The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
PDP Bill is coming: WhatsApp Privacy Policy analysis
http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis
<b>WhatsApp started off the new year with changes to its privacy policy that has several implications for data protection and the digital governance ecosystem at large. This post is the first in a series by CIS unpacking the various implications of the policy.
</b>
<span id="docs-internal-guid-153739d2-7fff-f133-6a27-53060c29814c">
<p dir="ltr"> </p>
<p dir="ltr">On January 4, 2021, WhatsApp announced a revised privacy policy. The announcement was through an in-app notification. Users were asked to agree to the policy by February 8, else they will lose access to their accounts. The announcement triggered a backlash, globally and in India and it led to <a href="https://economictimes.indiatimes.com/tech/information-tech/messaging-app-signal-faces-global-outage-days-after-adding-millions-of-users/articleshow/80296362.cms">millions of users in India migrating to other messaging platforms. </a>In light of the backlash, WhatsApp had on January 15 announced that it will delay rolling out the new policy to May 15, 2021. </p>
<p dir="ltr"> It is important to note that many users have also commented that the new explicit terms of mandatory data sharing with Facebook and the extent of metadata collection haven’t changed drastically from WhatsApp’s existing operations. In 2016, WhatsApp had revised its privacy policy to enable data sharing with Facebook. Users were provided 30 days to opt out of such data sharing. However, the option to opt out was not provided to users who joined the service after September 25, 2016 or who failed to exercise the opt-out option. The changes in the policy were challenged in the Delhi High Court. The High Court (i) directed WhatsApp to delete the complete information of users who exercised the option to opt out before September 25, 2016; and (ii) with respect to users who did not exercise the opt-out option, WhatsApp was directed to not share the information of users collected until September 25, 2016 with Facebook. The matter is currently pending before the Supreme Court. </p>
<p dir="ltr">The change in people’s reactions to the data processing from 2016 can partly be attributed to the change in the users perception of privacy and personal data protection. Conversations around privacy and data protection and harms arising out of unauthorized data collection are much more prevalent. What has also irked a large number of users is the difference between the privacy policy applicable to the European Region and the policy applicable to the rest of the world; There is a disparity in the two policies regarding the rights of the users in relation to sharing of data with Facebook Companies(Facebook payments inc, Facebook Payments International Limited, Onavo, Facebook technologies LLC, Facebook Technologies Ireland limited, WhatsApp inc. WhatsApp Ireland Limited and Crowdtangle) due to the application of the General Data Protection Regulation. </p>
<p dir="ltr">Currently, Indian users have a fundamental right to privacy and an overarching data protection framework is set to be tabled in the Parliament soon. The Personal Data Protection Bill, 2019, being deliberated by the Joint Parliamentary Committee, is expected to provide comprehensive requirements for authorized collection and management of personal data. The proposed Bill, despite several shortcomings, does offer significantly more protection than the current framework consisting of S. 43A of Information Technology Act, 2000 and the Information Technology (Reasonable Security practices and procedures and sensitive personal data or Information) Rules, 2011. This blogpost will examine the viability of the revised privacy policy of WhatsApp if the proposed bill is enacted in the currently available public version of the Bill. In the subsequent posts we will analyse the effect of the revised privacy policy on the pending litigation. </p>
<h3>
Privacy notice</h3>
<p dir="ltr">Section 7 of the proposed bill puts an obligation on the data fiduciary to provide a privacy notice, i.e. a document containing granular details of the processing of personal data to the data principals. The details must be provided in a manner that is clear, concise and easily comprehensible to a reasonable person. The notice should also be provided in multiple languages where necessary and practicable. The importance of a clear and concise policy has been highlighted in the Justice Srikrishna Report on Data Protection. However, there is no guidance from the Indian authorities on what it constitutes. Guidance from the <a href="https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227">Article 29 working party</a> in the EU suggests that the policy must be presented in a manner that avoids information fatigue. In the digital context, it has been recommended that presenting a policy in a layered format enhances readability. The guidance also suggests that policy should avoid reliance on complex sentences and abstract terms to convey the details of the processing operations. The revised privacy policy of WhatsApp cannot be termed a clear and concise policy. The purely text-based policy, containing around 3800 words, is not presented in a layered format resulting in shockingly low readability for the amount and type of personal data collection the policy is attempting to convey. In addition to improper design and structure, the policy contains vague language providing an average user a hazy understanding of the extent of data processing and can leave room for different interpretations. The earlier version of the policy also uses similar language and structure to convey details regarding the processing and <a href="https://www.irishtimes.com/business/technology/whatsapp-ireland-sets-aside-77-5m-for-possible-data-compliance-fines-1.4412449">doesn’t provide transparent details regarding its data sharing with Facebook</a>. Relying on a similar format as its earlier versions without revising it based on global discussions around the best methods seems to be an opportunity lost to remedy the privacy policy. The structure, form and language of the policy will have to be revised if the Bill is enacted in its current form and the policy will also have to be provided in multiple languages. </p>
<h3>Bundled consent</h3>
<p dir="ltr">According to its policy, WhatsApp relies on the consent of the user for the purpose of providing messaging and communication services, sharing information with third party service providers that help WhatsApp “operate, provide, improve, understand, customize, support, and market” their Services, and sharing information with other Facebook companies for “providing integrations with Facebook Company products” to name a few. It is important to verify if the consent being obtained is valid according to the standard set by the proposed framework.</p>
<p dir="ltr">For consent to be valid under the proposed framework (Section 11(4)) , the provision and quality of services provided should not be linked to consenting to processing of personal data that is not directly necessary for that purpose. In WhatsApp’s case, the primary purpose of processing is to provide messaging and communication services on that particular platform. Neither sharing personal data with third party service providers for better marketing of their services on other platforms nor sharing it with Facebook company of products for better integration of services is incidental to the primary purpose of processing. The bundling of consent results in forcing individuals to either accept processing of personal data for all of the purposes outlined or lose the services altogether resulting in an invalid consent. An explicit opt-in mechanism for all those processing operations that are not compatible with the primary purpose of processing will have to be provided to the Indian users if the Bill is enacted in its current form and consent is being relied on as the lawful ground of processing.</p>
<h3>Data sharing with Facebook</h3>
<p dir="ltr">WhatsApp’s policy on sharing of information with Facebook has garnered a significant amount of attention and has also raised privacy concerns amongst WhatsApp users in non-European countries. This is because the policy applicable to non- European countries now does not provide the user option to opt out from sharing the information if the user wants to continue using and operating WhatsApp. The policy under the heading ‘How we work with other Facebook Companies’ states that “As part of the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>, WhatsApp receives information from, and shares information (see<a href="https://faq.whatsapp.com/general/security-and-privacy/what-information-does-whatsapp-share-with-the-facebook-companies"> here</a>) with, the other<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-company-products"> Facebook Company Products</a>.” The information that may be shared by WhatsApp with Facebook Companies includes; (i) users phone number; (ii) transaction data; (iii) service-related information, (iv) information on how the users interact with others (including businesses); (v) mobile device information; (vi) the user’s IP address; and (vii) and any other data covered by the privacy policy. All this information/data will fall within the ambit of personal data in terms of the current version of the Bill and therefore WhatsApp would have to comply with the obligations put on it under the Bill for it to be able to share personal data with other data fiduciaries including Facebook Companies.</p>
<p dir="ltr">As noted earlier, it is pertinent to note that the privacy policy is not the same globally. As per the privacy policy applicable to Europe, WhatsApp states that any information that it shares with Facebook Companies is to be used on WhatsApp’s behalf and in accordance with its instructions. Any such information cannot be used for the Facebook Companies own purposes. This statement is not reflected in the privacy policy applicable to non European countries. Facebook has in a <a href="https://www.irishtimes.com/business/technology/whatsapp-says-european-users-do-not-have-to-share-data-with-facebook-1.4452435">statement </a>stated that “For the avoidance of any doubt, it is still the case that WhatsApp does not share European region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or advertisements”</p>
<p dir="ltr"><strong id="docs-internal-guid-dbd02a4a-7fff-ed41-bc54-e5cce9a8b5ca"><br /></strong></p>
<h3>Data sharing with other third party service providers</h3>
<p dir="ltr">It is also important to note that sharing of information is not limited to Facebook Companies, but also extends to other third party service providers. However, apart from a vaguely drafted statement stating that WhatsApp works with third party service providers as well as other Facebook Companies to help it to “operate, provide, improve, understand, customize, support, and market our Services”, the privacy policy is silent and does not provide any insight or clear information on (a) the nature of these third party entities; (b) extent of information shared with such third party entities. Further, even though the policy provides a link to the other Facebook Companies (Facebook Payments Inc, Facebook International Limited, Onavo CrowdTangle) that it works with; there is again no clarity as to what are the specific services provided by these companies.</p>
<p dir="ltr">One of the rights provided to a data principal under Section 17 (3) and Section 7 (1)(g) of the current version of the Bill, is the right to be informed and the consent to be obtained from the data principal about the individuals or entities with whom personal data may be shared. The data principal also has the right to be informed about and given access to the categories of personal data shared with the other data fiduciaries. However, the policy as it stands on date is silent about both the details of the third parties service providers as well as the categories of personal data that could be shared with them.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Metadata collection and data minimisation</h3>
<p dir="ltr">The details on usage and log information in the previous version of the policy were rather vague as a result of which the extent of data collection was difficult to ascertain. The revised version indicates that WhatsApp’s metadata collection went further than most of the other popular messaging applications and the data being collected was linked back to the user and device identity. The principle of data minimisation (Section 6 of the proposed framework) limits the collection of personal data to that which is necessary for the purpose of processing. The compelling reasons that justify the metadata collection for the primary purpose of messaging and communication are so far unclear. The metadata collection section is similar in the privacy policy for the EU region and on the face of it doesn’t look GDPR compliant as well. Collection of those categories of personal data that are not necessary for processing of the primary purpose will need to be discontinued if the Bill is enacted in its current form.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Data Principal rights</h3>
<p dir="ltr">The difference between the protection afforded to Indian resident users and European resident users is highlighted in the rights accorded to the data principal under the two privacy policies. The European privacy policy has a section dedicated to how users can exercise their rights and specifies that users have the right to access, rectify, port, and erase their information, as well as the right to restrict and object to certain processing of their information. These rights are a reflection of the protection afforded to data principles under the GDPR. As per the current version of the Bill, the data principal will have the right to (i) confirmation and access (Section 17); (ii) correction and erasure (Section 18); and (iii) data portability (Section 19). If the current version of the Bill is enacted, then WhatsApp will be required to amend its privacy policy regarding its applicability to India and incorporate the rights of data accorded to the data principal .</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Grievance redressal </h3>
