Centre for Internet and Society

De facebook

praskrishna — 2011-04-02T13:41:13Z

Facebook used to be our playground but privacy concerns are now souring that fantasy. Why do we trust a clutch of new corporations with such phenomenal amounts of personal data?

The age of privacy is over, Facebook’s fresh-faced founder and CEO Mark Zuckerberg declared a couple of months back. Social norms have shifted. We are now used to living out loud. “When I got started in my dorm room at Harvard, the question a lot of people asked was, ‘Why would I want to put any information on the internet at all? Why would I want to have a website?’” he said.

That paranoid past is behind us, claimed Zuckerberg, justifying Facebook’s controversial new decision to fling open the curtains and make maximum visibility the new normal. “In the last five or six years, blogging has taken off in a huge way, and (there are) just all these different services that have people sharing all this information,” he said.

In other words, get over the stage fright. Everyone else is out there over-sharing, arguing, preening, and generally acting out online.

In June last year, Facebook sneaked in a feature called the Everyone update. This makes it much like Twitter, and also allows it to share with and sell information to search engines like Google, Bing or Yahoo. “Facebook’s privacy changes are relevant as it tries to compete with real-time search on platforms like Twitter. It does give you an option to work around that though I am certain the whole process of setting privacy preferences could be a lot more intuitive,” says Sidharth Rao, digital industry watcher and CEO of internet marketing firm Webchutney.

On the surface, the new Facebook settings are better and much more malleable, if you can figure out how to work them — you can now choose, per post, what you want different sets of people to see. They have eliminated regional networks which would unwittingly expose you to an entire city sometimes (meaning that not everyone who is on the Delhi network, say, has automatic access to your information if you are in Delhi). But on the other hand, the default setting that Facebook recommends is deeply problematic. You, your profile picture, current city, gender, networks, and the pages that you are a “fan” of are all “publicly available information”. Earlier, you could make sure only your friends saw the rest of your friends — now, that option no longer exists as a setting.

Wasn’t privacy once a Facebook fundamental? Unlike the seedier environments of Orkut or Myspace, Facebook grew out of a small Harvard community, expanded to cover other East Coast schools, then conquered companies and countries. In September 2006, Facebook opened registration to anyone with an email address. But it was extremely cautious about how it engineered interaction. In essence, you were meant to socialise with people you already knew.

“It felt safer. It wasn’t about random people sending you scraps and stalking you, like on Orkut or whatever. Facebook reflected my real world. It kept you loosely, comfortably connected to so many people”, says Nomita Sawhney, a young Delhi-based architect. Unlike the threat of cyberstalking, intimidation, and impersonation that stalk less selective networks, Facebook remained clear of what media scholar Danah Boyd calls ‘stranger danger’. Only two years back, Zuckerberg told tech blogger Marshall Kirkpatrick that privacy “is the vector around which Facebook operates”.

I Like To Watch

Why are these changes such a big deal? Zuckerberg’s claim about privacy rings true for most unself-conscious Facebookers. After all, only recently, bra colour status updates were the big buzz on Facebook, ostensibly in support of breast cancer awareness. Now, it’s doppelganger week, where you tell the world what celebrity you most resemble. You can take dippy quizzes, remember birthdays, discuss the news, giggle over pictures. Grim warnings about corporate avarice and government spying sound faintly ridiculous in this pleasant context.

Social networks and blogs have certainly reconfigured privacy. Anyone who’s spent time on Facebook knows the impulse to meander through the pages and pictures of people in that amorphous category called ‘friends of friends’. In just a few years, we have got used to the thought that our lives are externalised and sprawled out for near-strangers to see.

In fact, Facebook is now the largest photo site in the world. When you join Facebook, under its Terms of Service, you give it a “license” (that is, legal permission) to use your content “on or in connection with the Facebook Service or the promotion thereof.” It takes some effort to realise how recent all this is, that it’s still a great unfolding experiment, and that we are granting these companies fabulous power.
In his recent book, The Peep Diaries: How We’re Learning to Love Watching Ourselves and Our Neighbors, cultural critic Hal Niedzviecki describes the digital glasshouse: “Peep culture is reality TV, YouTube, Twitter, Flickr, MySpace and Facebook. It’s blogs, chat rooms, amateur porn sites, virally spread digital movies of a fat kid pretending to be a Jedi Knight, cell phone photos — posted online — of your drunk friend making out with her ex-boyfriend, and citizen surveillance. Peep is the backbone of Web 2.0 and the engine of corporate and government data mining.”

Web 2.0 was the clunky name for a whole range of liberating personal expression platforms — from Flickr and Youtube to Livejournal and Facebook. These companies provide the space and you bring the party. They encourage you to feel right at home and treat these platforms like your lounge, confessional or salon. Meanwhile, they also collect and refine data about you, and often wield it without your awareness.
In its over-eagerness, Facebook has blundered into several privacy minefields before this—when it first introduced Newsfeed, pushing a steady stream of your friends’ status updates at you, it embarrassed and annoyed many. Boyd compared it to the experience of shouting to be heard at a party, when the music abruptly stops and everyone else can suddenly hear your careless small talk. Of course, it turns out Zuckerberg was right when he told users to “calm down and breathe”, and Newsfeed has been naturalised into the Facebook experience. Another, more scarring experience was Beacon — its attempt to track what users in the US bought on partner sites — and tell on them to their friends. After an avalanche of protests, Facebook backed down and modified the ad platform. It even employs a chief privacy officer to address our fears.

In the early days, Facebook generated awkwardness because it didn’t respect context — the fact that you wear and cast off selves depending on who you’re interacting with, your crazy roommate or your conservative grand-aunt who decided to befriend you online. “It is the problem that arises when worlds collide, when norms get caught in the crossfire between communities, when walls that separate social situations come crashing down,” writes Chris Peterson of the University of Massachusetts, who has studied Facebook’s privacy architecture.

But now you can tweak settings and set up differential access. People have figured out how to work Facebook and not get burnt. “Profile pictures flatter, tagged pictures shatter,” says Priya Singh, a twenty-something law student, with a laugh. “You never know what someone’s going to put up and who’s going to see what. I don’t want everyone to see drunken party pictures, and so I’ve just learnt to place family on a new level of privacy settings.” And that’s the general pattern on Facebook: most people have learnt to adjust to the public glare, after some initial blinking and bemusement.

Privacy from Whom?

You can segment your social world as minutely as you like, but that doesn’t mean your life is any more private. It’s not just the fact that potential employers can scan and dismiss you, or current employers keep tabs — though such stories abound. For instance, MIT’s Gaydar research project discovered that you can identify a person’s sexual preferences by studying who their friends are on Facebook, even if they have avoided sharing that information in their profile.

But perhaps we have been gulled into thinking that the whole privacy fuss is about each other. “It’s very clever of Facebook to foreground this aspect of control. Your other friends, pictures, the games you play — that’s something we regularly give out anyway”, says Nishant Shah, director of the Bangalore-based Centre for Internet and Society. “But Facebook is not a single entity — it is a collection of third party apps (applications) that we have no control over. A simple birthday calendar can harvest all your data, all your online traces and you grant it access without knowing it,” he says. So Facebook makes a big show of protecting you from your acquaintances, even as it sells your information continuously.

This becomes a much bigger possibility when it comes to search engine integration, which allows the open flow on Facebook to be harnessed for perfect reach and recall.

