The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 91 to 105.
Why Presumption of Renewal is Unsuitable for the Current Registry Market Structure
https://cis-india.org/internet-governance/blog/why-presumption-of-renewal-is-unsuitable-for-the-current-registry-market-structure
<b>With the recent and much protested renewal of the .net legacy Top-Level-Domain (TLD), the question of the appropriate method of renewal has again come to the forefront. While this seems relatively uncontroversial to most, Padma Venkataraman, a law student and intern at CIS looks at presumptive renewal through a critical lens. </b>
<p style="text-align: justify; ">With the recent renewal of the .net legacy Top-Level-Domain (TLD), the question of the appropriate method of renewal is worth reconsidering. When we talk about presumption of renewal for registry agreements, it means that the agreement has a reasonable renewal expectancy at the end of its contractual term. According to the current base registry agreement, it shall be renewed for 10-year periods, upon expiry of the initial (and successive) term, unless the operator commits a fundamental and material breach of the operator’s covenants or breach of its payment obligations to ICANN.</p>
<p style="text-align: justify; "><a class="external-link" href="http://cis-india.org/internet-governance/files/why-presumption-of-renewal-is-unsuitable-for-the-current-registry-market-structure">Download the entire blog post here</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/why-presumption-of-renewal-is-unsuitable-for-the-current-registry-market-structure'>https://cis-india.org/internet-governance/blog/why-presumption-of-renewal-is-unsuitable-for-the-current-registry-market-structure</a>
</p>
No publisherPadma VenkataramanICANNTransparencyInternet GovernanceAccountability2017-10-31T02:53:26ZBlog EntryWhy NPCI and Facebook need urgent regulatory attention
https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention
<b>The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet. </b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://economictimes.indiatimes.com/industry/banking/finance/banking/why-npci-and-facebook-need-urgent-regulatory-attention/articleshow/64522587.cms">Economic Times</a> on June 10, 2018.</p>
<hr />
<p style="text-align: justify; ">As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.</p>
<p style="text-align: justify; ">The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.</p>
<p style="text-align: justify; ">In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.</p>
<p style="text-align: justify; ">On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.</p>
<p style="text-align: justify; ">In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.</p>
<p style="text-align: justify; ">My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”</p>
<p style="text-align: justify; ">NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”</p>
<p style="text-align: justify; ">This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”</p>
<p style="text-align: justify; ">Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.</p>
<p style="text-align: justify; ">However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.</p>
<p style="text-align: justify; ">Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.</p>
<p style="text-align: justify; ">Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention'>https://cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention</a>
</p>
No publishersunilSocial MediaInternet GovernancePrivacy2018-06-12T02:07:42ZBlog EntryWhy is the UIDAI cracking down on individuals that hoard Aadhaar data?
https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data
<b>Private firms' offer to print Aadhaar details on plastic card a breach of law.</b>
<p style="text-align: justify; ">The article by Alnoor Peermohamed was published by <a class="external-link" href="http://www.business-standard.com/article/economy-policy/why-is-the-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data-116041200400_1.html">Business Standard </a>on April 13, 2016. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">The billion-strong citizen identification system, Aadhaar, has given rise to businesses keen on illegal harnessing of this private data, say the authorities.<br /><br /> Outfits are offering services to print the <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Aadhaar" target="_blank"><span>Aadhaar </span></a>details on plastic cards, something the Union information technology ministry warned against on Monday. These entities charge anywhere between Rs 50 and Rs 600, and are listed on e-commerce websites, apart from own online presence.<br /><br /> Under the Aadhaar law, collecting and storing of the data by private companies without the user’s consent is a crime. Monday’s warning from the ministry to e-commerce marketplaces such as Amazon, Flipkart and eBay to disallow merchants from collecting and printing such details was a result of this.<br /><br /> This newspaper could not find any listings of Aadhaar printing services on Flipkart but there was one on Amazon (taken down) and no less than five such listings on eBay.<br /><br /> PrintMyAadhaar is one of the more well organised outfits operating in this space. “Get your E-Aadhaar printed on a PVC card for easier handling,” reads their website. Users are prompted to fill their Aadhaar details on the website, pay Rs 50 and have the card sent to their houses. PrintMyAadhaar even offers discounts for bulk orders.<br /><br /> “Collecting such information or unauthorised printing of an Aadhaar card or aiding such persons in any manner may amount to a criminal offence, punishable with imprisonment under the Indian Penal Code and also Chapter VI of The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016,” read the statement from the ministry.<br /><br /> Currently, Aadhaar stores a person’s name, date of birth, sex and address, apart from their biometric data.<br /><br /> While the biometric data isn’t available to these PDF printing shops, the rest of the information is, according to Srikanth Nadhamuni, chief executive officer of Khosla Labs and a former head of technology at the Unique Identification Authority of India. However, collecting this data poses no security risk to the Aadhaar infrastructure, he added.<br /><br /> “Allowing somebody to accumulate large amounts of data from Aadhaar users in general is not a good practice. We should ensure that the Aadhaar details of people remain private and it should only be up to the discretion of the end-user to share this,” said Nadhamuni.<br /><br /> Some security experts say Aadhaar does pose a security risk, as it makes available an individual's details in the public domain. Several institutions are treating Aadhaar just like any other proof of identity.<br /><br /> “Transactions that should have been conducted using biometric authentication are being conducted just by presentation of paper documents. What is happening most commonly is that people are giving a printout or photocopy of their Aadhaar acknowledgement as their proof of identity to get a SIM card. The risk here is that somebody can get a mobile number against your name,” said Sunil Abraham, executive director of the non-profit Centre for Internet and Society.<br /><br /> He says the other technical issue with Aadhaar is the lack of a smart card that stores a person’s information, as in a digital signature. Due to the lack of this, people don’t know what information to keep private and what to make public. Conventional security techniques would have had a person keeping their PIN private (as with a bank account). If this personal PIN would have been saved on a smart card, which users wouldn’t have had much to worry about.<br /><br /> “In the case of Aadhaar, the authentication factor and the identification factor are in the public domain, because many people might have your UID number and people release their biometric data everywhere. Due to this broken technological solution, we are now through policy putting band-aids, saying people should not disclose their UID number unnecessarily,” added Abraham.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data'>https://cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-04-17T16:16:26ZNews ItemWhy Indians are turning down Facebook's free internet
https://cis-india.org/internet-governance/news/global-post-nimisha-jaiswal-why-indians-are-turning-down-facebook-free-internet
<b>Imagine a billion of the world’s poorest gaining overnight access to health information, education, and professional help — for free. Add to this one rich man who wants to make that dream a reality. </b>
<p style="text-align: justify; ">The article by Nimisha Jaiswal was published in the <a class="external-link" href="http://www.globalpost.com/article/6718467/2016/01/12/india-free-basics-facebook-internet">Global Post</a> on January 13, 2016. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p class="ng-scope" style="text-align: justify; ">That’s the invitation that Facebook has sent to India. Many there, however, are rejecting such benevolence.</p>
<p class="ng-scope" style="text-align: justify; ">Facebook has introduced its Free Basics project in 36 countries. The company claims that the app acts as a stepping-stone to the internet for those who are otherwise without access, by providing them with a few essential sites — or “basics” — to get started.</p>
<p class="ng-scope" style="text-align: justify; ">“We know that when people have access to the internet they also get access to jobs, education, healthcare, communication… We know that for India to make progress, more than 1 billion people need to be connected to the internet,” wrote Facebook CEO Mark Zuckerberg in a recent op-ed for a major Indian <a href="http://blogs.timesofindia.indiatimes.com/toi-edit-page/free-basics-protects-net-neutrality/" target="_blank">newspaper</a>. “Free Basics is a bridge to the full internet and digital equality.”</p>
<p class="ng-scope" style="text-align: justify; ">However, net neutrality researchers and activists in India define it quite differently.</p>
<p class="ng-scope" style="text-align: justify; ">“Free Basics is a zero-rated walled garden that gives users a tiny subset of the world wide web,” Sunil Abraham, executive director of the Bengaluru-based Centre for Internet and Society, told GlobalPost.</p>
<p class="ng-scope" style="text-align: justify; ">The Free Basics app is part of Facebook’s Internet.org, a “zero-rating” internet service that provides limited access for no charge to the consumer. The original Internet.org was heavily criticized in India for violating net neutrality, the principle that all content on the web should be accessible to consumers at the same speed, without discrimination by providers.</p>
<p class="ng-scope" style="text-align: justify; ">Last spring, as part of a homegrown <a href="https://www.savetheinternet.in/" target="_blank">Save The Internet</a> movement, over 1 million people wrote to the Telecom Regulatory Authority of India (TRAI) to protest services that disrupt net neutrality by providing only a small fraction of the internet to their users.</p>
<p class="ng-scope" style="text-align: justify; ">India’s Department of Telecommunications has already recommended that such platforms be disallowed. Before it makes its own recommendations this month, the TRAI asked concerned citizens for another round of input on zero-rating apps. The criticism has been so loud that, at the end of December, Free Basics’ local telecom partner was ordered to take the service down until a decision is reached.</p>
<p class="ng-scope" style="text-align: justify; ">Though Free Basics does not require payment from the websites it shares, Facebook’s competitors are unlikely to participate and provide user data to their rivals. And while there are currently no advertisements on Free Basics, Facebook reserves the right to introduce them in the future to garner revenue from their “walled-in” clients.</p>
<p class="ng-scope" style="text-align: justify; ">According to Abraham, such a platform harms free speech, privacy, innovation and diversity by adding another layer of surveillance and “censoring” the internet.</p>
<p class="ng-scope" style="text-align: justify; ">Mahesh Murthy, a venture capitalist who is part of India’s Save The Internet movement, puts it more bluntly.</p>
<p class="ng-scope" style="text-align: justify; ">“What Facebook wants is our less fortunate brothers and sisters should be able to poke each other and play Candy Crush, but not be able to look up a fact on Google, or learn something on Khan Academy, or sell their produce on a commodity market, or even search for a job on [Indian recruitment website] Naukri,” said Murthy.</p>
<p class="ng-scope" style="text-align: justify; ">Zuckerberg and Facebook’s India team have vigorously rebutted net neutrality activists in India, <a href="http://thewire.in/2015/12/30/facebooks-rebuttal-to-mahesh-murthy-on-free-basics-with-replies-18235/" target="_blank">including Murthy</a>, challenging their criticism of Free Basics and accusing activists of deliberately trying to prevent the masses from gaining internet access.</p>
<p class="ng-scope" style="text-align: justify; ">“Critics of the program continue to spread false claims — even if that means leaving behind a billion people,” wrote Zuckerberg in his Times of India op-ed.</p>
<p class="ng-scope" style="text-align: justify; ">According to Abraham, this is a misleading assertion. “They are falsely framing the debate, they are making it look like we have only two choices,” he told GlobalPost. “The choice is not between less people on the internet and unregulated [Free Basics].”</p>
<p class="ng-scope" style="text-align: justify; ">Several alternatives are being proposed. Abraham does not advocate a complete ban on Free Basics, instead suggesting a “leaky” walled garden where users would be given 100 MB of full internet access for every 100 MB of Free Basics consumed.</p>
<p class="ng-scope" style="text-align: justify; ">The Save the Internet campaign, however, wants Free Basics barred altogether. It proposes returning to previously implemented schemes like providing data on the purchase of a phone, or letting users access the full internet after watching an ad. The Universal Service Obligation Fund, set up by the Department of Telecommunications to provide affordable communication technology in rural areas, could also be used to finance <a href="http://blogs.timesofindia.indiatimes.com/toi-editorials/free-basics-is-a-walled-garden-heres-a-much-better-scheme-direct-benefit-transfer-for-internet-data-packs/" target="_blank">free data packs</a>.</p>
<p class="ng-scope" style="text-align: justify; ">While Facebook could potentially contribute to such funds to promote its connectivity goals, the millions of dollars it has spent loudly defending Free Basics in India suggest that the company is deeply attached to its own scheme.</p>
<p class="ng-scope" style="text-align: justify; ">Facebook has claimed that “more than four in five Indians support Free Basics,” according to a survey that it paid for. Indian users of the social network have received notifications encouraging them to send a template letter to the regulator in support of Free Basics. Even users in the US were “<a href="http://timesofindia.indiatimes.com/tech/tech-news/Facebook-under-fire-for-asking-US-users-to-support-Free-Basics-in-India/articleshow/50286467.cms" target="_blank">accidentally</a>” notified to add their backing to the Indian campaign.</p>
<p class="ng-scope" style="text-align: justify; ">Some of the company's critics suggest that it is driven less by philanthropy, more by guaranteeing itself a stream of new users.</p>
<p class="ng-scope" style="text-align: justify; ">Murthy points out that a large number of the world’s population not yet on the internet are in India and China — and Facebook is banned in China. “So who becomes essential to Mark Zuckerberg’s balance sheet? Enter us Indians.”</p>
