspices of the international organization ‘Privacy International.’ Privacy International is a non-profit group that provides assistance to civil society groups, governments, international and regional bodies, the media and the public in a number of countries (see www.privacyinternational.org). Its Advisory Board is made up of distinguished intellectuals, academicians, thinkers and activists such as Noam Chomsky, the late Harold Pinter, and others, and it has collaborated with organizations such as the American Civil Liberties Union (ACLU).

'Privacy Matters' conference agenda

February 5th, 2011 --- 10:30 am - 4:30pm

TERI Southern Regional Centre

4th Main, Domlur II Stage
Bangalore - 560 071

Time	Item
10:30 -10:45	Welcome Address Who is PI and what are our objectives Why is privacy important in India Prashant Iyengar (Lead Researcher at Privacy India)
10:45-11:15	Keynote: Ashish Rajadhyaksha (Senior Fellow, Centre for the Study of Culture & Society)
11:15-11:30	Tea Break
11:30 –12:30	Session I: Privacy and Open Government Data Property Rights, Privacy, and Open Government Data: Zainab Bawa (CIS-RAW Fellow)
12:30 – 1:30	Session II: Privacy Rights and Minorities Privacy Rights of Sexualality Minorities: Arvind Narrain (Alternative Law Forum) Now you see her, now you don’t - Issues of sex workers and questions around privacy: Shubha Chacko (Sangama) The UID and Refugees: Sahana Basavapatna
1:30 – 2:30	Lunch
2:30 – 3:00	Session III: Identity and Privacy Malavika Jarayam (Jayaram & Jayaram) Hamish Fraser (Partner at Truman Hoyle, Sydney Australia) Michael Whitener (Principal and co-founder of VistaLaw International LLC)
3:00-3:30	Session IV: Privacy and the Media/Social Networking Privacy and Social Networking: Ujjvala Ballal (Inclusive Planet) Privacy Issues in Social Networking Websites: Gagan K. (NLSIU law student)
3:30 – 3:45	Tea break
3:45 – 4:30	Session V: Open discussion and opinion sharing

RSVP:

prashant@privacyindia.org
elonnai@privacyindia.org

Download the poster here

VIDEOS

For more details visit https://cis-india.org/events/privacy-conferencefeb5

"Decoding the Digital"- Winter School at IIIT Bangalore

praskrishna — 2016-12-17T01:39:20Z

The Centre for IT and Public Policy at IIIT Bangalore organized a winter school from December 12 to 14, 2016 at the IIIT campus on Decoding the Digital, where the theme for the same was Smart Cities and Social Media. Vanya Rakesh participated in it.

The event involved lectures, interactive discussions, film screenings and group activities on topics ranging from smart communities, smart phones, intelligent transportation, big data, privacy, surveillance, etc. For more inflo, click here

For more details visit https://cis-india.org/internet-governance/news/decoding-the-digital-winter-school-at-iiit-bangalore

"ಕನ್ನಡ ಮತ್ತು ತಂತ್ರಜ್ಞಾನದ ಜೊತೆ ಜೊತೆಗೆ..."

praskrishna — 2012-01-16T03:59:59Z

ನಾನು ಏನಾದರು ಮಾಡಬೇಕು ಎಂದುಕೊಂಡರೆ ಸಾಲದು, ಬನ್ನಿ, ಕಾರ್ಯೋನ್ಮುಖರಾಗಿ...

ಮೊದಲ ಹೆಜ್ಜೆ

ಕನ್ನಡ ಮತ್ತು ತಂತ್ರಜ್ಞಾನದ ಬೆಳವಣಿಗೆಯಲ್ಲಿ ಪಾಲ್ಗೊಳ್ಳುವ ಆಸೆಯೇ?

