The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 51 to 65.
Due Diligence Project FGD by UN Women
https://cis-india.org/internet-governance/news/due-diligence-project-fgd-by-un-women
<b>On October 11, 2019, Radhika Radhakrishnan attended a focussed group discussion at the UN House, New Delhi, organized by UN Women for their multi-country research study on online violence (Due Diligence Project).</b>
<p style="text-align: justify; ">The purpose of the discussion was to provide a better understanding of the nature and the scope of this form of VAWG and to provide recommendations to inform policies, plans, programming and advocacy on the issue.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/due-diligence-project-fgd-by-un-women'>https://cis-india.org/internet-governance/news/due-diligence-project-fgd-by-un-women</a>
</p>
No publisherAdminDue DiligenceInternet GovernancePrivacy2019-10-20T07:11:13ZNews ItemBSides Delhi 2019 Security Conference
https://cis-india.org/internet-governance/news/bsides-delhi-2019-security-conference
<b>Karan Saini attended the BSides Delhi security conference on October 11, 2019. The event was organized by Bsides Delhi in New Delhi. </b>
<p>Click to view the agenda <a class="external-link" href="https://bsidesdelhi.in/program.php">here</a>. Videos of the event can be <a class="external-link" href="https://www.youtube.com/channel/UCZidtr5OB-OGQwxWXDDSTBQ">viewed here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/bsides-delhi-2019-security-conference'>https://cis-india.org/internet-governance/news/bsides-delhi-2019-security-conference</a>
</p>
No publisherAdminInternet GovernancePrivacy2019-10-20T06:47:26ZNews ItemWill FASTag raise privacy concerns?
https://cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns
<b>FASTag, an electronic device that enables direct, cashless toll payment, has been touted as the Aadhaar for vehicles as it would help the government track movement of automobiles. But the move can also stoke fresh concerns on privacy.</b>
<p style="text-align: justify; ">The article by Shreya Nandi and Prathma Sharma was <a class="external-link" href="https://www.livemint.com/news/india/will-fastag-raise-privacy-concerns-11571125214325.html">published in Livemint</a> on October 15, 2019. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; ">The device can track movement of vehicles, toll booth cameras can catch traffic law violations, prevent crime, and help authorities curb tax evasion.</p>
<p style="text-align: justify; ">While the movement of commercial vehicles will be tracked by revenue authorities by integrating with e-way bill system under <a href="https://www.livemint.com/news/india/ihmcl-gstn-to-ink-pact-to-link-fastag-with-gst-e-way-bill-system-on-oct-14-11570973104434.html" target="_blank">Goods and Services Tax (GST)</a> to curb revenue leakage, experts believe that tracking personal vehicle is a matter of concern.</p>
<p style="text-align: justify; ">It is not that the government will only use the stored data or video under limited and well-defined circumstances such as for evidence in case of traffic accidents, according to Pranesh Prakash, fellow, Centre for Internet Society.</p>
<p style="text-align: justify; ">“As transport minister Gadkari said (on Monday), the government will also use the video or data for any for analysis. And that will happen in a non-consensual manner, and outside the purview of a data protection framework, and without paying heed to the Supreme Court's landmark judgment on privacy," Prakash said.</p>
<p style="text-align: justify; ">On Monday, transport minister <a href="https://www.livemint.com/news/india/gadkari-says-revenue-from-toll-collection-to-hit-rs-1-lakh-crore-in-5-years-11571057140954.html" target="_blank">Nitin Gadkari</a> said cameras at the toll booth will take photos of passengers in a vehicle, which will be useful for the home ministry as there will be a record of the vehicle’s movement.</p>
<p style="text-align: justify; ">FASTag, which comes into effect 1 December, uses radio frequency identification technology to enable direct toll payments from a moving vehicle. The toll fare is deducted from the bank account linked to FASTag. It will not only encourage cashless payments at toll plaza, but also decongest national highways, thereby ensuring seamless movement of vehicles, and reduce pollution and logistics cost.</p>
<p style="text-align: justify; ">Amid privacy concerns related to sharing Aadhaar details with banks, telecom companies or any other authority for fulfilling KYC norms, the Supreme Court had in September last year ruled that Aadhaar can only be used for welfare schemes and for delivering state subsidies. It had barred private companies from using Aadhaar data for authenticating customers.<br />Another expert said since FASTag data includes information that is personally identifiable with the vehicle owner, it can be misused if shared with various entities.<br />"With FASTag being linked with National Vehicle Database (Vahan database), it does raise privacy concerns, specially as Nitin Gadkari, the minister of road transport and highways, has admitted that the government has provided access to Vahan and Sarathi database to 32 government and 87 private entities for ₹65 crore till date," Salman Waris Managing Partner, TechLegis Advocates & Solicitors, said.</p>
<p style="text-align: justify; ">“With the Personal Data Protection Bill still in the making there are little regulatory measures to prevent or even punish FasTag data breaches," Waris said.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns'>https://cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns</a>
</p>
No publisherShreya Nandi and Prathma SharmaInternet GovernancePrivacy2019-10-18T15:22:27ZNews ItemThe Mother and Child Tracking System - understanding data trail in the Indian healthcare systems
https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare
<b>Reproductive health programmes in India have been digitising extensive data about pregnant women for over a decade, as part of multiple health information systems. These can be seen as precursors to current conceptions of big data systems within health informatics. In this article, published by Privacy International, Ambika Tandon presents some findings from a recently concluded case study of the MCTS as an example of public data-driven initiatives in reproductive health in India. </b>
<p> </p>
<h4>This article was first published by <a href="https://privacyinternational.org/news-analysis/3262/mother-and-child-tracking-system-understanding-data-trail-indian-healthcare" target="_blank">Privacy International</a>, on October 17, 2019</h4>
<h4>Case study of MCTS: <a href="https://cis-india.org/raw/big-data-reproductive-health-india-mcts" target="_blank">Read</a></h4>
<hr />
<p>On October 17th 2019, the UN Special Rapporteur (UNSR) on Extreme Poverty and Human Rights, Philip Alston, released his thematic report on digital technology, social protection and human rights. Understanding the impact of technology on the provision of social protection – and, by extent, its impact on people in vulnerable situations – has been part of the work the Centre for Internet and Society (CIS) and Privacy International (PI) have been doing.</p>
<p>Earlier this year, <a href="https://privacyinternational.org/advocacy/2996/privacy-internationals-submission-digital-technology-social-protection-and-human" target="_blank">PI responded</a> to the UNSR's consultation on this topic. We highlighted what we perceived as some of the most pressing issues we had observed around the world when it comes to the use of technology for the delivery of social protection and its impact on the right to privacy and dignity of benefit claimants.</p>
<p>Among them, automation and the increasing reliance on AI is a topic of particular concern - countries including Australia, India, the UK and the US have already started to adopt these technologies in digital welfare programmes. This adoption raises significant concerns about a quickly approaching future, in which computers decide whether or not we get access to the services that allow us to survive. There's an even more pressing problem. More than a few stories have emerged revealing the extent of the bias in many AI systems, biases that create serious issues for people in vulnerable situations, who are already exposed to discrimination, and made worse by increasing reliance on automation.</p>
<p>Beyond the issue of AI, we think it is important to look at welfare and automation with a wider lens. In order for an AI to function it needs to be trained on a dataset, so that it can understand what it is looking for. That requires the collection large quantities of data. That data would then be used to train and AI to recognise what fraudulent use of public benefits would look like. That means we need to think about every data point being collected as one that, in the long run, will likely be used for automation purposes.</p>
<p>These systems incentivise the mass collection of people's data, across a huge range of government services, from welfare to health - where women and gender-diverse people are uniquely impacted. CIS have been looking specifically at reproductive health programmes in India, work which offers a unique insight into the ways in which mass data collection in systems like these can enable abuse.</p>
<p>Reproductive health programmes in India have been digitising extensive data about pregnant women for over a decade, as part of multiple health information systems. These can be seen as precursors to current conceptions of big data systems within health informatics. India’s health programme instituted such an information system in 2009, the Mother and Child Tracking System (MCTS), which is aimed at collecting data on maternal and child health. The Centre for Internet and Society, India, <a href="https://cis-india.org/raw/big-data-reproductive-health-india-mcts" target="_blank">undertook a case study of the MCTS</a> as an example of public data-driven initiatives in reproductive health. The case study was supported by the <a href="http://bd4d.net/" target="_blank">Big Data for Development network</a> supported by the International Development Research Centre, Canada. The objective of the case study was to focus on the data flows and architecture of the system, and identify areas of concern as newer systems of health informatics are introduced on top of existing ones. The case study is also relevant from the perspective of Sustainable Development Goals, which aim to rectify the tendency of global development initiatives to ignore national HIS and create purpose-specific monitoring systems.</p>
<p>After being launched in 2011, 120 million (12 crore) pregnant women and 111 million (11 crore) children have been registered on the MCTS as of 2018. The central database collects data on each visit of the woman from conception to 42 days postpartum, including details of direct benefit transfer of maternity benefit schemes. While data-driven monitoring is a critical exercise to improve health care provision, publicly available documents on the MCTS reflect the complete absence of robust data protection measures. The risk associated with data leaks are amplified due to the stigma associated with abortion, especially for unmarried women or survivors of rape.</p>
<p>The historical landscape of reproductive healthcare provision and family planning in India has been dominated by a target-based approach. Geared at population control, this approach sought to maximise family planning targets without protecting decisional autonomy and bodily privacy for women. At the policy level, this approach was shifted in favour of a rights-based approach to family planning in 1994. However, targets continue to be set for women’s sterilisation on the ground. Surveillance practices in reproductive healthcare are then used to monitor under-performing regions and meet sterilisation targets for women, this continues to be the primary mode of contraception offered by public family planning initiatives.</p>
