The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
Submission to the Facebook Oversight Board: Policy on Cross-checks
http://editors.cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-policy-on-cross-checks
<b>The Centre for Internet & Society (CIS) submitted public comments to the Facebook Oversight Board on a policy consultation.</b>
<h2>Whether a cross-check system is needed?</h2>
<p style="text-align: justify;"><strong>Recommendation for the Board</strong>: The Board should investigate the cross-check system as part of Meta’s larger problems with algorithmically amplified speech, and how such speech gets moderated.</p>
<p style="text-align: justify;"><strong>Explanation</strong>: The issues surrounding Meta’s cross-check system are not an isolated phenomena, but rather a reflection of the problems of algorithmically amplified speech, as well the lack of transparency in the company’s content moderation processes at large. At the outset, it must be stated that the majority of information on the cross-check system only became available after the media <a href="https://www.wsj.com/articles/facebook-files-xcheck-zuckerberg-elite-rules-11631541353?mod=article_inline">reports</a> published by the Wall Street Journal. While these reports have been extensive in documenting various aspects of the system, there is no guarantee that the disclosures obtained by them provides the complete picture regarding the system. Further, given that Meta has been found to purposely mislead the Board and the public on how the cross-check system operates, it is worth investigating the incentives that necessitate the cross-check system in the first place.</p>
<p style="text-align: justify;">Meta claims that the cross-check system works as a check for false positives: they “employ additional reviews for high-visibility content that may violate our policies.” Essentially they want to make sure that content that stays up on the platform and reaches a large audience, is following their content guidelines. However, previous disclosures have <a href="https://www.wsj.com/articles/facebook-hate-speech-india-politics-muslim-hindu-modi-zuckerberg-11597423346">proven</a> policy executives have prioritized the company’s ‘business interests’ over removing content that violates their policies; and have <a href="https://www.theguardian.com/technology/2021/apr/12/facebook-fake-engagement-whistleblower-sophie-zhang">waited to act on known problematic content</a> until significant external pressure was built up, including in India. In this context, the cross-check system seems less like a measure designed to protect users who might be exposed to problematic content, and more as a measure for managing public perception of the company.</p>
<p style="text-align: justify;">Thus the Board should investigate both how content gains an audience on the platform, and how it gets moderated. Previous <a href="https://www.theguardian.com/technology/2021/apr/12/facebook-fake-engagement-whistleblower-sophie-zhang">whistleblower disclosures</a> have shown that the mechanics of algorithmically amplified speech, which prioritizes <a href="https://www.technologyreview.com/2021/03/11/1020600/facebook-responsible-ai-misinformation/">engagement and growth over safety</a>, are easily taken advantage of by bad actors to promote their viewpoints through artificially induced virality. The cross-check system and other measures of content moderation at scale would not be needed if it was harder to spread problematic content on the platform in the first place. Instead of focusing only on one specific system, the Board needs to urge Meta to re-evaluate the incentives that drive content sharing on the platform and come up with ways that make the platform safer.</p>
<h2 style="text-align: justify;">Meta’s Obligations under Human Rights Law</h2>
<p style="text-align: justify;"><strong>Recommendation for the Board: </strong>The Board must consider the cross-check system to be violative of Meta’s obligations under the International Covenant of Civil and Political Rights (ICCPR). Additionally, the cross-check ranker must be incorporated with Meta’s commitments towards human rights, as outlined in its Corporate Human Rights Policy.</p>
<p style="text-align: justify;">Explanation: Meta’s content moderation, and by extension, its cross-check system, is bound by both international human rights law as well as the Board’s past decisions. At the outset, The system fails the three-pronged test of legality, legitimacy and necessity and proportionality, as delineated under Article 19(3) of the International Covenant of Civil and Political Rights (ICCPR). Firstly, this system has been “<a href="https://www.wsj.com/articles/facebook-files-xcheck-zuckerberg-elite-rules-11631541353?mod=article_inline">scattered throughout the company, without clear governance or ownership</a>”, which violates the legality principle, since there is no clear guidance on what sort of speech, or which classes of users, would deserve the treatment of this system. Secondly, there is no understanding about the legitimacy of aims with which this system had been set up in the first place, beyond Meta’s own assertions, which have been <a href="https://www.oversightboard.com/news/215139350722703-oversight-board-demands-more-transparency-from-facebook/">countered</a> by evidence to the contrary. Thirdly, the necessity and proportionality of the restriction has to be <a href="https://www.oversightboard.com/decision/FB-691QAMHJ">read along</a> with the <a href="https://www.ohchr.org/en/issues/freedomopinion/articles19-20/pages/index.aspx">Rabat Plan of Action</a>, which requires that for a statement to become a criminal offense, a six-pronged test of threshold is to be applied: a) the social and political context, b) the speaker’s position or status in the society, c) intent to incite the audience against a target group, d) content and form of the speech, e) extent of its dissemination and f) likelihood of harm. As news reports have indicated, Meta has been utilizing the cross-check system to privilege speech from influential users, and in the process, have shielded inflammatory, inciting speech that would have otherwise qualified the Rabat threshold. As such, the third requirement is not fulfilled either.</p>
<p style="text-align: justify;">Additionally, Meta’s own <a href="https://about.fb.com/wp-content/uploads/2021/03/Facebooks-Corporate-Human-Rights-Policy.pdf">Corporate Human Rights Policy</a> commits to respecting human rights in line with the UN Guiding Principles on Business and Human Rights (UNGPs). Therefore, the cross-check ranker must incorporate these existing commitments to human rights, including:</p>
<ul>
<li style="text-align: justify;">The right to freedom of expression:, UN Special Rapporteur on freedom of opinion and expression report <a href="https://ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/38/35">A/HRC/38/35</a> (2018); <a href="https://www.ohchr.org/EN/NewsEvents/Pages/DisplayNews.aspx?NewsID=25729&LangID=E">Joint Statement of international freedom of expression monitors on COVID-19 (March, 2020)</a>.</li></ul>
<p style="text-align: justify;">The Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the regulation of user-generated online content.</p>
<p>The Joint Statement issued regarding Governmental promotion and protection of access to and free flow of information during the pandemic.</p>
<ul>
<li>The right to non-discrimination: International Convention on the Elimination of All Forms of Racial Discrimination (<a href="https://www.ohchr.org/EN/ProfessionalInterest/Pages/CERD.aspx">ICERD</a>), Articles 1 and 4.</li></ul>
<p>Article 1 of the ICERD defines racial discrimination.</p>
<p>Article 4 of the ICERD condemns propaganda and organisations that attempt to justify discrimination or are based on the idea of racial supremacism.</p>
<ul>
<li>Participation in public affairs and the right to vote: ICCPR Article 25.</li>
<li>The right to remedy: General Comment No. 31, Human Rights Committee (2004) (<a href="https://tbinternet.ohchr.org/_layouts/15/treatybodyexternal/Download.aspx?symbolno=CCPR%2fC%2f21%2fRev.1%2fAdd.13&Lang=en">General Comment 31</a>); UNGPs, Principle 22.</li></ul>
<p>The General Comment discusses the nature of the general legal obligation imposed on State Parties to the Covenant.</p>
<p style="text-align: justify;">Guiding Principle 22 states that where business enterprises identify that they have caused or contributed to adverse impacts, they should provide for or cooperate in their remediation through legitimate processes.</p>
<h2>Meta’s obligations to avoid political bias and false positives in its cross-check system</h2>
<p style="text-align: justify;"><strong>Recommendation for the Board: </strong>The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to ensure that it is open about risks to user rights when there is involvement from the State in content moderation. Additionally, the Board must ask Meta to undertake a diversity and human rights audit of its existing policy teams, and commit to regular cultural training for its staff. Finally, the Board must investigate the potential conflicts of interest that arise when Meta’s policy team has any sort of nexus with political parties, and how that might impact content moderation.</p>
<p style="text-align: justify;">Explanation: For the cross-check system to be free from biases, it is important for Meta to come clear to the Board regarding the rationale, standards and processes of the cross check review, and report on the relative error rates of determinations made through cross check compared with ordinary enforcement procedures. It also needs to disclose to the Board in which particular situations it uses the system and in which it does not. Principle 4 under the Foundational Principles of the <a href="https://santaclaraprinciples.org/">Santa Clara Principles on Transparency and Accountability in Content Moderation</a> encourage companies to realize the risk to user rights when there is involvement from the State in processes of content moderation and asks companies to makes users aware that: a) a state actor has requested/participated in an action on their content/account, and b) the company believes that the action was needed as per the relevant law. Users should be allowed access to any rules or policies, formal or informal work relationships that the company holds with state actors in terms of content regulation, the process of flagging accounts/content and state requests to action.</p>
<p style="text-align: justify;">The Board must consider that erroneous lack of action (false positives) might not always be a system's flaw, but a larger, structural issue regarding how policy teams at Meta functions. As previous disclosures have <a href="https://www.wsj.com/articles/facebook-hate-speech-india-politics-muslim-hindu-modi-zuckerberg-11597423346">proven</a>, the contours of what sort of violating content gets to stay up on the platform has been ideologically and politically coloured, as policy executives have prioritized the company’s ‘business interests’ over social harmony. In such light, it is not sufficient to simply propose better transparency and accountability measures for Meta to adopt within its content moderation processes to avoid political bias. Rather, the Board’s recommendations must focus on the structural aspect of the human moderator and policy team that is behind these processes. The Board must ask Meta to a) urgently undertake a diversity and human rights audit of its existing team and its hiring processes, b) commit to regular training to ensure that their policy staffs are culturally literate in the socio-political regions they work in. Further, the Board must seriously investigate the potential <a href="https://time.com/5883993/india-facebook-hate-speech-bjp/">conflicts of interest</a> that happen when regional policy teams of Meta, with nexus to political parties, are also tasked with regulating content from representatives of these parties, and how that impacts the moderation processes at large.</p>
<p style="text-align: justify;">Finally, in case decision <a href="https://www.oversightboard.com/decision/FB-691QAMHJ">2021-001-FB-FBR</a>, the Board made a number of recommendations to Meta which must be implemented in the current situation, including: a) considering the political context while looking at potential risks, b) employment of specialized staff in content moderation while evaluating political speech from influential users, c) familiarity with the political and linguistic context d) absence of any interference and undue influence, e) public explanation regarding the rules Meta uses when imposing sanctions against influential users and f) the sanctions being time-bound.</p>
<h2 style="text-align: justify;">Transparency of the cross-check system</h2>
<p style="text-align: justify;"><strong>Recommendation for the Board: </strong>The Board must urge Meta to adopt and implement the Santa Clara Principles on Transparency and Accountability to increase the transparency of its cross-check system.</p>
<p style="text-align: justify;"><strong>Explanation: </strong>There are ways in which Meta can increase the transparency of not only the cross-check system, but the content moderation process in general. The following recommendations draw from <a href="https://santaclaraprinciples.org/">The Santa Clara Principles</a> and the Board’s own previous decisions:</p>
<p style="text-align: justify;">Considering Principle 2 of the Santa Clara Principles: Understandable Rules and Policies, Meta should ensure that the policies and rules governing moderation of content and user behaviors on Facebook are<strong> clear, easily understandable, and available in the languages</strong> in which the user operates.</p>
<p style="text-align: justify;">Drawing from Principle 5 on Integrity and Explainability and from the Board’s recommendations in case decision <a href="https://www.oversightboard.com/decision/FB-691QAMHJ">2021-001-FB-FBR</a> which advises Meta to“<em>Provide users with accessible information on how many violations, strikes and penalties have been assessed against them, and the consequences that will follow future violations</em>”, Meta should be able to <strong>explain the content moderation decisions to users in all cases</strong>: when under review, when the decision has been made to leave the content up, or take it down. We recommend that Meta keeps a publicly accessible running tally of the number of moderation decisions made on a piece of content till date with their explanations. This would allow third parties (like journalists, activists, researchers and the OSB) to keep Facebook accountable when it does not follow its own policies, as has previously been the case.</p>
<p style="text-align: justify;">In the same case decision, the Board has also previously recommended that Meta “<em>Produce more information to help users understand and evaluate the process and criteria for applying the newsworthiness allowance, including how it applies to influential accounts. The company should also clearly explain the rationale, standards and processes of the cross-check review, and report on the relative error rates of determinations made through cross-checking compared with ordinary enforcement procedures.</em>” Thus, Meta should <strong>publicly explain the cross check system </strong>in detail with examples, and make public the list of attributes that qualify a piece of content for secondary review.</p>
<p style="text-align: justify;">The Operational Principles further provide actionable steps that Meta can take to improve the transparency of their content moderation systems. Drawing from Principle 2: Notice and Principle 3: Appeals, Meta should make a satisfactory <strong>appeals process available </strong>to users - whether they be decisions to leave up or takedown content. The appeals process should be handled by context aware teams. Meta should then <strong>publish the results</strong> of the cross check system and the appeals processes as part of their transparency reports including data like total content actioned, rate of success in appeals and cross check process, decisions overturned and preserved etc, which would also satisfy the first Operational Principle: Numbers.</p>
<h2 style="text-align: justify;">Resources needed to improve the system for users and entities who do not post in English</h2>
<p style="text-align: justify;"><strong>Recommendations for the Board: </strong>The Board must urge Meta to urgently invest in resources to expand Meta’s content moderation services into the local contexts in which the company operates and invest in training data for local languages.</p>
<p style="text-align: justify;"><strong>Explanation: </strong>The cross-check system is not a fundamentally different problem than content moderation. It has been shown time and time again that Meta’s handling of content from non-Western, non-English language contexts is severely lacking. It has been shown how content hosted on the platform has been used to<a href="https://www.theguardian.com/technology/2021/apr/12/facebook-fake-engagement-whistleblower-sophie-zhang"> inflame existing tensions in developing countries</a>, <a href="https://www.wsj.com/articles/facebook-services-are-used-to-spread-religious-hatred-in-india-internal-documents-show-11635016354?mod=article_inline">promote religious hatred in India</a>, <a href="https://www.wsj.com/articles/burn-the-houses-rohingya-survivors-recount-the-day-soldiers-killed-hundreds-1526048545?mod=article_inline">genocide in Mynmar</a>, and continue to support <a href="https://www.wsj.com/articles/facebook-drug-cartels-human-traffickers-response-is-weak-documents-11631812953?mod=article_inline">human traffickers and drug cartels</a> on the platform even when these issues have been identified.</p>
