Centre for Internet and Society

Is Aadhaar Essential To Achieve Error-Free Electoral Rolls?

praskrishna — 2018-12-25T01:21:45Z

The Election Commission’s plans to link Aadhaar with electoral rolls may have stirred a hornet’s nest.

The article was published in Bloomberg's Quint on December 16, 2018. Pranesh Prakash was quoted.

The commission plans to undertake the exercise to clean up electoral rolls—which need to be updated frequently to avoid duplication and errors, The Economic Times newspaper reported citing people aware of the matter. But with privacy concerns raised against the Aadhaar, is this the best way to achieve error-free voter data?

Pranesh Prakash, policy director at the Centre for Internet and Society, doesn’t think so. Using Aadhaar data without the consent of the user poses legal problems, he told BloombergQuint in a conversation. “For the Election Commission to link Aadhaar with citizens’ voter ID would require amending the law.”

It is questionable whether this will fall within the bounds that the SC has set for usage of Aadhaar.

Pranesh Prakash, Policy Director, Centre for Internet and Society

The former legal advisor of the Election Commission SK Mendiratta, however, brushed aside privacy concerns relating to the process. The Election Commission, according to him, is a constitutional body and can use information with the government to ensure purity of the electoral roll.

Reetika Khera, associate professor at Indian Institute of Management-Ahmedabad, said this could be bad for voters. She cited the mass deletion of voters from electoral rolls in Telangana ahead of the recent elections, and urged that due process must be followed.

There are serious problems with the use of algorithmic approaches in various spheres. Aadhaar as a tool to clean up the electoral rolls is the problem.

Reetika Khera, Associate Professor, IIM Ahmedabad

For more details visit https://cis-india.org/internet-governance/news/bloomberg-quint-december-16-2018-is-aadhaar-essential-to-achieve-error-free-electoral-rolls

Centre’s order on computer surveillance threatens right to privacy, experts say

Admin — 2018-12-25T00:50:48Z

The Constitutional validity of the notification allowing ten agencies to intercept information is uncertain.

The blog post by Abhishek Dey was published in Scroll.in on December 22, 2018.

A notification issued by the Union Ministry of Home Affairs on Thursday allowing ten agencies to intercept, monitor and decrypt any information generated from any computer poses a grave threat to the fundamental right to privacy, said lawyers and cyber security experts.

The notification led to a political storm on Friday and criticism from the Opposition forced Parliament to be adjourned. However, Union Finance Minister Arun Jaitley accused the Opposition of “making a mountain where a molehill does not exist”. The government on Friday issued a clarification stating that the directive does not confer any new powers on it and has the legal backing of the Information Technology Act.

Experts agreed that Thursday’s notification lists powers already available to the authorities in the Information Technology Act 2000. The legal provisions to allow interception were introduced in 2008 by the Congress-led United Progressive Alliance government. However, with the fresh directive, experts said that the Bharatiya Janata Party-led government seems to be trying to formalise surveillance through the interception of computer information, they said.

“It is true that such [interception] powers already existed,” said Pavan Duggal, a lawyer with expertise in cyber security. “But neither any such formal directives were issued which I know of, nor any agency were specifically notified to have those powers.”

Privacy test

The Information Technology Act 2000 was amended in 2008 to allow to the monitoring and interception of computer information, while the rules under which this would operate were promulgated in 2009. In 2017, the Supreme Court delivered a judgment establishing privacy as a fundamental right. The legal foundation of the computer interception directive could be still be challenged in court because it has not yet been considered in light of the privacy judgment, said Duggal. “It is now a matter of Constitutional validity,” he said

Thursday’s notification lists the agencies authorised to intercept, monitor and decrypt computer data: the Intelligence Bureau, Narcotics Control Bureau, Enforcement Directorate, Central Board of Direct Taxes, Directorate of Revenue Intelligence, Central Bureau of Investigation, National Investigation Agency, Cabinet Secretariat (RAW), Directorate of Signal Intelligence (for service areas of Jammu and Kashmir, North East and Assam) and the Commissioner of Police, Delhi. The Act provides a jail term of seven years for anyone who refuses to cooperate with these agencies.