<p class="ng-scope" style="text-align: justify; ">While Indian activists agree that connectivity is an important goal, they insist that Free Basics in its current form is not the solution or even the only option right now. All it does is whets the appetite of the consumer, according to Abraham.</p>
<p class="ng-scope" style="text-align: justify; ">“You can compare Free Basics to when you go through the mall: You see the people selling cookies, and the aroma fills the whole mall,” he said. “That’s what Free Basics does — it gets you interested in the cookie. But it doesn’t solve the affordability question.”</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/global-post-nimisha-jaiswal-why-indians-are-turning-down-facebook-free-internet'>https://cis-india.org/internet-governance/news/global-post-nimisha-jaiswal-why-indians-are-turning-down-facebook-free-internet</a>
</p>
No publisherpraskrishnaFree BasicsFreedom of Speech and ExpressionInternet Governance2016-01-17T16:25:10ZNews ItemWhy India’s attempt to police digital maps and satellite images is a ‘dumb’ idea
https://cis-india.org/internet-governance/news/the-newsminute-may-6-2016-why-indias-attempt-to-polic-digital-maps-and-satellite-images-is-a-dumb-idea
<b>Are we back to the license raj?</b>
<p style="text-align: justify; ">The story was published by <a class="external-link" href="http://www.thenewsminute.com/article/why-indias-attempt-police-digital-maps-and-satellite-images-dumb-idea-42805">the News Minute</a> on May 6, 2016. Pranesh Prakash gave inputs.</p>
<hr />
<p style="text-align: justify; ">In a move which is receiving widespread criticism from technology and policy experts, the Indian government has proposed the Geospatial Information Regulation Bill that seeks to regulate the use of ‘geospatial information’ of India. Any violation of the proposed act could attract a penalty of up to 7 years in prison and Rs. 1 crore in fines, and the extreme punishments proposed have also been criticised.</p>
<p style="text-align: justify; ">So what is Geospatial information?</p>
<p style="text-align: justify; ">Geospatial Information has been defined in the act as</p>
<blockquote style="text-align: justify; ">
<p>any imagery or data acquired through space or aerial platforms such as satellites, aircrafts, airships, balloons, unmanned aerial - vehicles or graphical or digital data depicting natural or man-made physical features, phenomenon or boundaries of the earth or any information including surveys, charts, maps and terrestrial photos.</p>
</blockquote>
<p style="text-align: justify; ">To put it simply, any imagery of anything on earth (in India) recorded using machines in the sky will be under the purview of the law.</p>
<p style="text-align: justify; ">The law forbids any ‘incorrect representation' of the Indian map. For instance, not showing Pakistan Occupied Kashmir as a part of India will now be illegal and attract a fine and jail-term.</p>
<p style="text-align: justify; ">Here’s what the draft bill says,</p>
<blockquote style="text-align: justify; ">
<p>"No person shall depict, disseminate, publish or distribute any wrong or false topographic information of India, including international boundaries through Internet platforms or online services or in any electronic or physical form."</p>
</blockquote>
<p style="text-align: justify; ">And further states,</p>
<blockquote style="text-align: justify; ">
<p>"Whoever acquires any geospatial information of India in contravention of the law shall be punished with a fine ranging from Rs 1 crore to Rs 100 crore and/or imprisonment for a period up to seven years."</p>
</blockquote>
<p style="text-align: justify; ">And it doesn’t end here.</p>
<p style="text-align: justify; ">In what is reminiscent of India’s license raj era, the law also mandates that any person or institution acquiring or disseminating any geospatial imagery will have to first seek permission and license from a government authority. So Google Maps, Wikipedia, OpenStreetMap and others can operate in India only with a specific license from the Indian government.</p>
<p style="text-align: justify; ">The government authority will also run “sensitivity checks” on the imagery to protect India’s security and sovereignty.</p>
<p style="text-align: justify; ">Technology and policy experts are openly gunning for the bill and are holding no punches back.</p>
<p style="text-align: justify; ">“This proposed bill is as dumb as the draft encryption bill of last year which would have made WhatsApp illegal. It is unenforceable and will only serve to make India look like a backward, despotic country,” says Kiran Jonalgadda, founder of HasGeek and a social technologist.</p>
<p style="text-align: justify; ">Pranesh Prakash, Director of the Centre for Internet and Society, is of the view that this bill goes against the philosophy of Digital India and is regressive in nature. “It bears semblance to the conditions that prevailed in the License Raj. The bill is a clear over-reaction to legitimate security concerns. The government ought to encourage open mapping and should have limited the security restrictions to a set of officially declared security installations across India,” he says.</p>
<p style="text-align: justify; ">While the government's motive may be in the best interest of maintaining national security in order to prevent the misuse of sensitive data, such stringent measures may hinder the operations of navigation services and other applications that rely on geospatial information, and it will be the smaller players who will be affected the most. “Every map maker has to create different maps for different countries and hope they're not shown in the wrong country. Google Maps can afford to do this. OpenStreetMap and Wikipedia cannot. They will effectively become illegal,” adds Jonalgadda.</p>
<p style="text-align: justify; ">These stringent rules are not entirely unexpected and the government has cracked down on institutions in the past for ‘wrong’ geographical depiction of India.</p>
<p style="text-align: justify; ">The government had taken harsh rebuke against Twitter earlier this year for showing parts of Jammu and Kashmir in Pakistan and China. In another such instance, Al Jazeera was <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&uact=8&ved=0ahUKEwjM6KPHqcXMAhWCU44KHf8OA4IQFggyMAU&url=http%3A%2F%2Ftime.com%2F3832585%2Findia-al-jazeera-suspended-kashmir-dispute-maps%2F&usg=AFQjCNGPWa0itfyNDEj1z8povvwm_0CmqQ&bvm=bv.121421273,d.c2E"><span>banned </span></a>from broadcasting by the Information and Broadcasting Ministry because of repeatedly using a wrong map of India and was accused of cartographic aggression. The RSS too carried an <a href="http://timesofindia.indiatimes.com/india/RSS-mouthpiece-Organiser-apologizes-for-PoK-map-error/articleshow/46566185.cms" target="_blank"><span>inaccurate</span></a> map of India (without some parts of Jammu and Kashmir) in its mouthpiece, Organiser and later apologised for its inadvertent error.</p>
<p style="text-align: justify; ">Nikhil Pahwa of Medianama has an exhaustive explanation and critique of the bill, and tells you how you and your businesses will be affected if the law is enacted. Read his piece <a href="http://www.medianama.com/2016/05/223-india-draft-mapping-bill/"><span>here</span></a>.</p>
<p style="text-align: justify; ">Here are his final comments from his piece, and they are pretty scathing.</p>
<blockquote style="text-align: justify; ">
<p>This looks like a policy made for policing Google maps that has ended up throwing out the baby with the bathwater.</p>
<p>The people involved in drafting this have absolutely no clue about how users and businesses use geospatial data to make users lives easier, and how integral it is to every day life. Data is changing and increasing every single minute, and it is impossible to police it.</p>
<p>Collection and dissemination of realtime data and its utility is what makes location information useful and special. This kills realtime information.</p>
<p>It looks at location information from the myopic viewpoint of businesses and platforms, and ignores crowdsourced information, and indeed, independent crowdsourced maps.</p>
<p>A separate policy regarding just security establishments and their removal from mapping information, as well as the depiction of national boundaries of India was all that is needed.</p>
<p>It’s hypocritical of a government that promised “maximum governance, miminum governance” to try and enforce a License-raj.</p>
</blockquote>
<p style="text-align: justify; ">Interestingly, even as the government wishes to impose punitive measures on erring private bodies, government organisations will not be regulated by the Geospatial Information Regulation Bill.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-newsminute-may-6-2016-why-indias-attempt-to-polic-digital-maps-and-satellite-images-is-a-dumb-idea'>https://cis-india.org/internet-governance/news/the-newsminute-may-6-2016-why-indias-attempt-to-polic-digital-maps-and-satellite-images-is-a-dumb-idea</a>
</p>
No publisherpraskrishnaInternet Governance2016-05-08T13:05:48ZNews ItemWhy India snubbed Facebook's free Internet offer
https://cis-india.org/internet-governance/news/why-india-snubbed-facebooks-free-internet-offer
<b>The social media giant wanted to give the people of India free access to a chunk of the Internet, but the people weren't interested.</b>
<p>The blog post by Daniel Van Boom was <a class="external-link" href="http://www.cnet.com/news/why-india-doesnt-want-free-basics/">published by Cnet</a> on February 26, 2016. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">Mark Zuckerberg's ambitious mission to provide free Internet access to rural India was rejected by the people it was intended to help long before the country's regulators banned it earlier this month.</p>
<p style="text-align: justify; ">Around the country, farmers, labourers and office workers scorned Facebook's offer. Called Free Basics, it provided only limited access to the Internet through a suite of websites and services that, unsurprisingly, included Facebook. They felt the limited service didn't follow the open nature of the Internet, where all sites and online destinations should be equally accessible, so they organized real-world protests and an online Save The Internet campaign, with the message that Zuckerberg's efforts weren't welcome.</p>
<p style="text-align: justify; ">You might think people would jump at the opportunity to access Facebook for free, especially since more than a billion people use the social network every day. But it's that hitch -- that they can't access everything else -- which is precisely the problem, said Sunil Abraham, the executive director of the Centre for Internet and Society India. "Even if somebody spends 90 percent of their time on Facebook, that 10 percent is equally as important."</p>
<p style="text-align: justify; ">Indian regulators sided with popular opinion and <a href="http://www.cnet.com/news/facebook-free-basics-gets-blocked-in-india/"><span>cut off Free Basics</span></a> in the world's second-most populous country on February 8. The ruling by the Telecom Regulatory Authority of India (TRAI) forbids all zero-rating plans, meaning anyone offering customers free access to only a limited set of services of sites are banned. It was championed as a victory for Net neutrality, the principle that everyone should have equal access to all content on the Internet.</p>
<p style="text-align: justify; ">The decision was undoubtedly a blow for Facebook, which says it wants to connect the billions of have-nots around the world to the Internet through the program. While more than half the world's online population uses Facebook each month, the company's efforts to connect with the developing world -- with Free Basics also being available in over 30 other countries, such as Kenya and Iraq -- could be a boon for business.</p>
<p style="text-align: justify; ">"[The Internet] must remain neutral for everyone, individuals and businesses alike. Everyone must have equal access to it," said Rajesh Sawhney, a Mumbai-based tech entrepreneur, in support of TRAI's decision to reject Free Basics. He believes the zero-rating scheme can be misused by telcos and other companies to create divisive ecosystems, where certain brands or companies are included and others aren't.</p>
<p style="text-align: justify; ">The package wasn't without its supporters though, with some being disappointed with the government's intervention in the marketplace.</p>
<p style="text-align: justify; ">"It is generally assumed that there is something sinister behind violations of Net neutrality...but that is not always true," says software engineer Shashank Mehra. "ISPs trying to match consumer demand isn't something sinister, it is a market process."</p>
<p style="text-align: justify; ">The social media giant further defends itself by pointing out that Free Basics is <a href="https://info.internet.org/en/2015/11/19/internet-org-myths-and-facts/" target="_blank"><span>open to any and all developers</span></a>, including competitors Twitter and Google, as long as they meet the program's <a href="https://developers.facebook.com/docs/internet-org/platform-technical-guidelines" target="_blank"><span>technical standards.</span></a> This evidently wasn't enough to convince much of India.</p>
<h3 style="text-align: justify; ">The problem persists</h3>
<p style="text-align: justify; ">Facebook disputes claims that its interest in India is commercial, saying its efforts are humanitarian. In speeches over the past few months, Zuckerberg has painted Internet access as a tool for global good. "The research has shown on this that for every 10 people who get access to the internet, about one person gets a new job, and about one person gets lifted out of poverty," <a href="https://www.youtube.com/watch?v=nqkKiGhIyXs#t=4m03s" target="_blank"><span>he said at a Townhall Q&A</span></a> in Delhi last October. "Connecting things in India is one of the most important things we can do in the world."</p>
<p style="text-align: justify; ">Zuckerberg appears to have taken the loss in stride. <a href="http://www.cnet.com/news/mark-zuckerberg-internet-org-telecoms-project-mobile-world-congress-2016/"><span>During a keynote address at the Mobile World Conference in Barcelona</span></a> earlier this week, he admitted to being disappointed by the ruling, but added, "We are going to focus on different programs [in India]...we want to work with all the operators there." A Facebook spokesperson said the company "will continue our efforts to eliminate barriers and give the unconnected an easier path to the Internet and the opportunity it brings."</p>
<p style="text-align: justify; ">Those ideals could certainly help in India, where around <a href="http://data.worldbank.org/indicator/SP.RUR.TOTL.ZS" target="_blank"><span>68 percent</span></a> of its population -- about 880 million people -- live in rural conditions or poverty. The promise of free access to health, education, local and national news through an Internet connection could potentially improve quality of live. So what's the problem?</p>
<p style="text-align: justify; ">The service providers would also be granting free Facebook.</p>
<p style="text-align: justify; ">Peggy Wolff, a volunteer coordinator at education NGO Isha Vidhya, says Facebook is just the latest in a long line of international companies hoping to crack rural India, where the bulk of the country's poor live.</p>
<p style="text-align: justify; ">While admitting that low cost or free Internet is imperative in rural areas, that "smart villages" are needed to help ease the human burden on India's increasingly overcrowded cities, she says, "Free basics is just a bit suspicious to most people. There's just too much vested interest."</p>