To get a clearer sense of what’s at stake with these influential corporations, take a more powerful example: Google.com. Every day, we confide our trivial confusions, our deep doubts to one willing ear. And these billions of broken questions can add up to an eerily accurate picture of the world. But do you search Google or does Google search you? “Google can track you across applications: email, search, blogs, pictures and books read. That means they can profile you in a very detailed, exhaustive way, and they do,’ says Rahul Matthan. “They never delete information, and they’re getting progressively more intelligent about you, as they make search more relevant with features like Google Suggest.” As technology scholar Siva Vaidyanathan puts it, “we have to realise that we are not Google’s customers. We are its product. We are what Google sells to advertisers.” These behaviourially targeted ads are the most perfect, evolved form of advertising so far and in concept, the least annoying, because they are customised to you. Google has promised that its information is utterly secure and that search logs are anonymised after a certain period.

It provides limited disclosure of outside ads, lets users manage the categories that Google has assigned to them and tinker with it for a more accurate picture and also provides an opt-out option. But Search 2.0 is a scary beast — it can also facilitate social control and surveillance. Your online activities are not scattered across applications any more, Google can hear what you tell Facebook.

While selling us stuff more efficiently is probably a good thing, what happens when this intimate knowledge shades into active surveillance? Even if we live in countries where rights are respected, “we give out enough personal information in an innocuous way to a single repository. They are sitting on top of a very valuable resource, and all this information can easily be reverse-engineered to reveal specifics about you,” says Rahul Matthan, technology lawyer and founder-partner of Trilegal.

In India, we are even more oblivious to such stealthy watching. “Privacy concerns here are lesser than in the West, where they’re so dependent on digital ID. There, if someone impersonates you or overdraws credit limits, it could affect your house, your job,” says Matthan.

Privacy legislation doesn’t really exist in India — the right to keep personal information confidential has only been articulated as protection against state action. “There’s no easy legal recourse to being thoroughly spied on by a company,” says Matthan (Europe has enforced data protection directives since 1984 — you can control what information is gathered about you, and how it is used. While the US has somewhat diluted laws, personal information is still strongly guarded). While it’s tempting to think that you have nothing to hide, you are acceding to a set-up where outliers can be identified and dealt with. Privacy matters, no matter how unexceptionable your own life. So what’s to be done? “Holding Facebook and other companies to account is crucial. We must set up legislations by which people can look back, ask exactly what about their activity is being tracked. They have to treat consumers as peers,” says Shah. “If Facebook can gaze at us, we must be given the right to gaze back at its functioning — it has to be a peer-to-peer relationship.”

So far, Facebook and the Googleverse and Twitter are still our friends and enablers. But as they amass more and more power, it is better to see them as fallible companies rather than confidantes, and to make sure that they account for our information.

For original article on the Indian Express

For more details visit http://editors.cis-india.org/news/de-facebook

DCS 2018 Agenda

ambika — 2018-11-07T02:51:36Z

For more details visit http://editors.cis-india.org/internet-governance/files/dcs-2018-agenda

Data Protection Submission

amber — 2018-04-18T16:37:05Z

For more details visit http://editors.cis-india.org/internet-governance/files/data-protection-submission

Data Protection

Admin — 2018-09-20T14:46:17Z

For more details visit http://editors.cis-india.org/internet-governance/files/data-protection

Data Privacy: Footprints on the Web

Admin — 2018-06-25T16:48:34Z

Technology has made data protection a hot button issue. Now, a group of eminent citizens, mostly lawyers, have formulated a draft privacy bill, a legal framework that protects the individual’s right to privacy, but it faces legal jurisdiction issues

The blog post by Sujit Bhar was published in IndiaLegal on June 21, 2018.

Lack of data privacy is a modern day peril. Quite like the individual’s right to privacy—one that has been raised to the level of a Fundamental Right by the Supreme Court—data privacy today is prime, because technology has made our lives fully dependant on associated data. Hence, by extension of the same logic and arguments that the top court used for personal privacy, data privacy should be protected.

The methodology to be adopted, though, is not as easy to determine given the lack of legislation in the field, the improbability of existing technology to ensure complete privacy and because of legal jurisdiction issues.

Also, to what extent data privacy can and should be allowed is a legal argument that needs to be supported by other fields of knowledge. The Supreme Court decision to award privacy as a Fundamental Right will act as a plinth in determining this.

To that end a group of eminent citizens, mostly lawyers, came together and formulated a draft privacy bill with the objective of slicing through banal arguments that would ensue if this was to wait for public re-reference/debate.

The proponents—Apar Gupta, Gautam Bhatia, Kritika Bhardwaj, Maansi Verma, Naman M Aggarwal, Praavita Kashyap, Prasanna S, Raman Jit Singh Chima, Ujwala Uppaluri and Vrinda Bhandari—have tried to develop their own privacy bill, based on the foundation of the Privacy (Protection) Bill, 2013, “which was drafted over a series of roundtables and inputs conducted by the Centre for Internet and Society, Bangalore”.

In doing so the group started from what it calls “seven privacy principles”, derived from various constitutional and expert texts.

Principle 1: Individual rights are at the centre of privacy and data protection.

This says that “the individual and her rights are primary. The law on privacy must empower you by advancing your right to privacy…”including “your right to autonomy and dignity.

Principle 2: A data protection law must be based on privacy principles.

Here reference is made to the report of the Justice AP Shah Committee of Experts. It’s a method that has been left flexible, to accommodate fast developing technology. There is a reference to Moore’s Law in this. Moore’s Law has remained one of the most overwhelmingly true laws of the IT industry. Originating in 1970, it says that processor speeds, or overall processing power for computers “will double every two years”. While that has remained true till now, with the development of multiple core processors, this law too has seemingly run its course. With the world changing at such a fast pace, if the data privacy bill/law does not remain flexible, it would also be quickly consigned to a museum of laws. Hence this flexible approach will be crucial.

Principle 3: A strong privacy commission must be created to enforce the privacy principles.

This is the part of establishing an oversight authority, “a strong body to ensure that the data protection rights are put into practice and enforced”. This structure has been treated for something “that works in principle and in practice.”

There is one part that says that this proposed “Privacy Commission”, has been “provided wide powers of investigation, adjudication, rule-making and enforcement. The Commission should adopt an approach that builds accountability for the rights of users by having powers to impose penalties that are proportionate to the harm and build deterrence.” This, obviously, means that it will be stepping onto the toes of other laws and that would be a rough road to navigate. However, as the group’s own philosophy says that the problem with technology oriented legislation is that it takes catching up with the progress of technology. To overcome this, the group wants to “make sure that the Privacy Code is not outdated” and hence wants to make sure that the “Privacy Commission can exercise rule making powers to give effect to the data protection principles under the regulation”.

The other part of the philosophy is of acknowledging and addressing public complaints. Hence the legal rigidity of regular acts would be dismissed. How this can work with enforcement agencies, though, will remain a matter of debate. The draft bill says that the “Privacy Commission must serve as the forum for the redressal of the general public’s grievances”, and that “Privacy Commissions should have the ability to investigate (independently through the office of a Director General), hold hearings and pass orders with directions and fines”.

That could be legal nightmare, because unlike a simple code, the bill has to pass through parliament to become an act, and legislators are the ones who have final say in remodelling an existing law. How much power they would agree to delegate is anybody’s guess.

Of course, the draft also calls for the courts to welcome public opinion. There seems to be a slight hitch in the wording, which says that “…while the Privacy Commission serves as the forum for redressal, the public should retain the remedies of approaching the civil courts (even in instances where harm is suffered by a group of people) and of filing police complaints directly”. That questions even the oversight authority of the commission. There is another objective—a hope, one would say—that the Privacy Commission must have jurisdiction over the government, as it does over the private sector. The Privacy Commission should have overriding power and superintendence over all legal entities in matter of data protection and privacy”. While this sounds good on paper, the issue of national security can override all. At this point, according to a cyber security expert, there is talk within the Indian government on how to deal with the social media messaging app WhatsApp. Technically, as the company points out, messaging through an app is encrypted (military grade encryption, it is said) end-to-end. Hence terrorist groups have zeroed in on this as a common idea exchange platform. There could possibly be restrictive legislation on this. That could strike at the heart of data privacy.

