Centre for Internet and Society

Submission to the Facebook Oversight Board: Policy on Cross-checks

2022-02-09T05:31:32Z

The Centre for Internet & Society (CIS) submitted public comments to the Facebook Oversight Board on a policy consultation.

Whether a cross-check system is needed?

Recommendation for the Board: The Board should investigate the cross-check system as part of Meta’s larger problems with algorithmically amplified speech, and how such speech gets moderated.

Explanation: The issues surrounding Meta’s cross-check system are not an isolated phenomena, but rather a reflection of the problems of algorithmically amplified speech, as well the lack of transparency in the company’s content moderation processes at large. At the outset, it must be stated that the majority of information on the cross-check system only became available after the media reports published by the Wall Street Journal. While these reports have been extensive in documenting various aspects of the system, there is no guarantee that the disclosures obtained by them provides the complete picture regarding the system. Further, given that Meta has been found to purposely mislead the Board and the public on how the cross-check system operates, it is worth investigating the incentives that necessitate the cross-check system in the first place.

Meta claims that the cross-check system works as a check for false positives: they “employ additional reviews for high-visibility content that may violate our policies.” Essentially they want to make sure that content that stays up on the platform and reaches a large audience, is following their content guidelines. However, previous disclosures have proven policy executives have prioritized the company’s ‘business interests’ over removing content that violates their policies; and have waited to act on known problematic content until significant external pressure was built up, including in India. In this context, the cross-check system seems less like a measure designed to protect users who might be exposed to problematic content, and more as a measure for managing public perception of the company.

Thus the Board should investigate both how content gains an audience on the platform, and how it gets moderated. Previous whistleblower disclosures have shown that the mechanics of algorithmically amplified speech, which prioritizes engagement and growth over safety, are easily taken advantage of by bad actors to promote their viewpoints through artificially induced virality. The cross-check system and other measures of content moderation at scale would not be needed if it was harder to spread problematic content on the platform in the first place. Instead of focusing only on one specific system, the Board needs to urge Meta to re-evaluate the incentives that drive content sharing on the platform and come up with ways that make the platform safer.

Meta’s Obligations under Human Rights Law

Recommendation for the Board: The Board must consider the cross-check system to be violative of Meta’s obligations under the International Covenant of Civil and Political Rights (ICCPR). Additionally, the cross-check ranker must be incorporated with Meta’s commitments towards human rights, as outlined in its Corporate Human Rights Policy.

Explanation: Meta’s content moderation, and by extension, its cross-check system, is bound by both international human rights law as well as the Board’s past decisions. At the outset, The system fails the three-pronged test of legality, legitimacy and necessity and proportionality, as delineated under Article 19(3) of the International Covenant of Civil and Political Rights (ICCPR). Firstly, this system has been “scattered throughout the company, without clear governance or ownership”, which violates the legality principle, since there is no clear guidance on what sort of speech, or which classes of users, would deserve the treatment of this system. Secondly, there is no understanding about the legitimacy of aims with which this system had been set up in the first place, beyond Meta’s own assertions, which have been countered by evidence to the contrary. Thirdly, the necessity and proportionality of the restriction has to be read along with the Rabat Plan of Action, which requires that for a statement to become a criminal offense, a six-pronged test of threshold is to be applied: a) the social and political context, b) the speaker’s position or status in the society, c) intent to incite the audience against a target group, d) content and form of the speech, e) extent of its dissemination and f) likelihood of harm. As news reports have indicated, Meta has been utilizing the cross-check system to privilege speech from influential users, and in the process, have shielded inflammatory, inciting speech that would have otherwise qualified the Rabat threshold. As such, the third requirement is not fulfilled either.

Additionally, Meta’s own Corporate Human Rights Policy commits to respecting human rights in line with the UN Guiding Principles on Business and Human Rights (UNGPs). Therefore, the cross-check ranker must incorporate these existing commitments to human rights, including:

The right to freedom of expression:, UN Special Rapporteur on freedom of opinion and expression report A/HRC/38/35 (2018); Joint Statement of international freedom of expression monitors on COVID-19 (March, 2020).

The Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the regulation of user-generated online content.

The Joint Statement issued regarding Governmental promotion and protection of access to and free flow of information during the pandemic.

The right to non-discrimination: International Convention on the Elimination of All Forms of Racial Discrimination (ICERD), Articles 1 and 4.

Article 1 of the ICERD defines racial discrimination.

Article 4 of the ICERD condemns propaganda and organisations that attempt to justify discrimination or are based on the idea of racial supremacism.

Participation in public affairs and the right to vote: ICCPR Article 25.
The right to remedy: General Comment No. 31, Human Rights Committee (2004) (General Comment 31); UNGPs, Principle 22.

The General Comment discusses the nature of the general legal obligation imposed on State Parties to the Covenant.

Guiding Principle 22 states that where business enterprises identify that they have caused or contributed to adverse impacts, they should provide for or cooperate in their remediation through legitimate processes.

Meta’s obligations to avoid political bias and false positives in its cross-check system

Recommendation for the Board: The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to ensure that it is open about risks to user rights when there is involvement from the State in content moderation. Additionally, the Board must ask Meta to undertake a diversity and human rights audit of its existing policy teams, and commit to regular cultural training for its staff. Finally, the Board must investigate the potential conflicts of interest that arise when Meta’s policy team has any sort of nexus with political parties, and how that might impact content moderation.

Explanation: For the cross-check system to be free from biases, it is important for Meta to come clear to the Board regarding the rationale, standards and processes of the cross check review, and report on the relative error rates of determinations made through cross check compared with ordinary enforcement procedures. It also needs to disclose to the Board in which particular situations it uses the system and in which it does not. Principle 4 under the Foundational Principles of the Santa Clara Principles on Transparency and Accountability in Content Moderation encourage companies to realize the risk to user rights when there is involvement from the State in processes of content moderation and asks companies to makes users aware that: a) a state actor has requested/participated in an action on their content/account, and b) the company believes that the action was needed as per the relevant law. Users should be allowed access to any rules or policies, formal or informal work relationships that the company holds with state actors in terms of content regulation, the process of flagging accounts/content and state requests to action.

The Board must consider that erroneous lack of action (false positives) might not always be a system's flaw, but a larger, structural issue regarding how policy teams at Meta functions. As previous disclosures have proven, the contours of what sort of violating content gets to stay up on the platform has been ideologically and politically coloured, as policy executives have prioritized the company’s ‘business interests’ over social harmony. In such light, it is not sufficient to simply propose better transparency and accountability measures for Meta to adopt within its content moderation processes to avoid political bias. Rather, the Board’s recommendations must focus on the structural aspect of the human moderator and policy team that is behind these processes. The Board must ask Meta to a) urgently undertake a diversity and human rights audit of its existing team and its hiring processes, b) commit to regular training to ensure that their policy staffs are culturally literate in the socio-political regions they work in. Further, the Board must seriously investigate the potential conflicts of interest that happen when regional policy teams of Meta, with nexus to political parties, are also tasked with regulating content from representatives of these parties, and how that impacts the moderation processes at large.

Finally, in case decision 2021-001-FB-FBR, the Board made a number of recommendations to Meta which must be implemented in the current situation, including: a) considering the political context while looking at potential risks, b) employment of specialized staff in content moderation while evaluating political speech from influential users, c) familiarity with the political and linguistic context d) absence of any interference and undue influence, e) public explanation regarding the rules Meta uses when imposing sanctions against influential users and f) the sanctions being time-bound.

Transparency of the cross-check system

Recommendation for the Board: The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to increase the transparency of its cross-check system.

Explanation: There are ways in which Meta can increase the transparency of not only the cross-check system, but the content moderation process in general. The following recommendations draw from The Santa Clara Principles and the Board’s own previous decisions:

Considering Principle 2 of the Santa Clara Principles: Understandable Rules and Policies, Meta should ensure that the policies and rules governing moderation of content and user behaviors on Facebook are clear, easily understandable, and available in the languages in which the user operates.

