Centre for Internet and Society

Artificial Intelligence: A Full-Spectrum Regulatory Challenge (Working Draft) PDF

pranav — 2020-08-04T06:07:47Z

For more details visit http://editors.cis-india.org/internet-governance/artificial-intelligence-a-full-spectrum-regulatory-challenge-working-draft-pdf

The State of Secure Messaging

divyank — 2020-07-17T08:12:15Z

A look at the protections provided by and threats posed to secure communication online.

This blogpost was edited by Gurshabad Grover and Amber Sinha.

The current benchmark for secure communication online is end-to-end encrypted messaging. It refers to a method of encryption wherein the contents of a message are only readable by the devices of the individuals, or endpoints, participating in the communication. All other Internet intermediaries such as internet service providers, internet exchange points, undersea cable operators, data centre operators, and even the messaging service providers themselves cannot read them. This is achieved through cryptographic mechanisms that allow independent devices to establish a shared secret key over an insecure communication channel, which they then use to encrypt and decrypt messages. Common examples of end-to-end encrypted messaging are applications like Signal and WhatsApp.

This post attempts to give at-risk individuals, concerned citizens, and civil society at large a more nuanced understanding of the protections provided and threats posed to the security and privacy of their communications online.

Threat Model

The first step to assessing security and privacy is to identify and understand actors and risks. End-to-end encrypted messaging applications consider the following threat model:

Device compromise: Can happen physically through loss or theft, or remotely. Access to an individual’s device could be gained through technical flaws or coercion (legal, or otherwise). It can be temporary or be made persistent by installing malware on the device.
Network monitoring and interference: Implies access to data in transit over a network. All Internet intermediaries have such access. They may either actively interfere with the communication or passively observe traffic.
Server compromise: Implies access to the web server hosting the application. This could be achieved through technical flaws, insider access such as an employee, or through coercion (legal, or otherwise).

End-to-end encrypted messaging aims to offer complete message confidentiality and integrity in the face of server and network compromise, and some protections against device compromise. These are detailed below.

Protections Provided

Secure messaging services guarantee certain properties. For mature services that have received adequate study from researchers, we can assume them to be sound, barring implementation flaws which are described later.

Confidentiality: The contents of a message are kept private and the ciphers used are practically unbreakable by adversaries.

Integrity: The contents of a message cannot be modified in transit.

Deniability: Aims to mimic unrecorded real-world conversations where an individual can deny having said something. Someone in possession of the chat transcript cannot cryptographically prove that an individual authored a particular message. While some applications feature such off-the-record messaging capabilities, the legal applicability of such mechanisms is debatable.

Forward and Future Secrecy: These properties aim to limit the effects of a temporary compromise of credentials on a device. Forward secrecy ensures messages collected over the network, which were sent before the compromise, cannot be decrypted. Future secrecy ensures messages sent post-compromise are protected. These mechanisms are easily circumvented in practice as past messages are usually stored on the device being compromised, and future messages can be obtained by gaining persistent access during compromise. These properties are meant to protect individuals aware of these limitations in exceptional situations such as a journalist crossing a border.

Shortcomings

While secure messaging services offer useful protections they also have some shortcomings. It is useful to understand these and their mitigations to minimise risk.

Metadata: Information about a communication such as who the participants are, when the messages are sent, where the participants are located, and what the size of a message is can offer important contextual information about a conversation. While some popular messaging services attempt to minimize metadata generation, metadata leakage, in general, is still considered an open problem because such information can be gleaned by network monitoring as well as from server compromise. Application policies around whether such data is stored and for how long it is retained can improve privacy. There are also experimental approaches that use techniques like onion routing to hide metadata.

Authentication: This is the process of asserting whether an individual sending or receiving a message is who they are thought to be. Current messaging services trust application servers and cell service providers for authentication, which means that they have the ability to replace and impersonate individuals in conversations. Messaging services offer advanced features to mitigate this risk, such as notifications when a participant’s identity changes, and manual verification of participants’ security keys through other communication channels (in-person, mail, etc.).

Availability: An individual’s access to a messaging service can be impeded. Intermediaries may delay or drop messages resulting in what is called a denial of service attack. While messaging services are quite resilient to such attacks, governments may censor or completely shut down Internet access.

Application-level gaps: Capabilities offered by services in addition to messaging, such as contact discovery, online status, and location sharing are often not covered by end-to-end encryption and may be stored by the application server. Application policies around how such information is gathered and retained affect privacy.

Implementation flaws and backdoors: Software or hardware flaws (accidental or intentional) on an individual’s device could be exploited to circumvent the protections provided by end-to-end encryption. For mature applications and platforms, accidental flaws are difficult and expensive to exploit, and as such are only accessible to Government or other powerful actors who typically use them to surveil individuals of interest (and not for mass surveillance). Intentional flaws or backdoors introduced by manufacturers may also be present. The only defence against these is security researchers who rely on manual inspection to examine software and network interactions to detect them.

Messaging Protocols and Standards

In the face of demands for exceptional access to encrypted communication from governments, and risks of mass surveillance from both governments and corporations, end-to-end encryption is important to enable secure and private communication online. The signal protocol, which is open and adopted by popular applications like WhatsApp and Signal, is considered a success story as it brought end-to-end encryption to over a billion users and has become a de-facto standard.

However, it is unilaterally developed and controlled by a single organisation. Messaging Layer Security (or MLS) is a working group within the Internet Engineering Task Force (IETF) that is attempting to standardise end-to-end encryption through participation of individuals from corporations, academia, and civil society. The draft protocol offers the standard security properties mentioned above, except for deniability which is still being considered. It incorporates novel research that allows it to scale efficiently for large groups up to thousands of participants, which is an improvement over the signal protocol. MLS aims to increase adoption further by creating open standards and implementations, similar to the Transport Layer Security (TLS) protocol used to encrypt much of the web today. There is also a need to look beyond end-to-end encryption to address its shortcomings, particularly around authentication and metadata leakage.

For more details visit http://editors.cis-india.org/internet-governance/blog/the-state-of-secure-messaging

Response to the ‘Call for Comments’ on The Santa Clara Principles on Transparency and Accountability

Torsha Sarkar and Suhan S — 2020-07-01T05:56:03Z

The Santa Clara Principles on Transparency and Accountability, proposed in 2018, provided a robust framework of transparency reporting for online companies dealing with user-generated content. In 2020, the framework underwent a period of consultation "to determine whether the Santa Clara Principles should be updated for the ever-changing content moderation landscape." In lieu of this, we presented our responses, which are in-line with our previous research and findings on transparency reporting of online companies, especially in context of the Indian digital space.

The authors would like to thank Gurshabad Grover for his editorial suggestions. A PDF version of the responses is also available here.

-------

1. Currently the Santa Clara Principles focus on the need for numbers, notice, and appeals around content moderation. This set of questions will address whether these categories should be expanded, fleshed out further, or revisited.

a. The first category sets the standard that companies should publish the numbers of posts removed and accounts permanently or temporarily suspended due to violations of their content guidelines. Please indicate any specific recommendations or components of this category that should be revisited or expanded.

While the Principles provide a robust framework for content moderation practices carried out by the companies itself, we believe that the framework could be expanded significantly to include more detailed metrics on government requests for content takedown, as well as for third-party requests. For government requests, this information should include the number of takedown requests received, the number of requests granted (and the nature of compliance - including full, partial or none), the number of items identified in these requests for takedown, and the branch of the government that the request originated from (either from an executive agency or court-sanctioned).

Information regarding account restrictions, with similar levels of granularity, must also form a part of this vertical. These numbers must be backed with further details on the reasons ascertained by the government for demanding takedowns, i.e. the broad category under which content was flagged. For third party requests, similar metrics should be applied wherever appropriate.

Additionally, for companies owning multiple platforms, information regarding both internal content moderation and moderation at the behest of external requests (either by the state or third-parties), must be broken down platform-wise. Alternatively, they should publish separate transparency reports for each platform they own.

b. The second category sets the standard that companies should provide notice to each user whose content is taken down or account is suspended about the reason for the removal or suspension. Please indicate any specific recommendations or components of this category that should be revisited or expanded.

While this category envisages companies to provide notice to its users across removals related to all categories of content, additional research reveals that oftentimes, companies create further categorization of ‘exceptional circumstances’, where it may hold the discretion for not sending a notice, including for CSAM or threats to life. While the intent behind such categorization might be understandable, we believe that any list of exceptional circumstances should not be ideally left to company discretions, and must be prepared in a collaborative fashion. Accordingly, we recommend that the Principles be expanded to identify a limited set of exceptional circumstances, where not sending a notice to a user would be permissible, and would not count as a violation of the Principles.

Additionally, while the current framework provides requirements for granular details in the notice in case of content flagged by the company’s internal moderation standards, we believe a similar model should also be emulated for content removals at the behest of the state. When a piece of content has been identified as illegal by a government takedown request, then the notice issued by the company to the user should be as granular as possible, within the permissible limits of the law under which the takedown request was issued in the first place. Such granularity must include, among other things, the exact legal provision under which the content has been flagged, and the reasons that the government has given in implementing this flagging.

c. The third category sets the standard that companies should provide a meaningful opportunity for timely appeal of any content removal or account suspension. Please indicate any specific recommendations or components of this category that should be revisited or expanded.

Currently, the category of ‘appeals’ in the Santa Clara Principles is focussed on having accountability processes in places, and emphasize on the need of having meaningful review. The framework of the Principles also currently envisage only internal review processes carried out by the company. However, in light of Facebook unveiling its plans for an Oversight Board, a structurally independent body, which would arbitrate select appeal cases of content moderation, these pre-existing principles might need revisiting.

While the Oversight Board is a relatively novel concept, given the important precedence it sets, setting certain fundamental principles of transparent disclosures and accountable conduct around it, might allow researchers and regulators alike to gauge the efficacy of this initiative. Accordingly, the Principles should consider some base-level disclosures that the company must make when it is referring a select category of cases for independent external review. This might include a statement of reasons explaining why certain cases were prioritized for independent review, and in the instance that the decision hinges on a public interest question, then the proceedings of the independent review might also be required to be made public (with due recourse paid to security issues and the confidentiality of the parties involved).