On Friday, experts questioned whether a notification listing the 10 agencies had actually been issued earlier, as the Centre claimed.

“It is a fresh notification,” said Apar Gupta, a lawyer who specialises in technology and media issues. “With this, interception of computers has received formal acceptance in the public domain and it can have serious implications on privacy.”

Senior officials of the Delhi Police also said this appeared to be a fresh order. Asked if this meant that the agencies would not need to ask for authorisation in every case since a blanket order has been issued, the officials said that this still needs to be clarified.

Lacking proportionality

The order has raised questions about the validity of the cases of interception of computer information conducted by the state police and other security agencies between 2009 (the year the interception rules were promulgated) and 2018 (the year the notification has been issued), Pranesh Prakash, co-founder of the Centre for Internet and Society.

One possibility, he said, may be that they were all unlawful.

But if they were indeed conducted with legal backing, Prakash said, then permission for this would been sanctioned in the form of an order by a competent authority. This is what Rule 3 of the interception rules mandate. But if so, Rule 4, which deals with the government authorising agencies to conduct such interceptions, is redundant. “How can it not be when any state police or other agency is capable of acquiring an order for interception under Rule 3?” he said

Besides, Prakash said, the new directive does not pass the test of proportionality.

In 2007, the Central government introduced rules to amend the Indian Telegraph Act 1951 to allow for information to be intercepted, Prakash said. However, the rules say that the competent authority should resort to interception only after considering all alternative means to acquire information. Thursday’s directive, though, is silent about the circumstances in which interception will be permitted, he said.

For more details visit https://cis-india.org/internet-governance/news/scroll-abhishek-dey-december-22-2018-centres-order-on-computer-surveillance-threatens-right-to-privacy

Podcast on 'Abortion rights and privacy' with PI

Admin — 2018-12-25T01:09:47Z

Ambika Tandon recorded a podcast with Privacy International on abortion rights, bodily autonomy, and privacy in the Indian and Argentinian context, which was released on December 6, 2018.

The participants in the podcast are Eva Blum-Dumontet from Privacy International, Eduardo Ferreyra from Asociacion pos los Derechos Civiles, and Ambika herself. Listen to the podcast here.

For more details visit https://cis-india.org/internet-governance/news/podcast-on-abortion-rights-and-privacy-with-pi

Teaching at Shristi Interlude

Admin — 2018-12-05T02:53:15Z

Shweta Mohandas is participating as a mentor for Srishti Interlude (a set of workshops that help the design students to produce outputs on a given theme) the theme of this year is Privacy. The course would end on December 7, 2018.

1. Aravani Art Project

Is LGBTQ desire only public at a queer pride parade?

How private is my bedroom?

How does an insult unfold in ‘public view’ ?

2. Padmini Ray Murray

Is LGBTQ desire only public at a queer pride parade?

How private is my bedroom?

“Move fast and break things.” Do you trust Facebook with your privacy?

3. Joshua Muyiwa

Is LGBTQ desire only public at a queer pride parade?

How private is my bedroom?

Profits should be private, risks should be public and art should be beautiful?

4. Roshan Sahi

Profits should be private, risks should be public and art should be beautiful?

“Move fast and break things.” Do you trust Facebook with your privacy?

How does an insult unfold in ‘public view’ ?

5. Shweta Mohandas

“Move fast and break things.” Do you trust Facebook with your privacy?

Is caste “Sensitive Personal Data”? How does an insult unfold in ‘public view’?

6. Suresh Kumar

Is caste “Sensitive Personal Data”?

Profits should be private, risks should be public and art should be beautiful?

How does an insult unfold in ‘public view’?

For more details visit https://cis-india.org/internet-governance/news/teaching-at-shristi-interlude

Report: From Oppression to Liberation: Reclaiming the Right to Privacy

Admin — 2018-12-05T02:48:31Z

Eva Blum-Dumontet, Research Officer at Privacy International, published her report on gender and privacy on November 28, 2018. The report, titled 'From Oppression to Liberation: Reclaiming the Right to Privacy', traces the history of privacy as a tool of oppressing women across different spheres, eventually calling for a feminist reclamation of privacy. Ambika Tandon was quoted.