Drawing from Principle 5 on Integrity and Explainability and from the Board’s recommendations in case decision 2021-001-FB-FBR which advises Meta to“Provide users with accessible information on how many violations, strikes and penalties have been assessed against them, and the consequences that will follow future violations”, Meta should be able to explain the content moderation decisions to users in all cases: when under review, when the decision has been made to leave the content up, or take it down. We recommend that Meta keeps a publicly accessible running tally of the number of moderation decisions made on a piece of content till date with their explanations. This would allow third parties (like journalists, activists, researchers and the OSB) to keep Facebook accountable when it does not follow its own policies, as has previously been the case.

In the same case decision, the Board has also previously recommended that Meta “Produce more information to help users understand and evaluate the process and criteria for applying the newsworthiness allowance, including how it applies to influential accounts. The company should also clearly explain the rationale, standards and processes of the cross-check review, and report on the relative error rates of determinations made through cross-checking compared with ordinary enforcement procedures.” Thus, Meta should publicly explain the cross check system in detail with examples, and make public the list of attributes that qualify a piece of content for secondary review.

The Operational Principles further provide actionable steps that Meta can take to improve the transparency of their content moderation systems. Drawing from Principle 2: Notice and Principle 3: Appeals, Meta should make a satisfactory appeals process available to users - whether they be decisions to leave up or takedown content. The appeals process should be handled by context aware teams. Meta should then publish the results of the cross check system and the appeals processes as part of their transparency reports including data like total content actioned, rate of success in appeals and cross check process, decisions overturned and preserved etc, which would also satisfy the first Operational Principle: Numbers.

Resources needed to improve the system for users and entities who do not post in English

Recommendations for the Board: The Board must urge Meta to urgently invest in resources to expand Meta’s content moderation services into the local contexts in which the company operates and invest in training data for local languages.

Explanation: The cross-check system is not a fundamentally different problem than content moderation. It has been shown time and time again that Meta’s handling of content from non-Western, non-English language contexts is severely lacking. It has been shown how content hosted on the platform has been used to inflame existing tensions in developing countries, promote religious hatred in India, genocide in Mynmar, and continue to support human traffickers and drug cartels on the platform even when these issues have been identified.

There is an urgent need to invest resources to expand Meta’s content moderation services into the local contexts in which the company operates. The company should make all policies and rule documents available in the languages of its users; invest in creating automated tools that are capable of flagging content that is not posted in English; and add people familiar with the local contexts to provide context aware second level reviews. The Facebook Files show that even according to company engineering, automated content moderation is still not very effective in identifying hate speech and other harmful content. Meta should focus on hiring, training and retaining human moderators who have knowledge of local contexts. Bias training of all content moderators, but especially those who will participate in the second level reviews in the cross check system is also extremely important to ensure acceptable decisions.

Additionally, in keeping with Meta’s human rights commitments, the company should develop and publish a policy for responding to human rights violations when they are pointed out by activists, researchers, journalists and employees as a matter of due process. It should not wait for a negative news cycle to stir them into action as it seems to have done in previous cases.

Benefits and limitations of automated technologies

Meta recently changed its moderation practice wherein it uses technology to prioritize content for human reviewers based on their severity index. Facebook has not specified the technology it uses to prioritize high-severity content but its research record shows that it uses a host of automated frameworks and tools to detect violating content, including image recognition tools, object detection tools, natural language processing models, speech models and reasoning models. One such model is the Whole Post Integrity Embeddings (“WPIE”) which can judge various elements in a given post (caption, comments, OCR, image etc.) to work out the context and the content of the post. Facebook also uses image matching models (SimSearchNet++) that are trained to match variations of an image with a high degree of precision and improved recall; multi-lingual masked language models on cross-lingual understanding such as XLM-R that can accurately identify hate-speech and other policy-violating content across a wide range of languages. More recently, Facebook introduced its machine translation model called the M2M-100 whose goal is to perform bidirectional translation between 7000 languages.

Despite the advances in this field, there are inherent limitations of such automated tools. Experts have repeatedly maintained that AI will get better at understanding context but it will not replace human moderators for the foreseeable future. One such instance where these limitations were exposed was during the COVID-19 pandemic, when Facebook sent its human moderators home - the number of removals flagged as hate speech on its platform more than doubled to 22.5 million in the second quarter of 2020 but the number of successful content appeals was dropped to 12,600 from the 2.3 million figure for the first three months of 2020.

The Facebook Files show that Meta’s AI cannot consistently identify first-person shooting videos, racist rants and even the difference between cockfighting and car crashes. Its automated systems are only capable of removing posts that generate just 3% to 5% of the views of hate speech on the platform and 0.6% of all content that violates Meta’s policies against violence and incitement. As such, it is difficult to accept the company’s claim that nearly all of the hate speech it takes down was discovered by AI before it was reported by users.

However, the benefits of such technology cannot be discounted, especially when one considers automated technology as a way of reducing trauma for human moderators. Using AI for prioritizing content for review can turn out to be effective for human moderators as it can increase their efficiency and reduce harmful effects of content moderation on them. Additionally, it can also limit the exposure of harmful content to internet users. Moreover, AI can also reduce the impact of harmful content on human moderators by allocating content to moderators on the basis of their exposure history. Theoretically, if the company’s claims are to be believed, using automated technology for prioritizing content for review can help to improve the mental health of Facebook’s human moderators.

Click to download the file here.

For more details visit https://cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-policy-on-cross-checks

Transference: Reimagining Data Systems: Beyond the Gender Binary

torsha — 2021-12-15T12:58:31Z

The Centre for Internet and Society (CIS) invites you to participate in a day-long convening on the rights of transgender persons, specifically right to privacy and digital rights. Through this convening, we hope to highlight the concerns of transgender persons in accessing digital data systems and the privacy challenges faced by the community. These challenges include access to their rights — their right to self-identify their gender and welfare services offered by the State and the privacy challenges faced by transgender and intersex persons in revealing their identity.

As the meaning of the word ‘Transference’ goes, through this convening, as a learning, we hope to capture and transfer the realities of transgender persons with engaging and being a part of digital data systems in India. Given the rapid digitisation of different public and private data systems in India, we hope to initiate a conversation that understands their struggles and challenges to realistically initiate the re-imagination of data systems — digital and otherwise — one that is mindful about their everyday struggles with privacy and access.

Owing to the history of systemic exclusions faced by transgender persons, it is important to highlight their difficulties in accessing technological systems and the impact on their privacy, as central issues that require serious consideration. Presently, their realities seem to be ignored by the State while designing most technology laws and policies governing digital systems.

Background

In the landmark verdict in 2014, NALSA Vs Union of India, the Supreme Court of India for the first time recognised the right of an individual to self-identify their gender as male, female or transgender. This verdict detailed nine directives to be implemented by the central and state governments in India for the inclusion of transgender persons.

Similarly, 2017 was a watershed moment in India’s constitutional history when the Supreme Court held the right to privacy to be a fundamental right. More importantly, the Court expounded on this right and held that the protection of an individual’s gender identity is an essential component of the right to privacy and that privacy at its core includes the preservation of personal intimacies, autonomy, the sanctity of family life, marriage, procreation, the home and sexual orientation.

The 2017 privacy judgement led to the Supreme Court pronouncing the Navtej Johar v Union of India in 2018, striking down the Koushal judgement and decriminalising acts of consensual non-hetrosexual acts of intimacy. In 2019, the Personal Data Protection Bill, 2019 was introduced in Parliament for the regulation and protection of personal data. The PDP Bill classifies data into two categories as (i) personal data; and (ii) sensitive personal data. As per the PDP Bill, data identifying the transgender status and intersex status falls within the ambit of sensitive personal data. Around the time of the PDP Bill being tabled in Parliament, the Transgender Persons (Protection of Rights) Act 2019 was passed by the Parliament despite severe opposition to the Bill from civil society members as well as members of Parliament.