The government’s reaction, though, could become counter-productive. This could be visible in what the Justice Srikrishna-led Committee of Experts possibly could recommend.

Principle 4: The government should respect user privacy. Technically, if this bill, in its current form, has to go through parliament, members of both houses should be willing to accept that it will have no snooping powers, ever. The way the government fought tooth and nail against personal privacy in court—and the Aadhaar verdict is still awaited—this proposal seems unlikely to have an easy passage. The draft says: “It is imperative that the government, its arms, bodies and programmes be compliant with the privacy protection principles through a data protection law.”

There is a caveat within this, saying: “We support the use of digital technologies for public benefit. However, they should not be privileged over fundamental rights.” The proposal also says: “The government is responsible for the delivery of many essential services to the public of India. These services must not be withheld from an individual, due to such individual not sharing data with the government. Withholding services on the pretext of requirement of collection of data effectively amounts to extortion of consent. Individuals cannot be forced to trade away their data and citizenship at the altar of being permitted to use government services and access legal entitlements on welfare.” This will have to wait its validation or dismissal through the Aadhaar verdict.

Principle 5: A complete privacy code comes with surveillance reform

This is another tricky issue for any government. It talks about how the Snowden revelations “brought to public knowledge that our personal data is collected in an indiscriminate manner by governments”. The draft calls this collection procedure “dragnet surveillance”, because it “contravenes the principles of necessity, proportionality and purpose limitation”. Necessity and proportionality have been argued in detail during the Aadhaar debate in court and till that verdict is out, it would, possibly, not be right to delve into this, though a recommendation for procedural safeguards might run into the same wall as in the case of encrypted software in social media apps. The draft accepts the possibility of “individual interception and surveillance”, but says “this should be severely limited in substance and practice through procedural safeguards”.

Principle 6: The right to information needs to be strengthened and protected

This basically refers to the Right to Information Act and seems completely justified, with Information Commissioners being “exempted from interference or control by the Privacy Commissioner”.

Principle 7: International protections and harmonisation to protect the open internet must be incorporated

Another contentious issue, being fuelled by the loss of face by Facebook in its effort to introduce graded access (with paywalls).

The group widens its scope in stating that “we need to be guided by the Supreme Court’s Right to Privacy decision and make reference to the European Union’s General Data Protection Regulation”. More interestingly, the group admits that every law will have certain exceptions. It says: “…but without clear wording sometimes exceptions swallow up the rule. We adopted a three part test in our drafting process in which any exceptions to these privacy principles should be: (a) worded clearly; (b) limited in purpose, necessary and proportionate to the aim; and (c) accompanied by sufficient procedural safeguards”.

On the face of it, the overall draft represents a novel and upright way of thinking, and if some of this is accepted while the government mulls the Justice Srikrishna Committee’s recommendations (expected late this month), it would be a good beginning.

For more details visit http://editors.cis-india.org/internet-governance/news/india-legal-live-june-21-2018-data-privacy

Data Lives of Humanities Text

sneha-pp — 2020-12-23T13:07:43Z

The ‘computational turn’ in the humanities has brought with it several questions and challenges for traditional ways of engaging with the ‘text’ as an object of enquiry. The prevalence of data-driven scholarship in the humanities offers several challenges to traditional forms of work and practice, with regard to theory, tools, and methods. In the context of the digital, ‘text’ acquires new forms and meanings, especially with practices such as distant reading. Drawing upon excerpts from an earlier study on digital humanities in India, this essay discusses how data in the humanities is not a new phenomenon; concerns about the ‘datafication’ of humanities, now seen prominently in digital humanities and related fields is actually reflective of a longer conflict about the inherited separation between humanities and technology. It looks at how ‘data’ in the humanities has become a new object of enquiry as a result of several changes in the media landscape in the past few decades. These include large-scale digitalization and availability of corpora of materials (digitized and born-digital) in an array of formats and across varied platforms, thus leading to also a steady prevalence of the use of computational methods in working with and studying cultural artifacts today. This essay also explores how reading ‘text as data’ helps understand the role of data in the making of humanities texts and redefines traditional ideas of textuality, reading, and the reader.

This essay by Puthiya Purayil Sneha was published in Lives of Data: Essays on Computational Cultures from India (2020) edited by Sandeep Mertia, with a Foreword by Ravi Sundaram as part of the Series on Theory on Demand by Institute of Network Cultures, Amsterdam.

Read the open access book here.

For more details visit http://editors.cis-india.org/raw/data-lives-of-humanities-text

Data Infrastructures and Inequities: Why Does Reproductive Health Surveillance in India Need Our Urgent Attention?

Aayush Rathi and Ambika Tandon — 2019-12-30T16:44:32Z

In order to bring out certain conceptual and procedural problems with health monitoring in the Indian context, this article by Aayush Rathi and Ambika Tandon posits health monitoring as surveillance and not merely as a “data problem.” Casting a critical feminist lens, the historicity of surveillance practices unveils the gendered power differentials wedded into taken-for-granted “benign” monitoring processes. The unpacking of the Mother and Child Tracking System and the National Health Stack reveals the neo-liberal aspirations of the Indian state.

The article was first published by EPW Engage, Vol. 54, Issue No. 6, on 9 February 2019.

Framing Reproductive Health as a Surveillance Question

The approach of the postcolonial Indian state to healthcare has been Malthusian, with the prioritisation of family planning and birth control (Hodges 2004). Supported by the notion of socio-economic development arising out of a “modernisation” paradigm, the target-based approach to achieving reduced fertility rates has shaped India’s reproductive and child health (RCH) programme (Simon-Kumar 2006).

This is also the context in which India’s abortion law, the Medical Termination of Pregnancy (MTP) Act, was framed in 1971, placing the decisional privacy of women seeking abortions in the hands of registered medical practitioners. The framing of the MTP act invisibilises females seeking abortions for non-medical reasons within the legal framework. The exclusionary provisions only exacerbated existing gaps in health provisioning, as access to safe and legal abortions had already been curtailed by severe geographic inequalities in funding, infrastructure, and human resources. The state has concomitantly been unable to meet contraceptive needs of married couples or reduce maternal and infant mortality rates in large parts of the country, mediating access along the lines of class, social status, education, and age (Sanneving et al 2013).

While the official narrative around the RCH programme transitioned to focus on universal access to healthcare in the 1990s, the target-based approach continues to shape the reality on the ground. The provision of reproductive healthcare has been deeply unequal and, in some cases, in hospitals. These targets have been known to be met through the practice of forced, and often unsafe, sterilisation, in conditions of absence of adequate provisions or trained professionals, pre-sterilisation counselling, or alternative forms of contraception (Sama and PLD 2018). Further, patients have regularly been provided cash incentives, foreclosing the notion of free consent, especially given that the target population of these camps has been women from marginalised economic classes in rural India.

Placing surveillance studies within a feminist praxis allows us to frame the reproductive health landscape as more than just an ill-conceived, benign monitoring structure. The critical lens becomes useful for highlighting that taken-for-granted structures of monitoring are wedded with power differentials: genetic screening in fertility clinics, identification documents such as birth certificates, and full-body screeners are just some of the manifestations of this (Adrejevic 2015). Emerging conversations around feminist surveillance studies highlight that these data systems are neither benign nor free of gendered implications (Andrejevic 2015). In continual remaking of the social, corporeal body as a data actor in society, such practices render some bodies normative and obfuscate others, based on categorisations put in place by the surveiller.