Whose privacy are we fighting for when we say we defend the right to privacy? In this report we take a hard look at the right to privacy and its reality for women, trans and gender diverse people. We highlight how historically privacy has been appropriated by patriarchal rule and systems of oppression to keep women, trans and gender diverse people in the private sphere.

For us, this report is also an opportunity to show how surveillance and data exploitation are also uniquely affecting women, trans and gender diverse people. We demonstrate how patriarchy and systems of oppression rely on surveillance to perpetuate themselves and how surveillance and data exploitation need the rigid and gender-normative categories of patriarchy to function. We conclude by presenting how protecting the right to privacy can address some of these challenges.

We hope this report will be read as a call for action: privacy needs to be reclaimed by women, trans and gender diverse people.

Download the report

For more details visit https://cis-india.org/internet-governance/news/report-from-oppression-to-liberation-reclaiming-the-right-to-privacy

Facebook Privacy Design Sprint

Admin — 2018-12-04T16:28:41Z

Pranav Bidare and Saumyaa Naidu participated in the Facebook Privacy Design Sprint on Friday, November 30, 2018.

For more details visit https://cis-india.org/internet-governance/news/facebook-privacy-design-sprint

Danish Expert Group on Data Ethics

Admin — 2018-12-01T04:42:42Z

Amber Sinha was one of the stakeholders who provided inputs to the Danish Expert Group on Data Ethics in June 2018 during their visit to New Delhi. The Expert Group has prepared and submitted its final report.

In April the Danish Expert Group on Data Ethics commenced work on developing recommendations on Data Ethics for the Danish Government. The expert group have now handed over their recommendations to the Danish Minister of Industry, Business and Financial Affairs. Read the report.

For more details visit https://cis-india.org/internet-governance/news/danish-expert-group-on-data-ethics

Cyberspace and External Affairs:A Memorandum for India Summary

Arindrajit Basu and Elonnai Hickok — 2018-12-01T04:10:51Z

This memorandum seeks to summarise the state of the global debate in cyberspace; outline how India can craft it’s global strategic vision and finally, provides a set of recommendations for the MEA as they craft their cyber diplomacy strategy.

It limits itself to advocating certain procedural steps that the Ministry of External Affairs should take towards propelling India forward as a leading voice in the global cyber norms space and explains why occupying this leadership position should be a vital foreign policy priority. It does not delve into content-based recommendations at this stage. Further, this memorandum is not meant to serve as exhaustive academic research on the subject but builds on previous research by the Centre for Internet & Society in this area to highlight key policy windows that can be driven by India.

This memorandum provides a background to global norms formation focussing on key global developments over the past month; traces the opportunities s for India to play a lead role in the global norms formulation debate and then charts out process related recommendations on next steps towards India taking this forward.

Click here to read more

For more details visit https://cis-india.org/internet-governance/blog/arindrajit-basu-and-elonnai-hickok-november-30-2018-cyberspace-and-external-affairs

Informational Privacy in India: An Emerging Discourse

Admin — 2018-12-01T05:40:31Z

Centre for Policy Research supported by Omidyar Network organized this event in New Delhi on November 29, 2018. Amber Sinha was a speaker on the first panel on privacy and its tradeoffs.

Concept Note

The last few years have seen a formalisation of the right to informational privacy within India’s constitutional framework. While the context to this – the challenge to the validity of the Aadhaar project – has entailed broader issues on delivery of public goods and services, the response to whether an individual can assert control over key informational aspects of her life has become a critical part of our rights jurisprudence.

The Supreme Court verdict in Justice Puttaswamy’s case (2017) unequivocally affirmed this right despite leaving open several important aspects including the permissibility of restrictions on this right, and the level of scrutiny which the judiciary could exercise to safeguard them. What was particularly striking was the judicial reliance on considerable scholarship emerging from India and Indian scholars on important themes pertaining to this right: the differing conceptions of privacy and the role for each of them within India’s constitutional framework; the impact of privacy erosion on citizen-State relationship and private transactions in the commercial realm; surveillance tools and technologies in India; the need for an indigenous data protection law, and much more. The court has picked up on this thread in the second Puttaswamy verdict upholding the constitutional validity of Aadhaar with some important caveats and exceptions.