<p>More recently, this database - among others collecting data about reproductive health - is adding biometric information through linkage with the Aadhaar infrastructure. This data adds to the sensitive information being collected and stored without adhering to any publicly available data protection practices. Biometric linkage is aimed to fulfill multiple functions - primarily authentication of welfare beneficiaries of the national maternal benefits scheme. Making Aadhaar details mandatory could directly contribute to the denial of service to legitimate patients and beneficiaries - as has already been seen in some cases.</p>
<p>The added layer of biometric surveillance also has the potential to enable other forms of abuse of privacy for pregnant women. In 2016, the union minister for Women and Child Development under the previous government suggested the use of strict biometric-based monitoring to discourage gender-biased sex selection. Activists critiqued the policy for its paternalistic approach to reduce the rampant practice of gender-biased sex selection, rather than addressing the root causes of gender inequality in the country.</p>
<p>There is an urgent need to rethink the objectives and practices of data collection in public reproductive health provision in India. Rather than continued focus on meeting high-level targets, monitoring systems should enable local usage and protect the decisional autonomy of patients. In addition, the data protection legislation in India - expected to be tabled in the next session in parliament - should place free and informed consent, and informational privacy at the centre of data-driven practices in reproductive health provision.</p>
<p>This is why the systematic mass collection of data in health services is all the more worrying. When the collection of our data becomes a condition for accessing health services, it is not only a threat to our right to health that should not be conditional on data sharing but also it raises questions as to how this data will be used in the age of automation.</p>
<p>This is why understanding what data is collected and how it is collected in the context of health and social protection programmes is so important.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare'>https://cis-india.org/internet-governance/blog/privacy-international-ambika-tandon-october-17-2019-mother-and-child-tracking-system-understanding-data-trail-indian-healthcare</a>
</p>
No publisherambikaBig DataData SystemsPrivacyResearchers at WorkInternet GovernanceResearchBD4DHealthcareBig Data for Development2019-12-30T17:18:05ZBlog EntryParticipation in ISO/IEC JTC 1 SC 27 meetings
https://cis-india.org/internet-governance/news/participation-in-iso-iec-jtc-1-sc-27-meetings
<b>From October 14 - 18, 2019, Gurshabad Grover, participated in the meetings of ISO/IEC JTC 1 SC 27 held in Paris, the committee that develops international standards for IT Security techniques.</b>
<p>Gurshabad focused on the meetings of working group 5 that deals with identity management and privacy technologies. Some highlights of the participation:</p>
<ul>
<li style="text-align: justify; "><span>I represented the Indian delegation's contributions in the comment </span><span>resolution meeting on WD TS 27570: Privacy guidelines for smart cities.</span></li>
</ul>
<ul>
<li style="text-align: justify; "><span>Since </span><span class="Object" id="OBJ_PREFIX_DWT207_com_zimbra_date">October 2018</span><span>, I have been a co-rapporteur on the working groups' </span><span>study period on the impact of machine learning on privacy. At this </span><span>meeting, we presented our interim report. We are extending the study </span><span>period for six months to further collaborate with SC 42 (that deals with </span><span>artificial intelligence standards) to document privacy aspects for the </span><span>applications and use cases they have developed.</span></li>
</ul>
<ul>
<li style="text-align: justify; "><span>I will now be a co-rapporteur on the study period on `Privacy for </span><span>fintech services', which was initiated in this meeting. We will be </span><span>surveying privacy standards and data protection regulations to assess </span><span>the need for new work items (standards/guidelines document) in the space.</span></li>
</ul>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/participation-in-iso-iec-jtc-1-sc-27-meetings'>https://cis-india.org/internet-governance/news/participation-in-iso-iec-jtc-1-sc-27-meetings</a>
</p>
No publisherAdminInternet GovernancePrivacy2019-11-02T06:31:46ZNews ItemCapturing Gender and Class Inequities: The CCTVisation of Delhi
https://cis-india.org/internet-governance/blog/development-informatics-paper-number-81-aayush-rathi-and-ambika-tandon-capturing-gender-and-class-inequities
<b>Ambika Tandon and Aayush Rathi generated empirical evidence about the CCTV programme well underway in Delhi. The case study was published by Centre for Development Informatics, Global Development Institute, SEED, in the Development Informatics working paper series housed at the University of Manchester. </b>
<h3 style="text-align: justify; ">Abstract</h3>
<p style="text-align: justify; ">Cityscapes across the global South, following historical trends in the North, are increasingly being littered by closed-circuit television (CCTV) cameras. In this paper, we study the wholesale implementation of CCTV in New Delhi, a city notorious for incredibly high rates of crime against women. The push for CCTV, then, became one of many approaches explored by the state in making the city safer for women.</p>
