Centre for Internet and Society

The Draft Electronic Delivery of Services Bill, 2011 – Comments by CIS

praskrishna — 2011-08-02T07:37:37Z

The Draft Electronic Delivery of Services Bill, 2011 (“Bill”) is a Bill to provide for delivery of government services manadatorily through electronic means by phasing out manual delivery of services. It is heartening to note that the Bill shifts the approach to electronic delivery of services by Government agencies to one as part of the citizens' right to service delivery through electronic means rather than a luxury or benefit doled out by the Government. The Bill introduces bodies exclusively accountable for ensuring that electronic delivery of services by the Government at the state and central levels. While this is a welcome move on the part of the Government there are a few comments we, at the Centre for Internet and Society, have on the present version of the Bill:

Accessibility
The Bill does not make it mandatory for all Government services to be accessible to all including persons with disabilities. The Bill refers to the term “access”, as defined in Section 2(1)(a) from the prespective of merely gaining physical access to the services or availability of such services1 rather than from the perspective of catering to the ability of a person with print (or other) disbilities from gaining access to the services in the normal format. It is very important that the electronic services are delivered in a format which is accessible to all persons including persons with disbilities, elderly persons etc. It should be mandatory for the Government to comply with Web Content Accessibility Guidelines (WCAG) and National Informatics Centre (NIC) guidelines for web accessibility. It is also important to ensure accessibility of all documents produced during service delivery by Government agencies.
Linguistic Accessibility
Section 5(2)(b) of the Bill requires the Government to prescribe a framework for all its agencies to ensure web presence or enablement which refers to rendering electronic services in the language chosen by the user. In pursuance of the same, it is important for delivery of services to be available in all national languages of India to begin with in addition to the content being encoded in Unicode font for all languages. It is important to note that there are not many open fonts available for Indian languages. Hence, it must be ensured that the Government allocates sufficient funds to ensure linguistic accessbility of the services delivered, while ensuring implementation of the provisions of the Bill.
Public Scrutiny
In order to ensure transparency of Government services and process of service delivery, it is essential that the Bill incorporates a provision to enable citizens to gain access to information provided by the Government as part of the service delivery process unless disclosing such information would amount to violation of any applicable law. Similarly, provision should be made for making public all RTI applications filed with the Government and responses to them.
Use of Free and Open Source Software
Considering that electronic service delivery by Government agencies is effected through public money, it is important that Governments are urged to use Free and Open Source Software (FOSS) for service delivery. This cuts costs to a great extent and also make the process more transparent and capable of customisation to varied needs of different departments. It is important to insert a provision requiring the Government to use FOSS as far as possible and in the event of any use of proprietary software, the Government should clearly explain the reason for such use, the costs incurred for the same, the additional benefit derived out of its use and other relevant details.
Open Standards
The Bill must stress on use of open standards for all computer resources and service delivery systems by Government agencies. As is the case with FOSS, such use brings down operation costs drastically and makes the service delivery process transparent and available for all to use. Use of ODF formats for documents, HTML for websites, ISA standards for hardware is recommended. It is also useful to ensure compliance with W3C guidelines by the concerned Government departments during implementation of the Bill.
Whistleblower Exception
The Bill does not contain any safeguards to ensure free and fearless disclosure of any wilful violation of the law impacting larger public interest. It is important to include a provision protecting any person exposing any violation of the provisions of the Bill or blowing the cover off any scam or farudulent activity decieving the public committed by service providers under the Bill. Such protection can be given by ensuring that the actions of such whistleblower, to the extent required for the exposure, does not constitute an offence under the provisions of the Bill.
Penalties for Offences
- Chapter 4 of the Bill gives a detailed list of acts constituting an offence under the Act including Section 15 which specifically relates to offences by companies. It is critical to ensure that the punishment and penalities for offences extend not only to citizens and companies but also to Government officials who misuse information they are privy to under the provisions of the Bill. In fact, a separate provision specifically applicable to the various offences which could be committed by Government officials under the Bill can reduce misuse of its provisions by the Government.
- It is to be noted that several provisions listed under Chapter 4 of the Bill covering offences and penalties are a reproduction of the provisions for the same under the Information Technology Act, 2000 (“IT Act”). Such reprodution is unnecessary and acts which are already deemed to be offences and have punishments prescribed for them under the IT Act (or any other legislation for the time being in force in India) need not be covered again in the Bill. This will avoid duplication and confusion in the legislations.
- Section 19(1) of the Bill provides that no alleged offence under the Bill can be tried in a court of law unless the Central Electronic Delivery of Services Commissioner (“Central Commissioner”) or the State Electronic Delivery of Services Commissioner (“State Commissioner”) authorises the same by issuing a complaint in this regard to the relevant court. This provision directly conflicts with a citizen's constitutional right to seek legal redress since it takes away his freedom to approach a court of law for redressal of his grievance without the permission of the Commissioners. It is recommended that the provision be either deleted or suitably modify so that it is not in violation of this constitutional right.
Bottoms up Approach
A decentralised approach should be adopted along the lines of the Panchayati Raj system giving the citizen a greater say in the framework and implementation of service delivery by Government agencies. Implementation can be at the Panchayat and District levels apart from State levels. Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent, access control to their information. This will automatically make them eligible or ineligible for various government services.
Charges for service delivery
Section 4 of the Bill authorises the Government to allow service providers to collect charges for electronic service delivery while Section 3(2) provides for the Government to regulate the manner and method of payment of such charges. It is critical to ensure that such charges levied under the provisions of the Bill do not exceed the charges levied by the Government agency for manual delivery of services. Charges for manual service delivery may include charges for photocopy, printing, paper, postage etc., all of which are totally eliminated during service delivery through electronic means. Thus, levying the same charges, let alone greater charges for electronic service delivery is totally unnecessary and places an additional burden on the citizen ultimately defeating the very purpose of the Bill.
Security in payment of charges
Section 3(2) of the Bill provides for the Government to regulate the manner and method of payment of charges for delivery of services.It is important that each transaction that takes place is done securely and without the exposure of an individuals confidential details. There are many ways to structure the transaction of payment of fees to achieve this goal. We reccommend that the SCOSTA smart card structure is used for completing and processing a transaction.
Data Security and Privacy
Section 5(1)(e) of the Bill requires the Government to ensure integrity, security and confidentiality of data collected, preserved and retained. We recommend that in addition to this, the Government also ensures integrity, security and confidentiality of data or information that is transferred, accessed or deleted. We also recommend that the Bill requires the Government to prescribe a framework under Section 5(2) for agency privacy policies to ensure that they are interoperable and consistent between different departments of the Government.
Functions of the Central Commissioner
Section 8 of the Bill grants the Central Commissioner the power to perform any or all of the functions listed in the provision including Section 8(f) which refers to the power of the State Commissioner in conducting the work of the State Government agencies. A Central Government authority may not have a say in all matters under the purview of the State Governments. This aspect has been left out for consideration while drafting this provision and hence it needs to be relooked at.
Cut-off Date for Implementation
While the Bill mandates a cut off period of 180 days for the Government to finalise on the scope, framework and manner of service delivery under its provisions, it states that the Government “may” prescribe a framework for implementation of the provisions. It is recommended, for the purpose of ensuring speedy implementation of the provisions, that the term “may” in Section 5(2) be replaced by “shall”.
Transparency of Government Agencies
Transparency and accountability of the Government towards the citizen is as important as the transparency of the citizen towards the Government. Therefore, the provisions of the Bill must ensure that the Government activities are transparent to the citizens by making available to the citizens, details of the responsible officials under the Bill, manner of service delivery and other relevant information in this regard.

For more details visit https://cis-india.org/internet-governance/blog/draft-electronic-delivery-services

Second Expert Meeting on Human Rights and the Internet

praskrishna — 2011-06-08T10:01:55Z

The second expert meeting on human rights and the Internet is being organised by the Swedish Ministry for Foreign Affairs and the UN Special Rapporteur on Freedom of Opinion and Expression on 30 and 31 March 2011 in Stockholm (Sweden). Anja Kovacs will participate in this meeting.