Recently, the Expert Committee headed by retired Justice Srikrishna also convened to come out with a draft personal data protection bill. The centrality of data to both commercial activity and governance purposes has found recognition in this bill. While the present legal regime to regulate data in India can be considered chequered at best with divergent regulations across finance, healthcare, telecom, mobility etc., the new bill aims to create a “big data-ready” framework. It impacts any private enterprise handling personal data by stipulating new internal procedures and strong penalties. The major themes in the bill are new user rights for data principals (individuals) who share their data with data fiduciaries (technology companies); data localisation and crossborder data flows; data protection authority (DPA) and its powers; data fiduciaries and new compliance requirements; and exceptions including law enforcement. Each of these carries major implications for data-driven solutions.

During the deliberations of the Committee too, substantial Indian scholarship on the themes listed above have been referenced and relied upon. This is truly a breakout moment for privacy and data protection in India. It is changing the terrain of institutional responses to personal data, technology architectures, and digital trade.

Discussion Objectives and Format

With the above background, the Centre for Policy Research conducted a closed-door, invite only discussion on November 29, 2018 on the theme Informational Privacy in India: An Emerging Discourse. This discussion sought to engage with representatives from embassies, chambers of commerce and research funding organisations located in India. It took place from 10.00 to 13.00 hours at the Taj Vivanta Ambassador, Sujan Singh Park off Subramaniam Bharti Marg, New Delhi 110003.

The core objectives driving this workshop were to:

Highlight informational privacy debates in India;
Locate informational privacy within India’s constitutional setting, closely re-examining the Supreme Court verdicts in this regard;
Explore themes such as the notice-and-consent framework, regulatory interventions and structural changes, and other key themes on privacy and data protection in India;
Demystify concepts introduced to strengthen personal data protection, including actor and data categories, and new user rights, and their potential impact on technology design;
Highlight the ramifications of data localization and cross-border data transfer restrictions, on digital trade and e-commerce;
Decode the new structural mechanisms proposed to mitigate risks in collection, storage, and processing of personal data;
Identify the impact of these mechanisms on the functioning of data-driven businesses and the future of data innovation in India.

Click to view the agenda

For more details visit https://cis-india.org/internet-governance/news/informational-privacy-in-india-an-emerging-discourse

Briefing on BBC News pan-India research on how 'fake news' / digital misinformation spreads

Admin — 2018-12-05T14:01:10Z

Amber Sinha participated in a special private briefing on the BBC's pan India research on how misinformation spreads. The briefing was conducted on November 16, 2018 in New Delhi.

The briefing was very useful in understanding both the methodology employed by the researchers, and how they arrived ate certain findings. The report can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/briefing-on-bbc-news-pan-india-research-on-how-fake-news-digital-misinformation-spreads

Building a Community of Practice: Reflections from 2nd All Partners

Admin — 2018-12-01T04:18:52Z

On Wednesday, November 14th, the Partnership on AI held its 2nd annual All Partners Meeting in San Francisco, California. Representatives from our 80+ member organizations – for-profit companies, civil society organizations, academic institutions, and advocacy groups – traveled from across the globe to reflect on 2018 progress, and to plan for the future.

Elonnai Hickok participated in the event held in San Francisco on November 14 and 15, 2018. The event was organized by Partnership on AI. On November 14, Elonnai spoke on the panel on the PAI working groups and on November 15 she co-lead the AI Labor and Economy working group meeting as co-chair of the group. More details can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/building-a-community-of-practice-reflections-from-2nd-all-partners

Surveillance Stories: Optimizing rights and governance

Admin — 2018-10-31T01:39:56Z

Sunil Abraham gave a talk at the National Centre for Biological Sciences, Tata Institute of Fundamental Research, Bangalore on October 16, 2018. Sunil used a series of stories to explain how surveillance works and fails in the context of theft, murder, insider trading, terrorism, demonetization and encounter killings.