2. Do you think the Santa Clara Principles should be expanded or amended to include specific recommendations for transparency around the use of automated tools and decision-making (including, for example, the context in which such tools are used, and the extent to which decisions are made with or without a human in the loop), in any of the following areas:

Content moderation (the use of artificial intelligence to review content and accounts and determine whether to remove the content or accounts; processes used to conduct reviews when content is flagged by users or others)

Companies have begun to rely on a variety of automated tools to aid their content removal processes, across a variety of content, including revenge porn, terrorist content and CSAM. Research however, has shown that the tools deployed often have their limitations, which include over-removal, and censorship of perfectly legitimate speech.

We recommend that the Principles should accordingly be expanded to include content removed by automatic flagging, the error rates encountered by the tools, and the rate at which wrongly taken down content is being reinstated. There should also be a qualitative aspect to the information presented by these companies, and therefore, there should be a clearer disclosure of the kind of automated tools they use. Such disclosure must, of course, be balanced against interests of the security of the platform and the necessity to ensure that information disclosed is not used by malicious third-party actors to circumvent legitimate moderation.

Additionally, with specific reference to ‘extremist content’, several online companies have collaborated to form the Global Internet Forum to Counter Terrorism (GIFCT), with the intent of facilitating better moderation. The GIFCT uses a hash-based technology of a shared database of ‘terrorist’ content for filtering content on their platforms. However, as it has already been noted, this initiative provides very little information regarding how it functions, and operates without any collaboration with civil society or human rights groups, and without any law enforcement oversight.

Such similar collaborative measures going forward, for deployment of varied forms of automated tools to filter out various forms of content, without any transparency or accountability, can be problematic, since it makes information regarding the efficacy of these tools scarce, research into the processes difficult, and ultimately, any reformative suggestions impossible.

Accordingly, the Principles must emphasize that collaborative efforts to the effect of using automated tools in content moderation must be done with sufficient consideration to the basic principles of transparency and accountability. This might include sharing information about processes with a select list of civil society and human rights groups, and in the transparency reports, separately presenting information about the accuracy rates of the tools.

Content ranking and downranking (the use of artificial intelligence to promote certain content over others such as in search result rankings, and to downrank certain content such as misinformation or clickbait)

Ranking and downranking algorithms have been deployed by companies for various purposes and across different services they offer. For the purposes of our discussion, we would restrict ourselves to two chief use-cases of these processes: search engines and internet platforms.

Search engines

The algorithms that have been developed to find accurate results for query are oftentimes not perfect, and they have been accused of being biased, including being politically non-partisan and burying certain ideologies. Similarly, in the case of automated systems to downrank misinformation, accuracy is not guaranteed as such systems can identify accurate information as misinformation. Since the algorithm is constantly learning and updating, it becomes difficult to know exactly why certain content may be made less visible.

As case-studies of several search engines indicate, a company’s ranking processes often use a combination of algorithms and human moderators. Requirement for transparency therefore, can mandate disclosure of the training materials for these human moderators. For instance, Google has a scheme of ‘Search Quality Raters’, which comprises a group of third-party individuals responsible for giving feedback regarding search results. The guidelines on which their feedback is based on, are publicly available. The Principles can therefore call for similar disclosure of other companies that deploy human help for their ranking processes.

Internet platforms

For social media platforms, ranking algorithms are utilized for curation of news-feeds: dashboards showing content to the user that the algorithm thinks are relevant. The algorithm makes these decisions based on different signals that it is trained with. Information around these algorithms is hard to come by, and even if it is, the algorithms are often blackboxes, with their decisions not explainable.

There are however, ways by which transparency around these algorithms can be improved without compromising the security and integrity of the platform. This might include companies informing users, in an accessible manner, “(i) how they rank, organize and present user generated content.”, and updating the data in a timely manner, allowing researchers and regulators the appropriate opportunity to utilize this information while it is still relevant.

Companies should also have an easy-to-access policy that outlines how it plans to manage the human rights risks arising out of the system(s) it deploys. The human rights impacts assessment must additionally consider the broad social contexts within which the algorithm system is used.

Ad targeting and delivery (the use of artificial intelligence to segment and target specific groups of users and deliver ads to them)

Companies such as Facebook and Google collect a wide variety of data from its audience, using a variety of data points (including age, location, race) which is used to deliver personalised advertisements by the advertisers affiliated with the company. Methods like activity tracking and browser-fingerprinting are employed to track users, with or without explicit notice. Since a user’s privacy is greatly affected by such tracking, more transparency is needed where user data is collected by companies and where they are processed using the company’s algorithms to target and deliver ads. Additionally, targeted advertising, especially in the context of political advertising, result in segmenting groups of people and subjecting them to advertising campaigns. This, in turn may have drastic consequences, since they seem to deepen divisiveness over critical issues.

Notice

The Principles should identify metrics of a meaningful notice that companies must give users when their data is collected for delivering advertisements. Among others, such notice should specify all kinds of data the company is collecting regarding the user, and the categories across which they have been segmented or categorized for advertising.

Disclosure

Companies should also strive to disclose how data is collected and processed, specifically to segment users and deliver advertisements, in detail. This might include disclosing all the categories made available to advertisers by the company, and the names and identities of third parties (both advertisers and data-brokers) with whom such data is shared. CNBC, for instance, in 2019 reported that Facebook selectively shared user data with select partners while denying rival companies from accessing the data. Additionally, companies that allow users to opt out of their data being wholly or partly should disclose this option and make it easy to access. For Example, Facebook lets users turn off data being used for advertising in three different categories. Facebook Ad Preferences menu hidden in a user’s settings is detailed. However, barring a public post that attempts to explain how and why users see certain ads on Facebook, which has one line at the end that directs users to their Ad Preference settings to “View and use” their controls, the company does not have any public document explaining users their choices. Amazon, on the other hand allows users to turn off personalized ads completely and has a dedicated page that explains how a user’s data is used for personalizing advertisements and options to disable it.

Content recommendations and auto-complete (the use of artificial intelligence to recommend content such as videos, posts, and keywords to users based on their user profiles and past behavior)

Algorithms and recommendation systems are designed to suggest content that a user is likely to interact with, on the basis of their browsing behaviour and interaction on the platform. These algorithms are constantly updated to be more accurate. Popular examples include Instagram and YouTube. It is interesting to note that these systems have been documented to often suggest radical content to users, and upon user-interaction with such content, continuously amplify them. YouTube’s algorithm, for instance, has been previously accused of pushing users towards extremist or inflammatory ideologies.

Studying how recommendation algorithms function however, and why certain extremist content are being recommended to users, have been difficult, due to one, the complexity of the current information ecosystem, and two, because of the lack of information around these algorithms. The Santa Clara Principles can, by way of an expansion of scope, look to address the second difficulty, by urging companies to be more transparent with their internal processes.

Sharing of data or open-sourcing algorithms

With due recourse paid to the security and integrity of the platform, we recommend that the code for the algorithm used for recommendations should be open-source and publicly available online. Reddit, for instance, publishes its code for curation of news feeds in an open-source format.

Another way of doing this, as has been studied, is to consider a two-pronged method of sharing data. In the first count, datasets identified as ‘sensitive’, are shared in partnerships with certain institutions, under non-disclosure agreements. In the second count, more non-sensitive data is shared in an anonymized format publicly, and made available for any researcher to access.

This idea, however, must be taken with a few caveats. One, sharing of datasets may not always fulfill the public-facing model of transparency and accountability that the Santa Clara Principles envisage. Two, this might be a particularly onerous obligation for smaller and medium enterprises, and without sufficient economic data, it might be difficult to implement this. And three, any framework adopting this must consider the privacy aspect of such sharing. At this juncture, therefore, we do not recommend this as a compulsory binding obligation that any company adopting the Principles must abide by. Rather, we hope and encourage for more conversations to be held around this concept, so that the aforementioned competing interests are accommodated optimally.

Qualitative transparency

The other mode of ensuring more clarity into the recommendation system should be by asking companies to publish user-facing, clearly accessible policies and explainers that outline how the company uses algorithms to recommend content to users. This can also include creation of a visible list of topics, which the company has chosen ‘not to amplify’ (for instance, topics such as self-harm, eating disorders), and updated regularly.

3. Do you feel that the current Santa Clara Principles provide the correct framework for or could be applied to intermediate restrictions (such as age-gating, adding warnings to content, and adding qualifying information to content). If not, should we seek to include these categories in a revision of the principles or would a separate set of principles to cover these issues be better?

The Santa Clara Principles, as they had been originally envisaged, adhered to the commonly adopted binary of take down/leave up in content moderation, where a piece of unlawful, or problematic content (or an account), was either censored from public view or allowed to continue. However, since then, platforms dealing with user-generated content have resorted to a variety of novel and intermediate techniques to moderate and regulate speech which fall outside the aforementioned binary. With adoption of such steps therefore, it is also important for the Principles to evolve and take into consideration the expanded scope of content moderation. In light of that, we recommend the following steps to be taken in the intermediate areas of regulation:

Adding warnings, qualifying information to content

As mentioned above, in recent past, online intermediaries have resorted to more intermediate restrictions to deal with ‘harmful’ content online. These measures have seen an added boost in light of the Covid-19 outbreak, where there has been a massive increase in misleading information and conspiracy theories online. These measures have included, among others, connecting users who have interacted with misinformation to verified, debunked information and introducing a spectrum of actions based on the degree of harm posed by the content, which includes adding labels, warning, and finally, removal. Such intermediate measures currently are not accommodated within the framework of the Santa Clara Principles, for reasons enumerated above, and going forward, it may become important for the Principles to look at the learnings from these measures and adopt them, wherever appropriate, into the framework.

Additionally, as conversations around the instance of Twitter adding a fact-check to Donald Trump’s tweet show, the application of these intermediate measures are often ad-hoc, since there is often no explanation why certain items receive the moderation treatment, while other, similarly misleading content from same sources, continue to stay online. Accordingly, it is difficult to ascertain the exact reasoning process behind these steps. Therefore, adoption of principles related to measures of adding labels or warnings to information online must also require companies to be transparent with their decision-making processes.