List of Participants (draft)

Alison LeClaire Christie alison.leclairechristie@international.gc.ca	Minister-Counsellor and Deputy Permanent Representative, Canadian mission to UN in Geneva
Anabella Rivera libert.expresion@gmail.com	Executive Director, DEMOS, Guatemala
Anja Kovacs anja@cis-india.org	Fellow, The Centre for Internet and Society, Bangalore
Anna Nawrot anna.nawrot@rwi.lu.se	Researcher, Raoul Wallenberg Institute of Human Rights, Lund, Sweden
Annie Game agame@cjfe.org	Executive Director, CJFE-IFEX
Anriette Esterhuysen anriette@apc.org	Executive Director, Association for Progressive Communications, South Africa
Arthit Suriyawongkul arthit@gmail.com	Thai Neitzen Network, Centre for Popular Media Reform
Brett Solomon brett@accessnow.org	Executive Director, Access Now
Charlotta Bredberg charlotta.bredberg@sida.se	Thematic Coordinator for Democracy, Human Rights, Peace and Security, Global Programme Unit, Department for Global Cooperation, Sida
Cynthia Wong cynthia@cdt.org	Director, Project on Global Internet Freedom, Center for Democracy and Technology, Washington DC
Daniel Westman Daniel.Westman@juridicum.su.se	Researcher and Teacher, Faculty of Law, Stockholm University
Danny Aerts danny.aerts@iis.se	CEO, The Internet Infrastructure Foundation (.SE)
David Mothander davidmothander@google.com	Nordic Policy Counsel, Google, Stockholm
Dunja Mijatovic pm-fom@osce.org	OSCE Representative on Freedom of the Media
Eduardo Bertoni eberto2@palermo.edu	Director, Center for Studies on Freedom of Expression and Access to Information, Palermo University School of Law, Argentina
Eric King eric@privacy.org	Human Rights and Technology Advisor, Privacy International
Grace Githaiga ggithaiga@hotmail.com	Kenya ICT Action Network (KICTANET)
Guy Berger G.Berger@ru.ac.za	Professor, School of Journalism & Media Studies, Rhodes University, South Africa
Helena Bjuremalm helena.bjuremalm@sida.se	Senior Policy Specialist, Democracy Assistance, Sida
Hossam Bahgat Hossam@eipr.org	Executive Director, Egyptian Initiative for Personal Rights, Cairo
Jan Kleijssen jan.kleijssen@coe.int	Director, Directorate General of Human Rights and Legal Affairs, Council of Europe
Jean-Luc Delvert Jean-luc.DELVERT@diplomatie.gouv.fr	Counsellor, Human Rights Division, Ministry for Foreign Affairs, France
Jean-Pierre Kempeneers, jem.kempeneers@minbuza.nl	Head of the Human Rights Division, Ministry of Foreign Affairs, The Netherlands
Jermyn P Brooks jermynbrooks@aol.com	Chair, Global Network Initiative
Joana Varon joana@varonferraz.com	Researcher, Centre for Technology and Society, Rio De Janeiro
Joe McNamee joe@mcnamee.eu	EU Advocacy Coordinator, European Digital Rights Initiative
Joy Liddicoat joy@liddicoatlaw.co.nz	Project Coordinator, Internet Rights are Human Rights, APC, South Africa
Kurt Erik Lindqvist kurtis@netnod.se	CEO, NETNOD, Stockholm
Lee Hibbard Lee.HIBBARD@coe.int	Coordinator for Internet Governance and Information Society, Council of Europe
Lisa Horner LisaH@global-partners.co.uk	Head of Research & Policy, Global Dialogue, London
Lise Bergh lise.bergh@amnesty.se	Director, Amnesty International, Swedish Section
Louise Bermsjö louise.bermsjo@sida.se	Programme Manager for Democracy and Human Rights, Global Programme Unit, Department for Global Cooperation, Sida
Lucille Morillon internet@rsf.org	Head, Bureau of New Media, Reporters sans frontières
Maciej TOMASZEWSKI maciej.tomaszewski@ec.europa.eu	European Commission DG INFSO, Unit A3 Internet; Network & Information Security
Maria Häll maria.hall@enterprise.ministry.se	Deputy Director, Division for Information Technology Policy, Ministry of Enterprise, Energy and Communications, Sweden
Mats Ringborg mats.ringborg@foreign.ministry.se	Ambassador of Sweden to OECD and UNESCO
Matthew Barzun BarzunMW@state.gov	US Ambassador to Sweden
Michael Camilleri MCamilleri@oas.org	Attorney, office of the Special Rapporteur for Freedom of Expression, OAS
Nicklas Lundblad nlundblad@google.com	Senior Policy Counsel, Public Policy and Government Affairs, Google
Nicole Gregory nicole.gregory@fco.gov.uk	Head of Human Rights Section, Human Rights and Democracy Department, Foreign and Commonwealth Office, UK
Orest Nowosad onowosad@ohchr.org	Director, Special Procedures of the Office of the UN High Commissioner for Human Rights
Patrik Fältström patrik@frobbit.se	Distinguished Consulting Engineer, Cisco
Patrik Hiselius Patrik.Hiselius@teliasonera.com	Senior Advisor, Public Affairs, Group Communications, Telia Sonera
Paula Uimonen paula@spidercenter.org	Director, The Swedish Program for ICT in Developing Regions, Stockholm
Richard Allan, ric@fb.com	Director of Policy in Europe, Facebook
Richard Esguerra gwen@eff.org	Senior Activist, Global Internet Freedom Policy, Electronic Frontier Foundation
Robert Guerra guerra@freedomhouse.org	Project Director, Internet Freedom, Freedom House
Robert Hårdh Robert.Hardh@civilrightsdefenders.org	Executive Director, Civil Rights Defenders, Stockholm
Sally Elkhodary sally.khodary@anhri.net	Programs Director, The Arabic Network for Human Rights Information, Cairo
Sarah Labowitz LabowitzSB@state.gov	Office of the Coordinator for Cyber Issues, US State Dept
Staffan Jonson staffan.jonson@iis.se	Policy Adviser, The Internet Infrastructure Foundation (.SE)
Sylvie Coudray s.coudray@unesco.org	Division for Freedom of Expression, Democracy and Peace, UNESCO
Thomas Hajnoczi, Thomas.HAJNOCZI@bmeia.gv.at	Ambassador, Permanent Representative of Austria to Council of Europe
Toby Mendel toby@law-democracy.org	Executive Director, Centre for Law and Democracy
Vilhelm Konnander vilhelm.konnander@gmail.com	Global Voices
Wolfgang Benedek wolfgang.benedek@uni-graz.at	Professor, Faculty of Law, Graz University, Austria
Yaman Akdeniz yaman.akdeniz@bilgi.edu.tr Ženet Mujić zenet.mujic@osce.org	Associate Professor of Law, Faculty of Law, Istanbul Bilgi University Senior Adviser, office of the OSCE Representative on Freedom of the Media

Organisers

Frank la Rue Co-Chair of the meeting libert.expresion@gmail.com	UN Special Rapporteur on Freedom of Opinion and Expression
Olof Ehrenkrona Co-Chair of the meeting olof.ehrenkrona@foreign.ministry.se	Ambassador, Political Adviser to Foreign Minister Carl Bildt, MFA, Sweden
Per Sjögren per.sjogren@foreign.ministry.se	Head, Dept of International Law, Human Rights and Treaty Law, MFA, Sweden
Hans Dahlgren hans.dahlgren@foreign.ministry.se	Ambassador for Human Rights, MFA, Sweden
Måns Molander mans.molander@foreign.ministry.se	Head of Human Rights Section, MFA, Sweden
Johan Hallenborg johan.hallenborg@foreign.ministry.se	Special Adviser, HR Section, MFA, Sweden
Maria Koliopanou maria.koliopanou@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Karin Keil Pettersson karin.keil-pettersson@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Pauline Etemad pauline.etemad@foreign.ministry.se	Intern, HR Section, MFA Sweden
Rolf Ring rolf.ring@rwi.lu.se	Deputy Director, Raoul Wallenberg Institute of Human Rights and Humanitarian Law, Lund, Sweden
Gordana Jankovic Gordana.Jankovic@osf-eu.org	Director, Open Society Foundation Media Program
Vera Franz vfranz@osf-eu.org	Senior Program Manager, Information Program, Open Society Foundations
Stewart Chisholm Stewart.Chisholm@osf-eu.org	Senior Manager for Freedom of Expression, Open Society Media Program

For more details visit https://cis-india.org/notices/second-expert-meeting

India Should Watch Its Internet Watchmen

praskrishna — 2011-05-06T05:08:05Z

The month after terrorists attacked Mumbai in 2008, India's government initiated legislation enabling it to eavesdrop on electronic communication and block websites on grounds of national security. There was no public debate before the bill in question was introduced, and hardly any debate inside parliament itself before it passed in 2009. In the law, there were no guidelines about the extent to which an individual's right to privacy would be breached. And there was certainly no mention, and therefore, reassurance, that due process would be followed when it came to restricting access to websites. This article by Rahul Bhatia was published in the Wall Street Journal on March 28, 2011.

It's taken about two years for the first signs of misuse to show up. And there may be many more, as the government uses vague discretion instead of firm rules to police India's Internet. Various groups can exploit these discretionary powers to their own ends.

Earlier this month, the Indian Computer Emergency Response Team (CERT-In), the body appointed by the government to protect India's information infrastructure, blocked a text-message provider that sends out advertisements in bulk over mobile phone. It also blocked Typepad.com, a publishing platform used frequently by bloggers. Both restrictions have now been lifted.