<p dir="ltr">The European Region privacy policy specifies the entity within WhatsApp responsible for addressing the complaints of the users and it further also informs the user that they have the right to approach the Irish Data Protection Commission, or any other competent data protection supervisory authority. None of these provisions are specified in the Non-European Region privacy policy. The current version of the PDP Bill places an obligation on the data fiduciary to establish an effective grievance redressal mechanism (Section 32(1)) and to inform the data principal about their right to approach the Data Protection Authority (which is proposed to be established under the PDP Bill) (Section 7(k)). Additional details regarding the same will have to be provided if the Bill is enacted in its current form. </p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Clarifications from WhatsApp </h3>
<p dir="ltr">On January 13, 2021, WhatsApp published a blog stating that the changes to the privacy policy will not affect users who use the platform messaging with friends and family, the changes will only apply to users who use the platform to communicate with business accounts. As per WhatsApp messages to business accounts on WhatsApp can be shared with third-party service providers, which may include Facebook itself. As per the blog, “But whether you communicate with a business by phone, email, or WhatsApp, it can see what you’re saying and may use that information for its own marketing purposes, which may include advertising on Facebook.” It is important to note that we recognise that the content of the messages and the call remains encrypted, however, the concern arises from the collection and use of ‘metadata.’ </p>
<p dir="ltr">WhatsApp’s repeated assurances and clarifications asserting their commitment to data privacy falls short. Their insistence that their chats still use end to end encryption and that only interactions with WhatsApp Business will be shared with Facebook indicates ignorance with regard to the different contours of informational privacy. The expectations of privacy that individuals have over their personal data is linked to the extent of control they have over disclosure of such data. The mandatory metadata collection and lack of opt out clauses for data sharing for marketing purposes results in a mere illusion of control through its façade consent collecting process.</p>
<p dir="ltr"><strong><br /></strong></p>
<p dir="ltr">For the most part, the proposed framework should provide us the same level of protection offered to EU users of WhatsApp regarding some of the key contentions highlighted above. However, additional data principal rights such as the right to object and right to restrict processing will give additional protections to the data principal in case of data processing for marketing purposes. The uproar over the data collection practices of WhatsApp have cemented the immediate need for an effective data protection legislation in the country. The final draft of the Bill with <a href="https://economictimes.indiatimes.com/news/politics-and-nation/parliamentary-panel-examining-personal-data-protection-bill-recommends-89-changes/articleshow/80138488.cms">89 new amendments</a> is expected to be released soon. Considering the renewed apprehensions regarding unwarranted processing of personal data, we can only hope that the amendments have taken into consideration the feedback and comments provided by relevant stakeholders. </p>
<p dir="ltr"><br /><br /></p>
<p dir="ltr">(This post was edited and reviewed by Amber Sinha, Arindrajit Basu and Aman Nair)</p>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis'>http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis</a>
</p>
No publisherPallavi Bedi & Shweta ReddyWhatsAppFacebookPrivacy2021-01-19T08:12:23ZBlog EntryThe Competition Law Case Against Whatsapp’s 2021 Privacy Policy Alteration
http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration
<b>Having examined the privacy implications of Whatsapp's changes to its privacy policy in 2021, this issue brief is the second output in our series examining the effects of those changes. This brief examines the changes in the context of data sharing between Whatsapp and Facebook as being an anticompetitive action in violation of the Indian Competition Act, 2002. </b>
<span id="docs-internal-guid-2e4a5c52-7fff-f416-6970-948314f0b524">
<p style="text-align: justify;" dir="ltr"> </p>
<h3 style="text-align: justify;">Executive Summary</h3>
<p style="text-align: justify;" dir="ltr">On January 4, 2021, Whatsapp announced a revised privacy policy through an in-app notification. It highlighted that the new policy would impact user interactions with business accounts, including those which may be using Facebook's hosting services. The updated policy presented users with the option of either accepting greater data sharing between Whatsapp and Facebook or being unable to use the platform post 15th May, 2021. The updated policy resulted in temporarily slowed growth for Whatsapp and increased growth for other messaging apps like Signal and Telegram. While Whatsapp has chosen to delay the implementation of this policy due to consumer outrage, it is important for us to unpack and understand what this (and similar policies) mean for the digital economy, and its associated competition law concerns. Competition law is one of the sharpest tools available to policy-makers to fairly regulate and constrain the unbridled power of large technology companies.</p>
<p style="text-align: justify;" dir="ltr">While it is evident the Indian competition landscape will benefit from revisiting the existing law and policy framework to reign in Big technology companies, we argue that the change in Whatsapp’s privacy policy in 2021 can be held anti-competitive using legal provisions as they presently stand. Therefore, in this issue brief, we largely limit ourselves to evaluating the legality of Whatsapp’s privacy policy within the confines of the present legal system. </p>
<p style="text-align: justify;" dir="ltr">First, we dive into an articulation of the present abuse of dominance framework in Indian Competition Law. Second, we analyze whether there was abuse of dominance-bearing in mind an economic analysis of Whatsapp’s role in the relevant market by using tests laid out in previous rulings of the CCI</p>
<br />
<p style="text-align: justify;" dir="ltr">The framework for determining abuse of dominance as per The Competition Act is based on three factors:</p>
<p style="text-align: justify;" dir="ltr">1. Determination of relevant market</p>
<p style="text-align: justify;" dir="ltr">2. Determination of dominant position</p>
<p style="text-align: justify;" dir="ltr">3. Abuse of the dominant position</p>
<br />
<p style="text-align: justify;" dir="ltr">In two previous orders in 2016 and 2020, CCI has held that Whatsapp is dominant in its relevant market based on several factors which we explore. These include:</p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Advantage in user base, usage and reach,</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Barriers to entry for other competitors</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Power of acquisition over competitors.</p>
</li></ol>
<br />
<p style="text-align: justify;" dir="ltr">However, in both orders, CCI held that Whatsapp did not abuse its dominance by arguing that the practices in question allowed for user choice. We critique these judgments for not reflecting the market structures and exploitative practices of large technology companies. We also argue that even if we use the test of user choice laid down by the CCI in its previous orders concerning Whatsapp and Facebook, the changes made to the privacy policy in 2021 did abuse dominance,and should be held guilty of violating competition law standards.</p>
<p style="text-align: justify;" dir="ltr">Our analysis revolves around examining the explicit and implicit standards of user choice laid out by the CCI in its 2016 and 2020 judgements as the standard for evaluating fairness in an Abuse of Dominance claim.We demonstrate how the 2021 changes failed to meet these standards. </p>
<p style="text-align: justify;" dir="ltr">Finally, we conclude by noting that the present case offers a crucial opportunity for India to take a giant step forward in its regulation of big tech companies and harmonise its rulings with regulatory developments around the world.</p>
<p style="text-align: justify;" dir="ltr">The full issue brief can be found <a href="https://cis-india.org/internet-governance/whatsapp-privacy-policy-2021-issue-brief-competition-law">here</a></p>
<div> </div>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr"> </p>
<div> </div>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration'>http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration</a>
</p>
No publisherAman Nair and Arindrajit BasuConsumer RightsDigital EconomyData ProtectionFacebookCompetitionWhatsAppCompetition Law2021-03-24T16:12:09ZBlog EntryIndia steps up vigilance against WhatsApp abuse
http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse
<b>Delhi wants firm to open local office, appoint grievance officer as misinformation spreads.</b>
<p style="text-align: justify; ">The article by Debashree Dasgupta was published by <a class="external-link" href="https://www.straitstimes.com/asia/south-asia/india-steps-up-vigilance-against-whatsapp-abuse">Straits Times</a> on August 24, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">In one of its strongest directives yet to WhatsApp, the Indian government has asked the California-based messaging service firm to set up an office and appoint a grievance officer in India.</p>
<p style="text-align: justify; ">Indian Information Technology Minister Ravi Shankar Prasad conveyed the request to WhatsApp chief executive Chris Daniels during a meeting on Tuesday. It came against the backdrop of the growing misuse of the messaging app to disseminate misinformation.</p>
<p style="text-align: justify; ">"I requested WhatsApp chief executive Chris Daniels to set up a grievance officer in India, establish a corporate entity in India, comply with Indian laws. He assured me that #WhatsApp will soon take steps on all these counts," Mr Prasad tweeted after the meeting.</p>
<p style="text-align: justify; ">"I further asked WhatsApp CEO... to work closely with law enforcement agencies of India and create public awareness campaign to prevent misuse of WhatsApp. He assured me that #WhatsApp will undertake these initiatives," he added in another tweet.</p>
<p style="text-align: justify; ">The firm has not yet provided a confirmation of these claims.</p>
<p style="text-align: justify; ">The spread of misinformation about child kidnappings through WhatsApp has been linked to a series of mob lynchings that have led to the deaths of least 28 people across India since April.</p>
<blockquote class="pull-quote-left" style="text-align: justify; ">
<p>TAKING RESPONSIBILITY</p>
<p>When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action.</p>
<p>INDIA'S MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY</p>
</blockquote>
<p style="text-align: justify; ">There are also concerns that the spread of fake news via the application could gather further momentum ahead of next year's general elections in India. The firm has more than 200 million active monthly users in India - its biggest market and a sizeable chunk of its 1.5 billion global user base.</p>
<p style="text-align: justify; ">WhatsApp, the most widely used messaging app in India, has struggled to control the spread of misinformation in India on its platform.</p>
<p style="text-align: justify; ">With the government demanding greater accountability from it, the firm has made it more difficult for users to forward content by removing shortcuts. It has limited to five the number of people a message can be forwarded to each time, and introduced a "forwarded" label for such messages.</p>
<p style="text-align: justify; ">But the authorities have found this inadequate given the enormity of the challenge and rampant abuse.</p>
<p style="text-align: justify; ">Last month, the Indian Ministry of Electronics and Information Technology said: "There is a need for bringing in traceability and accountability when a provocative/inflammatory message is detected, and a request is made by law enforcement agencies.</p>
<p style="text-align: justify; ">"When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action."</p>
<p style="text-align: justify; ">Mr Prasad, speaking to the media after the meeting, said: "I have said in the past that it does not take rocket science to locate a message being circulated in hundreds and thousands... You must have a mechanism to find a solution."</p>
<p style="text-align: justify; ">The Indian government's demand for WhatsApp to set up a local office is not unprecedented.</p>
<p style="text-align: justify; ">The European Union General Data Protection Regulation says a foreign firm that processes personal data of individuals in the EU "may be required" to appoint a representative in an EU state. However, calls by the government to detect messages and track down senders have prompted concerns over privacy violation, and pose a technical challenge.</p>