<p style="text-align: justify; ">"The big question." Sawhney says, "is how do we give fast and free Internet to a large section of society in India?"</p>
<p style="text-align: justify; ">There are alternatives. United States-based Jana, for instance, developed an Android app called mCent that allows its growing userbase of 30 million to earn data by downloading and using certain apps or watching advertisements from sponsors. Unlike Free Basics, that data can be expended on any online destination.</p>
<p style="text-align: justify; ">Jana's CEO Nathan Eagle, like Zuckerberg, says his mission is to bring Internet connectivity to the next billion people. "Today, Internet connectivity in emerging markets is much more an issue of affordability, rather than access," he explains. "1.3 billion people in emerging markets now have Android phones...it's the cost of data that is prohibitive."</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/why-india-snubbed-facebooks-free-internet-offer'>https://cis-india.org/internet-governance/news/why-india-snubbed-facebooks-free-internet-offer</a>
</p>
No publisherpraskrishnaFree BasicsFreedom of Speech and ExpressionInternet GovernanceCensorship2016-02-27T07:49:08ZNews ItemWhy having more CCTV cameras does not translate to crime prevention
https://cis-india.org/internet-governance/news/the-news-minute-september-3-2019-manasa-rao-why-having-more-cctv-cameras-does-not-translate-to-crime-prevention
<b>Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?</b>
<p style="text-align: justify; ">The article by Manasa Rao published by the <a class="external-link" href="https://www.thenewsminute.com/article/why-having-more-cctv-cameras-does-not-translate-crime-prevention-108276">News Minute</a> quotes Pranav M. Bidare of CIS.</p>
<hr style="text-align: justify; " />
<p dir="ltr" style="text-align: justify; ">In August, a couple from Tamil Nadu’s Tirunelveli district made national headlines for their bravery. True to the Tamil adage ‘vallavanukku pullum aayudham’ (for the strong man, even a blade of grass is a weapon), when thieves entered their home, they fought them with chairs, slippers and even a bucket. Despite being armed with sickles, the masked miscreants fled the scene unable to match the counter-attack mounted by 70-year-old Shanmugavel and 65-year-old Senthamarai. The incident was caught on CCTV camera and the couple, whose video quickly went viral, was<a href="https://www.thenewsminute.com/article/video-elderly-tn-couple-bravely-fends-armed-robbers-plastic-chairs-107105"> celebrated</a> for their valour and made for the perfect social media feel-good story. However, as the news cycle was focused on them, senior police officers from the state and many commentators pointed to the importance of the CCTV camera footage. After all, the whole world watched their courage thanks to the CCTV camera affixed on the couple's front yard.</p>
<p dir="ltr" style="text-align: justify; ">Since 2017, the Tamil Nadu Police has been aggressively<a href="https://www.youtube.com/watch?v=fphSW8SBCh8"> pushing</a> for citizens to install CCTV cameras. A techno-futuristic awareness campaign<a href="https://www.youtube.com/watch?v=iPYzXSLbYYQ"> video</a> released last year even roped in popular Kollywood star Vikram to help the police force. “If there are CCTV cameras, crimes are prevented, evidenced and importantly, it provides evidence in court. So, each of us will compulsorily fix a CCTV camera wherever we are,” says Vikram. In a bold declaration, the motto of the campaign affirms, “With CCTV everywhere, Tamil Nadu has become a place without crime.” At the end of the video Vikram suggests Big Brother is watching, stating, “Everything. Everywhere. We're watching.”</p>
<p class="_yeti_done" dir="ltr" style="text-align: justify; ">But do more CCTV cameras necessarily translate to crime prevention and deterrence? Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?</p>
<p dir="ltr" style="text-align: justify; "><strong>What the numbers say</strong></p>
<p dir="ltr" style="text-align: justify; ">A<a href="https://www.comparitech.com/vpn-privacy/the-worlds-most-surveilled-cities/"> study</a> released in August by tech research group Comparitech ranked Chennai as 32nd out of 50 of the most surveilled cities in the world. The research group, with the use of government reports, police websites and news articles, puts the total number of cameras in the city at 50,000. With a 2016 estimated population of 1.07 crore in Chennai, that is 4.67 cameras per 1,000 people.</p>
<p dir="ltr" style="text-align: justify; ">With the help of <a href="https://www.numbeo.com/crime/rankings_current.jsp">Numbeo</a>, a crowd-sourced database of perceived crime rates, the study puts Chennai’s crime index at 40.39. On a scale of 0 to 100, this is an estimation of overall level of crime in a given city. This score means Chennai’s crime index is ranked ‘moderate’. Similarly, on a 100 point scale, the city's safety index— quite the opposite of crime index— is at 59.61. The higher the safety index, the safer a city is considered to be.</p>
<p dir="ltr" style="text-align: justify; ">The two other Indian cities on the list of 50 are New Delhi ranked No. 20 with 1,79,000 cameras for 1.86 crore people (9.62 cameras per 1,000 people) and Lucknow ranked at No. 40 with 9,300 cameras for 35.89 lakh people (2.59 cameras per 1,000 people). The capital's crime index is at 58.77 while its safety index is 41.23. The UP city on the other hand has a crime index of 45.30 and a safety index of 54.70.</p>
<p dir="ltr" style="text-align: justify; ">Stating that the higher number of cameras ‘just barely correlates’ with a higher safety index and lower crime index, the study concludes, “Broadly speaking, more cameras doesn’t necessarily result in people feeling safer.” While the presence of CCTV cameras may not inherently be bad, experts say that they cannot become a substitute for tackling crime and its causes which transcend the realm of technology. These involve tailored and specific approaches which stem from community building.</p>
<p dir="ltr" style="text-align: justify; "><strong>The infallible CCTV myth</strong></p>
<p dir="ltr" style="text-align: justify; ">Pranav MB, policy officer at the Centre for Internet and Society in Bengaluru observes that in the long run, over-reliance on CCTV cameras would merely propel criminals to innovate, as opposed to helping deter the crime from taking place. He says, “While it seems intuitive that the presence of a CCTV camera will have a deterring effect on criminal activity, numerous studies over the past decade have concluded that this is not really the case. The idea of a deterring effect also relies on the assumption that the actors are making educated intelligent choices about their future, which is often not the case with persons that commit criminal acts. So the deterring effect of CCTV cameras is not likely to be much more than the already deterring effect that exists because of criminal law and law enforcement.”</p>
<p dir="ltr" style="text-align: justify; ">Busting the myth that CCTV cameras are foolproof, Pranav adds that public infrastructure as simple as a streetlight could aid in safer neighbourhoods. “The fact remains, however, that if you are not using advanced technology, a simple mask will render you unidentifiable by most basic CCTV cameras. As more advanced and more expensive technology is used, you are only necessitating the need for innovation among criminals to identify new loopholes that they can exploit in the technology. This is not an argument that generally holds against the use of technology, but in the case of CCTV cameras, it has been seen that simple street lights much better serve the goal of deterrence of crimes,” he says.</p>
<p dir="ltr" style="text-align: justify; ">However, cops disagree with the findings. One IPS officer who works with the police’s Law and Order department in Chennai tells TNM that the presence of CCTV cameras has helped them nab a range of criminals from chain-snatchers to stalkers who have hacked women to death. Praising the use of facial recognition software like FaceTagr that was introduced a few years ago, the officer says, “CCTV cameras have a dissuading effect on criminals. At the very least they serve as a warning but in most cases, we can easily match them to criminals on our existing local, station-wise database. Especially when it comes to areas like T Nagar, Purasawalkam or other crime-prone suburbs, CCTV cameras are an invaluable tool for law enforcement.”</p>
<p dir="ltr" style="text-align: justify; ">“Even in cases of sexual abuse, street harassment or trafficking, private CCTV cameras have been helpful. Shop owners or residents have come forward with the footage in public interest,” he says, admitting that the Centre’s release of the long-pending National Crime Records Bureau (NCRB) statistics could show a correlation between the push to install CCTVs and crime rates.</p>
<p dir="ltr" style="text-align: justify; ">With a lack of NCRB data, there are no statistical answers to whether indeed installation of CCTV cameras has helped lowering of crime rates. However, as per one report in <a href="https://www.thehindu.com/news/national/tamil-nadu/cctv-cameras-crime-fighter-or-big-brother/article26226129.ece">The Hindu</a>, the police report a 30% drop in the crime rate in the city following the installation of CCTV cameras. According to their estimate for chain snatching alone, the city police claims that the number of cases have dropped from 792 in 2012 to 538 following the installation of CCTV cameras in 2018.</p>
<p style="text-align: justify; "><strong>Over-reliance on technology</strong></p>
<p dir="ltr" style="text-align: justify; ">Agreeing that law enforcement must be cautious while employing technology to solve crimes, Dr M Priyamvadha, associate professor at the Department of Criminology, University of Madras says her detailed interviews with over 200 incarcerated burglars across Tamil Nadu reveal that they are always on the lookout for a CCTV camera. “They simply use a jammer worth Rs 2,000 (a handy device that disrupts the signal range of a camera) to skirt the presence of a CCTV camera,” she reports. However, the professor cautions that one must not over-sell the capabilities of a CCTV camera in crime prevention.</p>
<p dir="ltr" style="text-align: justify; ">“We must remember that CCTV cameras don't deter all crimes. If there is family or domestic violence, there won't be a CCTV camera inside the four walls of a house to reveal it. For burglaries, robberies and such offences, you can rely on CCTV cameras. How far it helps is a question mark. You can neither completely say it prevents crime nor that it is a waste,” she says.</p>
<p dir="ltr" style="text-align: justify; ">The professor points out that even when deploying CCTV cameras across the city, law enforcement does not account for wear and tear and maintenance which forms an important part of monitoring security.</p>
<p dir="ltr" style="text-align: justify; ">Echoing the sentiment, Pranav says that CCTV cameras primarily serve as sources of electronic evidence in criminal cases. “Their deterring effect has repeatedly been observed to not balance out the costs of installing and running them.”</p>
<p dir="ltr" style="text-align: justify; "><strong>Privacy, data protection concerns</strong></p>
<p dir="ltr" style="text-align: justify; ">Chennai-based independent tech researcher Srikanth points to the inherent surveillance dangers thanks to the centralised way in which the city police collects the CCTV data. “There is something concerning especially about Chennai City Traffic Police and other various city police’s approach to CCTV. The fundamental shift is that, at least in the city, these cameras are connected to the police control room. So data gets centrally collated. When centralization kicks in, power abuse isn't far away. This way it is far easier for police to destroy evidence,” he alleges.</p>
<p dir="ltr" style="text-align: justify; ">Srikanth also points out, “CCTVs (especially connected ones) are usually funded by residents and/or merchants who spend their money in putting up the infrastructure, but freely give away the data to the police (often in good faith). There is no oversight on usage, storage, retention of this data and by sheer monopoly on law and order, the police is able to connect a vast number of private CCTVs on to its network.”</p>
<p dir="ltr" style="text-align: justify; ">Significantly, he expresses concerns about there being no laws that govern the usage of CCTV footage by the police. “Even if one gives into the legitimate state aim to control crime, even if one can argue violation of privacy is proportional, there is no law around use of CCTV by police, let alone using them in investigations. That the state engages with private vendors (such as FaceTagr) and many others also provides these service providers access to data,” he explains.</p>
<p dir="ltr" style="text-align: justify; ">Pranav also warns, “Furthermore, CCTV cameras also result in compromising the privacy of individuals, and if implemented by the state (as in the case of law enforcement), creates added surveillance risks. Compounding on this is the issue of the recorded video footage, which if stored/transmitted/managed in an non-secure manner creates data protection risks as well. This is especially true in India, where it is difficult to obtain the required infrastructure and expertise in running an effective and secure CCTV camera system.”</p>
<p dir="ltr" style="text-align: justify; "><strong>'Technology cannot replace interpersonal relationships'</strong></p>
<p dir="ltr" style="text-align: justify; ">Advising pragmatic thinking when it comes to crime prevention, professor Priyamvadha says that technology should complement what she calls the ‘human touch'. Junking the ‘holistic’ one-size-fits-all approach that is often paraded as a solution, the criminologist says that each crime requires a tailored method of tackling it. “For each and every crime, there is a different strategy. There maybe crimes committed by juveniles, crimes committed against women. For example, if female foeticide is rampant in a village, it is important to understand the village, the preferences of the people there and the caste practices present among them,” she observes.</p>
<p dir="ltr" style="text-align: justify; ">While technology often allows law enforcement to cover more ground in cases of limited manpower, there’s also a chance the cameras could be seen as a substitute for forging interpersonal relationships between police and the people they seek to protect. “With quick transferring of cops nowadays, the local police station doesn’t have an understanding of the ongoings. Interpersonal relationships are more important than technological advances,” she notes.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-news-minute-september-3-2019-manasa-rao-why-having-more-cctv-cameras-does-not-translate-to-crime-prevention'>https://cis-india.org/internet-governance/news/the-news-minute-september-3-2019-manasa-rao-why-having-more-cctv-cameras-does-not-translate-to-crime-prevention</a>
</p>
No publishermanasaInternet Governance2019-09-25T02:13:28ZNews ItemWhy having more CCTV cameras does not translate to crime prevention
https://cis-india.org/internet-governance/news/why-having-more-cctv-cameras-does-not-translate-to-crime-prevention
<b>Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?</b>
<p dir="ltr" style="text-align: justify; ">The article by Manasa Rao was <a class="external-link" href="https://www.thenewsminute.com/article/why-having-more-cctv-cameras-does-not-translate-crime-prevention-108276">published the News Minute</a> on September 3, 2019. Pranav M. Bidare was quoted.</p>
<hr />