<p style="text-align: justify; ">In this paper, we deconstruct this narrative of greater surveillance equating to greater safety by using empirical evidence to understand the subjective experience of surveilling and being surveilled. By focussing on gender and utilising work from feminist thought, we find that the experience of surveillance is intersectionally mediated along the axes of class and gender.The gaze of CCTV is cast upon those already marginalised to arrive at normative encumbrances placed by private, neoliberal interests on the urban public space. The politicisation of CCTV has happened in this context, and continues unabated in the absence of any concerted policy apparatus regulating it. We frame our findings utilising an analytical data justice framework put forth by Heeks and Shekhar (2019). This comprehensively sets out a social justice agenda that situates CCTV within the socio-political contexts that are intertwined in the development and implementation of the technology itself.</p>
<p style="text-align: justify; ">Click to download the <a class="external-link" href="http://cis-india.org/internet-governance/files/development-informatics">full research paper</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/development-informatics-paper-number-81-aayush-rathi-and-ambika-tandon-capturing-gender-and-class-inequities'>https://cis-india.org/internet-governance/blog/development-informatics-paper-number-81-aayush-rathi-and-ambika-tandon-capturing-gender-and-class-inequities</a>
</p>
No publisherAayush Rathi and Ambika TandonInternet GovernancePrivacy2019-09-27T15:24:10ZBlog EntryPolicy Design Jam
https://cis-india.org/internet-governance/news/policy-design-jam
<b>Pallavi Bedi, Akash Sheshadri and Anubha Sinha attended the event organized by Whatsapp and ISPP on 16 September 2019 at Indian School of Public Policy campus, Qutub Institutional Area, Delhi.</b>
<h3>Session Schedule</h3>
<p> </p>
<div id="_mcePaste">2 00 pm - 3 00 pm - Registration</div>
<div id="_mcePaste">3 05 pm - 4 00 pm - Experiential design exercises</div>
<div id="_mcePaste">4 00 pm - 4 15 pm - Break</div>
<div id="_mcePaste">4 15 pm - 5 00 pm - Design Thinking for Policy Insights from Global Design Jams</div>
<div id="_mcePaste">5 00 pm - 5 20 pm - Q & A</div>
<div id="_mcePaste">5 20 pm - 6 00 pm - High tea</div>
<p>2 00 pm - 3 00 pm - Registration3 05 pm - 4 00 pm - Experiential design exercises<br /><span>4 00 pm - 4 15 pm - Break<br />4 15 pm - 5 00 pm - Design Thinking for Policy Insights from Global Design Jams<br />5 00 pm - 5 20 pm - Q & A<br />5 20 pm - 6 00 pm - High tea</span></p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/policy-design-jam'>https://cis-india.org/internet-governance/news/policy-design-jam</a>
</p>
No publisherAdminInternet GovernancePrivacy2019-09-25T14:30:33ZNews ItemSubmission to Global Commission on Stability of Cyberspace on the definition of Cyber Stability
https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-september-9-2019-submission-to-global-commission-on-stability-of-cyberspace
<b>"The Global Commission on the Stability of Cyberspace released a public consultation process that sought to solicit comments and obtain feedback on the definition of “Stability of Cyberspace”, as developed by the Global Commission on the Stability of Cyberspace (GCSC).</b>
<p style="text-align: justify;">The definition of cyberspace the GCSC provided was :</p>
<p style="text-align: justify;"><em>Stability of cyberspace is the condition where individuals and institutions can be reasonably confident in their ability to use cyberspace safely and securely, where the availability and integrity of services in cyberspace is generally assured, where change is managed in relative peace, and where tensions are resolved in a peaceful manner.</em></p>
<p style="text-align: justify;" class="moz-quote-pre">CIS gave detailed commentary on the definitions [attached] and suggested a new definition of cyber stability documented below:</p>
<p style="text-align: justify;" class="moz-quote-pre">Stability of cyberspace is the objective where individuals, i<strong>nstitutions and communities </strong>are confident in the safety and security of cyberspace; the <strong>accessibility,</strong>availability and integrity of services in cyberspace can be relied upon and where change is managed and tensions ranging from <strong>external interference in sovereign processes to the use of force in cyberspace </strong>are resolved peacefully in <strong>line with the tenets of International Law,specifically the principles of the UN Charter and universally recognised human rights.</strong></p>
<p style="text-align: justify;" class="moz-quote-pre"><strong>Cyber stability can only be fostered if key stakeholders in cyberspace conform to a due diligence obligation of not undertaking and preventing actions that may prevent cyber stability. The end goal of cyber stability must minimize or eliminate immaterial or peripheral incentives while preserving and potentially legitimizing those cyber offensive operations that can further effective deterrence and thereby foster stability, while also minimising any collateral damage to civilian life or property.</strong></p>
<p style="text-align: justify;" class="moz-quote-pre"><a class="external-link" href="https://cis-india.org/internet-governance/files/gcsc-response">Click to view the detailed submission here</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-september-9-2019-submission-to-global-commission-on-stability-of-cyberspace'>https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-september-9-2019-submission-to-global-commission-on-stability-of-cyberspace</a>
</p>
No publisherArindrajit Basu and Elonnai HickokInternet GovernancePrivacy2019-09-11T14:52:25ZBlog EntryWhat Centre will tell Supreme Court on Aadhaar and social media account linkage
https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage
<b>The top court had held in the Aadhaar case that the government can make the linking of the 12-digit-number mandatory only in the case of availing subsidies and welfare benefits. Consequently, Section 57 of the Aadhaar Act was struck down.</b>