<p style="text-align: justify;">There is an urgent need to invest resources to expand Meta’s content moderation services into the local contexts in which the company operates. The company should make all policies and rule documents available in the languages of its users; invest in creating automated tools that are capable of flagging content that is not posted in English; and add people familiar with the local contexts to provide context aware second level reviews. The Facebook Files show that even according to company engineering, <a href="https://www.wsj.com/articles/facebook-ai-enforce-rules-engineers-doubtful-artificial-intelligence-11634338184?mod=article_inline">automated content moderation</a> is still not very effective in identifying hate speech and other harmful content. Meta should focus on hiring, training and retaining human moderators who have knowledge of local contexts. Bias training of all content moderators, but especially those who will participate in the second level reviews in the cross check system is also extremely important to ensure acceptable decisions.</p>
<p style="text-align: justify;">Additionally, in keeping with Meta’s human rights commitments, the company should develop and publish a policy for responding to human rights violations when they are pointed out by activists, researchers, journalists and employees as a matter of due process. It should not wait for a negative news cycle to stir them into action <a href="https://www.theguardian.com/technology/2021/apr/12/facebook-fake-engagement-whistleblower-sophie-zhang">as it seems to have done in previous cases</a>.</p>
<h2 style="text-align: justify;">Benefits and limitations of automated technologies</h2>
<p style="text-align: justify;">Meta <a href="https://www.theverge.com/2020/11/13/21562596/facebook-ai-moderation%5C">recently changed</a> its moderation practice wherein it uses technology to prioritize content for human reviewers based on their severity index. Facebook <a href="https://transparency.fb.com/policies/improving/prioritizing-content-review/">has not specified</a> the technology it uses to prioritize high-severity content but its research record shows that it <a href="https://ai.facebook.com/blog/the-shift-to-generalized-ai-to-better-identify-violating-content">uses</a> a host of automated <a href="https://ai.facebook.com/tools#frameworks-and-tools">frameworks and tools</a> to detect violating content, including image recognition tools, object detection tools, natural language processing models, speech models and reasoning models. One such model is the <a href="https://ai.facebook.com/blog/community-standards-report/">Whole Post Integrity Embeddings</a> (“WPIE”) which can judge various elements in a given post (caption, comments, OCR, image etc.) to work out the context and the content of the post. Facebook also uses image matching models (SimSearchNet++) that are trained to match variations of an image with a high degree of precision and improved recall; multi-lingual masked language models on cross-lingual understanding such as <a href="https://ai.facebook.com/blog/-xlm-r-state-of-the-art-cross-lingual-understanding-through-self-supervision/">XLM-R</a> that can accurately identify hate-speech and other policy-violating content across a wide range of languages. More recently, Facebook introduced its machine translation model called the <a href="https://analyticsindiamag.com/facebooks-new-machine-translation-model-works-without-help-of-english-data/">M2M-100</a> whose goal is to perform bidirectional translation between 7000 languages.</p>
<p style="text-align: justify;">Despite the advances in this field, there are inherent <a href="https://www.ofcom.org.uk/__data/assets/pdf_file/0028/157249/cambridge-consultants-ai-content-moderation.pdf">limitations</a> of such automated tools. <a href="https://www.theverge.com/2019/2/27/18242724/facebook-moderation-ai-artificial-intelligence-platforms">Experts</a> have repeatedly maintained that AI will get better at understanding context but it will not replace human moderators for the foreseeable future. One such instance where these limitations were <a href="https://www.politico.eu/article/facebook-content-moderation-automation/">exposed</a> was during the COVID-19 pandemic, when Facebook sent its human moderators home - the number of removals flagged as hate speech on its platform more than doubled to 22.5 million in the second quarter of 2020 but the number of successful content appeals was dropped to 12,600 from the 2.3 million figure for the first three months of 2020.</p>
<p style="text-align: justify;"><a href="https://www.wsj.com/articles/facebook-ai-enforce-rules-engineers-doubtful-artificial-intelligence-11634338184?mod=article_inline">The Facebook Files</a> show that Meta’s AI cannot consistently identify first-person shooting videos, racist rants and even the difference between cockfighting and car crashes. Its automated systems are only capable of removing posts that generate just 3% to 5% of the views of hate speech on the platform and 0.6% of all content that violates Meta’s policies against violence and incitement. As such, it is difficult to accept the company’s claim that nearly all of the hate speech it takes down was discovered by AI before it was reported by users.</p>
<p style="text-align: justify;">However, the benefits of such technology cannot be discounted, especially when one considers automated technology as a way of reducing <a href="https://www.theverge.com/2019/2/25/18229714/cognizant-facebook-content-moderator-interviews-trauma-working-conditions-arizona">trauma</a> for human moderators. Using AI for prioritizing content for review can turn out to be effective for human moderators as it can increase their efficiency and reduce harmful effects of content moderation on them. Additionally, it can also limit the exposure of harmful content to internet users. Moreover, AI can also reduce the impact of harmful content on human moderators by allocating content to moderators on the basis of their exposure history. Theoretically, if the company’s claims are to be believed, using automated technology for prioritizing content for review can help to improve the mental health of Facebook’s human moderators.</p>
<hr />
<p>Click to download the file <a class="external-link" href="https://cis-india.org/internet-governance/policy-on-cross-checks">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-policy-on-cross-checks'>http://editors.cis-india.org/internet-governance/blog/submission-to-the-facebook-oversight-board-policy-on-cross-checks</a>
</p>
No publisher[in alphabetical order] Anamika Kundu, Digvijay Singh, Divyansha Sehgal and Torsha SarkarFreedom of Speech and ExpressionInternet FreedomFacebookInternet Governance2022-02-09T05:31:32ZBlog EntryPDP Bill is coming: WhatsApp Privacy Policy analysis
http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis
<b>WhatsApp started off the new year with changes to its privacy policy that has several implications for data protection and the digital governance ecosystem at large. This post is the first in a series by CIS unpacking the various implications of the policy.
</b>
<span id="docs-internal-guid-153739d2-7fff-f133-6a27-53060c29814c">
<p dir="ltr"> </p>
<p dir="ltr">On January 4, 2021, WhatsApp announced a revised privacy policy. The announcement was through an in-app notification. Users were asked to agree to the policy by February 8, else they will lose access to their accounts. The announcement triggered a backlash, globally and in India and it led to <a href="https://economictimes.indiatimes.com/tech/information-tech/messaging-app-signal-faces-global-outage-days-after-adding-millions-of-users/articleshow/80296362.cms">millions of users in India migrating to other messaging platforms. </a>In light of the backlash, WhatsApp had on January 15 announced that it will delay rolling out the new policy to May 15, 2021. </p>
<p dir="ltr"> It is important to note that many users have also commented that the new explicit terms of mandatory data sharing with Facebook and the extent of metadata collection haven’t changed drastically from WhatsApp’s existing operations. In 2016, WhatsApp had revised its privacy policy to enable data sharing with Facebook. Users were provided 30 days to opt out of such data sharing. However, the option to opt out was not provided to users who joined the service after September 25, 2016 or who failed to exercise the opt-out option. The changes in the policy were challenged in the Delhi High Court. The High Court (i) directed WhatsApp to delete the complete information of users who exercised the option to opt out before September 25, 2016; and (ii) with respect to users who did not exercise the opt-out option, WhatsApp was directed to not share the information of users collected until September 25, 2016 with Facebook. The matter is currently pending before the Supreme Court. </p>
<p dir="ltr">The change in people’s reactions to the data processing from 2016 can partly be attributed to the change in the users perception of privacy and personal data protection. Conversations around privacy and data protection and harms arising out of unauthorized data collection are much more prevalent. What has also irked a large number of users is the difference between the privacy policy applicable to the European Region and the policy applicable to the rest of the world; There is a disparity in the two policies regarding the rights of the users in relation to sharing of data with Facebook Companies(Facebook payments inc, Facebook Payments International Limited, Onavo, Facebook technologies LLC, Facebook Technologies Ireland limited, WhatsApp inc. WhatsApp Ireland Limited and Crowdtangle) due to the application of the General Data Protection Regulation. </p>
<p dir="ltr">Currently, Indian users have a fundamental right to privacy and an overarching data protection framework is set to be tabled in the Parliament soon. The Personal Data Protection Bill, 2019, being deliberated by the Joint Parliamentary Committee, is expected to provide comprehensive requirements for authorized collection and management of personal data. The proposed Bill, despite several shortcomings, does offer significantly more protection than the current framework consisting of S. 43A of Information Technology Act, 2000 and the Information Technology (Reasonable Security practices and procedures and sensitive personal data or Information) Rules, 2011. This blogpost will examine the viability of the revised privacy policy of WhatsApp if the proposed bill is enacted in the currently available public version of the Bill. In the subsequent posts we will analyse the effect of the revised privacy policy on the pending litigation. </p>
<h3>
Privacy notice</h3>
<p dir="ltr">Section 7 of the proposed bill puts an obligation on the data fiduciary to provide a privacy notice, i.e. a document containing granular details of the processing of personal data to the data principals. The details must be provided in a manner that is clear, concise and easily comprehensible to a reasonable person. The notice should also be provided in multiple languages where necessary and practicable. The importance of a clear and concise policy has been highlighted in the Justice Srikrishna Report on Data Protection. However, there is no guidance from the Indian authorities on what it constitutes. Guidance from the <a href="https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227">Article 29 working party</a> in the EU suggests that the policy must be presented in a manner that avoids information fatigue. In the digital context, it has been recommended that presenting a policy in a layered format enhances readability. The guidance also suggests that policy should avoid reliance on complex sentences and abstract terms to convey the details of the processing operations. The revised privacy policy of WhatsApp cannot be termed a clear and concise policy. The purely text-based policy, containing around 3800 words, is not presented in a layered format resulting in shockingly low readability for the amount and type of personal data collection the policy is attempting to convey. In addition to improper design and structure, the policy contains vague language providing an average user a hazy understanding of the extent of data processing and can leave room for different interpretations. The earlier version of the policy also uses similar language and structure to convey details regarding the processing and <a href="https://www.irishtimes.com/business/technology/whatsapp-ireland-sets-aside-77-5m-for-possible-data-compliance-fines-1.4412449">doesn’t provide transparent details regarding its data sharing with Facebook</a>. Relying on a similar format as its earlier versions without revising it based on global discussions around the best methods seems to be an opportunity lost to remedy the privacy policy. The structure, form and language of the policy will have to be revised if the Bill is enacted in its current form and the policy will also have to be provided in multiple languages. </p>
<h3>Bundled consent</h3>
<p dir="ltr">According to its policy, WhatsApp relies on the consent of the user for the purpose of providing messaging and communication services, sharing information with third party service providers that help WhatsApp “operate, provide, improve, understand, customize, support, and market” their Services, and sharing information with other Facebook companies for “providing integrations with Facebook Company products” to name a few. It is important to verify if the consent being obtained is valid according to the standard set by the proposed framework.</p>
<p dir="ltr">For consent to be valid under the proposed framework (Section 11(4)) , the provision and quality of services provided should not be linked to consenting to processing of personal data that is not directly necessary for that purpose. In WhatsApp’s case, the primary purpose of processing is to provide messaging and communication services on that particular platform. Neither sharing personal data with third party service providers for better marketing of their services on other platforms nor sharing it with Facebook company of products for better integration of services is incidental to the primary purpose of processing. The bundling of consent results in forcing individuals to either accept processing of personal data for all of the purposes outlined or lose the services altogether resulting in an invalid consent. An explicit opt-in mechanism for all those processing operations that are not compatible with the primary purpose of processing will have to be provided to the Indian users if the Bill is enacted in its current form and consent is being relied on as the lawful ground of processing.</p>
<h3>Data sharing with Facebook</h3>
<p dir="ltr">WhatsApp’s policy on sharing of information with Facebook has garnered a significant amount of attention and has also raised privacy concerns amongst WhatsApp users in non-European countries. This is because the policy applicable to non- European countries now does not provide the user option to opt out from sharing the information if the user wants to continue using and operating WhatsApp. The policy under the heading ‘How we work with other Facebook Companies’ states that “As part of the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>, WhatsApp receives information from, and shares information (see<a href="https://faq.whatsapp.com/general/security-and-privacy/what-information-does-whatsapp-share-with-the-facebook-companies"> here</a>) with, the other<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-company-products"> Facebook Company Products</a>.” The information that may be shared by WhatsApp with Facebook Companies includes; (i) users phone number; (ii) transaction data; (iii) service-related information, (iv) information on how the users interact with others (including businesses); (v) mobile device information; (vi) the user’s IP address; and (vii) and any other data covered by the privacy policy. All this information/data will fall within the ambit of personal data in terms of the current version of the Bill and therefore WhatsApp would have to comply with the obligations put on it under the Bill for it to be able to share personal data with other data fiduciaries including Facebook Companies.</p>
<p dir="ltr">As noted earlier, it is pertinent to note that the privacy policy is not the same globally. As per the privacy policy applicable to Europe, WhatsApp states that any information that it shares with Facebook Companies is to be used on WhatsApp’s behalf and in accordance with its instructions. Any such information cannot be used for the Facebook Companies own purposes. This statement is not reflected in the privacy policy applicable to non European countries. Facebook has in a <a href="https://www.irishtimes.com/business/technology/whatsapp-says-european-users-do-not-have-to-share-data-with-facebook-1.4452435">statement </a>stated that “For the avoidance of any doubt, it is still the case that WhatsApp does not share European region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or advertisements”</p>
<p dir="ltr"><strong id="docs-internal-guid-dbd02a4a-7fff-ed41-bc54-e5cce9a8b5ca"><br /></strong></p>
<h3>Data sharing with other third party service providers</h3>
<p dir="ltr">It is also important to note that sharing of information is not limited to Facebook Companies, but also extends to other third party service providers. However, apart from a vaguely drafted statement stating that WhatsApp works with third party service providers as well as other Facebook Companies to help it to “operate, provide, improve, understand, customize, support, and market our Services”, the privacy policy is silent and does not provide any insight or clear information on (a) the nature of these third party entities; (b) extent of information shared with such third party entities. Further, even though the policy provides a link to the other Facebook Companies (Facebook Payments Inc, Facebook International Limited, Onavo CrowdTangle) that it works with; there is again no clarity as to what are the specific services provided by these companies.</p>