These stories were used to explore multiple technical solutions for solving the “surveillance optimization problem”. Policy makers have to simultaneously maximize various rights — the right to privacy, the right to transparency, the right to free speech — and uphold the imperatives of the nation state: national security, law enforcement and effective governance.

Two decades ago, Lawrence Lessig introduced a socioeconomic theory of regulation called the ‘pathetic dot theory’, which discusses how individuals in a society are regulated by four forces — law, code or technical infrastructure, market and social norms. The talk will explore how these four regulatory options contribute to solving the surveillance optimization problem.

This was published on the website of National Centre for Biological Sciences

For more details visit https://cis-india.org/internet-governance/news/surveillance-stories-optimizing-rights-and-governance

Participation in the meetings of ISO/IEC JTC 1/SC 27 'IT Security techniques'

Admin — 2018-10-31T01:28:29Z

From 30 September 2018 to 4 October 2018, Gurshabad Grover participated in the meetings of the working groups of ISO/IEC JTC 1/SC 27 'IT Security techniques' held in Gjøvik, Norway. The meetings were organized by Standards Norway with support from NTNU, Microsoft, Telenor, et.al.

Gurshabad mainly focused on the meetings of Working Group 5 responsible for standards and research in "Identity management and privacy technologies" in SC 27. I attended sessions discussing work related to current ISO/IEC standards and upcoming work in the WG, such as:

Establishing a PII deletion concept in organizations

Privacy guidelines for smart cities

Additional privacy-enhancing data de-identification standards

Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

User-centric framework for PII handling based on user privacy preferences

Gurshabad will be a co-rapporteur on a 12-month study period to investigate the 'Impact of Artificial Intelligence on Privacy' which was initiated by the WG in the meeting. Additionally, I was a part of the drafting committee which prepared the final resolutions and liaison statements from the meeting.

Gurshabad also attended the Norwegian Business Forum on cyber security which was held on October 4th, which featured talks by professionals and academicians working in cyber security in their different sectors. The agenda for the business forum can be found here.

For more details visit https://cis-india.org/internet-governance/news/participation-in-the-meetings-of-iso-iec-jtc-1-sc-27-it-security-techniques

Technology Foresight Group Tandem Research's AI policy lab on the theme AI and Environment

Admin — 2018-10-31T01:10:34Z

Shweta Mohandas attended a roundtable discussion on artificial intelligence and environment held at Tandem Research's office in Goa on October 5, 2018. She also made the framing intervention for the first session by addressing the question - What are the likely ethical conundrums, and plausible unintended consequences of the use of AI for sustainability?

Conversations at the lab clustered around four main themes:

AI in the Anthropocene
What are the most critical sustainability challenges in India – and can AI be useful in addressing them? What are the likely ethical conundrums, and plausible unintended consequences of the use of AI for sustainability?

Conservation after nature
What AI interventions are possible to foster better conservation and can AI driven citizen science initiatives improve people’s relationship with the natural world? Can AI help imagine a more dynamic and proximate co-existence with other species, after nature?

Water ecosystems
Can AI help us imagine new paradigm of water control and infrastructure that are more dynamic and ‘mirror’ the complexity of natural water systems? Will AI lead to decentralization and empowerment of water users or will it result in centralized models and loss of power and agency of water users?

Future Cities
Can AI systems be used to foster sustainability practices around mobility, energy, waste, and help better plan development zones and create early warning systems? What systems can be built to encourage citizen participation for solving sustainability problems and increase transparency and accountability of municipal governments?

For more details visit https://cis-india.org/internet-governance/news/technology-foresight-group-tandem-researchs-ai-policy-lab-on-the-theme-ai-and-environment

Confidentiality of Communications and Privacy of Data in the Digital Age

praskrishna — 2018-10-28T06:02:07Z

On September 25, 2018, Elonnai Hickok participated in a side event Confidentiality of Communications and Privacy of Data in the Digital Age organized by INCLO and Privacy International at the Human Rights Council 39th ordinary session. Elonnai spoke on artificial intelligence and privacy.

For more details visit https://cis-india.org/internet-governance/news/confidentiality-of-communications-and-privacy-of-data-in-the-digital-age