<p style="text-align: justify; ">The article by Amrita Madhukalya was published in <a class="external-link" href="https://www.hindustantimes.com/india-news/what-centre-will-tell-supreme-court-on-aadhaar-and-social-media-account-linkage/story-KSnf1PHpsTboHQh6sk7VxK.html">Hindustan Times</a> on August 28, 2019. Gurshabad Grover was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Centre will refer to the Aadhaar Act and the Supreme Court’s 2017 privacy judgement when it is directed by the top court to put forward its view on whether the unique identification number should be made mandatory in opening and managing accounts on Facebook, Twitter, WhatsApp and other social media platforms.</p>
<p style="text-align: justify; ">“While we are yet to receive a notice from the SC asking for our reply, the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016, and the apex court’s 2017 judgement upholding the Right to Privacy will guide us in drafting a response,” a senior official of the ministry of electronics and information technology, who did not wish to be named, said.</p>
<p style="text-align: justify; ">The top court had held in the Aadhaar case that the government can make the linking of the 12-digit-number mandatory only in the case of availing subsidies and welfare benefits. Consequently, Section 57 of the Aadhaar Act was struck down.</p>
<p style="text-align: justify; ">As a division bench of Madras High Court continues to hear two writ petitions on whether social media profiles should be linked to Aadhaar so that users in cases where pornographic material, fake news and communal content is posted on these sites can be traced, Facebook had simultaneously filed a plea to transfer all similar cases in the high courts of Madras, Bombay as well as Madhya Pradesh. The top court will hear the matter on September 13.</p>
<p style="text-align: justify; ">During its hearings, Madras High Court made it clear that it will not rule on Aadhaar-linking and the case will concentrate on traceability now. As of now, only one of the transfer petitions, the one in Jabalpur, deals with Aadhaar linking.</p>
<p style="text-align: justify; ">Meanwhile, the top court has already asked social media companies for their stand on the matter. Senior lawyers Mukul Rohatgi and Kapil Sibal, who have been representing Facebook and WhatsApp respectively in Madras High Court case, have already said that as both the companies are headquartered outside of India, with operations in dozens of countries, the high court’s judgement will have ramifications globally.</p>
<p style="text-align: justify; ">Both Twitter and Google declined to comment on the matter, as the matter is sub-judice, while Facebook was not available.</p>
<p style="text-align: justify; ">However, in March this year, Facebook CEO Mark Zuckerberg said that privacy, encryption and secure data storage were some of these principles while unveiling the company’s “vision and principles” in building a “privacy-focused” social platform.</p>
<p style="text-align: justify; ">Wherein people can have “clear control over who can communicate with them and confidence that no one else can access what they share”, such communication could be secure with end-to-end encryption, and Facebook will not store sensitive data in countries with “weak records on human rights”.</p>
<p style="text-align: justify; ">Gurshabad Grover of the Centre for Internet Security says he welcomes the Centre’s stand but adds that the petition should not have been allowed by the Madras High Court in the first place.</p>
<p style="text-align: justify; ">“The case is now deliberating on policy, which is the responsibility of the government. This goes against the basis of separation of power,” he says.</p>
<p style="text-align: justify; ">The Centre is dealing with issues surrounding traceability through the Intermediaries Guidelines, which is due in the next few weeks.</p>
<p style="text-align: justify; ">The solution, Grover says, lies in diplomatic negotiations.</p>
<p style="text-align: justify; ">“Instruments like the US’ Clarifying Lawful Overseas Use of Data Act can come in handy if India can fight for better executive agreements there, provided we have data protection laws in line with human rights standards,” he said.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage'>https://cis-india.org/internet-governance/news/hindustan-times-august-28-2019-amrita-madhukalya-what-centre-will-tell-sc-on-aadhaar-and-social-media-account-linkage</a>
</p>
No publisherAmrita MadhukalyaInternet GovernancePrivacy2019-09-02T04:28:45ZNews ItemLinking Aadhaar with social media or ending encryption is counterproductive
https://cis-india.org/internet-governance/blog/prime-time-august-26-2019-sunil-abraham-linking-aadhaar-with-social-media-or-ending-encryption-is-counterproductive
<b>Should Aadhaar be used as KYC for social media accounts? We have recently seen a debate on this question with even the courts hearing arguments in favour and against such a move. </b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="https://theprimetime.in/linking-aadhaar-with-social-media-or-ending-encryption-is-counterproductive/">Prime Time</a> on August 26, 2019.</p>
<hr />
<p style="text-align: justify; ">The case began in Madras High Court and later Facebook moved the SC seeking transfer of the petition to the Apex court. The original petition was filed in July, 2018 and sought linking of Aadhaar numbers with user accounts to further traceability of messages.</p>
<p style="text-align: justify; ">Before we try and answer this question, we need to first understand the differences between the different types of data on social media and messaging platforms. If a crime happens on an end to end cryptographically secure channel like WhatsApp the police may request the following from the provider to help solve the case:</p>
<ol>
<li>Identity data: Phone numbers of the accused. Names and addresses of the accused.</li>
<li>Metadata: Sender, receiver(s), time, size of message, flag identifying a forwarded messages, delivery status, read status, etc.</li>
<li>Payload Data: Actual content of the text and multimedia messages.</li>
</ol>