There is a lack of clarity on the interplay between the PDP Bill and the Transgender Act and the challenges the PDP Bill may pose to the transgender community. Moving beyond mere mentions in the definition of the law through a cisgendered heteronormative lens, it is important for the discourse on data and privacy to broaden its scope to realistically include people of different sexual orientations, gender and sexual identities, gender expressions and sex characteristics.

About the Event

Through these panel discussions, we propose to highlight the concerns of transgender persons with accessing digital data systems and the privacy challenges faced by them . These challenges include access to their rights — their right to self-identify their gender and access welfare services offered by the State and the privacy challenges faced by transgender persons in revealing their identity.

The objective of these discussions is to initiate more conversations about the technological and data exclusions faced by this historically marginalised community in India. The intent is to better understand the realities of transgender persons and contribute to the larger advocacy on privacy, intersectionality and (digital) systems design.

Click to register for the event here

For more details visit https://cis-india.org/internet-governance/events/transference-reimagining-data-systems-beyond-the-gender-binary

Launching CIS’s Flagship Report on Private Crypto-Assets

Aman Nair — 2021-12-13T09:11:18Z

This event will serve as a venue to bring together the various stakeholders involved in the crypto-asset space to discuss the state of crypto-asset regulation in India from a multitude of perspectives.

About the private crypto-assets report

The first output under this agenda is our report on regulating private cryptocurrencies in India. This report aims to act as an introductory resource for policymakers who are looking to implement a regulatory framework for private crypto-assets. The report covers the technical elements of crypto-assets, their history, proposed use cases as well as its benefits and limitations. It also examines how crypto-assets fit within India’s current regulatory and legislative frameworks and makes clear recommendations for the same.

About the Event

The launch event will feature an initial presentation by researchers at CIS on the various findings and recommendations of its flagship report. This will be followed by a moderated discussion with 5 panelists who represent the space in policy, academia and industry. The discussion will be centered around the current status of crypto-assets in India, the government’s new proposed regulations and what the future holds for the Indian crypto market.

The confirmed panelists are as follows:

Tanvi Ratna - Founder, Policy 4.0 and expert on blockchain and cryptocurrencies
Shehnaz Ahmed - Senior Resident Fellow and Fintech Lead at Vidhi Centre for Legal Policy
Nithya R. - Chief Executive Officer, Unos.Finace
Prashanth Irudayaraj - Head of R&D, Zebpay
Vipul Kharbanda - Non resident Fellow specialising in Fintech at CIS
Aman Nair - Policy Offer, CIS (Moderator)

Registration link: https://us06web.zoom.us/webinar/register/WN_TdY-EPLoRvGY2rfsq4CENw

Agenda

17.30 - 17.35	Welcome Note
17.35 - 18.35	The status of private crypto assets in India Presentation on CIS’ flagship Report on regulating private crypto-assets in India Moderated discussion with panelists across industry, government, journalism and academia providing their insight as to the current and future state of private crypto-assets, and their regulation, in India.
18.35 - 19.00	Audience questions and discussion

For more details visit https://cis-india.org/internet-governance/blog/launching-flagship-cis-report-on-private-crypto-assets

Launching CIS’s Flagship Report on Private Crypto-Assets

Admin — 2021-12-03T15:16:27Z

The Centre for Internet & Society is launching its flagship report on regulating private crypto-assets in India, as part of its newly formed Financial Technology (or Fintech) research agenda. This event will serve as a venue to bring together the various stakeholders involved in the crypto-asset space to discuss the state of crypto-asset regulation in India from a multitude of perspectives.

About the private crypto-assets report

About the Event

The confirmed panelists are as follows:

Tanvi Ratna - Founder, Policy 4.0 and expert on blockchain and cryptocurrencies
Shehnaz Ahmed - Senior Resident Fellow and Fintech Lead at Vidhi Centre for Legal Policy
Nithya R. - Chief Executive Officer, Unos.Finace
Prashanth Irudayaraj - Head of R&D, Zebpay
Vipul Kharbanda - Non resident Fellow specialising in Fintech at CIS
Aman Nair - Policy Offer, CIS (Moderator)

Registration link: https://us06web.zoom.us/webinar/register/WN_TdY-EPLoRvGY2rfsq4CENw

Agenda

17.30 - 17.35

Welcome Note

17.35 - 18.35

The status of private crypto-assets in India

Presentation on CIS’ flagship Report on regulating private crypto-assets in India
Moderated discussion with panelists across industry, government, journalism and academia providing their insight as to the current and future state of private crypto-assets, and their regulation, in India.

18.35 - 19.00

Audience questions and discussion

For more details visit https://cis-india.org/internet-governance/events/launching-cis-flagship-report-on-private-crypto-assets

Panel discussion on 'How to Avoid Digital ID Systems That Put People at Risk: Lessons from Afghanistan' at Freedom Online Conference

praskrishna — 2021-12-03T14:52:35Z

Amber Sinha participated as a panelist in a panel discussion on How to Avoid Digital ID Systems That Put People at Risk: Lessons from Afghanistan at the Freedom Online Conference yesterday.

The Freedom Online Coalition (FOC) was established in 2011 in response to the growing recognition of the importance of the Internet for the enjoyment of human rights. Periodically, the FOC holds a multistakeholder Conference that aims to deepen the discussion on how online freedoms are helping to promote social, cultural and economic development. The ownership of the Conference program and outputs lies with the host country, most often the Chair of the Coalition during that year.

The aim of the panel was to use the lessons learned from the Afghanistan case to take a critical and realistic look at the implementation of digital identification programs around the world. A video of the panel can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-how-to-avoid-digital-id-systems-that-put-people-at-risk

Facial Recognition Technology in India

Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha — 2021-09-02T16:17:44Z

For more details visit https://cis-india.org/internet-governance/facial-recognition-technology-in-india.pdf

Facial Recognition Technology in India

Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha — 2021-09-02T16:21:24Z

The Human Rights, Big Data and Technology Project, University of Essex, UK and the Centre for Internet & Society (CIS) have jointly published a research paper on facial recognition technology. Authors, Elonnai Hickok, Pallavi Bedi, Aman Nair and Amber Sinha, examine technological tools such as CCTV and FRT which are increasingly being deployed by the government.

Executive Summary

Over the past two decades there has been a sustained effort at digitising India’s governance structure in order to foster development and innovation. The field of law enforcement and safety has seen significant change in that direction, with technological tools such as Closed Circuit Television (CCTV) and Facial Recognition Technology (FRT) increasingly being deployed by the government.

Yet for all its increased use, there is still a lack of a coherent legal and regulatory framework governing FRT in India. Towards informing such a framework, this paper seeks to document present uses of FRT in India, specifically by law enforcement agencies and central and state governments, understand the applicability of existing legal frameworks to the use of FRT, and define key areas that need to be addressed when using the technology in India. We also briefly look at how the coverage of FRT has increased beyond law enforcement; it now covers educational institutions, employment purposes, and it is now being used for providing Covid-19 vaccines.

We begin by examining use cases of FRT systems by various divisions of central and state governments. In doing so, it becomes apparent that there is a lack of uniform standards or guidelines at either the state or central level - leading to different FRT systems having differing standards of applicability and scope of use. And while the use of such systems seems to be growing at a rapid rate, questions around their legality persist.