<p style="text-align: justify; ">Mr Sunil Abraham, executive director of the Centre for Internet and Society, a Bangalore-based nonprofit organisation, said: "Application-wide blocking of the same content is not possible on WhatsApp because it uses end-to-end cryptography, and there is no way WhatsApp can determine which messages are being forwarded."</p>
<p style="text-align: justify; ">But there are potential remedies that are less controversial, and easier to achieve.</p>
<p style="text-align: justify; ">Mr Abraham suggested that WhatsApp fund a large network of fact checkers and provide a "fact check this" button along with all forwarded messages. "This button could then transmit the suspicious message to a common database that is managed by the network for fact checkers," he added.</p>
<p style="text-align: justify; ">Last month, the Ministry of Electronics and Information Technology raised concerns on the expected roll-out of WhatsApp Payments, which lets users make financial transactions via the application. It has sought clarity on whether the service adheres to the Reserve Bank of India's security and privacy rules.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse'>http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-08-27T15:22:23ZNews ItemCentre draws red lines for Whatsapp over fake news, says must comply with Indian laws
http://editors.cis-india.org/internet-governance/news/hindustan-times-august-21-2018-centre-draws-red-lines-for-whatsapp-over-fake-news-says-must-comply-with-indian-laws
<b>In a meeting with WhatsApp’s CEO Chris Daniels, Union minister Ravi Shankar Prasad said India put forward several demands, including that the company must have a grievance officer in India and have proper compliance of Indian laws.</b>
<p style="text-align: justify; ">The article by Nakul Sridhar was published in the <a class="external-link" href="https://www.hindustantimes.com/india-news/centre-draws-red-lines-for-whatsapp-over-fake-news-says-must-comply-with-indian-laws/story-Lcxosvi1gl11MZv3tVNQ2J.html">Hindustan Times</a> on August 21, 2018.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The Union government on Tuesday told the Facebook-owned WhatsApp to comply with Indian law, set up an Indian entity, and appoint a grievance officer in India to who people can reach immediately.</p>
<p style="text-align: justify; ">The directive comes at a when the government has pulled up the company for fake news spread on the social media platform serving as a contributory factor in several incidents of mob lynching across the country.</p>
<p style="text-align: justify; ">Ravi Shankar Prasad, Minister for Electronics and Information Technology, conveyed this to the global head of WhatsApp, Chris Daniels, who is in India this week. This is the first time that the government has spelt out its key expectations from the platform.</p>
<p style="text-align: justify; ">“I told him there have been sinister developments like fake news and revenge porn, which are criminal and against Indian laws. I suggested three points: they must have a grievance officer in India; they must comply with Indian laws; and they must have a local, corporate entity in India,” Prasad said.</p>
<p style="text-align: justify; ">Daniels, he added, had agreed to the three conditions. WhatsApp did not offer an independent confirmation or respond to questions.</p>
<p style="text-align: justify; ">Prasad said he also told Daniels that WhatsApp would have to comply with Reserve Bank of India (RBI) guidelines to start its payments services in India, saying that the firm would have to store the financial data it collects from India within the country.</p>
<p style="text-align: justify; ">After at least 30 lynchings in the past one year were linked to rumours and fake news spread through the WhatsApp platform, the IT ministry sent two notices to the company last month, asking it to curb the spread of such messages. WhatsApp’s chief operating officer, Matthew Idema, had met the IT ministry secretary Ajay Sawhneytowards the end of July to discuss the issue of fake news with the ministry and explain the steps it was taking in curbing its spread.</p>
<p style="text-align: justify; ">The application made it more difficult to forward media by removing shortcuts, limited the number of people a forwarded message can be sent to at a time to five, and introduced a ‘forwarded’ label for such messages after the push from the government.</p>
<p style="text-align: justify; ">Explaining its broad approach, a top government functionary, who asked not to be named, said, “We cannot accept digital imperialism. India is an open society. We have embraced technology and innovation. But no one should think they can come and do as they like. Firms like WhatsApp must conform to our rules, laws, and address problems.”</p>
<p style="text-align: justify; ">Reiterating his demand that WhatApp must find “a technological solution” to trace the origin of rumour-mongering messages, Prasad said, “It does not need rocket science to locate a message being circulated thousands and lakhs of times on the same day, on the same issue, in the same district and same state.” He said Daniels agreed to comply.</p>
<p style="text-align: justify; ">But experts believe that delivering on these demands will be challenging. “WhatsApp, according to my understanding, does not store metadata (such as phone number sent from) for text messages that are transmitted using their application or via the web client. Unfortunately, WhatsApp does not make this explicit in their public documentation,” said Sunil Abraham, founder of the think tank, Centre for Internet and Society.</p>
<p style="text-align: justify; ">“Therefore, many governments erroneously believe that sources of specific messages can be determined by big data analysis similar to the analysis of SMS metadata from telecom operators,” he said.</p>
<p style="text-align: justify; ">Metadata includes information such as the sender and recipient, date and time. “Now it would also include whether the message is forwarded,” said Abraham.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/hindustan-times-august-21-2018-centre-draws-red-lines-for-whatsapp-over-fake-news-says-must-comply-with-indian-laws'>http://editors.cis-india.org/internet-governance/news/hindustan-times-august-21-2018-centre-draws-red-lines-for-whatsapp-over-fake-news-says-must-comply-with-indian-laws</a>
</p>
No publisherAdminSocial MediaWhatsAppInternet Governance2018-08-27T14:24:51ZNews ItemWhatsApp races against time to fix fake news mess ahead of 2019 general elections
http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections
<b>On Friday, when WhatsApp announced that it would pilot a ‘five media-based forwards limit’ in India, the government came up with an unequivocal reminder.</b>
<p style="text-align: justify; ">The article by Venkat Ananth was published in <a class="external-link" href="https://economictimes.indiatimes.com/tech/internet/whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections/articleshow/65112280.cms">Economic Times</a> on July 24, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">“When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter face consequent legal action,” noted a ministry of electronics and information technology (MeitY) statement.</p>
<p style="text-align: justify; ">The statement also said there was a need for bringing in traceability and accountability, “when a provocative/inflammatory message is detected and a request is made by law enforcement agencies.”</p>
<p style="text-align: justify; ">Significantly, MeitY took aim at WhatsApp’s core end-to-end encryptionbased product feature and its oft-quoted and reiterated commitment to privacy. It was specific, going beyond the usual “do more” requests.</p>
<p style="text-align: justify; ">The stand also poses an interesting dilemma for the messenger service. How can it act while protecting its privacy commitment?</p>
<p style="text-align: justify; ">“It is practical ly impossible for WhatsApp to regulate content in the peer-to-peer encrypted environment it is set up in,” says Rahul Matthan, partner, Trilegal. “An encrypted platform is what we want. The government is trying to maintain a strict and difficult balance. The government tends to err on the side of violating civil liberties over offering privacy to innocent users. The WhatsApp case is going in that direction.”</p>
<h3 style="text-align: justify; ">No Longer Low-Key</h3>
<p style="text-align: justify; ">In India, its largest market, WhatsApp has benefitted from quietly operating in the shadows of its more popular parent, Facebook, growing to a currently active user base of 200 million.</p>
<p style="text-align: justify; ">However, in the last six months, while it continues to be perceived as an asset by politicos for outreach and propaganda, WhatsApp is now increasingly being tapped by the bad guys to disseminate deliberate misinformation, rumour mongering and fake news. And not the Donald Trump kind either.</p>
<p style="text-align: justify; ">It is leading to loss of lives on the ground, through lynchings, kidnappings and related crimes.</p>
<p style="text-align: justify; ">WhatsApp spokesperson Carl Woog says, “The recent acts of violence in India have been heartbreaking and reinforce the need for government, civil society and technology companies to work together to keep people safe.”</p>
<p style="text-align: justify; ">“By focusing on solutions to fake news inside our smartphones, we are ignoring a tougher problem that requires several complementary solutions,” says Apar Gupta, a Delhi-based lawyer and cofounder of the Internet Freedom Foundation.</p>
<p style="text-align: justify; ">“Let us not forget that a platform is not responsible for policing.”</p>
<p style="text-align: justify; ">But the general public and government perception — and, to some extent, concern — remains that WhatsApp has been slow to react to these situations.</p>
<h3 style="text-align: justify; ">To Police or Not to Police</h3>
<p style="text-align: justify; ">Interestingly, the government and ruling party realise WhatsApp could be pivotal to their fortunes in the next electoral cycle — in the run-up to Elections<br />2019.</p>
<p style="text-align: justify; ">“The government is coming under increased pressure to act on these lynchings, which is why it is taking a shootthe-messenger kind of an approach,” says Matthan. “An unsophisticated government would have advocated a blanket ban on the source. But here, the government, it appears, wants to regulate tech by having access to your device, through an app, in the case of the (telecom regulator) Trai DND app to battle spam.”</p>
<p style="text-align: justify; ">This is also why WhatsApp has intensified its outreach efforts. Over the past 10 days, a team of its US and India-based executives have been meeting key stakeholders in Delhi and Mumbai, including the Election Commission, political parties, the Reserve Bank of India, banks and civil society, as ET reported last week.</p>
<p style="text-align: justify; ">The team includes public policy manager Ben Supple, senior director, customer operations, Komal Lahiri and WhatsApp India communication manager Pragya Misra Mehrishi. They are now expected to meet key government officials from MeitY from Monday, sources say.</p>
<p style="text-align: justify; ">“The intense outreach efforts is essentially linked to WhatsApp wanting to protect its payments play in India,” says a Delhi-based public policy professional, who did not want to be named as he is not authorised to speak to the media.</p>
<p style="text-align: justify; ">“It (WhatsApp) is really worried about Google’s efforts with Tez and the gap that will only widen if the government delays grant of permission.”</p>
<p style="text-align: justify; ">WhatsApp is stressing some key points while reinforcing the steps it is taking to counter challenges. One, the best practices of using the platform. Two, the need to work together to prevent abuse of WhatsApp, and three, most importantly, to educate people about the best ways of using the platform. WhatsApp was primarily designed for private, oneon-one messaging or group chats among acquaintances, not for mass broadcast, which parties resort to during elections.</p>
<p style="text-align: justify; ">WhatsApp says it is working on a warfooting to tackle the problems. It has introduced product changes to counter user behaviour. There’s more control, where a group ‘admin’ can restrict users who can send messages to the group, modify a group icon or edit description, a feature for which it has taken a leaf out of rival Telegram’s book. To counter fake news, it added a ‘forwarded’ label. And now, limited the forwarding to five in India, and 20 in the rest of the markets, a significant reduction from 250 prior to that.</p>
<p style="text-align: justify; ">While the impact of these product tweaks is yet to be seen at an individual user level, the larger concern for WhatsApp today is the potential misuse of its platform to manipulate elections, a very real possibility next year.</p>
<h3 style="text-align: justify; ">Tipping Point</h3>
<p style="text-align: justify; ">The company’s noticeable change of tack comes after it noticed certain trends during the recent Karnataka elections, during which one of its executives spent a week in Bengaluru.</p>
<p style="text-align: justify; ">One of the political parties, which a person aware of the developments in WhatsApp declined to name, was using “dozens of accounts to create thousands of groups,” as part of its campaign.</p>
<p style="text-align: justify; ">The party, the source says, was adding random numbers (approximately 100) to the group during creation. By random numbers, he meant people who did not know each other, something WhatsApp can identify using the metadata it collects when a user gives it access to its phone book. WhatsApp deems this behaviour ‘organised spamming.’</p>