<p dir="ltr" style="text-align: justify; ">In August, a couple from Tamil Nadu’s Tirunelveli district made national headlines for their bravery. True to the Tamil adage ‘vallavanukku pullum aayudham’ (for the strong man, even a blade of grass is a weapon), when thieves entered their home, they fought them with chairs, slippers and even a bucket. Despite being armed with sickles, the masked miscreants fled the scene unable to match the counter-attack mounted by 70-year-old Shanmugavel and 65-year-old Senthamarai. The incident was caught on CCTV camera and the couple, whose video quickly went viral, was<a href="https://www.thenewsminute.com/article/video-elderly-tn-couple-bravely-fends-armed-robbers-plastic-chairs-107105"> celebrated</a> for their valour and made for the perfect social media feel-good story. However, as the news cycle was focused on them, senior police officers from the state and many commentators pointed to the importance of the CCTV camera footage. After all, the whole world watched their courage thanks to the CCTV camera affixed on the couple's front yard.</p>
<p dir="ltr" style="text-align: justify; ">Since 2017, the Tamil Nadu Police has been aggressively<a href="https://www.youtube.com/watch?v=fphSW8SBCh8"> pushing</a> for citizens to install CCTV cameras. A techno-futuristic awareness campaign<a href="https://www.youtube.com/watch?v=iPYzXSLbYYQ"> video</a> released last year even roped in popular Kollywood star Vikram to help the police force. “If there are CCTV cameras, crimes are prevented, evidenced and importantly, it provides evidence in court. So, each of us will compulsorily fix a CCTV camera wherever we are,” says Vikram. In a bold declaration, the motto of the campaign affirms, “With CCTV everywhere, Tamil Nadu has become a place without crime.” At the end of the video Vikram suggests Big Brother is watching, stating, “Everything. Everywhere. We're watching.”</p>
<p class="_yeti_done" dir="ltr" style="text-align: justify; ">But do more CCTV cameras necessarily translate to crime prevention and deterrence? Can technology substitute addressing social, psychological, economic and other individual factors that largely lead to criminality? And what are the perils of over-reliance on technology to fight crime?</p>
<p dir="ltr" style="text-align: justify; "><strong>What the numbers say</strong></p>
<p dir="ltr" style="text-align: justify; ">A<a href="https://www.comparitech.com/vpn-privacy/the-worlds-most-surveilled-cities/"> study</a> released in August by tech research group Comparitech ranked Chennai as 32nd out of 50 of the most surveilled cities in the world. The research group, with the use of government reports, police websites and news articles, puts the total number of cameras in the city at 50,000. With a 2016 estimated population of 1.07 crore in Chennai, that is 4.67 cameras per 1,000 people.</p>
<p dir="ltr" style="text-align: justify; ">With the help of <a href="https://www.numbeo.com/crime/rankings_current.jsp">Numbeo</a>, a crowd-sourced database of perceived crime rates, the study puts Chennai’s crime index at 40.39. On a scale of 0 to 100, this is an estimation of overall level of crime in a given city. This score means Chennai’s crime index is ranked ‘moderate’. Similarly, on a 100 point scale, the city's safety index— quite the opposite of crime index— is at 59.61. The higher the safety index, the safer a city is considered to be.</p>
<p dir="ltr" style="text-align: justify; ">The two other Indian cities on the list of 50 are New Delhi ranked No. 20 with 1,79,000 cameras for 1.86 crore people (9.62 cameras per 1,000 people) and Lucknow ranked at No. 40 with 9,300 cameras for 35.89 lakh people (2.59 cameras per 1,000 people). The capital's crime index is at 58.77 while its safety index is 41.23. The UP city on the other hand has a crime index of 45.30 and a safety index of 54.70.</p>
<p dir="ltr" style="text-align: justify; ">Stating that the higher number of cameras ‘just barely correlates’ with a higher safety index and lower crime index, the study concludes, “Broadly speaking, more cameras doesn’t necessarily result in people feeling safer.” While the presence of CCTV cameras may not inherently be bad, experts say that they cannot become a substitute for tackling crime and its causes which transcend the realm of technology. These involve tailored and specific approaches which stem from community building.</p>
<p dir="ltr" style="text-align: justify; "><strong>The infallible CCTV myth</strong></p>
<p dir="ltr" style="text-align: justify; ">Pranav MB, policy officer at the Centre for Internet and Society in Bengaluru observes that in the long run, over-reliance on CCTV cameras would merely propel criminals to innovate, as opposed to helping deter the crime from taking place. He says, “While it seems intuitive that the presence of a CCTV camera will have a deterring effect on criminal activity, numerous studies over the past decade have concluded that this is not really the case. The idea of a deterring effect also relies on the assumption that the actors are making educated intelligent choices about their future, which is often not the case with persons that commit criminal acts. So the deterring effect of CCTV cameras is not likely to be much more than the already deterring effect that exists because of criminal law and law enforcement.”</p>
<p dir="ltr" style="text-align: justify; ">Busting the myth that CCTV cameras are foolproof, Pranav adds that public infrastructure as simple as a streetlight could aid in safer neighbourhoods. “The fact remains, however, that if you are not using advanced technology, a simple mask will render you unidentifiable by most basic CCTV cameras. As more advanced and more expensive technology is used, you are only necessitating the need for innovation among criminals to identify new loopholes that they can exploit in the technology. This is not an argument that generally holds against the use of technology, but in the case of CCTV cameras, it has been seen that simple street lights much better serve the goal of deterrence of crimes,” he says.</p>
<p dir="ltr" style="text-align: justify; ">However, cops disagree with the findings. One IPS officer who works with the police’s Law and Order department in Chennai tells TNM that the presence of CCTV cameras has helped them nab a range of criminals from chain-snatchers to stalkers who have hacked women to death. Praising the use of facial recognition software like FaceTagr that was introduced a few years ago, the officer says, “CCTV cameras have a dissuading effect on criminals. At the very least they serve as a warning but in most cases, we can easily match them to criminals on our existing local, station-wise database. Especially when it comes to areas like T Nagar, Purasawalkam or other crime-prone suburbs, CCTV cameras are an invaluable tool for law enforcement.”</p>
<p dir="ltr" style="text-align: justify; ">“Even in cases of sexual abuse, street harassment or trafficking, private CCTV cameras have been helpful. Shop owners or residents have come forward with the footage in public interest,” he says, admitting that the Centre’s release of the long-pending National Crime Records Bureau (NCRB) statistics could show a correlation between the push to install CCTVs and crime rates.</p>
<p dir="ltr" style="text-align: justify; ">With a lack of NCRB data, there are no statistical answers to whether indeed installation of CCTV cameras has helped lowering of crime rates. However, as per one report in <a href="https://www.thehindu.com/news/national/tamil-nadu/cctv-cameras-crime-fighter-or-big-brother/article26226129.ece">The Hindu</a>, the police report a 30% drop in the crime rate in the city following the installation of CCTV cameras. According to their estimate for chain snatching alone, the city police claims that the number of cases have dropped from 792 in 2012 to 538 following the installation of CCTV cameras in 2018.</p>
<p style="text-align: justify; "><strong>Over-reliance on technology</strong></p>
<p dir="ltr" style="text-align: justify; ">Agreeing that law enforcement must be cautious while employing technology to solve crimes, Dr M Priyamvadha, associate professor at the Department of Criminology, University of Madras says her detailed interviews with over 200 incarcerated burglars across Tamil Nadu reveal that they are always on the lookout for a CCTV camera. “They simply use a jammer worth Rs 2,000 (a handy device that disrupts the signal range of a camera) to skirt the presence of a CCTV camera,” she reports. However, the professor cautions that one must not over-sell the capabilities of a CCTV camera in crime prevention.</p>
<p dir="ltr" style="text-align: justify; ">“We must remember that CCTV cameras don't deter all crimes. If there is family or domestic violence, there won't be a CCTV camera inside the four walls of a house to reveal it. For burglaries, robberies and such offences, you can rely on CCTV cameras. How far it helps is a question mark. You can neither completely say it prevents crime nor that it is a waste,” she says.</p>
<p dir="ltr" style="text-align: justify; ">The professor points out that even when deploying CCTV cameras across the city, law enforcement does not account for wear and tear and maintenance which forms an important part of monitoring security.</p>
<p dir="ltr" style="text-align: justify; ">Echoing the sentiment, Pranav says that CCTV cameras primarily serve as sources of electronic evidence in criminal cases. “Their deterring effect has repeatedly been observed to not balance out the costs of installing and running them.”</p>
<p dir="ltr" style="text-align: justify; "><strong>Privacy, data protection concerns</strong></p>
<p dir="ltr" style="text-align: justify; ">Chennai-based independent tech researcher Srikanth points to the inherent surveillance dangers thanks to the centralised way in which the city police collects the CCTV data. “There is something concerning especially about Chennai City Traffic Police and other various city police’s approach to CCTV. The fundamental shift is that, at least in the city, these cameras are connected to the police control room. So data gets centrally collated. When centralization kicks in, power abuse isn't far away. This way it is far easier for police to destroy evidence,” he alleges.</p>
<p dir="ltr" style="text-align: justify; ">Srikanth also points out, “CCTVs (especially connected ones) are usually funded by residents and/or merchants who spend their money in putting up the infrastructure, but freely give away the data to the police (often in good faith). There is no oversight on usage, storage, retention of this data and by sheer monopoly on law and order, the police is able to connect a vast number of private CCTVs on to its network.”</p>
<p dir="ltr" style="text-align: justify; ">Significantly, he expresses concerns about there being no laws that govern the usage of CCTV footage by the police. “Even if one gives into the legitimate state aim to control crime, even if one can argue violation of privacy is proportional, there is no law around use of CCTV by police, let alone using them in investigations. That the state engages with private vendors (such as FaceTagr) and many others also provides these service providers access to data,” he explains.</p>
<p dir="ltr" style="text-align: justify; ">Pranav also warns, “Furthermore, CCTV cameras also result in compromising the privacy of individuals, and if implemented by the state (as in the case of law enforcement), creates added surveillance risks. Compounding on this is the issue of the recorded video footage, which if stored/transmitted/managed in an non-secure manner creates data protection risks as well. This is especially true in India, where it is difficult to obtain the required infrastructure and expertise in running an effective and secure CCTV camera system.”</p>
<p dir="ltr" style="text-align: justify; "><strong>'Technology cannot replace interpersonal relationships'</strong></p>
<p dir="ltr" style="text-align: justify; ">Advising pragmatic thinking when it comes to crime prevention, professor Priyamvadha says that technology should complement what she calls the ‘human touch'. Junking the ‘holistic’ one-size-fits-all approach that is often paraded as a solution, the criminologist says that each crime requires a tailored method of tackling it. “For each and every crime, there is a different strategy. There maybe crimes committed by juveniles, crimes committed against women. For example, if female foeticide is rampant in a village, it is important to understand the village, the preferences of the people there and the caste practices present among them,” she observes.</p>
<p dir="ltr" style="text-align: justify; ">While technology often allows law enforcement to cover more ground in cases of limited manpower, there’s also a chance the cameras could be seen as a substitute for forging interpersonal relationships between police and the people they seek to protect. “With quick transferring of cops nowadays, the local police station doesn’t have an understanding of the ongoings. Interpersonal relationships are more important than technological advances,” she notes.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/why-having-more-cctv-cameras-does-not-translate-to-crime-prevention'>https://cis-india.org/internet-governance/news/why-having-more-cctv-cameras-does-not-translate-to-crime-prevention</a>
</p>
No publisherManasa RaoInternet Governance2019-12-05T23:26:25ZNews ItemWhy Geospatial Bill is draconian and how it will hurt startups
https://cis-india.org/internet-governance/news/financial-express-prabhu-mallikarjunan-june-13-2016-why-geospatial-bill-is-draconian-and-how-it-will-hurt-startups
<b>Last week, the Indian government rejected Google’s plans to map Indian cities, tourist spots and mountain ranges, using the 360-degree panoramic Google Street View feature.</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://www.financialexpress.com/article/economy/why-geospatial-bill-is-draconian-and-how-it-will-hurt-startups/282623/">published in Indian Express</a> on June 13, 2016</p>
<hr />
<p style="text-align: justify; ">Last week, the Indian government rejected <a href="http://www.financialexpress.com/tag/google/">Google</a>’s plans to map Indian cities, tourist spots and mountain ranges, using the 360-degree panoramic Google Street View feature. The government officials cited “national security” as a reason for not granting permission to Google. It is expected that the Google’s Street View permission would be relooked at, once the draft Geospatial Information Regulation Bill, 2016, is enforced as law. Many however feel that this draft bill is draconian and will have serious repercussions on the startup ecosystem.</p>
<p style="text-align: justify; ">The Geospatial Bill seeks to make creating, accessing and distribution or sharing of map related information, illegal and that every company will have to take prior permission and license from the government for the same. Wayback in 2011, Google had announced the introduction of Street View for Bangalore, on Google Maps. But the project ran into trouble with Bangalore Police stopping Street View cars from plying in the city, citing security reasons.</p>
<p style="text-align: justify; ">Google Street View, launched in 2007, is popular in San Francisco, Las Vegas, Denver, New York and Miami, which allows users to navigate virtual streets from photographs gathered from directional cameras on special vehicles. While the service has been hugely successful it has caused problems of privacy in some countries.</p>
<p style="text-align: justify; ">In 2010 almost 250,000 Germans told Google to blur pictures of their homes on the Street View service, while Czech government also banned Google from taking any new photos for the service. In Switzerland, the matter went to the court and it was accepted that Google would be obliged to pixelate 99% of images to blur faces, vehicle registrations and that it would not be filming certain sensitive places such as schools, prisons and shelter homes.</p>