<p dir="ltr">One of the rights provided to a data principal under Section 17 (3) and Section 7 (1)(g) of the current version of the Bill, is the right to be informed and the consent to be obtained from the data principal about the individuals or entities with whom personal data may be shared. The data principal also has the right to be informed about and given access to the categories of personal data shared with the other data fiduciaries. However, the policy as it stands on date is silent about both the details of the third parties service providers as well as the categories of personal data that could be shared with them.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Metadata collection and data minimisation</h3>
<p dir="ltr">The details on usage and log information in the previous version of the policy were rather vague as a result of which the extent of data collection was difficult to ascertain. The revised version indicates that WhatsApp’s metadata collection went further than most of the other popular messaging applications and the data being collected was linked back to the user and device identity. The principle of data minimisation (Section 6 of the proposed framework) limits the collection of personal data to that which is necessary for the purpose of processing. The compelling reasons that justify the metadata collection for the primary purpose of messaging and communication are so far unclear. The metadata collection section is similar in the privacy policy for the EU region and on the face of it doesn’t look GDPR compliant as well. Collection of those categories of personal data that are not necessary for processing of the primary purpose will need to be discontinued if the Bill is enacted in its current form.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Data Principal rights</h3>
<p dir="ltr">The difference between the protection afforded to Indian resident users and European resident users is highlighted in the rights accorded to the data principal under the two privacy policies. The European privacy policy has a section dedicated to how users can exercise their rights and specifies that users have the right to access, rectify, port, and erase their information, as well as the right to restrict and object to certain processing of their information. These rights are a reflection of the protection afforded to data principles under the GDPR. As per the current version of the Bill, the data principal will have the right to (i) confirmation and access (Section 17); (ii) correction and erasure (Section 18); and (iii) data portability (Section 19). If the current version of the Bill is enacted, then WhatsApp will be required to amend its privacy policy regarding its applicability to India and incorporate the rights of data accorded to the data principal .</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Grievance redressal </h3>
<p dir="ltr">The European Region privacy policy specifies the entity within WhatsApp responsible for addressing the complaints of the users and it further also informs the user that they have the right to approach the Irish Data Protection Commission, or any other competent data protection supervisory authority. None of these provisions are specified in the Non-European Region privacy policy. The current version of the PDP Bill places an obligation on the data fiduciary to establish an effective grievance redressal mechanism (Section 32(1)) and to inform the data principal about their right to approach the Data Protection Authority (which is proposed to be established under the PDP Bill) (Section 7(k)). Additional details regarding the same will have to be provided if the Bill is enacted in its current form. </p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Clarifications from WhatsApp </h3>
<p dir="ltr">On January 13, 2021, WhatsApp published a blog stating that the changes to the privacy policy will not affect users who use the platform messaging with friends and family, the changes will only apply to users who use the platform to communicate with business accounts. As per WhatsApp messages to business accounts on WhatsApp can be shared with third-party service providers, which may include Facebook itself. As per the blog, “But whether you communicate with a business by phone, email, or WhatsApp, it can see what you’re saying and may use that information for its own marketing purposes, which may include advertising on Facebook.” It is important to note that we recognise that the content of the messages and the call remains encrypted, however, the concern arises from the collection and use of ‘metadata.’ </p>
<p dir="ltr">WhatsApp’s repeated assurances and clarifications asserting their commitment to data privacy falls short. Their insistence that their chats still use end to end encryption and that only interactions with WhatsApp Business will be shared with Facebook indicates ignorance with regard to the different contours of informational privacy. The expectations of privacy that individuals have over their personal data is linked to the extent of control they have over disclosure of such data. The mandatory metadata collection and lack of opt out clauses for data sharing for marketing purposes results in a mere illusion of control through its façade consent collecting process.</p>
<p dir="ltr"><strong><br /></strong></p>
<p dir="ltr">For the most part, the proposed framework should provide us the same level of protection offered to EU users of WhatsApp regarding some of the key contentions highlighted above. However, additional data principal rights such as the right to object and right to restrict processing will give additional protections to the data principal in case of data processing for marketing purposes. The uproar over the data collection practices of WhatsApp have cemented the immediate need for an effective data protection legislation in the country. The final draft of the Bill with <a href="https://economictimes.indiatimes.com/news/politics-and-nation/parliamentary-panel-examining-personal-data-protection-bill-recommends-89-changes/articleshow/80138488.cms">89 new amendments</a> is expected to be released soon. Considering the renewed apprehensions regarding unwarranted processing of personal data, we can only hope that the amendments have taken into consideration the feedback and comments provided by relevant stakeholders. </p>
<p dir="ltr"><br /><br /></p>
<p dir="ltr">(This post was edited and reviewed by Amber Sinha, Arindrajit Basu and Aman Nair)</p>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis'>http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis</a>
</p>
No publisherPallavi Bedi & Shweta ReddyWhatsAppFacebookPrivacy2021-01-19T08:12:23ZBlog EntryThe Competition Law Case Against Whatsapp’s 2021 Privacy Policy Alteration
http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration
<b>Having examined the privacy implications of Whatsapp's changes to its privacy policy in 2021, this issue brief is the second output in our series examining the effects of those changes. This brief examines the changes in the context of data sharing between Whatsapp and Facebook as being an anticompetitive action in violation of the Indian Competition Act, 2002. </b>
<span id="docs-internal-guid-2e4a5c52-7fff-f416-6970-948314f0b524">
<p style="text-align: justify;" dir="ltr"> </p>
<h3 style="text-align: justify;">Executive Summary</h3>
<p style="text-align: justify;" dir="ltr">On January 4, 2021, Whatsapp announced a revised privacy policy through an in-app notification. It highlighted that the new policy would impact user interactions with business accounts, including those which may be using Facebook's hosting services. The updated policy presented users with the option of either accepting greater data sharing between Whatsapp and Facebook or being unable to use the platform post 15th May, 2021. The updated policy resulted in temporarily slowed growth for Whatsapp and increased growth for other messaging apps like Signal and Telegram. While Whatsapp has chosen to delay the implementation of this policy due to consumer outrage, it is important for us to unpack and understand what this (and similar policies) mean for the digital economy, and its associated competition law concerns. Competition law is one of the sharpest tools available to policy-makers to fairly regulate and constrain the unbridled power of large technology companies.</p>
<p style="text-align: justify;" dir="ltr">While it is evident the Indian competition landscape will benefit from revisiting the existing law and policy framework to reign in Big technology companies, we argue that the change in Whatsapp’s privacy policy in 2021 can be held anti-competitive using legal provisions as they presently stand. Therefore, in this issue brief, we largely limit ourselves to evaluating the legality of Whatsapp’s privacy policy within the confines of the present legal system. </p>
<p style="text-align: justify;" dir="ltr">First, we dive into an articulation of the present abuse of dominance framework in Indian Competition Law. Second, we analyze whether there was abuse of dominance-bearing in mind an economic analysis of Whatsapp’s role in the relevant market by using tests laid out in previous rulings of the CCI</p>
<br />
<p style="text-align: justify;" dir="ltr">The framework for determining abuse of dominance as per The Competition Act is based on three factors:</p>
<p style="text-align: justify;" dir="ltr">1. Determination of relevant market</p>
<p style="text-align: justify;" dir="ltr">2. Determination of dominant position</p>
<p style="text-align: justify;" dir="ltr">3. Abuse of the dominant position</p>
<br />
<p style="text-align: justify;" dir="ltr">In two previous orders in 2016 and 2020, CCI has held that Whatsapp is dominant in its relevant market based on several factors which we explore. These include:</p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Advantage in user base, usage and reach,</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Barriers to entry for other competitors</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Power of acquisition over competitors.</p>
</li></ol>
<br />
<p style="text-align: justify;" dir="ltr">However, in both orders, CCI held that Whatsapp did not abuse its dominance by arguing that the practices in question allowed for user choice. We critique these judgments for not reflecting the market structures and exploitative practices of large technology companies. We also argue that even if we use the test of user choice laid down by the CCI in its previous orders concerning Whatsapp and Facebook, the changes made to the privacy policy in 2021 did abuse dominance,and should be held guilty of violating competition law standards.</p>
<p style="text-align: justify;" dir="ltr">Our analysis revolves around examining the explicit and implicit standards of user choice laid out by the CCI in its 2016 and 2020 judgements as the standard for evaluating fairness in an Abuse of Dominance claim.We demonstrate how the 2021 changes failed to meet these standards. </p>
<p style="text-align: justify;" dir="ltr">Finally, we conclude by noting that the present case offers a crucial opportunity for India to take a giant step forward in its regulation of big tech companies and harmonise its rulings with regulatory developments around the world.</p>
<p style="text-align: justify;" dir="ltr">The full issue brief can be found <a href="https://cis-india.org/internet-governance/whatsapp-privacy-policy-2021-issue-brief-competition-law">here</a></p>
<div> </div>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr"> </p>
<div> </div>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration'>http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration</a>
</p>
No publisherAman Nair and Arindrajit BasuConsumer RightsDigital EconomyData ProtectionFacebookCompetitionWhatsAppCompetition Law2021-03-24T16:12:09ZBlog EntryElection Experiment Proves Facebook Just Doesn't Care About Fake News In India
http://editors.cis-india.org/internet-governance/news/huffington-post-visvak-may-30-2018-election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india
<b>Much-hyped fact-checking initiative identified only 30 bits of fake news in month-long Karnataka campaign. Yup — 30!</b>
<p>The article by Visvak was published in <a class="external-link" href="https://www.huffingtonpost.in/2018/05/30/election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india_a_23446483/">Huffington Post</a> on May 30, 2018. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; ">On April 16, a little less than a month before Karnataka went to the polls, Facebook <a href="https://newsroom.fb.com/news/h/announcing-third-party-fact-checking-in-india/">announced</a> a partnership with Boom Live, an Indian fact-checking website, to fight fake news during the Karnataka assembly polls.</p>
<p style="text-align: justify; ">Five days before the partnership was announced, an embattled Mark Zuckerberg stood before the the US Congress. Under fire for having allowed his platform to be used to manipulate elections, he <a href="https://www.politico.com/story/2018/04/09/transcript-mark-zuckerberg-testimony-to-congress-on-cambridge-analytica-509978">declared</a> that his company would do everything it could to protect the integrity of elections in India and elsewhere.</p>
<p>Facebook's press-release promised as much:</p>
<p class="callout" style="text-align: justify; ">We have learned that once a story is rated as false, we have been able to reduce its distribution by 80%, and thereby improve accuracy of information on Facebook and reduce misinformation.</p>
<p style="text-align: justify; ">Yet, the pilot project in Karnataka suggests Facebook has a long way to go to keep Zuckerberg's promise. In an election cycle <a href="https://www.thequint.com/news/webqoof/fake-news-karnataka-assembly-election-2018-jihadi-murder">widely</a> <a href="https://www.deccanherald.com/state/fake-news-rains-karnataka-goes-polls-669470.html">acknowledged</a> as rife with misinformation, fake polls and surveys, communally coloured rumours, and blatant lies peddled by campaigners, rating stories as "false" proved to be so difficult and time consuming that the Facebook partnership was only able to debunk 30 pieces of misinformation — 25 in the run-up to the polls, and 5 in the immediate aftermath — in the month long campaign.</p>
<p style="text-align: justify; ">The much-ballyhooed partnership added up to a small financial contribution from Facebook that allowed Boom to hire two fact-checkers, one in its offices in Mumbai and one based on the ground in Bengaluru, specifically to track the election. The fact-checkers were also given access to a Facebook dashboard that could be used to discover and counter misinformation on the platform.</p>
<p>Boom did not reveal the sum involved or allow HuffPost India access to the dashboard, citing a non-disclosure agreement. Facebook's representatives declined comment on a detailed questionnaire sent to them.</p>
<h2>A Gushing Sewer of Fake News</h2>
<p style="text-align: justify; ">Globally, Facebook's fact-checking initiative is a little over a year old, but the partnership with Boom marks its advent in India, the company's largest market.</p>
<p style="text-align: justify; ">"It's a late start, a very late start." says Pratik Sinha, co-founder of AltNews, another prominent fact-checking website. "But they're doing something now, which is good."</p>
<p style="text-align: justify; ">Yet Govindraj Ethiraj, Founder-Editor of Boom Live, said the social networking giant's contribution to their fact-checking efforts was of limited utility. "Facebook's involvement didn't really help us," he said. "This was more about us helping them."</p>
<p style="text-align: justify; ">Ethiraj identified Facebook-owned WhatsApp as the primary medium for the propagation of fake news during the Karnataka election. Each of the three major parties in the fray <a href="https://www.thenewsminute.com/article/fighting-fake-news-inside-karnatakas-virtual-campaign-trail-81042">reportedly</a> set up tens of thousands of groups on the platform in an effort to spread their message. Facebook is yet to figure out a way to allow fact-checkers into the platform without breaking the end-to-end encryption which makes it impossible for messages to be tracked.</p>
<p style="text-align: justify; ">But even on Facebook, which lends itself far more easily to tracking and monitoring, the tools that the company has built to track fake news are not particularly effective.</p>
<blockquote class="quoted" style="text-align: justify; ">Facebook allows advertisers to micro-target content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.</blockquote>
<p style="text-align: justify; ">In his office in the aging Sun Mill Compound in Mumbai's Lower Parel, Jency Jacob, Managing Editor of Boom logged into the dashboard and scrolled through the gushing sewer of user-flagged content pouring in from around the world: stories about dinosaur remains and ancient caves, tales of celebrities battling mysterious diseases, and ordinary people undergoing plastic surgeries to look like celebrities, mixed in with news – both real and fake – that users found objectionable. There's one about the rise in fuel prices and there's even a <a href="https://www.huffingtonpost.in/2018/05/21/video-dalit-man-tied-flogged-beaten-to-death-in-gujarat-say-media-reports_a_23439751/">Huffpost India story</a>, about a Dalit being flogged to death in Gujarat. (The HuffPost India story, the editorial board can affirm, is true.)</p>
<p style="text-align: justify; ">"I can't claim that it doesn't affect me," admitted Jacob. "This morning, the first thing I saw after waking up was a video of a woman kicking a 3-year-old baby and slamming her on the ground. We are in the rush of it right now, but I don't think we will enjoy doing this all our lives."</p>