Most contentiously, a Delhi court ordered CERT-In to block access to Zone-H.org, an Italian security giant that acts as a repository of hacked websites—that is, it collects screen grabs of sites that are infiltrated, which later proves valuable for studying the cyber crime in question. A representative of this website accused an Indian cyber security firm, E2 Labs, of using Zone-H's logo and images to promote its own cyber security school courses. E2 Labs dragged Zone-H to court in 2009 and, on grounds of defamation, had Zone-H's website blocked. What muddies the waters is that E2 Labs claims to work for the government.

Nobody knows what threat, if any, these websites posed to national security. Users who tried accessing them simply received a one-line message from their service providers that the sites had been blocked due to "instructions from the Department of Telecom." That message later disappeared, replaced by the standard error message: "Page Not Found."

Many bloggers immediately started comparing this case to the situation they found themselves in 2006, when the government banned Blogspot.com right after Mumbai's suburban train system was hit by bomb blasts. The Department of Telecom then did not offer an official reason, leaving people guessing that this was some kind of response to that terrorist attack.

That's happening again. The guidelines under which CERT-In operates say that all information related to website blocking is classified. Moreover, its mandate does not include communicating with the public. Which is why everyone is in the dark. Nobody even knows how widespread the blockade is. There's no hint of the process involved. There's no course for redress for those who own the affected sites.

Inquiries from journalists about the Department of Telecom's method of functioning have gone unanswered. When cornered by the press this month, India's Information Technology minister Kapil Sibal, who oversees this department, passed responsibility to the ministry of home affairs, which manages the nation's internal security.

Perhaps there are legitimate reasons for blocking these websites. India has faced its share of terrorist attacks that have, in the last decade, begun to affect the country's urban centers. Terrorists have gotten more sophisticated. The 2008 Mumbai assault especially put pressure on security personnel to be electronically vigilant, because the terrorists used satellite phones and internet technology to communicate. Since then, the government has ramped up its scrutiny of the Internet, including getting into a high-profile dispute last year with Blackberry-maker Research in Motion. Blogs are fair game, too, seeing as how terrorist groups have been known to use them for recruiting and communication. But if there are good reasons this time for blocking the sites in question, they're unknown and unexplained.

That lack of explanation is cause for alarm. First, there's the impact on businesses. Intermediary guidelines proposed by the Department of Information Technology put the onus on service providers to remove any material that, in addition to endangering national security, "causes inconvenience or annoyance," is "grossly offensive or menacing in nature," or "belongs to another person." These open-ended guidelines mean service providers have to spend a good chunk of their time dealing with government officials to determine, say, what is offensive.

The larger impact is on the rule of law. The clumsiness with which New Delhi has blocked these sites undermines any legitimacy the laws have. Lawyers I've spoken with already say that the guidelines, which are open to wide interpretation, violate the country's constitution.

This legal debacle has implications beyond any immediate security concerns. Despite being a democracy with a vigorous free press, India can't afford to take freedom of speech for granted. The concern here is that a statute intended to protect the country from terrorism may also give new legal cover to people trying to restrict speech for other reasons.

Already, thanks in part to the lack of political support for free speech, varied groups hijack cracks or loopholes in the legal framework to their populist ends. For instance, a colonial-era law against religious insults was used in 2007 to appease Hindu nationalists who wanted the government to punish Muslim painter M.F. Hussain for depicting "Mother India" in the nude. That case suggests that the new ill-considered and badly implemented rules for online policing could be exploited by political or business interests.

India undoubtedly faces a serious terrorism problem. But New Delhi needs to defend itself through laws that don't end up impinging on free speech in damaging, undemocratic ways.

Mr. Bhatia is a writer with Open Magazine in Mumbai.

Read the original story here

For more details visit https://cis-india.org/news/internet-watchmen

Networking its way to better governance

praskrishna — 2011-04-01T15:13:04Z

New policy to regulate Government presence on social media. This article by Deepa Kurup was published in the Hindu on March 28, 2011.

The official Facebook page of the Karnataka Criminal Investigation Department, “DGPCIDKARNATAKA”, is a string of one-sided comments punctuated with official-ese, or newspaper links of some prominent crime or an article by the officials.

The Twitter account, also started around June 2010, has all of 38 tweets, and barely any interaction with “common” men/women. Started with much fanfare, these are among the very few State Government agencies that took to social media, but haven't taken it beyond mere formalities. On the brighter side, blogs by a few Ministers — most prominently, Higher Education Minister V.S. Acharya and Minister for Law and Parliamentary Affairs S. Suresh Kumar — are lively and even interactive, in spurts. A few government departments too have blogs, but none remarkable.

Though the Indian Government's tryst with social media is fairly new — it took a few Twitter controversies, courtesy former Minister @ShashiTharoor, to make the government sit up and take note — some departments such as IndiaPost, the Delhi Traffic Police, Census India and even the Planning Commission, have been able to take it beyond mere posturing and have interacted with citizens, even tried to solve problems. IndiaPost's Twitter page is a good example of how agencies can engage with stakeholders, at least to an extent.

A draft policy

Twitter recently hit headlines again when foreign secretary Nirupama Sen logged on with an official ID and interacted with Indians stranded in Libya looking to make their way back. All these examples, that have earned these departments accolades, has prompted the Indian Government to come up with a new policy for social media.

The e-governance group of the Department of Information Technology (DIT) held a meeting this week to draw up guidelines to “regulate” Government presence on social media sites.

Speaking to The Hindu, a DIT official said this had been on the Government's agenda because efforts in this direction had been all too scattered, and some of the success stories had convinced them that it could be a good platform for interaction. The official added that the feedback they got on the 12th Planning Commission's Facebook page was seen as a good example of how these tools could be leveraged.

But why regulate at all? Regulating social media use by government officials is imperative mainly to ensure that use of information or data is compliant with existing laws.

Consistency needed

Sunil Abraham, director of the Centre for Internet and Society, a Bangalore-based non-governmental organisation, points out that with no general rules in place, the use of Twitter or Facebook account varies according to the bureaucrats heading the departments. “This cannot be the case as the channel of communication has to be a continuous thing, and the data shared with citizens has to be accurate; which means the same standards need to be applied to online sharing of data as is applied to offline data handling. Departments should also be obliged to back-up online data periodically,” he says.

For instance, a traffic police department announced that citizens could share pictures of traffic rule offenders on Facebook or on its website, to facilitate tracking of offenders. “Such a move could have huge privacy implications, and may also lead to vigilante activism,” warns Mr. Abraham, adding that we need a policy so that all activity, however casual it may seem, is compliant with existing law governing data protection and privacy.

With the Government jumping on to the 2.0 bandwagon (often under pressure like in Mumbai where citizens created a Facebook page for the police forcing them to create a real one), it is time to really make it official. So, while the idea of giving a face to government agencies and pushing for transparency and greater interaction with citizens, standardisation of social media use is indeed the way forward.

Read the original article in the Hindu here

For more details visit https://cis-india.org/news/networking-better-governance

‘Learn from failed UK NIR project’

praskrishna — 2011-04-01T15:12:12Z

The new government in the UK recently scrapped its decade-long work spending millions of pounds on establishing the National Identity Registration (NIR) number simply because it realised it wasn't workable. This article by Madhumita was published in the Deccan Chronicle on March 22, 2011.

There might just be a lesson in this for India that has begun the ambitious Unique Identification (UID) project. The fact, experts says, is that the technology to make this project work successfully in India, that is attempting to cover the largest biometric registry in the world so far, does not exist, at the moment.

According to Dr Ian Brown, senior research fellow at the Oxford Internet Institute, University of Oxford, there was very little evidence that the NIR in UK met the objectives it laid for the initiative. Dr Brown, who has worked extensively on privacy with regard to biometrics, asserted that in the area of privacy and trust there was already a lot of distrust among citizens concerning identity registration. Additionally the UK government losing the CDs that contained information of 25 million people, led to the debate of data breach, a major issue for India concerning the UID.

“The reasons behind the need for the card included politically popular goals that varied depending on the demands of that political moment. From anti-terrorism to reducing social security fraud, identification fraud, illegal immigration and creating a sense of community, the UK government's response was thin when it came to checking for evidence on the project successfully meeting these objectives. If it was for the largest argument of fitting into the wider perspective of criminal justice and security, then studies have shown that cost-effective measures such as streetlights managed to reduce crime by 30 per cent as against surveillance cameras that reduced crime a mere three per cent in the UK,” stated Dr Brown during a lecture at IISc.

India too has argued the same reasons of terrorism and security along with literacy and eradicating poverty. But where is the evidence that one cannot breach this system? Asked advocate Malavika Jayaram.

Prashant Iyengar of the Centre for Internet and Society (CIS) reiterating this stated that there was no guarantee that an individual's information would be safeguarded. The general consensus was that nobody is opposed to the UID, just its current form.

UK’s NIR disaster

The introduction of the UK’s National Identity Register (NIR) scheme was much debated, and various degrees of concern about the scheme were expressed by human rights lawyers, activists, security professionals and IT experts, as well as politicians.