<p style="text-align: justify; ">This adds to the list of recent controversies on Google Earth, and the draft Geospatial Information Regulation Bill, on adoption of mapping technology in India. Commenting on the development, Sumandro Chattapadhyay, research director at the Centre for Internet and Society said, the key country where the Google Street View faced legal challenge, and was fined too, is Germany. This legal challenge, however, was not based on the concern for national security but on that for the privacy of the citizens. However, it was eventually allowed to roll out Street View in Germany provided that it asks for consent from the house owners before images of any house.”</p>
<p style="text-align: justify; ">“One of the crucial concerns with the draft Geospatial Information Regulation Bill remains its vast scope of application. Not only initiatives like Google Street View may be regulated under it (for capturing geo-referenced imagery from the street level) but absolutely any mobile application that requires the user’s geo-location (either automatically detected, or manually entered by the user) would be within the purview of this Bill. This evidently creates a great pressure upon the entire ICT-enable product and service sector in India,” Chattapadhyay added.</p>
<p style="text-align: justify; ">This would mean that, any company, particularly the new age startups, those in the food tech, fintech and e-commerce space, which uses geo-location to identify the customer location to either deliver goods, food products, or the likes of Ola and Uber which uses maps to pickup and drop customers, will have to obtain license from the government.</p>
<p style="text-align: justify; ">Raman Shukla, director—strategy and product, Medikoe, said, “At Medikoe we are helping users to locate the nearest healthcare service provider with the available technologies. Google Maps is one of key feature our company banks on. Though we understand the country’s security concerns, the draft bill, if implemented, would be a violation of independent internet. We believe that a much better solution can be identified to solve security concerns.”</p>
<p style="text-align: justify; ">Venu Kondur, founder of LOBB, the online truck booking platform said, “Geostatial data is a very important data for our business. Customers booking truck through LOBB platform get real-time track & trace facility. Our customers rely heavily on this data for their day-day activity. Startups like us depend largely on maps data for real-time tracking of consignment. Lot of our business intelligence data is drawn out of it.”</p>
<p style="text-align: justify; ">In case, if the draft gets implemented, many startups will be forced to change the business model and while it will also increase the product delivery time. A group of 15 volunteers created a SaveTheMap.in portal to educate the readers about the draft bill and also give complete information on how the bill have an impact on the citizen and users of certain application. Sajjad Anwar one of the volunteer, said, through the portal about 1700 mails have been sent to the ministry of home affairs airing their view on why they do not support the draft Bill.</p>
<p style="text-align: justify; ">Comparing with other countries, Chattapadhyay further said, “At first, other countries deal with the question of display of security establishments in publicly available maps through direct interactions with large mapping companies, and does not turn this into a financial and political burden for the entire economy. Secondly, it is the concern about privacy of the citizens that should frame the Indian government’s response to products and services like Google Street View, and not concerns regarding national security.”</p>
<p style="text-align: justify; "><b>What the draft bill says</b></p>
<p style="text-align: justify; ">No person shall, in any manner, make use of, disseminate, publish or distribute any geospatial information of India, outside India, without prior permission from the security vetting authority under the Central government.</p>
<p style="text-align: justify; "><b>Penalty</b></p>
<p style="text-align: justify; ">Whoever acquires any geospatial information of India in contravention to the rules, shall be punished with a fine ranging from Rs 1 crore to Rs 100 crore and /or imprisonment for a period upto seven years.</p>
<p style="text-align: justify; "><b>Application for license</b></p>
<p style="text-align: justify; ">Every person who has already acquired any geospatial imagery or data of any part of India either through space or aerial platforms such as satellite, aircrafts, airships, balloons, unmanned aerial vehicles or terrestrial vehicles shall within one year from the commencement of this Act, make an application along with requisite fees to the security vetting authority.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/financial-express-prabhu-mallikarjunan-june-13-2016-why-geospatial-bill-is-draconian-and-how-it-will-hurt-startups'>https://cis-india.org/internet-governance/news/financial-express-prabhu-mallikarjunan-june-13-2016-why-geospatial-bill-is-draconian-and-how-it-will-hurt-startups</a>
</p>
No publisherpraskrishnaFreedom of Speech and ExpressionInternet GovernanceCensorship2016-07-02T04:57:35ZNews Item Why experts are worried about Aadhaar-based authentication
https://cis-india.org/internet-governance/news/bangalore-citizen-matters-august-2-2016-akshatha-why-experts-are-worried-about-aadhaar-based-authentication
<b>As private companies are increasingly using Aadhaar data, is the privacy and security of personal data really at risk? What do those defending Aadhaar have to say?</b>
<p style="text-align: justify; ">The post was published in <a class="external-link" href="http://bangalore.citizenmatters.in/articles/why-experts-are-worried-about-aadhaar-authentication">Citizen Matters</a> on August 2, 2016. Amber Sinha was quoted.</p>
<hr />
<p style="text-align: justify; ">The Unique Identification numbers of Aadhaar card holders are being extensively used by government and private agencies for authentication purposes, as we have already seen in an earlier article.</p>
<p style="text-align: justify; ">There are 246 registered Authentication User Agencies in India, both government and private, which are helping organisations and individuals in executing the authentication process. In simple terms, they help the organisation that has placed the authentication request, to confirm the identity of a person during hiring, lending loans or while implementing welfare schemes.</p>
<p style="text-align: justify; ">But all does not seem well with the Aadhaar authentication process. Concerns have been raised about the privacy and security aspects and, loopholes in the law.</p>
<p style="text-align: justify; ">The amended Aadhaar Bill (now, Aadhaar Act) has a clause that allows the UIDAI to respond to any authentication query “with a positive, negative or any other appropriate response.” This move has drawn a lot of criticism from the activist fraternity. They have questioned the government on framing an Act that places the security and privacy of individual citizens at risk.</p>
<p style="text-align: justify; ">Even before the Bill was passed, legal scholar Usha Ramanathan had, in an article published in Scroll.in, expressed concern over private agencies using the Aadhaar database for authenticating the identity of an individual.</p>
<p style="text-align: justify; ">“Very little was heard about the interest private companies would have in this information data base. It is not until the 2016 Bill was introduced in Lok Sabha that we were told, expressly, that just about any person or company may draw on the Aadhaar system for its purposes. There are no qualifications or limits on who may use it and why. It depends on the willingness of the Unique Identification Authority of India, which is undertaking the project, to let them become a part of the Aadhaar system,” she wrote.</p>
<p style="text-align: justify; ">What’s crucial in the entire process is how the government is allowing private players to use Aadhaar-based information, putting the privacy of Aadhaar-holders at stake. The government is technically allowed to share the Aadhaar information with other agencies, only if the holder has given consent to sharing his information, during enrollment.</p>
<p style="text-align: justify; ">The guidelines for recording Aadhaar demographic data states: “Ask resident’s consent to whether it is alright with the resident if the information captured is shared with other organisations for the purpose of welfare services including financial services. Select appropriate circle to capture residents response as - Yes/No.”</p>
<p style="text-align: justify; ">In 2011, Citizen Matters had published a report on how people wanting to register for Aadhaar were not asked if they would agree to share their personal information. Citizens seemingly were unaware of the provision for sharing information with a third party and data operators had reportedly not asked them for their consent before marking ‘yes’ for the consent option.</p>
<h3 style="text-align: justify; ">There remains a regulatory vacuum</h3>
<p style="text-align: justify; ">In less than four months of the enactment of the Aadhaar Act, the number of private agencies using Aadhaar database for identity authentication too has grown long. Amber Sinha, Programme Officer at the Center for Internet and Society expresses concern over the privacy implications that a project of this magnitude would lead to.</p>
<p style="text-align: justify; ">“The original idea of Aadhaar was to use it for providing services under welfare schemes. But the Aadhaar Act lets private agencies avail the Aadhaar authentication service. The scope of the Act itself doesn’t envisage sharing the data with private parties, but if any third party wants to authenticate the identity of an individual, they can use the UIDAI repository for the purpose,” he points out.</p>
<p style="text-align: justify; ">In the process, Amber says, the CIDR has to send a reply in ‘yes’ or ‘no’ format, for any request seeking to confirm the identity of an individual. The new legislation gives scope for the authorities to respond to a query with a positive, negative or any other appropriate response.</p>
<p style="text-align: justify; ">“The Aadhaar enrollment information includes demographic and biometric details. So at this stage, we do not know what that “other appropriate response” stands for. Further, while there are requirements to take the data subject’s consent under the Act, there is lack of clarity on the oversight mechanisms and control mechanisms in place when a private party collects information for authentication. The UIDAI is yet to frame the rules and the rules will probably determine this. Until the rules are framed, some of the issues will exist in regulatory vacuum,” Amber observes.</p>
<p style="text-align: justify; ">Under the current circumstances, Amber says, the responsible thing to do for UIDAI is not to make such services available until the rules are framed.</p>
<p style="text-align: justify; ">But why has the Authority then started the authentication process even before the rules have been framed? Assistant Director General of the Authentication and Application Division of UIDAI, Ajai Chandra says the rules when framed will have retrospective effect, from the date the Act was enacted.</p>
<p style="text-align: justify; ">Activists have also questioned the UIDAI for allowing private agencies to use and authenticate Aadhaar data, when the Supreme Court has restricted the use of Aadhaar. In its last order dated 15 October 2015, the Apex Court allowed the government to use Aadhaar in implementing selective welfare schemes such as PDS, LPG distribution, MGNREGS, pension schemes, PMJDY and EPFO. It makes no mention about the UIDAI using the Aadhaar data repository to provide services to private agencies.</p>
<p style="text-align: justify; ">“When the Supreme Court has restricted the use of Aadhaar number to a few specific government programmes only, how can UIDAI allow the data to be used for any other programmes, let alone by private agencies?” Amber asks.</p>
<p style="text-align: justify; ">In a very brief conversation, Reena Saha, Additional DG, UIDAI told Citizen Matters that UIDAI was acting as per the Supreme Court’s order dated October 15th. “We aren’t sharing the data with private agencies,” she said.</p>
<h3 style="text-align: justify; ">‘Authentication happening only with consent’</h3>
<p style="text-align: justify; ">Srikanth Nadhamuni, CEO of Khosla Labs - a registered Authentication User Agency, who was also the Head of Technologies at UIDAI, rejects the accusations on the security aspect, saying that the authentication system is completely secure and foolproof.</p>
<p style="text-align: justify; ">“We have made a secure system so that there is no man in the middle taking the biometric information. The biometric information shared on the application is encrypted and neither the AUA nor the Authentication Service Agency (an intermediary between the AUA and the CIDR) can open it. Both the AUA and ASA will sign on the packet and forward it to the data repository as it is. There is no way that we can figure out what is inside the packet. Once the request reaches the data repository, they will unlock the signatures, run the authentication and reply in ‘yes’ or ‘no’ or with an error code,” Srikanth explains.</p>
<p style="text-align: justify; ">ADG Chandra says that at present the CIDR is replying to authentication requests in an “yes/no” format. “We aren’t sharing the data with any agencies. Upon receiving the request for authentication, be it demographic, biometric or one time pin (OTP), a notification is sent to the registered mobile / email address of the Aadhaar holder,” he says. So if the Aadhaar holder has changed the address, phone number, email ID etc after Aadhaar enrollment, he/she should update the data with UIDAI by placing a request online or through post. This will avoid any confusion that may occur during the authentication.</p>
<p style="text-align: justify; ">Ajai Chandra further clarifies, “the private agencies seeking authentication (the Authentication User Agency) are not given direct access to the database. On receiving the request, the intermediary Authentication Service Agencies first examine the format of the authentication request. The request is forwarded to the CIDR only if it complies with the format.”</p>
<p style="text-align: justify; ">Apart from authentication, the eKYC (Know Your Customer) option also allows companies to retrieve eKYC data of the Aadhaar holder. This data includes photo, name, address, gender and date of birth (excludes mobile number and email ID). But in this case too, “eKYC data can be retrieved only with the consent of the Aadhaar card holder, the person has to be adequately informed about the retrieval and the data cannot be shared with a third party,” says Chandra.</p>
<p style="text-align: justify; ">Though Aadhaar Act allows the UIDAI to perform authentication of Aadhaar number, subject to the requesting entity paying the fee, UIDAI at present is providing the service free of cost. “We will provide free service till December 2016 and may levy the fee thereafter,” the ADG says.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/bangalore-citizen-matters-august-2-2016-akshatha-why-experts-are-worried-about-aadhaar-based-authentication'>https://cis-india.org/internet-governance/news/bangalore-citizen-matters-august-2-2016-akshatha-why-experts-are-worried-about-aadhaar-based-authentication</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-08-07T02:16:29ZNews ItemWhy entrepreneurs are wary of the new draft e-commerce policy
https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy
<b>Raka Chakrawarti, an entrepreneur from Mumbai, is tensed these days, not about her business, which is booming, but over the rules of the Draft National e-Commerce Policy.