<p style="text-align: justify; ">“These were real people not necessarily known to each other,” says the person quoted above. “A specific account would be added to that group to be made the admin.”</p>
<p style="text-align: justify; ">Mostly, this admin was the number used to create these multiple groups or, in WhatsApp terms, the account that was not behaving the way private or group communication happens.</p>
<p style="text-align: justify; ">Also, the users would be a mix of fake accounts, which is a major red flag for WhatsApp. “The group starts with some bulk added users and then the real ones get bulk-added,” says the source. WhatsApp deems this practice a violation of its terms of service.</p>
<p style="text-align: justify; ">Company sources add that WhatsApp was able to detect these trends and proactively banned these users before they were able to add people. “In some cases, our systems didn’t catch this in time, but we were able to proactively prevent users from receiving such spam. That detection is now internalised and if someone tries to replicate that behaviour anywhere in the world, we will be able to detect them,” says another person familiar with developments at WhatsApp.</p>
<p style="text-align: justify; ">According to several media reports, the BJP and the Congress too created over 30,000 groups for campaigning and organising efforts. To counter organised political spamming, WhatsApp has now begun using machine learning tools. WhatsApp can trace the last few messages in a group and block it entirely from the platform. At the detection level, WhatsApp checks for familiarity. “Do the persons know each other, or have they interacted before?” through metadata it possesses through phone numbers.</p>
<p style="text-align: justify; ">The second person quoted in the story says the company now focuses its detection “upstream,” that is, catching the user at the registration stage. “When you register on WhatsApp and immediately create a group, questions asked are, ‘Does this behaviour look like what a regular user does? Or does it look like users who have misused it in the past?’” he says.</p>
<p style="text-align: justify; ">WhatsApp, sources tell ET, is also using machine learning to detect sequential numbers that could be used to create these groups. “If they go and buy a phone number, they go to one carrier and its mostly sequential. If we notice 100 numbers with the same prefix have signed up, nearly 80 get automatically banned. What we do is feed these sequences, permutations and combinations to detect good/bad users,” the person quoted above says. “It learns millions of these combination signals on behaviour and help us make a decision.”</p>
<h3 style="text-align: justify; ">Civil Society as a Key Layer</h3>
<p style="text-align: justify; ">WhatsApp also sees an enabling role for civil society, especially for digital literacy. Its team has currently met seven non-governmental organisations, including digital literacy groups and others involved in the area of financial inclusion. This is part of its public policy efforts while also solidifying its payments play.</p>
<p style="text-align: justify; ">“The level of responsibility for a platform is to not consciously cause — and, in fact, to take active measures to prevent — social harm,” says Gupta of IFF. “It has to be done without injury to end-to-end encryption, which offers safety and privacy to users.</p>
<p style="text-align: justify; ">Many products and product strategies can be adopted — from increasing media diversity on the platform to promoting auditing features that rely on partnerships with fact-checking organisations. We must demand accountability but resist the rhetorical attraction of technophobia.”</p>
<p style="text-align: justify; ">As ET has reported, WhatsApp will adapt a fact-checking model, Verificado 2018, deployed during the recent Mexican presidential elections. Verificado proactively debunked fake news and misinformation on the platform. “The rumours were found to be very similar to India.</p>
<p style="text-align: justify; ">Verificado was specifically focused on misinformation from candidates,” says the first person quoted in the story. “Plus, it helped effectively tackle misinformation during an earthquake in Mexico.”</p>
<p style="text-align: justify; ">For WhatsApp, one of the key learnings from the Mexico elections was that it could look at the spam reports and categorise them as politics-related. The company, unsurprisingly, saw an increase in political spam in the buildup to election day.</p>
<p style="text-align: justify; ">“They realised Verificado assists users to get help within the app. But it also aids news organisations, political parties, the government and users,” adds the person. The company is undertaking a similar exercise in Brazil, where 24 media outlets have come together under the Comprova initiative to fact-check viral content and rumours on WhatsApp.</p>
<p style="text-align: justify; ">Sunil Abraham, executive director of the Bengaluru-based Centre for Internet and Society believes WhatsApp can further tweak its product to enable real-time checks. “They can enable a ‘fact check this’ button for users to upload content to a fact-checking database. If the content has already been fact-checked, the score can be displayed immediately. Alternatively, the fact-checking service can return the score at a later date,” he explains.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections'>http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections</a>
</p>
No publisherAdminSocial MediaWhatsAppInternet GovernancePrivacy2018-07-25T15:27:20ZNews ItemPolice to counter fake news on WhatsApp
http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp
<b>State police across Karnataka, Assam, Telangana and Kerala are designing social media campaigns as an antidote to fake news on messaging apps like WhatsApp following claims that these platforms have been used to incite violence across several locations in recent weeks.</b>
<p style="text-align: justify; ">The article by Nilesh Christopher and Naveen Menezes was published in the <a class="external-link" href="https://www.gadgetsnow.com/tech-news/police-to-counter-fake-news-on-whatsapp/articleshow/64584326.cms">Times of India</a> on June 14, 2018. Pranesh Prakash was quoted. Also see the story on <a class="external-link" href="https://economictimes.indiatimes.com/news/politics-and-nation/police-join-social-media-to-counter-whatsapp-vitriol/articleshow/64580982.cms">Economic Times</a> here.</p>
<hr />
<p style="text-align: justify; ">Alarmed by the rising incidence of attacks on individuals as a result of rumours spread by users of the app — owned by social network <a class="key_underline" href="https://www.gadgetsnow.com/topic/facebook">Facebook</a> — law enforcement authorities across several states are intensifying community policing using the same platforms.<br /><br />Bengaluru police commissioner T Suneel Kumar said the department is creating awareness about #FakeRumourOnChildKidnappers on social media as well as by distributing pamphlets across the city. “We have not written to either Facebook or WhatsApp as they would take their own time to respond. Instead, we have alerted our police personnel to be aware of repetition and are reaching out to people through different means,” he told ET.<br /><br />Last month, a mob lynched a man in a Bengaluru locality suspecting him to be a child abductor.<br /><strong><br />SPECIAL POLICE TEAMS FORMED</strong><br />This was preceded by widely circulated videos on WhatsApp warning people about kidnappers being on the prowl in the city. Police arrested 25 people including four women and a minor in connection with the case.<br /><br />Incidents of lynching have also been reported across Assam, Telangana, Tamil Nadu and Kerala, where fake news and videos about suspected child abductors distributed on WhatsApp caused alarm among villagers.<br /><br />In Assam, over a dozen people have been arrested after a mob lynched two youngsters last week suspecting them to be child kidnappers. “We are monitoring social media and have chalked out counter strategies to ensure fake messages are not spread. The department also interacts with the public constantly,” DS Chauhan, Additional Commissioner of Police (Law and Order), Hyderabad City, told ET.<br /><br />“I do not have the details on whether anyone is arrested for spreading fake messages. It’s difficult to trace who started the rumours,” he said.<br /><br />In response to ET’s queries, a WhatsApp spokesperson said, “The privacy and security of our users is very important to WhatsApp. We've made it easy to block any phone number or report spam and we encourage people to report problematic messages so that we can take action. We’re also stepping up our education efforts so that people know about our safety features, as well as how to spot fake news or hoaxes on WhatsApp.”<br /><br />In Telangana and Assam, special police teams have been formed to monitor social media and to track fake messages and prepare a counter response.<br /><br />“In a week we get at least three calls of WhatsApp rumours causing unrest in various locations”, said an officer from the cybercrime branch of the Kerala Police.<br /><br />“We have given them (people) directions to start counter propaganda immediately, and we are assisting them in dispelling the rumour. We try to identify the administrator of the (WhatsApp) group that is used to spread rumours,” said the officer. He said the social messaging app has, so far, not cooperated with the police on these efforts.<br /><br /><strong>ANALYSTS DIVIDED</strong><br />Cyber security analysts are divided on whether more can be done by social media platforms to counter the rising threat of fake news on these platforms. “This is clearly a case of a platform like WhatsApp (owned by Facebook) not doing enough. Just because WhatsApp is end-to-end encrypted it does not mean their hands are tied,” said Pranesh Prakash, a fellow at the Centre for Internet and Society, a policy advocacy group.<br /><br />“The WhatsApp application is linked to a mobile number, the platform has access to trace the individual who spread rumours,” said Prakash. They (social media networks) can “remind or signal to users about the terms of services when anyone spreads rumours,” he added.</p>
<p style="text-align: justify; ">India has the largest user base for both WhatsApp and Facebook with over 240 million people accessing the platform. WhatsApp is also testing a digital payment system using the homegrown UPI network in the country.<br /><br />On the other hand, Apar Gupta, cofounder of Internet Freedom Foundation (IFF), reckons the danger from rumours that spread on WhatsApp is not just a technology issue but also a societal one.<br /><br />“Looking to decrease privacy in these platforms as a solution to curb fake news, or introducing a pre-screening mechanism to check every message that is sent is not a credible solution,” he said.<br /><br />To be sure, WhatsApp is testing a new feature wherein messages that are forwarded carry the tagline saying ‘forwarded as received’ alerting users that it is not an original creation but just a forward. The feature has not been rolled to all users in India.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp'>http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-06-26T01:45:20ZNews Item'Full belief in fake texts shows cops not trusted'
http://editors.cis-india.org/internet-governance/news/times-of-india-june-18-2018-full-belief-in-fake-texts-shows-cops-not-trusted
<b>Nilotpal Basu and Abhijeet Nath, an audio engineer and digital artiste, were beaten to death in Assam's Karbi Anglong last week based on rumours that they were kidnappers.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://timesofindia.indiatimes.com/india/full-belief-in-fake-texts-shows-cops-not-trusted/articleshow/64627080.cms">Times of India</a> on June 18, 2018. Pranesh Prakash was quoted. Inputs from Kim Arora.</p>
<hr />
<p style="text-align: justify; ">A manipulated <a class="key_underline" href="https://timesofindia.indiatimes.com/topic/whatsapp">WhatsApp</a> video is said to be the source of the panic. While it is just the medium and not the reason behind the killings, WhatsApp, with its 250-million users in India, allows rumours to travel farther than ever before. "In many non-urban areas, such WhatsApp videos are the first form in which people encounter the internet on their phones. They don't always go online and verify them," says Jency Jacob, who runs the fact checking outlet Boom. This gullibility can't be explained just by class or education, he says. "Technology makes it easy to believe what you want to believe and spread it," says Jacob.</p>
<p style="text-align: justify; ">The spread of internet gives wings to rumours in pockets where kidnappings are a real fear. The states where lynchings have been reported are also among those with high figures for child abductions. Technology has helped rumours travel greater distances with greater impunity, says Pranesh Prakash, fellow at Centre for Internet and Society, recalling that child abduction rumours led to a lynching in Tamil Nadu in 2015 too, but this time, "such rumours have spread all over South India". And as the Karbi Anglong killings show, to Assam as well.<br /><br />WhatsApp being an encrypted platform, police cannot trace the source of the rumourmongering. WhatsApp did not respond to TOI's queries on tracing origins of hate messages, but a spokesperson shared a statement saying they "block automated messages" and are educating people about spotting fake news and hoaxes.</p>