ಪ್ರತಿಯೊಬ್ಬ ಕನ್ನಡಿಗನಲ್ಲೂ ಕನ್ನಡಕ್ಕೆ ದುಡಿಯುವ ಬಲವಾದ ಆಸೆಯಿರುತ್ತದೆ. ಅಕ್ಷರ ಕಲಿಯುವ ದೆಸೆಯಿಂದ ಹಿಡಿದು, ದುಡಿದು ದೊಡ್ಡವನಾಗುವವರೆಗೂ ಹೇಗೆ ತನ್ನ ಆಸೆಯನ್ನು ಈಡೇರಿಸಿಕೊಳ್ಳುವುದೆಂಬ ಪ್ರಶ್ನೆ ಮನಸ್ಸಿನಲ್ಲಿ ಸುಳಿಯುತ್ತಲೇ ಇರುತ್ತದೆ. ಮಾಹಿತಿ ತಂತ್ರಜ್ಞಾನದ ಕ್ಷೇತ್ರದಲ್ಲಂತೂ, ಅದನ್ನು ಬಳಸುವ ಸಾಮಾನ್ಯನಿಂದ ಹಿಡಿದು, ತಂತ್ರಜ್ಞಾನದ ಜೊತೆಗೇ ದಿನದೂಡುವ ತಂತ್ರಜ್ಞನವರೆಗೂ ಎಲ್ಲರಿಗೂ ಕನ್ನಡ ಬಳಸುವ ಮತ್ತು ಬೆಳೆಸುವ ಆಸೆ ಖಂಡಿತ ಇರುತ್ತದೆ. ಅಂತಹ ಆಸೆಗಳನ್ನು ಮತ್ತೆ ಚಿಗುರಿಸಿ, ಮಾಹಿತಿ ತಂತ್ರಜ್ಞಾನದ ಬಳಕೆದಾರನ ದಿನನಿತ್ಯದ ಪ್ರಶ್ನೆಗಳನ್ನು ಉತ್ತರಿಸುತ್ತಾ, ಕನ್ನಡದ ತಾಂತ್ರಿಕ ಬೆಳವಣಿಗೆಗೆ ನಾಂದಿಯಾಗಲು ನಾವು ಇಡಬೇಕಾದ ‘ಹೆಜ್ಜೆಗಳು” ಅನೇಕ.

ದೈನಂದಿನ ಬದುಕಿನಲ್ಲಿ ತಂತ್ರಜ್ಞಾನದ ಮುಖೇನ ಕನ್ನಡದಲ್ಲೇ ವ್ಯವಹರಿಸಬಹುದೇ? ಕನ್ನಡದ ತಾಂತ್ರಿಕ ಬೆಳವಣಿಗೆ ಹೇಗೆ ಸಾಧ್ಯ? ಅದರಲ್ಲಿ ತಮ್ಮನ್ನು ತಾವು ತೊಡಗಿಸಿಕೊಳ್ಳುವ ಬಗೆ ಹೇಗೆ? ಕನ್ನಡ ಭಾಷಾ ತಂತ್ರಜ್ಞಾನ ಬೆಳವಣಿಗೆಯ ತೊಡಕುಗಳ ನಿವಾರಣೆ ಸಾಧ್ಯವೇ? ತಂತ್ರಾಂಶಗಳು ನಡೆಯಬೇಕಿರುವ ಹಾದಿಯ ಕಿರು ಪರಿಚಯ ಎಲ್ಲಿ ಸಿಗಬಹುದು? ಇದಕ್ಕೊಂದು ಸಮುದಾಯವಿದೆಯೇ? ಈ ಸಮುದಾಯ ಅಭಿವೃದ್ದಿಯ ಪರಿಕಲ್ಪನೆ ಏನು? ಇತ್ಯಾದಿ ಪ್ರಶ್ನೆಗಳಿಗೆ ಉತ್ತರ ಕಂಡುಕೊಳ್ಳುವ ಸಲುವಾಗಿ ‘ಹೆಜ್ಜೆ’ ರೂಪಿತಗೊಂಡಿದೆ.

ಮಾಹಿತಿ ತಂತ್ರಜ್ಞಾನದ ವಿವಿಧ ಸ್ತರಗಳಲ್ಲಿ ಕನ್ನಡದ ಬೆಳವಣಿಗೆಗೆ ಬೇಕಾದ ವಿಷಯಗಳ ಬಗ್ಗೆ ಅನುಭವಿ ತಜ್ಞರು, ತಂತ್ರಜ್ಞರು ತಮ್ಮ ಅನುಭವವನ್ನು ಹಂಚಿಕೊಳ್ಳುವುದರ ಮೂಲಕ ಪ್ರಾರಂಭವಾಗುವ ಈ ಕಾರ್ಯಕ್ರಮ, ಮೇಲೆ ಹೇಳಿದ ಅನೇಕ ಪ್ರಶ್ನೆಗಳಿಗೆ ಉತ್ತರವನ್ನು ಪಡೆದುಕೊಳ್ಳುವ ‘ಹೆಜ್ಜೆ’ಗಳ ಹಾದಿಯನ್ನು ನಿಮ್ಮ ಮುಂದೆ ತೆರೆಯಲಿದೆ.

ಬನ್ನಿ ನಮ್ಮೊಡನೆ ಜೊತೆಜೊತೆಯಾಗಿ ಹೆಜ್ಜೆ ಹಾಕಿ, ನಿಮ್ಮ ಬರುವಿಕೆಯನ್ನು ಇಂದೇ ಕಾಯ್ದಿರಿಸಿ.