Fact-checking

In recent years, with the proliferation of misinformation on online platforms, several companies have either begun to collaborate with fact-checkers, or deploy their own in-house teams. While these initiatives should be appreciated, it should also be noted that the term ‘fact checking’ assumes a partisan meaning in certain circumstances, including when sources of misinformation themselves offer this service. Accordingly, it becomes important that the fact-checking initiatives adopted by companies adhere to some standards of international best practices, and the decisions made are not riddled with biases, either political or ideological.

The Santa Clara Principles are useful to ascertain the transparency of any fact-checking initiatives, and can be applied across both collaborations between companies and fact-checkers, as well as for in-house fact checking initiatives.

For any manner of collaborations, companies must disclose, in clear terms, the names and identities of the fact-checking organizations that they are teaming up with (this example from Facebook divides this list of names country-wise) and the nature of this collaboration, which must include details of whether the organization stands to any monetary gains, and what is the level of access to the platform and its dashboards given by the company to the fact-checking organization.

For in-house initiatives, the Santa Clara Principles must require companies to disclose information regarding any training programs carried out and the background of the fact-checkers, and this might also include a statement regarding the objectivity and non-partisanship of the initiative.

Lastly, comprehensive information about fact-checking must be presented in a clearly accessible format in the company’s regular transparency reports, which should include data on how many pieces of content got fact-checked in the reporting period, the nature of the content (text, photos, videos, multimedia), the nature of misinformation that was being perpetuated (health, communal etc.), and the number of times the said piece of content was shared before it could be fact-checked.

Age-gating

The Digital Economy Act of 2017, proposed by the UK Government (and since dropped in 2019) serves as an early model of the legislature around the world to regulate the process of putting in place age-restrictions. By the application of that law, any websites offering pornography would have to show a landing page to any user with an UK IP address, which would not go away till the user is able to show that they are over the age of eighteen years. However, the government had left the exact technical method of implementing the age-gate upto the website, which meant that websites were free to adopt any methods they deem fit for verifying age, which might also include facial recognition.

However, learnings from the UK Model, and several other models of attempted age-gating have shown that there are often easy methods of circumvention and the information collected in lieu of implementation of these methods goes on to raise privacy concerns. It is our understanding that the regulation of age-restrictions is currently in a flux, and setting principled guidelines at this stage may not be completely evidence-based. In such light, it is our recommendation that the Santa Clara Principles should not be expanded to include age-gates. Separate consultations and discussions on the merits of the various forms of age-gating should precede any principles in this subject.

4. How have you used the Santa Clara Principles as an advocacy tool or resource in the past? In what ways? If you are comfortable with sharing, please include links to any resources or examples you may have.

In 2019, we developed specific methodologies to analyse information relating to government requests for content takedown and user information, from transparency reports made available by online companies for India. For creating our methodology for government requests for content takedown, we relied significantly on some of the metrics of the Santa Clara Principles, and utilized them to expand our scope of analysis. Our methodology comprised of the following metrics adopted from the Principles:

Numbers: We utilized this metric, and further clarified that the numbers should include a numerical breakdown of the requests received under different laws on content takedown.
Sources: The Santa Clara Principles recommend that the intermediary identify the source of the flagging. Under the intermediary liability regime in India, content takedown requests can be sent by the executive, the courts, or third parties. We accordingly argued that transparency reports must classify the received requests into these three categories.
Notice: We also utilized this metric for our methodology.

The full version of our methodology and the results from our analysis can be found here.

5. How can the Santa Clara Principles be more useful in your advocacy around these issues going forward?

We intend to apply this methodology for future editions of the report as well, and build up a considerable body of work on transparency reporting practices in the Indian context.

6. Do you think that the Santa Clara Principles should apply to the moderation of advertisements, in addition to the moderation of unpaid user-generated content? If so, do you think that all or only some of them should apply?

Moderation of advertisements in the recent years have become an interesting point of contention, be it advertisements that violate the companies policies on disruptive ads policies, or advertisements with more nefarious undertones, including racist language and associations to Nazi symbols.

Several companies already have various moderation policies for these kinds of harmful advertisements and other content that advertisers can promote, and these are often public. Based on this, we think that the Santa Clara Principles can be expanded to include the moderation of advertisements, and the metrics contained within would be applicable across this vertical, wherever appropriate.

7. Is there any part of the Santa Clara Principles which you find unclear or hard to understand?

N/A.

8. Are there any specific risks to human rights which the Santa Clara Principles could better help mitigate by encouraging companies to provide specific additional types of data? (For example, is there a particular type of malicious flagging campaign which would not be visible in the data currently called for by the SCPs, but would be visible were the data to include an additional column.)

N/A.

9. Are there any regional, national, or cultural considerations that are not currently reflected in the Santa Clara Principles, but should be?

While utilizing the Principles for the purposes of our research, we found that the nature of information that some of these online companies make available for users residing in the USA, is very different from the information they make available for users residing in other countries, including in India. For instance, Amazon’s transparency reports regarding government requests for content removal, till the first half of 2018, was restricted only to the US, despite the company having a considerably large presence in India (during our research, Alexa Rank showed Amazon.com to be the 14th most visited website in India).

A public commitment to uphold Santa Clara Principles (as several companies have undertaken, see EFF’s recent Who Has Your Back? report) would mean nothing if these commitments do not extend to all the markets in which the company is operating. Accordingly, we believe that it must be emphasized that the adoption of these Principles into the transparency reporting practices of the company must be consistent across markets, and the information made available should be as uniform as it is legally permissible.

10. Are there considerations for small and medium enterprises that are not currently reflected in the Santa Clara Principles, but should be?

Our understanding at this current juncture is that not enough data exists around the economic costs of setting up the transparency and accountability structures. Accordingly, at the end of this Consultation period, should the Principles be expanded to include more intermediate restrictions and develop accountability structures around algorithmic use, we recommend that a separate consultation be held with small and medium enterprises to identify a) whether or not there would be any economic costs of adoption and how best the Principles can accommodate them, and b) what are the basic minimum guidelines that these enterprises would be able to adopt as a starting point.

11. What recommendations do you have to ensure that the Santa Clara Principles remain viable, feasible, and relevant in the long term?

Given the dynamic nature of developments in the realm of content moderation, periodical consultations, in the vein of the current one, would ensure that the stakeholders are able to raise novel issues at the end of each period, allow the Principles to take stock of the same, and incorporate changes to that effect. We believe that this would allow for the Principles to continue to be aware of the realities of content moderation, and allow for evidence-based policy-making.

12. Who would you recommend to take part in further consultation about the Santa Clara Principles? If possible, please share their names and email addresses.

N/A.

13. If the Santa Clara Principles were to call for a disclosure about the training or cultural background of the content moderators employed by a platform, what would you want the platforms to say in that disclosure? (For example: Disclosing what percentage of the moderators had passed a language test for the language(s) they were moderating or disclosing that all moderators had gone through a specific type of training.)

By now, there have been well documented accounts of human moderators, by independent investigations or admissions by companies. For instance, this blogpost authored in 2018 by Mark Zuckerberg documented the percentage of human moderators who were trained in the Burmese language, in reference to moderating content on the platform in Myanmar. Comprehensive information about linguistic and cultural backgrounds of human moderators is a useful tool to contextualize the decisions made by the platform, and also useful in pushing more effective reforms.

Additionally, it has also been seen that a company’s public facing moderation norms often differ from its internal guidelines, which are shared with its team of human moderators. For instance, TikTok’s internal norms had asked its moderators to ‘suppress’ content from users perceived to be ‘poor’ and ‘ugly’. The gaps in these norms means that there are surreptitious forms of censorship behind-the-scenes, and it is difficult to ascertain the reasonableness and appropriateness of these decisions.

We would also like to emphasize more stringent disclosure requirements from companies regarding the nature of engagement with which they employ their human moderators. As investigations have revealed, the task of human moderation is often outsourced by these companies to third-party firms, and the working conditions in which the moderators make their decisions are inhospitable. Additionally, more often than not, there are no publicly available methods to ascertain whether the company in question is doing enough to ensure the well-being and safety of these moderators.

Therefore, alongside disclosure regarding the nature of training given to the human moderators and their internal moderation norms, we also recommend that the Principles recognize certain fundamental ethical guidelines with relation to their human moderators that companies must adopt. This might include providing identifying information of the third-party firms to which the company outsources its moderation and assurances of sufficient number of counsellors for the moderators.

14. Do you have any additional suggestions?

While the Santa Clara Principles provide a granular and robust framework of reporting, currently it stands to only cover aspects of quantitative transparency - concerning numbers and items. As we have indicated throughout this submission, and in our previous research, there are also need for companies to adhere to more norms focussing on qualitative transparency - in the form of material disclosure of the policies, processes and structures they associate with, or make use of. Aside from the suggestions in the previous sections, in this section we highlight two additional recommendations that we think can help achieve this.

Material regarding local laws

One of our preliminary findings regarding the way these intermediaries report data for other regions (including India) has been that most of the time, the information is incomplete, especially with regards to material regarding the local laws. Compared to the US, for which most of these companies dedicate separate sections, other regions feature relatively fewer times in their reports. Each country in which the company functions, there would be various laws governing content removal, different authorities empowered to issue orders, and varied procedural and substantive requirements of a valid request. For the empowerment of users, we believe that the exact metrics and requirements of these laws must be presented by the intermediaries, in a clear and readable format.

Accessibility of policies

On the topic of empowerment of users, we also believe that the basic information and policies regarding these requests should be placed at one place, for maximum accessibility by users. During our research, we discovered that the disclosures made in lieu of the Principles were spread over different policies, some of which were not easily accessible. While it is not possible at this juncture to predict a comprehensively objective way of making all this information accessible, we believe it would be a useful step if the basic information regarding the intermediary's transparency reporting policies were presented in the same manner as the company's Terms and Services and Privacy Policy. Additionally, we believe that these disclosures should be translated into major languages in which the company operates, for further accessibility.