<p style="text-align: justify; ">"A lot of it is dependent on how users are reporting," Jacob continued, explaining that the dashboard tool relies on users to flag potentially "fake" news. "If the users aren't reporting it, it isn't going to come into the queue."</p>
<p>This is a blind spot as Facebook <a href="https://www.nytimes.com/interactive/2018/05/14/technology/facebook-ads-congress.html">allows advertisers to micro-target</a> content at users using specific attributes, and users are unlikely to report content that agrees with their ideological biases.</p>
<h2>Everything But English</h2>
<p style="text-align: justify; ">Facebook's dashboard cannot be used to report non-English content. In India, local language users outnumber English language users and more are coming online every day. The dashboard is also unable to filter stories relevant to a specific location, despite Facebook allowing advertisers to geo-target their advertisements with reasonable accuracy.</p>
<p style="text-align: justify; ">Jacob reckons the tool will get better at dealing with the Indian context over time. "This was always intended to be a pilot project. It will take them time to figure out how to get us more relevant leads," he said.</p>
<p style="text-align: justify; ">With not much help forthcoming from Facebook, Boom relied on its own tried and tested methods of tracking misinformation. Its fact-checkers monitored pages and websites known to be potential sources of fake news, told friends and family to forward anything suspicious they came across, and maintained their own reporting channel - a dedicated WhatsApp helpline for users to direct suspicious looking links.</p>
<p style="text-align: justify; ">These methods threw up about 4-5 actionable leads every day. To fact-check them, Boom deployed a combination of old school journalistic practices, such as getting fact-checkers to call sources, and tech tools like video and image matching software.</p>
<p style="text-align: justify; ">Fact-checking is a painstaking process that involves a great deal of manual effort.</p>
<p class="callout" style="text-align: justify; ">"The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."</p>
<p style="text-align: justify; ">"Essentially, we are saying what we are saying is true, don't believe others," said Sinha. "That's a very arrogant position to take. To say that in a world full of information, there has to be a process where we take the audience from the claim to the truth. Gathering the information required to do that takes a lot of time."</p>
<p style="text-align: justify; ">According to Jacob, it sometimes takes 2-3 people working all day to fact-check a single video. And Boom only has 6 fact-checkers in all, including the two Facebook-funded hires. Given these constraints, they could act on only a fraction of the tip-offs.</p>
<p style="text-align: justify; ">"We were not looking at volume, but at impact," said Jacob, indicating that they focused their attention on misinformation that was going viral. "The way we measure virality is a bit of a crude method. We check whether several of us have received it or not, and whether it is being shared on all three platforms."</p>
<p style="text-align: justify; ">Jacob admits that there were many more stories that they could have tackled, but he says that it was impossible to address them all with the limited resources available to them.</p>
<p style="text-align: justify; ">Sinha reckons that Facebook already has the technology to significantly alleviate the manpower issue. "If you upload a video to Facebook and there's a copyright violation, they pull the video. So they know how to match videos. If they leverage that technology and apply it to fake news, it'll reduce the mundane work we have to do by half," he said.</p>
<p style="text-align: justify; ">While Facebook's contribution to Boom's sourcing and fact-checking processes was minimal, it does seem to have had a significant impact on how fact-checks were disseminated. The Facebook dashboard allows fact-checkers to <a href="https://www.facebook.com/facebookmedia/get-started/fact-checking">tag content with ratings</a> ranging from 'true' to 'false' with a few options in between and also attach their fact-check articles to the content. The platform then attempts to reduce distribution of the content and display the fact-check article to users whenever they encounter it on the news feed or attempt to share it.</p>
<h2 style="text-align: justify; ">Major Victory</h2>
<p style="text-align: justify; ">This system claimed its first major victory within a week of the partnership being announced when several major media outlets including NDTV India, India Today and Republic published a list of purported star campaigners for the Congress party that turned out to be fabricated.</p>
<p style="text-align: justify; ">Boom rated the articles false and linked their <a href="https://www.boomlive.in/news-websites-report-fake-list-of-congress-star-campaigners-for-karnataka-polls/">fact-check</a>. Jacob could not verify if this reduced the articles' distribution by the 80% figure <a href="http://newsroom.fb.com/news/2018/05/hard-questions-false-news/">touted</a> by Facebook, but said there was a clear impact.</p>
<p style="text-align: justify; ">"NDTV India carried the story and we noticed that their traffic dropped after we linked our fact-check to their article," said Jacob. With traffic plummeting and users being shown fake news warnings when interacting with their content, most of the media houses that published the list either issued clarifications or took their articles down.</p>
<p style="text-align: justify; ">After the initial success, Boom quickly ran into the limitations of the ratings system. Fact-checks could only be done on links and not on image, video, or text posts. Facebook eventually granted Boom access to image and video posts, but text posts are still beyond the purview of fact-checkers.</p>
<p style="text-align: justify; ">While that change was likely a simple fix that only required a switch to be flipped, there are other restrictions on the ratings system that are unlikely to be lifted as easily.</p>
<p style="text-align: justify; ">From the beginning of the election cycle, false statements by prominent politicians - including the Prime Minister - were an everyday affair. As is the norm, they were faithfully reported by most media outlets without critique or context. Misinformation masquerading as opinion, wherein a set of legimitate facts are presented out of context to arrive at a blatantly false conclusion, was also a persistent feature during the polls. Such articles add to the whirlwind of campaign misinformation, but are exempted from the rating system.</p>
<p class="callout" style="text-align: justify; ">"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader."</p>
<p>Sinha believes that misinformation that falls into these grey areas cannot be laid at Facebook's door.</p>
<p>But Pranesh Prakash, Fellow at the Centre for Internet and Society, said such restrictions were "extraordinarily stupid."</p>
<p>"As long as the distinction is made that the publication isn't msiquoting and the politician is saying something that is false - and that's easy enough to do - I can't think of a possible justification," he said, regarding false statements made by public figures.</p>
<p style="text-align: justify; ">As for misleading opinion pieces Prakash said, "Most falsehoods are not just statements that present incorrect facts, but that present facts in an incorrect context. It's clearly the context that speaks to how people interpret facts. Fact checkers can't be people who only look at facts as black and white things."</p>
<p>Facebook's suggested method of dealing with such articles is to attach fact-check articles to them while assigning them a 'not eligible' rating. Jacob reckons that this is yet another blind spot.</p>
<p>"Facebook needs to figure out a more aggressive model of showing the explanatory article to the reader. The way it is designed now, with the article showing up below as a related link, not many people will bother to go and click on that."</p>
<h2>The Whatsapp Problem</h2>
<p style="text-align: justify; ">For all its flaws, the fact-checking initiative appears to be making an attempt at solving the problem of misinformation on Facebook's news feed. But the company hasn't even begun to address the 800-pound gorilla that is WhatsApp.</p>
<p style="text-align: justify; ">While Facebook has been castigated for playing fast and loose with privacy on its primary platform, the inherently better privacy features of the fully-encrypted Whatsapp platform have made it lethal when it comes to fake news. The lack of third party access, which has prevented Facebook from monetising WhatsApp chats - thus far - and security agencies from spying on them, has also made Whatsapp messages impossible to fact-check.</p>
<p style="text-align: justify; ">In Karnataka, WhatsApp was the primary vector for the spread of a series of fake polls, some of which were eventually picked up and published by mainstream media outlets. Unlike fake news that emerges on the Facebook and Twitter, it is impossible to trace the source of misinformation on Whatsapp.</p>
<blockquote class="quoted" style="text-align: justify; ">"Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."</blockquote>
<p style="text-align: justify; ">"If Whatsapp had a trending list, our jobs would've been a lot easier," lamented Jacob. "By and large, we have figured out what goes viral on Facebook and Twitter. It might take a day to reach us, but eventually we catch anything that's going viral on these platforms. But Whatsapp is a black box."</p>
<p style="text-align: justify; ">Prakash asserts that while encryption is a barrier, it does not make it impossible to police fake news on WhatApp. "Just as spam can be flagged and people can be barred if they're flagged as spammers, similarly, if people have been flagged as serial promoters of fake news, you can use that to nudge people's behaviour."</p>
<p style="text-align: justify; ">There are indications that WhatsApp is attempting to develop features to tackle fake news. The platform has beta-tested features that would clearly <a href="https://wabetainfo.com/whatsapp-beta-for-android-2-18-67-whats-new/">identify</a>forwarded messages and <a href="https://wabetainfo.com/whatsapp-is-studying-some-methods-to-prevent-spam/">warn</a> users if a message has been forwarded more than 25 times. Jacob said that Facebook was working on a product that would throw up fact-check articles when a user interacts with a fake news URL on WhatsApp. If or when any of these features actually make it to users is a matter of conjecture.</p>
<p style="text-align: justify; ">Prakash said the slow pace of progress on WhatsApp is just a reflection of the company's priorities. "It speaks to how American a company a Facebook is. Whatsapp is the real network for fake news in India, but it gets the least amount of attention."</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/huffington-post-visvak-may-30-2018-election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india'>http://editors.cis-india.org/internet-governance/news/huffington-post-visvak-may-30-2018-election-experiment-proves-facebook-just-doesnt-care-about-fake-news-in-india</a>
</p>
No publisherAdminSocial MediaFacebookInternet Governance2018-05-31T22:56:48ZNews ItemIs This The Beginning Of The End For Facebook?
http://editors.cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook
<b>After two days of congressional hearings that collectively lasted over ten hours, there are many questions about Facebook, its policies and its future that experts are debating.</b>
<p style="text-align: justify; ">The article by Aayush Ailawadi was <a class="external-link" href="https://www.bloombergquint.com/technology/2018/04/15/is-this-the-beginning-of-the-end-for-facebook">published in Bloomberg Quint</a> on April 15, 2018. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Do Facebook’s privacy policies confuse more than they inform? Is the platform a near monopoly that may need to be broken? And how do you ensure that the vast wealth of data that Facebook has is not misused, particularly in elections?</p>
<p style="text-align: justify; ">BloombergQuint has collected views on some of these issues.</p>
<h3 style="text-align: justify; ">Privacy Policy Or Legalese?</h3>
<p style="text-align: justify; ">Since the Cambrdge Analytica <a href="https://www.bloombergquint.com/quicktakes/2018/03/21/understanding-the-facebook-cambridge-analytica-story-quicktake" target="_blank">scandal came to light</a>, Facebook has been receiving a lot of flak for its ambiguous and verbose privacy and data policy. Lawmakers quizzed founder Mark Zuckerberg about how an ordinary user was expected to decipher the terms of the user agreement, something even some of the lawmakers grilling him couldn’t comprehend.</p>
<p style="text-align: justify; ">Jitendra Waral of Bloomberg Intelligence says, “It’s so complicated that nobody reads it. Essentially the data sharing beyond the Facebook ecosystem came into question here. Is it just necessary to have data sharing for the service to work? Is it restricted to you sharing your content with your friends in your network or do the restrictions go beyond that? So basically they have a lot of work to do in terms of transparency, in terms how the data is used and shared.”</p>
<p style="text-align: justify; ">During the conversations, it also came to light that Facebook collects data even on those who don’t use the platform.</p>
<p style="text-align: justify; ">“In general we collect data on people who are not signed up for Facebook for security purposes," Zuckerberg said Wednesday <a href="https://www.bloomberg.com/news/articles/2018-04-11/zuckerberg-says-facebook-collects-internet-data-on-non-users" target="_blank">in a hearing about the social network’s privacy practices in Washington</a>before the House Energy and Commerce Committee.</p>
<p style="text-align: justify; ">While privacy experts and tech geeks have been crying foul for years about the data collection and storage practices adopted by tech behemoths like Facebook, this revelation by the Facebook founder was the first public acknowledgement of the fact.</p>
<h3 style="text-align: justify; ">Is Facebook A Monopoly?</h3>
<p style="text-align: justify; ">It’s not just data concerns that were brought up at the hearings.</p>
<p style="text-align: justify; ">Sen. Lindsey Graham asked Zuckerberg if Facebook enjoys a monopoly on the type of service it provides to its users. He asked, “If I buy a Ford and it doesn’t work well and I don’t like it, I can buy a Chevy, if I’m upset with Facebook, what’s the equivalent product that I can go sign up for?”</p>
<p style="text-align: justify; ">Zuckerberg responded to say that there are other tech companies which operate in the same sphere as Facebook does. He offered statistics of how many Americans use different social apps nowadays, in support of his argument that Facebook does not enjoy a monopoly in the tech world.</p>
<p style="text-align: justify; ">Jeff Hauser, executive director of the Revolving Door Project at the non-partisan Center for Economic and Policy Research says, “ Zuckerberg's answer to who his competitor was kind of comically unsatisfying because there is no competition for Facebook and they do have monopoly power in the United States and in many other countries across the world. ”</p>
<blockquote style="text-align: justify; ">So one idea is to take Facebook and break it into many other parts that it acquired through previous acquisitions. Instagram would be a powerful competitor to Facebook if it was independent of Facebook. WhatsApp would be a powerful competitor to Facebook if it was an independent competitor to Facebook.</blockquote>
<p style="text-align: justify; ">Jeff Hauser, Center for Economic and Policy Research</p>
<h3 style="text-align: justify; ">Time To Regulate The Internet?</h3>
<p style="text-align: justify; ">Another big moment during the testimony was when Zuckerberg conceded that it was only a matter of time before the internet would be regulated.</p>
<blockquote style="text-align: justify; ">He said, “The internet is growing in importance around the world in people’s lives and I think that it is inevitable that there will need to be some regulation.”</blockquote>
<p style="text-align: justify; ">Waral agrees that light touch regulation is the way to prevent a Cambridge Analytica like scandal from occurring again in the future. But, he believes that regulation will only raise costs for a company like Facebook. He explains, “What it does is raise compliance costs through out the ecosystem. So, the impact on Facebook from this is that the company is going to increase expenses due to compliance costs.”</p>
<h3 style="text-align: justify; ">The Big Election(s) Year</h3>
<p style="text-align: justify; ">During his testimony, Zuckerberg did acknowledge that a lot needs to be done to ensure data does not get misused, particularly in elections. Concerns about misuse of user data have emerged in countries like the U.S., but also in India.</p>
<p style="text-align: justify; ">Last month, the Union Minister for Law and Information Technology, Ravi Shankar Prasad warned Zuckerberg that if there was any data theft of Indian users due to Facebook’s data collection practices, he would stop at nothing short of summoning the Facebook founder to India.</p>
<p style="text-align: justify; ">While Pranesh Prakash, policy director at the Centre For Internet and Society, doesn’t believe the government would actually summon Zuckerberg to India, he says, “One new concern that's valid across the world, where there are limitations put on freedom of expression during times of campaigning and elections, how do they translate online? There is no typical answer to this.”</p>