In fact, the history of surveillance can be traced back to the colonial state where it took the form of systematic sexual and gendered violence enacted upon indigenous populations in order to render them compliant (Rifkin 2011; Morgensen 2011). Surveillance, then, manifests as a “scientific” rationalisation of complex social hieroglyphs (such as reproductive health) into formats enabling administrative interventions by the modern state. Lyon (2001) has also emphasised how the body emerged as the site of surveillance in order for the disciplining of the “irrational, sensual body”—essential to the functioning of the modern nation-state—to effectively happen.

Questioning the Information and Communications Technology for Development (ICT4D) and Big Data for Development (BD4D) Rhetoric

Information and Communications Technology (ICT) and data-driven approaches to the development of a robust health information system, and by extension, welfare, have been offered as solutions to these inequities and exclusions in access to maternal and reproductive healthcare in the country.

The move towards data-driven development in the country commenced with the introduction of the Health Management Information System in Andhra Pradesh in 2008, and the Mother and Child Tracking System (MCTS) nationally in 2011. These are reproductive health information systems (HIS) that collect granular data about each pregnancy from the antenatal to the post-natal period, at the level of each sub-centre as well as primary and community health centre. The introduction of HIS comprised cross-sectoral digitisation measures that were a part of the larger national push towards e-governance; along with health, thirty other distinct areas of governance, from land records to banking to employment, were identified for this move towards the digitalised provisioning of services (MeitY 2015).

The HIS have been seen as playing a critical role in the ecosystem of health service provision globally. HIS-based interventions in reproductive health programming have been envisioned as a means of: (i) improving access to services in the context of a healthcare system ridden with inequalities; (ii) improving the quality of services provided, and (iii) producing better quality data to facilitate the objectives of India’s RCH programme, including family planning and population control. Accordingly, starting 2018, the MCTS is being replaced by the RCH portal in a phased manner. The RCH portal, in areas where the ANMOL (ANM Online) application has been introduced, captures data real-time through tablets provided to health workers (MoHFW 2015).

A proposal to mandatorily link the Aadhaar with data on pregnancies and abortions through the MCTS/RCH has been made by the union minister for Women and Child Development as a deterrent to gender-biased sex selection (Tembhekar 2016). The proposal stems from the prohibition of gender-biased sex selection provided under the Pre-Conception and Pre-Natal Diagnostics Techniques (PCPNDT) Act, 1994. The approach taken so far under the PCPNDT Act, 2014 has been to regulate the use of technologies involved in sex determination. However, the steady decline in the national sex ratio since the passage of the PCPNDT Act provides a clear indication that the regulation of such technology has been largely ineffective. A national policy linking Aadhaar with abortions would be aimed at discouraging gender-biased sex selection through state surveillance, in direct violation of a female’s right to decisional privacy with regards to their own body.

Linking Aadhaar would also be used as a mechanism to enable direct benefit transfer (DBT) to the beneficiaries of the national maternal benefits scheme. Linking reproductive health services to the Aadhaar ecosystem has been critiqued because it is exclusionary towards women with legitimate claims towards abortions and other reproductive services and benefits, and it heightens the risk of data breaches in a cultural fabric that already stigmatises abortions. The bodies on which this stigma is disproportionately placed, unmarried or disabled females, for instance, experience the harms of visibility through centralised surveillance mechanisms more acutely than others by being penalised for their deviance from cultural expectations. This is in accordance with the theory of "data extremes,” wherein marginalised communities are seen as living on the extremes of data capture, leading to a data regime that either refuses to recognise them as legitimate entities or subjects them to overpolicing in order to discipline deviance (Arora 2016). In both developed and developing contexts, the broader purpose of identity management has largely been to demarcate legitimate and illegitimate actors within a population, either within the framework of security or welfare.

Potential Harms of the Data Model of Reproductive Health Provisioning

Informational privacy and decisional privacy are critically shaped by data flows and security within the MCTS/RCH. No standards for data sharing and storage, or anonymisation and encryption of data have been implemented despite role-based authentication (NHSRC and Taurus Glocal 2011). The risks of this architectural design are further amplified in the context of the RCH/ANMOL where data is captured real-time. In the absence of adequate safeguards against data leaks, real-time data capture risks the publicising of reproductive health choices in an already stigmatised environment. This opens up avenues for further dilution of autonomy in making future reproductive health choices.

Several core principles of informational privacy, such as limitations regarding data collection and usage, or informed consent, also need to be reworked within this context.^[1] For instance, the centrality of the requirement of “free, informed consent” by an individual would need to be replaced by other models, especially in the context of reproductive health of rape survivors who are vulnerable and therefore unable to exercise full agency. The ability to make a free and informed choice, already dismantled in the context of contemporary data regimes, gets further precluded in such contexts. The constraints on privacy in decisions regarding the body are then replicated in the domain of reproductive data collection.

What is uniform across these digitisation initiatives is their treatment of maternal and reproductive health as solely a medical event, framed as a data scarcity problem. In doing so, they tend to amplify the understanding of reproductive health through measurable indicators that ignore social determinants of health. For instance, several studies conducted in the rural Indian context have shown that the degree of women’s autonomy influences the degree of usage of pregnancy care, and that the uptake of pregnancy care was associated with village-level indicators such as economic development, provisioning of basic infrastructure and social cohesion. These contextual factors get overridden in pervasive surveillance systems that treat reproductive healthcare as comprising only of measurable indicators and behaviours, that are dependent on individual behaviour of practitioners and women themselves, rather than structural gaps within the system.

While traditionally associated with state governance, the contemporary surveillance regime is experienced as distinct from its earlier forms due to its reliance on a nexus between surveillance by the state and private institutions and actors, with both legal frameworks and material apparatuses for data collection and sharing (Shepherd 2017). As with historical forms of surveillance, the harms of contemporary data regimes accrue disproportionately among already marginalised and dissenting communities and individuals. Data-driven surveillance has been critiqued for its excesses in multiple contexts globally, including in the domains of predictive policing, health management, and targeted advertising (Mason 2015). In the attempts to achieve these objectives, surveillance systems have been criticised for their reliance on replicating past patterns, reifying proximity to a hetero-patriarchal norm (Haggerty and Ericson 2000). Under data-driven surveillance systems, this proximity informs the preexisting boxes of identity for which algorithmic representations of the individual are formed. The boxes are defined contingent on the distinct objectives of the particular surveillance project, collating disparate pieces of data flows and resulting in the recasting of the singular offline self into various 'data doubles' (Haggerty and Ericson 2000). Refractive, rather than reflective, the data doubles have implications for the physical, embodied life of individual with an increasing number of service provisioning relying on the data doubles (Lyon 2001). Consider, for instance, apps on menstruation, fertility, and health, and wearables such as fitness trackers and pacers, that support corporate agendas around what a woman’s healthy body should look, be or behave like (Lupton 2014). Once viewed through the lens of power relations, the fetishised, apolitical notion of the data “revolution” gives way to what we may better understand as “dataveillance.”

Towards a Networked State and a Neo-liberal Citizen

Following in this tradition of ICT being treated as the solution to problems plaguing India’s public health information system, a larger, all-pervasive healthcare ecosystem is now being proposed by the Indian state (NITI Aayog 2018). Termed the National Health Stack, it seeks to create a centralised electronic repository of health records of Indian citizens with the aim of capturing every instance of healthcare service usage. Among other functions, it also envisions a platform for the provisioning of health and wellness-based services that may be dispensed by public or private actors in an attempt to achieve universal health coverage. By allowing private parties to utilise the data collected through pullable open application program interfaces (APIs), it also fits within the larger framework of the National Health Policy 2017 that envisions the private sector playing a significant role in the provision of healthcare in India. It also then fits within the state–private sector nexus that characterises dataveillance. This, in turn, follows broader trends towards market-driven solutions and private financing of health sector reform measures that have already had profound consequences on the political economy of healthcare worldwide (Joe et al 2018).