Many of the concerns focused on the databases which underlie the identity cards rather than the cards themselves.

Biometrics consists of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control.

It is also used to identify individuals in groups that are under surveillance. India is undertaking an ambitious mega project (the Multipurpose National Identity Card) to provide a unique identification number to each of its 1.25 billion people.

Read the original in the Deccan Chronicle here

For more details visit https://cis-india.org/news/failed-uk-nir-project

Privacy and Governmental Databases

elonnai — 2012-03-22T05:41:38Z

In our research we have found that most government databases are incrementally designed in response to developments and improvements that need to be incorporated from time to time. This method of architecting a system leads to a poorly designed database with many privacy risks such as: inaccurate data, incomplete data, inappropriate disclosure of data, inappropriate access to data, and inappropriate security over data. To address these privacy concerns it is important to analyze the problem that is being addressed from the perspective of potential and planned interoperability with other government databases. Below is a list of problems and recommendations concerning privacy, concerning government databases.

Government Databases and recommendations for privacy practices

Citizen-State relationships and privacy standards
Government databases foster different types of relationships between the state and its citizenry. For instance: User databases, service providing databases, and information providing databases. Each one these relationships requires a different level of privacy. Thus, it is important to identify the type of relationship that the database will foster in order to determine what type of privacy model to implement.
Specific privacy policy

Each government database should have a specific privacy policy that are tailored to the information that they hold. Each policy should cover the following areas:
- data collection
- digitization
- usage
- storage
- security
- disclosure
- retrieval
- access (inter departmental and public)
- anonymization, obfuscation and deletion.
Personal vs. personal sensitive and public vs. non-public data categories

Data in government databases requires varying degrees of privacy safeguards. The division of personal information vs. non personal information etc. creates distinct

categories for security levels over data and permissibility of public disclosure. Ex of personal information: Name, address, telephone number, religion. Ex of non-personal data: gender, age. This could work to avoid situations such as the census - where a person’s name, address, age, etc, were all printed for the public eye.
Standardization of Privacy Policies and Access Control

Government databases should all be designed upon interoperable standards so that the databases can "talk" to each other. The ability to coalesce databases strengthens the potential for use and reuse by different stakeholders. Furthermore, the interoperability of systems helps to avoid the creation of silos that hold multiple copies of the same data. To protect the privacy in interoperable systems - restricted and authorized access within departments and between departments is key. The Department of Information Technology has recently published a "Government Interoperability Framework" titled "Interoperability Framework for eGovernance" This policy document is the appropriate place to articulate interoperable privacy policies that could be adopted across eGovernance projects.
Record of breach notification

If data breach occurs in government database, the breach should be recorded and the appropriate individuals notified.
Anonymization/obfuscation and deletion policies

Once the purpose for which the data has been collected has been served it must be anonymized/obfuscated or deleted as appropriate. All data-sets cannot be deleted as bulk aggregate data is very useful to those interested in trend analysis. Anonymizing/obfuscating the personal details of a data set ensures that privacy is protected during such trend analysis.
Accountability for accuracy of data

Frequently data that is collected and entered into government databases is not accurate, because the departments are not collecting the data themselves. Thus, they feel no responsibility for its accuracy. If a mechanism is built into each database for identification of each data source this brings accountability for data accuracy.
Appropriate uses of government databases

Businesses should feel automatically entitled to aggregate and consolidate public information from government databases because it is technically possible to do so. Their uses of government database must be guided by policies that define "appropriate usage."
Access, updation and control of personal information

Citizens must be able to access and update their information. Furthermore, they should be able to define to a certain extent access control to their information - which would automatically make them eligible or ineligible for various government services.

Bibliography

Rezhui, Abdemounaam. Preserving Privacy in Web Services. Department of Computer Sciences, Virginia Tech.
Medjahed, Brahim. Infrastructure for E-Government Web Services. IEEE Internet Computing, Virgina Tech. January/Feburary 2003.

Mladen, Karen. A Report of Research on Privacy for Electronic Government. Privacy in Canada

joi.ito.com/privacyreport/Contents_Distilled/.../Canada_E_p252-314.pdf

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-govt-databases

Privacy Matters - A Public Conference in Ahmedabad

praskrishna — 2011-04-04T07:14:41Z

On behalf of Privacy India, and in partnership with the Research Foundation for Governance in India and Society in Action Group, the Centre for Internet and Society invites you to “Privacy Matters” a public conference focused on discussing the challenges and concerns to privacy in India. The event will be held at the Ahmedabad Management Association. We would be honored if you would attend the meeting and contribute your views.

The conference will focus on the questions and dilemmas posed by privacy in India today, with a concentration on security, national surveillance, prisoners rights and privacy. The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities,prisoners, etc. – people who most need to know that sensitive information is protected. Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India.

One of our goals is to build consensus towards the promulgation of a comprehensive privacy legislation in India through consultations with the public, legislators and the legal and academic community.

Please confirm your participation with:

elonnai@privacyindia.org, or
jsree.t@gmail.com

Agenda

Privacy Matters

March 26th 10:30 – 4:30 pm

Ahmedabad Management Association
Core-AMA Management House
Torrent-AMA Management Centre
ATIRA Campus, Dr. Vikram Sarabhai Marg
Ahmedabad 380 015, Gujarat, INDIA
Phone: +91-79-263086

Time	Session
10:00 to 10:30	Registration and Welcome Prashant Iyengar Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. Lastly he will outline the present scenario of Privacy in India.
10:30 to 11:15	Keynote Address Usha Ramanathan Dr. Usha Ramanathan is an internationally recognized expert on law and poverty. Her research interests include human rights, displacement, torts and environment. Ms. Ramanathan will speak about the coerced decline of privacy. National security, corruption, pragmatism, and the emergence of technologies that often work to establish that privacy is an irrelevant notion. She will look at links not often made between privacy and personal security, between data bases and national security, and the centrality of dislodging privacy in projects of social control are, perhaps deliberate.
11:15 to 11:30	Tea break
11:30 to 1:00	Opinions on Privacy Justice J N Bhatt, Mr. Ajay Tomar, Renu Pokharna In this session key officials from Gujarat will share their experiences and opinions on privacy in the context of India. Speakers include: Justice J N Bhatt is the former Chief Justice of Gujarat and Bihar, and currently the head of the Gujarat State Law Commission. He has had ad successful career including having: joined the Office of the Government Pleader, at Jamnagar in 1976, worked as Central Government Counsel in special matter of Armed Forces and Labour Cases, and has authored more than 50 Articles on Jurisprudence, Constitution, International Law, A.D.R, Legal Aid and Lok Adalat and Judicial Reforms Renu Pokharna, a member of the Chief Minister's Office, State of Gujarat, has spent her career working towards the betterment of society, especially the poor and the hungry through policy and not charity. For example she is a part of the project “Gujarat Skill Development Mission”. The project tries to achieve convergence of skill training programs to make them more effective. Mr. Ajay Tomar is the chief of the Anti-Terrorism Squad in Gujarat. He has worked on cracking down on many cases involving national security and surveillance including the “Pepsi Bomber”.
1:00 to 2:00	Lunch Break
2:00 to 2:30	Privacy, Minority Identities, and Security Bobby Kuhnu Bobby Kuhnu is a lawyer, social activist, and writer. Mr. Kuhnu will examine the ideological underpinnings of the discourse on privacy and its bearings on socially marginalized identities particularly in the context of the Indian state and the constitutional right to privacy.
2:30 to 3:00	Privacy and National Security Mathew Thomas Mathew Thomas is a management consultant and activity leader for development centers. Mathew has held top positions in the Indian Army, and the Defense Research and Development Organization, where he headed the missile manufacturing facility. His presentation will focus on national security and privacy.
3:00 to 3:15	Tea Break
4:00 to 4:30	Open discussion and summary

Other Distinguished Participants

Justice Madhukar

Former Judge, Trial Courts, Gujarat

Kanan Divatia

Lawyer and Professor of Law, L A Shah Law College

Professor Amal Dhru

Visiting Professor, Indian Institute of Management, Ahmedabad

Madhusudan Agarwal

Founder, Ma'am movies

Gaurang Raval

Drishti Media

Rahul Chimanbhai Mehta

Independent Candidate, IIT Delhi Alumnus

Madhusudan Agarwal

Founder, Ma'am movies

For more details visit https://cis-india.org/events/privacy-matters-ahmedabad

Public Talk by Dr. Ian Brown on Privacy, Trust and Biometrics

nishant — 2011-04-04T07:15:29Z

Trust is hard to build, but easy to lose. What factors affect individuals' trust in new technologies? How can governments create citizen trust in biometric security tools? Can biometrics be designed to be privacy-friendly? And how did these questions lead to the cancellation of the UK's national identity scheme, after a decade of development costing tens of millions of pounds? About the speaker: Dr Ian Brown's research is focused on public policy issues around information and the Internet, particularly privacy and copyright. He also works in the more technical fields of communications security and healthcare informatics.