<p style="text-align: justify; ">In many cases, law enforcement has failed at a more basic level. Child abduction is a disturbing rumour, designed to provoke an emotional reaction, but other anxieties are at work too. "Rumours tend to escalate when there is a lack of official information, and clearly many feel what happens to them and their children does not get attention at higher levels," says sociologist Dipankar Gupta. It also points to a collapse in the state's credibility, he says. So, Gupta says, "there is no seeking of justice, only reprisal."</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/times-of-india-june-18-2018-full-belief-in-fake-texts-shows-cops-not-trusted'>http://editors.cis-india.org/internet-governance/news/times-of-india-june-18-2018-full-belief-in-fake-texts-shows-cops-not-trusted</a>
</p>
No publisherAdminSocial MediaWhatsAppInternet Governance2018-06-26T01:21:04ZNews ItemDeath By WhatsApp
http://editors.cis-india.org/internet-governance/news/death-by-whatsapp
<b>The fatal messages were both in text and in audio. They were in Telugu, Kannada, Tamil, Hindi, Assamese and Gujarati among others.</b>
<p>This was published by News18.com on June 25, 2018. Sunil Abraham was quoted.</p>
<hr />
<div class="main"><section class="standar">
<div class="article">
<div class="chat">
<p class="guest-chat chat-item">Guys please be on high alert<span class="time" style="float: right; ">10:24 PM</span></p>
<p class="guest-chat chat-item">Three kids were kidnapped from my friend’s area this morning.. There were 10 guys giving biscuits and people from that area have caught all 10 n 5 more based on their info...<span class="time" style="float: right; ">10:24 PM</span></p>
<p class="guest-chat chat-item">Cops arrived at scene and informed that 400 people have landed in Hyderabad (or Bangalore or Chennai or KarbiAnglong or Singhbhum or any other place) for child trafficking. Check my next video and repost. Parents pls be on high alert.<span class="time" style="float: right; ">10:25 PM</span></p>
</div>
</div>
</section></div>
<p><span>The Snowball Effect</span></p>
<p> </p>
<p><section class="standar">
<div class="article">
<p>No one had any idea where the messages originated from or who was the original sender. But when it comes to the safety of one’s children, these questions become irrelevant.</p>
<p>Maybe, if someone had stopped to ask these questions, this fake WhatsApp message wouldn’t have led to 22 murders in one year. These 22 ‘outsiders’ were lynched by mobs on the mere suspicion of being the non-existent ‘child lifters’.</p>
<p>Phony as a three-dollar bill, the message spread like forest fire from Jharkhand to Tamil Nadu and Assam to Gujarat. In each state, it preyed on the raging ‘local versus outsider’ sentiment. It started doing the rounds of southern states around the time when political discourse was hijacked by the ‘North versus South’ debate.</p>
<p>It might be easy now to scoff at those who believed and further shared the fake message, but hindsight is always a perfect 20/20.</p>
<p>In fact, according to a research by University of Warwick, 40% of fake news cannot be spotted by average educated adults. Even if they do feel something is amiss, only 45% adults can place their finger on what exposes the news as fake.</p>
<blockquote style="text-align: center; ">Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.</blockquote>
<p>Social media and internet penetration have only aggravated the problem in India, where the written word is rarely doubted.</p>
<section class="creative fullContent" style="text-align: center; "></section>
<p>In the last four years, social media usage in the country has gone up by 150% with an 83% increase in smartphone ownership. Such proliferation and the availability of competitive data plans have ensured digital intrusion in areas where people have had no exposure to the concept of fake news or digital privacy.</p>
<p>Caveat emptor does not apply in this case, says Sunil Abraham, the Executive Director of Bangalore-based research organisation Centre for Internet and Society.</p>
</div>
</section><a id="timeline"></a><span> </span><section class="standar">
<div class="article">
<h3>A Timeline of Deaths</h3>
</div>
</section><iframe frameborder="0" height="650" src="https://cdn.knightlab.com/libs/timeline3/latest/embed/index.html?source=1d_HmPpGkzy1jK9MI83KY2I0FF8uPTuLVVcoPhSDKDkA&font=Default&lang=en&initial_zoom=2&height=650" width="100%"></iframe><span> </span><section class="standar">
<div class="article"></div>
</section><a id="propaganda"></a><span> </span><section class="propaganda fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 1</h3>
<h1>The Propaganda Machine</h1>
</section><section class="standar">
<div class="article">
<p>WhatsApp has unfortunately become a fertile breeding ground for parasites that prey on fear. At present, it has 200 million active users. These users are potential victims of fake news given the complex form of anonymity that WhatsApp offers. It is mainly to arrest the fake news propaganda that the first step in violence-hit areas is to suspend internet services.</p>
<p>In this case, too, the original culprits took cover in this anonymity and experts believe they may never be unmasked. While Facebook and other social media websites are under pressure to address the menace, an inter-personal software, such as WhatsApp, skirts the scanner.</p>
</div>
</section><section class="standard" style="text-align: center; ">
<div class="flourish-embed"><iframe frameborder="0" scrolling="no" src="https://public.flourish.studio/visualisation/63741/embed?auto=1"></iframe></div>
</section><section class="standar">
<div class="article">
<p>“Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups. My guess is that they would have started it (the rumours) on WhatsApp because it is difficult to trace. Once it starts, it (the message) makes its way to everywhere. Somebody gets it on WhatsApp, they put it on their Facebook profile or forward to other WhatsApp users. It goes across multiple platforms. It is not limited to one platform,” says Alt News co-founder Pratik Sinha.</p>
<blockquote style="text-align: center; ">Those who are passing the rumours cannot be traced or haven’t been traced purely because they are on WhatsApp groups</blockquote>
<p>Given its penetration, WhatsApp has emerged as a cheap medium to propagate hate.</p>
<p>Police officials investigating the murder of senior journalist and Left-leaning thinker Gauri Lankesh in Bengaluru were surprised to find out that a key suspect was an ‘admin’ for hundreds of groups.</p>
</div>
</section><section class="standard" style="text-align: center; ">
<div class="flourish-embed"><iframe frameborder="0" scrolling="no" src="https://public.flourish.studio/visualisation/63722/embed?auto=1"></iframe></div>
</section><section class="standar">
<div class="article">
<p>KT Naveen Kumar, a college dropout, floated his outfit ‘Hindu Yuva Sena’ in Mandya near Bengaluru three years ago. The Hindutva activist confessed to the police that he created several WhatsApp groups — Hindu Yuva Sena, Jago Hindu Maddur, Bajrang Maddur and Kaveri Boys among others — to propagate his ‘Save Hinduism’ agenda.</p>
<p>Once you create a WhatsApp group and add ‘participants’, you are free to make others the ‘admin’, who in turn can add scores of people to the group. There is no known cap to the number of participants in a WhatsApp group.</p>
</div>
</section><section class="intro" style="text-align: center; ">
<p style="text-align: left; "><strong>How To Spot Fake News</strong></p>
</section><section class="standar">
<div class="article">
<div class="embed-container"><iframe frameborder="0" src="https://www.youtube.com/embed//jIBYG9Lr2ps"></iframe></div>
</div>
</section><a id="jharkhand"></a><span> </span><section class="jharkhand fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 2</h3>
<h1>Jharkhand</h1>
</section><section class="standar">
<div class="article">
<p>The fake message on ‘child lifters’ added fuel to fire in Jharkhand, which has been plagued by child abductions and kidnappings for years. Young girls from the state have been known to be abducted and forced into modern-day slavery in other states.</p>
<p>Villagers, who had never heard of the concept of fake news, bought into the rumours. And since a photo can say a 1,000 fake words as well, graphic images freely available on the internet were used alongside the message. The propaganda did the trick and aroused murderous rage among the local tribal population.</p>
<p>At least nine people were killed in separate incidents over as many days in Singhbhum district. Angry mobs beat and hacked the victims to death, assuming they were saving their young ones from ‘child lifting’ gangs that were rumoured to be abducting children for organ trade.</p>
<p>The death toll would have been higher had protest marches against the fake news and the killings not been held in cities like Jamshedpur. While these protests did not get the police to act against hate mongers on social media, the uproar publicised the fact that the message was a fake one.</p>
<p>Over the next few days, alleged ‘child lifters’ were caught in other villages, but were duly handed over to the police.</p>
<p>The disinformation campaign died a natural death in Jharkhand, but moved to a new hunting ground.</p>
</div>
</section><a id="tamilnadu"></a><span> </span><section class="tamilnadu fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 3</h3>
<h1>Tamil Nadu</h1>
</section><section class="standar">
<div class="article">
<p>More than 2,000 km from Jharkhand, the message landed in Tamil Nadu with an additional detail — be wary of ‘North India people’. It warned of a gang of 400 ‘North Indians’ out to lure children for organ trade. These people, the message added, may try to gain entry inside homes on the pretext of being repair men or hawkers. Again, the images of mutilated bodies did the trick.</p>
<p>No one stopped to think whether a ‘gang of 400 outsiders’ could travel undetected. No one called the 100 helpline to confirm the rumour with the police. The mere ‘police-arrived-at-the-scene’ was enough to convince people of its authenticity.</p>
<p>A man in Thiruvalluvar, north of Chennai, became the state’s first victim of the fake news. A mob beat him mercilessly and hung him from a bridge in Pulicat on May 10.</p>
<blockquote style="text-align: center; ">The mob didn’t even give her a chance to be heard.</blockquote>
<p>The second lynching came in less than 24 hours. This time the victim was an elderly woman identified as Rukmani in the temple town of Thiruvannamalai. She was returning from a temple visit with her relatives when they stopped their car at a village. Rukmani was handing out ‘foreign chocolates’ to local children when word spread that a woman was ‘luring’ kids with sweets.</p>
<p>“The mob didn’t even give her a chance to be heard. Giving out chocolates to children doesn’t make you a child trafficker. I’m scared to even step out after this incident,” says a relative who was in the car with Rukmani and was grievously injured.</p>
<p>Police officials rounded up at least 30 people and charged them with murder.</p>
</div>
</section><a id="aptelangana"></a><span> </span><section class="aptelangana fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 4</h3>
<h1>Andhra Pradesh & Telangana</h1>
</section><section class="standar">
<div class="article">
<p>The mob madness spread to Andhra Pradesh and Telangana next, again preying on anti-migrant sentiment. The first attack was reported mid-May when 12 people were suspected to be members of ‘Parthi’ gang, a group notorious for dacoity in Madhya Pradesh and Maharashtra.</p>
<p>A couple of days later, a mob beat up two beggars in Vishakhapatnam, killing one of them.</p>
<p>Another horrific attack unfolded in Hyderabad where a transgender was stoned to death by a mob of 200. The victim had travelled from Mahabubnagar district with three others to seek alms in the holy month of Ramzan.</p>
<p>Soon, the fake news reached other districts. A man visiting a relative in Nizamabad was killed when he failed to give ‘satisfactory’ explanation to the mob about his presence there.</p>
<p>A murder in Yadadri district of Telangana, an attack on nine people in Vikarabad district and an assault on a woman at the Guntur railway station followed within days.</p>
</div>
</section><a id="karnataka"></a><span> </span><section class="karnataka fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 5</h3>
<h1>Karnataka</h1>
</section><section class="standar">
<div class="article">
<p>The mob mentality fuelled by the fake news campaign reached Karnataka, where the ‘local versus outsider’ debate had reached fever pitch during election campaigning.</p>
<p>WhatsApp users in Bengaluru, India’s Silicon Valley, started receiving warnings on ‘child lifters’ in Kannada.</p>
</div>
</section><section class="standar">
<div class="article">
<div class="chat">
<p class="guest-chat chat-item">“Don’t leave your kids unattended..if you find such traffickers, tie them up and call the cops (sic),” one such message advised.<span class="time" style="float: right; ">04:24 PM</span></p>
</div>
</div>
</section><section class="standar">
<div class="article">
<p>A 26-year-old construction labourer from Rajasthan, identified as Kalu Ram, who had come to look for work was tied with a rope, dragged through the streets of Chamarajpet in west Bengaluru. Beaten with bats and other household ‘weapons’, he succumbed to his injuries.</p>
<p>According to Additional Commissioner (West) BK Singh, India saw a similar kind of 'madness’ 20 years ago with the ‘Ganesha drinking milk’ rumour, but WhatsApp has taken it to a dangerous new height.</p>
<p>“This hapless man was walking alone. Two persons standing there saw him and started following him to a shop just 100 metres away. Suddenly, a crowd gathered. People brought whatever they could find in their homes — cricket bats, stumps, ropes etc,” Singh says.</p>