<p style="text-align: justify; ">Different countries have taken different approaches to solving different layers of the surveillance problem. Let us start with identity data. Some like India require KYC for sale of SIM cards while others like the UK allow anonymous purchases. Corporations also have policies when it comes to anonymous speech on their platforms – Facebook for instance enforces a soft real ID policy while Twitter does not crack down on anonymous speech. The trouble with KYC the old fashioned way is that it exposes citizens to further risk. Every possessor of your identity documents is a potential attack surface. Indian regulation should not result in Indian identity documents being available in the millions to foreign corporations. Technical innovations are possible, like tokenisation, Aadhaar paperless local e-KYC or Aadhaar offline QR code along with one time passwords. These privacy protective alternatives must be mandatory for all and the Aadhaar numbers must be deleted from previously seeded databases. Countries that don’t require KYC have an alternative approach to security and law enforcement. They know that if someone like me commits a crime, it would be easy to catch me because I have been using the same telecom provider for the last fifteen years. This is true of long term customers regardless if they are pre-paid or post-paid. The security risk lies in the new numbers without this history that confirms identity. These countries use targeted big data analytics to determine risk and direct surveillance operations to target new SIM cards. My current understanding is that when it comes to basic user data – all the internet giants in India comply with what they consider as legitimate law enforcement requests. Some proprietary and free and open source [FOSS] alternatives to services offered by the giants don’t provide such direct cooperation in India.</p>
<p style="text-align: justify; ">When it comes to payload data – it is almost impossible (meaning you will need supercomputers) to access the data unless the service/software provider breaks end-to-end cryptography. It is unwise, like some policy-makers are proposing, to prohibit end-to-end cryptography or mandate back doors because our national sovereignty and our capacity for technological self-determination depends on strong cryptography. A targeted ban or prohibition against proprietary providers might have a counterproductive consequence with users migrating to FOSS alternatives like Signal which won’t even give the police identity data. As a supporter of the free software movement, I would see this as a positive development but as a citizen I am aware that the fight against crime and terror will become harder. So government must pursue other strategies to getting payload data such as a comprehensive government hacking programme.</p>
<p style="text-align: justify; ">Meta-data is critical when it comes to separating the guilty from the innocent and apportioning blame during an investigation. For example, who was the originator of a message? Who got it and read it last? WhatsApp claims that it has implemented the Signal protocol faithfully meaning that they hold no meta-data when it comes to the messages and calls. Currently there is no regulation which mandates data retention for over the top providers but such requirements do exist for telecom providers. Just like access to meta-data provides some visibility into illegal activities it also provides visibility into legal activities. Therefore those using end-to-end cryptography on platforms with comprehensive meta-data retention policies will have their privacy compromised even though the payload data remains secure. Here is a parallel example to understand why this is important. Early last year, the Internet Engineering Task Force chose a version of TLS 1.3 that revealed less meta-data over one that provided greater visibility into the communications. This hardening of global open standards, through the elimination of availability of meta-data for middle-boxes, makes it harder for foreign governments to intercept Indian military and diplomatic communications via imported telecom infrastructure. Courts and policy makers across the world have to grapple with the following question: Are meta-data retention mandates for the entire population of users a “necessary and proportionate” legal measure to combat crime and terror. For me, it should not be illegal for a provider who voluntarily wishes to retain data, provided it is within legally sanctioned limits but it should not be requirement under law.</p>
<p style="text-align: justify; ">There are technical solutions that are yet to be properly discussed and developed as an alternative to blanket meta-data retention measures. For example, Dr. V Kamakoti has made a traceability proposal at the Madras High Court. This proposal has been critiqued by Anand Venkatanarayanan as being violative in spirit of the principles of end-to-end cryptography. Other technical solutions are required for those seeking justice and for those who wish to serve as informers for terror plots. I have proposed client side metadata retention. If a person who has been subjected to financial fraud wishes to provide all the evidence from their client, it should be possible for them to create a digital signed archive of messages for the police. This could be signed by the sender, the provider and also the receiver so that technical non-repudiation raises the evidentiary quality of the digital evidence. However, there may be other legal requirements such as the provision of notice to the sender so that they know that client side data retention has been turned on.</p>
<p style="text-align: justify; ">The need of the hour is sustained research and development of privacy protecting surveillance mechanisms. These solutions need to be debated thoroughly amongst mathematicians, cryptographers, scientists, technologists, lawyers, social scientists and designers so that solutions with the least negative impact can be rolled out either voluntarily by providers or as a result of regulation.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/prime-time-august-26-2019-sunil-abraham-linking-aadhaar-with-social-media-or-ending-encryption-is-counterproductive'>https://cis-india.org/internet-governance/blog/prime-time-august-26-2019-sunil-abraham-linking-aadhaar-with-social-media-or-ending-encryption-is-counterproductive</a>