For more details visit https://cis-india.org/events/ian

Muzzling the Internet

praskrishna — 2011-04-01T15:14:44Z

It is strange suddenly to be confronted with the provisions of a law passed way back in 2008. But why should the Information Technology Amendment Act, 2008, pushed through in the weeks following the 26/11 attacks in Mumbai be making news now? This news item by Sundeep Dougal was posted in Outlook on March 17, 2011.

The Economic Times, with a report headlined Government can switch off your internet if necessary breathlessly reported yesterday:

The Indian government has armed itself with powers to 'switch off' or kill the internet during times of national emergencies, becoming one of the first few countries to assume such far reaching authority. Even as the US and other western nations debate the judiciousness of giving the government's complete control to shut down cyber traffic, India has moved a step ahead and incorporated a provision under the IT Act of 2008, giving the Central government, or any of its officers specially authorised by it, to block the internet if necessary. The shutdown can happen in the interest of sovereignty and integrity of India, its defense, security of its states, friendly relations with foreign states or for public order. Failure to comply will result in imprisonment of up to seven

But perhaps the report can be excused for the simple reason that because the act was pretty much hustled through Parliament at a time when the national mindspace was preoccupied with other concerns, there was not much analysis or criticism in the mainstream media, though specialised blogs did raise an alarm even then. [See one critique dating back to December 2008 here April 2010 here -- and for the record, the bill was endorsed by the President in Feb 2009, and then only notified in October 2009.]

Read the ET report further and you realise that the reference was perhaps occasioned by the following development that the news report went on to provide:

Not satisfied with this provision, India is now moving ahead to develop alternate plans in case the 'switch' does not work. The draft plan by the Cabinet Committee on Security and Ministry of Home Affairs along with Ministry of IT & Communications to 'choke' the internet at will, which ET reported last year, is also learnt to be in its final stages.

Choking refers to handicapping the servers by subjecting it to multiple requests and attacks and preventing it from functioning effectively

But more dangerous to the issue of freedom of the internet were the recent reports, earlier in the month, of the blocking of Typepad, Mobango, Clickatell by some ISPs, though only one of them provided a message saying, "This site has been blocked as per request from the Department of Telecom". It was 2006 all over again.

As usual, the real problem was the total arbitrariness of the process and the confusion was confounded further when an unnamed Airtel spokesperson told the Hindu that there was no directive from the government, and this was “just a temporary network problem”.

The crux of the matter can be summed up in this one quote from Nikhil Pahwa of Medianama in the Hoot: "what gets me angry is that we wouldn't even have got to know of the blocking. There are never any indications of which websites are blocked and why. We have got to have more transparency on these issues."

Medianama also compiled and reported the following:

Tech2 wrote about a blogspot blackout on Feb 12th.
CuttingtheChai wrote about Kirtu.com, where the not-safe-for-work comic Savita Bhabhi was hosted, Mobango, Typepad and Clickatell being blocked on Feb 22nd.
Kafila reports, and this is something that we’ve also been told about as well, that Zone-H.org has been blocked as well. This is strange, but there is a suggestion that a company called E2 Labs got Zone-H blocked, because they did a post criticizing E2′s proposal to start a cyber security educational institution, alleging that there was falsification of information. A pdf of the post here, via Naavi.org. Again, we need clarity on why these blocks have been ordered. Also read Apar Gupta’s post
the utilitarian critique of E2 Labs v. Zone-H

Medianama further reported that on the sidelines of the Gov 2.0 conference last Friday, Communications & IT Minister Kapil Sibal passed the buck on the issue of lack of transparency in the way the Indian government blocks access to websites. Sibal told MediaNama that we should “Ask the Home Ministry, because this is a security issue.”

As Shivam Vij of Kafila asked:

All I want to ask Kapil Sibal is: How is Savita Bhabhi a threat to India’s national security? Wait, I have another question: why should I ask the Home Ministry when the orders for blocking come from your own Ministry, Mr Sibal, and the committee that decides on blocking has only one Home Ministry representative and two from your Ministry, sir?

In theory a lot of people will say that the internet can not be free of regulation, that the government must block some sites. But this is the problem in practice: the government will block a soft porn comic - only because it was talked about openly, discussed in the papers, and so on. Only because it came in the way of some bureaucrat’s antiquated sense of morality. Why, there are countless hard core Indian porn sites that are not blocked! (Oops, I shouldn’t be giving ideas.)

And when you wonder why the Government of India thinks Savita Bhabhi is too obscene for you, they will say national security!

If you don’t know about the Savita Bhabhi blocking issue, see this Huffington Post article.

All of this of course assumes ominous overtones when one considers the government's attitude on Wikileaks and offers an inkling of the shape of things to come when we look at the recent release of the long awaited draft rules for important sections of the Information Technology Act 2000, objections to which were sought from the public by February 28, 2011.

So far, the following draft rules have been formalised:

The Draft rule under section 43A- Reasonable security practices and procedures and sensitive personal information

Privacy India and Centre for Internet and Society, Bangalore have offered a detailed para-wise commentary here.

The Draft rule under section 79-Due diligence observed by intermediaries guidelines

A detailed, para-wise, criticism is available by the Centre for Internet and Society which pointed out, inter-alia:

they vest an extraordinary power of censorship in the hands of the intermediary, which could easily lead to the stifling of the constitutionally guaranteed freedom of speech online. Analogous restrictions do not exist in other fields, e.g., against the press in India or against courier companies, and there is no justification to impose them on content posted online. Taken together, these provisions make it impossible to publish critical views about anything without the risk of being summarily censored.

The rules are so loosely worded as to cover almost anything. For example, consider Section 3 of the proposed rules, particularly point (g):

"causes annoyance or inconvenience or deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature;"

Imagine the number of sensitive souls out there who could be claiming "inconvenience" because of "annoyance" having been caused.

The Draft rule under section 79-Guidelines for Cyber Cafe

A critique by PRS blog | Medianama | Centre for Internet and Society points out, inter alia, that

if enforced it will end up choking public access Internet in the country, whether through Cybercafes or at Wifi hotspots, which would cover all regular cafes that offer Internet access, the airport, where some telcos allow access, or even on-campus connectivity.

While the comments for the above rules were invited only till 28.02.2011, perhaps it would still be useful to let the authorities know what one thinks about these rules by sending an email to: grai AT mit.gov.in

Read the original post in the Outlook here

For more details visit https://cis-india.org/news/muzzling-internet

Battle for the Internet

praskrishna — 2011-04-01T15:28:19Z

In this article written by Latha Jishnu and published by Down to Earth, Issue: March 15 2011, the author reports about the events in the United States in the post WikiLeaks scenario.

As the Internet becomes the public square and the marketplace of our world, it is increasingly becoming a contested terrain. Its potential for diffusing knowledge and subverting the traditional channels of information is tremendous. So it is not surprising that governments, corporations and even seemingly innocuous social networking sites all want to control and influence the way the Internet operates. It’s easy to see why. Close to a third of humanity is linked to this system—and the dramatic growth in Internet usage over the past decade is set to explode in coming years. So is its commercial promise. Latha Jishnu looks at events in the US following the WikiLeaks exposé of its diplomatic cables, and in the hot spots of political turmoil across the world to understand the significance of the Internet in today’s interconnected world and the threats it faces. Arnab Pratim Dutta explains the technology used to block access to the Net.

An opposition supporter holds up a laptop showing images of celebrations in Cairo's Tahrir Square, after Egypt's President Hosni Mubarak resigned (Photo: Reuters)

Ideas and ideologies, images and reports of events, both minor and cataclysmic, fly on the Internet, swirling through cyberspace, gathering resonance, metamorphosing and touching millions of lives in different ways. Many of the ideas—and visuals—could be banal (as they very often are), some dangerous, others bringing promise of change. Some have the power to subvert, helping to stir and stoke the smouldering embers of political and social unrest as recent uprisings in north Africa, West Asia and Asia have shown. To many, the Internet is the rebel hero of our times, subverting conventional media and leaking news and information that governments would like to censor. Even a village in the remote reaches of Odisha’s Malkangiri district which may have no electricity is in some way linked to cyberspace through smart cell phones because mobile operators are increasingly turning Internet service providers (ISPs) and bringing the worldwide web to the conflict-ridden forests of central India.

It is about the power and reach of connection, unprecedented since people first began communicating with each other. The Internet, therefore, is turning into a conflict zone with everyone seeking control of it: governments, corporations and social networking sites, all of whom have different agendas. Social networks may seem innocuous but they are as much a hazard as the others to Internet freedom. Surveillance of “netizens” is becoming commonplace, whether in democracies or in totalitarian regimes, through a host of new laws and regulations ostensibly aimed at strengthening national security, cyber security or protecting business interests.