These initiatives are, in many ways, emblematic of the growing adoption of network governance reform by the Indian state (Newman 2001). This is a stark shift from its traditional posturing as the hegemonic sovereign nation state. This shift entails the delayering from large, hierarchical and unitary government systems to horizontally arranged, more flexible, relatively dispersed systems.^[2] The former govern through the power of rules and law, while the latter take the shape of self-regulating networks such as public–private contractual arrangements (Snellen 2005). ICTs have been posited as an effective tool in enabling the transition to network governance by enhancing local governance and interactive policymaking enabling the co-production of knowledge (Ferlie et al 2011). The development of these capabilities is also critical to addressing “wicked problems” such as healthcare (Rittel and Webber 1973).^[3] The application of the techno-deterministic, data-driven model to reproductive healthcare provision, then, resembles a fetishised approach to technological change. The NHSRC describes this as the collection of data without an objective, leading to a disproportional burden on data collection over use (NHSRC and Taurus Glocal 2011).

The blurring of the functions of state and private actors is reflective of the neo-liberal ethic, which produces new practices of governmentality. Within the neo-liberal framework of reproductive healthcare, the citizen is constructed as an individual actor, with agency over and responsibility for their own health and well-being (Maturo et al 2016).

“Quantified Self” of the Neo-liberal Citizen

Nowhere can the manifestation of this neo-liberal citizen can be seen as clearly as in the “quantified self” movement. The quantified self movement refers to the emergence of a whole range of apps that enable the user to track bodily functions and record data to achieve wellness and health goals, including menstruation, fertility, pregnancies, and health indicators in the mother and baby. Lupton (2015) labels this as the emergence of the “digitised reproductive citizen,” who is expected to be attentive to her fertility and sexual behaviour to achieve better reproductive health goals. The practice of collecting data around reproductive health is not new to the individual or the state, as has been demonstrated by the discussion above. What is new in this regime of datafication under the self-tracking movement is the monetisation of reproductive health data by private actors, the labour for which is performed by the user. Focusing on embodiment draws attention to different kinds of exploitation engendered by reproductive health apps. Not only is data about the body collected and sold, the unpaid labour for collection is extracted from the user. The reproductive body can then be understood as a cyborg, or a woman-machine hybrid, systematically digitising its bodily functions for profit-making within the capitalist (re)production machine (Fotoloulou 2016). Accordingly, all major reproductive health tracking apps have a business model that relies on selling information about users for direct marketing of products around reproductive health and well-being (Felizi and Varon nd).

As has been pointed out in the case of big data more broadly, reproductive health applications (apps) facilitate the visibility of the female reproductive body in the public domain. Supplying anonymised data sets to medical researchers and universities fills some of the historical gaps in research around the female body and reproductive health. Reproductive and sexual health tracking apps globally provide their users a platform to engage with biomedical information around sexual and reproductive health. Through group chats on the platform, they are also able to engage with experiential knowledge of sexual and reproductive health. This could also help form transnational networks of solidarity around the body and health (Fotopoulou 2016).

This radical potential of network-building around reproductive and sexual health is, however, tempered to a large extent by the reconfiguration of gendered stereotypes through these apps. In a study on reproductive health apps on Google Play Store, Lupton (2014) finds that products targeted towards female users are marketed through the discourse of risk and vulnerability, while those targeted towards male users are framed within that of virility. Apart from reiterating gendered stereotypes around the male and female body, such a discourse assumes that the entire labour of family planning is performed by females. This same is the case with the MCTS/RCH.

Technological interventions such as reproductive health apps as well as HIS are based on the assumption that females have perfect control over decisions regarding their own bodies and reproductive health, despite this being disproved in India. The Guttmacher Institute (2014) has found that 60% of women in India report not having control over decisions regarding their own healthcare. The failure to account for the husband or the family as stakeholder in decision-making around reproductive health has been a historical failure of the family planning programme in India, and is now being replicated in other modalities. This notion of an autonomous citizen who is able to take responsibility of their own reproductive health and well-being does not hold true in the Indian context. It can even be seen as marginalising females who have already been excluded from the reproductive health system, as they are held responsible for their own inability to access healthcare.

Concluding Remarks

The interplay that emerges between reproductive health surveillance and data infrastructures is a complex one. It requires the careful positioning of the political nature of data collection and processing as well as its hetero-patriarchal and colonial legacies, within the need for effective utilisation of data for achieving developmental goals. Assessing this discourse through a feminist lens identifies the web of power relations in data regimes. This problematises narratives of technological solutions for welfare provision.

The reproductive healthcare framework in India then offers up a useful case study to assess these concerns. The growing adoption of ICT-based surveillance tools to equalise access to healthcare needs to be understood in the socio-economic, legal, and cultural context where these tools are being implemented. Increased surveillance has historically been associated with causing the structural gendered violence that it is now being offered as a solution to. This is a function of normative standards being constructed for reproductive behaviour that necessarily leave out broader definitions of reproductive health and welfare when viewed through a feminist lens. Within the larger context of health policymaking in India, moves towards privatisation then demonstrate the peculiarity of dataveillance as it functions through an unaccountable and pervasive overlapping of state and private surveillance practises. It remains to be seen how these trends in ICT-driven health policies affect access to reproductive rights and decisional privacy for millions of females in India and other parts of the global South.

For more details visit http://editors.cis-india.org/internet-governance/blog/data-infrastructures-inequities-reproductive-health-surveillance-india

Data for the Benefit of People

amber — 2018-12-01T04:21:32Z

For more details visit http://editors.cis-india.org/internet-governance/files/data-for-the-benefit-of-people

Data for Governance, Governance of Data, and Data Anxieties

sumandro — 2016-07-03T05:59:48Z

The Center for International Media Assistance (CIMA) organised a panel discussion on 'The Data Explosion – How the Internet of Things will Affect Media Freedom and Communication Systems?' at Deutsche Welle's Global Media Forum 2016, held in Bonn, Germany during June 13-15, 2016. Sumandro Chattapadhyay was invited as one of the panelists.

Introduction to the Panel

The emerging Internet of Things (IoT) will result in a vast network of Internet-connected devices that generate enormous volumes of data about human behavior and interactions. This data explosion will potentially reshape how media organizations both collect and report news, while at the same time fundamentally shifting how communications networks are organized worldwide. Yet currently most of the discussion about the IoT has focused on its spread in developed countries via the popularization of Internet-connected consumer devices.

In this panel we will discuss how the IoT may develop differently in the Global South and how it could present either a threat to open access to data and information, or an opportunity to improve media systems worldwide. We will also examine the impact of the data explosion in developing countries and what mechanisms need to be created in order to ensure the huge new mountain of data is used and governed responsibly.

The discussants were Carlos Affonso Souza (Director, Institute for Technology and Society of Rio de Janeiro, Brazil), Lorena Jaume-Palasi (Director for Communications, European Dialogue on Internet Governance, or EuroDIG, Switzerland), and Sumandro Chattapadhyay (Research Director, the Centre for Internet and Society, India); and the conversation was led by Mark Nelson (Senior Director, Center for International Media Assistance, or CIMA, USA).

Source: Deutsche Welle.