</p>
No publishersunilAadhaarInternet GovernancePrivacy2019-08-28T01:39:47ZBlog EntryA judicial overreach into matters of regulation
https://cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation
<b>A PIL on Aadhaar sheds light on some problematic trends</b>
<p style="text-align: justify; ">The article by Gurshabad Grover was <a class="external-link" href="https://www.thehindu.com/opinion/op-ed/a-judicial-overreach-into-matters-of-regulation/article29262148.ece">published in the Hindu</a> on August 27, 2019.</p>
<hr />
<p style="text-align: justify; ">The Madras High Court has been hearing a PIL petition since 2018 that initially asked the court to declare the linking of Aadhaar with a government identity proof as mandatory for registering email and social media accounts. The petitioners, victims of online bullying, went to the court because they found that law enforcement agencies were inefficient at investigating cybercrimes, especially when it came to gathering information about pseudonymous accounts on major online platforms. This case brings out some of the most odious trends in policymaking in India.</p>
<p style="text-align: justify; ">The first issue is how the courts, as Anuj Bhuwania has argued in the book <em>Courting the People</em>, have continually expanded the scope of issues considered in PILs. In this case, it is absolutely clear that the court is not pondering about any question of law. In what could be considered as abrogation of the separation of powers provision in the Constitution, the Madras High Court started to deliberate on a policy question with a wide-ranging impact: Should Aadhaar be linked with social media accounts?</p>
<p style="text-align: justify; ">After ruling out this possibility, it went on to consider a question that is even further out of its purview: Should platforms like WhatsApp that provide encrypted services allow forms of “traceability” to enable finding the originator of content? In essence, the court is now trying to regulate one particular platform on a very specific technical question, ignoring legal frameworks entirely. It is worrying that the judiciary is finding itself increasingly at ease with deliberations on policy and regulatory measures, and its recent actions remind us that the powers of the court also deserve critical questioning.</p>
<h2 style="text-align: justify; ">Government’s support</h2>
<p style="text-align: justify; ">Second, not only are governments failing to assert their own powers of regulation in response to the courts’ actions, they are on the contrary encouraging such PILs. The Attorney General, K.K. Venugopal, who is representing the State of Tamil Nadu in the case, could have argued for the case’s dismissal by referring to the fact that the Ministry of Electronics and Information Technology has already published draft regulations that aim to introduce “traceability” and to increase obligations on social media platforms. Instead, he has largely urged the court to pass regulatory orders.</p>
<p style="text-align: justify; ">Third, ‘Aadhaar linking’ is becoming increasingly a refrain whenever any matter even loosely related to identification or investigation of crime is brought up. While the Madras High Court has ruled out such linking for social media platforms, other High Courts are still hearing petitions to formulate such rules. The processes that law enforcement agencies use to get information from platforms based in foreign jurisdictions rely on international agreements. Linking Aadhaar with social media accounts will have no bearing on these processes. Hence, the proposed ‘solution’ misses the problem entirely, and comes with its own threats of infringing privacy.</p>
<h2 style="text-align: justify; ">Problems of investigation</h2>
<p style="text-align: justify; ">That said, investigating cybercrime is a serious problem for law enforcement agencies. However, the proceedings before the court indicate that the cause of the issues have not been correctly identified. While legal provisions that allow agencies to seek information from online platforms already exist in the Code of Criminal Procedure and the Information Technology Act, getting this information from platforms based in foreign jurisdictions can be a long and cumbersome process. For instance, the hurdles posed by the mutual legal assistance treaty between India and the U.S. effectively mean that it might take months to receive a response to information requests sent to U.S.-based platforms, if a response is received at all.</p>
<p style="text-align: justify; ">To make cybercrime investigation easier, the Indian government has various options. India should push for fairer executive agreements possible under instruments like the United States’ CLOUD Act, for which we need to first bring our surveillance laws in line with international human rights standards through reforms such as judicial oversight. India could use the threat of data localisation as a leverage to negotiate bilateral agreements with other countries to ensure that agencies have recourse to quicker procedures. As a first step, however, Indian courts must wash their hands of such questions. For its part, the Centre must engage in consultative policymaking around these important issues, rather than support ad-hoc regulation through court orders in PILs.</p>
<p style="text-align: justify; "><span>(</span><em>Disclosure: The CIS is a recipient of research grants from Facebook.</em><span>)</span></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation'>https://cis-india.org/internet-governance/blog/the-hindu-august-27-2019-a-judicial-overreach-into-matters-of-regulation</a>
</p>
No publishergurshabadAadhaarInternet GovernancePrivacy2019-08-28T01:28:52ZBlog EntryLinking Aadhaar to Facebook, Twitter: Possible witch-hunt or key to curb crime & fake news?