<p>“Once a crowd becomes a mob, you cannot control it. Many of them may be meek persons individually, but they are taken in by the presence of the mob. The mob thinks that if they act collectively, police won’t act and they can get away easily,” Singh adds.</p>
<blockquote style="text-align: center; ">People brought whatever they could find in their homes — cricket bats, stumps, ropes etc.</blockquote>
<p>Around 20 people were arrested based on CCTV footage and videos taken by bystanders, who did nothing to help the hapless victim. One of the main accused is 26-year-old Anbu, who has other criminal cases pending against him. Four women and a minor were among those in custody. All of them face murder charges now.</p>
<p>The spread of the fake news in Tamil Nadu may also have led to the violence.</p>
<p>Pension Mohalla in Bakshi Garden where the attack took place has a dominant Tamil population. Some of them could have been aware of the rumours before it made its way to Bengaluru. When the WhatsApp messages started doing the Silicon Valley’s rounds, it may have been perceived as a confirmation of the fake news.</p>
<p>Another person was killed under similar circumstances in Salem. The state witnessed seven more such attacks.</p>
</div>
</section><a id="assam"></a><span> </span><section class="assam fullContent" style="text-align: center; "></section><section class="intro" style="text-align: center; ">
<h3>CHAPTER 6</h3>
<h1>Assam</h1>
</section><section class="standar">
<div class="article">
<p>The latest casualty of the fake news was reported in Assam, again a state which deals with anti-migrant sentiment.</p>
<p>On June 8, two youths from Guwahati were battered to death in Karbi Anglong district on suspicion of being child lifters. Police said Abhijit Nath and Nilutpal Das were on their way to the Kanthe Langshu picnic spot when their vehicle was attacked by a group of men at Panjuri Kachari village, 16 km from Dokmoka town.</p>
<p>Eyewitnesses said the two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.</p>
<p>“It happened when some locals informed a group of villagers about two men travelling in a black car with an abducted child. These few villagers were drinking in the roadside <em>dhaba</em> and immediately called upon more people to trace the car and catch them. The mob stopped the car and surrounded the two boys inside. The village elders tried to stop them from beating the boys, but they would not listen,” said a local shopkeeper.</p>
<blockquote style="text-align: center; ">The two boys were brutally beaten with bamboo poles and wood, and tortured to death by a mob of allegedly inebriated villagers.</blockquote>
<p>This incident was yet again preceded by paranoia fuelled by WhatsApp forwards. The messages warned people of 'sopadhora' (child lifters) being on the prowl. Many in Karbi Anglong, one of the most backward areas of the country, took those messages as gospel.</p>
<p>“We have arrested 35 people so far. Some of them are directly involved in the attack, while one has been arrested for posting objectionable content on social media, inciting communal violence soon after the incident took place. There’s no substance to the rumour of ‘sopadhora’ (child lifters) in the area. But it had created a fear psychosis among people here,” says Agarwal.</p>
</div>
</section></p>
<p> </p>
<p> </p>
<h4 class="desktop">Death By Whatsapp</h4>
<ul style="list-style-type: none; ">
<li class="link01 item" style="padding-left: 25px; "><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#timeline"><span class="desktop">TIMELINE OF DEATHS</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#propaganda"><span class="desktop">THE PROPAGANDA MACHINE</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#jharkhand"><span class="desktop">JHARKHAND</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#tamilnadu"><span class="desktop">TAMILNADU</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#aptelangana"><span class="desktop">ANDHRA PRADESH & TELANGANA</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#karnataka"><span class="desktop">KARNATAKA</span></a></li>
<li class="link03 item"><a href="https://www.news18.com/news/immersive/death-by-whatsapp.html#assam"><span class="desktop">ASSAM</span></a></li>
</ul>
<p> </p>
<p> </p>
<p><footer style="text-align: center; ">
<h5>Credits</h5>
<p class="sources">Producer <i>— Sheikh Saaliq</i> <br />Concept <i>— Subhajit Sengupta</i><br />Reporters <i>— Deepa Balakrishnan, Stacy Pereira, Sakshi Khanna, Poornima Murali, Karishma Hasnat, Suhas Munshi, Nitya Thirumalai </i><br />Illustrations: <i>— Mir Suhail</i><br />Timeline<i> — Mayank Mohanti</i><br /><br />Data: News18 research</p>
</footer></p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/death-by-whatsapp'>http://editors.cis-india.org/internet-governance/news/death-by-whatsapp</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-06-25T15:47:41ZNews ItemPatanjali's Kimbho swiftly retreats over security scare, ripped on Twitter
http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter
<b>Swadeshi" messaging app targeted at WhatsApp taken off from app stores hours after launch.</b>
<p style="text-align: justify; ">The article by Alnoor Peermohamed and Manavi Kapur was published in the <a class="external-link" href="https://www.business-standard.com/article/companies/patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter-118053101326_1.html">Business Standard</a> on May 31, 2018. Gurshabad Grover was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The fate of Patanjali’s “swadeshi” instant messaging app Kimbho was sealed in the span of just a few hours, thanks to viral messages being shared on Facebook-owned WhatsApp, the app that the Baba Ramdev-promoted company was trying to combat.</p>
<p style="text-align: justify; "><a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>on Thursday launched Kimbho with the sole intent of checking the rise of messaging giant <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp </a>in India. However, after Kimbho’s various data vulnerabilities were exposed by the security expert and whistleblower who goes by the pseudonym Elliot Alderson on Twitter, the app made a quiet exit from Google’s Play Store.</p>
<p style="text-align: justify; "><iframe frameborder="0" height="1" marginheight="0" marginwidth="0" scrolling="no" title="3rd party ad content" width="1"></iframe></p>
<p style="text-align: justify; ">Jokes surrounding the app’s quick retreat spread like wildfire on rival platform <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp.</a> It was perhaps the quickest rise and fall in the popularity of a mobile application.</p>
<p style="text-align: justify; ">Alderson, who has exposed data breaches in the UIDAI’s website, took to Twitter to rip apart the <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=kimbho+app" target="_blank">Kimbho app.</a> “This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app,” he wrote. His next tweet sent alarm bells ringing among users: “The #Kimbho #android #app is a security disaster. I can access the messages of all the users...”</p>
<p style="text-align: justify; ">Kimbho, though, claims that every message on its platform is encrypted by the Advance Encryption Standard and that it saves “no data on our servers or cloud”. But Alderson pointed out that the one-time password security could be worked around. “It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted. Kimbho, explained as a Sanskrit greeting by S K Tijarawala, Ramdev’s spokerperson, on Twitter, is also a patched-up application over the existing Bolo messaging app.</p>
<p style="text-align: justify; ">This is most likely the reason the app was taken off the Google Play Store. “There were basic authentication and authorisation related vulnerabilities where an end user can see the data of other users. These flaws may be the reason the developers took down the app. Google flags such things,” said Anand Prakash, a Bengaluru-based ethical hacker.</p>
<p style="text-align: justify; ">“<a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp </a>uses end-to-end encryption that essentially means even they can’t access the messages you send. But Kimbho, on the other hand, was not using end-to-end security and probably even saving every message as plain text on its server,” adds Gurshabad Grover, policy officer at the Centre for Internet and Society.</p>
<p style="text-align: justify; ">Google did not respond to queries about whether the developer took the app down or Google flagged it as unsecure. Kimbho declared on its Twitter handle that its app was removed from the Play Store because of heavy traffic, claiming that it was downloaded 150,000 times in a mere three hours since its launch.</p>
<p style="text-align: justify; ">On Apple’s App Store, it was trending in the social networking category at the fourth position in India, just below WhatsApp, Facebook and Facebook’s Messenger, and above popular messaging apps such as Skype, LinkedIn and hike messenger.</p>
<p style="text-align: justify; ">Tijarawala had announced Kimbho’s launch on Twitter, calling it an app developed by the “shishyas” (disciples) and “navdikshit sadhus” (newly ordained priests) of Ramdev and Acharya Balkrishna, managing director, <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>Ayurved and co-founder, <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>Yogpeeth in Haridwar. Tijarawala’s tweet also claimed that this app was built using “swadeshi” techniques, though what these are remains a mystery. Emails, text messages and calls to Tijarawala went unanswered.</p>
<p style="text-align: justify; ">In keeping with an “Indian” aesthetic, the app’s logo has a “shankh” (conch shell), perhaps signifying a war cry against foreign-born WhatsApp, which has over 200 million active users in India. The conch shell also blends well with Kimbho’s tag line, “Ab Bharat Bolega” (now India will speak). But that is where its tenuous Indianness begins to crumble.</p>
<p style="text-align: justify; ">While the app was registered as a product of <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali+ayurved" target="_blank">Patanjali Ayurved </a>on the Play Store, the developer on Apple’s App Store is Appdios Inc, a San Francisco-based app development company. Aditi Kamal and Sumit Kumar are this company’s founders according to LinkedIn. The duo has worked with technology giants such as Google and Apple and hold masters degrees from University of Southern California in the US. A blonde man features on the screenshots that the app has featured on its landing page on the App Store.</p>
<p style="text-align: justify; ">Taking forward Bolo’s keyboard suggestions, cheekily called “Quickies”, Kimbho offers pre-typed messages such as “hugs and kisses”, “what the heck” and “parents are watching”. Whether these millennial-friendly features and Kimbho itself are an attempt to get young millennials in touch with their “swadeshi” roots remains to be seen.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter'>http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-06-01T14:15:44ZNews ItemDon't blindly forward WhatsApp messages. You could be sued
http://editors.cis-india.org/internet-governance/news/deccan-herald-rajitha-menon-surupasree-sarmmah-dont-blindly-forward-whatsapp-messages-you-could-be-sued
<b>Never before in Bengaluru has the Internet and social media taken such a vicious and violent turn as it did last week.</b>
<p>The article by Rajitha Menon and Surupasree Sarmmah was published in the <a class="external-link" href="https://www.deccanherald.com/metrolife/your-bond-bengaluru/don-t-blindly-forward-whatsapp-messages-you-could-be-sued-672304.html">Deccan Herald</a> on May 29, 2018.</p>
<hr />
<p>A fake Whatsapp message that went viral has led to the death of a man in Chamarajpet. But Bengaluru is not alone. In the recent past many have been lynched in Andhra Pradesh, Telangana, Tamil Nadu, Uttarakhand, Jharkhand and Hyderabad over rumours and fake videos.</p>
<p style="text-align: justify; ">In tech-savvy Bengaluru, a 26-year old man was beaten to death in Chamarajpet by a mob that mistook him for a kidnapper. "The big problem is that for a large part of India, WhatsApp is the first exposure to the Internet. What they see there becomes news; people don't do a critical analysis of what comes their way," says Swaraj Barooah, senior programme manager, Centre for Internet & Society, Bengaluru.</p>
<p style="text-align: justify; ">What are the legal implications of forwarding fake WhatsApp news? "It's a grey area in terms of current regulation," he says.</p>
<p style="text-align: justify; ">However, he advises caution: don't circulate messages you can't vouch for.</p>
<p style="text-align: justify; ">MT Nanaiah, senior advocate says, "If a message is intended to harm a person's reputation, it might come under the purview of the Indian Penal Code Section 499 A, which defines defamation and Section 500, which defines the punishment."</p>
<p style="text-align: justify; ">Defamation can attract a punishment of up to two years in jail and a fine. Victims of fake forwards can also sue for damage, he says.</p>
<p style="text-align: justify; ">In Varanasi, district officials are holding WhatsApp admins responsible for fake news, and issued guidelines.</p>
<p style="text-align: justify; ">"I think the courts have been doing a flip-flop on this. I am not sure but the legal validity is weak to hold admins responsible for what happens in the group," notes Barooah.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/deccan-herald-rajitha-menon-surupasree-sarmmah-dont-blindly-forward-whatsapp-messages-you-could-be-sued'>http://editors.cis-india.org/internet-governance/news/deccan-herald-rajitha-menon-surupasree-sarmmah-dont-blindly-forward-whatsapp-messages-you-could-be-sued</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-05-31T23:49:19ZNews ItemWhat’s up with WhatsApp?