Audio Recording

Things/Writings I have Mentioned

For more details visit http://editors.cis-india.org/raw/data-for-governance-governance-of-data-and-data-anxieties

Data Flow in the Unique Identification Scheme of India

vidushi — 2015-09-03T17:02:44Z

This note analyses the data flow within the UID scheme and aims at highlighting vulnerabilities at each stage. The data flow within the UID Scheme can be best understood by first delineating the organizations involved in enrolling residents for Aadhaar. The UIDAI partners with various Registrars usually a department of the central or state Government, and some private sector agencies like LIC etc– through a Memorandum of Understanding for assisting with the enrollment process of the UID project.

Many thanks to Elonnai Hickok for her invaluable guidance, input and feedback

These Registrars then appoint Enrollment Agencies that enroll residents by collecting the necessary data and sharing this with the UIDAI for de-duplication and issuance of an Aadhaar number, at enrolment centers that they set up. The data flow process of the UID is described below:[1]

Data Capture

Filling out an enrollment form – To enroll for an Aadhaar number, individuals are required to provide proof of address and proof of identity. These documents are verified by an official at the enrollment center.

Vulnerability: Though an official is responsible for verifying these documents, it is unclear how this verification is completed. It is possible for fraudulent proof of address and proof of identity to be verified and approved by this official.

The 'introducer' system: For individuals who do not have a Proof of Identity, Proof of Address etc the UIDAI has established an 'introducer' system. The introducer verifies that the individual is who they claim to be and that they live where they claim to live.

Vulnerability: This introducer is akin to the introducer concept in banking; except that here, the introducer must be approved by the Registrar, and need not know the person bring enrolled. This leads to questions of authenticity and validity of the data collected and verified by an 'introducer'. The Home Ministry in 2012, indicated that this must be reviewed.[2]

Categories of data for enrollment: The UIDAI has a standard enrollment form and list of documents required for enrollment. This includes: name, address, birth date, gender, proof of address and proof of identity. Some MoUs (Memorandum of Understanding) permit for the Registrars to collect additional information in addition to what is required by the UIDAI. This could be any information the Registrar deems necessary for any purpose.

Vulnerability: The fact that a Registrar may collect any information they deem necessary and for any purpose leads to concerns regarding (1) informed consent – as individuals are in placed in a position of having to provide this information as it is coupled with the Aadhaar enrollment process (2) unauthorized collection - though the MOU between the UIDAI and the Registrar has authorized the Registrar to collect additional information – if the information is personal in nature and the Registrar is a body corporate it must be collected as per the Information Technology Rules 2011 under section 43A. It is unclear if Registrars that are body corporates are collecting data in accordance to these rules. (3) As Registrars are permitted to collect any data they deem necessary for any purpose – this leads to concerns regarding misuse of this data..[3]

Verification of Resident’s Documents: true copies of original documents, after verification are sent to the Registrar for “permanent storage.”[4]

Vulnerability: It is unclear as to what extent and form this storage takes place. There is no clarity on who is responsible for the data once collected, and the permissible uses of such data are also unclear. The contracts between the UID and Registry claim that guidelines must be followed, while the guidelines state that, “The documents are required to be preserved by Registrar till the UIDAI finalizes its document storage agency” and states that the “Registrars must ensure that the documents are stored in a safe and secure manner and protected from unauthorized access.” [5] The question of what is “unauthorized access”, “secure storage”, when is data transferred to the UIDAI and when the UIDAI will access it and why remain unanswered. Moreover, there is nothing about deleting documents once the MoU lapses. The guidelines in question were also developed post facto.

Data collection for enrollment: After verification of proof of address and proof of identity, operators at the enrolling the agency will be enrolling individuals. Data Collection is completed by operators at the enrolling agency. This includes the digitization of enrollment forms and collection of biometrics. Enrollment information is manually collected and entered into computers operating software provided by the UIDAI and then transferred to the UIDAI. Biometrics are collected through devices that have been provided by third parties such as Accenture and L1Identity Solutions.

Vulnerability: After data is collected by enrollment operators it is possible for data leakage to occur at the point of collection or during transfer to the Registrar and UIDAI. Data operators, are therefore not answerable to the UIDAI, but to a private agency; a fact which has been the cause of concern even within the government.[6] There have also been instances of sub contracting which leads to more complications in respect of accountability. Misuse[7] and loss of data is a very real possibility, and irregularities have been reported as well.[8] By relying on technology that is provided by third parties (in many cases foreign third parties) data collected by these devices is also available to these companies while at the same time the companies are not regulated by Indian law.

Import pre-enrolment data into Aadhaar enrollment client, Syncing NPR/census data into the software: The National Population Register (NPR) enrolls usual residents, and is governed by the Citizenship Rules, which prescribe a penalty for non disclosure of information.

Vulnerability: Biometrics does not form part of the Rules that govern NPR data collection; the Citizenship Rules, 2003. In many ways, collection of biometrics without amending the citizenship laws amounts to a worrying situation. The NPR hands over information that it collects to UIDAI, biometrics collected as part of the UIDAI is included in the NPR, leading to concerns surrounding legality and security of such data.

Resident’s consent: for “whether the resident has agreed to share the captured information with organizations engaged in delivery of welfare services.”

Vulnerability: This allows the UIDAI to use data in an almost unfettered fashion. The enrolment form reads, “‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” Informed consent, Vague. What info and with whom. Why is necessary for the UIDAI to share this information, when the organization is only supposed to be a passive intermediary? Does beyond the mandate of the UIDAI, which is only to provide and authenticate the number.

Biometric exceptions: The operator checks if the resident’s eyes/hands are amputated/missing, and after the Supervisor verifies the same, the record is made as an exception and only the individuals photograph is recorded.

Vulnerability: There has widespread misuse of this clause, with data being fabricated to fall into this category, making it unreliable as a whole. In March 2013, 3.84 lakh numbers were cancelled as they were based on fraudulent use of the exception clause. [9]

Operator checks if resident wants Aadhaar enabled bank account: The UID project was touted to be a scheme that would ensure access to benefits and subsidies that are provided through cash transfers as well as enabling financial inclusion. Subsequently, the need for a Aadhaar embedded bank account was made essential to avail of these benefits. The operator at this point checks whether the resident would like to open such a bank account.

Vulnerability: The data provided at the time of linking UID with a bank account cannot be corrected or retracted. Although this has the vision of financial inclusion, it is now a threat of exclusion.

Capturing biometrics- The UIDAI scheme includes assigning each individual a unique identification number after collecting their demographic and biometric information. One Time Passwords are used to manually override a situation in which biometric identification fails.[10] The UIDAI data collection process was revamped in 2012 to include best finger detection and multiple try method.[11]

Vulnerabilities: The collection process is not always accurate, in fact, 70% of the residents who enrolled in Salt Lake, will have to re-enroll due to discrepancies at the time of enrollment.[12] Further, a large number of people in India are unable to give biometric information due to manual labour, or cataracts etc.

After such data is entered, the Operator shows such data to the Resident or Introducer or Head of the Family (as the case may be) for validation.

Operator Sign off – Each set of data needs to be verified by an Operator whose fingerprint is already stored in the system.

Vulnerability: Vesting authority to sign off in an operator allows for signing off on inaccurate or fraudulent data. For example, the issuance of aadhaar numbers to biometric exceptions highlight issues surrounding misuse and unreliability of this function.[13]

After this, the Enrolment operator gets supervisor’s sign off for any exceptions that might exist, Acknowledgement and consent for enrolment is stored. Any correction to specified data can be made within 96 hours.

Document Storage, Back up and Sync

After gathering and verifying all the information about the resident, the Enrolment Agency Operator will store photocopies of the documents of the resident. These Agencies also backup data “from time to time” (recommended to be twice a day), and maintain it for a minimum of 60 days. They also sync with the server every 7-10 days.