While most governments are seeking to filter and block specific content, in extreme cases, as in Egypt, the Net has been blacked out using what some experts say is the “kill switch” (see ‘The Egypt shutdown’). This could emerge as the biggest threat to the Internet since other regimes could be tempted to go the Egyptian way. Most governments, however, prefer not to use it, not even the censorship-obsessed Chinese and Saudi regimes because the Internet is also about business—commerce of increasing significance is being routed through its sinews. Take one small example: In January alone, Britons spent a whopping £5.1 billion online, recording a 21 per cent jump in e-commerce revenues over January 2010, according to the latest edition of the IMRG/CapGemini e-Retail Sales Index. It is the kind of figure that stops authorities from reaching for the kill switch.

In the case of China, e-commerce transactions hit 4.5 trillion yuan (US $682.16 billion) in 2010, up 22 per cent year-on-year, according to China e- Business Research Center and CNZZ Data Center. Of this, online B2B or business-to-business deals accounted for the bulk: 3.8 trillion yuan (US

Popular whistleblower website wikileaks.org was unavailable for some time in December 2010

$576.05 billion). And retail sales are expected to zoom, too, pretty soon with e-commerce websites selling directly to customers growing to more than 18,600 last year. Thanks to a dramatic spike in the rate of Net penetration and impressive growth of online business.

But the world has a long way to go before the Internet becomes ubiquitous or an all-encompassing global commons. Currently, just two billion people are linked to the system (see above: ‘Big picture’), which is less than a third of the world’s population. And the reach, as the chart shows, is rather patchy. India may be in the top five Internet user nations with a total of 81 million users but penetration is an abysmal 6.9 per cent, the worst in the list. Blame that on our pathetic education levels and poverty. China, however, is the undisputed leviathan with 420 million users in 2010—some estimates put the figure closer to 500 million now—who account for more than a fifth of the world’s Internet users. No other country’s growth in this sector matches China’s either in speed or drama.

This is one reason Washington frequently raises the issue of China’s policing of the Internet in different fora. The most recent was on February 15 when secretary of state Hillary Clinton made the second of her rousing speeches on safeguarding the Internet from all kinds of government interference. Speaking at George Washington University in Washington DC, Clinton pointed out that the attempts to control the Internet were rife across the world but singled China for repeated attacks.

“In China, the government censors content and redirects search requests to error pages. In Burma, independent news sites have been taken down with distributed denial of service (DDoS) attacks. In Cuba, the government is trying to create a national intranet, while not allowing their citizens to access the global internet. In Vietnam, bloggers who criticize the government are arrested and abused. In Iran, the authorities block opposition and media websites, target social media, and steal identifying information about their own people in order to hunt them down. These actions reflect a landscape that is complex and combustible, and sure to become more so in the coming years as billions of more people connect to the Internet.”

That seemed a fair assessment of the trends but the irony is that even as the secretary of state was speaking, the Department of Justice was seeking to enforce a court order to direct Twitter Inc, to provide the US government records of three individuals, including Birgitta Jonsdottir, a member of Iceland's Parliament who had been in touch with others about WikiLeaks and its founder Juan Assange last year when WikiLeaks released its huge cache of US diplomatic cables.

A commentary in China Daily noted with asperity: “The Assange case reveals such rhetoric is just so much hypocrisy. It is apparent that when Internet freedom conflicts with self-declared US national interests, or when Internet freedom exposes lies by the self-proclaimed open and transparent government, it immediately becomes a crime.”

The Assange case more than anything else has exposed how vulnerable the Net is to political meddling and control. In December last year, Amazon said it stopped hosting the WikiLeaks website because it “violated its terms of service” and not because the office of the Senate Homeland Security Committee chaired by Joe Lieberman had questioned Amazon about its relationship with WikiLeaks.

WikiLeaks had turned to Amazon to keep its site available after hackers tried to flood it and prevent users accessing the classified information. Few people were willing to credit Amazon’s feeble explanation for cutting off WikiLeaks and the general surmise was that Lieberman had put some kind of pressure on the webhosting platform. According to one analyst, the simple reason is that the US government is one of the company’s biggest clients. According to a press note issued by the company: “Government adoption of AWS (Amazon Web Services) grew significantly in 2010. Today we have nearly 20 government agencies leveraging AWS, and the US federal government continues to be one of our fastest growing customer segments.”

As Amazon abandoned WikiLeaks, Paypal, Visa and MasterCard had also dumped WikiLeaks. This set off a fullscale cyber war in which a fourth party made its presence felt: Hackers/ ‘hacktivists’ who unleashed operation payback for what they deemed unfair targeting of WikiLeaks and Assange. This involved a series of (DDOS) attacks on Paypal, MasterCard, Swiss Bank PostFinance and Lieberman’s website.

So while governments in many parts of the world block sites, jail or kill dissidents for expressing their views on the Net, threats to the freedom of the Internet come primarily from the paranoia that governments suffer and from badly crafted policies they implement to protect business and other interests.

US enforcement agencies shut down 84,000 sites, falsely accusing them of child pornography

The US, the ultimate symbol of liberal democracy, is no less uneasy about the power of the Internet. A slew of laws are making their way through the Senate, laws that will give the administration sweeping powers to seize domain names and shut down websites, even those outside its territory, and laws that strengthen the powers of the president in the time of a cyber emergency, including the use of a kill switch. In September, the US Senate introduced the Combating Online Infringement and Counterfeits Act, which would allow the government to create a blacklist of websites that are suspected to be infringing IP rights and to pressure or require all ISPs to block access to those sites. In these cases, no due process of law protects people before they are disconnected or their sites are blocked.

In India, in the wake of the terrorist attacks in Mumbai in November 2008, Parliament hastily passed amendments to the Information Technology Act, 2000, without any discussion in either House. The December 2008 amendments have some good points but they also allow increased online surveillance. Section 69A permits the Centre to “issue directions for blocking of public access to any information through any computer resource”, which means that the government can block any website.

Pranesh Prakash of the Bengalurubased Centre for Internet and Society notes that while necessity or expediency in terms of certain restricted interests is specified, no guidelines have been specified. “It has to be ensured that they are prescribed first, before any powers of censorship are granted to anybody,” said Prakash in an analysis of the amendments. “In India, it is clear that any law that gives unguided discretion to an administrative authority to exercise censorship is unreasonable.”

Civil rights activists say the section has broadened the scope of surveillance and that there are no legal or procedural safeguards to prevent violation of civil liberties.

As the battle for keeping the Internet is joined by netizens who are aware of the power of connection, governments, too, are ramping up command and control measures. Among the risks to an open, democratic Internet are the following:

Threat to universality

The basic design principle underlying the World Wide Web is universality, and, according to its founder Tim Berners-Lee, several threats are emerging. Among these are: cable companies that sell Internet connectivity wanting to limit their Net users to downloading only the company’s mix of entertainment and social networking sites (see ‘Hidden dangers of Facebook’).

Another is by pricing Net connectivity out of the reach of the poor and allowing differential pricing. Berners- Lee, warned at a recent London conference: “There are a lot of companies who would love to be able to limit what web pages you can see...the moment you let Net neutrality go, you lose the web as it is...You lose something essential—the fact that any innovator can dream up an idea and set up a website at some random place and let it just take off from word of mouth...”

Actions against piracy

The nub of such operations lies in the US Department of Homeland Security, whose Immigration and Customs Enforcement (ICE) and the Department of Justice (DoJ) have been seizing domains because they are suspected of hawking pirated goods. The first seizure was in November last year when 82 websites selling counterfeit goods ranging from handbags to golf clubs were taken out.

Last month, there was another raid on the Internet. According to TorrentFreak and other Internet monitoring sites, the two agencies wrongly shut down 84,000 websites that had not broken the law, falsely accusing them of child pornography crimes. After the mistake was identified, it took about three days for some of the websites to go live again. The domain provider, FreeDNS, was taken aback. “Freedns.afraid.org has never allowed this type of abuse of its DNS service. We are working to get the issue sorted as quickly as possible,” it said.

Earlier, DoJ and ICE had seized the domain of the popular sports streaming and P2P download site Rojadirecta. What is shocking is that the site is based in Spain and is perfectly legal. Two courts in Spain have ruled that the site operates legally, and other than the .org domain the site has no links to the US.

Internet freedom could easily become the biggest casualty in the illconceived and poorly designed procedures adopted by developed countries— France, the UK, South Korea, Taiwan and New Zealand have similar laws—to protect intellectual property from counterfeiters and pirates, primarily at the behest of the film and music recording industries.

There are indications India may be planning to follow suit (see ‘India’s three-strikes policy’), although civil rights groups say it could amount to a form of deprivation of liberty.

Surveillance technology

The problem with the use of technology in keeping the Internet safe cuts both ways. With increasing number of cyber attacks on both official and public websites from an array of hackers and malware, governments are reaching for ever more sophisticated high-tech surveillance systems. For instance, computer systems of the US Congress and the executive branches are under attack an average of 1.8 billion times per month, according to a recent Senate report. The result: more spyware. One such is deep packet inspection technology. It is a tool that protects customers from rampant spam and virus traffic. Experts say the Internet could not survive without this technology and yet, it helps authorities to keep a close watch on what people are doing on the Net. In the US, ISPs are required to have this technology.