https://cis-india.org/internet-governance/news/the-print-august-21-2019-taran-deol-and-revathi-krishnan-linking-aadhaar-to-facebook-twitter
<b>The Supreme Court has cautioned against linking users’ social media accounts with Aadhaar, saying it will impinge on citizens’ privacy.</b>
<p>The article by Taran Deol and Revathi Krishanan appeared in the Print on August 21, 2019. Gurshabad Grover was quoted.</p>
<hr />
<h3 style="text-align: justify; ">Madras High Court is not adjudicating on a question of law, but acting as a forum for policy-making</h3>
<p style="text-align: justify; ">The proceedings in the Aadhaar and social media linkage case in the Madras High Court are very worrying. It is another example of how the courts are continuously expanding the scope of what is permitted as public interest litigation. In this case, the Madras High Court is not adjudicating on a question of law, but acting as a forum for policy-making.</p>
<p style="text-align: justify; ">Having said that, cybercrime is a legitimate problem. If law enforcement agencies are unable to investigate crimes, we need to think of other more effective legal instruments.</p>
<p style="text-align: justify; ">Unfortunately, even the measures that are being deliberated in the court are not identifying the root cause of these problems — retrieving information from online platforms based outside India. And this could be a long and cumbersome process.</p>
<p style="text-align: justify; ">Instead of thinking about how India can sign bilateral agreements with other countries that can make the process for requesting legal information easier, an entirely unrelated solution is being given. It is in line with the worrying trend of the unchecked issues with the Aadhaar programme, which are now being used as a common excuse to refrain from looking at cases where criminal investigation is required. The solution misses the scope of solving the issue at hand entirely, and carries its own massive risks of infringing privacy and violating freedom of expression.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-print-august-21-2019-taran-deol-and-revathi-krishnan-linking-aadhaar-to-facebook-twitter'>https://cis-india.org/internet-governance/news/the-print-august-21-2019-taran-deol-and-revathi-krishnan-linking-aadhaar-to-facebook-twitter</a>
</p>
No publisherTaran Deol and Revathi KrishananInternet GovernancePrivacy2019-08-27T00:25:14ZNews ItemIETF 105
https://cis-india.org/internet-governance/news/ietf-105
<b>Gurshabad Grover attended a meeting of the Internet Engineering Task Force (IETF), IETF105, held in Montreal from July 20 - 26.</b>
<p style="text-align: justify; ">Gurshabad <span>participated in several IETF working group meetings, IRTF researchgroups meetings and other sessions, including ones on Captive Portals,Transport Layer Security, Applications Doing DNS, DNS Privacy, andSoftware Updates for IoT Devices. </span><span>At the meeting of the Human Rights Protocol Considerations (hrpc) research group of the IRTF, I co-presented (with Niels ten Oever) an update to the Internet Draft we are editing, 'Guidelines for Human Rights Protocol and Architecture Considerations'. For more info, <a class="external-link" href="https://www.ietf.org/blog/ietf-105-highlights/">click here</a></span></p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/ietf-105'>https://cis-india.org/internet-governance/news/ietf-105</a>
</p>
No publisherAdminInternet GovernancePrivacy2019-08-13T01:38:36ZNews ItemDesign and Uses of Digital Identities - Research Plan
https://cis-india.org/internet-governance/blog/digtial-identities-research-plan
<b>In our research project about uses and design of digital identity systems, we ask two core questions: a) What are appropriate uses of ID?, and b) How should we think about the technological design of ID? Towards the first research question, we have worked on first principles and will further develop definitions, legal tests and applications of these principles. Towards the second research question, we have first identified a set of existing and planned digital identity systems that represent a paradigm of how such a system can be envisioned and implemented, and will look to identify key design choices which are causing divergence in paradigm.</b>
<h4>Read the research plan <a class="external-link" href="https://digitalid.design/research-plan.html">here</a>.</h4>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/digtial-identities-research-plan'>https://cis-india.org/internet-governance/blog/digtial-identities-research-plan</a>
</p>
No publisherAmber Sinha and Pooja SaxenaDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-17T07:58:44ZBlog EntryHolding ID Issuers Accountable, What Works?
https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works
<b></b>
<p>Together with the <a class="external-link" href="https://itsrio.org/pt/home/">Institute of Technology & Society</a> (ITS), Brazil, and the <a class="external-link" href="https://www.cipit.org/">Centre for Intellectual Property and Information Technology Law</a> (CIPIT), Kenya, CIS participated at a side event in <a class="external-link" href="https://www.rightscon.org/">RightsCon 2019</a> held in Tunisia, titled Holding ID Issuers Accountable, What Works?, organised by the <a class="external-link" href="https://www.omidyar.com/">Omidyar Network</a>. The event was attended by researchers and advocates from nearly 20 countries. Read the event report <a class="external-link" href="https://digitalid.design/rightscon-2019-report.html">here</a>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works'>https://cis-india.org/internet-governance/blog/holding-id-issuers-accountable-what-works</a>
</p>
No publisherShruti Trikanad and Amber SinhaDigital IDPrivacyInternet GovernanceAppropriate Use of Digital IDDigital Identity2019-08-08T10:23:58ZBlog Entry