<blockquote style="text-align: justify; ">Most of the speech regulations apply to candidates and apply to media platforms, which are largely mass media platforms. Now, social media platforms where individuals express themselves might not be regulated the same way or currently at least aren’t regulated the same way.</blockquote>
<p style="text-align: justify; ">Pranesh Prakash, Policy Director, Centre For Internet and Society</p>
<p style="text-align: justify; ">Pranesh thinks it is time to re-look at the existing election laws which might not prove to be as useful now as they were some time ago.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/copy3_of_Facebook.png" alt="Facebook" class="image-inline" title="Facebook" /></p>
<p style="text-align: justify; ">Hauser thinks Facebook should help users discern between fakes news and a legitimate source of news.</p>
<blockquote style="text-align: justify; ">In the 2016 elections cycle, for fake news, a lot of bots and trolls liked them and they started appearing in the lot of users’ feeds. So the algorithm of Facebook encouraged manipulation. Facebook needs to address these concerns. I don’t think we can trust Facebook if it doesn’t make hard decisions about its algorithms. Right now, Facebook needs to say this is what the algorithm does.</blockquote>
<p style="text-align: justify; ">Jeff Hauser, Center for Economic and Policy Research</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook'>http://editors.cis-india.org/internet-governance/news/bloomberg-quint-aayush-ailawadi-april-15-2018-is-this-the-beginning-of-the-end-for-facebook</a>
</p>
No publisherAdminSocial MediaFacebookInternet Governance2018-04-17T14:44:23ZNews ItemGovernment gives free publicity worth 40k to Twitter and Facebook
http://editors.cis-india.org/internet-governance/blog/government-giving-free-publicity-worth-40-k-to-twitter-and-facebook
<b>We conducted a 2 week survey of newspapers for links between government advertisement to social media giants. As citizens, we should be worried about the close nexus between the Indian government and digital behemoths such as Facebook, Google and Twitter. It has become apparent to us after a 2 week print media analysis that our Government has been providing free publicity worth Rs 40,000 to these entities. There are multiple issues with this as this article attempts at pointing out.</b>
<p style="text-align: justify;"><img src="http://editors.cis-india.org/home-images/TotalAdvertisementExpenditure.jpg" alt="null" class="image-inline" title="Total Advertisement Expenditure" /></p>
<p style="text-align: justify;">We analyzed 5 English language newspapers daily for 2 weeks from March 12<sup>th</sup> to 26<sup>th</sup>, one week of the newspapers in Lucknow and the second week in Bangalore. Facebook, Twitter, Instagram and Alphabet backed services such as Youtube and Google Plus were part of our survey. Of a total of 33 advertisements (14 in Lucknow+19 in Bangalore), Twitter stands out as the most prominent advertising platform used by government agencies with 30 ads but Facebook at 29 was more expensive. In order to ascertain the rates of publicity, current advertisement rates for Times of India as our purpose was to solely give a rough estimation of how much the government is spending.</p>
<p style="text-align: justify;">Advertising of this nature is not merely an inherent problem of favoring some social media companies over others but also symptomatic of a bigger problem, the lack of our native e-governance mechanisms which cause the Government to rely and promote others. Where we do have guidelines they are not being followed. By outsourcing their e-governance platforms to Twitter such as TwitterSeva, a feature created by the Twitter India team to help citizens connect better with government services, there is less of an impetus to construct better <a class="external-link" href="https://factordaily.com/twitter-helping-india-reboot-public-services-publicly/">websites of their own</a>.</p>
<p style="text-align: justify;">If this is so because we currently do not have the capacity to build them ourselves then it is imperative that this changes. We should either be executing government functions on digital infrastructure owned by them or on open and interoperable systems. If anything, the surveyed social media platforms can be used to enhance pre-existing facilities. However, currently the converse is true with these platforms overshadowing the presence of e-governance websites. Officials have started responding to complaints on Twitter, diluting the significance of such complaint mechanisms on their respective department’s portal. Often enough such features are not available on the relevant government website. This sets a dangerous precedent for a citizen management system as the records of such interactions are then in the hands of these companies who may not exist in the future. As a result, they can control the access to such records or worse tamper with them. Posterity and reliability of such data can be ensured only if they are stored within the Government’s reach or if they are open and public with a first copy stored on Government records which ensures transparency as well. Data portability is an important facet to this issue as well as being a right consumers should possess. It provides for support of many devices, transition to alternative technologies and lastly, makes sure that all the data like other public records will be available upon request through the Right to Information procedure. The last is vital to uphold the spirit of transparency envisioned through the RTI process since interactions of government with citizens are then under its ambit and available for disclosure for whomsoever concerned.</p>
<p style="text-align: justify;">Secondly, such practices by the Government are enhancing the monopoly of the companies in the market effectively discouraging competition and eventually, innovation. While a certain elite strata of the population might opt for Twitter or Facebook as their mode of conveying grievance, this may not hold true for the rest of the online India population.</p>
<p style="text-align: justify;">Picking players in a free market is in violation of technology and vendor neutrality, a practice essential in e-governance to provide a level playing field for all and competing technologies. Projecting only a few platforms as de facto mediums of communication with the government inhibits the freedom of choice of citizens to air their grievances through a vendor or technology they are comfortable with. At the same time it makes the Government a mouthpiece for such companies who are gaining free publicity and consolidating their popularity. Government apps such as the SwachBharat one which is an e-governance platform do not offer much more in terms of functionality but either reflect the website or are a less mature version of the same. This leads to the problem of fracturing with many avenues of complaining such as the website, app, Twitter etc. Consequently, the priority of the people dealing with the complaints in terms of platform of response is unsure. Will I be responded to sooner if I tweet a complaint as opposed to putting it up on the app? Having an interoperable system can solve this where the Government can have a dashboard of their various complaints and responses are then made out evenly. Twitter itself could implement this by having complaints from Facebook for example and then the Twitter Seva would be an equal platform as opposed to the current issue where only they are favored.</p>
<p style="text-align: justify;">Recent events have illustrated how detrimental the storage of data by these giants can be in terms of privacy. Data security concerns are also a consequence of such leaks. Not only is this a long overdue call for a better data protection law but at the same time also for the Government to realize that these platforms cannot be trusted. The hiring of Cambridge Analytica to influence voters in the US elections, based on their Facebook profiles and ancillary data, effectively put the governance of the country on sale by exploiting these privacy and security issues. By basing e-governance on their backbone, India is not far from inviting trouble as well. It is unnecessary and dangerous to have a go-between for matters that pertain between an individual and state.</p>
<p style="text-align: justify;">As this article was being written, it was confirmed by the Election Commission that they are partnering with Facebook for the Karnataka Assemby Elections to promote activities such as encourage enrollment of Voter ID and voter participation. Initiatives like these tying the government even closer to these companies are of concern and cementing the latter’s stronghold.</p>
<p style="text-align: justify;"><em>Note: Our survey data and results are attached to this post. All research was collected by Shradha Nigam, a Vth year student at NLSIU, Bangalore.</em></p>
<hr />
<h3 style="text-align: justify;">Survey Data and Results</h3>
<p style="text-align: justify;">This report is based on a survey of government advertisements in English language newspapers in relation to their use of social media platforms and dedicated websites (“<strong>Survey</strong>”). For the purpose of this report, the ambit of the social media platforms has been limited to the use of Facebook, Twitter, YouTube, Google Plus and Instagram. The report was prepared by Shradha Nigam, a student from National Law School of India University, Bangalore. <a class="external-link" href="http://cis-india.org/internet-governance/files/cis-report-on-social-media">Read the full report here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/government-giving-free-publicity-worth-40-k-to-twitter-and-facebook'>http://editors.cis-india.org/internet-governance/blog/government-giving-free-publicity-worth-40-k-to-twitter-and-facebook</a>
</p>
No publisherAkriti BopannaGoogleInstagramPrivacyTwitterYouTubeInternet GovernanceFeaturedGoogle PlusFacebookHomepage2018-04-27T09:52:26ZBlog EntryDigital Native: Delete Facebook?
http://editors.cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook
<b>You can check out any time you like, but you can never leave.</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://indianexpress.com/article/technology/social/digital-native-delete-facebook-5127198/">published in Indian Express</a> on April 8, 2018.</p>
<hr />
<p style="text-align: justify; "><span>One fine day, we all woke up and were told that </span><a href="http://indianexpress.com/about/facebook/">Facebook</a><span> sold our data to Cambridge Analytica and then they made dastardly profiles of us to target us with advertisement and political propaganda, so, we made a beeline for #DeleteFacebook. The most surprising part about the expose is how much of a non-event it is. We have been warned, at least since the Edward Snowden revelations, if not earlier, that our data is the new oil, coal and gold. It is being used as a resource, it is being mined from our everyday digital transactions, and it is precious because it can result in a massive social engineering without our consent or knowledge. Ever since Facebook started expanding its domain from being a friends-poke-friends-with-livestock website, we have been warned that the ambition of Facebook was never to connect you with your friends but to be your friend.</span></p>
<p style="text-align: justify; "><span><span>Time and again, we have been told that the sapient Facebook algorithm remembers everything you say and do, anticipates all your future needs, and listens to the most banal litany of your life. More than your mom, your partner or your shrink, it’s the Facebook algorithm which is interested in all your quotidian uselessness. It is not the stranger who accesses your post that should worry you. The biggest perpetrator of privacy violations on Facebook is Facebook itself. There is good reason why a company that offers its prime products for free is valuated as one of the richest corporations in the world. The product of Facebook – it has always been known – is us.</span></span></p>
<p style="text-align: justify; "><span><span><span>Why, then, are we suddenly taken aback at the fact that Facebook sold us? And while we are sharing our thoughts (ironically on Facebook) about deleting our profiles, the question that remains is this: How much of your digital life are you willing to erase? Because, and I am sorry if this pricks your filter bubble, Facebook’s problem is not really a Facebook problem. It is almost the entire World Wide Web, where we lost the battle for data ownership and platform openness more than two decades ago. Name one privately owned free service that you use on the internet and I will show you the section in its “terms and services” where you have surrendered your data. In fact, you can’t even find government services, tied up with their private partners, where your data is safe and stored in privacy vaults where it won’t be abused.</span></span></span></p>
<p style="text-align: justify; "><span><span><span><span>It is time to realise that the popular ’90s meme “All your base are belong to us” is the lived reality of our digital lives. As we forego ownership for convenience, as our governments sold our sovereignty for profits, and as digital corporations became behemoths that now have the capacity to challenge and write our constitutional and fundamental rights, we are waking up to a battle that has already been fought and resolved. A large part of our physical hardware to access the internet is privately owned. This means that almost all our PCs, tablets, phones, servers are owned and open to exploitation by private companies. Every time your phone does an automatic update or your PC goes into house-cleaning mode, you have to realise that you are being stored, somewhere in the cloud in ways that you cannot imagine.</span></span></span></span></p>
<p style="text-align: justify; "><span><span><span><span><span>It is tiring to hear this alarm and panic around Facebook’s data trading. Not only is it legal, it is something that has been happening for a while, most of us have been aware of it, and we have resolutely ignored it because, you know, cute cats. If somebody tells you that they are against privately owned physical property and are going to start a revolution to take away all private property and make it equally shared with the public, you would laugh at them because they are arriving at the battle scene after the war is over. This digital wokeness trend to #DeleteFacebook is the digital equivalent of that moment. If you want to fight, fight the governments and nations who can still protect us. Participate in conversations around Internet governance. Take responsibility to educate yourself about the politics of how the digital world operates. But stop trying to feel virtuous because you pulled out of a social media network, pretending that that is the end of the problem.</span></span></span></span></span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook'>http://editors.cis-india.org/raw/indian-express-nishant-shah-april-8-2018-digital-native-delete-facebook</a>
</p>
No publishernishantSocial MediaPrivacyInternet GovernanceFacebookResearchers at Work2018-05-06T03:08:25ZBlog EntryIt Took Just 355 Indians to Mine the Data of 5.6 Lakh Facebook Users. Here's How
http://editors.cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk
<b>Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. Often, it is seen that those who open an account are not aware of the privacy concerns.</b>