</b>
<p>The article by Rahul Sachitanand was published in <a class="external-link" href="https://economictimes.indiatimes.com/small-biz/entrepreneurship/why-entrepreneurs-are-wary-of-the-new-draft-e-commerce-policy/articleshow/68236907.cms">Economic Times</a> on March 3, 2019. Elonnai Hickok was quoted.</p>
<hr />
<p style="text-align: justify; ">If the policy, drafted by the Department for Promotion of Industry and Internal Trade (DPIIT) and seeking stakeholder comments, gets a go-ahead as it is, Gourmetdelight, her bootstrapped online vendor of organic goods, will have to certify and add reviews of all the products her marketplace sells.</p>
<p style="text-align: justify; ">She says her platform has nearly 1,500 stock keeping units - from black garlic to trikaya baby spinach - and certifying all of these would mean a further strain on her budget and small workforce. Then there are other questions she is seeking answers to: what to do with the growing volume of user data (the policy suggests the government has overarching rights over it); what is the scope of the policy; what is the definition of ecommerce and will the policy, by appearing protectionist, keep away foreign capital, so far the life blood of the sector?</p>
<p style="text-align: justify; ">In five years, according to Venture Intelligence, investors have poured over $18 billion across 667 deals in India's ecommerce market. This money, mostly from overseas, has allowed ecommerce startups to grow fast and also offer investors a handsome exit - like in the case of Walmart buying Flipkart.</p>
<p style="text-align: justify; ">Some of this momentum may be lost, fear entrepreneurs, since the policy appears to take a protectionist approach - by empowering domestic entrepreneurs, pushing Make in India and proposing to own user data and deterring global investors from betting on the potential of India's ecommerce market.</p>
<p style="text-align: justify; ">Legal experts and executives in ecommerce companies feel the draft policy is half-baked. While it makes some progress on protecting home-grown small businesses, the proposals about data ownership and stricter quality norms may make it hard for such businesses to grow.</p>
<p style="text-align: justify; ">Ambareesh Murthy, CEO of furniture retailer Pepperfry, says this is a draft that is evolving and the intent may change over time. He is wary of the proposal to give government ownership of, and therefore control over, user data. While the government argues that data is a national resource, executives feel individuals should hold ultimate control over their personal information.</p>
<p style="text-align: justify; ">While foreign company-owned Amazon and Flipkart have built their business here, newer entrants such as Chinese upstarts will find an India foray costlier, since the policy calls for setting up of an office here to legally operate. Critics also argue that while the policy starts with the right intentions, it loses focus on the way. They say the recommendations made across more than 14,000 words are too broad, encompassing more than the e-commerce industry itself.</p>
<p style="text-align: justify; ">Putting together such an all-encompassing statement isn't right, say policy experts, since it involves not just DPIIT but also other government bodies and regulators, including the Competition Commission of India.</p>
<p style="text-align: justify; ">Elonnai Hickok of Centre for Internet and Society, a think tank, says regulators do not fully appreciate the nuances of the growing mountain of data and properly safeguarding it within the country.</p>
<p style="text-align: justify; ">"The draft policy has not comprehensively addressed what is the appropriate framework for ensuring data as a national resource," she says. "It appears to take a one-size-fits-all approach - bringing in privacy, intermediary liability, piracy, authenticity of information, etc. without considering potential exceptions and implications of such measures, including rights of individuals." Anirudh Rastogi, founder of Ikigai Law, a firm tackling tech legislation, contends that too much onus has been placed on entrepreneurs and their ventures to meet regulatory norms. "The draft proposes a host of consumer protection and anticounterfeiting measures, which is a good thing on principle," he says. "But this also means a lot of requirements for platforms and other intermediaries which dilute their intermediary status."</p>
<p style="text-align: justify; ">Not everyone agrees. For some homegrown entrepreneurs, measures that look protectionist offer a level playing field to compete with well-funded foreign company-owned behemoths.</p>
<p style="text-align: justify; ">"The govt is trying to level the playing field and take away some of the power held by well-funded giants over the Indian market," says Ashish Gurnani, cofounder of Postfold, an online bespoke apparel brand. "We can now hope to compete more on variety, curation and quality, rather than discounts alone." When contacted, a DPIIT official involved in the process of drafting the policy, said: "At present, we don't have control over our data. Companies which control our data can say no to sharing it if we want that data. Servers are outside. We're incapacitated as there is no physical or legal control. We want to create jobs through the policy."</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy'>https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy</a>
</p>
No publisherRahul SachitanandanInternet Governance2019-03-08T00:32:43ZNews ItemWhy did Nandan Nilekani praise a Twitter troll?
https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll
<b>As the Supreme Court upholds the linking of ‘Aadhar’ with PAN, questions around ex-UIDAI chairman Nandan Nilekani praising iSPIRT head Sharad Sharma Twitter troll and ‘Aadhar’s privacy properties will continue to be asked.</b>
<p style="text-align: justify; ">The article by Kiran Jonnalgadda was published in the <b><a class="external-link" href="http://indianexpress.com/article/opinion/why-did-nandan-nilekani-praise-a-twitter-troll-4697235/">Indian Express</a></b> on June 10, 2017.</p>
<hr />
<p style="text-align: justify; ">Last month, Sharad Sharma, the head of the Indian Software Product Industry Round Table (iSPIRT) Foundation, an organisation that promotes Aadhaar to industry, was outed as the operator of at least two anonymous Twitter troll accounts that viciously harassed and defamed critics of Aadhaar. The shocking revelation was first met with denial by iSPIRT, and then followed by what may be understood as a reticent apology from Mr Sharma.</p>
<p style="text-align: justify; ">In a bizarre sequence of events, the apology received praise from several quarters. iSPIRT’s Guidelines and Compliance Committee (IGCC) investigated Mr Sharma and the ‘Sudham’ team that coordinated the trolling campaign. Two members of the investigating committee subsequently resigned, although only one confirmed.</p>
<p style="text-align: justify; ">The committee’s findings, confirming that Mr Sharma was responsible, were summarised for the public by Mr Sharma himself, who then announced that his role as a public spokesperson would now be handled by Sanjay Jain. Mr Jain was once with the Unique Identification Authority of India (UIDAI), launched by Nandan Nilekani, is currently a director at Nandan Nilekani’s EkStep Foundation, and a close confidante of Mr Sharma. The two have often pitched iSPIRT’s IndiaStack initiative together.</p>
<p style="text-align: justify; ">In an internal email questioning this decision, an iSPIRT member asked whether Mr Jain was a part of the ‘Sudham’ team, and whether he was also “at least partially culpable for the [troll] campaign and the violation of the code of conduct.”</p>
<p style="text-align: justify; ">The victims of the trolling have received no report, and the two apologies posted by Mr Sharma were both for having “condoned uncivil behaviour”, but not for personally orchestrating the attacks. Among those who praised him was Nandan Nilekani, former chairman of UIDAI and chief mentor of iSPIRT.</p>
<p style="text-align: justify; ">Critics have been pointing out for years that Aadhaar lacks sufficient checks and balances, and that claims of benefits are overstated. These concerns have been met with denial, condemnation of critics, and often outright refusal to engage in debate. This has unfortunately only served to alienate an even larger section of the population, turning ordinary citizens into activists.</p>
<p style="text-align: justify; ">We can gain an insight into how Aadhaar is promoted by examining iSPIRT. The organisation was founded in 2013 by volunteers who had been working together on the sidelines of the NASSCOM Product Conclave. These volunteers felt the need for an independent grassroots organisation to represent tech entrepreneurs who were building products for India and the world. iSPIRT has grown phenomenally influential over its few years, largely by the work of volunteers who were truly interested in building a mutual assistance community.</p>
<p style="text-align: justify; ">Level playing fields are a recurring topic. Just as there is a desire to lower bureaucratic hurdles to give every entrepreneur a fair chance, there is also the question of how a startup can compete against a foreign competitor that has the advantage of a stronger home market.</p>
<p style="text-align: justify; "><a href="http://indianexpress.com/about/flipkart/">Flipkart</a> and Ola are two prominent examples in their fight to defend their market share against Amazon and Uber, competitors armed with global experience, more capital, and better trained talent. iSPIRT’s take is that for Indian companies to thrive they must have a supportive ecosystem that enables rapid growth, and so iSPIRT must step up as an “activist think tank”.</p>
<p style="text-align: justify; ">One aspect of this activism is IndiaStack, which seeks to help startups by promoting a suite of ‘public goods’: Aadhaar and eKYC for id verification, eSign and Digilocker for digital contracts and certificates, and UPI for payments. If one accepts at face value that these services are well intentioned, then IndiaStack is on a noble quest. The details, unfortunately, are less pristine.</p>
<p style="text-align: justify; ">iSPIRT is a private non-profit, but its volunteers include several former members of UIDAI. The guidance and compliance committee (IGCC) investigating the trolling included a current member of government. iSPIRT helped build and evangelise the UPI (United Payments Interface) platform and BHIM app for NPCI, but the level of involvement and terms of the agreement are not public.</p>
<p style="text-align: justify; ">For an organisation that claims to champion public goods, iSPIRT is opaque on the level of influence they wield with government (Mr Sharma once claimed some influence but no control), and on who exactly built the various components of IndiaStack, within or outside of government.</p>
<p style="text-align: justify; ">They showed a remarkable degree of influence when foisting UPI on a change-resistant banking sector. They have funding from four banks (IDFC, SBI, Bank of Baroda and Axis Bank) and from fintech startups. Despite this level of responsibility, they also have no accountability since they are a pro bono volunteer force, allowing them to distance themselves from failures (UPI failures are NPCI’s problem and Aadhaar failures are UIDAI’s problem, etc) and unpleasant incidents such as the ‘Sudham’ trolling project. (No one has accepted responsibility for operating a troll account.)</p>
<p style="text-align: justify; ">At the core of IndiaStack is ‘Aadhaar’, which as it currently stands has serious concerns from its technical architecture to institutional safeguards. Aadhaar lacks publicly verifiable audits, a data breach disclosure policy, or an engagement process for researchers to report concerns.</p>
<p style="text-align: justify; ">For reasons best known to them, the promoters of ‘Aadhaar’ are in a tearing hurry to impose it everywhere, in every aspect of an Indian’s life, out of an apparent fear that it will die if adoption slows down. This is eerily reminiscent of startup mantras like “fake it till you make it” and “move fast and break things”.</p>
<p style="text-align: justify; ">But ‘Aadhaar’ already has a billion enrollments and the backing of legal measures pushed by the Union Government. There is no threat of imminent demise. And yet, as the Twitter trolling shows, this fear continues to exist for ‘Aadhaar’s proponents, so much so that critics must be silenced at any cost.</p>
<p style="text-align: justify; ">Where trolling failed to work, subtler attacks are sure to follow. There have been some in the recent past.</p>
<p style="text-align: justify; ">The Centre for Internet and Society (CIS) is facing one such attack for its report on the leak of 130 million Aadhaar numbers. The report received wide coverage and was followed by new rules from MEITy (ministry of Electronics & Information Technology) regarding the handling of Aadhaar numbers, but instead of commending CIS for its role in improving safeguards, UIDAI is accusing it of hacking, demanding the identity of the researcher so that he or she may be individually prosecuted.</p>
<p style="text-align: justify; ">When Sameer Kochhar demonstrated that previously captured fingerprints were being reused because Aadhaar’s API lacked technical safeguards, UIDAI responded by prosecuting him. A News18 journalist was also prosecuted for demonstrating how double application for enrollment was possible using different names.</p>
<p style="text-align: justify; ">As of September 30, 2017, ‘registered’ devices will be mandatory as the current devices are not secure against fingerprint reuse, and an unknown number of fingerprints have already been captured and stored. This sort of forced technological upgrade will happen again as more problems surface into public consciousness, with more researchers and critics harassed for pointing these out.</p>
<p style="text-align: justify; ">‘Aadhaar’ pursues inherently contradictory goals. The process of ‘inorganic seeding’, for instance, allows a database to be seeded with ‘Aadhaar’ numbers, to help a service provider identify and eliminate duplicates without the individual’s cooperation. (Inorganic seeding is an official UIDAI scheme.) And yet, the law prohibits using and sharing ‘Aadhaar’ numbers without the individual’s consent.</p>
<p style="text-align: justify; ">‘Aadhaar’ aims to be an inclusive project, providing an identity for everyone, and yet easily lends itself to being an instrument of exclusion. There is technical exclusion when biometrics fail to match, and there is institutional exclusion when Aadhaar is made mandatory and an individual is then blacklisted from a service or denied Aadhaar enrollment.</p>
<p style="text-align: justify; ">Aviation minister <a href="http://indianexpress.com/about/jayant-sinha">Jayant Sinha</a> recently announced a proposal to use digital id for just this purpose. ‘Aadhaar’ in its current state makes it extraordinarily simple for an organisation to demand it for authentication, but what of the necessary safeguards to protect an individual’s rights? Or of ensuring that grievance redressal mechanisms are in place and actually functional? These are not solved by a technical API integration.</p>
<p style="text-align: justify; ">Just as we’ve seen with nuclear power, weak institutions which are sensitive to criticism and fail to ensure effective oversight amplify the risks of the underlying technology. Aadhaar’s supporting institutions, whether government bodies like UIDAI or private bodies like iSPIRT, are immature for the mandate they carry. All technology improves with time, but weak institutions hamper their benefit to society.</p>
<p style="text-align: justify; ">As the leading promoter of Aadhaar, founding chairman of UIDAI, and chief mentor of iSPIRT, Mr Nilekani must step up and commit to improving the institutions he commands, and take responsibility for their failures. Condemning critics instead does not help build institutions.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll'>https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-06-12T01:34:53ZNews ItemWhy did India fail to discover the ISIS Twitter handle?