So what can be done? Keep close tabs on government involvement in the Internet and ensure that its intrusion in both the content and the engines of this system is kept to the minimum.

Read the original article written by Latha Jishnu in Down to Earth here

For more details visit https://cis-india.org/news/battle-internet

Catch-all approach to Net freedom draws activist ire

praskrishna — 2011-04-01T15:43:55Z

The Internet has revolutionized the way we socialise, date and even protest. Online activism is a faster, more effective way to get more people to react to a cause. But at the same time it is this speed that makes Internet-generated protests a far graver danger than offline protests. Egypt faced an Internet shutdown when the protest started gaining steam and China has been throttled with heavy cyber censorship for years. Unfortunately, silencing the voices of dissent online is as easy as raising them. This article by Annie Johnny appeared in the Sunday Guardian, New Delhi on 13 March 2011.

A workshop recently conducted at the Constitution Club in New Delhi brought together human rights activists, bloggers and techies and explored the challenges faced by online activists.

“When the Internet was in its nascent stage, there was the Utopian belief that the government would not have the same role to play as it does offline. However, the Internet is being increasingly regulated by the government,” says Dr. Anja Kovacs, fellow, Centre for Internet and Society, Bangalore.

The Binayak Sen and Pink Chaddi campaigns provide a picture of how fast and efficient online activism is. “Initially, the campaign was restricted to a centralised network of people and was a way for me and my friends to vent out our thoughts. But it grew beyond our expectations. Between March 2008 and May 2009, we had about 1.5 million visitors. Our experience with the Internet as an effective tool in mobilising people has been very positive,” says Satya Sivaraman, one of the initiators of the Free Binayak Sen Campaign website.

Blocking websites that promote child pornography and hate speech is acceptable. Activists, however, are concerned about the mysterious disappearances of blogs and the vague explanations given to justify them.

“There is a provision for spam in the IT Act. While the rule is meant for only for spam, it is extended over a much wider area. According to it, anything that is deemed objectionable can be blocked. Instead of targeting offensive material, the act should target harmful content. Child pornography and hate speeches cause harm, whereas what is ‘offensive’ is subjective,” says Pranesh Prakash, programme manager, Centre for Internet and Society.

Bloggers in countries like Thailand and Singapore face serious consequences for posting anti-state views online. However, very few people all over the world are standing up against the curtailing of the right to freedom of expression online.

“There are ways to access blocked sites but most people do not bother to do that. If a site is blocked, they will simply accept it. The government in India is becoming increasingly restrictive. While their reason for concern is valid as the restrictions are in place to protect national security, the way they are dealing with this is inappropriate. Drafting vague rules related to objectionable content’ without specifying whom the content is objectionable to, is not going to help. There needs to be clearly defined categories for banning sites,” says Kovacs.

Rising against the growing restrictions and the wide gaps in Internet accessibility, The Internet Rights and Principles coalition, which works on Internet rights, is coming up with a Charter for Human Rights and Principles for the Internet.

The charter, which is still being drafted and has been put online for suggestions, emphasises that human rights apply the same way online as they do offline, and lays down rules and Internet policies necessary to protect human rights.

Another interesting observation is that most online protests don’t always spark parallel offline protests. The Meter Jam protest against the high auto fares in Mumbai is one such example.

“While it helped the middle class vent their frustration, on the day of the actual offline protest, hardly anyone boycotted autos. Business went on as usual,” says Kovacs.

See the article on the Sunday Guardian website
Download the original pdf here

For more details visit https://cis-india.org/news/catch-all

Cause and effect Facebook-style

praskrishna — 2011-04-01T15:44:47Z

While the world is crediting Facebook for triggering the Arab revolution, do Facebook groups in India say anything about top of mind causes for young Indians? Crime touches a chord - the pages that have sprung up for Radhika Tanwar and Aarushi Talwar illustrate this - but it's the ideological issues that have made it to our top five list. Anja Kovas, a fellow at the Centre for Internet and Society, a Bengaluru-based research organisation, analyses the success of these causes.

Save the Tiger: The biggest Indian group on Facebook 'Save the Tiger' has a following of over 8,43,663 people.

Content talk: The site tracks news items about the tiger and features comments and quotes about the animal. The group's motto 'Read between the stripes' encourages members to 'like' conservation.

Pages: As the most popular cause, this also links to over 30 pages such as the 'Save the Leopard', Save the Tiger Fund' and 'Only 1411 left in India'

Anja-speak: This campaign was successful because several celebrities were a part of the cause. TV campaigns and celebs always ensure a larger audience. Also world over, environmental issues triggers stronger reactions.
Terrorism: It's a subject that affects every single Indian, and 'Stop Terrorism in India' has already clocked 1, 39, 436 members.

Content talk: "If you want to sleep peacefully then wake up now…" It's comments like these that would best explain what the group is all about. Members of this group share videos of 26/11, violence in Kashmir, Salman Khan, anti-hunger campaign and other subjects like peace, liberty and justice.

Pages: Other related pages are 'Stop terror in India and specially Mumbai'. 'Stop Terror in India, Pakistan'

Anja-speak: The Mumbai attacks shook the nation and touched a chord with everyone across age groups, classes and beliefs.
Kashmir: Over four lakh Kashmiris have been displaced from their state since 1989-90. It's not surprising then that Kashmir comes third in our list of causes. 'Frontline Kashmir' supports the 'freedom movement' and has about 24,000 members.

Content talk: Peppered with calls for freedom, the comments on the walls also speak out against separatists. Pages: For various viewpoints on Kashmir, also check out Amnesty International, Revolt, I Cry, We Love Syed Ali Shah Geelani.

Anja-speak:Facebook played an important role in letting young Kashmiris voice their opinions online. It's obviously a platform for young Kashmiris who want to air grievances.
Corruption: Despite the fact that corruption is one of the foremost issues in India today, the largest group against corruption 'India Against Corruption' has only 16,499 members.

Content talk: From information on marches to news articles, this page deals with anything related to corruption in India. A much talked about issue on this page is the CWG and the 2G scam. Pages: Do check out the 'Commonwealth Jhel' page as well and the 'I Paid A Bribe' and 'Choosna Bandh Campaign'!

Anja-speak: It's a topic that unites people across classes in India. With big scams unfolding every other day, people are definitely interested in such a group.
Free Binayak Sen: With 8,479 'likes', the Facebook page 'Release Dr Binayak Sen: Protest against mockery of justice against him', a cause by the same name that is supported by 7,745 people, stands as the most popular group.

Content talk: The campaign on Facebook is an offshoot of a section of society that believes Dr Sen has been denied justice by the state and speaks of all related matters including the sedition law. Pages: There are 15 groups and 22 pages related to Dr Binayak Sen, including 'Free Binayak Sen! Repeal Section 124A IPC' and 'Free Binayak Sen - Global Campaign'.

Anja-speak: This campaign owes its success, in terms of its outreach, to years of determination and relentless action by those that support Dr Sen.

This article by Malvika Nanda was published in the Hindustan Times on March 13, 2011. Read the original here

For more details visit https://cis-india.org/news/cause-and-effect

Govt proposal to muzzle bloggers sparks outcry

praskrishna — 2011-04-01T15:46:23Z

A government proposal seeking to police blogs has come in for severe criticism from legal experts and outraged the online community. The draft rules, drawn up by the government under the Information Technology Amendment Act, 2008, deal with due diligence to be observed by an intermediary. This article was published in the Times of India on March 10, 2011.

Under the Act, an 'intermediary' is defined as any entity which on behalf of another receives, stores or transmits any electronic record. Hence, telecom networks, web-hosting and internet service providers, search engines, online payment and auction sites as well as cyber cafes are identified as intermediaries. The draft has strangely included bloggers in the category of intermediaries, setting off the online outcry.

Blogs are clubbed with network service providers as most of them facilitate comment and online discussion and preserve the traffic as an electronic record, but equating them with other intermediaries is like comparing apples with oranges, says Pavan Duggal, advocate in the Supreme Court and an eminent cyber law expert.

'This will curtail the freedom of expression of individual bloggers because as an intermediary they will become responsible for the readers' comments. It technically means that any comment or a reader-posted link on a blog which according to the government is threatening, abusive, objectionable, defamatory, vulgar, racial, among other omnibus categories, will now be considered as the legal responsibility of the blogger," he explains.

Even Google, the host of Blogger, among India's most popular blogging sites, expressed displeasure at the proposal. "Blogs are platforms that empower people to communicate with one another, and we don't believe that an internet middlemen should be held unreasonably liable for content posted by users," a spokesperson told TOI.

Blogs, which are typically maintained and updated by individuals, have showcased their political importance in recent times and the internet community views these rules as a lopsided attempt to curtail an individual's right to expression.