<p style="text-align: justify; ">The blog post by Subhajit Sengupta was published in <a class="external-link" href="https://www.news18.com/news/india/how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk-1710845.html">CNN-News 18</a> on April 7, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">Over 5.6 lakh Indian Facebook profiles have allegedly been compromised and their data leaked to the controversial data analytics firm Cambridge Analytica. As per the company, only 335 people in India installed the App yet they managed to penetrate over half a million profiles. <br /><br />So, how does this work?<br /><br />Once a user downloaded the quiz app called “thisisyourdigitallife”, Global Science Research Limited got access to the entire treasure trove of data. There are two mechanisms which are used for this.<br /><br />First, the Application Program Interface (API) of Facebook called ‘Social Graph’ allows any app to harvest the entire contact list and everything else that could be seen on a users’ friend’s profile. This would take place even for private profiles, says Sunil Abraham, Executive Director of Bangalore based research organization ‘Centre for Internet and Society’.<br /><br />The second way is when users have a public profile. The algorithm seeks out public profiles from the friend list and would go on multiplying from one public profile to another without any of the users even coming to know what is happening. This is like the ‘True Caller’ application, for it to get your number, you don’t need to download the software. If anyone has the app and your number, then it gets automatically logged there.<br /><br />Facebook says "Cambridge Analytica’s acquisition of Facebook data through the app developed by Dr Aleksandr Kogan and his company Global Science Research Limited (GSR) happened without our authorisation and was an explicit violation of our Platform policies." <br /><br />GSR continued to access this data from all the Facebook profiles throughout the entire lifespan of the app on the Facebook platform, which was roughly two years between 2013 and 2015. This means, even if a user is careful enough to not download the application but his/her profile’s privacy settings are weak, the algorithm would infiltrate the data bank.<br /><br />Amit Dubey, a Cyber Security Expert goes into the details of what the app did, “The app called 'thisisyourdigitallife', which was created for research work by Aleksandr Kogan, was eventually used for psychometric profiling of users and then manipulating their political biases. The app was offered to users on the pretext to take a personality test and it agreed to have their data collected for academic use only. But the app has exploited a security vulnerability of Facebook application.”<br /><br />Facebook “platform policy” allowed only collection of friends’ data to improve user experience in the app and barred it from being sold or used for advertising. <br /><br />But this kind of data scrapping is not just limited to Cambridge Analytica. The Social Media Algorithm is often abused in the world of data scavenging and analytics. Even law enforcement agencies have often used similar means to locate possible miscreants. <br /><br />According to Shesh Sarangdhar, Chief Executive Officer in Seclabs & Systems Pvt Ltd, similar data scrapping helped them unearth the terror module behind one of the attacks at an airbase last year. Shesh said that through Social Media Algorithm they would often narrow down on unknown terror modules. What his team did was to connect to the profile the whereabouts of multiple known nods converging. That is how the mastermind was located.<br /><br />Data privacy in India is still a nascent subject. Experts say cheap data has led to unprecedented Facebook penetration. <br /><br />Often, it is seen that those who open an account are not aware of the privacy concerns. But as Sunil Abraham puts it, Caveat emptor or ‘Let the Buyers Beware’ does not even apply here. It is not possible for anyone to go through the entire privacy policy. <br /><br />“So it is not even right to ask if the consumer can protect his/her own interest. Thus, the state should proactively regulate the industry,” said Abraham.<br /><br />Facebook has brought in a number of changes to its privacy settings. It now allows you to remove third-party apps in bulk. This welcome change has come after sustained pressure on the tech giant from users and a number of regulatory bodies across the world.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk'>http://editors.cis-india.org/internet-governance/news/news-18-subhajit-sengupta-how-just-355-indians-put-data-of-5-6-lakh-facebook-users-at-risk</a>
</p>
No publisherAdminFacebookInternet GovernancePrivacy2018-04-07T15:33:46ZNews ItemAfter data leak row, Facebook imposes restrictions on user data access
http://editors.cis-india.org/internet-governance/news/business-standard-romita-majumdar-and-kiran-rathee-after-data-leak-row-facebook-imposes-restrictions-on-user-data-access
<b>MEIT issues notice to Facebook even as experts debate absolute impact on the second largest developer community.</b>
<p style="text-align: justify; ">The article by Romita Majumdar and Kiran Rathee was published in <a class="external-link" href="http://www.business-standard.com/article/current-affairs/after-data-leak-row-facebook-imposes-restrictions-on-user-data-access-118040500950_1.html">Business Standard</a> on April 6, 2018.</p>
<hr />
<p style="text-align: justify; ">Social media giant <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>has finally reacted to the global storm around its data privacy policies by bringing in a new set of restrictions on developers and data aggregators using the platform for data harvesting.</p>
<p style="text-align: justify; ">“Two weeks ago we promised to take a hard look at the information apps can use when you connect them to <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>as well as other data practices. We will remove a developer’s ability to request data people shared with them if it appears they have not used the app in the last 3 months,” said <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>Chief Technology Officer <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=mark+schroepfer" target="_blank">Mark Schroepfer </a>in a blog.</p>
<p style="text-align: justify; "><iframe frameborder="0" height="1" marginheight="0" marginwidth="0" scrolling="no" title="3rd party ad content" width="1"></iframe><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a><span>has also disabled the feature to search a user by their email address or phone number which has been abused by malicious actors and reduced the overall control that the app will have on user data.</span></p>
<p style="text-align: justify; "><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>has also submitted its response to the Indian government saying over 500,000 people in India have been potentially affected by the data breach involving <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=cambridge+analytica" target="_blank">Cambridge Analytica.</a> The government sources said as the social networking firm has now accepted that Indians’ data was compromised; it makes the issue much more important and serious. “We will wait for Cambridge Analytica’s reply and then, we will take our stand,” sources in <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=electronics" target="_blank">Electronics </a>and IT Ministry said.</p>
<p style="text-align: justify; ">The Ministry had issued notices to both <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>and Cambridge Analytica, seeking their responses regarding the data breach of Indians and if it was used to influence elections.</p>
<p style="text-align: justify; ">The new set of restrictions clamp down on how much data app developers access on the platform and also prevent third part data providers from offering targeted marketing services on <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook.</a></p>
<p style="text-align: justify; ">"India is the second largest <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>developer base and the restriction on users' data access is going to impact all of them. There will be more scrutiny in <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>apps, leading to slower approvals. Virality will reduce as explicit consent will be required for accessing friends' data and contacts list, “ said Vivek Prakash, CTO and Co-Founder, HackerEarth.</p>
<p style="text-align: justify; ">He added that there could be tighter terms of service making developers also liable for unauthorized processing of data that they collect from the apps.</p>
<p style="text-align: justify; ">Executive Director of Center for Internet and Society Sunil Abraham says that while <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>says “apps need to agree to strict requirements” and “tightening our review process” it is still not clear what these requirements are. “Instead of the promised link to whether user data was accessed by Cambridge Analytica, it would make sense for them to say <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=facebook" target="_blank">Facebook </a>holds W number of records across X databases over the time period Y, which totals Z Gb while explaining what these variables stand for,” he said.</p>
<p style="text-align: justify; ">Consumer data marketing company Hansa Cequity believes that digital marketing arms of most companies will finally have to consider building their own user database given the strict clampdown on third party data.“Businesses can no more use data from third party aggregators for targeted advertising. Consumer goods and entertainment related brands are likely to face some impact because they depend on access to such data,” said S Swaminathan, Co-Founder and CEO, Hansa Cequity.</p>
<p style="text-align: justify; ">Some experts also believe that this move might force platforms like Twitter, <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=google" target="_blank">Google </a>and <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=youtube" target="_blank">YouTube </a>to rethink their policies on how much access they give advertisers and data aggregators to user data. Abraham also added that app developers and their investors have to evaluate business models that depend more on value to user rather than the amount of personal data harvested. The data that has already been harvested by the likes of <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=cambridge+analytica" target="_blank">Cambridge Analytica </a>and other unknown parties, however, is beyond user control forever.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-romita-majumdar-and-kiran-rathee-after-data-leak-row-facebook-imposes-restrictions-on-user-data-access'>http://editors.cis-india.org/internet-governance/news/business-standard-romita-majumdar-and-kiran-rathee-after-data-leak-row-facebook-imposes-restrictions-on-user-data-access</a>
</p>
No publisherAdminFacebookInternet GovernancePrivacy2018-04-07T15:30:31ZNews ItemCambridge Analytica scandal: How India can save democracy from Facebook
http://editors.cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook
<b>Hegemonic incumbents like Google and Facebook need to be tackled with regulation; govt should use procurement power to fund open source alternatives.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.business-standard.com/article/economy-policy/cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook-118032800146_1.html">Business Standard</a> on March 28, 2018</p>
<hr />
<p style="text-align: justify; "><strong><em>The Cambridge Analytica scandal came to light when <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=whistleblower" target="_blank">whistleblower </a>Wylie accused Cambridge Analytica of gathering details of 50 million Facebook users. Cambridge Analytica used this data to psychologically profile these users and manipulated their opinion in favour of Donald Trump. BJP and Congress have accused each other of using the services of Cambridge Analytica in India as well. How can India safeguard the democratic process against such intervention? The author tries to answer this question in this Business Standard Special.</em></strong></p>
<p style="text-align: justify; "><strong><em></em></strong>Those that celebrate the big data/artificial intelligence moment claim that traditional approaches to data protection are no longer relevant and therefore must be abandoned. The Cambridge Analytica episode, if anything, demonstrates how wrong they are. The principles of data protection need to be reinvented and weaponized, not discarded. In this article I shall discuss the reinvention of three such data protection principles. Apart from this I shall also briefly explore competition law solutions.</p>
<p style="text-align: justify; "><strong><em>Collect data only if mandated by regulation</em></strong></p>
<p style="text-align: justify; "><strong><em></em></strong>One, data minimization is the principle that requires the data controller to collect data only if mandated to do so by regulation or because it is a prerequisite for providing a functionality. For example, Facebook’s messenger app on Android harvests call records and meta-data, without any consumer facing feature on the app that justifies such collection. Therefore, this is a clear violation of the data minimization principle. One of the ways to reinvent this principle is by borrowing from the best practices around warnings and labels on packaging introduced by the global anti-tobacco campaign. A permanent bar could be required in all apps, stating ‘Facebook holds W number of records across X databases over the time period Y, which totals Z Gb’. Each of these alphabets could be a hyperlink, allowing the user to easily drill down to the individual data record.</p>
<p style="text-align: justify; "><em><strong>Consent must be explicit, informed and voluntary</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>Two, the principle of consent requires that the data controller secure explicit, informed and voluntary consent from the data subject unless there are exceptional circumstances. Unfortunately, consent has been reduced to a mockery today through obfuscation by lawyers in verbose “privacy notices” and “terms of services”. To reinvent consent we need to bring ‘Do Not Dial’ registries into the era of big data. A website maintained by the future Indian data protection regulator could allow individuals to check against their unique identifiers (email, phone number, Aadhaar). The website would provide a list of all data controllers that are holding personal information against a particular unique identifier. The data subject should then be able to revoke consent with one-click. Once consent is revoked, the data controller would have to delete all personal information that they hold, unless retention of such information is required under law (for example, in banking law). One-click revocation of consent will make data controllers like Facebook treat data subjects with greater respect.</p>
<p style="text-align: justify; "><em><strong>There must be a right to </strong></em><em><strong>explanation</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>Three, the right to explanation, most commonly associated with the General Data Protection Directive from the EU, is a principle that requires the data controller to make transparent the automated decision-making process when personal information is implicated. So far it has been seen as a reactive measure for user empowerment. In other words, the explanation is provided only when there is a demand for it.</p>
<p style="text-align: justify; ">The Facebook feeds that were used for manipulation through micro-targeting of content is an example of such automated decision making. Regulation in India should require a user empowerment panel accessible through a prominent icon that appears repeatedly in the feed. On clicking the icon the user will be able to modify the objectives that the algorithm is maximizing for. She can then choose to see content that targets a bisexual rather than a heterosexual, a Muslim rather than a Hindu, a conservative rather a liberal, etc. At the moment, Facebook only allows the user to stop being targeted for advertisements based on certain categories. However, to be less susceptible to psychological manipulation, the user should be allowed to define these categories, for both content and advertisements.</p>
<p style="text-align: justify; "><em><strong>How to fix the business model?</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>From a competition perspective, Google and Facebook have destroyed the business model for real news, and replaced it with a business model for fake news, by monopolizing digital advertising revenues. Their algorithms are designed to maximize the amount of time that users spend on their platforms, and therefore, don’t have any incentive to distinguish between truth and falsehood. This contemporary crisis requires three types of interventions: one, appropriate taxation and transparency to the public, so that the revenue streams for fake news factories can be ended; two, the construction of a common infrastructure that can be shared by all traditional and new media companies in order to recapture digital advertising revenues; and three, immediate action by the competition regulator to protect competition between advertising networks operating in India.</p>
<p style="text-align: justify; "><em><strong>The Google challenge</strong></em></p>
<p style="text-align: justify; "><em><strong></strong></em>With Google, the situation is even worse, since Google has dominance in both the ad network market and in the operating system market. During the birth of competition law, policy-makers and decision-makers acted to protect competition per se. This is because they saw competition as an essential component of democracy, open society, innovation, and a functioning market. When the economists from the Chicago school began to influence competition policy in the USA, they advocated for a singular focus on the maximization of consumer interest. The adoption of this ideology has resulted in competition regulators standing powerlessly by while internet giants wreck our economy and polity. We need to return to the foundational principles of competition law, which might even mean breaking Google into two companies. The operating system should be divorced from other services and products to prevent them from taking advantage of vertical integration. We as a nation need to start discussing the possible end stages of such a breakup.</p>
<p style="text-align: justify; ">In conclusion, all the fixes that have been listed above require either the enactment of a data protection law, or the amendment of our existing competition law. This, as we all know, can take many years. However, there is an opportunity for the government to act immediately if it wishes to. By utilizing procurement power, the central and state governments of India could support free and open source software alternatives to Google’s products especially in the education sector. The government could also stop using Facebook, Google and Twitter for e-governance, and thereby stop providing free advertising for these companies for print and broadcast media. This will make it easier for emerging firms to dislodge hegemonic incumbents.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook'>http://editors.cis-india.org/internet-governance/blog/business-standard-march-28-2018-sunil-abraham-cambridge-analytica-scandal-how-india-can-save-democracy-from-facebook</a>
</p>
No publishersunilSocial MediaFacebookInternet GovernancePrivacy2018-03-28T15:44:00ZBlog EntryISIS and Recruitment using Social Media – Roundtable Report
http://editors.cis-india.org/internet-governance/blog/isis-and-recruitment-using-social-media-2013-roundtable-report
<b>The Centre for Internet and Society in collaboration with the Takshashila Institution held a roundtable discussion on “ISIS and Recruitment using Social Media” on 1 September 2016 from 5.00 p.m. to 7.30 p.m. at TERI in Bengaluru.