It is unclear whether the use of FRT is compliant with the fundamental right to privacy as affirmed by the Supreme Court in 2017 in Puttaswamy. While the right to privacy is not an absolute right, for the state to curtail this right, the restrictions will have to comply with a three-fold requirement— first, being the need for explicit legislative mandate in instances where the government looks to curtail the right. However, the FRT systems we have analysed do not have such a mandate and are often the result of administrative or executive decisions with no legislative blessing or judicial oversight.

We further locate the use of FRT technology within the country’s wider legislative, judicial and constitutional frameworks governing surveillance. We also briefly articulate comparative perspectives on the use of FRT in other jurisdictions. We further analyse the impact of the proposed Personal Data Protection Bill on the deployment of FRT. Finally, we propose a set of recommendations to develop a path forward for the technology’s use which include the need for a comprehensive legal and regulatory framework that governs the use of FRT. Such a framework must take into consideration the necessity of use, proportionality, consent, security, retention, redressal mechanisms, purpose limitation, and other such principles. Since the use of FRT in India is also at a nascent stage, it is imperative that there is greater public research and dialogue into its development and use to ensure that any harms that may arise in the field are mitigated.

Click to download the entire research paper here

For more details visit https://cis-india.org/internet-governance/blog/hrbdt-and-cis-august-31-2021-facial-recognition-technology-in-india

June and July Newsletter

pranav — 2021-08-10T15:57:16Z

The newsletter presents the work done in the months of June and July 2021.

Announcements

We are pleased to announce the launch of a seminar series to showcase research around digital rights and technology policy, with a focus on the Global South. The CIS seminar series will be a venue for researchers to share works-in-progress, exchange ideas, identify avenues for collaboration, and curate research. It will also seek to mitigate the impact of Covid-19 on research exchange, and foster collaborations among researchers and academics from diverse geographies. For more details on the first session, on Information Disorders, and to register, click here: [link]

We are also hiring for two full time remote positions:

Research Associate: Access to Knowledge Programme: Apply by August 13 [link]
Communication Designer: Apply by August 20 [link]

Cybersecurity, Privacy, and Emerging Technology

Following the MCA notification mandating disclosures of crypto currency holdings by companies, Aryan Gupta, in an issue brief, discusses the policy landscape in the United States of America, United Kingdom, and Japan with particular emphasis upon definition, accounting practices, and taxation, with respect to crypto currencies. [link]
We submitted comments in response to the Supreme Court E-committee’s draft vision document of phase III of the E-courts project. Aman Nair, Arinjay Vyas, Pallavi Bedi and Garima Saxena submitted their general comments and recommendations, and comparatively analysed the integration of digital technology into the judiciary in both South Asia and Africa. [link]
Google’s new Privacy Sandbox platform promises to preserve anonymity when serving tailored advertising. But does this new framework help users in any way? Maria Jawed’s analysis reveals that Google’s gambit to reorient the ad-tech ecosystem under the garb of privacy, ultimately ends up undermining it. [link]
Pandemic technology is taking a toll on data privacy, especially in the absence of any legal framework; these tools are being used for purposes beyond managing the pandemic. In an article published in the Deccan Herald, Aman Nair and Pallavi Bedi argue that India’s digital response to the pandemic has stoked concerns that surveillance could pose threats to the privacy of the personal data collected. [link]
In a piece for The Wire, Aman Nair analyses Tether, a lesser known crypto currency that is at the heart of a $3 trillion market. Issued by Tether Limited, Tether forms the foundation for modern day crypto trading and could potentially be one of the biggest schemes in financial history. [link]
India has 500 million internet users — over a third of its total population — making it the country with the second largest number of internet users after China. With this comes several kinds of digital threats that an average digital consumer in India must regularly contend with. Pranav M.B. attempts to identify the existing state of digital safety in India, with a report that maps digital threats in the country. [link]
Since last year, there have been regular questions around the anti-competitive practices of digital platforms. After 46 US states filed an antitrust case against Facebook along with the Federal Trade Commission (FTC) in December 2020, Kamesh Shekar analyzed these developments in a blog post. [link]
Recently, the Indian government mandated online messaging providers to enable identification of originators of messages on their platforms. In an academic paper for the NUJS Law Review, Gurshabad Grover, Tanaya Rajwade and Divyank Katira conduct a legal and constitutional analysis of this ‘traceability’ requirement, how it can be implemented, and how these methods come with serious costs to usability, security, and privacy. [link]
The National Digital Health Mission: Health Data Management Policy seeks to establish a digital health ecosystem by creating a unique health identity (UHID) for every Indian citizen. Pallavi Bedi points out that hasty implementation of the policy without adequate safeguards not only risks the privacy and security of medical data, but also undermines trust in the system leading to low uptake. [link]
In our comments to the proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020, our analysis focuses on eight points: Definitions and Registration, Compliance, Data Protection and Surveillance, Flash Sales, Unfair Trade Practices, Jurisdictional Issues with Competition Law, Compliance with International Trade Law and Liabilities of Marketplace E-commerce Entities. [link]

Freedom of Expression, Intermediary Liability and Information Disorders

The recent “Infodemic” clearly shows that disinformation costs people’s lives. CIS, and the Global Disinformation Index have published a report that examines the risk of disinformation on digital news platforms in India, creating an index that is intended to serve donors and stakeholders with a neutral assessment of news sites that they can utilise to defund disinformation. [link]
Torsha Sarkar, Gurshabad Grover, Raghav Ahooja, Pallavi Bedi and Divyank Katira examine the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, highlighting potential benefits and harms that may arise from the rules, and making recommendations to retain the rules within constitutional bounds, and retain consistency with human rights based approaches to content regulation. [link]
The passage of the Intermediary Liability Rules, 2021, has also formalized the legal requirement for the utilization of automated tools in content moderation. In a blog-post for the KU Leuven’s Centre for IT and IP (CITIP) Blog, Shweta Mohandas and Torsha Sarkar analyze the requirement in light of concerns of freedom of expression of Internet users. [link]
Our comments to the Cinematograph (Amendment) Bill, 2021, authored by Tanvi Apte, Anubha Sinha, and Torsha Sarkar, examine the constitutionality and legality of the Bill and whether the proposed amendments are compatible with established constitutional principles, precedents, previous policy positions and existing law. [link]
Tanvi Apte and Torsha Sarkar, in a submission to the Facebook Oversight Board in Case 2021-008-FB-FBR: Brazil, Health Misinformation and Lockdowns, answer questions set out by the Board which concerned a post made by a Brazilian sub-national health official, and raised questions on health misinformation and enforcement of Facebook's community standards. [link]
In an essay for the Indian Journal of Law and Technology (IJLT), Torsha Sarkar analyzes issues rising out of the recent litigation between Trump and Twitter. Torsha examines intermediary liability issues under American law, and draws parallel for India, in light of the ongoing litigation around the suspension of advocate Sanjay Hegde’s Twitter account. [link]

Copyright & Access to Knowledge

The Indian Parliamentary Standing Committee on Commerce’s report weighs on several aspects of the Indian IPR system and issues of protection and enforcement. In a blog post, Anubha Sinha summarily notes the observations and recommendations of the Committee on the Copyright Act, 1957 which stand to impact access to knowledge. [link]
The 41st edition of the Standing Committee on Copyright and Related Rights (SCCR) organized by the World Intellectual Property Organization (WIPO) was held from 28 June to 1 July. Anubha Sinha participated in the event as a speaker and delivered statements on the Protection of Broadcasting Organisations [link], and on Limitations and Exceptions [link]. Readers can access the notes from Day 1 [link], Day 2 [link], and Days 3 & 4 [link].
The CIS Access to Knowledge team published a comparative analysis of two prominent Wikimedia initiatives, Wikipedia Asian Month and Project Tiger, to understand prevailing challenges and opportunities, and strategies to address the same. Nitesh Gill in a two-part report outlines the research questions and methods of this study [link], and then presents some of the observations and learnings [link].