"If individual blogs are an intermediary, then why can't Facebook and Twitter also be classified as such, as they too receive, store and transmit electronic records and facilitate online discussions," retorts the spokesperson of the Centre for Internet and Society (CIS), a Bangalore-based organization, which works on digital pluralism. "These rules will not only bring bloggers and the ISP provider on the same platform, but the due diligence clause will also result in higher power of censorship to the larger player. Imagine your ISP provider blocking your blog because it finds that certain user-comments fit these omnibus terms," the CIS spokesperson added.

Most experts, including Duggal, see these rules as the outcome of the government's one-size-fits-all approach — at least in regulating online activities — and ask for an amendment to the IT Act.

Read the original article in the Times of India here

For more details visit https://cis-india.org/news/govt-proposal

Anti-Social Network

praskrishna — 2011-04-01T15:59:51Z

Social media is driving teens to a reality they can't handle. This article by Max Martin was published in Mail Today on February 27, 2011.

THIS is the generation of instant messaging and two-minute noodles. Impatient teenagers are always plugged in to their computers and cell phones. Their reality is virtual and most of their friends can be found online. "It's the coolest way to keep in touch," says Charlotte William, a college student in Bangalore whose Facebook was got flooded with birthday greetings on Saturday. Her FB page is an almost-instantly updated open book of her life.

Such minute-by-minute minute updates are an integral part of any teenager's life but the older generation is cautious. Not just old-fashioned people but even the tech-savvy are raising several issues with this uncontrolled explosion of social networking. India is the seventh largest social networking market in the world, with millions of users and many issues like privacy, etiquette, commercial, and political interests. Even though people have control over the information they post online, unauthorised access -- usage and republication -- is a major cause of concern, says Nikhil Pahwa, who publishes MediaNama, a mobile business news site based in Delhi. "You put up information about friends and family without realising the enormous consequences of it being in the public domain," says Pahwa.

"I see a lot of people exchanging personal messages and phone numbers on their walls. A lot of people are rather nonchalant about it," says Christian Wolff, a German development researcher, living in Hyderabad, who finds it amazing how Indians are not as concerned about their privacy as they should be. Bangalore-based lawyer Sarim Naved says the internet gives people a misplaced sense of anonymity, which makes them shed their inhibitions -- and etiquette. Should you allow a friend to post pictures of you from that crazy party last night? What if a family member sees them? We still live by traditional values and customs and footloose pictures may not be appreciated.

And while you may think that your privacy settings are in place to never allow such an unfortunate incident take place, privacy settings give a false sense of security. "Many people cannot figure out how to put filters on," says Yamini Atmavilas, a teacher of gender studies in Hyderabad. She also says that social networking is a mixed bag: "Studies show that women use social networks differently from men. They have helped build women's social capital, providing an outlet for connection and expression."

AARTI Mundkur, who was involved in the national 'Pink Chaddi' campaign against the pub-attacking Sri Ram Sene, agrees. "Social networks capture only the imagination of the upper middle class -- and fail to evoke any other kind of response," says this activist lawyer. While the social media is powerful -- and can be used for many purposes -- it is limited in scope.

Also, these sites are turning into what Wolff calls 'all-devouring marketing machines'. Facebook, for instance, is always in the midst of some controversy over its automatic personalisation or using technology to accommodate differences between individuals, so that disbursing personalised advertisements gets easier. Most of us do not realise that every little bit of information we post online is under the scrutiny of corporate entities that analyse and track browsing, spending, networking, and even music preferences.

"They make money with the data you post online for free," says Anivar Aravind, an IT consultant and commentator who started the online campaign for justice for Binayak Sen. "Even worse is when these service providers pass on this personal information to the government as Yahoo did in China leading to the imprisonment of a journalist," says Aravind.

Also getting increasingly active in the online circuit are crooks, says Shantanu Ghosh, who handles the India product operations of Symantec, a leading network and computer security firm. These crooks, he says, launch virus attacks, put up false events to attract people, and spoof networking sites to extract personal data.

"This attack was observed before the Cricket World Cup 2011. Attackers had created a page offering ticket deals for the World Cup final in Mumbai, requiring users to log into their social networking accounts. Those who fell for this trick would have ended up revealing their confidential login information to these attackers." Ghosh advises: "You should treat anything you see online with skepticism -- especially if it involves clicking a link or installing an application." Also make sure you check and understand privacy policies and settings.

This is even more important because existing laws on cyber crime are not strong enough. Also, the question whether new laws will be effective remains.

"It really depends on the law. If it goes into too much detail then it will be rendered irrelevant because of advancements in technology," says Sunil Abraham, who heads Centre for Internet and Society, a Bangalore-based research group. "A good law usually focuses on principles. What we need in India is a privacy regulator that can dynamically interpret the principles in law to quickly react to developments on the internet."

Read the article in Mail Today here
Also see the article in the Free Library here
Download the news from Mail Today here (pdf, 2.92 MB)

For more details visit https://cis-india.org/news/anti-social-network

New Indian Rules May Make Online Censorship Easier

praskrishna — 2011-04-01T15:57:20Z

Draft rules proposed by the Indian government for intermediaries such as telecommunications companies, Internet service providers and blogging sites could in effect aid censorship, according to experts. The article by John Ribeiro was published in Yahoo News on March 7, 2011.

Under the draft rules, intermediaries will have to notify users of their services not to use, display, upload, publish, share or store a variety of content, for which the definition is very vague, and liable to misuse.

Content that is prohibited under these guidelines ranges from information that may "harm minors in any way" to content that is "harmful, threatening, abusive."

Some of the terms are so vague that to stay on the right side of the law, intermediaries may in effect remove third-party content that is even mildly controversial, said Pavan Duggal, a cyberlaw consultant and advocate in India's Supreme Court.

While the definition of some of the terms like obscenity have been ruled on by India's Supreme Court, some of the other terms do not have a precise legal definition, said Pranesh Prakash, program manager at the Centre for Internet and Society, a research and advocacy group focused on consumer and citizen rights on the Internet.

"Would creating a Facebook profile for a minor, for example be considered as harming a minor ?" Duggal said.

The draft rules are secondary legislation framed by the government under the country's Information Technology (Amendment) Act of 2008. Under the IT Act, an intermediary is not liable for any third-party information, data, or communication link made available or hosted by him, if among other things, he has observed due diligence under the draft rules.

The new rules will give rise to subjective interpretations, thus giving a lot of discretion to non-judicial authorities in the country to decide whether the intermediary has observed due diligence or not, Duggal said.

According to the draft rules, an intermediary has to inform users that in case of non-compliance of its terms of use of the services and privacy policy, it has the right to immediately terminate the access rights of the users to its site. After finding out about infringing content, either on its own or through the authorities, the intermediary has to work with the user or owner of the information to remove access to the information.

Rather than recognizing the diversity of the businesses of intermediaries, the draft rules use a "one-size, fits all" set of rules across a variety of intermediaries including telecom service providers, online payment sites, e-mail service providers, and Web hosting companies, Duggal said.

An intermediary such as a site with user-generated content, like Wikipedia, would need different terms of use from an intermediary such as an e-mail provider, because the kind of liability they accrue are different, Prakash wrote in his blog.

The draft rules also add new provisions that appear designed to give the government easier access to content from intermediaries. Intermediaries will be required to provide information to authorized government agencies for investigative, protective, cybersecurity or intelligence activity, according to the rules.

Information will have to be provided for the purpose of verification of identity, or for prevention, detection, prosecution and punishment of offenses, on a written request stating clearly the purpose of seeking such information, the rules add.

The IT Act already has specific procedures in this connection for very specific information requirements, but the draft rules have broadened this to a general requirement for intermediaries to provide information, Prakash said. The new rule could in fact be a way of circumventing the earlier laws, he added.

The draft rules assume significance in the context of recent moves by the Indian government to get Research In Motion to provide access to information on BlackBerry services in India. While providing lawful access to its consumer services like BlackBerry Messenger, RIM has declined to provide access to its corporate service, BlackBerry Enterprise Server, claiming that it does not have access to customers' encryption keys.

The Indian government has previously also said it would demand lawful access from Google's Gmail and Skype, but has not taken any action so far in this direction.

The draft rules will require compliance from a number of entities who until now had thought they were outside the ambit of compliance, Duggal said.

Google did not immediately respond to e-mailed requests for its comments on the new rules. Microsoft said that the government should set the policy objectives and provide directional framework, and still allow flexibility to intermediaries to set the data protection measures as they deem fit for different situations and services.

"We believe that the intermediary should be obliged to take down non-compliant content on being notified of the same as well as terminate access rights for those who use these platforms for dissemination of non-compliant content," Microsoft said in an e-mailed statement. Non-compliance include, but is not limited to, copyrights, it added.

John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service.

Read the original in Yahoo News here

For more details visit https://cis-india.org/news/online-censorship