</b>
<p><span id="docs-internal-guid-e5578586-03c4-7aff-539c-952cd4e34bcf"> </span></p>
<p dir="ltr" style="text-align: justify; ">The objective of this roundtable was to explore the recruitment process and methods followed by ISIS on social media platforms like Facebook and Twitter and to understand the difficulties faced by law enforcement agencies and platforms in countering the problem while understanding existing counter measures, with a focus on the Indian experience.</p>
<h3 dir="ltr" style="text-align: justify; ">Reviewing Existing Literature</h3>
<p dir="ltr" style="text-align: justify; ">To provide context to the discussion, a few key pieces of existing literature on online extremism were highlighted. Discussing Charlie Winter’s “Documenting the Virtual Caliphate”, a participant outlined the multiple stages of the radicalisation process that begins with a person being exposed to general ISIS releases, entering an online filter bubble of like minded people, initial contact, followed by persuasion by the contact person to isolate the potential recruit from his/her family and friends. This culminates with the assignment of an ISIS task to such person. The takeaway from the paper, was the colossal scale of information and events put out by ISIS on the social media. It was pointed out that contrary to popular belief, ISIS publishes content under six broad themes: mercy, belonging, brutality, victimhood, war and utopia, least of which falls under the category of brutality which in fact garners the most attention worldwide. It was further elaborated that ISIS employs positive imagery in the form of nature and landscapes, and appeals to the civilian life within its borders. This strategy is that of prioritising quantity, quality, adaptability and differentiation while producing media. This strategy of producing media that is precise, adaptable and effective, according to the author, must be emulated by Governments in their counter measures, although there is no universal counter narrative that is effective. This effort, he stressed cannot be exclusively state-driven.</p>
<p dir="ltr" style="text-align: justify; ">JM Berger’s “Making Countering Violent Extremism Work” was also discussed. Here, a slightly different model of radicalisation has been identified with potential recruits going through 4 stages: the first being that of Curiosity where there is exposure to violent extremist ideology, the second stage is Consideration where the potential recruit evaluates the ideology, the third being Identification where the individual begins to self identify with extremist ideology, and the last being that of Self-Critique which is revisited periodically. According to Berger, law enforcement need only be involved in the third stage identified in this taxonomy, through situational awareness programs and investigations. This paper stated that counter-messaging policies need not mimic the ISIS pattern of slick messaging. A data-driven study had found that suspending and suppressing the reach of violent extremist accounts and individuals on online platform was effective in reducing the reach of these ideologies, though not universally so. It also found that generic counter strategies used in the US was more efficient than targeted strategies followed in Europe.</p>
<h3 dir="ltr" style="text-align: justify; ">Lack of Co-ordination, Fragmentation between the States and Centre</h3>
<p dir="ltr" style="text-align: justify; ">Speaking of the Indian scenario in particular, another participant brought to light the lack of co-ordination and consensus between the State and Central Governments and law enforcement agencies with respect to countering violent extremism with leads to a breakage in the chain of action. Another participant added that the underestimation of the problem at the state level coupled with the theoretical and abstract nature of work done at the Centre is another pitfall. While the fragmentation of agencies was stated to be ineffective, bringing them under the purview of a single agency was also proposed as an ineffective measure. It was instead suggested that a neutral policy body, and not an implementing body, should coordinate the efforts of the multiple groups involved.</p>
<h3 dir="ltr" style="text-align: justify; ">Unreliable Intelligence Infrastructure</h3>
<p dir="ltr" style="text-align: justify; ">It was pointed out that countries are presently underequipped due to the lack of intelligence infrastructure and technical expertise. This was primarily because agencies in India tend to use off-the shelf hardware and software produced by foreign companies, and such heavy dependence on unreliable parts will necessarily be detrimental to building reliable security infrastructure. Emphasis was laid on the significance of collaboration and open-source intelligence in countering online radicalisation. An appeal was made to inculcate a higher IT proficiency, indigenous production of resources, funding, collaboration, integration of lower level agencies and more research to be produced in this regard.</p>
<h3 dir="ltr" style="text-align: justify; ">Proactive Counter Narratives</h3>
<p dir="ltr" style="text-align: justify; ">The importance of proactive counter-narratives to extremist content was stressed on, with the possibility of generating inputs from government agencies and private bodies backing the government being discussed. Another solution identified was the creation and internal circulation of a clear strategy to counter the ISIS narrative and the public dissemination of research on online radicalization in the Indian context.</p>
<h3 dir="ltr" style="text-align: justify; ">Policies of Social Media Platforms</h3>
<p dir="ltr" style="text-align: justify; ">The conversation moved towards understanding policies of social media. One participant shed light on a popular platform’s strategies against extremism, wherein it was pointed out that the site’s tolerance policy extends not only to directly extremist content but also content created by people who support violent extremism .The involvement of the platform with several countries and platforms in order to create anti-extremist messaging and its intention to expand these initiatives was in furtherance of its philosophy to prevent any celebration of violence. The participant further explained that research shows that anti-extremist content that made use of humour and a lighter tone was more effective than media which relied on gravitas.</p>
<p dir="ltr" style="text-align: justify; ">Having identified the existing literature and current challenges, the roundtable concluded with suggestions for further areas of research:</p>
<ol>
<li style="text-align: justify; ">Understanding the use of encrypted messaging services like Whatsapp and Telegram for extremism, and an analysis of these platforms in the Indian context. A deeper understanding of these services is essential to gauge the dimensions of the problem and identify counter measures.</li>
<li style="text-align: justify; ">A lexical analysis of Indian social media accounts to identify ISIS supporters and group them into meta-communities, similar to research done by the RAND Corporation</li>
<li style="text-align: justify; ">Collation of ISIS media packages was also flagged off as an important measure in order to have a dossier to present to the government. This would help policymakers gain context around the issue, and also help them understand the scale of the problem.</li>
</ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/isis-and-recruitment-using-social-media-2013-roundtable-report'>http://editors.cis-india.org/internet-governance/blog/isis-and-recruitment-using-social-media-2013-roundtable-report</a>
</p>
No publisherVidushi Marda, Aditya Tejus, Megha Nambiar and Japreet GrewalSocial MediaISISCountering Violent ExtremismTwitterInternet GovernanceFacebookOnline Recruitment2016-12-16T02:19:16ZBlog EntryWe Truly are the Product being Sold
http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold
<b>WhatsApp has announced it will begin sharing user data such as names, phone numbers, and other analytics with its parent company, Facebook, and with the Facebook family of companies. This change to its terms of service was effected in order to enable users to “communicate with businesses that matter” to them. How does this have anything to do with Facebook?
</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://www.hindustantimes.com/analysis/we-truly-are-the-product-being-sold/story-fz6FN77xizMuxOBS3KBNtJ.html">published in the Hindustan Times</a> on August 31, 2016.</p>
<hr />
<p style="text-align: justify; ">WhatsApp clarifies in its blog post, “... by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.”</p>
<p style="text-align: justify; ">WhatsApp’s further clarifies that it will not post your number on Facebook or share this data with advertisers. This means little because it will share your number with Facebook for advertisement. It is simply doing indirectly, what it has said it won’t do directly. This new development also leads to the collapsing of different personae of a user, even making public their private life that they have so far chosen not to share online. Last week, <a href="https://www.washingtonpost.com/news/the-intersect/wp/2016/08/19/98-personal-data-points-that-facebook-uses-to-target-ads-to-you/?tid=sm_tw" shape="rect" title="www.washingtonpost.com">Facebook published a list of 98 data points it collects on users</a>. These data points combined with your WhatsApp phone number, profile picture, status message, last seen status, frequency of conversation with other users, and the names of these users (and their data) could lead to a severely uncomfortable invasion of privacy.</p>
<p style="text-align: justify; ">Consider a situation where you have spoken to a divorce lawyer in confidence over WhatsApp’s encrypted channel, and are then flooded with advertisements for marriage counselling and divorce attorneys when you next log in to Facebook at home. Or, you are desperately seeking loans and get in touch with several loan officers; and when you log in to Facebook at work, colleagues notice your News Feed flooded with ads for loans, articles on financial management, and support groups for people in debt.</p>
<p style="text-align: justify; ">It is no secret that Facebook makes money off interactions on its platform, and the more information that is shared and consumed, the more Facebook is benefitted. However, the company’s complete disregard for user consent in its efforts to grow is worrying, particularly because Facebook is a monopoly. In order for one to talk to friends and family and keep in touch, Facebook is the obvious, if not the only, choice. It is also increasingly becoming the most accessible way to engage with government agencies. For example, Indian embassies around the world have recently set up Facebook portals, the Bangalore Traffic Police is most easily contacted through Facebook, and heads of states are also turning to the platform to engage with people. It is crucial that such private and collective interactions of citizens with their respective government agencies are protected from becoming data points to which market researchers have access.</p>
<p style="text-align: justify; ">Given Facebook’s proclivity for unilaterally compromising user privacy, the Federal Trade Commission (FTC) in 2011 charged the company for deceiving consumers by misleading them about the privacy of their information. Following these charges, Facebook reached an agreement to give consumers clear notice and obtain consumers’ express consent before extending privacy settings that they had established. The latest modification to WhatsApp’s terms of service seems to amount to a clear violation of this agreement and brings out the grave need to treat user consent more seriously.</p>
<p style="text-align: justify; ">There is a way to opt out of sharing data for Facebook ads targeting <a href="https://www.whatsapp.com/faq/general/26000016" shape="rect" title="www.whatsapp.com">that is outlined by WhatsApp on its blog</a>, which is the best example for a case of invasion-of-privacy-by-design. WhatsApp plans to ask the users to untick a small green arrow, and then click on a large green button that says “Agree” (which is the only button) so as to indicate that they are opting-out. The interface of the notice seems to be consciously designed to confuse users by using the power of default option. For most users, agreeing to terms and conditions is a hasty click on a box and the last part of an installation process. Predictably, most users choose to go with default options, and this specific design of the opt-out option is not meaningful at all.</p>
<p style="text-align: justify; ">In 2005, Facebook’s default profile settings were such that anyone on Facebook could see your name, profile picture, gender and network. Your photos, wall posts and friends list were viewable by people in your network. Your contact information, birthday and other data could be seen by friends and only you could view the posts that you liked. Fast forward to 2010, and the entire internet, not just all Facebook users, can see your name, profile picture, gender, network, wall posts, photos, likes, friends list and other profile data. There hasn’t been a <a href="http://mattmckeon.com/facebook-privacy/" shape="rect" title="mattmckeon.com">comprehensive study since 2010</a>, but one can safely assume that Facebook’s privacy settings will only get progressively worse for users, and exponentially better for Facebook’s revenues. The service is free and we truly are the product being sold.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold'>http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold</a>
</p>
No publishervidushiSocial MediaWhatsAppFacebookInternet Governance2016-09-01T02:08:37ZBlog EntryFacebook is censoring some posts on Indian Kashmir
http://editors.cis-india.org/internet-governance/news/washington-post-july-27-2016-rama-lakshmi-facebook-is-censoring-some-posts-on-indian-kashmir
<b>Film makers, activists and journalists accused Facebook of blocking their accounts this week after they posted messages and images related to the violence in the trouble-torn province of Kashmir. In recent weeks, the India administered, Muslim-majority Kashmir state has been facing violence and curfews after protests erupted against the killing of a popular leader of a terrorist group.</b>
<p style="text-align: justify; ">The article by Rama Lakshmi was published by <a href="https://www.washingtonpost.com/news/worldviews/wp/2016/07/27/facebook-is-censoring-posts-on-indian-kashmir-some-say/">Washington Post</a> on July 27. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">As people posted images, videos and stories about police violence and people injured by<span class="Apple-converted-space"> </span><a href="https://www.washingtonpost.com/news/worldviews/wp/2016/07/12/in-kashmir-indian-security-forces-use-pellet-guns-that-often-blind-protesters/">pellet<span class="Apple-converted-space"> </span></a>wounds on Facebook, some discovered their accounts were disabled. On Monday, the account of Arif Ayaz Parrey, an editor with an environmental magazine in New Delhi, was disabled for more than a day. He administers the Facebook account of a discussion group called the Kashmir Solidarity Network, whose page was also removed.</p>
<p style="text-align: justify; ">“The Kashmir Solidarity page was started by a Kashmiri anthropology student in New York. This is not a hate forum, we share stories,” Parrey said. More than 47 people have died and hundreds injured in angry clashes between the police and protesters in Kashmir this month, the worst outbreak of bloody violence in six years in the region claimed by both India and neighboring Pakistan.</p>
<p style="text-align: justify; ">“Our Community Standards prohibit content that praises or supports terrorists, terrorist organizations or terrorism, and we remove it as soon as we’re made aware of it,” said a Facebook spokesman in India. “We welcome discussion on these subjects but any terrorist content has to be clearly put in a context which condemns these organizations or their violent activities.”India and the United States topped the list of governments that<span class="Apple-converted-space"> </span><a href="http://blogs.wsj.com/indiarealtime/2016/04/29/facebook-receives-highest-ever-number-of-requests-for-indian-user-data/">request</a>Facebook for details of accounts in the second half of 2015.</p>
<p style="text-align: justify; ">India has more than 340 million mobile Internet users and has the second largest number of Facebook users after the United States. The company is seeking to expand its footprint here by introducing a<span class="Apple-converted-space"> </span><a href="https://www.washingtonpost.com/world/indian-telecom-regulator-bans-facebooks-free-internet-for-the-poor/2016/02/08/561fc6a7-e87d-429d-ab62-7cdec43f60ae_story.html">pared</a><span class="Apple-converted-space"> </span>down version called “Free Basics.” But earlier this year, New Delhi shot it down, saying service providers cannot charge discriminatory prices for Internet users.</p>
<p style="text-align: justify; ">A journalist in Kashmir said that many who shared stories about a new band of militants and videos of police brutality have been blocked. “It looks more like Facebook censorship rather than something initiated by the government. Maybe they are trying to please the government proactively,” said Sunil Abraham, executive director of Center for Internet and Society. “Nevertheless it will have a chilling effect. You will think twice before exercising free speech on Facebook now.”</p>
<p style="text-align: justify; ">Ather Zia, a political commentator from Kashmir who teaches anthropology at the University of Northern Colorado, said after her account was disabled on Tuesday: "It is safe to assume creating awareness for Kashmir using social media or writing about the ground reality is under severe threat." Meanwhile, users struggled to restore their accounts on Wednesday as they uploaded new documents requested by the company.</p>