http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp
<b>In 2016, WhatsApp Inc announced it was rolling out end-to-end encryption, but is the company doing what it claims to be doing?</b>
<p style="text-align: justify; ">The article by Aayush Rathi and Sunil Abraham was published in <a class="external-link" href="http://www.atimes.com/article/whats-up-with-whatsapp/">Asia Times</a> on April 20, 2018.</p>
<hr />
<p style="text-align: justify; ">Back in April 2016, when WhatsApp Inc announced it was rolling out end-to-end encryption (E2EE) for its billion-plus strong user base as a default setting, the messaging behemoth signaled to its users it was at the forefront of providing technological solutions to protect privacy.</p>
<p class="p4" style="text-align: justify; ">Emphasized in the security white paper explaining the implementation of the technology is the encryption of both forms of communication – one-to-one and group and also of all types of messages shared within such communications – text as well as media.</p>
<p class="p4" style="text-align: justify; ">Simply put, all communication taking place over WhatsApp would be decipherable only to the sender and recipient – it would be virtual gibberish even to WhatsApp.</p>
<p class="p4" style="text-align: justify; ">This announcement came in the backdrop of <a href="https://www.theguardian.com/us-news/2016/feb/17/apple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi">Apple locking horns with the FBI</a> after being asked to provide a backdoor to unlock the San Bernardino mass shooter’s iPhone. This further reinforced WhatsApp Inc’s stand on the ensuing debate between the interplay of privacy and security in the digital age.</p>
<p class="p4" style="text-align: justify; ">Kudos to WhatsApp, for there is <a href="http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx">growing discussion</a> around how encryption and anonymity is central to enabling secure online communication which in turn is integral to essential human rights such as those of freedom of opinion and expression.</p>
<p class="p4" style="text-align: justify; ">WhatsApp may have taken encryption to the masses, but here we outline why WhatsApp’s provisioning of privacy and security measures needs a more granular analysis – is the company doing what it claims to be doing? Security issues with WhatsApp’s messaging protocol certainly are not new.</p>
<h3 style="text-align: justify; ">Man-in-the-middle attacks</h3>
<p class="p4" style="text-align: justify; ">A <a href="https://eprint.iacr.org/2017/713.pdf">study</a> published by a group of German researchers from Ruhr University highlighted issues with WhatsApp’s implementation of its E2EE protocol to group communications. Another <a href="https://courses.csail.mit.edu/6.857/2016/files/36.pdf">paper</a> points out how WhatsApp’s session establishment strategy itself could be problematic and potentially be targeted for what are called man-in-the-middle (MITM) attacks.</p>
<p class="p4" style="text-align: justify; ">An MITM attack takes the form of a malicious actor, as the term suggests, placing itself between the communicating parties to eavesdrop or impersonate. The Electronic Frontier Foundation also <a href="https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns">highlighted</a> other security vulnerabilities, or trade-offs, depending upon ideological inclinations, with respect to WhatsApp allowing for storage of unencrypted backups, issues with WhatsApp’s web client and also with its approach to cryptographic key change notifications.</p>
<p class="p4" style="text-align: justify; ">Much has been written questioning WhatsApp’s shifting approach to ensuring privacy too. Quoting straight from <a href="https://www.whatsapp.com/legal/#privacy-policy-affiliated-companies">WhatsApp’s Privacy Policy:</a> “We joined the Facebook family of companies in 2014. As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies.” Speaking of Facebook …</p>
<p class="p4" style="text-align: justify; ">Culling out larger issues with WhatsApp’s privacy policies is not the intention here. What we specifically seek to explore is right at the nexus of WhatsApp’s security and privacy provisioning clashing with its marketing strategy: the storage of data on WhatsApp’s servers, or ‘blobs,’ as they are referred to in the technical paper. Facebook’s rather. In WhatsApp’s words: “Once your messages (including your chats, photos, videos, voice messages, files and share location information) are delivered, they are deleted from our servers. Your messages are stored on your own device.”</p>
<p class="p4" style="text-align: justify; ">In fact, this non-storage of data on their ‘blobs’ is emphasizes at several other points on the official website. Let us call this the deletion-upon-delivery model.</p>
<h3 style="text-align: justify; ">A simple experiment</h3>
<p class="p4" style="text-align: justify; ">While drawing up a rigorous proof of concept, made near-impossible thanks to WhatsApp being a closed source messaging protocol, a simple experiment is enough to raise some very pertinent questions about WhatsApp’s outlined deletion-upon-delivery model. It should, however, be mentioned that the Signal Protocol developed by Open Whisper Systems and pivotal in WhatsApp’s rolling out of E2EE is <a href="https://github.com/signalapp">open source</a>. Here is how the experiment proceeds:</p>
<p class="p4" style="text-align: justify; "><i>Rick sends Morty an attachment.</i></p>
<p class="p4" style="text-align: justify; "><i>Morty then switches off the data on her mobile device.</i></p>
<p class="p4" style="text-align: justify; "><i>Rick downloads the attachment, an image.</i></p>
<p class="p4" style="text-align: justify; "><i>Subsequently, Rick deletes the image from his mobile device’s internal storage.</i></p>
<p class="p4" style="text-align: justify; "><i>Rick then logs into a WhatsApp’s web client on his browser. (Prior to this experiment, both Rick and Morty had logged out from all instances of the web client)</i></p>
<p class="p4" style="text-align: justify; "><i>Upon a fresh log-in to the web client and opening the chat with Morty, the option to download the image is available to Rick.</i></p>
<p class="p4" style="text-align: justify; ">The experiment concludes with bewilderment at WhatsApp’s claim of deletion-upon-delivery as outlined earlier. The only place from which Morty could have downloaded the image would be from Facebook’s ‘blobs.’ The attachment could not have been retrieved from Morty’s mobile device as it had no way of sending data and neither from Rick’s mobile device as it no longer existed in the device’s storage.</p>
<p class="p4" style="text-align: justify; ">As per the Privacy Policy, the data is stored on the ‘blobs’ for a period of 30 days after transmission of a message only when it can’t be delivered to the recipient. Upon delivery, the deletion-upon-delivery model is supposed to kick in.</p>
<p class="p4" style="text-align: justify; ">Another straightforward experiment that leads to a similar conclusion is seeing the difference in time taken for a large attachment to be forwarded as opposed to when the same large attachment is uploaded. Forwarding is palpably quicker than uploading afresh: non-storage of attachments on the ‘blob’ would entail that the same amount should be taken for both.</p>
<p class="p4" style="text-align: justify; ">The plot thickens. WhatsApp’s Privacy Policy goes on to state: “To improve performance and deliver media messages more efficiently, such as when many people are sharing a popular photo or video, we may retain that content on our servers for a longer period of time.” The technical paper offers no help in understanding how WhatsApp systems assess frequently shared encrypted media messages without decrypting it at its end.</p>
<p class="p4" style="text-align: justify; ">A possible explanation could be the usage of metadata by WhatsApp, which it discloses in its Privacy Policy while simultaneously being sufficiently vague about the specifics of it. That WhatsApp may be capable of reading encrypted communication through the inclusion of a backdoor bodes well for law enforcement, but not so much for unsuspecting users.</p>
<h3 style="text-align: justify; ">The weakest link in the chain</h3>
<p class="p4" style="text-align: justify; ">Concerns about backdoors in WhatsApp’s product have led the French government to start developing their <a href="https://www.reuters.com/article/us-france-privacy/france-builds-whatsapp-rival-due-to-surveillance-risk-idUSKBN1HN258">own encrypted messaging service</a>. This will be built using Matrix – an open protocol designed for real-time communication. Indeed, the Privacy Policy lays out that the company “may collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to respond pursuant to applicable law or regulations, to legal process, or to government requests.”</p>
<p class="p4" style="text-align: justify; ">The Signal Protocol is the undisputed gold standard of E2EE implementations. It is the integration with the surrounding functionality that WhatsApp offers which leads to vulnerabilities. After all, a chain is only as strong as its weakest link. Assuming that the attachments stored on the ‘blobs’ are in encrypted form, indecipherable to all but the intended recipients, this does not pose a privacy risk for the users from a technological point of view.</p>
<p class="p4" style="text-align: justify; ">However, it is easy lose sight of the fact that the Privacy Policy is a legally binding document and it specifically states that messages are not stored on the ‘blobs’ as a matter of routine. As a side note, WhatsApp’s Privacy Policy and Terms of Service are refreshing in their readability and lack of legalese.</p>
<p class="p4" style="text-align: justify; ">As we were putting the final touches to this piece, <a href="https://wabetainfo.com/whatsapp-allows-to-redownload-deleted-media/#more-2781">news from <i>WABetaInfo</i></a>, a well-reputed source of information on WhatsApp features, has broken that newer updates of WhatsApp for Android are permitting users to re-download media deleted up to three months back. WhatsApp cannot possibly achieve this without storing the media in the ‘blobs,’ or in other words, in violation of its Privacy Policy.</p>
<p class="p4" style="text-align: justify; ">As the aphorism goes: “When the service is free, you are the product.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp'>http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp</a>
</p>
No publisherAayush Rathi and Sunil AbrahamSocial MediaPrivacyInternet GovernanceFeaturedWhatsAppHomepage2018-04-23T16:45:51ZBlog EntryNasscom chief saying full data protection isn’t possible should wake us from our digital slumber
http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber
<b>Considering India is rapidly moving towards a digital economy, the hurdles not withstanding, data and identity security are topics which have to be taken very seriously. Since the demonetisation, a large part of the population who would never bother with digital transactions has suddenly come online. But there is no such thing as complete security of personal data, according to Nasscom chief R Chandrashekhar.</b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="http://tech.firstpost.com/news-analysis/nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber-367183.html">First Post</a> on March 16, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Attending the World Consumer Rights Day, R Chandrashekhar said that personal data of online consumers cannot be completely secure and stressed on the need to have strict enforcement of consumer protection laws. Speaking to <i>PTI,</i> Chandrashekhar said, “More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT.”</p>
<p style="text-align: justify; "><b>It’s high time we call a spade, a spade</b></p>
<p style="text-align: justify; "><b><img alt="Image: PIB" class="wp-image-367245 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2017/03/RChandrasekhar_PIB380.jpg" width="640" /><br /></b>R Chandrashekhar, President Nasscom. Image: PIB</p>
<p style="text-align: justify; ">Coming from the head of Nasscom, this announcement pertaining to security is very important. According to Chandrashekhar one cannot expect complete cyber security, but there are definitely ways in which such attacks and incidents can be minimised. He very rightly said that that protecting the online consumer data, specially looking at how rapidly e-commerce is growing in the country, is of prime importance.</p>
<p style="text-align: justify; ">One cannot help but agree with Chandrashekhar, specially considering the fact India <a href="http://tech.firstpost.com/news-analysis/demonetisation-privacy-laws-need-to-be-in-place-before-giving-the-biggest-push-to-digital-transactions-348478.html"><b>does not have a privacy law ecosystem</b></a> that is present in countries such as the US and the UK, where online consumer protection is taken very seriously. <a href="http://tech.firstpost.com/news-analysis/facebook-asked-to-delete-whatsapp-user-data-in-germany-over-data-protection-law-infringement-337708.html"><b>Germany</b></a> and <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwjljYHpzNrSAhUkSI8KHa6oB_MQFgg2MAQ&url=http%3A%2F%2Ftech.firstpost.com%2Fnews-analysis%2Ffrance-fines-google-150000-euros-over-data-privacy-216266.html&usg=AFQjCNE15FPlAi9rR5yCXNzS_hnua81QAw&sig2=GVGgF_cxGNhXo-SJhLo4Gg&bvm=bv.149397726,d.c2I" rel="nofollow"><b>other EU nations</b></a> have always been at the forefront, when it comes to protecting data privacy, and it has ensured that consumer-facing technology companies do not run roughshod when it comes to protecting user data.</p>
<p style="text-align: justify; ">Chandrashekhar stated that there was no need for separate regulations for e-commerce sites, but the priority was ensuring means to enforce consumer laws in the digital world.</p>
<p style="text-align: justify; "><b>Lack of dedicated privacy laws</b></p>
<p style="text-align: justify; ">According to cyberlaw and cybersecurity expert, Pavan Duggal, “Going forward, there is an urgent need for India to take a strong view on privacy in terms of legislative frameworks. Unfortunately, at the time of writing, <a href="http://tech.firstpost.com/news-analysis/privacy-protection-need-for-proactive-cyber-legal-approaches-in-india-357248.html"><b>India does not have a dedicated law on privacy</b></a>.”</p>
<p style="text-align: justify; "><img alt="Image: Foamy Media" class="wp-image-353936 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/social-media.jpeg" width="640" /><br />Image: Foamy Media</p>
<p style="text-align: justify; ">Social media websites for instance have a lot of user data. But what happens when they suddenly change their privacy policies? For instance, a lot of users signed on to WhatsApp when it was an independent company. But post the Facebook acquisition, there have been a lot of instances where WhatsApp has updated its terms and conditions to suit its parent Facebook.</p>
<p style="text-align: justify; ">That’s not completely illegal one may say. Loss of privacy is a price you pay for free services. But what if, I as a consumer of WhatsApp <a href="http://tech.firstpost.com/news-analysis/german-consumer-rights-group-accuses-whatsapp-of-illegally-sharing-user-data-with-facebook-359979.html"><b>do not want the app to share any of my data with Facebook</b></a>? The only option I am left with is to delete WhatsApp. But then again, I do not know if my data is also deleted from WhatsApp servers or it has already been shared. Social media apps, only let you know what updates are being added. Consent is only required to update the app. You can stall that, up to a point. But there will come a time when you will have to update an app. Then by default you have given approval to all the terms and conditions associated with the app.</p>
<p style="text-align: justify; ">Two students had challenged WhatsApp’s revision to its privacy policy before Delhi High Court. The Court dismissed the petition insisting that users could opt out by <a href="http://www.thehindu.com/news/cities/Delhi/delete-or-share-high-court-tells-whatsapp-users/article9143285.ece" rel="nofollow"><b>deleting their accounts</b></a>.</p>