Labour and Social Justice

In a flagship report on domestic and care workers on digital platforms, Aayush Rathi and Ambika Tandon argue that digital platforms are complicit in discriminating against workers on the basis of their identities, and that domestic workers continue to remain in precarious positions without any legal recognition or support. This work was jointly authored between the Centre for Internet and Society and the Domestic Workers’ Rights Union. [link]
The ongoing pandemic has raised very valid questions of access and infrastructure in India, especially during a time when the Internet and digital technologies are essential, and in many ways the ‘new normal’. P.P. Sneha and Anasuya Sengupta write in Seminar Magazine, outlining some key challenges in digitalisation and representation of non-dominant/marginalised languages on the Internet, through reflections on two recent projects related to languages and the Internet. [link]
With the onset of the national lockdown on 24th March 2020 in response to the outbreak of COVID-19, the fate of millions of migrant workers was left uncertain. In addition, lack of enumeration and registration of migrant workers became a major obstacle for all state governments and the Central Government to channelize relief and welfare measures. Ankan Barman compiled a report to qualitatively assess health conditions of migrant workers and access to welfare during the first COVID-19 lockdown, in three host-states, Tamil Nadu, Maharashtra and Haryana. [link]
Between July to November 2019, Indian Federation of App-based Transport Workers (IFAT) and International Transport Workers’ Federation (ITF) conducted 2,128 surveys across six major cities: Bengaluru, Chennai, Delhi NCR, Hyderabad, Jaipur, and Lucknow, to determine the occupational health and safety of app-based transport workers. Findings from the survey have been compiled as a report which reveals the complete absence of social security and protection of workers in a digital platform economy. [link]

For more details visit https://cis-india.org/about/newsletters/june-july-2021-newsletter

Techno-solutionist Responses to COVID-19

Amber Sinha, Pallavi Bedi and Aman Nair — 2021-08-10T15:34:06Z

The Indian state has increasingly adopted a digital approach to service delivery over the past decade, with vaccination being the latest area to be subsumed by this strategy. In the context of the need for universal vaccination, the limitations of the government’s vaccination platform Co-WIN need to be analysed.

The article by Amber Sinha, Pallavi Bedi, and Aman Nair was published in the Economic & Political Weekly, Vol. 56, Issue No. 29, 17 Jul, 2021.

Over the last two decades, slowly but steadily, the governance agenda of the Indian state has moved to the digital realm. In 2006, the National e-Governance Plan (NeGP) was approved by the Indian state wherein a massive infrastructure was developed to reach the remotest corners and facilitate easy access of government services efficiently at affordable costs. The first set of NeGP projects focused on digitalising governance schemes that dealt with taxation, regulation of corporate entities, issuance of passports, and pensions. Over a period of time, they have come to include most interactions between the state and citizens from healthcare to education, transportation to employment, and policing to housing. Upon the launch of the Digital India Mission by the union government, the NeGP was subsumed under the e-Gov and e-Kranti components of the project. The original press release by the central government reporting the approval by the cabinet of ministers of the Digital India programme speaks of “cradle to grave” digital identity as one of its vision areas. This identity was always intended to be “unique, lifelong, online and authenticable.”

Since the inception of the Digital India campaign by the current government, there have been various concerns raised about the privacy issues posed by this project. The initiative includes over 50 “mission mode projects” in various stages of implementation. All of these projects entail collection of vast quantities of personally identifiable information of the citizens. However, most of these initiatives do not have clearly laid down privacy policies. There is also a lack of properly articulated access control mechanism and doubts exist over important issues such as data ownership owing to most projects involving public–private partnership which involves a private organisation collecting, processing and retaining large amounts of data. Most importantly, they have continued to exist and prosper in a state of regulatory vacuum with no data protection legislation to govern them. Further, the state of digital divide and digital literacy in India should automatically underscore the need to not rely solely on digital solutions.

Click to read the full article here

For more details visit https://cis-india.org/internet-governance/blog/economic-and-political-weekly-july-17-2021-amber-sinha-pallavi-bedi-aman-nair-techno-solutionist-responses-to-covid-19

March - May Newsletter

pranav — 2021-08-08T15:45:45Z

Cybersecurity, and Emerging Technology

Doctrinal clarity and institutional coherence are essential for a robust cybersecurity posture. Arindrajit Basu and Pranesh Prakash analyze this in an opinion piece in The Hindu. [link]
U.S. and Indian decisions about Huawei have implications not just for their separate relations with China, but the U.S.-India bilateral as well. Arindrajit Basu and Justin Sherman co-authored an article in The Diplomat examining Huawei’s role in India [link]
In an article for The Wire, Aman Nair points out that India might miss out on NFT (non-fungible tokens) which is set to become a mainstay in the modern digital zeitgeist. [link]
Arindrajit Basu and Andre Barrinha co-wrote for the EU Cyber Direct, on outer space diplomacy in the 1960s and why cyber (security) diplomacy isn’t quite progressing as well or as fast. [link]
Arindrajit Basu, Irene Poetranto and Justin Lau co-wrote an article for Carnegie Endowment for International Peace which captures some concerns with the United Nations OEWG process dealing with cyber norms and the absence of discussion at the forum on key issues. [link]
In an article for the Observer Research Foundation, Arindrajit Basu writes about how India must avoid getting its data policy caught up in tired existing machinations and instead forge a new path that prioritizes Indian strategic interests. [link]
Aman Nair, Arinjay Vyas, Pallavi Bedi, and Garima Saxena authored a response to the Supreme Court E-committee’s draft vision document of phase III of the E-courts project. This response recommends consideration be given to the digital and gender divide, and lack of clarity in the document on several data-related aspects. [link]

Privacy

The proposed Personal Data Protection Bill, 2019 is being deliberated by the Joint Parliamentary Committee and is expected to be tabled in the Monsoon Session of Parliament. Pallavi Bedi and Amber Sinha co-authored a white paper to examine the personal data implications on welfare delivery models in India and to suggest ways to operationalise key provisions. [link]
Shweta Mohandas authored an article for Rajiv Gandhi National University of Law Student Research Review (RSRR). In this article, which forms a part of RSRR’s ‘Excerpts from Experts Blog Series,’ Shweta examines whether Indian data protection legislation can act as a check on growing workplace surveillance. [link]
Aman Nair and Arindrajit Basu examine the changes in the context of data sharing between WhatsApp and Facebook as being an anticompetitive action in violation of the Indian Competition Act, 2002. Having previously examined the implications of WhatsApp’s changes to its privacy policy in 2021, this issue brief is the second output of the series examining the effects of the changes. [link]
In a blog-post, Pallavi Bedi provides recommendations for the Covid vaccine intelligence network (Co-Win) platform. She says that as a first step it is essential that Co-Win has a separate dedicated privacy policy which conforms to the internationally accepted privacy principles and enumerated in the Personal Data Protection Bill. [link]

Freedom of Expression, and Intermediary Liability

In February, the Advertising Standards Council of India (ASCI) had issued draft rules for regulation of digital influencers, with an aim to “understand the peculiarities of [online] advertisements and the way consumers view them,” as well as to ensure that: “consumers must be able to distinguish when something is being promoted with an intention to influence their opinion or behaviour for an immediate or eventual commercial gain.” Torsha Sarkar and Shweta Mohandas respond with comments and recommendations to the rules. [link]

Copyright, and Access to Knowledge

Anubha Sinha explains what the draft national science, technology and innovation policy means for open access to scientific literature for Indians. This article was published in The Wire Science. [link]
In an article published in Info Justice, Anubha Sinha provides a summary of the progress of the copyright infringement suit against Sci-Hub and LibGen in India. [link]