15. Have current events like COVID-19 increased your awareness of specific transparency and accountability needs, or of shortcomings of the Santa Clara Principles?

The Covid-19 pandemic proves to be a watershed moment for the history of the internet, inasmuch in the manner of proliferation of various forms of misinformation and conspiracy theories, as well as the way in which companies have stepped up to remove said content from their platforms. This has included companies like Google, Twitter and Facebook, who have sought to increasingly rely on automated tools for rapid moderation of harmful content related to the pandemic.

These practices reaffirm the need for having strong requirements for transparency disclosures, both qualitative and quantitative, especially around the use of automated tools for content takedown. This is because of two main reasons.

One, the speed of removal would never tell us anything about the accuracy of the measure. A platform can say that in one reporting period, it took down 1000 pieces of content; this would not mean that its actions were always accurate, or fair or reasonable, since there is no publicly available information to ascertain so. This phenomenon, aggregated with the heightened pressure to remove misinformation related to the pandemic, may contribute to firstly, erroneous removals (as YouTube has warned in blogs), and secondly, towards deepening the information asymmetry regarding accurate data around removals.

Two, given the novel and diverse forms of misleading information related to the pandemic, this offers a critical time to study the relation between online information and the outcomes of a public health crisis. However, these efforts would be thwarted if reliable information around removals relating to the pandemic continue to be unavailable.

For more details visit http://editors.cis-india.org/internet-governance/blog/response-to-the-2018call-for-submissions2019-on-the-santa-clara-principles-on-transparency-and-accountability

Brindaalakshmi.K - Gendering of Development Data in India - Beyond the Binary #4

sumandro — 2020-06-30T10:34:03Z

For more details visit http://editors.cis-india.org/raw/brindaalakshmi-k-gendering-of-development-data-in-india-beyond-the-binary-4

Brindaalakshmi.K - Gendering of Development Data in India - Beyond the Binary #3

sumandro — 2020-06-30T09:48:48Z

For more details visit http://editors.cis-india.org/raw/brindaalakshmi-k-gendering-of-development-data-in-india-beyond-the-binary-3

Brindaalakshmi.K - Gendering of Development Data in India: Beyond the Binary

Brindaalakshmi.K — 2020-06-30T10:26:40Z

This report by Brindaalakshmi.K seeks to understand the gendering of development data in India: collection of data and issuance of government (foundational and functional) identity documents to persons identifying outside the cis/binary genders of female and male, and the data misrepresentations, barriers to accessing public and private services, and informational exclusions that still remain. Sumandro Chattapadhyay edited the report and Puthiya Purayil Sneha offered additional editorial support. This work was undertaken as part of the Big Data for Development network supported by International Development Research Centre (IDRC), Canada.

Part 1 - Introduction, Research Method, and Summary of Findings: Download (PDF)

Part 2 - Legal Rights and Enumeration Process: Download (PDF)

Part 3 - Identity Documents and Access to Welfare: Download (PDF)

Part 4 - Digital Services and Data Challenges: Download (PDF)

India has been under a national lockdown due to the global outbreak of the COVID-19 pandemic since late March 2020. Although transgender persons or individuals who do not identify with the gender of their assigned sex at birth, fall into the eligibility category for the relief measures announced by the State, the implementation of the relief measures has seen to be inefficient in different states [1] of the country [2]. Many transgender persons still do not have proper identification documents in their preferred name and gender that can help them with claiming any welfare that is available [3].

Historically, the situation of transgender persons in India has been so, even prior to the present pandemic. A qualitative research study titled Gendering of Development Data in India: Beyond the Binary was undertaken during October 2018 - December 2019, to understand the gendering of development data in India, collection of data and issuance of government (foundational and functional) identity documents to persons identifying outside the cis/binary genders of female and male, and the data misrepresentations, barriers to accessing public and private services, and informational exclusions that still remain.

The interviews for this study were conducted in late 2018 and this report was completed in the beginning of 2020, after India went through an extended national debate on and finally enactment of the Transgender Persons (Protection of Rights) Act during 2019. Three key observations from this study are presented in this blog post. Although these observations were made prior to the release of the draft rules of the new law, it is important to note that the law along with the draft rules in its present version will likely aggrevate the data and social exclusions faced by the transgender community in India.

Observation 1: The need for data has sidestepped the state’s responsibility to address the human rights of its people

The present global development agenda is to leave no one behind [4]. The effort to leave no one behind has shifted the focus of the state towards collecting data on different population groups. The design of and access to welfare programmes relies heavily on the availability of data. The impact of these programmes are again measured and understood as reflected by data. This shift in focus to data has led to further exclusion of already disenfranchised groups including the transgender community [5]. The problem with this lies in the framing of the development discourse as one that demands data as the prerequisite to access welfare benefits.

However, there are significant issues with the data on transgender persons that has been fed into different national and state-level databases, beginning with the census of 2011. For the first time, census of 2011 attempted to enumerate transgender persons. However, the enumeration of transgender persons for the census of 2011 has been severely criticised by the transgender community due to lack of

Clear distinction between sex and gender in the census data collection process,
Community consultation in designing the enumeration process, and
Inclusion of all transgender identities, among others.

However, this flawed data set is being used as the primary data for fund allocation across different states for transgender people’s inclusion, note respondents. Further, any person identifying outside the gender of their assigned sex at birth faces the additional burden of proving their gender identity to access any welfare benefit. However, cisgendered men or women are never asked to prove their gender identity. The need for data from a marginalised population group without addressing the structural problems has only led to further exclusion of this already invisible group of individuals, note respondents. Further, the Transgender Persons (Protection of Rights) Act, 2019 was passed despite the severe criticisms from the transgender community, human rights activist groups [6] and even opposition political parties [7] in India for several reasons [8].

Observation 2: Replication of existing offline challenges by digital systems in multiple data sources, continues to keep transgender persons excluded

Digitisation was supposed to remove existing offline challenges and enable more people centric systems [9]. However, digital systems seem to have replicated the existing offline challenges. In several cases, digitisation has added to the complexities involved.

The replication of challenges begins with the assumption that digital processes are the best way to collect data on transgender persons. Both level of literacy and digital literacy are low among transgender persons in India. According to a report by the National Human Rights Commission [10], nearly 50% of transgender persons have studied less than Class X. This has a significant effect on their access to different rights.

Access to mobile phones is assumed to bridge this access gap to online systems and services. However, observations from different respondents suggest otherwise. Additionally, due to their gender identity, transgender individuals face different set of challenges in procuring valid identification documents required to enter data systems, note respondents. This includes but not limited to:

Lack of standardised online or offline processes to aid in changing their documents and vary within each state in different documents.
Procuring any identification document in preferred name and gender requires existing identification documents in given name and assigned gender, in both online and offline processes. However, due to the stigma with their gender identity, transgender persons often run away from home with no identification document in their assigned name and gender.
With or without an existing ID document, individuals have to go through a tedious offline legal process to change their name and gender on different documents.
Information on such processes, digital or otherwise are usually available only to individuals who are educated or associated with a non-profit organisation working with the community. The challenges are higher for individuals with neither.

Observation 3: Private big data is not good enough as an alternative source of evidence for designing welfare services for transgender persons

Globally, public private partnerships for big data are being pushed through different initiatives like Data Collaboratives [11] and UN Global Pulse [12], among others. These private partnerships are being seen as key to using big data for official statistics, which can then aid in making welfare decisions [13]. However, the respondents note that the different private big data sources are not good enough to make welfare decisions for various reasons including but not limited to:

Dependency on government documents: Access to any private service system like banking, healthcare, housing or education by any individual requires verification using some proof of identity. The discrimination and challenges in procuring government issued identification documents impacts the ability of transgender persons to enter private data systems. This in turn impacts their access to services.
Misrepresentation in data: The dependency of private services on government issued documents / government recorded data, and hierarchy among such documents/data and the continued misrepresentation of transgender people, impacts the big data generated by private service providers. Due to the stigma faced, many transgender persons avoid using public healthcare systems for other medical conditions. The heavy dependency on private health care and lower usage of public health systems, results in insufficient big data on transgender persons, created by both public and private medical care and hence cannot be used to design health related welfare services.
Social media data issues: Different websites and apps also use social media login as the ID verification mechanism. Since not all transgender persons are out to their family and friends about their gender identity, they often tend to have multiple social media accounts with different names and gender to protect their identity. When open about their gender identity, harassment and bullying of transgender persons with violent threats or sexually lucid remarks are quite common on social media platforms. Online privacy therefore continues to be a serious concern for them. Disclosing their transgender status also enables the system to predict user patterns of a vulnerable group with potential for abuse, note respondents.

In conclusion, the present global pandemic has further amplified the inherent flaws in the present data-driven welfare system in the country and its impacts on a marginalised population group like transgender persons in the country. Globally, gender in development data is seen in binary genders of male and female, leaving behind transgender individuals or those who do not identify with the gender of their assigned sex at birth. So the dominant binary gender data conversation is in fact leaving people behind. With the regressive Transgender Persons (Protection of Rights) Act of 2019 and its rules, this inadequacy in the global development agenda related to gender equality is felt at an amplified scale.

Building on the work of Dr. Usha Ramanathan, a renowned human rights activist, I say that data collection and monitoring systems that tag, track, and profile transgender persons placing them under surveillance, have consequences beyond the denial of services, and enter into the arena of criminalising for being beyond the binary [14]. The vulnerabilities of their gender identity exacerbates the threat to freedom. With their freedom threatened, expecting people to be forthcoming about self-identifying themselves in their preferred name and gender, so as to ensure that they are counted in data-driven development interventions and can thus access their constitutionally guaranteed rights, goes against the very idea of sustainable development and human rights.