For more details visit https://cis-india.org/internet-governance/c95ca8ccdca8ca1-caeca4ccdca4cc1-ca4c82ca4ccdcb0c9cccdc9ecbeca8ca6-c9cca4cc6-c9cca4cc6c97cc6...

"All Indian Enterprises should Be Very Worried": Centre for Internet and Society

praskrishna — 2013-02-28T09:21:32Z

This blog post by Shubhra Rishi was published in Computer World on February 25, 2013. Pranesh Prakash is quoted.

The chairman of the Indian Institute of Planning and Management (IIPM) is having a Barbara Streisand moment.

The American entertainer Barbra Streisand, in 2003, attempted to suppress photographs of her residence, involuntarily and indirectly fuelling further publicity. Arindam Chaudhuri’s order from a Gwalior Court has unfortunately resulted in more or less the same.

The DoT’s CERT team has successfully censored more than 70 URLs that didn’t particularly contain praises of IIPM. Amusingly, a URL containing a public notice issued by the University Grants Commission (UGC) in July 2012 was also blocked. The UGC notice said that IIPM cannot be recognized as a university according to the provisions of a particular section.

So while this issue has managed to hold our attention, it has also fervently highlighted the misappropriation of section 69 of India’s Information Technology (IT) Act 2000. According to this act, if the Director of Controller is satisfied that it is necessary or expedient so, he/she may order or direct any agency of the Government to intercept any information transmitted through any computer resource.

In short, intercepting or blocking is counter-productive in today’s scenario and is often seen as a direct infringement of people’s online freedom. “The Constitution of India does not put so many restrictions on the freedom of speech and expression that IT Act puts under a particular section,” says cyber law expert, Pavan Duggal.

Legal experts are also of the opinion that several provisions of the IT Act are unconstitutional. “It does not have built-in safeguards, especially transparency-related ones, around surveillance and censorship. Censorship in India, especially under the IT (Intermediary Guidelines) Rules 2011, is completely opaque and results in invisible censorship, meaning that we don't even get to find out that censorship has happened and thus cannot challenge it,” says Pranesh Prakash, policy director, Centre for Internet and Society.

In the past, independent activists such as Binayak Sen, Assem Trivedi, and Arundhati Roy, or even commoners such as Shaheen Dhadha have come under fire of the said Act.

Frankly, if this loophole in the IT Act is not addressed, even Indian corporations could face a similar problem.

“I believe all intermediaries (websites that host user content, and networks that carry user traffic among others) are threatened now. Their executives can be dragged to court without any protection; thanks to the broad wording of the IT (Intermediary Guidelines) Rules 2011, despite the IT Act itself granting them some protections. This is dangerous, and all Indian enterprises should be very worried,” says Prakash.

CorporateIndiawill have to tighten its belts. Despite the fact that the entire IT Act needs to be overhauled and employees need to be sensitized, currently, the first thing that corporate India needs to do is ensure that its operations in electronic format comply with the IT Act and its rules. “There's a lack of awareness about compliances in the corporate sector. Any kind of “jugaad” may not help a company get out of a potential exposure under the IT Act. An effective implementation of these compliances will relieve companies of the IT Act’s potential liabilities, both civil and criminal,” advises Duggal.

So the Streisand effect in the IIPM case will slowly wear off, but the potential threat of the IT Act will continue to haunt enterprises.

For more details visit https://cis-india.org/news/computer-world-india-feature-shubra-rishi-feb-25-2013-all-indian-enterprises-should-be-very-worried

"Aadhaar Reduced Agency in Citizens and Empowered Those in Positions of Authority"

Martin Moore — 2019-05-21T15:33:01Z

In the space of one election cycle, authoritarian governments, moneyed elites and fringe hackers figured out how to game elections, bypass democratic processes, and turn social networks into battlefields. Facebook, Google and Twitter – where our politics now takes place – have lost control and are struggling to claw it back. As our lives migrate online, we are gradually moving into a world of datafied citizens and real-time surveillance. The entire political landscape has changed, with profound consequences for democracy.

The article by Martin Moore was published by NewsClick on May 20, 2019. Pranesh Prakash was quoted.

Written by Martin Moore, Democracy Hacked: Political Turmoil and Information Warfare in the Digital Age, is a compelling account of how democracy is being disrupted by the tech revolution, and what can be done to get us back on track. The following are excerpts from the chapter "Survellaince Democracy" of the book.