Digital Cultures, and Social Justice

In a research paper, Noopur Raval offers critical historical insights from the fields of international development, anthropology, and postcolonial history to caution against both the possible harms of gender disaggregated datafication, as well as the consequences of non-participatory datafication of women. [link]
Kaarika Das, a research scholar at NIEPA and Sravya C, a researcher in the Humanizing Automation project at IIIT Bangalore published a study on migrants in India's Gig Economy. [link]
Sameet Panda and Vipul Kumar wrote a blog for Privacy International pointing the failures in the digitisation of India’s food security programme in light of the exclusion of married women of Odisha. [link]
Shreya Ghosh, a research scholar at the Centre for Political Studies, Jawaharlal Nehru University, New Delhi authored an article in EPW on access to welfare and health for women during the initial phase of the pandemic. [link]
Ambika Tandon and Aayush Rathi in a research paper, “Fault lines at the Front lines” analyze the changing employment conditions for domestic workers in the growing platform economies of South and Southeast Asia. By analyzing different platform designs and comparing regulations in India, Indonesia, Pakistan and Vietnam, the authors present a thorough picture of the situation for domestic workers in the new economy. [link]
In a blog post published by Ethical Source, Ambika Tandon throws light on artificial intelligence and allied technologies that form part of Industry 4.0 in the future of work. [link]
Ambika Tandon and Aayush Rathi authored a chapter titled “Care in the Platform Economy: Interrogating the Digital Organisation of Domestic Work in India” in a book titled “The Gig Economy: Workers and Media in the Age of Convergence.” [link]

For more details visit https://cis-india.org/about/newsletters/march-may-2021-newsletter

Finding Needles in Haystacks - Discussing the Role of Automated Filtering in the New Indian Intermediary Liability Rules

Shweta Mohandas and Torsha Sarkar — 2021-08-03T07:28:53Z

On the 25th of February this year The Government of India notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The new Rules broaden the scope of which entities can be considered as intermediaries to now include curated-content platforms (Netflix) as well as digital news publications. This blogpost analyzes the rule on automated filtering, in the context of the growing use of automated content moderation.

This article first appeared on the KU Leuven's Centre for IT and IP (CITIP) blog. Cross-posted with permission.

----

Mathew Sag in his 2018 paper on internet safe harbours discussed how the internet resulted in a shift from the traditional gatekeepers of knowledge (publishing houses) that used to decide what knowledge could be showcased, to a system where everybody who has access to the internet can showcase their work. A “content creator” today ranges from legacy media companies to any person who has access to a smartphone and an internet connection. In a similar trajectory, with the increase in websites and mobile apps and the functions that they serve, the scope of what is an internet intermediary has widened all over the world.

Who is an Intermediary?

In India the definition of “intermediary” is found under Section 2(w) of the Information Technology (IT) Act 2000, which defines an Intermediary as “with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecoms service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-marketplaces and cyber cafes”. The all-encompassing nature of the definition has allowed the dynamic nature of intermediaries to be included under the definition of the Act, and the Guidelines that have been published periodically (2011, 2018 and 2021). With more websites and social media companies, and even more content creators online today, there is a need to look at ways in which intermediaries can remove illegal content or content that goes against their community guidelines.

Along with the definition of an intermediary, the IT Act, under Section 79, provides exemptions which grant safe harbours to internet intermediaries, from liability from third-party content, and further empowers the central government to make Rules that act as guidelines for the intermediaries to follow. The Intermediary Liability Rules hence seek to regulate content and lay down safe harbour provisions for intermediaries and internet service providers. To keep up with the changing nature of the internet and internet intermediaries, India relies on the Intermediary Liability Rules to regulate and provide a conducive environment for intermediaries. In view of this provision India has as of now published three versions of the Intermediary Liability (IL) Rules. The first Rules came out in 2011, followed by the introduction of draft amendments to the law in 2018 and finally the latest 2021 version, which would supersede the earlier Rules of 2011.

The Growing Use of Automated Content Moderation

With each version of the Rules there seemed to be changes that ensured that they were abreast with the changing face of the internet and the changing nature of both content and content creator. Hence the 2018 version of the Rules showcase a push towards automated content filtering. The text of Rule 3(9) reads as follows: “The Intermediary shall deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content”.

Under Rule 3(9), intermediaries were required to deploy automated tools or appropriate mechanisms to proactively identify, remove or disable public access to unlawful content. However, neither the 2018 IL Rules, nor the parent Act (the IT Act) specified which content can be deemed unlawful. The 2018 Rules also failed to establish the specific responsibilities of the intermediaries, instead relying on vague terms like “appropriate mechanisms” and with “appropriate controls”. Hence it can be seen that though the Rules mandated the use of automated tools, neither them nor the IT Act provided clear guidelines on what could be removed.

The lack of clear guidelines and list of content that can be removed had left the decision up to the intermediaries to decide which content, if not actively removed, could cost them their immunity. It has been previously documented that the lack of clear guidelines in the 2011 version of the Rules, led to intermediaries over complying with take down notices, often taking down content that did not warrant it. The existing tendency to over-comply, combined with automated filtering could have resulted in a number of unwarranted take downs.

While the 2018 Rules mandated the deployment of automated tools, the year 2020, (possibly due to the pandemic induced work from home safety protocols and global lockdowns) saw major social media companies announcing the move towards a fully automated system of content moderation. Though the use of automated content removal seems like the right step considering the trauma that human moderators had to go through, the algorithms that are being used now to remove content are relying on the parameters, practices and data from earlier removals made by the human moderators. More recently, in India with the emergence of the second wave of the COVID19 wave, the Ministry of Electronics and Information Technology has asked social media platforms to remove “unrelated, old and out of the context images or visuals, communally sensitive posts and misinformation about COVID19 protocols”.

The New IL Rules - A ray of hope?

The 2021 version of the IL Rules provides a more nuanced approach to the use of automated content filtering compared to the earlier version. Rule 4(4) now requires only “significant social media intermediaries” to use automated tools to identity and take down content pertaining to “child sexual abuse material”, or “depicting rape”, or any information which is identical to a content that has already been removed through a take-down notice. The Rules define a social media intermediary as “intermediary which primarily or solely enables interaction between two or more users and allows them to create, upload, share, disseminate, modify or access information using its services” .The Rules also go a step further to create another type of intermediary, the significant social media intermediary. A significant social media intermediary is defined as one “having a number of registered users in India above such threshold as notified by the Central Government''. Hence what can be considered as a social media intermediary that qualifies as a significant one could change at any time.

Along with adding a new threshold (qualifying as a significant social media intermediary) the Rules, in contrast to the 2018 version, also emphasises the need of such removal to be proportionate to the interests of freedom of speech and expression and privacy of users. The Rules also call for “appropriate human oversight” as well as a periodic review of the tools used for content moderation. The Rules by using the term “shall endeavor” aids in reducing the pressure on the intermediary to set up these mechanisms. This also means that the requirement is now on a best effort basis, as opposed to the word “shall” in the 2018 version of the Rules, which made it mandatory.

Although the Rules now narrow down the instances where automated content removal can take place, the concerns around over compliance and censorship still loom. One of the reasons for concern is that the Rules still fail to require the intermediaries to set up a mechanism for redress or for appeals to such removal. Additionally, the provision that states that automated systems could remove content that have been previously taken down, creates a cause for worry as the propensity of the intermediaries to over comply and take down content has already been documented. This then brings us back to the previous issue where the social media company’s automated systems were removing legitimate news sources. Though the 2021 Rules tries to clarify certain provisions related to automated filtering, like the addition of the safeguards, the Rules also suffer from vague provisions that could cause issues related to compliance. The use of terms such as “proportionate”, “having regard to free speech” etc. fail to lay down definitive directions for the intermediaries (in this case SSMI) to comply with. Additionally, as earlier stated, being qualified as a SSMI can change at any time, either based on the change in the number of users, or the change in the threshold of users, mandated by the government. The absence of human intervention during removal, vague guidelines and fear of losing out on safe harbour provisions, add to the already increasing trend of censorship in social media. With the use of automated means and the fast, and almost immediate removal of content would mean that certain content creators might not even be able to post their content online. With the use of proactive filtering through automated means the content can be removed almost immediately. With India’s current trend of new internet users, some of these creators would also be first time users of the internet.