References

[1] Kumar. V (2020, May 13). In Jharkhand, a Mockery of 'Right to Food' as Lockdown Relief Measures Fail to Deliver. The Wire. Retrieved from: https://thewire.in/food/lockdown-jharkhand-hunger-deaths-corruption-food

[2] Manoj. C.K. (2020, April 24). COVID-19: Thousands pushed to starvation due to faulty biometric system in Bihar. DownToEarth. Retrieved from: https://www.downtoearth.org.in/news/food/covid-19-thousands-pushed-to-starvation-due-to-faulty-biometric-system-in-bihar-70681

[3] G. Ram Mohan. (2020, May 01). Eviction Fear Heightens as Lockdown Signals Loss of Livelihood for Transgender People. The Wire. Retrieved from: https://thewire.in/rights/transgender-people-lockdown-coronavirus

[4] UN Statistics (2016). The Sustainable Development Goals Report 2016. United Nations Statistics. Retrieved from: https://unstats.un.org/sdgs/report/2016/leaving-no-one-behind

[5] Chakrabarti. A (2020, April 25). Visibly Invisible: The Plight Of Transgender Community Due To India's COVID-19 Lockdown. Outlook. Retrieved from: https://www.outlookindia.com/website/story/opinion-visibly-invisible-the-plight-of-transgender-community-due-to-indias-covid-19-lockdown/351468

[6] Knight Kyle. (2019, December 05). India’s Transgender Rights Law Isn’t Worth Celebrating. Human Rights Watch. Retrieved from: https://www.hrw.org/news/2019/12/06/indias-transgender-rights-law-isnt-worth-celebrating

[7] Dharmadhikari Sanyukta. (2019). Trans Bill 2019 passed in Lok Sabha: Why the trans community in India is rejecting it. The News Minute. August 05. Retrieved from: https://www.thenewsminute.com/article/trans-bill-2019-passed-lok-sabha-why-trans-community-india-rejecting-it-106695

[8] Editorial. (2018, December 20). Rights, revised: on the Transgender Persons Bill, 2018. The Hindu. Retrieved from: https://www.thehindu.com/opinion/editorial/rights-revised/article25783926.ece

[9] Ministry of Electronics and Information Technology, Government of India. (2018). National e-Governance Plan. Retrieved from: https://meity.gov.in/divisions/national-e-governance-plan

[10] Kerala Development Society. (2017, February). Study on Human Rights of Transgender as a Third Gender. Retrieved from: https://nhrc.nic.in/sites/default/files/Study_HR_transgender_03082018.pdf

[11] Verhulst, S. G., Young, A., Winowatan, M., & Zahuranec, A. J. (2019, October). Leveraging Private Data for Public Good: A Descriptive Analysis and Typology of Existing Practices. GovLab, Tandon School of Engineering, New York University. Retrieved from: https://datacollaboratives.org/static/files/existing-practices-report.pdf

[12] Kirkpatrick, R., & Vacarelu, F. (2018, December). A Decade of Leveraging Big Data for Sustainable Development. UN Chronicle, Vol. LV, Nos. 3 & 4. Retrieved from: https://unchronicle.un.org/article/decade-leveraging-big-data-sustainable-development

[13] See [11].

[14] Ramanathan. U. (2014, May 02). Biometrics Use for Social Protection Programmes in India Risk Violating Human Rights of the Poor. UNRISD. Retrieved from: http://www.unrisd.org/sp-hr-ramanathan

For more details visit http://editors.cis-india.org/raw/brindaalakshmi-k-gendering-development-data-india

Guest Report: Bridging the Concerns with Recommending Aarogya Setu

Siddharth Sonkar — 2020-06-24T05:19:43Z

Keywords: Aarogya Setu, Constitutionality, Digital Contact Tracing, Location Data, Personal Data Protection Bill, 2019, Exemptions, Personal Data, Sensitive Personal Data, Mosaic Theory, Surveillance, Privacy, Governing Law, Necessity, Intensity of Review, disparate Impact, Proportionality

This report was edited and reviewed by Arindrajit Basu, Mira Swaminathan, and Aman Nair.Read the full report here

EXECUTIVE SUMMARY

Aarogya Setu collects real-time location data of users every fifteen minutes to facilitate digital contact tracing during the Pandemic. It inter alia color-codes users indicating the extent of risk they pose based on their health status and predicts hotspots which are more susceptible to COVID-19. Its forecasts have reportedly facilitated the identification of 650 clusters of COVID-19 hotspots and predicting 300 emerging hotspots which may have been otherwise missed. In a welcome move, the source code of the application was recently made public. The initially-introduced mandate to use the application was reportedly diluted and a Protocol supplementing the privacy policy with additional safeguards was released. Despite these steps in the right direction, some key concerns continue to require alleviation through engagement. This Report seeks to constructively engage with these concerns towards making privacy safeguards governing its operability more consistent with international best practices.

First, the Report maps situations in which Aarogya Setu in fact remains mandatory (in Table 1) In these situations, there exists no restriction against private parties (e.g. employers, airlines, etc.) from indirectly making its use mandatory. Consequently, there is no real choice in determining the use of the application. Even where there exists a choice to opt-out (e.g. in contexts where there is only an advisory but no indirect mandate), the choice is not meaningful due to the inability to examine the potential consequences of using the apn remains mandatory for practical purposes since there still exists an obligation to undertake due diligence towards making sure that every employee uses the application. In other words, this part of the report explains why it remains indirectly mandatory to use the application. This indirect mandate impedes the exercise of meaningful consent. This could be addressed through a notification directing that no one should be indirectly compelled to use the application. This part also acknowledges that even where a choice to opt-out (e.g. in contexts where there is only an advisory but no indirect mandate), the choice is not meaningful due to the inability to examine the potential consequences of using the application.

Second, the report explains why the mandate to use the Application raises concerns in the first place: i.e. in the absence of transparency beyond the publication of the source code. The open-source code may not necessarily result in meaningful algorithmic transparency (since the processing in the models at the Government of India server continues to remain a black box) in respect of predictions made to determine appropriate health responses. Based on the source code per se, people are unable to verify the wherever there exists operability of the Application more meaningfully. Algorithmic transparency enables people to make an informed decision in using the Application by choice. The ability to make an informed decision is critical to the right to privacy. The right to privacy does not just mean drawing boundaries or creating limitations against any external interference. The right also includes the public’s right to know how an algorithm affects their lives. Given the centrality of transparency in the ability of the user to exercise their privacy better, beyond releasing the source code of Aarogya Setu, publicizing information about how predictions are made is important. This part acknowledges the limitations of transparency in that it can only facilitate identification of privacy harms and not really solve them by itself. Yet, it goes ahead and re-emphasises the inter-relationship of transparency and privacy, highlighting how it became a basis recently in striking down a government-used algorithm, which indicates incentive to increase transparency.

Third, the report reviews whether based on the already-available information from the combined reading of the privacy policy and the protocol, the operability of the application seems consistent with best international practices in protecting user privacy. This part begins with an analysis of the privacy policy and the protocol, which indicate privacy concerns in relation to inter alia location data, followed by an explanation as to why there exists a reasonable expectation of privacy over location data (to establish a privacy intrusion). This is followed by structurally applying the proportionality test to identify necessary modifications to the current framework:

The 'legality' prong may be satisfied by a combined reading of the NDMA and the specificity in the delegated legislation, as has been done in the past particularly in the context of location tracking. However, it is suggested (in the recommendations section) that a statutory legislation comprehensively governing the operability of the Application is introduced to ensure predictability and permanency in the framework governing the operability of the Application as done internationally. Moreover, determining appropriate health responses to the Pandemic is indeed a legitimate interest that is sought to be achieved through the application
Given the limitations of traditional methods of contact-tracing, digital contact tracing could perhaps be a suitable method of ascertaining appropriate health responses to the Pandemic subject to a comprehensive review of evidence on a regular basis to evaluate verifiably its effectiveness. Since the use of the application seems likely in the long run, its efficacy needs to be backed by concrete evidence which corroborates its accuracy and effectiveness such as statistical data on false positives and negatives that result from the application
A careful reading of the combined reading of the Aarogya Setu privacy policy and the Protocol with Fair Information Protection Principles (‘FIPP’) indicates some inconsistencies with international best practices. The extent of inconsistency with best practices may not be considered the least restrictive and therefore necessary form in which digital contact tracing can be conducted in India
Since the inconsistencies seem relatively more restrictive than necessary to facilitate digital contact tracing in India, a balancing of privacy and public health could result in the conclusion that the application is not ‘proportionate’ to the potential privacy harms that can result from using the application. While conducting the balancing exercise, privacy and public health should be viewed as complementary, not competing interests. This conception would encourage courts to consider privacy concerns with sufficient extent of intensity

Based on this analysis, the report concludes that digital contact tracing provided the following conditions (detailed in the ‘Recommendations’ section) are conjunctively satisfied:

Digital contact tracing should supplement (e.g. be in addition to) and not supplant (i.e. replace) traditional methods of contact tracing entirely, particularly for vulnerable groups (e.g. interviews where vulnerable groups, particularly marginalized women do not have access to mobile phones);
A statutory law should be introduced which strictly and comprehensively governs the scope of the application,
the suitability of the application (with meaningful algorithmic transparency) should be corroborated by reliable and relevant statistical evidence (e.g. with the help of closer scrutiny of the basis of predictive outcomes) and
The privacy compromises using the application should be intrusive to the minimum extent possible. This could be done by further adding robust safeguards through stronger restrictions on sharing the collected data

(Final year undergraduate student of the National University of Juridical Sciences (NUJS), Kolkata with a sustained interest in law, technology and policy (graduating with the class of 2020).

For more details visit http://editors.cis-india.org/internet-governance/guest-report-bridging-the-concerns-with-recommending-aarogya-setu

Unlock = Open, not Choked!

Shyam Ponappa — 2020-06-15T03:04:18Z

Don't let a virus stall initiatives and weaken the economy.

This article first appeared in the Business Standard and on June 4, 2020.

A recent column in this newspaper juxtaposed the way smart, experienced people have high expectations, only to be disappointed by our weak state’s predictable failures (Strong expectations from a weak state, May 25). Is there justification for any optimism, or at least hope? Here is an exploration of reasons for persisting in the face of continued odds, and pushing for economic recovery. Why should one persist with constructive efforts? Because a rising tide lifts all boats, and one’s contribution can affect outcomes. And because attempts at partial opening will not suffice.

There could be new economic opportunities by way of capacity, logistics or markets, or a wider array of sustainable consumer choices, whether for manufactured goods, services, or activities. Think back, and surely you have witnessed government action extend beyond the grind of just keeping everything going.