Tembhli, a remote rural village in northern Maharashtra, about 250 miles north of Mumbai, is rarely visited by high-powered politicians or prominent dignitaries. But on Wednesday, 29 September 2010, it found itself hosting not just the Indian prime minister, Manmohan Singh, but the president of Congress, Sonia Gandhi; the chief and deputy chief ministers and the governor of Maharashtra; and the head of the recently established Unique Identification Authority of India, Nandan Nilekani. It was this last figure, the least well known of the distinguished group, who was the reason behind the visit, and who would subsequently play the most important role in its aftermath. Nilekani and the politicians were there to give out the first ten ‘unique identifiers’ to residents of Tembhli. These ten people received their own twelve-digit number, a number that would, from that day forward, distinguish each of them from every other Indian citizen, and indeed – combined with their biometric data – from every other citizen in the world. “With this,” Sonia Gandhi said, “Tembhli has got a special importance in the map of India. People of Tembhli will lead the rest of the country. It is a historic step towards strengthening the people of our nation.”

Governments of all stripes are prone to exaggerated rhetoric, but in this instance, Gandhi was proved right when she proclaimed that “starting from this tiny hamlet, the scheme will reach more than a billion people of this country.” Despite the change of government in 2014, by April 2016 a billion Indians had been allocated their unique identifier. By 2018 the number had exceeded 1.1 billion, out of a total population of just over 1.3 billion. It was, in the words of a Harvard Business School report, a “hugely ambitious project”, “the largest-scale project of its kind in the world”. Aadhaar, as the project was called, was “unique in its scale and ambition”.3 Each Aadhaar identifier included not just a twelve-digit number, but all ten fingerprints, iris scans from both eyes, and a photograph of each person’s face (with the potential for facial recognition later). By combining the number with one element of biometric data, the government believed, it could ensure that every Indian citizen had a single, verifiable, machine-readable identity. With this verifiable identity a citizen could open a bank account, receive welfare or pension payments, pay tax, apply for a driving license, or receive healthcare, regardless of literacy. In a country known for its administrative torpor and tortuous bureaucracy, where – in 2013 – only forty per cent of children’s births were even registered, such a scheme had the potential to let India leapfrog other democratic countries into the digital era, and make government not just digitally enabled but digitally empowered.

Yet this, for critics of the scheme, was one of its many flaws. “Aadhaar marks a fundamental shift in citizen–state relations,” Pranesh Prakash from India’s Centre for the Internet and Society wrote in the Hindustan Times, “from ‘We the People’ to ‘We the Government’.” Civil society activists objected to the government’s enhanced power, and the relative unaccountability of the body running Aadhaar, headed by Nandan Nilekani until 2014. “In effect,” tech developer and activist Kiran Jonnalagadda wrote, “they are beyond the rule of law.” Others had practical objections.

Biometric identification often did not work. A database of this size and importance was bound to attract hackers. Leaks were inevitable. Indeed, the Tribune newspaper in January 2018 revealed that it had been able to buy a service, for 500 rupees (less than $10), that gave it access to any of up to one billion Aadhaar details. Yet such objections were written off as ‘scaremongering’ and Aadhaar critics as “activists of the upper crust, upper class, wine ’n cheese, Netflix-watching social media elite”. On top of which, despite an Indian Supreme Court judgment in August 2017 that affirmed the fundamental right of Indians to privacy, by early 2018 Aadhaar had achieved such momentum as to appear unstoppable. If the government was able to navigate the various legislative challenges to the scheme, then there was also a queue of other nations keen to adopt something similar.

[…]

As the government pushed Aadhaar towards every interaction the state had with the citizen, evidence mounted of failures in the system.

In the north-eastern state of Jharkhand, an eleven-year-old girl died of starvation after her family stopped receiving their government food ration. Their ration card, the Hindu Centre for Politics and Public Policy reported, “was not linked to Aadhaar”. The centre also reported on data, taken from the government’s websites, showing that in Rajasthan, where receiving rations was dependent on Aadhaar authentication, between a quarter and a third of people with ration cards did not receive rations between September 2016 and July 2017. In some ration shops, after having spent hours trying and failing to get their fingerprints read by the biometric machines, people lost their temper and smashed the machines on the ground.