Conclusion

The need for automated removal of content is understandable, based not only on the sheer volume of content but also the nightmare stories of the toll it takes on human content moderators, who otherwise have to go through hours of disturbing content. Though the Indian Intermediary Liability Guidelines have improved from the earlier versions in terms of moving away from mandating proactive filtering, there still needs to be consideration of how these technologies are used, and the laws should understand the shift in the definition of who a content creator is. There needs to be ways of recourse to unfair removal of content and a means to get an explanation of why the content was removed, via notices to the user. In the case of India, the notices should be in Indian languages as well, so that the people are able to understand them.

In the absence of further clear guidelines, the perils of over-censorship by the intermediaries in order to stay out of trouble could lead to further stifling of not just freedom of speech but also access to information. In addition, the fear of content being taken down or even potential prosecution could mean that people resort to self-censorship, preventing them from exercising their fundamental rights to freedom of speech and expression, as guaranteed by the Indian Constitution. We hope that the next version of the Rules take a more nuanced approach to automated content removal and ensure adequate and specific safeguards to ensure a conducive environment for both intermediaries and content creators.

For more details visit https://cis-india.org/internet-governance/blog/finding-needles-in-haystacks-discussing-the-role-of-automated-filtering-in-the-new-indian-intermediary-liability-rules

The Ministry And The Trace: Subverting End-To-End Encryption

Gurshabad Grover, Tanaya Rajwade and Divyank Katira — 2021-07-12T08:18:18Z

A legal and technical analysis of the 'traceability' rule and its impact on messaging privacy.

The paper was published in the NUJS Law Review Volume 14 Issue 2 (2021).

Abstract

End-to-end encrypted messaging allows individuals to hold confidential conversations free from the interference of states and private corporations. To aid surveillance and prosecution of crimes, the Indian Government has mandated online messaging providers to enable identification of originators of messages that traverse their platforms. This paper establishes how the different ways in which this ‘traceability’ mandate can be implemented (dropping end-to-end encryption, hashing messages, and attaching originator information to messages) come with serious costs to usability, security and privacy. Through a legal and constitutional analysis, we contend that traceability exceeds the scope of delegated legislation under the Information Technology Act, and is at odds with the fundamental right to privacy.

Click here to read the full paper.

For more details visit https://cis-india.org/internet-governance/blog/the-ministry-and-the-trace-subverting-end-to-end-encryption

State of Consumer Digital Security in India

pranav — 2021-07-05T11:07:24Z

This report attempts to identify the existing state of digital safety in India, with a mapping of digital threats, which will aid stakeholders in identifying and addressing digital security problems in the country. This project was funded by the Asia Foundation.

Since 2006, successive Union governments in India have shown increased focus on digital governance. The National e-Governance Plan was launched by the UPA government in2006, and several digital projects led by the state such as digitisation of the filing of taxes, appointment process for passports, corporate governance, and the Aadhaar programme(India’s unique digital identity system that utilises biometric and demographic data) arose under it, in the form of mission mode projects (projects that are part of a broader National e-governance initiative, each focusing on specific e-Governance aspects, like banking, land records, or commercial taxes). In 2014, when the NDA government came to power, the National e-Governance Plan was subsumed under the government’s flagship project of Digital India, and several mission mode projects were added. In the meantime, the internet connectivity, first in the form of wire connectivity, and later in the form of mobile connectivity has increased greatly. In the same period, use of digital services, first in new services native to the Internet such as email, social networking, instant messaging, and later the platformization and disruption of traditional business models in transportation, healthcare, finance and virtually every sector, has led to a deluge of digital private service providers in India.

Currently, India has 500 million internet users — over a third of its total population — making it the country with the second largest number of Internet users after China. The uptake of these technological services has also been accompanied by several kinds of digital threats that an average digital consumer in India must regularly contend with. This report is a mapping of consumer-facing digital threats in India and is intended to aid stakeholders in identifying and addressing digital security problems. The first part of the report categorises digital threats into four kinds, Personal Data Threats, Online Content Related Threats, Financial Threats, and Online Sexual Harassment Threats. Threats under each category are then defined, with detailed consumer-facing consequences, and past instances where harm has been caused because of these threats.

Read the full report here.

For more details visit https://cis-india.org/internet-governance/blog/state-of-consumer-digital-security-in-india

At the Heart of Crypto Investing, There is Tether. But Will its Promise Pan Out?

aman — 2021-07-01T14:46:46Z

The $18.5 million fine levied by the New York attorney general’s office earlier this year to settle a legal dispute, raises more questions than answers.

The article was published in the Wire on June 30, 2021.

Cryptocurrencies have become the centerpiece of the global digital zeitgeist in 2021. Anyone remotely familiar with them would probably be able to name a few of the famous ones like Bitcoin and Ethereum.

However, there exists a lesser known cryptocurrency at the heart of this $ 3 trillion market, Tether. Issued by the company Tether.ltd, Tether forms the foundation for modern day crypto trading and could potentially be one of the biggest schemes in financial history.

Tether is a special type of cryptocurrency known as a stablecoin. Unlike coins such as Bitcoin and Ethereum, Tether’s monetary value is not a function of the forces of the crypto market but is rather pegged to the US Dollar. What this means is that 1 Tether will always be worth exactly 1 USD. This fixed value has allowed it to occupy a unique position within the crypto ecosphere, with it becoming the de facto standard of liquidity within these markets by acting as a widely accepted substitute to the US dollar.

At present, buying cryptocurrency using traditional fiat money (like dollars or rupees) comes with certain challenges. Purchasing with traditional currencies requires the use of banking services that come with a host of fees and time delays. At the same time, purchasing one type of crypto coin like Bitcoin with another coin like Ethereum can prove difficult due to the constantly shifting values of both coins. This is where Tether comes in. Acting as a bridge between the traditional financial world and the crypto market, it has become a sort of digital dollar — one that makes cryptocurrency trading significantly easier.

The problem with tether

On the surface, Tether seems like a perfectly reasonable innovation that looks to fill in the gaps that exist within the market. Dig a little deeper than the surface and the discrepancies start to appear.

The premise of Tether’s appeal comes from its value being pegged to the US dollar. The company initially claimed to have achieved this by ensuring that their currency was “fully backed” by cash reserves.

The process looked something like this: You gave the company 1 US dollar and they gave you 1 Tether that you could use to make other crypto purchases. If you returned your Tether, you would get your dollar back and the Tether you returned would be ‘burned’ (removed from circulation). This meant that for every Tether that existed the company would have 1 corresponding dollar in reserve in the bank, ensuring that the currency was backed.

An illustrated image shows US dollars, cryptocurrency and NFT written on a phone. Photo: Marco Verch/Flickr CC BY 2.0

However, there was an enormous flaw in this system. Since Tether.ltd was the sole creator of the coin, it could create as many of them as it wanted while falsely claiming that these new Tethers were also backed fully by cash reserves. And this is exactly what is alleged to have happened in a case brought forward against Tether.ltd by the New York Attorney General’s office. The filings made by the attorney general noted that in their investigation they found that not only did the company have inadequate reserves to back the number of Tethers in circulation, but that there were significant periods of time wherein the company did not have any bank accounts or any access to banking at all — thereby exposing Tethers claims of being backed as being demonstrably false.