https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle
<b>India's surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country, says a leading cyber law expert.</b>
<p style="text-align: justify; ">The article by Anita Babu was <a class="external-link" href="http://www.business-standard.com/article/current-affairs/why-india-failed-to-discover-the-isis-twitter-handle-114122500522_1.html">published in the Business Standard</a> on December 26, 2014. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Back in 2009, after the investigation team, probing into the 26/11 Mumbai terror attacks, almost cracked the case, it was the US’s Federal Bureau of Investigation (FBI) which connected the missing links by arresting David Headley, the mastermind.<br /> <br /> Five years later, India <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Is" target="_blank">is </a>staring at a similar situation, when Bengaluru-based Mehdi Masroor Biswas, was allegedly found to be operating a pro-ISIS (Islamic State) <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Twitter" target="_blank">Twitter </a>handle. It was a British broadcaster, Channel 4, which blew the lid off Biswas’s activity. Soon after the report, Indian authorities swung into action. Last year, when communal violence broke out in some parts of Uttar Pradesh, a Pakistani news organisation reported that a fake video was being circulated to fan sentiments.<br /> <br /> But, why have Indian agencies failed to detect such activities which pose a threat to the national security? A senior government official said intelligence agencies in the country scan the internet for leads. But, in the light of increased threats, systems need to be beefed up significantly. Perhaps, as a first step towards this, the home ministry on Wednesday formed a committee to prepare a road map for tackling cyber crimes in the country.<br /> <br /> It will give suitable recommendations on all facets of cyber crime, apart from suggesting possible partnerships with public and private sector, non-governmental organisations and international bodies.<br /> <br /> According to Sunil Abraham, executive director of a Bengaluru-based research organisation, the Centre for Internet and Society, it’s time we move closer towards intelligent and targeted surveillance, rather than mass surveillance. This will require monitoring a selected accounts or profiles, instead of tapping information from across the population. Old-fashioned detective work is also very important, as it has helped zero in on Biswas.<br /> <br /> Another problem the country faces is that a lot of data is being pooled in by multiple agencies, but of little use. “We must free up our law enforcement agencies and intelligence services from the curse of having too much data,” Abraham adds. Since most of the internet companies are headquartered outside India, the authorities face a lot of difficulties in accessing information from these networks.<br /> <br /> “India’s surveillance system fails to track the servers of internet giants like <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Google" target="_blank">Google </a>or <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Facebook" target="_blank">Facebook </a>because these do not have servers in the country. Our system is only confined within the country,” says Pavan Duggal, a leading cyber law expert.<br /> <br /> Since the US has the capability to access information from telecom companies, service providers such as Twitter and Facebook and the consortia that run submarine cables, these companies cooperate in a much more effective and immediate manner, adds Abraham. “But these are things that we will never be able to do in India,” he adds.<br /> <br /> For instance, India follows the mutual legal assistance treaty procedure, to gather and exchange information in an effort to enforce public laws or criminal laws. However, this is a time-consuming process and often takes up to two years before we get any data from these companies.<br /> <br /> But due to the threat of cyber-terrorism being shared by both companies and governments, companies such as Google, Twitter and Facebook are cooperating more than before, experts say.<br /> <br /> Internet and Jurisdiction Project, an international group that works towards ensuring digital coexistence, tries to get a procedural law between two countries in a harmonised manner and includes collection, storage, handling and processing of evidence.<br /> <br /> More lubricating efforts should be undertaken internationally on these lines, say experts. Hopefully, the new committee will take steps in this direction.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle'>https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle</a>
</p>
No publisherpraskrishnaInternet Governance2014-12-27T03:27:16ZNews ItemWhy Data Localisation Might Lead To Unchecked Surveillance
https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance
<b>In recent times, there has been a rash of policies and regulations that propose that the data that Indian entities handle be physically stored on servers in India, in some cases exclusively. In other cases, only a copy needs to be stored.</b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="https://www.bloombergquint.com/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Bloomberg Quint</a> on October 15, 2018 and also mirrored in the <a class="external-link" href="https://www.thequint.com/voices/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Quint</a>.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In April 2018, the Reserve Bank of India put out a<a href="https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11244&Mode=0" target="_blank"> circular </a>requiring that all “data relating to payment systems operated by them are stored in a system only in India” <a href="https://www.bloombergquint.com/business/rbi-sticks-to-oct-15-deadline-for-data-localisation" target="_blank">within six months</a>. Lesser requirements have been imposed on all Indian companies’ accounting data since 2014 (the back-up of the books of account and other books that are stored electronically must be stored in India, the broadcasting sector under the Foreign Direct Investment policy, must locally store subscriber information, and the telecom sector under the Unified Access licence, may not transfer their subscriber data outside India).</p>
<p style="text-align: justify; ">The draft e-commerce policy has a wide-ranging requirement of exclusive local storage for “community data collected by Internet of Things devices in public space” and “data generated by users in India from various sources including e-commerce platforms, social media, search engines, etc.”, as does the draft e-pharmacy regulations, which stipulate that “the data generated” by e-pharmacy portals be stored only locally.</p>
<p style="text-align: justify; ">While companies such as Airtel, Reliance, PhonePe (majority-owned by Walmart) and Alibaba, have spoken up in support the government’s data localisation efforts, others like Facebook, Amazon, Microsoft, and Mastercard have led the way in opposing it.</p>
<p style="text-align: justify; ">Just this week, two U.S. Senators <a href="https://www.bloombergquint.com/business/us-senators-write-to-pm-modi-seek-soft-stance-on-indias-data-localisation" target="_blank">wrote to</a> the Prime Minister’s office arguing that the RBI’s data localisation regulations along with the proposals in the draft e-commerce and cloud computing policies are “key trade barriers”. In her dissenting note to the Srikrishna Committee's report, Rama Vedashree of the Data Security Council of India notes that, “mandating localisation may potentially become a trade barrier and the key markets for the industry could mandate similar barriers on data flow to India, which could disrupt the IT-BPM (information technology-business process management) industry.”</p>
<h2 style="text-align: justify; ">Justification For Data Localisation</h2>
<p style="text-align: justify; ">What are the reasons for these moves towards data localisation?</p>
<blockquote style="text-align: justify; ">Given the opacity of policymaking in India, many of the policies and regulations provide no justification at all. Even the ones that do, don’t provide cogent reasoning.</blockquote>
<p style="text-align: justify; ">The RBI says it needs “unfettered supervisory access” and hence needs data to be stored in India. However, it fails to state why such unfettered access is not possible for data stored outside of India.</p>
<blockquote style="text-align: justify; ">As long as an entity can be compelled by Indian laws to engage in local data storage, that same entity can also be compelled by that same law to provide access to their non-local data, which would be just as effective.</blockquote>
<p style="text-align: justify; ">What if they don’t provide such access? Would they be blacklisted from operating in India, just as they would if they didn’t engage in local data storage? Is there any investigatory benefit to storing data in India? As any data forensic expert would note, chain of custody and data integrity are what are most important components of data handling in fraud investigation, and not physical access to hard drives. It would be difficult for the government to say that it will block all Google services if the company doesn’t provide all the data that Indian law enforcement agencies request from it. However, it would be facile for the RBI to bar Google Pay from operating in India if Google doesn’t provide it “unfettered supervisory access” to data.</p>
<p style="text-align: justify; ">The most exhaustive justification of data localisation in any official Indian policy document is that contained in the <a href="http://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf" target="_blank">Srikrishna Committee’s report</a> on data protection. The report argues that there are several benefits to data localisation:</p>
<ol style="text-align: justify; ">
<li>Effective enforcement,</li>
<li>Avoiding reliance on undersea cables,</li>
<li>Avoiding foreign surveillance on data stored outside India,</li>
<li>Building an “Artificial Intelligence ecosystem”</li>
</ol>
<p style="text-align: justify; ">Of these, the last three reasons are risible.</p>
<h2 style="text-align: justify; ">Not A Barrier To Surveillance</h2>
<p style="text-align: justify; ">Requiring mirroring of personal data on Indian servers will not magically give rise to experts skilled in statistics, machine learning, or artificial intelligence, nor will it somehow lead to the development of the infrastructure needed for AI.</p>
<p style="text-align: justify; ">The United States and China are both global leaders in AI, yet no one would argue that China’s data localisation policies have helped it or that America’s lack of data localisation polices have hampered it.</p>
<blockquote style="text-align: justify; ">On the question of foreign surveillance, data mirroring will not have any impact, since the Srikrishna Committee’s recommendation would not prevent companies from storing most personal data outside of India.</blockquote>
<p style="text-align: justify; ">Even for “sensitive personal data” and for “critical personal data”, which may be required to be stored in India alone, such measures are unlikely to prevent agencies like the U.S. National Security Agency or the United Kingdom’s Government Communications Headquarters from being able to indulge in extraterritorial surveillance.</p>
<p style="text-align: justify; ">In 2013, slides from an NSA presentation that were leaked by Edward Snowden showed that the NSA’s “BOUNDLESSINFORMANT” programme collected 12.6 billion instances of telephony and Internet metadata (for instance, which websites you visited and who all you called) from India in just one month, making India one of the top 5 targets.</p>
<p style="text-align: justify; ">This shows that technically, surveillance in India is not a challenge for the NSA.</p>
<p style="text-align: justify; ">So, forcing data mirroring enhances Indian domestic intelligence agencies’ abilities to engage in surveillance, without doing much to diminish the abilities of skilled foreign intelligence agencies.</p>
<p style="text-align: justify; ">As I have <a href="https://slides.com/pranesh/digital-security-for-journalists#/5/1" target="_blank">noted in the past</a>, the technological solution to reducing mass surveillance is to use decentralised and federated services with built-in encryption, using open standards and open source software.</p>
<p style="text-align: justify; ">Reducing reliance on undersea cables is, just like reducing foreign surveillance on Indians’ data, a laudable goal. However, a mandate of mirroring personal data in India, which is what the draft Data Protection Bill proposes for all non-sensitive personal data, will not help. Data will stay within India if the processing happens within India. However, if the processing happens outside of India, as is often the case, then undersea cables will still need to be relied upon.</p>
<p style="text-align: justify; ">The better way to keep data within India is to incentivise the creation of data centres and working towards reducing the cost of internet interconnection by encouraging more peering among Internet connectivity providers.</p>
<blockquote style="text-align: justify; ">While data mirroring will not help in improving the enforcement of any data protection or privacy law, it will aid Indian law enforcement agencies in gaining easier access to personal data.</blockquote>
<h2 style="text-align: justify; ">The MLAT Route</h2>
<p style="text-align: justify; ">Currently, many forms of law enforcement agency requests for data have to go through onerous channels called ‘mutual legal assistance treaties’. These MLAT requests take time and are ill-suited to the needs of modern criminal investigations. However, the U.S., recognising this, passed a law called the CLOUD Act in March 2018. While the CLOUD Act compels companies like Google and Amazon, which have data stored in Indian data centres, to provide that data upon receiving legal requests from U.S. law enforcement agencies, it also enables easier access to foreign law enforcement agencies to data stored in the U.S. as long as they fulfill certain procedural and rule-of-law checks.</p>
<blockquote style="text-align: justify; ">While the Srikrishna Committee does acknowledge the CLOUD Act in a footnote, it doesn’t analyse its impact, doesn’t provide suggestions on how India can do this, and only outlines the negative consequences of MLATs.</blockquote>
<p style="text-align: justify; ">Further, it is inconceivable that the millions of foreign services that Indians access and provide their personal data to will suddenly find a data centre in India and will start keeping such personal data in India. Instead, a much likelier outcome, one which the Srikrishna Committee doesn’t even examine, is that many smaller web services may find such requirements too onerous and opt to block users from India, similar to the way that Indiatimes and the Los Angeles Times opted to block all readers from the European Union due to the coming into force of the new data protection law.</p>
<p style="text-align: justify; ">The government could be spending its political will on finding solutions to the law enforcement agency data access question, and negotiating solutions at the international level, especially with the U.S. government. However it is not doing so.</p>
<p style="text-align: justify; ">Given this, the recent spate of data localisation policies and regulation can only be seen as part of an attempt to increase the scope and ease of the Indian government’s surveillance activities, while India’s privacy laws still remain very weak and offer inadequate legal protection against privacy-violating surveillance. Because of this, we should be wary of such requirements, as well as of the companies that are vocal in embracing data localisation.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance'>https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance</a>
</p>
No publisherpraneshSurveillanceInternet GovernancePrivacy2018-10-16T14:08:34ZBlog EntryWhy conviction rate for cyber crime cases in Karnataka is abysmally low
https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low