One instance of major change that affected the economy was in 1990, when the secretary of the Department of Electronics N Vittal worked in close consultation with industry. This resulted in path-breaking reforms, such as the setting up of “high-speed” links (of a mere 64 kilobits per second at the time) between Information Technology (IT) companies in Indian software technology parks and their international clients, and various tax incentives that followed much later. The offshore services industry gathered strength, and later expanded to cover IT-enabled services with call centres and business processing, extending to knowledge processing.

Likewise, telecommunications reforms began in 1990, when prime minister Chandra Shekhar led a shaky government for a brief period. The telecommunications ministry was looking for a private sector consultant. Through an invisible network, an investment banker who had been a management consultant in San Francisco was asked to look into telecommunications reforms. This led to the setting up of the Athreya Committee and its recommendations: On separating policy-making from operations, corporatising the Mahanagar Telephone Nigam as an operating company for Delhi and Mumbai, and Bharat Sanchar Nigam for the rest, while recommending access to private sector operators. All this was not smooth and painless, and took years, but did happen eventually, although the separation remains untidy.

By 1998, telecommunications operators were in a situation similar to the predicament some months ago, of weak revenues and a debt overhang, with some differences. There were many operators with heavy debt because of government charges and limited revenue generation capacity, because of smaller networks and less clients. This is the “winners’ curse” of auctions, when exorbitant amounts are paid to government for auctions, with nothing left for building and running networks and enterprises to generate the revenues to justify those payments. There are exceptions, as in the social democrat Nordic states, or state-controlled allocations as in China, or in Japan for a number of years.

Key people in government grasped this. The Prime Minister’s Office consulted with industry and external consultants, and took action. This resulted in the New Telecom Policy 1999 (NTP-99), whereby the major change was converting up-front licence fees to revenue sharing, although the policy was uneven because of cherry-picked recommendations. Initially, the government set the percentage share too high. It took years to reduce and trigger rapid growth. This came about through reduced government charges, calling party pays (which cut call costs), and a price war, brought on by the stealth entry of a new technology (CDMA) network, which the authorities allowed despite incumbent protests. Mobile services then grew exponentially from 2004, until the 2G spectrum scam surfaced in 2011.

A stream of articles advocated extending revenue-sharing to spectrum fees as for licence fees, and for shared infrastructure including spectrum. In 2011, a senior official in the DoT was sufficiently impressed to explore the possibility of evaluating alternatives using simulation models. But the 2G scam broke after the first few meetings of DoT officials, and this process was aborted. Instead of major changes based on simulations, a mere statement of intent about spectrum pooling and sharing made it into NTP-2012.

There were other incredible developments, although with no apparent results (yet). For instance, in 2013, a non-governmental organisation, the Centre for Internet and Society in Bengaluru, arranged for the former chief technology officer of the US Federal Communications Commission, Jon Peha, who had pioneered changes in America, to meet with top officials of the DoT, the Telecom Regulatory Authority of India, and some IIT professors. The latter conducted successful trials using TV White Space spectrum for the Ministry of Electronics and Information Technology. The details are many, but the point is that constructive advocacy can have an impact.

Reviving the Economy Now

We are in a difficult situation, with our economy and society battered by the lockdown and much else. We will need to do everything possible to recover, and it will take years. Attempts at partial opening will not suffice. Systemic revival calls for unrestricted flows of money, people, activity, and goods and services.

While reactivating the economy, we will need to be cautious through the pandemic (through “social distancing”, using masks to reduce infection, avoiding close contact with outsiders, and so on). But survivors have to live with this virus, as with other strains of viruses and bacteria, and other threats.

Consider traffic accidents, which average over 145,000 deaths annually (data 2013-2017: https://ncrb.gov.in/sites/default/files/chapter-1A-traffic-accidents-2017_0.pdf). Extrapolating, this means a million fatalities in seven years, yet we don’t shut down all traffic. By comparison, Covid-19 had about 6,000 fatalities since January.

A proportion of the medical fraternity opines that (a) there is community spread of Covid-19, and (b) with many cases milder than the expected severity, that most patients need home care rather than hospitalisation. If these continue, our health systems will not be overwhelmed with severe cases. Also, so far, India has had a relatively low fatality rate of 2.8 per cent (see chart).

Source: Data - https://ourworldindata.org/coronavirus

As long as these factors hold, our priority has to be unfettered economic activity. Countries with higher fatality rates, including Sweden, China, Japan and Germany in the chart, have open economic activity (with tremendous productivity). We will weaken and our problems will escalate if we are held back.

For more details visit http://editors.cis-india.org/telecom/blog/unlock-open-not-choked

The debate over internet governance and cyber crimes: West vs the rest?

Elizabeth Dominic — 2020-06-08T07:04:26Z

The post looks at the two models proposed for internet governance and the role of cyber crimes in shaping the debate. In this context, it will also critically analyze the Budapest Convention (the “convention”) and the recently proposed Russian Resolution (the “resolution”), and the strategies adopted in each to deal with the menace of cybercrimes. It will also briefly discuss India’s stances on these issues.

With Internet connectivity and use of technology rising exponentially, the tug of war over Internet governance continues. On one end are the states advocating for a global, open and free model of the Internet, dubbed as the ‘Western model’, spearheaded by the U.S. and its allies. On the other end are a cluster of states led by China and Russia, advocating for a sovereign and controlled version of the internet, a ‘Leviathan model’. Although the idea of an Internet embodying the principles of equality, openness and multistakeholderism sounds appealing, the rise of new trends including cyber crimes and online misinformation poses a challenge to this model making it arduous, if not impossible, to pick one model over the other.

The post will briefly explore the two models proposed for Internet governance and the role of cybercrimes in shaping the debate. In this context, it will also critically analyze the Budapest Convention (the “convention”) and the recently proposed Russian Resolution (the “resolution”), and the strategies adopted in each to deal with the menace of cybercrimes. It will also briefly discuss India’s stance on the convention.

Two Models and Three Parties

Since the evolution of the Internet, its stewards have been expounding a global internet embodying features such as statelessness, openness, interoperability, security, and multistakeholderism. Known as the Western model of internet governance, it has been embraced by many states including UK, France. The model is premised on the idea that the internet should be a space where there is free flow of content without filtering by any intervening party including the state, thereby upholding the freedom of speech and human rights. However since the potential to cause harm in cyberspace is real, the states cannot leave the domain ungoverned. Therefore, the proponents of the Western model do exercise some degree of sovereignty over cyberspace within their borders but it is largely in contrast to the tight control exercised by the statist and controlled model, spearheaded by China and Russia. The latter model advocates for a closed version of the internet bound by territorial borders along with authoritarian control over the flow of information.

Interestingly, not every state can be easily categorized into either of these groups. Some states either lack the capacity or an interest to implement one of the model. Tim Maurer et al. in a seminal paper identifies such states as the “swing states”. They are undecided on either of the models but have the capacity to influence global conversations due to their mixed political orientations and resources. Swing states and the influence they wield in shaping the trajectory of the international process is not the focus of this post but will be explored in a future blog post.

Cyber Crime: The Menace of Internet Era

While the internet has huge potential to enable development of states on many fronts, it can also be used for criminal purposes. Cybercrime is one of the most daunting challenges of the internet era. Technological advancements that enable unique features like anonymity in cyberspace make cybercrimes less risky with the potential to provide high returns, making it all the more appealing to various actors. The growing number of internet users and connected devices increases the number of possible targets. Examples include Stuxnet, a malware that targeted the Iranian nuclear facility, and Wannacry, a ransomware attack that affected computers worldwide. In 2018, the Chief of United Nations Office on Drugs and Crime (UNODC) pointed out that cyber crimes are estimated to generate revenue of approximately $1.5trillion per year. Despite cyber crimes proliferating rapidly, law enforcement agencies have not been able to keep up the pace resulting in an enforcement gap. The transnational nature of cyber crimes is one of the major difficulties faced by them. Due to its global nature, cyberspace provides a platform for criminals to commit crimes out of one state, which could have the potential to affect multiple victims in different states. This means investigations of such crimes involve questions of extra territorial jurisdictions and increased cooperation between authorities of different states, creating various complications. This, coupled with diverse types of actors such as states, non-state actors, and groups hired by either of the two further complicates the issue at hand.

The Convention on Cybercrime of the Council of Europe, known as the Budapest Convention, is the only international instrument currently in place that addresses the issue of cyber crime. Recognizing the paramount need for combating crimes, it criminalizes conduct that affects the “confidentiality, integrity, and availability of computer systems, networks, and computer data”. It covers a diverse rangeof issues ranging from illegal access, computer related fraud to child pornography. Furthermore, it serves as an instrument that facilitates greater cooperation among states to enable better detection, investigation, and prosecution of cyber crimes.

The wide division of opinions on internet governance is also mirrored in the debate on how to effectively tackle the issue of cybercrime. This led to a recent development in last year’s General Assembly in the form of a Russian-led resolution on cybercrime. The resolution proposes the establishment of a committee of experts to draft a new cybercrime treaty that would replace the convention. Considering the fact that Russia has been a strong advocate of a Leviathan model of internet, the proposed treaty would in most likelihood embrace principles of sovereignty and non-interference while dealing with cyber crimes.

With the resolution passing the final vote at the UN General Assembly, the proponents of the convention are met with a time bound challenge to come up with innovative approaches to convince more states to join their side.

The Budapest Convention v. The Russian Resolution

The Budapest Convention has met with multiple criticisms, the major one being that it is a West drafted treaty with hardly any involvement of the developing countries. It’s also argued that as the treaty is almost two decades old, its provisions are too outdated to deal with evolving crimes. Furthermore, it is criticized for the vagueness of some of its provisions, which allow governments to bifurcate their obligations, and thereby hinders the effective implementation of the treaty. For example, the MLA regime of the treaty is often cited as ineffective as it does not command firm cooperation from parties by providing them grounds to refuse the same.