Vulnerability: The security implications of third party operators storing information is greatly exacerbated by the fact that these operators use technology and devices from companies have close ties to intelligence agencies in other countries; L-1 Identity Solutions have close ties with America’s CIA, Accenture with French intelligence etc. [14]

Transfer of Demographic and Biometric Data Collected to CIDR

“First mile logistics” include transferring data by using Secure File Transfer Protocol) provided by UIDAI or through a “suitable carrier” such as India Post.

Vulnerability: There is no engagement between the UIDAI and the enrolling agencies; the registrars engage private enrolment agencies, and not the UIDAI. Further, the scope of people authorized to collect information, the information that can be collected, how such information is stored etc are all vague. In 2009, there was a notification that claimed that the UIDAI owns the database[15] but there is no indication on how it may be used, how this might react to instances of identity fraud, etc.

Data De-duplication and Aadhar Generation at CIDR

On receiving biometric information, the de-duplication is done to ensure that each individual is given only one UID number.

Vulnerability:

This de-duplication is carried out by private companies, some of which are not of indian origin and thus are also not bound by Indian law. Also, the volume of Aadhaar numbers rejected due to quality or technical reasons is a cause of worry; the count reaching 9 crores in May 2015.[16]
The MoUs promise registrars access to information contained in the Aadhaar letter, although individuals are ensured that such letter is only sent to them. [17]
General compliance and de-duplication has been an issue, with over 34,000 people being issued more than one Aadhaar number,[18] and innumerable examples of faulty Aadhaar cards being issued.[19]

[1] Enrolment Process Essentials : UIDAI , (December 13,2012), http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf

[2] UIDAI to review biometric data collection process of 60 crore resident Indians: P Chidambaram, Economic Times, (Jan 31, 2012), http://articles.economictimes.indiatimes.com/2012-01-31/news/31010619_1_biometrics-uidai-national-population-register.

[3]See: an MoU signed between the UIDAI and the Government of Madhya Pradesh. Also see: Usha Ramanathan, “States as handmaidens of UIDAI”, The Statesman (August 8, 2013).

[4]http://nictcsc.com/images/Aadhaar%20Project%20Training%20Module/English%20Training%20Module/module2_aadhaar_enrolment_process17122012.pdf

[5] Document Storage Guidelines for Registrars – Version 1.2, https://uidai.gov.in/images/mou/D11%20Document%20Storage%20Guidelines%20for%20Registrars%20final%2005082010.pdf

[6] Arindham Mukherjee, Lola Nayar, Aadhaar,A Few Basic Issues, Outlook India, (December 5, 2011), http://dataprivacylab.org/TIP/2011sept/India4.pdf.

[7] Aadhaar: UIDAI probing several cases of misuse of personal data, The Hindu, (April 29, 2012), http://www.thehindubusinessline.com/economy/aadhar-uidai-probing-several-cases-of-misuse-of-personal-data/article3367092.ece.

[8] Harsimran Julka, UIDAI wins court battle against HCL technologies, The Economic Times, (October 4, 2011), http://articles.economictimes.indiatimes.com/2011-10-04/news/30242553_1_uidai-bank-guarantee-hp-and-ibm.

[9] Chetan Chauhan, UIDAI cancels 3.84 lakh fake Aadhaar numbers, The Hindustan Times, (December 26, 2012), http://www.hindustantimes.com/newdelhi/uidai-cancels-3-84-lakh-fake-aadhaar-numbers/article1-980634.aspx.

[10] Usha Ramanathan, “Inclusion project that excludes the poor”, The Statesman (July 4, 2013).

[11] UIDAI to Refresh Data Collection Process, Zee News, (February 7, 2012) http://zeenews.india.com/news/delhi/uidai-to-refresh-data-collection-process_757251.html.

[12] Snehal Sengupta, Queue up again to apply for Aadhaar, The Telegraph, (February 27, 2015), http://www.telegraphindia.com/1150227/jsp/saltlake/story_5642.jsp#.VayjDZOqqko

[13] Chauhan, supra note 7.

[14] Usha Ramanathan, Three Supreme Court Orders Later, What’s the Deal with Aadhaar? Yahoo News, (April 13, 2015), https://in.news.yahoo.com/three-supreme-court-orders-later--what-s-the-deal-with-aadhaar-094316180.html.

[15] Usha Ramanathan, “Threat of Exclusion and of Surveillance”, The Statesman (July 2, 2013).

[16] Over 9 Crore Aadhaar enrolments rejected by UIDAI, Zee News (May 8, 2015).

[17] Usha Ramanathan, “States as handmaidens of UIDAI”, The Statesman (August 8, 2013).

[18] Surabhi Agarwal, Duplicate Aadhar numbers within estimate, Live Mint (March 5, 2013).

[19] Usha Ramanathan, “Outsourcing enrolment, gathering dogs and trees”, The Statesman (August 7, 2013).

For more details visit http://editors.cis-india.org/internet-governance/blog/data-flow-in-unique-identification-scheme-of-india

Data bleeding everywhere: a story of period trackers

sumandro — 2019-12-06T05:03:09Z

This is an excerpt from an essay by Sadaf Khan, written for and published as part of the Bodies of Evidence collection of Deep Dives. The Bodies of Evidence collection, edited by Bishakha Datta and Richa Kaul Padte, is a collaboration between Point of View and the Centre for Internet and Society, undertaken as part of the Big Data for Development Network supported by International Development Research Centre, Canada.

Please read the full essay on Deep Dives: Data bleeding everywhere: a story of period trackers

Sadaf Khan: Media Matters for Democracy and Twitter

...By now there are a number of questions buzzing around my head, most of them unasked. Are users comfortable with so much of their data being collected? Are there really algorithms that string together all this data into medically-relevant trends? How reliable can these trends be when usage is erratic? Are period tracking apps pioneering, fundamental elements of a future where medical aid is digital and reliable data is inevitably linked to the provision of medical services? And if so, are privacy and health soon to become conflicting rights?

I also want to find out how users understand data collection and privacy before giving apps consent to utilize their data and information as they will. Hareem says she gives apps informed consent. ‘If my data becomes a part of the statistics aiding medical research, why not? There is no harm in it. I am getting a good service, and if my data helps create a better understanding as a part of a larger statistical pool, they are welcome to use it.’

But is she really sure that this information will be used only as anonymised data for medical research? ‘Look at the kind of information that is being collected,’ she answers. ‘Dates, mood, consistency of mucus, basal temperature. What kind of use does one have for this data?’

Naila, in turn, says: ‘Honestly, I have never really thought about what happens to the data the application collects. Obviously I enter detailed information about my cycle and my moods and my sex life. But a), my account is under a fake name and b), even if it wasn’t, who would have any use for stuff like when my period starts and ends and what my mood or digestive system is like at any given moment?’

In fact, this sentiment is shared among all the women interviewed for this piece — what use would anyone have for this data?

As users, we often imagine our own data as anonymised within a huge dataset. But as users, we don’t have enough information about how our data is being used — or will be used in future. The open and at times vague language of a platform’s terms and conditions allows menstrual apps to use data in ways that I may not know of. Some apps continue to hold customer data even after an account is deleted. Even though I may technically ‘agree’ to the terms and conditions, is this fully informed consent?

One of the big concerns around this kind of medical information being collected is the potential for collaborations with big pharmaceuticals and other health service providers. With apps sitting on a goldmine of users’ fertility and health information, health service providers might mine their data for potential consumers and reach out directly to them. While this is like any targeted marketing campaign, the fact that the advertiser is likely to be offering medical services to women suffering from infertility and are at their most vulnerable, raises totally different ethical concerns.