<b>Police say a third of the cases involving economic offences in Karnataka are related to job scams, a third related to OTP and UPI fraud, and the remaining are lottery related scams.</b>
<p>The blog post by Theja Ram published by the <a class="external-link" href="https://www.thenewsminute.com/article/why-conviction-rate-cyber-crime-cases-karnataka-abysmally-low-109803">News Minute</a> on October 1, 2019 quotes Karan Saini.</p>
<hr />
<p style="text-align: justify; ">Just like thousands of engineering graduates in pursuit of a job, 22-year-old Samhita RH had been trying to find one since she graduated from AMC Engineering College in Bengaluru. Samhita’s parents, who live in Hassan district’s Sakleshpur, were counting on their daughter to help clear loans they had taken for her education. A year after graduating, Samhita was desperate. She had uploaded her resume on several job portals and hoped she would get an interview call.</p>
<p style="text-align: justify; ">On the afternoon of December 21 last year, Samhita received an email from an id that read: hr.monster13@india.com. Samhita had signed up for job alerts on employment portal Monster and was thrilled when she finally received a call for an interview, over a year after graduating.</p>
<p class="_yeti_done" style="text-align: justify; ">“I did not suspect that this was a fake account. Soon after I received the email, I also got a call on my mobile number and a man named Abhishek Acharya said he was from Monster and that there was an interview call for a position at HCL. He said I have to pay Rs 1,200 as registration fee and that I would be able to go for the interview then. A few hours later, he asked me to pay Rs 18,000. The next day I had to pay Rs 13,000 and later the same day another Rs 15,000,” Samhita says.</p>
<p style="text-align: justify; ">The next day, she received a fake offer letter from HCL after a telephonic conversation and this time another man named Amit Singh, who claimed to be an employee in HCL’s HR department, allegedly told Samhita that she had to pay Rs 29,000 for a certification programme that would be conducted as part of her induction programme. Samhita paid Amit Singh too and when she asked him the date of joining, Amit allegedly informed her that he would be in touch.</p>
<p style="text-align: justify; ">By the first week of January 2019, Samhita was worried that she may have been duped. She got in touch with HCL in Bengaluru and enquired about the job offer she had received. She even sent them a copy of the “offer letter” she had received. To her dismay, HCL informed her that the letter was forged and that no one from the company had reached out to her.</p>
<p style="text-align: justify; ">When she contacted the mobile number of the alleged Amit Singh and demanded her money back, he allegedly hung up and could never be reached again. “I lost around Rs 76,000 in a few days’ time. My parents were struggling for money. They had taken loans to pay for the job and it turned out to be a sham. When I got that email, I should have been more alert. But hope and relief of finally getting a job had clouded my judgement. I filed a complaint with the Cyber Crime Police Station in Bengaluru on January 19 this year, but there has been no progress in my case,” Samhita says.</p>
<p style="text-align: justify; ">In Samhita’s case, police say that the phones used to contact her were last used in Madhya Pradesh and the IP address from which the email was sent was from Nigeria. “How can we track down some online identity that we don’t know. If it’s a robbery or a murder, its jurisdictional. When it comes to people morphing pictures and extortion rackets on online dating platforms, it is easier to track down the people as there is an ID of the person. But economic offences are the hardest to crack,” says Sandeep Patil, Joint Commissioner of Crime, Bengaluru.</p>
<p style="text-align: justify; ">Just like Samhita, thousands of people have fallen victim to job scams on the internet and the Bengaluru Cyber Crime Police say that a third of the cases involving economic offences in Karnataka are related to job scams, a third of them are related to OTP and UPI fraud, and the remaining are lottery related scams. And the police say that investigating cyber crimes related to economic offenses are very difficult.</p>
<h3 style="text-align: justify; ">UPI, lottery fraud on the rise</h3>
<p style="text-align: justify; ">Ever since demonetisation led people to switch to online money transfer, police say that Unique Identification Pin (UPI) related cyber crimes are on the rise. According to the Cyber Crime Police Station in Bengaluru, of the 12,754 cyber crime cases reported in the city between January 2018 and August 2019, 38% of them were related to UPI.</p>
<p style="text-align: justify; ">“Before demonetisation, a lot of people were not using Google Pay, PayTM, BHIM and other UPI apps for money transfer. With more users, the pool of potential victims for those committing cyber crimes has increased,” Sandeep Patil says.</p>
<p style="text-align: justify; ">In July this year, a Madhusudhan, businessman from Bengaluru, filed a complaint with the Cyber Crime Police Station that a person posing to be a representative of an e-commerce company had looted Rs 1.6 lakh from three of his bank accounts via his BHIM app. Madhusudhan’s wife Lekha had ordered material for a dress from an e-commerce website. After it was delivered, she wanted to return it, and found a customer service number when she searched on Google. She asked Madhusudhan to help her get the money back.</p>
<p style="text-align: justify; ">Madhusudhan spoke to the representative, who informed him that the product could not be returned but that he could initiate a refund. “The product quality was bad and so we wanted to return it. The representative said he would refund the money and told me that he would send me a message, I had to click the link in the message and fill in a form for the refund to be processed. I never thought that this could be a scam. Within minutes, Madhusudhan received a message with a message ID that read: HDFC-UPI. Assuming it was legitimate, I clicked the link, which led me to a portal. But there was no form,” Madhusudhan says.</p>
<p style="text-align: justify; ">Madhusudhan tried calling the customer care number once more but there was no response. About three or four minutes later he received a message from his bank that Rs 90,000 was transferred to an unknown account via BHIM. Seconds later, he received another message that Rs 70,000 was transferred to another bank account via the same app. Madhusudhan immediately called his bank and asked them to stop any fund transfer from his account.</p>
<p style="text-align: justify; ">“I have three bank accounts linked to BHIM and money was wiped out from two accounts. I was able to save Rs 40,000 only after I called the bank,” he says. When Madhusudhan approached the police, Cyber Crime sleuths informed him that it was a phishing scam. “That message that I clicked, that was where it started,” Madhusudhan adds.</p>
<p style="text-align: justify; ">According to Karan Saini, Programme Officer with the Centre for Internet and Society, most UPI-related crimes are phishing operations and in rare cases involve spyware. Karan says that SMS gateways are the easiest means to con people into believing that a message is from a legitimate source.</p>
<p style="text-align: justify; ">“Businesses have the ability to send messages to people from SMS gateways provided by telecom companies. Consider the messages we get from e-commerce sites, banks, etc. While most businesses send messages to customers who have wilfully provided their details, bulk contact information can still be procured quite easily, and the cost barrier for sending bulk SMSes is also quite low. Most SMS providers charge customers around Rs. 300 for sending 1000 messages. Further, businesses have the ability to specify a custom sender ID (i.e., the name that appears on the message), which TRAI (Telecom Regulatory Authority of India) mandates to be 6 characters long (e.g., AXISBK), however, fraudsters can easily subvert the custom Sender ID feature to push their phishing campaigns. Most of the reported UPI scams seem to have succeeded because people were conned by the name of the sender. While several SMS providers maintain ‘blacklists’ that let them protect the Sender IDs of prominent customers, fraudsters can still trivially bypass these blacklists, by alternating characters within the Sender ID (e.g., changing AXISBK to AXISBA or even BKAXIS), or by simply moving to another SMS provider.,” Karan says.</p>
<p style="text-align: justify; ">In December 2017, Venkateshulu S, a jewellery store owner in Bengaluru, received an SMS allegedly from an e-commerce website stating that he had won Rs 1,00,00,000 in a lucky draw. The message stated that Venkateshulu, who had recently purchased a TV from the website, had won the lucky draw from a pool of customers chosen for it.</p>
<p style="text-align: justify; ">Venkateshulu, who was initially sceptical, had ignored the SMS. A day later, he received another SMS from the same sender ID, which claimed that he had to claim the prize within the next 24 hours or the offer would expire. He also received a call from a person posing as a customer care executive and informed him that he had to pay Rs 1 lakh to claim the prize and that the money would be refunded to him once the winnings were deposited into his account.</p>
<p style="text-align: justify; ">Within a few minutes, he transferred the money to an account number given by the conman. It was only after two days that Venkateshulu realised he had been swindled.</p>
<p style="text-align: justify; ">“I was waiting for the money to get deposited into my account. When I contacted that man again, his phone was switched off. Then I filed a complaint with the cyber crime police but they haven’t caught the culprit even now,” Venkateshulu says.</p>
<p style="text-align: justify; ">Speaking to The News Minute, Director General of Police, CID, Praveen Sood, said that just like Venkateshulu, thousands of people get conned in lottery scams. “When someone is asking you to pay money to collect alleged winnings, that must be the trigger. People get conned a lot by lotteries because the amount of money is too huge for them to pass up,” he says.</p>
<h3 id="_mcePaste">Thousands of cases, negligible convictions</h3>
<p style="text-align: justify; ">From just 1,045 cases registered in 2014 to 8,495 cases between January and August 2019, the number of cyber crime cases being reported in Karnataka are on the rise. Between January 2014 and August 2019, 20,920 cases were registered across 30 Cyber Crime police stations in Karnataka and a whopping 85% of them have been registered in the lone Cyber Crime Police Station in Bengaluru City.</p>
<p style="text-align: justify; ">Of the 8,495 cases registered between January and August 2019, 7,516 of them were in Bengaluru. Another alarming reality is the low rate of conviction. There have been only 36 convictions in cyber crime cases in Karnataka in the last six years and out of them only 5 convictions have occurred in cases registered in Bengaluru. Of these convictions, four of them occurred in 2014 and one in 2018. There were zero convictions in the years in between.</p>
<p style="text-align: justify; ">The shockingly low rate of conviction, Cyber Crime sleuths say, is because 95% of the cases registered go unresolved for various reasons. Of the total number of cases registered in the last six years, arrests have been made in only 6.2% of the cases and the number of cases in which chargesheets have been filed is even lower.</p>
<p>Between 2014 and August 2019, chargesheets were filed only in 736 cases in Karnataka, of which 46.86% were from Bengaluru.</p>
<p><img src="https://www.thenewsminute.com/sites/all/var/www/images/Cybercrime_karnataka.jpg" /></p>
<p><img src="https://www.thenewsminute.com/sites/all/var/www/images/Cybercrime_bengaluru.jpg" /></p>
<p style="text-align: justify; ">DGP Sood says that one of the primary reasons for the low conviction rate in cyber crime cases, not only in Karnataka but across the country, is the lack of geographical boundaries in cyber crime cases.</p>
<p>“In most cases across the country, the crime is perpetrated by people from other countries,” he says.</p>
<p style="text-align: justify; ">Senior police officials who have worked on numerous cyber crime cases in Karnataka say that another reason for low conviction rates in these crimes is that the cost of investigating cyber crime cases, especially economic offences, exceeds the actual loss suffered by victims.</p>
<p style="text-align: justify; ">“In many cases that I have worked on, the IP addresses or phone numbers are from Nigeria, Trinidad, Congo or an eastern European country. How do we track down and arrest these people? After five to six days of investigating, we reach a dead end. Between the amount that individual victims lose and the amount that needs to be spent on investigating that case, there is a huge difference. Lakhs have to be spent on one investigation. The economics do not add up and the physical international boundaries are major hurdles,” a senior police officer says.</p>
<h3 style="text-align: justify; ">Limited knowledge about advanced technology</h3>
<p style="text-align: justify; ">Senior officials with the Cyber Crime unit in the Criminal Investigation department say that apart from a severe staff crunch in Cyber Crime stations, most police officers, public prosecutors and magistrates have limited knowledge about cyber crimes, the technology used, the methods of perpetrating such crimes and, most importantly, the technological jargon.</p>
<p style="text-align: justify; ">“Initially, we had only 10 police officials working in one police station in Bengaluru and they were handling thousands of cases. It was only in 2018 that the number of personnel were increased to 40. Even now, these officers are handling thousands of cases and it’s an overload,” JCP Sandeep Patil says.</p>
<p style="text-align: justify; ">According to DGP Praveen Sood, even in cases where arrests are made and chargesheets filed, overburdened sessions courts with limited magistrates who understand the nuances of cyber crime cases contribute to low rates of conviction.</p>
<p> </p>
<p><article class="_yeti_done top_horizontal_show_ads_on_desktop right_vertical_ads_block left_vertical_ads_block">
<p style="text-align: justify; ">Senior police officials who work with the Centre for Cyber Crime Investigation and Training Centre say that prosecutors and lawyers fail to put forth a strong case due to lack of knowledge about these crimes.</p>
<p style="text-align: justify; ">“Understanding the methods used by perpetrators of cyber crimes and most importantly the jargon is difficult for prosecutors and magistrates. Even officers working in Cyber Crime stations keep learning new things every day. Magistrate courts are overloaded and to find judges who can understand the nuances of the case and prosecutors who can put forth a good case is difficult,” the official explains.</p>
<p style="text-align: justify; ">In February this year, the Centre for Cyber Crime Investigation and Training Centre was inaugurated in Bengaluru in order to train police officers, prosecutors and magistrates on the nuances of cyber crime. DGP Praveen Sood says that with more police officers being trained, it is a first step towards ensuring that more cases are detected and disposed of quickly.</p>
<p style="text-align: justify; ">“Since cyber crime has no boundaries, the best way is to prevent it. More awareness is required. People must not use the same email ID for personal and financial transactions. Separate email IDs must be used for social media accounts because many people get conned on social media. There are many cases where social media accounts are hacked and pictures of women are morphed. It’s always better to change passwords frequently and not share it with anyone. Do not believe people who say they are bank officials asking for OTP and PINs. Never buy into lottery scams where they ask you to pay money in order to get your winnings,” Praveen Sood adds.</p>
</article></p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low'>https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low</a>
</p>
No publisherTheja RamInternet Governance2019-10-13T06:07:23ZNews Item