Despite being imperfect, a realistic analysis of the convention would reveal that it is the best instrument at hand to deal with cyber crimes. The convention, establishing common standards for its signatories, along with the Cybercrime Convention Committee (the “Committee”) that oversees its implementation and Programme Office on Cyber Crime (the “C-PROC”) dedicated towards capacity building, provides a dynamic framework for effectively tackling cybercrimes. The Committee ensures that the convention is adapted to address evolving crimes such as denial of service attacks and identity thefts, which did not exist at the time the convention was adopted, by issuing guidance notes and draft protocols. Similarly on the issue of procedural law, despite new developments such as cloud servers, the Committee is actively working on addressing the complicated challenges posed by it. It has proposed an additional protocol to specifically deal with access to evidence in the cloud by facilitating more efficient mutual legal assistance amongst the signatories and direct cooperation with service providers, while striking a balance between rule of law and human rights. The protocol if adopted would not only aid in the law enforcement process but would also have a major impact on how the international community perceives sovereignty in cyberspace. Furthermore, The C-PROC through its various capacity building initiatives such as strengthening of the legislations along the lines of rule of law and human rights, training of relevant authorities, promotion of public-private partnerships and international cooperation strengthens the ability of states to deal with cyber crimes.

While the international community is unable to arrive at a consensus on internet governance, with neither conglomerate of states acceding to the demands of the other, renewing global diplomatic negotiations on it might seem to be the best step. However a look at Russia’s resolution and its draft cyber crime convention would indicate that it might not be the appropriate solution to the problem at hand. The resolution as well as the draft convention, which is supposed to serve as a framework for the treaty, are drafted without due regard for human rights concerns. A mere reference to human rights, requiring use of ICTs to be in compliance with human rights and fundamental freedoms, is insufficient to safeguard it while combating cyber crimes. Primarily, the language used in the resolution is vague.It fails to define “use of information and communication technologies for criminal purposes". It mentions both cyber enabled crimes such as use of ICTs for trafficking as well as cyber crimes that could detrimentally affect “critical infrastructures of states and enterprises” and “well-being of individuals”. Such broad wording is highly problematic as it vests immense powers at the hands of the state to criminalize even ordinary online behaviour that is detrimental to its interests. In fact, such practices are already in existence around the world where we see governments clamping down on human rights activists, journalists, and civil society for expressing their opinions that are critical of the government in the online space. Numerous examples of such authoritarian actions include internet shutdowns, blocking of websites, which have become the trend around the world. While legislations curbing cyber crimes are quintessential to ensure a safe and secure cyberspace, arbitrary use of it, as is widely observed, today can have chilling effects on exercising rights in the online domain. Furthermore, combating a complex issue like cyber crime, which involves questions of technicalities, laws, and human rights, requires concerted efforts from various stakeholders including civil society and private sector. It is only through such multistakeholder endeavors that we can curb the use of ICTs for criminal purposes without hindering human rights. Therefore an ad hoc intergovernmental group of experts, as proposed by the resolution, is not the appropriate body to develop an international treaty on cyber crimes.

In short, the resolution and the draft convention are proposing a Leviathan model vesting state with excessive control over the internet. In practice, it would bear resemblance to the “sovereign internet law” of Russia and the “Golden Shield Project” of China. Such models are widely criticized for eschewing democratic principles in the name of ensuring security of the state from cyber attacks. For instance, the “sovereign internet law” mandates installation of technical equipments for counteracting threats to stability, security, and functional integrity of the internet.” The law, therefore, allows the government to prevent any communication that challenges its interests. A past attempt by the Russian government to block Telegram, is an example of the same. Furthermore, in the event of a “threat”, the law provides for routing of traffic solely through networks located within Russia, thereby allowing isolation of the national network and centralized control over it by the state. It paves the way for creation of digital borders, premised on the principle of state sovereignty. The “Great Firewall of China”, a part of the “Golden Shield Project”, is the most appropriate depiction of internet sovereignty. The Firewall serves as a system of surveillance that vests the government with complete control over all incoming and outgoing information over the Chinese networks. Any new domain has to obtain prior approval from the government before becoming accessible on the Chinese internet. When it comes to the question of human rights, a mere search for the term “democracy” in a search engine is blocked. The resolution by leaving the question of what amounts to use of ICTs for criminal purposes open-ended creates the danger of exercising of similar excessive powers by the states that could impinge upon fundamental human rights. The draft convention already incorporates the principle of state sovereignty. If adopted, it comes with the risk of us seeing the likes of Chinese model of the internet in greater numbers.

The convention is not perfect but we should be realistic and not expect one treaty to solve all problems at a go. The convention, coupled with its follow-up and capacity-building mechanisms are making positive developments in addressing evolving cyber threats while promoting a global and open internet . With as many as 65 parties and many using it as the model for their national cyber crime legislation, a new treaty to address cyber crimes pose the risk of hindering the developments made by the convention so far especially in the international cooperation front. Concerted efforts to improvise the convention are more practical than developing a new international framework, especially when the probability of reaching a consensus is almost nil.

India and the Budapest Convention: To Ratify or Not

Despite cybersecurity being a major concern and occupying a central place in its overall internet governance policy, India has surprisingly not yet become a party to the convention. It has even amended its Informational Technology Act, 2008 along the lines of the convention. India’s reluctance to sign, notwithstanding the convention’s potential to aid it in addressing its concerns in the cyber front especially with regard to jurisdictional issues while tackling cyber crimes, warrants an analysis.

One of the widely cited reasons for the reluctance is the non-inclusion of India and other developing countries in the drafting stage. However choosing to stand on the sidelines merely because of non-inclusion in the initial negotiations might not be the wisest move especially since the convention addresses matters that are of extreme importance to India. Ratifying the treaty even at a later stage would still enable it to participate in further evolution of the convention, which could outweigh this concern. Another major concern for India is that terrorism, considering how cyberspace has enlarged its scope and reach, does not find any mention in the substantive law of the convention. However the procedural provisions of the convention apply to any criminal offence committed with the aid of a computer, including terrorism. But it is often argued that the MLA regime is not sufficiently firm to facilitate cooperation. While it is true that the process has to be made more efficient, the Committee along with the Cloud Evidence Group is actively working on addressing its shortcomings. Finally, controversial provision-Ar.32, on cross border access to data- is also a cause for concern for India. The Guidance Notes issued by the Committee, however, clarifies the limited scope of the article thereby addressing the privacy and data protection concerns raised against it.

The convention is still evolving and is constantly being reviewed to make it more effective. Therefore India has to ask itself the question whether it wants to stand on the sidelines and observe the developments or if it should partake in shaping its progress. Currently, it is the only instrument in place that provides a legal framework for facilitating cooperation on cyber crime investigations amongst various jurisdictions. Considering that India has already embarked on a “Digital India” initiative, which in most likelihood will be accompanied by a spike in cyber crimes, it is the need of the hour to ratify the convention.

Elizabeth Dominic is a lawyer and a tech-policy researcher. Her work focuses on the intersection of law and technology and human rights, particularly on the applicability of current international legal frameworks to cyberspace and emerging technologies. Previously, she has worked at the Centre for Communication Governance and at IT for Change.

This post was reviewed and edited by Aman Nair,Amber Sinha and Arindrajit Basu

For more details visit http://editors.cis-india.org/internet-governance/blog/the-debate-over-internet-governance-and-cyber-crimes-west-vs-the-rest

CIS_BD4D_Guideline04_PT+PB_BigDataAIEthicsReview_ExtendedNotes PDF

pranav — 2020-05-19T10:58:54Z

For more details visit http://editors.cis-india.org/raw/bd4d-guideline-documents/ExtendedNotes

CIS_BD4D_Guideline03_AS+PT_BigDataAIEthicsReview_SummaryNotes PDF

pranav — 2020-05-19T10:57:00Z

For more details visit http://editors.cis-india.org/raw/bd4d-guideline-documents/AIEthicsReview

‘Future of Work’ in India’s IT/IT-eS Sector pdf

pranav — 2020-04-28T09:52:19Z

For more details visit http://editors.cis-india.org/internet-governance/2018future-of-work2019-in-india2019s-it-it-es-sector-pdf

India’s ‘Self-Goal’ in Telecom

Shyam Ponappa — 2020-04-09T07:18:26Z

This post was first published in the Business Standard, on March 5, 2020.

The government apparently cannot resolve the problems in telecommunications. Why? Because the authorities are trying to balance the Supreme Court order on Adjusted Gross Revenue (AGR), with keeping the telecom sector healthy, while safeguarding consumer interest. These irreconcilable differences have arisen because both the United Progressive Alliance and the National Democratic Alliance governments prosecuted unreasonable claims for 15 years, despite adverse rulings! This imagined “impossible trinity” is an entirely self-created conflation.
If only the authorities focused on what they can do for India’s real needs instead of tilting at windmills, we’d fare better. Now, we are close to a collapse in communications that would impede many sectors, compound the problem of non-performing assets (NPAs), demoralise bankers, increase unemployment, and reduce investment, adding to our economic and social problems.
Is resolving the telecom crisis central to the public interest? Yes, because people need good infrastructure to use time, money, material, and mindshare effectively and efficiently, with minimal degradation of their environment, whether for productive purposes or for leisure. Systems that deliver water, sanitation, energy, transport and communications support all these activities. Nothing matches the transformation brought about by communications in India from 2004 to 2011 in our complex socio-economic terrain and demography. Its potential is still vast, limited only by our imagination and capacity for convergent action. Yet, the government’s dysfunctional approach to communications is in stark contrast to the constructive approach to make rail operations viable for private operators.
India’s interests are best served if people get the services they need for productivity and wellbeing with ease, at reasonable prices. This is why it is important for government and people to understand and work towards establishing good infrastructure.

What the Government Can Do

An absolute prerequisite is for all branches of government (legislative, executive, and judicial), the press and media, and society, to recognise that all of us must strive together to conceptualise and achieve good infrastructure. It is not “somebody else’s job”, and certainly not just the Department of Telecommunications’ (DoT’s). The latter cannot do it alone, or even take the lead, because the steps required far exceed its ambit.