<p style="text-align: justify; ">When a similar challenge was mounted before the authorities in UK, Facebook had to put a pause on their data sharing – and this was because of its strong data protection policy. Under the UK data protection law, the company has to inform the authority established under the Act of any changes in the use of user data. In the case of WhatsApp, the <a href="http://tech.firstpost.com/news-analysis/why-india-failed-to-prevent-whatsapp-data-sharing-with-facebook-while-uk-succeeded-346115.html"><b>UK authority objected to such sharing.</b></a></p>
<p style="text-align: justify; "><b>Aadhaar – the 12-digit biometric storehouse</b></p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg"><img alt="aadhaar_251002219381" class="wp-image-303751 size-full aligncenter" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg" width="640" /></a></p>
<p style="text-align: justify; ">Aadhaar card is being used for many financial and non financial transactions. Also the Aadhaar number associated with an individual also holds a lot of personal and biometric data. So when recently, there was news about a possible Aadhaar data breach when <a href="http://tech.firstpost.com/news-analysis/aadhaar-data-breach-uidai-finds-multiple-transactions-done-with-the-same-fingerprint-364155.html"><b>UIDAI filed a police complaint</b></a> against Axis Bank, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, it was naturally a shock to many.</p>
<p style="text-align: justify; ">Unlike a password which can be changed, with biometric information there is no scope to do that if it is compromised. Although UIDAI claims that there are <a href="http://tech.firstpost.com/news-analysis/aadhaar-is-being-used-by-few-corporates-for-salary-disbursements-but-the-potential-is-immense-361749.html"><b>multiple levels of security and firewalls</b></a> to ensure there is no breach of Aadhaar information of an individual, one can only hope that it is robust enough to withstand any attack. Collection of biometric data by the government to form a database, for instance, was debated and ultimately not used in the UK.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director of the Centre for Internet and Society, expressed concern about the pace at which we are progressing when it comes to having a legal and regulatory framework when it comes to the Digital India push. “While the security architecture of Aadhaar Enabled Payment Systems (AEPS) might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password,” said Prakash.</p>
<p style="text-align: justify; "><b>Enforcing the correct processes</b></p>
<p style="text-align: justify; ">Last year, a malware affected the systems of Hitachi Payment Services, which provides back end services to ATM machines and Point of Sale nodes across India. As a result of this, around <b><a href="http://tech.firstpost.com/news-analysis/32-lakh-debit-cards-compromised-affected-banks-include-sbi-hdfc-yes-axis-bob-and-icici-342220.html" target="_blank">32 lakh debit cards were compromised</a></b> including those issued by SBI, HDFC, Yes Bank, Axis, BOB and ICICI. Security experts and consultants have pointed out <b><a href="http://tech.firstpost.com/news-analysis/banks-need-to-switch-to-fully-encrypted-security-solutions-to-avoid-security-breaches-343696.html" target="_blank">various holes in the electronic transaction systems</a></b> in place in India. Intel has also warned that <b><a href="http://tech.firstpost.com/news-analysis/demonetisation-security-experts-warn-that-atms-are-easy-targets-for-hackers-351182.html" target="_blank">ATM machines in India</a></b> are vulnerable to malicious attacks. Intel points out that countries in the Asia Pacific region are developing and are particularly vulnerable because of old systems and machines being used.</p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg"><img alt="Image: REUTERS/Amit Dave " class="wp-image-353328" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg" width="640" /></a></p>
<div class="prodtxtinf" style="text-align: justify; ">Image: REUTERS/Amit Dave</div>
<p style="text-align: justify; ">According to Mahesh Patel, president and group CTO, AGS Transact Technologies this was more of a governance issue of the data centre than any technical error. “It is not about the software, but it is about the processes and procedures you put in place to ensure that the system is secure. Everything from physical security to computing security to admin management, etc should be process driven. So somewhere there could have been a weak link there. Cloud has to be secure and encrypted which suffices the use case of payments. This cloud is different from the ones used by e-commerce sites to display all their products,” said Patel.</p>
<p style="text-align: justify; ">We may have the best of software and security measures, but ensuring that they are implemented the right way is equally important. Plugging the loopholes in current regulations is also important.</p>
<p style="text-align: justify; "><b>Existing laws and regulations, not enough</b></p>
<p style="text-align: justify; ">According to Duggal, “The Information Technology Act, 2000 hardly has effective provisions to protect any data and personal privacy in the digital ecosystem. The Indian Government needs to come up with strong privacy law which can protect both personal privacy and data privacy in an effective manner.”</p>
<p style="text-align: justify; ">One may find it really shocking to hear the head of Nasscom saying something to the extent that full data protection for online consumers is not possible, but there is definitely truth to the matter. It will require concerted efforts from not only regulators, governments, digital wallet players and banking industry to come up with these privacy laws, but also you the consumer has to ensure that you are aware of the dangers lurking in the digital world. Educating oneself of the various ways in which your data can be compromised is a good way to protect your online self.</p>
<p style="text-align: justify; ">Because, let’s face it, for all practical purposes if you are online, your <a href="http://tech.firstpost.com/news-analysis/privacy-is-dead-stop-whining-and-get-some-real-work-done-357090.html"><b>privacy is dead</b></a>.</p>
<p style="text-align: justify; "><span class="tags"> </span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber'>http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber</a>
</p>
No publisherpraskrishnaWhatsAppAadhaarInternet GovernancePrivacy2017-03-17T01:47:25ZNews ItemIndia WhatsApp Privacy Fight May Affect Multinationals
http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals
<b>The Indian Supreme Court’s review of Facebook Inc.'s and WhatsApp Inc.'s data security practices may lack teeth but also presages a desire for a stronger privacy regime and oversight of multinationals, internet and privacy specialists told Bloomberg BNA. </b>
<p style="text-align: justify; ">The article by Nayanima Basu was <a class="external-link" href="https://www.bna.com/india-whatsapp-privacy-n57982083152/">published by Bloomberg BNA</a> on February 1, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">WhatsApp revised its privacy policy in August 2016 to share data with owner Facebook and allow targeted ads and messages from businesses, laying the groundwork for the free messaging service to monetize such data. But a public interest complaint, akin to a class action in the U.S., filed by two Indian students and regulatory inquiries have resulted in India’s top court asking Facebook and WhatsApp about their data protection practices.<br /><br />The court’s move Jan. 17 to seek the information may make multinational companies jittery, Rahul Khullar, former secretary of commerce for India’s Ministry of Commerce and Industry, told Bloomberg BNA. Although stronger data privacy enforcement is needed, all the high court has done is aggravate Facebook and other large multinationals, he said.</p>
<p style="text-align: justify; ">Facebook is the second largest media company in the world with a $367 billion market capitalization, Bloomberg data show. It acquired WhatsApp in 2014 for approximately $18 billion, data show. Facebook didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.<br /><br />Khullar, who is also the former chairman of the Telecom Regulatory Authority of India, said multinationals need to be more careful in sharing their data because of the “distinction between digital non-commercial data and digitally sensitive data,” he said. A strong national data privacy law would resolve some of these issues, he said.<br /><br />An U.S. official based at the U.S. Embassy in New Delhi, speaking on background, told Bloomberg BNA that any maneuver that restricts the free flow of data may harm the operations of U.S.-based multinationals and similar companies.</p>
<h3 style="text-align: justify; ">Clarity, Stronger Laws Needed</h3>
<p style="text-align: justify; ">Some internet and privacy specialists say that Facebook and WhatsApp failed to provide effective data protection under Indian law.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director at the nonprofit digital technologies advocate Centre for Internet and Society, told Bloomberg BNA that Facebook and WhatsApp are in violation of <a class="bluenobold" href="http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf"> Section 43A of the Information Technology Act</a> that lays out “reasonable security practices and procedures.”</p>
<p style="text-align: justify; ">Indian citizens are reaching out to the courts for data protection enforcement because lawmakers have “failed to do so,” he said. That highlights the need for robust data protection laws in India and, he said, hopefully “goads the government and Parliament into enacting a privacy and data protection law.”</p>
<p style="text-align: justify; ">In lieu of further legislative action, companies may be able to resolve some issues by establishing clearer privacy policies, Niraj Gunde, a Mumbai-based attorney and consumer advocate, told Bloomberg BNA. Most software agreements have a clandestine clause that allows companies to access user data, but those agreements should also state how the data will be used, stored and eventually disposed of, he said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals'>http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet GovernancePrivacy2017-02-02T02:28:23ZNews ItemTech companies like Gmail, WhatsApp may be asked to store user information
http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information
<b>The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.</b>
<p style="text-align: justify; ">The article by Surabhi Agarwal was <a class="external-link" href="http://economictimes.indiatimes.com/tech/ites/tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information/articleshow/54839888.cms">published in Economic Times</a> on October 14, 2016. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.</p>
<p style="text-align: justify; ">Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.</p>
<p style="text-align: justify; ">Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.</p>
<p style="text-align: justify; "><img class="gwt-Image" src="http://img.etimg.com/photo/54839953/.jpg" /></p>
<p style="text-align: justify; ">The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.</p>
<p style="text-align: justify; ">“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."</p>
<div style="text-align: justify; ">Google and Facebook did not respond to requests for comment.</div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; ">
<div><b>‘Huge balancing act’</b></div>
<p style="text-align: justify; ">Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.</p>
<p style="text-align: justify; ">While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.</p>
<p style="text-align: justify; ">Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.</p>
<p style="text-align: justify; ">For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.</p>
<p>Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.</p>
<p>And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.</p>
<p> </p>
<p> </p>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information'>http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet Governance2016-10-14T01:12:14ZNews ItemAn 'app'ening world
http://editors.cis-india.org/internet-governance/news/deccan-herald-chetana-divya-vasudev-october-4-2016-an-appening-world
<b>A ‘forward’ has been doing the rounds on WhatsApp about the privacy concerns relating to that instant messaging app; it’s asking for permission to share user data with Facebook.</b>
<p style="text-align: justify; ">The article by Chetana Divya Vasudev was published in <a class="external-link" href="http://www.deccanherald.com/content/573852/an-appening-world.html">Deccan Herald</a> on October 4, 2016. Rohini was quoted.</p>
<hr />
<p style="text-align: justify; ">In the WhatsApp notification, asking users to agree to the terms and conditions again, the option to share these user details to help improve ads on Facebook is already selected. Those who are uncomfortable parting with this information have to uncheck it before clicking on the ‘I agree’ button.<br /><br />“Agreeing to this would mean Facebook can see who you’re chatting with and what you’re talking about,” says tech expert Chinmayi S K. “So if you’re talking about cat adoption, the ads displayed on the side could be relevant to that.”<br /><br />When it comes to other smartphone apps, she cites Zomato as an example. “It has been asking for user history — previous orders and other such details — to make recommendations,” she says. “This comes with the app update. Tinder, too, is asking for your location using wifi, which is more accurate than the GPRS location.”<br />It’s alright to agree to these permissions, she says, so long as you’re aware of what you’re signing up for and how that data is going to be used.<br /><br />If you have qualms about agreeing to this, there are usually alternatives you can find, adds Rohini Lakshane, program officer, Centre for Internet and Society. “If not, it’s usually a trade-off: you have to see how much you want the app,” she points out.<br /><br />There are, however, other apps that might be duplicates asking for access to your device or files, cautions Chinmayi. <br /><br />“If a cooking app, a simple one that gives you recipes, asks for your call logs or other files, for example,” she says.<br /><br />A discerning user, interjects Rohini, will check for permission to access files or functions that are not strictly necessary for the features the app supports. “I don’t want to name anything but some e-commerce and travel apps ask to access your browsing history and the other apps or networks you’re connect to. It could be to serve you contextual ads or content, like Zomato, or to sell it to someone. You never know,” she says. However, some devices or versions of the Android OS let you control what permissions you enable, she informs.<br /><br />Aeronautical engineer Pavan Raj P V says he takes care not to compromise on his safety, whenever possible. “But there are a few apps that I have on my phone no matter what — Facebook, WhatsApp, LinkedIn, Instagram. Most of them auto-update and require no extra permissions.”<br /><br />However, he has noticed that LinkedIn asks for access to Gmail contacts that you could accidentally accept “if you’re logging in mechanically”.<br /><br />Varsha C V, communications specialist at Karnataka State Highways Improvement Project, says, “Last month, my husband asked me to download a Google app for free calls that required all sorts of permissions, such as access to your phone logs. When Skype offers the same features without asking for all this, why should anyone use this app?”<br /><br />She believes privacy in India is not taken as seriously as it should be. “You should keep in mind that if you’re giving them access to your contacts, you’re also compromising on others’ privacy,” she points out.<br /><br />Lokanand, a sound engineer, admits to not paying attention to what he’s giving apps access to. “I’m no expert but if you ask me, you download apps because they are useful. So I don’t really bother about what I’m saying yes to.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/deccan-herald-chetana-divya-vasudev-october-4-2016-an-appening-world'>http://editors.cis-india.org/internet-governance/news/deccan-herald-chetana-divya-vasudev-october-4-2016-an-appening-world</a>
</p>
No publisherpraskrishnaWhatsAppInternet GovernancePrivacy2016-10-05T00:24:19ZNews Item