And these apps and their businesses might grow in directions that users haven’t taken into consideration. Take Ovia’s health feature for companies to buy premium services for their employees. While the gesture is packaged as a goodwill one, it also means that an employer has access to extremely private and intimate medical information about their women employees. And while the data set is anonymised, it is still possible to figure out the identity of users based on specific information. For example, how many women in any company are pregnant at any given time?...

Pregnant a year after my miscarriage, I initially downloaded multiple apps in a bid to find a good fit. I don’t know which one of these was in communication with Facebook. But almost immediately, my Facebook timeline started becoming littered with ads for baby stuff — clothes, shoes bibs, prams, cribs, ointments for stretch marks, maternity wear, the works.

It makes me think of those old school clockwork-style videos. You drop a ball and off it goes: making dominos fall, knocking over pots and pans, setting in motion absurd, synchronized mechanisms. Similarly, I drop my data and watch it hurtle into my life, on to other platforms, off to vendors. Maybe to stalkers? To employers? Who knows.

For more details visit http://editors.cis-india.org/raw/sadaf-khan-data-bleeding-everywhere-a-story-of-period-trackers

CyFy Agenda

praskrishna — 2015-10-16T03:01:13Z

For more details visit http://editors.cis-india.org/internet-governance/blog/cyfy-agenda

CyFy 2017 Agenda

Admin — 2017-11-26T09:11:29Z

For more details visit http://editors.cis-india.org/internet-governance/files/cyfy-2017-agenda

Cyfy 2015: The India Conference on Cyber Security and Internet Governance

praskrishna — 2015-10-17T14:44:42Z

In its third year, Cyfy; South Asia’s biggest internet policy conference is being held in New Delhi, from 14-16 October, 2015. The event is organized by Observer Research Foundation at Hotel Taj Mansingh. Sunil Abraham is a panelist in the session "Protection of Intellectual Property and Business Secrets in the Knowledge Economy".

Building on its scope and scale of the previous year — over 55 speakers, from 12 countries, with 350 attendees — the conference discusses issues that affect the emerging world and developed world alike. The conversations will further and widen the debate around internet governance, security, surveillance, freedom of expression, norms of state behaviour, technology and specific societal challenges that emerging and developing countries seek to address by the effective design and deployment on these technologies. In 2015, Cyfy will bring together more experts from South Asia, in order to present new thought on the specific challenges of internet access, policy and regulation, e-governance, financial inclusion, and bottom of the pyramid solutions.

Along with its growing network of both Indian and international partners, ORF looking forward to hosting another thought-provoking and productive few days, and bridging some digital divides in contemporary internet cyber policy debates.

Protection of Intellectual Property and Business Secrets in the Knowledge Economy

Over the past decade, there has been an exponential rise in cyber-enabled theft of intellectual property, and it has been recognized as an unfair predatory practice. With the rise of the globalized knowledge economy, the stability of open trading systems increasingly depends on cross-border IP protection. What is the relevance of the protection of intellectual property and business secrets for economic development and stability of the international trading system?

Download the agenda For more info visit here.

For more details visit http://editors.cis-india.org/internet-governance/news/cyfy-2015-india-conference-on-cyber-security-and-internet-governance

Cyberspace in its Plurality: Cybercultures Workshop at TISS, Mumbai

nishant — 2008-10-31T10:38:17Z

Cyberspace has become one of the most potent and persuasive metaphors of our times, enveloping and embracing a wide range and scope of areas across disciplines and perspectives. The cybercultures workshop is designed to be an introduction to the multiplicity of cyberspaces and internet technologies and the key questions which have emerged in the almost four decades of cyberculture theory. The workshop is designed across four days; each day dealing with a certain understanding of cyberspace – in its materiality, in its imagination, in its instrumentality – in order to present a comprehensive view of the vast terrain of cyberspace and its intersections with the contemporary worlds we live in.

Workshop @ Centre for Media and Cultural Studies, TISS, Mumbai

The four day workshop at the Centre for Media and Cultural Studies, Tata Institute of Social Sciences, Mumbai, sees CIS engaging with one of the most exciting spaces in the Indian academia; we design and administer an introduction course on cyberspace and its plurality to students of media and cultural studies. The workshop is a part of the Centre for Internet and Society's larger concern on providing a multidisciplinary, multi-media approach towards the internet and contextualising it in India.

Structured on a seminar model, the workshop hopes to bring together the questions in academic debate as well as in the realm of cultural production, for students to understand the internet technologies and cyberspaces as not only important cultural outputs but also crucial forms that shape the world we live in.

Objectives: The four day cybercultures workshop hopes to achieve the following objectives:

To introduce the students to the multiplicity and complexity of ‘cyberspace’.
To introduce ‘cyberspace’ as an epistemological category to emphasise the centrality of cyberspaces in understanding the mechanics of urban survival in the contemporary.
To orient the students towards understanding the textuality of cyberspace; rescuing it from the confines of digital networks and locating it in the transactions of globalization and urbanization in Asia.
To introduce the key debates in cybercultures theory: body, gender, sexuality, authorship, ownership, access and information democratization.

Design: The cybercultures workshop is designed to be conducted over four days with two sessions (of three hours each) per day. Each day is thematically divided to look at a particular idea of cyberspace; the sessions are further sub-divided to introduce a particular perspective on the day’s theme. Each session has its set of individual pre-readings which will serve more as indicators of the stake of the debate rather than as texts around which the class will be centred. The readings shall remain as introductory material, and the class room discussions, while referring to them, will not concentrate on explaining the material.

Day 1: Cyberspace – Form, Textuality and Frameworks

Session 1: Exploring Cyberspace:

Definitions, explanations, locations

Cyberspace and Digital Technologies

Form, text, textuality

Pre-reading: Shah, Nishant, 2005. “Playblog: Pornography, Performance, and Cyberspace” available here

Session 2: The Digital DNA – Database, Networks, Archives

The Database Imperative: Sorting, information, databases

The Networking Impulse: Social Networking Systems and the condition of networking

The Archiving Aspirations: Intention, aspiration and archiving the present

Pre-reading: Manovich, Lev, 2001. “The Database as a Symbolic Form” available here

Day 2: Information technology and human engineering

Session 3 : Gender, Technology and Cyberspace

Gendering of Technology; Gendered Technologies

The body and its boundaries

Physical bodies; Digital selves; cyborgs

Pre-reading: Light, Jennifer, 1999. “When Computers Were Women” available here

Dibbell, Julian, 1991. “A Rape in Cyberspace: How an Evil Clown, a Haitian Trickster, Two Wizards, and a Cast of Dozens Turned a Database into a Society” available here

Session 4: Techno-social Worlds

Orkut Deaths : The distributed self

Role playing and identity : The real and the authentic

DPS MMS: The trajectories of selves

Day 3- 4 : Cyberspace and the Infobahn

Session 5: Movie Screening: Good Copy, Bad Copy (followed by discussion)

Session 6: Who owns Cyberspace?

Ownership and Possession

Licensing and access

Open source and the gift economy

Pre-reading: UNCTAD essay on copyright and related questions, available here

Session 7: 18 Reasons Why Piracy is Good for You

The need for piracy

Piracy, theft, and property

Session 8: The Cultural Value of Intellectual Property

The Digital Millenium Rights

The Copy Right and the Copy Left

Open Access and the Creative Commons

Outputs

For more details visit http://editors.cis-india.org/publications-automated/curricula/courses-taught-and-designed-by-cis/cyberspace-in-its-plurality-cybercultures-workshop-at-tiss-mumbai