Act Quickly

These actions are needed immediately:

First, annul the AGR demand using whatever legal means are available. For instance, the operators could file an appeal, and the government could settle out of court, renouncing the suit, accepting the Telecom Disputes Settlement and Appellate Tribunal (TDSAT) ruling of 2015 on AGR.

Second, issue an appropriate ordinance that rescinds all extended claims. Follow up with the requisite legislation, working across political lines for consensus in the national interest.

Third, take action to organise and deliver communications services effectively and efficiently to as many people as possible. The following steps will help build and maintain more extensive networks with good services, reasonable prices, and more government revenues.

Enable Spectrum Usage on Feasible Terms

Wireless regulations

It is infeasible for fibre or cable to reach most people in India, compared with wireless alternatives. Realistically, the extension of connectivity beyond the nearest fibre termination point is through wireless middle-mile connections, and Wi-Fi for most last-mile links. The technology is available, and administrative decisions together with appropriate legislation can enable the use of spectrum immediately in 60GHz, 70-80GHz, and below 700MHz bands to be used by authorised operators for wireless connectivity. The first two bands are useful for high-capacity short and medium distance hops, while the third is for up to 10 km hops. The DoT can follow its own precedent set in October 2018 for 5GHz for Wi-Fi, i.e., use the US Federal Communications Commission regulations as a model.1 The one change needed is an adaptation to our circumstances that restricts their use to authorised operators for the middle-mile instead of open access, because of the spectrum payments made by operators. Policies in the public interest allowing spectrum use without auctions do not contravene Supreme Court orders.

Policies: Revenue sharing for spectrum

A second requirement is for all licensed spectrum to be paid for as a share of revenues based on usage as for licence fees, in lieu of auction payments. Legislation to this effect can ensure that spectrum for communications is either paid through revenue sharing for actual use, or is open access for all Wi-Fi bands. The restricted middle-mile use mentioned above can be charged at minimal administrative costs for management through geo-location databases to avoid interference. In the past, revenue-sharing has earned much more than up-front fees in India, and rejuvenated communications.2 There are two additional reasons for revenue sharing. One is the need to manufacture a significant proportion of equipment with Indian IPR or value-added, to not have to rely as much as we do on imports. This is critical for achieving a better balance-of-payments, and for strategic considerations. The second is to enable local talent to design and develop solutions for devices for local as well as global markets, which is denied because it is virtually impossible for them to access spectrum, no matter what the stated policies might claim.

Policies and Organisation for Infrastructure Sharing

Further, the government needs to actively facilitate shared infrastructure with policies and legislation. One way is through consortiums for network development and management, charging for usage by authorised operators. At least two consortiums that provide access for a fee, with government’s minority participation in both for security and the public interest, can ensure competition for quality and pricing. Authorised service providers could pay according to usage.
Press reports of a consortium approach to 5G where operators pay as before and the government “contributes” spectrum reflect seriously flawed thinking.3 Such extractive payments with no funds left for network development and service provision only support an illusion that genuine efforts are being made to the ill-informed, who simultaneously rejoice in the idea of free services while acclaiming high government charges (the two are obviously not compatible).
Instead of tilting at windmills that do not serve people’s needs while beggaring their prospects, commitment to our collective interests requires implementing what can be done with competence and integrity.

Shyam (no space) Ponappa at gmail dot com
1. https://dot.gov.in/sites/default/files/2018_10_29%20DCC.pdf
2. http://organizing-india.blogspot.in/2016/04/ breakthroughs- needed-for-digital-india.html
3. https://www.business-standard.com/article/economy-policy/govt-considering-spv-with-5g-sweetener-as-solution-to-telecom-crisis-120012300302_1.html

For more details visit http://editors.cis-india.org/internet-governance/indias-self-goal-in-telecom

Programme Associate (Communications)

gurshabad — 2020-08-09T13:51:27Z

The Centre for Internet & Society (CIS) is seeking applications for the position of Programme Associate (Communications), to support its Access to Knowledge (CIS-A2K) Programme. In keeping with efforts within the larger Wikimedia movement in encouraging an inclusive workplace and addressing issues of gender disparity This position is presently open only to applicants who identify as women.

Context of the CIS-A2K programme

As an affiliate of the Wikimedia Foundation, the nonprofit behind Wikipedia and it’s sister projects, we design and implement different initiatives with an aim to create high-quality content and bring new contributors to Wikimedia projects in Indian languages. The initiatives are premised on various themes and seek to create a multilingual repository of knowledge using Wikimedia projects as a platform. You are encouraged to carefully read through the CIS-A2K work plan before making the application. You will work cohesively with the Wikimedia community and the Wikimedia India communities to meet the specific goals of each language community in India. You will be a part of a small team of 5 to 10 members doing high visibility and high impact work. Please learn more about CIS-A2K here.

Position Summary

As Programme Associate, your job will be to support the Team’s larger goals -- growth of Indian language Wikipedias, other Wikimedia projects and the contributor communities. Your primary responsibility will be to support the Programme Associates -- that spearhead our on-ground programmatic activities -- with regular communication with the community and the outside world.

Responsibilities

Storytelling and all other forms of of communication-related responsibilities are two major focus areas of this job. You will explore conventional to new media to share the stories of the many of volunteers that make Wikipedia and Wikimedia projects such great knowledge repositories
Creating original stories of challenges and success of the Indian language Wikimedia communities, including the ones that we closely work with Being the interface between A2K team and the community and lead different kinds of communications activities
Sharing the work of the community and A2k team in a regular manner through print media, newsletters, social media, mailing list updates, blog posts etc., including timely announcement of programme activities on these platforms
Providing training on effective communications to the communities on a need basis and enabling them to independently tell their own stories in their own languages
Support with writing, review and editing of the annual work plan and reports of the programme
Interviewing Wikimedians under the ambit of the WikipediansSpeak project and beyond, and share the story of the Wikimedia community widely in the media

Required skills

Good communication skill in writing and speaking, which will be required for correspondence, blog, report etc writing
Experience of blog post, report etc writing
Prior experience of working in a collaborative community, preferably online.
Strong understanding of the internet and work of the Wikimedia movement.
Active participation as a Wikimedia volunteer would be an asset, though not a prerequisite. Demonstrated experience working in a global, multi-cultural team environment.
Must be fluent in English and at least one Indian language.
A good understanding of the cultural and knowledge universe of one Indian language will be an added advantage.
Ability to integrate with and understand the complexity of the Indian Wikimedia community.
Prior experience/ knowledge in working with social media for professional communication would be an added advantage.
Prior experience/knowledge in liasioning with conventional print/broadcast media would be an added advantage.

Characteristics of the Programme Associate

High level of commitment: The Programme Associate should believe in the values of CIS and Wikimedia projects, exude enthusiasm for the mission and can powerfully embody and communicate the mission.
Intellectual curiosity and flexibility: Must enjoy tackling difficult, ambiguous problems and able to incorporate new knowledge into how one approaches situations and generates solutions, loves learning from others while expanding intellectual horizons.
Open and transparent: Have a high level of integrity and be comfortable working in a highly transparent fashion, open to input and feedback, a proactive and candid communicator who isn't afraid to bring others in when things are off-track or when they need help and should be able to handle criticism in a mature fashion.
Community builder: It is essential that the Programme Associate sees themself as a partner to and supporter of the Wikimedians who have and will continue to be the leaders in building the Wikimedia projects. The Programme Associate must be willing and able to work with a diverse array of people, many of whom come from non-traditional backgrounds and have a fervent commitment to Wikimedia movement’s community-led nature.
Strong cultural competency: Able to navigate in a global movement and on a global team in addition to navigating the complexity of India.

Location: Candidate willing to work from CIS’s Bangalore office will be preferred. Remote working option may be considered for experienced Wikimedians

Remuneration: Compensation structure will be determined by the level of expertise, experience and current remuneration.

Do not send anymore application now. the last date is over
To apply, please send your resume to Tito Dutta (tito+comm@cis-india.org) and cover letter by 21 May 2020 (applications must be submitted with cover later before 21 May 11:59:00 IST, please ensure to apply through email only).

For more details visit http://editors.cis-india.org/jobs/programme-associate-communications

Programme Associate (Graphic designer)

gurshabad — 2020-05-12T16:01:42Z

The Centre for Internet & Society (CIS) is seeking applications for the position of Programme Associate (Graphic designer), to support its Access to Knowledge (CIS-A2K) Programme. In keeping with efforts within the larger Wikimedia movement in encouraging an inclusive workplace and addressing issues of gender disparity Women applicants are encouraged for this position, however this position for anyone to apply.

Context of the CIS-A2K programme

Position summary

CIS-A2K is looking for an ideal candidate who will help the program as a graphic designer, the work will include creating and preparing graphic content such as images, media files etc related to the A2K programme. This will be a full-time position, based at the CIS office in Bengaluru. and. The designation will be Programme Associate (PA)

Responsibilities

Creating images, posters, banners, infographics, and other promotional materials for events and announcements, which will be circulated on social media channels and used in reports.
Strategising and designing reports (progress reports, impact reports, and proposal forms), and newsletters, to make them more accessible.
Helping and working with Wikimedia community members to create relevant visual content.
Developing illustrations, logos, and other graphic material digitally or by hand.

Required skills

Proven experience with graphic design (note related education qualification is a plus, but not mandatory)
A strong portfolio of illustrations and visual communication material
The person must have good experience in creating and preparing graphic content using design software like Adobe Creative Suite, Inkscape, and GIMP (free software usage experience will be preferable)
Relevant degree holders will be given preference.
Prior knowledge of working with open knowledge or open-source community will be a plus.
Candidates who are part of the Wikimedia community, or who have experience in contributing to Wikimedia projects will be given preference.
Ability to work methodically and meet deadlines.

Location: The position is based out of the CIS’s Bangalore office.
Remuneration: Compensation structure will be determined by the level of expertise, experience and current remuneration.
To apply, please send your resume and cover letter to Tito Dutta (tito+gd@cis-india.org) by 24 May 2020 11:59 pm IST (applications won't be accepted after the deadline)

Please do not miss the +gd part in the email, that is an email filter for us)

For more details visit http://editors.cis-india.org/jobs/programme-associate-graphic-designer