The scam was alleged to have worked as follows. First, the company would issue new coins that were not actually backed by any corresponding dollars. These new Tethers were then transferred to Bitfinex – a cryptocurrency exchange that was owned by Tether.ltd. These unbacked Tethers would then be used to buy bitcoin, with the momentum from this increased demand causing the price of bitcoin to rise. They would then exchange their newly appreciated bitcoins for actual US dollars — thereby essentially creating real money where none had previously existed. While there is no conclusive evidence for this being true, research has pointed to increased tether supply causing a boom in bitcoin prices in 2017.

The company has since altered its claim from being backed by cash reserves, to now being backed by a number of assets (which it refers to as its ‘reserves’) – of which cash only formed a small subset. It maintains that the cumulative value of their assets does equal the number of Tethers in circulation, though it is worth noting that the veracity of these claims has been consistently challenged.

How does this affect the rest of the crypto market?

Tether’s problems are unfortunately not limited to itself, but rather affect the entire crypto marketplace. If the New York Attorney General’s filings are true, then it would mean that a significant amount of the demand in the crypto market could potentially not be backed by any actual purchasing power and that the price of cryptocurrencies like bitcoin have been artificially inflated.

If Tether was ever found (either by a regulatory body or through leaks) to have been creating unbacked units of its currency then it would result in a significant amount of buying pressure disappearing from the crypto market. And since Tether isn’t just any other cryptocurrency but rather is a medium for exchange in the crypto world, its downfall would have severe knock on effects that could cause a serious crash in the entire crypto market.

Quantifying such knock-on effects would be extremely difficult, however as previously mentioned, research has clearly outlined a significant causal relationship between tether’s supply and increased bitcoin prices. This leads to the conclusion that the reverse would likely be true; that a rapid decrease in tethers would cause a significant decrease in the price of bitcoin and other cryptocurrencies.

Ultimately, no one knows for sure whether Tether is a scheme or not. However, mounting evidence from a number of independent sources have all pointed to discrepancies in the company’s functioning. What is clear is that, if the allegations are in fact true, then Tether poses a serious risk to the entire crypto marketplace and investors.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-aman-nair-june-30-2021-cryptocurrency-tether-stablecoin-dollar

Advanced biometric technologies and new market entries tackle fraud, chase digital ID billions

Chris Burt — 2021-06-28T01:13:05Z

Amid forecasts of rapid growth and huge market potential, digital ID platforms launches by Techsign and Ping Identity, new services, features and even an investment fund have been launched.

The blog post by Chris Burt was published by Biometric Update on June 26, 2021.

A new camera solution for under-display 3D face biometrics from Infineon and partners, and IPO filings by Clear and SenseTime show parallel investment activity in biometrics, meanwhile, and experts from Veridium and Intellicheck provide insight into the shifting technology and fraud landscapes, among the most widely-read stories this week on Biometric Update.

Top biometrics news of the week

Several areas of the digital identity market continued to be very active, with a new investment fund launched to support startups in digital commerce and payments, Yoti joining a regulatory sandbox, Techsign launching a digital ID platform, and Mastercard and b.well reporting positive results from a recent pilot for their biometric healthcare platform. All this activity contributes to explaining Juniper Research’s forecast of rapid growth in the sector to $16.7 billion in 2026, driven largely by spending on remote onboarding.

Okta CEO Todd McKinnon, meanwhile, told Barron’s that the total addressable market for identity and access management providers like Okta is something like $80 billion, as well as that effective integration is the key to solving biometrics challenges in the space. Entrust and Yubico formed an integration partnership, LoginRadius launched a new feature, Jamf launched a biometric tool for enterprises, and a certification program for IAM professionals was launched.

A list of goods for sale on the dark web includes a listing for selfies holding an American ID credential, which in theory could be used in a biometric spoofing attack. Cybersecurity researcher Luana Pascu helps guide readers through the report, and shares insights such as on the status of faked vaccination certificates on dark web marketplaces.

Ensuring the validity of the ID document a biometric identity verification process is based on, without adding too much friction, often means adopting layered risk profiling, Intellicheck CEO Bryan Lewis tells Biometric Update in a sponsored post. The company has deep roots in detecting fraudulent documents and has found that even scanning the barcode on an identity document will not necessarily catch a fake if the unique security elements are not validated as part of the scan.

Fourthline Anti-Financial Crime Head Ro Paddock writes in a Biometric Update guest post about the ever-increasing sophistication of fraud attacks, which reached the level of computer-generated 3D masks and deepfakes during the pandemic,. In response, information-sharing between organizations will be necessary to understand the scope of these new threats, and how to defend against them.

Philippines’ election commission has launched an app to allow people to preregister for the voter roll online before enrolling their biometrics in person, as the country continues digitizing its public services. Governments in Pakistan, Haiti and Nigeria are also making moves to improve the accessibility and trustworthiness of their electoral processes.

A partnership between Research ICT Africa and the Centre for Internet and Society, supported by the Omidyar Network, to explore the development of digital ID systems for the African context is explained in a blog post. The project will be based on an adaptation of the Evaluation Framework for Digital Identities which the CIS used to assess India’s Aadhaar system, with rule of law, rights and risk-based tests, and presented in a series of posts.

Details of Clear’s IPO plans emerged, including its intention to raise up to $396 million on the NYSE. The $2.2 billion valuation aligns with some comparable companies, by revenue multiple, but the lower voting power of the shares on offer could be a restraining factor.

An even bigger IPO could be held by SenseTime later this year, with the Chinese AI firm looking to raise up to $2 billion on the Hong Kong exchange. The company has been talking about a public stock launch since before the company was hit with restrictions to U.S. trade, which it indicates have had little impact.

The latest major funding round in digital identity is the largest yet, with Transmit Security raising $543 million at a $2.2 billion valuation to expand the market reach of its passwordless biometric authentication technology. The company claims it is the highest ever Series A funding round in cybersecurity.

Bob Eckel, Aware CEO and International Biometrics + Identity Association (IBIA) Director and Board Member, discusses why people should own their own identity, identifying things and protecting supply chains, and his background in setting up air traffic control systems used all over the world with the Requis Supply Chain Next podcast. In the longer term Eckel sees biometric replacing passwords, and in the shorter term being used to make processes touchless.

Veridium CTO John Callahan guides Biometric Update through recent NIST guidance on the interoperable use of contactless fingerprints with contact-based back-end AFIS systems. The guidance, which changes definitions within the NIST ITL biometric container standard, but advises that the associated image quality metric does not apply to contactless prints, could spark further investment in the modality.

A new time-of-flight 3D imaging solution that could be used to implement facial authentication from under the display of mobile devices without notches or bezels has been developed by partners Infineon, pmdtechnologies and ArcSoft. Based on the REAL3 sensor and ArcSoft’s computer vision algorithms, the solution is expected to reach availability in Q3 2021.

Ping Identity has acquired SecuredTouch in a deal with undisclosed financial details to integrate its behavioral biometrics-based continuous user authentication with the PingOne enterprise cloud platform. Ping also launched a consumer application for reusable credentials and added unified management features to its cloud platform at its Identiverse 2021 event.

Notre Dame-IBM Technology Ethics Lab Founding Director Elizabeth Renieris joins the MIT Sloan Management Review’s Me, Myself and AI podcast to discuss the role of the lab, her path past and through some of the digital identity space’s key ethical developments, and the need to take the long view on technology to understand its ethical implications. Renieris makes a pitch for process-oriented regulations, based on the best understanding we have at the time.

ProctorU’s announcement that it will no longer sell fully-automated remote proctoring services is seen as a win in the battle against “the AI shell game” by the Electronic Frontier Foundation. The descriptions of the balance between the automated and human decision-making by AI proctoring providers amount to doublespeak, the EFF says, before panning their human review processes, accuracy rates, and use of facial recognition.

For more details visit https://cis-india.org/internet-governance/news/biometric-update-june-26-2021-chris-burt-advanced-biometric-technologies-and-new-market-entries-tackle-fraud-chase-digital-id-billions