<p style="text-align: justify; ">“I use my Facebook account not as a personal page to tell people about my last haircut or last holiday. I use it for work, I share media stories about whatever bothers me in the universe,” said Sanjay Kak, a documentary film maker whose account was disabled Tuesday. “Nothing I shared can be considered inflammatory or incendiary.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/washington-post-july-27-2016-rama-lakshmi-facebook-is-censoring-some-posts-on-indian-kashmir'>http://editors.cis-india.org/internet-governance/news/washington-post-july-27-2016-rama-lakshmi-facebook-is-censoring-some-posts-on-indian-kashmir</a>
</p>
No publisherpraskrishnaFacebookInternet Governance2016-07-28T03:03:53ZNews ItemTamil Nadu likely to hold Facebook accountable for suicide case
http://editors.cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case
<b>The recent suicide of a 21-year-old woman from Salem district in Tamil Nadu over her morphed pictures being uploaded on Facebook could turn into a flash-point between the state police and the world's most-popular social networking site.</b>
<p style="text-align: justify; ">The article by V. Prem Shanker was <a class="external-link" href="http://economictimes.indiatimes.com/news/politics-and-nation/tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case/articleshow/53182832.cms">published in the Economic Times</a> on July 13, 2016.</p>
<hr />
<p style="text-align: justify; ">"We are exploring the possibility of holding Facebook accountable for the delay in responding to our requests since that was one of the factors which led to the young lady committing suicide," Salem superintendent of police Amit Kumar Singh told ET in an exclusive interaction. On June 23, the Salem police had received a complaint from the father of the 21-year-old stating that someone had uploaded her morphed nude pictures on Facebook. The father had requested the police to get the photographs removed from the site and also find and warn the perpetrator.</p>
<p style="text-align: justify; ">The police recorded the complaint the same evening and later sent what is called a 'Law Enforcement Online Request' to Facebook asking for details of the IP address from which the morphed photographs were uploaded on the website. Officials also requested Facebook to take down the objectionable photographs of the young woman.</p>
<p style="text-align: justify; ">Five days after the request was sent, Facebook responded with the IP address on June 28 and within 12 hours after that the police cracked the case and nabbed the suspect.</p>
<p style="text-align: justify; ">However, all this was a bit too late because the previous day, on June 27, the young woman had ended her life. Her morphed nude photographs were taken down only on the day of her death, according to the police.</p>
<p style="text-align: justify; ">"Apart from addressing Facebook, we also investigated the case from other angles but couldn't make headway. Thus, there was nothing we could do about the pictures still being online apart from waiting for Facebook to act," Singh said, adding "enforcement of compliance is a matter of grave concern."</p>
<p style="text-align: justify; ">Officials are considering charging Facebook with abetment to suicide and including Facebook in the chargesheet if the site is found culpable after investigations. However, the state police is said to be discussing with legal experts on how this can be done as there is no precedent for a website having been charged in a crime.</p>
<p style="text-align: justify; ">Facebook did not reply to an email seeking comment. Earlier in a communique, responding to criticisms of police inaction in this case, Singh had pointed out that "Only Facebook can block a page and it exercises this discretion as per its Facebook Community Standards and not the law of the land it is being viewed in. Facebook does not provide the police with any special powers to take down a page even if the police receive a cognizable complaint of identity theft and uploading of obscene content. There is no tool available, at least as of now, with the police to coerce or goad Facebook to act expeditiously even if the matter is very urgent and there is a flagrant violation of Indian law."</p>
<p style="text-align: justify; ">Experts point out that the disparity with which Facebook treats child abuse laws and copyright infringements as opposed to violation of women's rights is stark.</p>
<p style="text-align: justify; ">"Look at the war against child pornography. In the United Kingdom there is an independent foundation that has immunity under UK child pornography law. They generate a database and circulate it across all platforms and ensure that it is kept absolutely squeaky clean," points out Sunil Abraham, executive director of Bengaluru based research organisation, Centre for Internet and Society.</p>
<p style="text-align: justify; ">"There definitely needs to be a law to ensure that such platforms do not violate the law of the land, especially when it comes to women's rights. But in interim, the government can create an information escrow or a platform where the victims can place on record their problems and it is there for these sites to see and take action," Abraham added.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case'>http://editors.cis-india.org/internet-governance/news/economic-times-v-prem-shanker-july-13-2016-tamil-nadu-likely-to-hold-facebook-accountable-for-suicide-case</a>
</p>
No publisherpraskrishnaSocial MediaFacebookInternet Governance2016-07-13T13:44:58ZNews ItemFB & Google have already monopolised Indian cyberspace
http://editors.cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace
<b>In an interview with Catch, Sunil Abraham, executive director of Center for Internet & Society, puts the recent US-India cyber relationship framework into perspective. Abraham also talks about how Indian surveillance policies are outdated and why the country has failed to check the hegemonic tendencies of companies like Facebook and Google.</b>
<p>The <a class="external-link" href="http://www.catchnews.com/science-technology/fb-google-have-already-monopolised-indian-cyberspace-1467505123.html/fullview">interview was published by Catch News</a> on July 3, 2016.</p>
<hr />
<h3 style="text-align: center; "><img src="http://editors.cis-india.org/home-images/copy6_of_Sunil.png/@@images/d7f757de-b4fc-46a2-a9b3-cca0e46e32e7.png" alt="Sunil Abraham" class="image-inline" title="Sunil Abraham" /></h3>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">US-India signed a cyber relationship framework earlier this month. Could you explain some of the takeouts that may have important implications in the near future?</span></h3>
<p style="text-align: justify; ">In the framework, both sides have made a "commitment to the multi-stakeholder model of Internet governance" - in immediate practical terms that means India will accept the Internet Assigned Numbers Authority (IANA) transition proposed for the Internet Corporation for Assigned Names and Numbers (ICANN). Unfortunately, as my colleague Pranesh Prakash points out "U.S. state control over the core of the internet's domain name system is not being removed by the transition that is currently underway."</p>
<p style="text-align: justify; ">India along with Brazil and other emerging powers should have insisted that the question of jurisdiction be addressed before the transition. We must remember, that the multi-stakeholder model is just a fancy name for open and participatory self-regulation by the private sector. While the multi-stakeholder model is useful as a complement to traditional state-led regulation, it cannot be used to protect human rights or ensure the security of a nation state.</p>
<p style="text-align: justify; ">[That is precisely why - the very next sentence in the announcement for the the framework for the US-India Cyber Relationship says "a recognition of the leading role for governments in cyber security matters relating to national security". This is because ICANN-style multistakeholderism requires all stakeholders to be on "equal footing" without "distinct roles and responsibilities". In other words, the governments are saying that the multistakeholder model is fine for all Internet Governance areas with the exception of Cyber Security. Given the limits of the multistakeholder model this is indeed the wise thing to do. Since American corporations dominate the Internet, US foreign policy has historically pushed for the multistakeholder model as fig leaf for forbearance and reduced foreign regulatory burden American corporations operating in other jurisdictions. Therefore India must not drink the multistakeholder cool-aid whole sale. It cannot afford a laissez-faire approach where it waits for corporations to self-regulate - it must regulate whenever public interest or human rights are harmed. In other words, it must go beyond the multistakeholder model and produce appropriate regulation where necessary. Needless to add - it must also deregulate in areas where harms don't exist. Apart from this many of the details of the announcement are positive steps that will increase security in India and the USA, and indeed the also across the world.]</p>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">What are some aspects of Intellectual Property Rights that should be looked at, in the context of the framework?</span></h3>
<p style="text-align: justify; ">There is some language around Intellectual Property Rights (IPR) that should be examined carefully too. The US corporations benefit from a maximalist IP regime. But Make in India, Digital India and Startup India all depend on flexibilities to the IP regime and therefore India should refuse signing. Trans-Pacific Partnership (TPP) obligations like the "Digital 2 Dozen" which the US is actively proselytizing across the Pacific. If we make that mistake, we will make zero progress in indigenous security research and product development and also many other areas of our economy, health sector and education sector will be severely compromised. Therefore it would be best to keep IP rights expansion and enforcement out of the framework for the US-India Cyber Relationship.</p>
<h3 style="text-align: justify; "><span class="quick_pill_news_description">The PIL seeking a ban on WhatsApp was refused by the SC recently. Encrypted messaging services like Telegram however, have been used in the past by terror groups. What's your take on such end-to-end encryption services?</span></h3>
<p style="text-align: justify; ">Privacy and security are two sides of the same coin. You cannot have one without the other. End-to-end encryption is the basis for online privacy. End-to-end encryption is a pre-requisite for many legitimate actions of law abiding citizens online such as commerce, banking, tele-medicine, protection of intellectual property, witness/source protection, client confidentiality etc. Therefore, banning end-to-end encryption would mean the death of individual privacy and national security.</p>
<p style="text-align: justify; ">If the government wants to promote cyber security it should promote the use of end-to-end encryption amongst law abiding citizens.<br /><br />Terrorist have to be stopped through targeted profiling, surveillance and interception. Big data analytics may be useful to watch for patterns in the meta data but there is no replacement for good old fashioned police work.<br /><br />Once suspects have been identified the encrypted channels can be compromised by:</p>
<ol>
<li>Placing trojans on the end-user devices</li>
<li>Performing man-in-the-middle attacks and</li>
<li>Using brute force attacks with super computers.</li>
</ol>
<p style="text-align: justify; "><br />Snowden's revelations have made it very clear that blanket and mass surveillance does not help foil terror attacks or stop organised crime. So far, research and government reports from across the world indicate that only a minority of terrorists use encryption. However, this situation may change.</p>
<h3 style="text-align: justify; ">We don't have any proper encryption policy under the IT Act yet. What's taking so long and what are the key points that any policy in this matter must include in future?</h3>
<p style="text-align: justify; ">We need many different types of encryption policies. We need a policy that mandates encryption and digital signature for all government personnel and also for all government transactions. We need policies that promote research and development in cryptography and mathematics. We need to update our criminal procedure code so that encrypted communications and data can be targeted by law enforcement and used effectively in the criminal justice process.</p>
<p>However, we should not have any broad encryption policy that tries to regulate encryption as a technology. That would be a highly regressive move and will be impossible to enforce. That would breed contempt for rule of law.</p>
<h3>Surveillance and the tech around it has been contentious for various governments. Where do we stand vis-a-vis regulating surveillance measures by the state?</h3>
<p style="text-align: justify; ">Our surveillance and interception laws are outdated. They need to be modernized to deal with advancements in technology and also global developments when it comes to data protection and privacy law.</p>
<p style="text-align: justify; ">In fact, our organisation was part of a global effort called Necessary and Proportionate which identified 13 principles to modernise surveillance which are connected to various aspects such as Legality, Legitimate aim, Competent judicial authority, Integrity of communications and systems and more. Some of these principles may have to be customised for the Indian context. [For example, given the load on courts perhaps India should stay with executive authorization of interceptions and data access requests. However, getting the law correct is only half the job. For the law cannot fix what the technology has broken. Some surveillance projects are well designed. For ex. the NATGRID - from what I understand it is a standard and platform that which will allow 12 security, intelligence and law enforcement agencies to temporarily make unions of sub-sets of 21 data sources. These automated temporary databases will be created under existing data access provisions of the law. I also hope the NATGRID is also using cryptography to ensure the maintenance of a non-repudiable log that will identify all officers involved in authorizing the each request and accessing the resultant data. Unfortunately, other surveillance projects are unmitigated disasters. For example, UID or Aadhaar. Many Indians don't realize that Aadhaar is a surveillance project. Biometrics is just a fancy name for remote, covert and non-consensual identification technology. Using the UID database the government can identify every single Indian without their consent. The so called "consent layer" in the India Stack is being developed by volunteers outside the UIDAI to avoid transparency under the Right to Information Act. Nothing in the current layer of the "consent layer" allows citizens to revoke consent. There is no facility in the UID Act to delete yourself from the database. Identity information aka the UID number and authentication information aka your biometrics for about a billion Indians have been collected and stored in a centralized location. It is as if our parliamentarians have written an open letter to criminals and foreign governments says "here is the information you need to wreck whole sale damage - come and get it". Hopefully the Supreme Court will save us from this impending disaster.]</p>
<h3>With a sluggish US market, India has the biggest potential for companies like FB & Google, next only to China. Do you feel that in the quest to take over the Indian market, FB & Google are going to monopolise cyberspace in India?</h3>
<p>I have news for you - they have already monopolised Indian cyberspace. They have completely wiped out competition in certain domains.</p>
<p style="text-align: justify; ">One of the many reasons they have done this is because we don't have laws and regulations to temper their hegemonic tendencies. For example, we could use data portability and interoperability mandates for social media to spark competition in markets where there are entrenched monopolies.</p>
<p style="text-align: justify; ">Competition law can be used to protect other firms from abuse of market power. Consumer protection law and privacy law could be used to ensure that user's rights are not compromised in the race for market share. In addition, a modern privacy law compliant with the best practices in the European Data Protection Regulation 2016, would allow emerging Indian companies to compete with giants like Facebook and Google on a level playing field. [Speaking of level playing field - only recently has the government introduced the "equalization levy". This was long overdue. Imagine the amount of tax that could have been collected so far and damage that has been done to competition. Regardless the current NDA government deserves our kudos for ensuring that Facebook and Google contribute their fair share of taxes. The new IPR Policy was also an opportunity to address the monopoly of Google and Facebook. There should have been a concerted attempt to use free/open source software, open standard and open content to bolster Indic language technologies. A billion dollars from every spectrum auction should be used to create incentives for Indian private sector, research and academic organisation who can contribute openly to the Indic cyberspace. This is the market where we can still build a highly competitive market. Today, given government inaction - millions of Indians are training Google's language platforms every time they use machine translation or speech to text technologies. This corpus of information will not be available for public interest research. Ideally we should also have Indians contributing to commons-based peer production projects like Wikipedia for their Indic language needs. Unfortunately the government totally missed this opportunity.]</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace'>http://editors.cis-india.org/internet-governance/news/catch-news-asad-ali-july-3-2016-fb-and-google-have-already-monopolised-indian-cyberspace</a>
</p>
No publisherpraskrishnaSocial MediaGoogleFacebookInternet Governance2016-07-08T15:59:46ZNews Item