Across India there were reports of machines not recognizing fingerprints, or only recognizing them after multiple attempts. Old people’s prints turned out to be more difficult to read, as were those of manual workers and fishermen. Since the system presumes guilt rather than innocence, the burden of proof lies with the citizen, not with the state. To claim a ration, apply for a scholarship or buy a train ticket, you have to prove who you are before receiving it. The obligation lies with the citizen to prove she is not a fraud. Even if she is not, and the failure is not with her but with the system, she pays for the system’s failure, not the government. To dispute a decision made by the machine means going to the nearest large town – often many miles away – and convincing an official that the problem is with the machine or the digital record, not with you. It is not surprising that some people wrecked Aadhaar machines in their rage.

While the system was found to reduce agency in citizens, it empowered those in positions of authority. Central government was able to make public services conditional on authentication by Aadhaar (despite repeated court rulings that Aadhaar be voluntary, not mandatory). This conditionality could then be extended to the level and type of public services available to individuals. In fact, it had to be for many services – distinguishing pensioners from non-pensioners, for example. Yet in this conditionality, there is plenty of scope for harm and abuse. In 2017 the independent media site Scroll.in reported a rising number of HIV-positive patients who were dropping out of treatment programmes because they were required to use their Aadhaar numbers and were fearful of their condition becoming public.

Equally, while Aadhaar itself did not provide any information about caste, ethnicity, religion or language, once it was linked to other databases, most notably the National Population Register, then it became possible to identify people by group. Formal group identification by the state has an ignominious history. During the apartheid era in South Africa, the penultimate number on the South African identity card indicated race. In the Rwandan genocide in 1994, anyone who had ‘Tutsi’ on their identification was liable to be killed. In Nazi Germany in 1938, every Jewish citizen had ‘J’ stamped on their ID cards and passports. In India, where political and religious divisions are closely intertwined, there is good reason to be anxious about new opportunities for group identification.

Thanks to Aadhaar, companies started to build services using unique identification. A series of ‘trust platforms’ emerged, built on top of Aadhaar, where employers – and others – could access and authenticate people’s identity. A company called TrustID advertised itself as “India’s first, unique and comprehensive online verification platform”. Through TrustID an employer could check whether a potential employee had any criminal or civil convictions, or whether that person had a good or bad reputation (based on a news search and social media profiling). The company even encouraged women to check up on potential husbands they had found via marriage websites. Other international companies integrated Aadhaar into existing services. This is similar to the way in which companies work with platforms like Facebook to profile, and target, individuals based on their personal information – except in this instance doing it via the government. All the same questions about trust, privacy, freedom and power arise, with even greater political potency. The state and private companies are in partnership to track citizens constantly and to gather as much data as they can on them – data that they can then use for commercial or political purposes. This opaque, asymmetrical knowledge of the citizen seems like the reverse of what was intended by democratic transparency, especially in the absence of strong privacy and data protection. “Totalitarian states often do this against the wishes of their citizens,” Pratap Bhanu Mehta, the president of the Centre for Policy Research, writes, yet “in our democracy, our consent is being mobilized to put an imprimatur over more control and arbitrariness.”

In August 2017, the Supreme Court of India came to a unanimous 9–0 decision that Article 21 of the Indian Constitution did guarantee a fundamental right to privacy. As such, it was not lawful for the government to make it mandatory for people to identify themselves using a unique identifier like Aadhaar, except in specific circumstances. To some this looked like a huge blow to the grand project. The Supreme Court decision “raises serious questions about Aadhaar”, lawyer Adarsh Ramanujan argued in India’s Financial Express, and appeared to send “a direction to the central government to create a regime to ensure that privacy rights are not trammelled by other private parties”. The judgment was about privacy broadly, and did not refer to specific cases like Aadhaar, but was seen as the basis from which future challenges to the scheme could be launched. The Modi government, however, appeared to carry on regardless. In October it linked Aadhaar to driving licence applications. By mid-December, the government had made Aadhaar mandatory if citizens wanted to access any of 140 government services.

Nandan Nilekani, who had stepped down as chair of Aadhaar in 2014 in order to become a candidate for the Congress party, railed against those who criticized the scheme. There was, he claimed, an “orchestrated campaign” to malign the system. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he told an Indian business news channel. Anyway, Nilekani argued, it was too late for the naysayers to stop it. Too many people were now enrolled. It was too integral to the provision of services. Others saw attacks on Aadhaar as political, arguing that Congress was using it for political gain prior to the 2019 election, and that this would backfire. “Aadhaar today is not just a number,” the editor of India’s Economic Timeswrote. “The Congress envisaged it as a means of identity but the Modi government has taken it to a different level. It has become a weapon in the hands of the poor and a powerful tool to fight entrenched black money interests. It is now a symbol of anti-corruption, anti-black money drives, a symbol of efficient allocation of welfare benefits.”

For more details visit https://cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority