Centre for Internet and Society

The Digital Classroom: Social Justice and Pedagogy

nishant — 2015-05-08T12:36:29Z

What happens when we look at the classroom as a space of social justice? What are the ways in which students can be engaged in learning beyond rote memorisation? What innovative methods can be evolved to make students stakeholders in their learning process? These were some of the questions that were thrown up and discussed at the 2 day Faculty Training workshop for participant from colleges included in the Pathways to Higher Education programme, supported by Ford Foundation and collaboratively executed by the Higher Education Innovation and Research Application and the Centre for Internet and Society, Bangalore.

The workshop focused on 3 chief challenges in contemporary pedagogy and teaching in higher education in India as identified by HEIRA: The need for innovative curricula, challenges to social justice in education, and possibilities offered by the intersection of digital and internet technologies with classroom teaching and evaluation. In the open discussions, the participating faculty members used their multidisciplinary skills and teaching experience to look at possibilities that we might implement in our classrooms to create a more inclusive and participatory environment. The conversations were varied, and through 3 blog entries I want to capture the focus points of the workshop. In this first post, I focus specifically on the changing nature of student engagement with education and innovative ways by which we can learn from the digital platforms of learning and knowledge production and implement certain innovations in pedagogy that might better help create inclusive and just learning environments in the undergraduate classroom in India.

Peer 2 Peer: One of the observations that was made unanimously by all the faculty members was that students respond better, learn faster, engage more deeply with their syllabus when the instructor has a personal rapport with them. Traditionally, the teachers who have established human contact which goes beyond the call of duty are also the teachers that have become catalysts and inspirations for the students. Especially with the digital aesthetics of non-hierarchical information interaction, this has become the call of the day.

Establishing the teacher as a peer within the classroom, rather than the fountainhead of information flow, is an experiment worth conducting. Like on other digital platforms, can we think of the classroom as a space where the interlocutors each bring their life experience and learning to start an information exchange and dialogue that would make them stakeholders in the process of learning? This would mean that the teacher would be a facilitator who builds conditions of knowledge production and dissemination, thus also changing his/her relationship with the idea of curriculum and teaching.

Reciprocal evaluation: It was pointed out that the grade oriented academic system often leads to students disengaging with innovative and meaningful learning practices. With the pressure of completing the curriculum, the students’ instrumental relationship with their classroom learning and the highly conservative structures of higher education that do not offer enough space to experiment with the teaching methods, it often becomes difficult to initiate innovative pedagogic practices. Learning from the differently hierarchised digital spaces, it was suggested that one of the ways by which this could be countered is by introducing reciprocal evaluation patterns which might not directly be associated with the grades but would recognise and appreciate the skills that students bring to their learning.

Inspired by the Badges contest at HASTAC, it was suggested that evaluation has to take into account, more than grades. Different students bring different skills, experiences, personalities and behaviours to bear upon the syllabus. They work individually and in clusters to understand and analyse the curriculum. Recognising these skills and the roles that they play in their learning environments is essential. Getting students to offer different badges to each other as well as to the teachers involved, helps them understand their own learning process and engages them in new ways of learning.

Role based learning: Within the Web 2.0 there is a peculiar condition where individuals are recognised simultaneously as experts and novices. They bring certain knowledges and experiences to the table which make them credible sources of information and analysis in those areas. At the same time, they are often beginner learners in certain other areas and they harness the power of the web to learn. Such a distributed imagination of a student as not equally proficient in all areas, but diversely equipped to deal with different disciplines is missing from our understanding of the higher education classroom.

We discussed the possibility of making the student responsible not only for his/her own learning but also the learning of the peers in the classroom. Making the student aware of what s/he is good at and where s/he is lacking allows them to gain confidence and also realise that everybody has differential strengths and aptitudes. Such a classroom might look different because the students don’t have to be pitched in stressful competition with each other but instead work collaboratively to learn, research and produce knowledge in a nurturing and supportive learning environment.

These initial discussions look at the possibility of innovative classroom teaching that can accommodate for the skills and differences of the students in higher education in India. The conversations opened up the idea that the classroom can be reshaped so that it becomes a more inclusive space where the quality of students’ access to education can be improved. It also ties in with the larger imagination of classrooms as spaces where principles of social justice can be invoked so that students who are disadvantaged in language, learning skills, socio-economic backgrounds, are not just looked at as either ‘beyond help’ or ‘victims of a system’. Instead, it encourages to look at the students as differential learners who need to be made stakeholders in their own processes of learning and education.

For more details visit http://editors.cis-india.org/digital-natives/pathways/facultyworkshop

Platforms, Power, and Politics: Perspectives from Domestic and Care Work in India

Aayush Rathi, and Ambika Tandon — 2021-07-07T15:19:37Z

CIS has been undertaking a two-year project studying the entry of digital platforms in the domestic and care work in India, supported by the Association for Progressive Communications as part of the Feminist Internet Research Network. Implemented through 2019-21, the objective of the project is to use a feminist lens to critique platform modalities and orient platformisation dynamics in radically different, worker-first ways. Ambika Tandon and Aayush Rathi led the research team at CIS. The Domestic Workers’ Rights Union is a partner in the implementation of the project, as co-researchers. Geeta Menon, head of DWRU, was an advisor on the project, and the research team consisted of Parijatha G.P., Radha Keerthana, Zeenathunnisa, and Sumathi, who are office holders in the union and are responsible for organising workers and addressing their concerns.

The Executive Summary for the project report is below.

The full report, ‘Platforms, power, and politics: Perspectives from domestic and care work in India’, can be found here.

The press release can be found here.

Introduction

Paid domestic and care work is witnessing the entry of digital intermediaries over the past decade. More recently, there has been tremendous growth of digital platforms. This holds the potential to impact millions of workers in the sector, which is characterised by a long history of informality and exclusion from rights-according legal frameworks. Digital intermediation of domestic and care work has been a space of high-growth, but also high-attrition. In India, order books of digital platforms providing domestic and care work services were reported to have been growing by upto 60 percent month-on-month in 2016. This is expected to shift the organisation of workers and employment relations profoundly.

Broadly, the discourse on digital platforms providing home-based services can be summarised as follows: proponents argue that digitisation will act as a step towards bringing formalisation to the sector, while critics argue that platforms could replicate the exploitation of workers by further disguising the employer-employee relationship. Similar debates around lack of protections and precarity have also taken place in other occupations in gig work such as transportation and food delivery. In fact, the similarity in precarity and the informal nature of this relationship across gig work and domestic work has led to domestic workers being labelled the original gig workers. Domestic work is a particularly vulnerable and unprotected sector, which makes work in the sector qualitatively different from most other sectors in the gig or sharing economy.

Through a feminist approach to digital labour, our project aimed to examine the dynamics of platformisation in, and of domestic or reproductive care work. Our hypothesis was that platforms are reconfiguring labour conditions, which could empower and/or exploit workers in ways qualitatively different from non-standard work off the platform. In order to interrogate this further, we studied several aspects of the work relationship, including wages, conditions of work, social security, skill levels, and worker surveillance off platforms.

Methodology

We borrowed from ethnographic methods and feminist principles to co-design and implement the research tools with grassroots workers and organisers. Between June to November 2019, we conducted 65 in-depth semi-structured interviews primarily in New Delhi and Bengaluru. A majority of these were with domestic workers who were seeking or had found work through platforms. We also did interviews with workers who had found work through traditional placement agencies to compare our findings, and with representatives from platforms, government labour departments, and workers collectives. Of the workers we interviewed, a majority were women, but men were included as well. Interviews in New Delhi were undertaken by CIS, while interviews with workers in Bengaluru were undertaken by grassroots activists in Bengaluru, affiliated with the Domestic Workers Rights Union (DWRU).

In implementing the data collection approach, we employed feminist methodological principles of intersectionality, self-reflexivity, and participation. The methodology draws on standpoint theory, which encourages knowledge production that centres the lived experiences of marginalised groups. We were acutely aware of our own positionality as high income, Savarna researchers studying a sector dominated by Dalit, Bahujan and Adivasi women from low income groups. This power differential was softened partially by involving DWRU through the course of the project. Workers across both field sites were also interviewed in spaces familiar to them, most often their homes, in languages that they were comfortable with including Hindi, Kannada, and Tamil.

Feminist principles also instrumental during the data analysis, with focus on intersectionality and self-reflexivity. We highlighted the ways in which inequalities of gender, income, migration status, caste, and religion are replicated and amplified in the platform economy. In particular, we discussed the impact of the digital gender gap in access and skills on workers’ ability to find economic opportunities.

Findings

Our typology of platforms mediating domestic work finds three types of platforms – (i) marketplace, or platforms that list workers’ data on their profile, provide certain filters for automated selection of a pool of workers, and charge a fee from customers for access to workers’ contact details, (ii) digital placement agency, or platforms that provide an end-to-end placement service to customers, identify appropriate workers on the basis of selection criteria, and negotiate conditions of work on behalf of workers, and (iii) on-demand platforms, or companies that provide services or ‘gigs’ such as cleaning on an hourly basis, performed by a roster of workers who are characterised as ‘independent contractors’.

When it comes to the role played by platforms in determining employment relations, there is a wide variation within and across platform categories. There are both weak and strong models of intervention. On one end of the spectrum are marketplaces, with minimal intervention in the recruitment process, and on the other on-demand platforms, that exact control over each aspect of work. Digital platforms reconfigure the conception of intermediaries in the domestic work sector, functioning as next-generation placement agencies. All three platform types contain aspects that provide workers agency, as well as those that reinforce their positions of low-power. Platform design impacts the role platforms play in setting conditions of work, but does not determine it entirely.

(Re)shaping the terms of work
Across the three types of platforms, wages are slightly higher than or matching those of workers off platforms. Some marketplace platforms have incorporated features to nudge customers towards setting higher wages, such as enforcing minimum wage standards, or informing customers of expected wages in their locality. Conversely, on-demand platforms charge a high rate of commission from workers, despite refusing to recognise them as employees. This indicates that this is a misclassification of an employment relationship, given that workers are unable to set their own conditions or wages for work. Despite the high rates of commission and appropriation of labour by platforms, on-demand workers earn higher wages than workers on other platforms. The relatively high wage is a result of marketing on-demand cleaning as professionalised and more skilled than day-to-day cleaning. Tasks in the sector continue to be distributed along the lines of gender and caste, as has historically been the case. Dalit, Bahujan and Adivasi women are more likely to take up work such as cleaning and washing dishes, while men and women across castes are equally distributed in cooking work. Women dominate tasks such as elderly and childcare, as in the traditional economy. Workers in professionalised tasks such as deep cleaning that requires technical equipment and chemicals are almost entirely men.

Digital divides and workers’ agency
We find that workers are primarily onboarded onto platforms by learning about it from other workers, through onboarding camps held by platforms, or offline advertising by platforms. Such in-person onboarding techniques allows workers with no digital access or literacy to register themselves on marketplace platforms and digital placement agencies.

However, we find that low levels of education and digital literacy continue to impact platformed labour by creating a strong informational asymmetry between workers and platforms. For instance, we find that women workers from low income communities have very little information about how platforms work, causing deep distrust. Workers with digital devices and literacy (and therefore a relatively better understanding of the functionality of the platform), physical mobility and the resources to bear indirect costs that were outsourced to them were at a significant advantage in finding better-paying jobs. Workers who were seeking flexibility and were not necessarily dependent on the platform for their primary income were also better placed than those entirely dependent on platforms. Women workers tended to be disadvantaged on all these counts, limiting their agency and capacity to reap the benefits of the platform economy.

Across the three types of platforms, systems of placement and ratings add to the information asymmetry, as workers are not aware of the impact of ratings on their ability to find work or charge better wages. Ratings and filtering systems also hard-code the impact of workers’ social characteristics on their work. Workers are unable to exercise control over their data, further undermining their agency vis-a-vis platforms and employers. We identify a clear need for collective bargaining structures to protect workers’ rights, although platformed domestic workers remained distant from both domestic work unions and emergent unions of platform workers in other sectors.

Intersectionalities of formalisation
We find that inequalities of caste, class, and gender that have historically shaped the sector continue to be replicated or even amplified in the platform economy. What remains clear is that platforms in the domestic work sector adopt the logics of this sector, more than the converse. Platformisation is conflated with formalisation, and it is within this vector, from complete informality to piecemeal formalisation, that platforms operate. Labour benefits do not take the form of labour protections or welfare entitlements that are the central function of formalisation processes. Instead, the so-called benefits are intended to transform domestic workers to participate within the logics and vagaries of the market.

Policy Recommendations

Recognise and implement labour protections for domestic workers
Domestic workers have historically occupied the most vulnerable positions in the workforce, with limited legal protections. Exposed to the regulatory grey areas that platforms operate in, this doubly exposes domestic workers to precarious conditions of work. Despite an avowed move towards formalisation of domestic work, platform-mediated labour continues to retain characteristics of informal labour, even heightening some.

If pushed to do so, platform companies can be instrumental in resolving some of the implementation challenges that governments have faced in enforcing legislative protections sought to be made available to domestic workers. Platforms have databases of workers, which can be used to mandatorily register them for social security schemes offered by the government. This data can also be used for better policy making, in the absence of reliable statistics particularly on migrant workers in the informal economy.

Reduce the protective gap between employment and self-employment
The (mis)classification of “gig” work within labour law frameworks is still a matter that continues to be hotly debated within policy practitioners, legal scholarship, and civil society actors. Three positions, in particular, have been taken—treating gig workers as employees, independent contractors, or occupying a third intermediate category. More recently, there have been some legal victories guaranteeing employment protections and increasing platform companies’ accountability. However, these successes have been more visible in Global North jurisdictions.

Regardless of the resolution of these ongoing debates over employment status, labour frameworks should provide some universal protections to all categories of labour. Such protections must include universal coverage of social security, in addition to rights such as freedom of association, collective bargaining, equal remuneration and anti-discrimination. Policies geared towards achieving this objective would be significant in reducing the protective gaps between different categories of labour, and would particularly help historical and emerging occupational categories of workers such as “gig” workers and domestic workers.

Recognise the specific challenge(s) and potential of platformisation of domestic work
Platforms hold the potential of acting as effective facilitators in informal labour markets. Even when they do not replace existing recruitment pathways, they provide alternate ones. Workers were more likely to register on a platform if they were entering the domestic work labour market recently (often distress and migration driven), or had not enjoyed success with informal, word-of-mouth networks. However, platforms also heighten labour market insecurities, and create new ones. These potential risks need to be specifically recognised through appropriate frameworks, such as social security, discrimination law and data protection.

Tailor policy-making to platform models
We identify three types of platforms, each of which intervene to varying degrees in the work relationship. We recommend that digital placement agencies and marketplace platforms be registered with governments and enforce basic protections for workers such as provision of minimum wage, preventing abuse (including non-payment of wages) and trafficking. On-demand companies on the other hand, must be treated as employers, and workers be accorded employment protections including social security.

In addition to rights-based policy actions, legal-regulatory mechanisms geared towards mitigating the precariousness of platform-based work are required. This can take the shape of clarifying and expanding existing legal-regulatory formulations, or preparing new ones. Such policy making should factor in the power and information asymmetry between domestic workers (and gig workers, generally) and platforms.

Further, in the absence of health or retirement benefits, risks and indirect costs of operations are shifted from employers to workers. For instance, workers provide capital in the form of tools or equipment, support the fluctuation of business and income, and can be ‘deactivated’ from an application as a result of poor ratings or periods of inactivity. Any regulation aiming to extend employee status should mandate platforms to support such indirect costs.

Related Publications

1. Research notes with reflections from union members.
2. The event report from a stakeholder consultation with workers, unions, companies and government representatives.
3. A reflection note on the participatory approach taken by the project.
4. A paper with a comparative analysis of the policy landscape on domestic work in the platform economy.

For more details visit http://editors.cis-india.org/raw/platforms-power-and-politics-perspectives-from-domestic-and-care-work-in-india

Web Accessibility Policy Making: An International Perspective

nirmita — 2012-09-25T05:33:25Z

G3ict and CIS are pleased to announce the publication of a new, improved edition of the Web Accessibility Policy Making: An International Perspective. The report published in cooperation with the Hans Foundation provides an updated synopsis of the many policies that governments have implemented around the world to ensure that the Internet and websites are accessible to persons with disabilities.

The report contains a Foreword by Axel Leblois, Founder and Executive Director of G3ict, an introduction and studies from countries like Australia, Canada, Germany, Ireland, Italy, Japan, South Korea, New Zealand, Philippines, Portugal, Sweden, Thailand, United Kingdom, United States, and the European Union. The report contains contributions from Prashanth Ramadas, Asma Tajuddin, G Aravind, Katie Reisner, Sucharita Narasimhan, Bama Balakrishnan and Nirmita Narasimhan. Axel Leblois, Donal Rice, Immaculada Placienca Porrero, Kevin Carey, Licia Sbattella and Sunil Abraham are the expert reviewers.

Foreword by Axel Leblois

This third edition of our joint report with CIS “WEB ACCESSIBILITY POLICY MAKING: AN INTERNATIONAL PERSPECTIVE” provides an updated synopsis of the many policies that governments have implemented around the world to ensure that the Internet and web sites are accessible to persons with disabilities. With 153 countries parties to the Convention on the Rights of Persons with Disabilities as of December 2011, an increasing number of governments are now in the midst of developing policies and programs to ensure that web sites and services under their jurisdictions are accessible.

Indeed, the Preamble of the Convention on the Rights of Persons with Disabilities recognizes “the importance of accessibility to the physical, social, economic and cultural environment, to health and education and to information and communication, in enabling persons with disabilities to fully enjoy all human rights and fundamental freedoms”. Its article 9 stipulates that: “To enable persons with disabilities to live independently and participate fully in all aspects of life, States Parties shall take appropriate measures to ensure to persons with disabilities access, on an equal basis with others, to the physical environment, to transportation, to information and communications, including information and communications technologies and systems” (1). It further specifies that “State Parties shall also take appropriate measures to … Promote access for persons with disabilities to new information and communications technologies and systems, including the Internet” (2.g).

There is therefore no doubt that all State Parties have an obligation to act upon those commitments. However, as this report demonstrates it clearly, web accessibility policies and their levels of enforcement vary considerably among countries with some common denominators such as the compliance with the W3C – WAI guidelines on web accessibility.

G3ict and CIS hope that this new, improved edition, which will now be available in print as well as in electronic format, will help accelerate the development of web accessibility policies and programs around the world. We want to express our sincere appreciation to Nirmita Narasimhan, programme manager at CIS and editor of the G3ict Publications and Reports for her dedication to this report which would not have been made possible without her incredible work and motivation as Disability Advocate.

Download a PDF of the Web Accessibility Policy Making here [335 KB]

Download the Daisy File [23412 KB]

For more details visit http://editors.cis-india.org/accessibility/web-accessibility-policy-making-an-international-perspective

Delhi High Court Orders Blocking of Websites after Sony Complains Infringement of 2014 FIFA World Cup Telecast Rights

sinha — 2014-07-08T07:02:16Z

Of late the Indian judiciary has been issuing John Doe orders to block websites, most recently in Multi Screen Media v. Sunit Singh and Others. The order mandated blocking of 472 websites, out of which approximately 267 websites were blocked as on July 7, 2014. This trend is an extremely dangerous one because it encourages flagrant censorship by intermediaries based on a judicial order which does not provide for specific blocking of a URL, instead provides for blocking of the entire website.

The High Court of Delhi on June 23, 2014 issued a John Doe injunction restraining more than 400 websites from broadcasting 2014 FIFA world cup matches. News reports indicate that the Single judge bench of Justice V. Kameswar Rao directed the Department of Telecom to issue appropriate directions to ISPs to block the websites that Multi Screen Media provided, as well as “any other website identified by the plaintiff” in the future. On July 4, Justice G. S. Sistani permitted reducing the list to 219 websites.

Background

Multi Screen Media (MSM) is the official broadcaster for the ongoing 2014 FIFA World Cup tournament. FIFA (the Governing body) had exclusively licensed rights to MSM which included live, delayed, highlights, on demand, and repeat broadcast of the FIFA matches. MSM complained that the defendants indulged in hosting, streaming, providing access to, etc, thereby infringing the exclusive rights and broadcast and reproduction rights of MSM.

The court in the instant order held that the defendants had prima facie infringed MSM’s broadcasting rights, which are guaranteed by section 37 of the Copyright Act, 1957. In an over-zealous attempt to pre-empt infringement the court called for a blanket ban on all websites identified by MSM. Further, the court directed the concerned authorities to ensure ISPs complied with this order and block the websites mentioned by MSM presently, and other websites which may be subsequently be notified by MSM.

Where the Court went Wrong

The court stated that MSM successfully established a prima facie case, and on its basis granted a sweeping injunction to MSM ordering blocking 471 second level domains. I’d like to point out numerous flaws with the order-

Dissatisfactory "Prima facie case"

In my opinion the court could have scrutinised the list of websites provided by MSM more carefully. There is nothing in the order to suggest that evidence was proffered by MSM in support of the list. The order reveals that the list was prepared by MarkScan, a “consulting boutique dedicated to (the client’s) IP requirements in the cyberspace and the Indian sub-continent.” The list throws up names such as docs.google.com, goo.gl & ad.ly (provide URL shortening service only), torrent indexing websites, IP addresses, online file streaming websites, etc., at a cursory glance. Evidently, perfectly legitimate websites have been targeted by an ill conducted search and shoddily prepared list which may lead to blocking of legitimate content on account of no verification by the court. 471 websites out of 472 mentioned in the first list are second level domains and 23 websites have been listed twice.

2. Generic order which abysmally fails to identify specific infringing URLS

Out of the 472 websites (list provided in the order by MarkScan)-

471 are file streaming websites, video sharing websites, file lockers, URL shorteners, file storage websites; only one is a specific URL [http://www.24livestreamtv.com/brazil-2014-fifa-world-cup-football-%20%C2%A0%C2%A0live-streaming-online-t ].

The order calls for blocking of complete websites. This is in complete contradiction to the 2012 Madras High Court’s order in R K Productions v BSNL which held that only a particular URL where the infringing content is kept should be blocked, rather than the entire website. The Madras High Court order had also made it mandatory for the complainants to provide exact URLs where they find illegal content, such that ISPs could block only that content and not the entire site. MSM did not adhere to this and I have serious doubts if the defendants brought the distinguishing Madras High Court judgment to the attention of the bench. The entire situation is akin to MarkScan scamming MSM by providing their clients a dodgy list, and MSM scamming the court and the public at large.

3. Lack of Transparency – Different blocking messages on different ISPs

The message displayed uniformly on blocked websites was:

"This website/URL has been blocked until further notice either pursuant to court orders or on the directions issued by the Department of Telecommunications."

I observed that a few websites showed the message “Error 404 – File or Directory not found” without the blocking message (above) on the network provider Reliance, and same Error 404 with the blocking message on the network provider Airtel highlighting the non-transparent manner of adherence to the order. Further, both the messages do not indicate the end period of the block.

Legality of John Doe orders in Website Blocking

It is pertinent to reiterate the ‘misuse’ of John Doe orders to block websites in India. The judiciary has erred in applying the John Doe order to protect copyrightable content on the internet. While the R K Productions v BSNL case appears reasonable in terms of permitting blocking of only URL specific content, the application of John Doe order to block websites remains unfounded in law. Ananth Padmanabhan in a three part study (Part I, II and III) had earlier analysed the improper use of John Doe injunctions to block websites in India. The John Doe order was conceived by US courts to pre-emptively remedy the irreparable damages suffered by copyright holders on account of unidentified/unnamed infringers. The interim injunction allowed collection of evidence from infringers, who were identified later as certain defendants and the final relief was accordingly granted. The courts routinely advocated judicious use of the order, and ensured that the identified defendants were provided and informed of their right to apply to the court within twenty four hours for a review of the order and a right to claim damages in an appropriate case. Therefore, the John Doe order applied against primary infringers per se.

On the other hand, whilst extending this remedy in India the courts have unfortunately placed onus on the conduit i.e. the ISP to block websites. This is tantamount to providing final relief at the interim stage, since all content definitely gets blocked; however, this hardly helps in identifying the actual infringer on the internet. The court is prematurely doling out blocking remedies to the complaining party, which, legally speaking should be meted out only during the final disposition of the case after careful examination of the evidence available. Thus, the intent of a John Doe order is miserably lost in such an application. Moreover, this lends an arbitrary amount of power in the hands of intermediaries since ISPs may or may not choose to approach the court for directions to specifically block URLs which provide access to infringing content only.

For more details visit http://editors.cis-india.org/internet-governance/blog/delhi-high-court-orders-blocking-of-websites-after-sony-complains-infringement-of-2014-fifa-world-cup-telecast-rights

FinFisher in India and the Myth of Harmless Metadata

maria — 2013-08-13T11:30:15Z

In this article, Maria Xynou argues that metadata is anything but harmless, especially since FinFisher — one of the world's most controversial types of spyware — uses metadata to target individuals.

In light of PRISM, the Central Monitoring System (CMS) and other such surveillance projects in India and around the world, the question of whether the collection of metadata is “harmless” has arisen.[1] In order to examine this question, FinFisher[2] — surveillance spyware — has been chosen as a case study to briefly examine to what extent the collection and surveillance of metadata can potentially violate the right to privacy and other human rights. FinFisher has been selected as a case study not only because its servers have been recently found in India[3] but also because its “remote monitoring solutions” appear to be very pervasive even on the mere grounds of metadata.

FinFisher in India

FinFisher is spyware which has the ability to take control of target computers and capture even encrypted data and communications. The software is designed to evade detection by anti-virus software and has versions which work on mobile phones of all major brands.[4] In many cases, the surveillance suite is installed after the target accepts installation of a fake update to commonly used software.[5] Citizen Lab researchers have found three samples of FinSpy that masquerades as Firefox.[6]

FinFisher is a line of remote intrusion and surveillance software developed by Munich-based Gamma International. FinFisher products are sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group.[7] A few months ago, it was reported that command and control servers for FinSpy backdoors, part of Gamma International´s FinFisher “remote monitoring solutions”, were found in a total of 25 countries, including India.[8]

The following map, published by the Citizen Lab, shows the 25 countries in which FinFisher servers have been found.[9]


The above map shows the results of scanning for characteristics of FinFisher command and control servers.

FinFisher spyware was not found in the countries coloured blue, while the colour green is used for countries not responding. The countries using FinFisher range from shades of orange to shades of red, with the lightest shade of orange ranging to the darkest shade of red on a scale of 1-6, and with 1 representing the least active servers and 6 representing the most active servers in regards to the use of FinFisher. On a scale of 1-6, India is marked a 3 in terms of actively using FinFisher.[10]

Research published by the Citizen Lab reveals that FinSpy servers were recently found in India, which indicates that Indian law enforcement agencies may have bought this spyware from Gamma Group and might be using it to target individuals in India.[11] According to the Citizen Lab, FinSpy servers in India have been detected through the HostGator operator and the first digits of the IP address are: 119.18.xxx.xxx. Releasing complete IP addresses in the past has not proven useful, as the servers are quickly shut down and relocated, which is why only the first two octets of the IP address are revealed.[12]

The Citizen Lab's research reveals that FinFisher “remote monitoring solutions” were found in India, which, according to Gamma Group's brochures, include the following:

FinSpy: hardware or software which monitors targets that regularly change location, use encrypted and anonymous communications channels and reside in foreign countries. FinSpy can remotely monitor computers and encrypted communications, regardless of where in the world the target is based. FinSpy is capable of bypassing 40 regularly tested antivirus systems, of monitoring the calls, chats, file transfers, videos and contact lists on Skype, of conducting live surveillance through a webcam and microphone, of silently extracting files from a hard disk, and of conducting a live remote forensics on target systems. FinSpy is hidden from the public through anonymous proxies.[13]

FinSpy Mobile: hardware or software which remotely monitors mobile phones. FinSpy Mobile enables the interception of mobile communications in areas without a network, and offers access to encrypted communications, as well as to data stored on the devices that is not transmitted. Some key features of FinSpy Mobile include the recording of common communications like voice calls, SMS/MMS and emails, the live surveillance through silent calls, the download of files, the country tracing of targets and the full recording of all BlackBerry Messenger communications. FinSpy Mobile is hidden from the public through anonymous proxies.[14]

FinFly USB: hardware which is inserted into a computer and which can automatically install the configured software with little or no user-interaction and does not require IT-trained agents when being used in operations. The FinFly USB can be used against multiple systems before being returned to the headquarters and its functionality can be concealed by placing regular files like music, video and office documents on the device. As the hardware is a common, non-suspicious USB device, it can also be used to infect a target system even if it is switched off.[15]

FinFly LAN: software which can deploy a remote monitoring solution on a target system in a local area network (LAN). Some of the major challenges law enforcement faces are mobile targets, as well as targets who do not open any infected files that have been sent via email to their accounts. FinFly LAN is not only able to deploy a remote monitoring solution on a target´s system in local area networks, but it is also able to infect files that are downloaded by the target, by sending fake software updates for popular software or to infect the target by injecting the payload into visited websites. Some key features of the FinFly LAN include: discovering all computer systems connected to LANs, working in both wired and wireless networks, and remotely installing monitoring solutions through websites visited by the target. FinFly LAN has been used in public hotspots, such as coffee shops, and in the hotels of targets.[16]

FinFly Web: software which can deploy remote monitoring solutions on a target system through websites. FinFly Web is designed to provide remote and covert infection of a target system by using a wide range of web-based attacks. FinFly Web provides a point-and-click interface, enabling the agent to easily create a custom infection code according to selected modules. It provides fully-customizable web modules, it can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.[17]

FinFly ISP: hardware or software which deploys a remote monitoring solution on a target system through an ISP network. FinFly ISP can be installed inside the Internet Service Provider Network, it can handle all common protocols and it can select targets based on their IP address or Radius Logon Name. Furthermore, it can hide remote monitoring solutions in downloads by targets, it can inject remote monitoring solutions as software updates and it can remotely install monitoring solutions through websites visited by the target.[18]

Although FinFisher is supposed to be used for “lawful interception”, it has gained notoriety for targeting human rights activists.[19] According to Morgan Marquis-Boire, a security researcher and technical advisor at the Munk School and a security engineer at Google, FinSpy has been used in Ethiopia to target an opposition group called Ginbot.[20] Researchers have argued that FinFisher has been sold to Bahrain's government to target activists, and such allegations were based on an examination of malicious software which was emailed to Bahraini activists.[21] Privacy International has argued that FinFisher has been deployed in Turkmenistan, possibly to target activists and political dissidents.[22]

Many questions revolving around the use of FinFisher and its “remote monitoring solutions” remain vague, as there is currently inadquate proof of whether this spyware is being used to target individuals by law enforcement agencies in the countries where command and control servers have been found, such as India.[23] However, FinFisher's brochures which were circulated in the ISS world trade shows and leaked by WikiLeaks do reveal some confirmed facts: Gamma International claims that its FinFisher products are capable of taking control of target computers, of capturing encrypted data and of evading mainstream anti-virus software.[24] Such products are exhibited in the world's largest surveillance trade show and probably sold to law enforcement agencies around the world.[25] This alone unveils a concerning fact: spyware which is so sofisticated that it even evades encryption and anti-virus software is currently in the market and law enforcement agencies can potentially use it to target activists and anyone who does not comply with social conventions.[26] A few months ago, two Indian women were arrested after having questioned the shutdown of Mumbai for Shiv Sena patriarch Bal Thackeray's funeral.[27] Thus, it remains unclear what type of behaviour is targeted by law enforcement agencies and whether spyware, such as FinFisher, would be used in India to track individuals without a legally specified purpose.

Furthermore, India lacks privacy legislation which could safeguard individuals from potential abuse, while sections 66A and 69 of the Information Technology (Amendment) Act, 2008, empower Indian authorities with extensive surveillance capabilites.[28] While it remains unclear if Indian law enforcement agencies are using FinFisher spy products to unlawfully target individuals, it is a fact that FinFisher control and command servers have been found in India and that, if used, they could potentially have severe consequences on individuals' right to privacy and other human rights.[29]

The Myth of Harmless Metadata

Over the last months, it has been reported that the Central Monitoring System (CMS) is being implemented in India, through which all telecommunications and Internet communications in the country are being centrally intercepted by Indian authorities. This mass surveillance of communications in India is enabled by the omission of privacy legislation and Indian authorities are currently capturing the metadata of communications.[30]

Last month, Edward Snowden leaked confidential U.S documents on PRISM, the top-secret National Security Agency (NSA) surveillance programme that collects metadata through telecommunications and Intenet communications. It has been reported that through PRISM, the NSA has tapped into the servers of nine leading Internet companies: Microsoft, Google, Yahoo, Skype, Facebook, YouTube, PalTalk, AOL and Apple.[31] While the extent to which the NSA is actually tapping into these servers remains unclear, it is certain that the NSA has collected metadata on a global level.[32] Yet, the question of whether the collection of metadata is “harmful” remains ambiguous.

According to the National Information Standards Organization (NISO), the term “metadata” is defined as “structured information that describes, explains, locates or otherwise makes it easier to retrieve, use or manage an information resource”. NISO claims that metadata is “data about data” or “information about information”.[33] Furthermore, metadata is considered valuable due to its following functions:

Resource discovery
Organizing electronic resources
Interoperability
Digital Identification
Archiving and preservation

Metadata can be used to find resources by relevant criteria, to identify resources, to bring similar resources together, to distinguish dissimilar resources and to give location information. Electronic resources can be organized through the use of various software tools which can automatically extract and reformat information for Web applications. Interoperability is promoted through metadata, as describing a resource with metadata allows it to be understood by both humans and machines, which means that data can automatically be processed more effectively. Digital identification is enabled through metadata, as most metadata schemes include standard numbers for unique identification. Moreover, metadata enables the archival and preservation of large volumes of digital data.[34]

Surveillance projects, such as PRISM and India's CMS, collect large volumes of metadata, which include the numbers of both parties on a call, location data, call duration, unique identifiers, the International Mobile Subscriber Identity (IMSI) number, email addresses, IP addresses and browsed webpages.[35] However, the fact that such surveillance projects may not have access to content data might potentially create a false sense of security.[36] When Microsoft released its report on data requests by law enforcement agencies around the world in March 2013, it revealed that most of the disclosed data was metadata, while relatively very little content data was allegedly disclosed.[37]

imilarily, Google's transparency report reveals that the company disclosed large volumes of metadata to law enforcement agencies, while restricting its disclosure of content data.[38]

Such reports may potentially provide a sense of security to the public, as they reassure that the content of personal emails, for example, has not been shared with the government, but merely email addresses – which might be publicly available online anyway. However, is content data actually more “harmful” than metadata? Is metadata “harmless”? How much data does metadata actually reveal?

The Guardian recently published an article which includes an example of how individuals can be tracked through their metadata. In particular, the example explains how an individual is tracked – despite using an anonymous email account – by logging in from various hotels' public Wi-Fi and by leaving trails of metadata that include times and locations. This example illustrates how an individual can be tracked through metadata alone, even when anonymous accounts are being used.[39]

Wired published an article which states that metadata can potentially be more harmful than content data because “unlike our words, metadata doesn't lie”. In particular, content data shows what an individual says – which may be true or false – whereas metadata includes what an individual does. While the validity of the content within an email may potentially be debateable, it is undeniable that an individual logged into specific websites – if that is what that individuals' IP address shows. Metadata, such as the browsing habits of an individual, may potentially provide a more thorough and accurate profile of an individual than that individuals' email content, which is why metadata can potentially be more harmful than content data.[40]

Furthermore, voice content is hard to process and written content in an email or chat communication may not always be valid. Metadata, on the other hand, provides concrete patterns of an individuals' behaviour, interests and interactions. For example, metadata can potentially map out an individuals' political affiliation, interests, economic background, institution, location, habits and the people that individual interacts with. Such data can potentially be more valuable than content data, because while the validity of email content is debateable, metadata usually provides undeniable facts. Not only is metadata more accurate than content data, but it is also ideally suited to automated analysis by a computer. As most metadata includes numeric figures, it can easily be analysed by data mining software, whereas content data is more complicated.[41]

FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, provide solid proof that the collection of metadata can potentially be “harmful”. In particular, FinFly LAN can be deployed in a target system in a local area network (LAN) by infecting files that are downloaded by the target, by sending fake software updates for popular software or by infecting the payload into visited websites. The fact that FinFly LAN can remotely install monitoring solutions through websites visited by the target indicates that metadata alone can be used to acquire other sensitive data.[42]

FinFly Web can deploy remote monitoring solutions on a target system through websites. Additionally, FinFly Web can be covertly installed into every website and it can install the remote monitoring system even if only the email address is known.[43] FinFly ISP can select targets based on their IP address or Radius Logon Name. Furthermore, FinFly ISP can remotely install monitoring solutions through websites visited by the target, as well as inject remote monitoring solutions as software updates.[44] In other words, FinFisher products, such as FinFly LAN, FinFly Web and FinFly ISP, can target individuals, take control of their computers and their data, and capture even encrypted data and communications with the help of metadata alone.

The example of FinFisher products illustrates that metadata can potentially be as “harmful” as content data, if acquired unlawfully and without individual consent.[45] Thus, surveillance schemes, such as PRISM and India's CMS, which capture metadata without individuals' consent can potentially pose a major threat to the right to privacy and other human rights.[46] Privacy can be defined as the claim of individuals, groups or institutions to determine when, how and to what extent information about them is communicated to others.[47] Furthermore, privacy is at the core of human rights because it protects individuals from abuse by those in power.[48] The unlawful collection of metadata exposes individuals to the potential violation of their human rights, as it is not transparent who has access to their data, whether it is being shared with third parties or for how long it is being retained.

It is not clear if Indian law enforcement agencies are actually using FinFisher products, but the Citizen Lab did find FinFisher command and control servers in the country which indicates that there is a high probability that such spyware is being used.[49] This probability is highly concerning not only because the specific spy products have such advanced capabilities that they are even capable of capturing encrypted data, but also because India currently lacks privacy legislation which could safeguard individuals.

Thus, it is recommended that Indian law enforcement agencies are transparent and accountable if they are using spyware which can potentially breach their citizens' human rights and that privacy legislation is enacted into law. Lastly, it is recommended that all surveillance technologies are strictly regulated with regards to the protection of human rights and that Indian authorities adopt the principles on communication surveillance formulated by the Electronic Frontier Foundation and Privacy International.[50] The above could provide a decisive first step in ensuring that India is the democracy it claims to be.

[1]. Robert Anderson (2013), “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, http://bit.ly/1cIhu7G

[2]. Gamma Group, FinFisher IT Intrusion, http://bit.ly/fnkGF3

[3]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[4]. Michael Lewis, “FinFisher Surveillance Spyware Spreads to Smartphones”, The Star: Business, 30 August 2012, http://bit.ly/14sF2IQ

[5]. Marcel Rosenbach, “Troublesome Trojans: Firm Sought to Install Spyware Via Faked iTunes Updates”, Der Spiegel, 22 November 2011, http://bit.ly/14sETVV

[6]. Intercept Review, Mozilla to Gamma: stop disguising your FinSpy as Firefox, 02 May 2013, http://bit.ly/131aakT

[7]. Intercept Review, LI Companies Review (3) – Gamma, 05 April 2012, http://bit.ly/Hof9CL

[8]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[9]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[10]. Ibid.

[11]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[12]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[13]. Gamma Group, FinFisher IT Intrusion, FinSpy: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/zaknq5

[14]. Gamma Group, FinFisher IT Intrusion, FinSpy Mobile: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/19pPObx

[15]. Gamma Group, FinFisher IT Intrusion, FinFly USB: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/1cJSu4h

[16]. Gamma Group, FinFisher IT Intrusion, FinFly LAN: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/14J70Hi

[17]. Gamma Group, FinFisher IT Intrusion, FinFly Web: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/19fn9m0

[18]. Gamma Group, FinFisher IT Intrusion, FinFly ISP: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/13gMblF

[19]. Gerry Smith, “FinSpy Software Used To Surveil Activists Around The World, Reports Says”, The Huffington Post, 13 March 2013, http://huff.to/YmmhXI

[20]. Jeremy Kirk, “FinFisher Spyware seen Targeting Victims in Vietnam, Ethiopia”, Computerworld: IDG News, 14 March 2013, http://bit.ly/14J8BwW

[21]. Reporters without Borders: For Freedom of Information (2012), The Enemies of the Internet: Special Edition: Surveillance, http://bit.ly/10FoTnq

[22]. Privacy International, FinFisher Report, http://bit.ly/QlxYL0

[23]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, “You Only Click Twice: FinFisher's Global Proliferation”, The Citizen Lab, 13 March 2013, http://bit.ly/YmeB7I

[24]. Gamma Group, FinFisher IT Intrusion, FinSpy: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/zaknq5

[25]. Adi Robertson, “Paranoia Thrives at the ISS World Cybersurveillance Trade Show”, The Verge, 28 December 2011, http://bit.ly/tZvFhw

[26]. Gerry Smith, “FinSpy Software Used To Surveil Activists Around The World, Reports Says”, The Huffington Post, 13 March 2013, http://huff.to/YmmhXI

[27]. BBC News, “India arrests over Facebook post criticising Mumbai shutdown”, 19 November 2012, http://bbc.in/WoSXkA

[28]. Indian Ministry of Law, Justice and Company Affairs, The Information Technology (Amendment) Act, 2008, http://bit.ly/19pOO7t

[29]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[30]. Phil Muncaster, “India introduces Central Monitoring System”, The Register, 08 May 2013, http://bit.ly/ZOvxpP

[31]. Glenn Greenwald & Ewen MacAskill, “NSA PRISM program taps in to user data of Apple, Google and others”, The Guardian, 07 June 2013, http://bit.ly/1baaUGj

[32]. BBC News, “Google, Facebook and Microsoft seek data request transparency”, 12 June 2013, http://bbc.in/14UZCCm

[33]. National Information Standards Organization (2004), Understanding Metadata, NISO Press, http://bit.ly/LCSbZ

[34]. Ibid.

[35]. The Hindu, “In the dark about 'India's PRISM'”, 16 June 2013, http://bit.ly/1bJCXg3 ; Glenn Greenwald, “NSA collecting phone records of millions of Verizon customers daily”, The Guardian, 06 June 2013, http://bit.ly/16L89yo

[36]. Robert Anderson, “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, 01 July 2013, http://bit.ly/1cIhu7G

[37]. Microsoft: Corporate Citizenship, 2012 Law Enforcement Requests Report,http://bit.ly/Xs2y6D

[38]. Google, Transparency Report, http://bit.ly/14J7hKp

[39]. Guardian US Interactive Team, A Guardian Guide to your Metadata, The Guardian, 12 June 2013, http://bit.ly/ZJLkpy

[40]. Matt Blaze, “Phew, NSA is Just Collecting Metadata. (You Should Still Worry)”, Wired, 19 June 2013, http://bit.ly/1bVyTJF

[41]. Ibid.

[42]. Gamma Group, FinFisher IT Intrusion, FinFly LAN: Remote Monitoring & Infection Solutions, WikiLeaks: The Spy Files, http://bit.ly/14J70Hi

[43]. Gamma Group, FinFisher IT Intrusion, FinFly Web: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/19fn9m0

[44]. Gamma Group, FinFisher IT Intrusion, FinFly ISP: Remote Monitoring & Intrusion Solutions, WikiLeaks: The Spy Files, http://bit.ly/13gMblF

[45]. Robert Anderson, “Wondering What Harmless 'Metadata' Can Actually Reveal? Using Own Data, German Politician Shows Us”, The CSIA Foundation, 01 July 2013, http://bit.ly/1cIhu7G

[46]. Shalini Singh, “India's surveillance project may be as lethal as PRISM”, The Hindu, 21 June 2013, http://bit.ly/15oa05N

[47]. Cyberspace Law and Policy Centre, Privacy, http://bit.ly/14J5u7W

[48]. Bruce Schneier, “Privacy and Power”, Schneier on Security, 11 March 2008, http://bit.ly/i2I6Ez

[49]. Morgan Marquis-Boire, Bill Marczak, Claudio Guarnieri & John Scott-Railton, For Their Eyes Only: The Commercialization of Digital Spying, Citizen Lab and Canada Centre for Global Security Studies, Munk School of Global Affairs, University of Toronto, 01 May 2013, http://bit.ly/ZVVnrb

[50]. Elonnai Hickok, “Draft International Principles on Communications Surveillance and Human Rights”, The Centre for Internet and Society, 16 January 2013, http://bit.ly/XCsk9b

For more details visit http://editors.cis-india.org/internet-governance/blog/fin-fisher-in-india-and-myth-of-harmless-metadata

High Level Comparison and Analysis of the Use and Regulation of DNA Based Technology Bill 2017

elonnai — 2017-08-11T02:16:52Z

This blog post seeks to provide a high level comparison of the 2017 and 2015 DNA Profiling Bill - calling out positive changes, remaining issues, and missing provisions.

In July 2017 the Law Commission published a report on DNA profiling and the “Draft Use and Regulation of DNA Based Technology Bill 2017”. India has been contemplating a draft DNA Profiling Bill since 2007. There have been two publicly available versions of the bill, 2012, and 2015, and one version in 2016. In 2013, the Department of Biotechnology formulated an Expert Committee to discuss different aspects and issues raised regarding the Bill towards finalizing the text. The Centre for Internet and Society was a member of the Expert Committee, and in its conclusion, issued a note of dissent to the Expert Committee for DNA Profiling.

This post provides a high level overview of the Use and Regulation of DNA Based Technology Bill 2017 and calls out positive changes from the 2015 Bill, remaining issues, and missing provisions. The post also calls out if, and where, CIS's recommendations to the Expert Committee have been incorporated.

If enacted, the 2017 Bill will establish national and regional DNA data banks that will maintain five different types of indices: a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. The data banks will be led by a Director, responsible for communicating information with requesting entities, foreign states, and international organizations. Information relating to DNA profiles, DNA samples, and records maintained in a DNA laboratory can be made available in six instances: to law enforcement and investigating agencies, in judicial proceedings, for facilitating prosecution and adjudication of criminal cases, for taking defence of an accused, for investigation of civil disputes, and other cases which might be specified by regulations. Offences related to unauthorized disclosure of information in the DNA data bank, obtaining information from DNA data banks without authorization, unlawful access to information in the DNA Data Bank, using DNA sample or result without authorization, and destroying, altering, contaminating, or tampering with biological evidence.

Below are some key positive changes from the 2015 Bill, remaining issues, and missing safeguards from the 2017 Bill:

Positive Changes: The Bill contains a number of positive changes from the 2015 draft. Key ones include:

Consent: Section 21 prohibits the taking of samples from arrested persons without consent, except in the case of a specified offence - a specified offence being any offence punishable with death or imprisonment for a term exceeding seven years. If consent is refused, a magistrate can order the taking of the sample. This can be in the case of any matter listed in the Schedule of the Act. Section 22 provides for consent from volunteers. It is important to note that despite being an improvement from the 2015 Bill, which did not address instances of collection with our without consent, this provision is still broad as the list of offences under the Schedule is expansive and can be further expanded by the Central Government. Furthermore, the Magistrate can overrule a refusal of consent of the parent or guardian of a voluneet who is a minor, which does not provide adequate protection to childrens' rights.
Deletion: Section 31 defines instances for deletion of suspect profiles, under trial profiles, and all other profiles. Though a step in the right direction, as the 2015 Bill only addressed retention and deletion of the offenders index, this provision does not address the automatic removal of innocents.
Purpose limitation: Section 33 limits the purpose of profiles in the DNA Data Bank to that of facilitating identification. This is a positive step from the 2015 Bill - which enabled use of DNA profiles for the creation and maintenance of a population statistics data bank. Section 34 also limits the purposes for which information relating to DNA profiles, samples, and records can be made available.
Destruction of samples: Section 20 defines instances for destruction of DNA samples. Destruction of samples was not address in the 2015 Bill, and is an important protection as it prevents samples from being re-analyzed.
Comparison of profiles: Section 29 clarifies that if the individual is not an offender or a suspect, their information will not be compared with DNA profiles in the offenders’ or suspects index. This creates an important distinction between types of indices held in the data bank and the purpose for the same i.e missing persons are not treated as potential offenders. In the 2015 Bill, profiles entered in the offenders or crime scene index could be compared by the DNA Data Bank Manger against all profiles contained in the DNA Data Bank.
Re-testing: Section 24 allows for an accused person to request for a re-examination of fresh bodily substances if it is believed the sample has been contaminated. The closest provision to this in the 2015 was the creation a post - conviction right for DNA profiling - which is now deleted. It is important to note that fresh samples can easily be obtained from individuals, but if contamination happens at a crime scene, it is much more difficult to obtain a fresh sample.
Limiting Indices and including a crime scene index: The 2017 Bill limits the number of indices to five - a crime scene index, missing persons, offenders, suspects, and unknown deceased persons. This is an improvement from the 2015 Bill which provides for the maintenance of indices in the DNA Bank and includes a missing person’s index, an unknown deceased person’s index, a volunteers’ index, and such other DNA indices as may be specified by regulation.

Remaining Issues: There are some remaining issues in the 2017 Bill. Some of these include:

Delegating and Expanding through Regulation: The Bill delegates a number of procedures to regulation - many which should be in the text of the Bill. For example: the format for receiving and storing DNA profiles, and additional criteria for entry, retention, and deletion of DNA profiles. Furthermore, a number of provisions allow for expansion through regulation. For example, the sources from which DNA can be collected from to be expanded as specified by regulations. Further purposes for making DNA profiles available can be defined by regulation. Important procedures such as privacy and security safeguards are also left to regulation.
Broad Powers and Composition of the Board: The Bill designates twenty one responsibilities to the Board. As pointed out in 1, many of these should be detailed in the text of the legislation.

While serving on the Expert Committee,CIS recommended that the functions of the DNA Profiling Board should be limited to licensing, developing standards and norms, safeguarding privacy and other rights, ensuring public transparency, promoting information and debate and a few other limited functions necessary for a regulatory authority. This recommendation has not been incorporated.

Ideally, the Board should also include privacy experts, an expert in ethics, as well as civil society. Towards this, the Board should be comprised of separate Committees to address these different functions. There should be a Committee addressing regulatory issues pertaining to the functioning of Data Banks and Laboratories and an Ethics Committee to provide independent scrutiny of ethical issues.

As a positive note, the reduction of the size of the Board was agreed upon by the Expert Committee from 16 members (2012 Bill) to 11 members. This reccomendation has been incorporated.

CIS also provided language regarding how the Board could consult with the public:The Board, in carrying out its functions and activities, shall be required to consult with all persons and groups of persons whose rights and related interests may be affected or impacted by any DNA collection, storage, or profiling activity. The Board shall, while considering any matter under its purview, co-opt or include any person, group of persons, or organisation, in its meetings and activities if it is satisfied that that person, group of persons, or organisation, has a substantial interest in the matter and that it is necessary in the public interest to allow such participation. The Board shall, while consulting or co-opting persons, ensure that meetings, workshops, and events are conducted at different places in India to ensure equal regional participation and activities. This language has not been fully incorporated

Lack of Authorization Procedure: Though the Bill defines instances of when DNA information can be made available, it fails to establish or refer to an authorization process for making information available and the decision currently seems to rest with the DNA Bank Director.
Expansive Schedule: The Bill creates a schedule containing a list of matters for DNA testing which includes whole acts and a range of civil disputes and matters that are broad and do not relate to criminal cases - most notably “issues relating to immigration or emigration and issues relating to establishment of individual identity.”
Unclear Data Stored: Though the Bill clarifies the circumstance that the identity of the individual will be associated with a profile, it allows for ‘information of data based on DNA testing and records relating thereto” to be stored, yet it is unclear what information this would entail.
Lack of procedures for chain of custody: Presently, the Bill defines quality assurance procedures for a sample that is already at the lab. There are no provisions defining a process for the examination of a crime scene and laying down standards for the chain of custody of a sample from the crime scene to a DNA laboratory.

Missing Safeguards:

There are some safeguards that, if added, would strengthen the Bill and ensure rights to the individual:

Notification to the individual: There are no provisions that ensure that notification is given to an individual if his/her information is accessed or made available.
Right to challenge: There are no provisions that give the individual the right to challenge the storage of their DNA.
Established profiling standard: Though the Law Commission report refers to the 13 CODIS standard, the Bill does not mandate the use of the 13 CODIS profiling standard.
Reporting standard: There are no standards for how matches or other information should be communicated from the DNA director to the authority or receiving entity including instances of partial matches.
Right to access and review: There are no provisions that allow an individual to review his/her information contained in the regional or the national database.
Lack of costing: There is no cost estimate in the report or a requirement for one to be carried out.
Study for the potential for false matches: This must consider the size of the population and large family size, i.e. relatively large numbers of closely related people and is particularly necessary given the the size over population as large as India's.

Importantly, in the DNA Expert Committee, CIS requested the Expert Committee that the Bill be brought in line with the nine national principles defined in the Report of Experts on Privacy led by Justice AP Shah. These include the principles of notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness, and accountability. These principles have not been fully incorporated.

For more details visit http://editors.cis-india.org/internet-governance/blog/high-level-comparison-and-analysis-of-the-use-and-regulation-of-dna-based-technology-bill-2017

Enabling Elections

nirmita — 2014-05-10T00:12:00Z

For making the 2014 General Elections in India participatory and accessible for voters with disabilities the Centre for Law and Policy Research and the Centre for Internet and Society have come up with a report. The report addresses the barriers that people with disabilities face during elections and recommends solutions for the same.

Executive Summary

The report examines three main areas:

The barriers that people with disabilities face at the time of elections.
The legal framework around this issue.
The measures which need to be taken to eliminate the barriers in the pre-voting phase, during voting phase and also post-voting phase, so as to enhance the participation of voters with disabilities.

Access to the public sphere and full political participation is a matter of right for persons with disabilities and the state is constitutionally mandated to enforce this right. The rights of voters with disabilities are examined under the constitutional provisions, the Representation of People’s Act 1951, the relevant directions of the Supreme Court and the international conventions. This report also considers international best practices while making recommendations, to the extent that they are suitable and practical in the Indian context.

This report looks at Electoral Participation in two dimensions:

“Pre-electoral Participation” and
“Actual Electoral Participation”

The report then goes on to make recommendations for enhancing accessibility in both these categories.

On Pre-electoral Participation, the report inter alia recommends the following:

Opportunities for people with disabilities to participate in public consultations.
Immediate outreach programs for higher voter registrations.
Making election material and candidate guides available in different formats such as large print, Braille and audio formats upon request so that voters can have full knowledge of the candidate they want to vote for.
Providing information for voters about locations which have special access, wheelchair facilities, technological assistance for visually impaired, etc.

On Actual Electoral Participation, we inter alia recommend the following:

Accessible polling sites.
Training election staff to be sensitive to diverse needs of voters.
Enabling privacy and independent voting by persons with disabilities.
Arranging for mobile polling booths.
Making EVM’s compatible and accessible such as by providing for Braille, large print.
Tactile buttons, 'sip and puff' and audio devices.

The report also recommends the need to monitor participation of voters with disabilities in the forthcoming elections.There is a need to collect data, surveys and studies in the pre-election, election and post-election phases.

Click here to download and read the full report (PDF, 4.5 MB)

For more details visit http://editors.cis-india.org/accessibility/blog/enabling-elections

Comments on the DoT Panel Report via MyGov

pranesh — 2015-09-26T10:16:44Z

On behalf of the Centre for Internet and Society, I must commend the Department of Telecom Panel on its report. Overall, it displays a far better understanding of the underlying issues than the TRAI consultation paper did, and is overall a good effort at balancing the different sides. However, some of its most important recommendations are completely off-mark and would be disastrous if accepted by the government.

It is praiseworthy that the panel emphasizes the separation in regulatory terms between the network layer and the service layer. This also means that telecom carriers should be regulated differently from OTT services.

Licensing of Communication OTT Services

The proposal by the DoT panel of a licensing regime for communication OTT services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case; as the panel itself notes, apps that lower the cost of communication are a welcome development and should be encouraged by the government and not made presumptively unlawful.

While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme.

A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber, or free/open source technologies like WebRTC. The Universal Licence is designed for a world where all the licencees have an operational presence in India. This is not true of communications OTT services. Therefore a licensing regime would unjustly favour some services over others.

Further, VoIP services need not be provided by a company: a person can choose to run XMPP, SIP, or Mumble — all of which are protocol that support VoIP — on their own computers. Will a licensing regime force such individuals' many of whom may not be Indian nationals — to become licence-holders if they facilitate domestic communications within India? The DoT panel report doesn't say. This would also result in a licensing regime unjustly favouring some services over others.

The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as personal assistance apps like HelpChat, are centred around communications. It also does not mention what regulatory distinction exists between text communication services and video/voice communication services, or between purely domestic and international video/voice communications. Stating that certain telecom companies are currently earning most of their revenue from domestic voice traffic will not suffice as a regulatory, just as it did not suffice to say that VSNL's international telephony monopoly earned it a lot of money. Regulatory fairness is the important issue and not protecting specific business models. Thus, there is no rational distinction to be drawn. Even if the panel has some regulatory distinction that it has not stated, this is an impossibility to enforce. Much domestic IP traffic is 'round-tripped', with traffic leaving India and coming back in. How would the regulator propose to regulate that?

Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report.

Given these numerous objections and unanswered questions, the government would be well-advised not seek to license OTT communications services. Instead, it would be useful for the government to hold public consultations about:

1. What Universal Licence conditions makes sense in the world of IP-based services, and international services?
2. How can we frame ex-post regulations that address legitimate concerns? Is there overlap with provisions of the IT Act such as s.69, s.69B, s.79, and others?
3. How can we ensure that the regulatory burden for telecom players with respect to their being able to provide IP-based services that are equivalent to OTT communication services?

Net neutrality

While the DoT panel reiterates a number of times that the core principles of Net neutrality should be adhered to, it nowhere defines what these core tenets are. We suggest the following definition:

net neutrality is the principle that we should regulate gatekeepers to ensure they do not use their power to unjustly discriminate between similarly situated persons, content or traffic.

The above definition applies to the way the ISPs treat consumers, treat interconnecting networks, as well as the way they treat traffic internally.
We agree with the panel that in that while Net neutrality should find place in a new law, for the time being Net neutrality principles can be enforced through the licence agreement between the DoT and telecom providers.

Traffic Management

It is unclear what precisely the DoT panel means by "application-agnostic" and "application-specific" network management. Different scholars on this issue — such as Barbara van Schewick and Christopher Yoo — mean different things when they use the word "application". Without a definition, it is difficult to say whether the panel's recommendation on that front are sound.
Instead, we suggest the following tests:
Discrimination between classes of traffic for the sake of network management should only be permissible if:

there is an intelligible differentia between the classes which are to be treated differently, and
there is a rational nexus between the differential treatment and the aim of such differentiation, and
the aim sought to be furthered is legitimate, and is related to the security, stability, or efficient functioning of the network, or is a technical limitation outside the control of the ISP, and
the network management practice is the least harmful manner in which to achieve the aim.

As for the provision of enterprise and managed services, which we more broadly term "specialized services", we would recommend:

Provision of specialized services is permitted if and only if it is shown that
The service is available to the user only upon request, and not without their active choice, and
The service cannot be reasonably provided with "best efforts" delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or
The discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.

Lastly, we would recommend that the above regulatory guidlines only be applied against ISPs, and not against public providers of Internet connectivity, such as a library, a school, an airport, a hotel, etc.

Zero-rating

On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".

Much of the discussion around zero-rating has been happening around an assumption of common understanding of the phrase. Unfortunately, that is not true. There is no consensus as to whether a "special Facebok pack of 200MB for Rs.20" offered by a telecom company constitutes zero-rating or not. Without a working definition of zero-rating, not much progress can be made.

We propose the following as a definition:

Zero-rating is the practice of not counting (aka "zero-rating") certain traffic towards a subscriber's regular Internet usage.

The zero-rated traffic could be zero-priced or fixed-price; capped or uncapped; subscriber-paid, Internet service-paid, paid for by both, or unpaid; content- or source/destination-based, or agnostic to content or source/destination; automatically provided by the ISP or chosen by the customer.

We believe that zero-rating can be non-discriminatory in nature, and such zero-rating should not be prohibited. Having a system with both ex-ante and ex-post checks is rather heavy-handed regulation, but since the issue is very contentious in India, we believe it might be merited.

We thank you for giving us this opportunity to comment.
Pranesh Prakash, Policy Director at the Centre for Internet and Society

For more details visit http://editors.cis-india.org/telecom/blog/comments-on-dot-panel-report-via-mygov

Crowdsourcing Incidents of Communication Privacy Violation in India

sumandro — 2015-10-16T10:49:17Z

In the context of several ongoing threads of debates and policy discussions, we are initiating this effort to crowdsource incidents of violation of digital/online/telephonic privacy of persons and organisations in India. The full list of submitted incidents is publicly shared, under Creative Commons Attributions-ShareAlike 4.0 International license. Please contribute and share with your friends and colleagues.

Report an incident: http://goo.gl/forms/8Xcf0zcWZW

Collected incidents: http://bit.ly/privacy-violation-india (CC BY-SA 4.0)

You are welcome to cross-post this to your website or other online forum. Please provide attribution, and link back to this page. For any clarification, write to Sumandro Chattapadhyay, Research Director, CIS, at sumandro[at]cis-india[dot]org.

For more details visit http://editors.cis-india.org/internet-governance/crowdsourcing-incidents-of-communication-privacy-violation-in-india

An Introduction to Spectrum Sharing

beli — 2014-03-20T09:34:06Z

We will look at how current technology – mainly GSM, but also CDMA and touching upon LTE - shares spectrum, how they might share spectrum, the trade-off between spectral (in this case, 'trunking') and 'economic' efficiency in the traditional, purely intra-operator shared scenario, and how it might be overcome by inter-operator sharing.

The Current Scenario – Wi-Fi, GSM and CDMA: A Primer from the Perspective of Spectrum Coordination

Sharing spectrum is not a radically new idea: it's probably being shared in many places in your living room. Your family's phones could be communicating with your laptops using Bluetooth; your Wi-Fi router is sharing Wi-Fi spectrum with your next door neighbor's. There is no central brain that tells each device how to share spectrum, but each device pair (phone+laptop, for example) has some unique identifier (a code) that enables them to hear each other over the “noise” created by the other devices, as though they were speaking different languages. Each device can access the same frequencies at the same time and place, but does not know in advance which other devices are going to use them, and as long as there aren't too many such devices close to each other, the scheme works well.

From a technological standpoint, this is one of two kinds of spectrum coordination that's currently in wide use: the second is where each device is given a narrow sliver of frequency to itself for a specified period of time.[1] This is what happens with GSM cellphone technology: the service provider's tower allocates frequency — from the pool of frequencies available — to users on a per-call basis: this is called Frequency Division Multiple Access, or FDMA. GSM further divides access between different users in the same frequency channel in the time domain with bursts of data of the order of milliseconds, something called Time Division Multiple Access or TDMA; you'd be sharing your frequency channel with up to seven other people[2] and your content would be sent in sub-millisecond bursts approximately every five milliseconds.

Code Division Multiplexing, or CDMA, Is concept that assigns a user a 'code' for the duration of her call that effectively makes interference from other users, with other codes, appear as noise. The following picture illustrates FDMA, TDMA and CDMA:[3]

The preceding discussion would suffice for a single cell tower, alone in a desert. In the real world, there's more than one tower, so we'll have to create a system so that no two adjacent towers end up allocating the same frequency at the same time. The simplest way to do that, and the only one currently used, is splitting the available spectrum such that the range of frequencies available to a tower does not intersect with that available to any of its neighbors, ever – that way, a tower can only allocate from its own set of frequencies, but it need not concern itself with what its neighbors are doing. If adjacent towers were to share spectrum, then the preceding condition only needs to apply at that exact moment in time – at that precise instant a tower should be aware of the frequencies being used by all towers that are close enough to interfere with it, and pick a frequency outside that set, which it can use for the duration of a call.

Frequency Reuse

When there weren't so many cellphones crowding up the spectrum, it did not make economic sense to invest in the extra infrastructure required to make neighboring towers 'talk' to each other with low latency, so the solution we have now, even within the towers of a single service provider, is that any tower's neighbors do not intrude upon the spectrum assigned to that particular tower — what a neighbour is in this statement is qualified below. To start with, let's look at how towers could ideally be placed. We want to place towers on the ground in some regular pattern that makes them end up equidistant from each other: there are as many ways of doing that as there are of tiling a plane, which you can think of as tiling a bathroom with regular shapes (called 'regular polygons' by the pedantic).

Starting from the simplest, we can do it with tiles shaped like triangles, squares or hexagons, and a little thought will convince you that these are the only choices. Since a tower's signal would be 'strong enough' only up to some maximum radius, we'd ideally like to tile our plane with circles, but if we settle for the next best thing, the closest shape to a circle with which to tile the plane is a hexagon, in a honeycomb pattern; if you're looking at it from above, the towers would be placed as in the diagram below.[4]

This is just a part of a much larger honeycomb on the ground; the towers go in the center of the hexagons, where the numbers are; why the numbers are as they are will become clear in a couple of lines. Let's focus at tower 1 in the center of the diagram for our example. If the signals decay slow enough — so that the signals radiated from the nearest neighbors (towers surrounding 1, i.e. 2 through 7) and the next-nearest neighbors (towers two steps away from 1, with numbers from 2 through 7), interfere significantly with tower 1 in the center, but the next-to-next-nearest neighbors (three steps away from 1) do not, then the frequency reuse pattern can be like what we see in the diagram above, with towers denoted by the same number (and only the same number) using same exclusive set of frequencies. In this example, the closest towers with the same frequency as the central tower are the 1's in the hexagons at the edge – the frequency reuse factor is 3 (see footnote). In this diagram, the ordering of the numbers makes no difference – the situation would be the same if we exchanged the position of every, say, 1 and 3.

In reality the grid of towers of a particular operator covering a city is rarely hexagonal, due to local constraints, so what needs to be taken care of is not to use the frequencies that the nearest neighbors, next-nearest neighbors and so on are using depending upon the frequency reuse factor.[5] It's clear that without the towers being able to communicate in near-real time, with and FDMA/TDMA system like GSM, this is the optimal — and, in fact, the only — way to go.

Neighbouring towers sharing spectrum

Everything changes, though, if the towers can communicate and coordinate fast enough — in theory, at least, all the service provider's towers could pick spectrum from a common pool.[6] In fact, every service providers could put their spectrum into a common pool from which frequencies can be allocated to users as before. This would increase trunking efficiency and thereby the maximum number of users per tower dictated by quality of service limits (both terms are defined in the next section), making more efficient use of the spectrum.

The Current Trade-off between Trunking and 'Economic' Efficiency: The Principal Argument for (Inter-operator) Shared Spectrum

Imagine the following scenario:

We have 5 MHz of spectrum split it into five channels of one MHz each;
Five thousand people own cell phones and each is assigned a channel so that there are a thousand cellphone users per channel;
People call infrequently: calls are randomly distributed but on average, in each channel, five people attempt to make a call every minute and each call is ten seconds long.

In this way, a lot of people can use a few channels with a reasonable hope that their calls will be connected, a phenomenon called 'trunking'. Chances are high, however, that at least one person's going to make a call before the previous caller on her channel is done, and end up being blocked. The probability that a call will go through is factored into the Quality of Service (QoS) through the Erlang B Formula; roughly speaking, the less chance there is of a caller being blocked, the higher your QoS. It's essentially a question of queuing: the same logic can be applied to beds at a hospital. The number of hospital beds in a town would be much fewer than the number of people, but it works because everyone's not sick all the time; if people are sick more often, or for longer durations, the chances that someone won't get a bed would be higher:[7]

Suppose someone own an Airtel phone and Airtel's channels are all in use, but Vodaphone has a channel free at the time. Let's look at two alternatives:

a) she's not allowed to switch, and cannot make her call;
b) she's allowed to switch to the empty channel, and her call goes through.

Clearly, the second choice is better — and it has greater trunking efficiency.

In the current scenario, service providers get exclusive rights to chunks of spectrum. Naively, the more competitors (in this case, service providers like Airtel and Vodaphone) you have in a market, the better the competition. This, unfortunately, leads to a decrease in trunking efficiency — it's inversely proportional to the number of players in the market because every chunk of frequencies split between two service providers (every successive split) increases the chances for an event such as the one described above happening. The question that logically follows is: what is the optimal number of service providers for the Indian market? This is hard to find, and differs depending on who you ask — incumbents, for instance, may quote a smaller number, whereas prospective new entrants may quote a larger one. The number is controversial within policy-making circles as well, and is being debated as this article is being written. We note in passing that the number of competitors — and thus fragmentation of spectrum — is higher in the Indian market than most others.

If spectrum were shared, however, all this would be moot. This, therefore, is the primary argument towards spectrum sharing: better trunking efficiency as well as more competition — you can , in this instance, have it both ways.

CDMA and Spectrum Sharing

GSM is a simple example, where both the difficulty and the benefits of intra-operator spectrum sharing are readily apparent. Things get more difficult conceptually if we talk about newer technologies, so we'll have to get a little deeper into the technicalities. Code Division Multiple Access, or CDMA, allows phones to communicate using the same frequencies at the same time and place, but differentiated by codes — similar to WiFi but using different encoding schemes and technology. CDMA might look (from the analogy with Wifi) to require no central planning, but quality of service guarantees require that various phones in a 'cell' coordinate, and the coordinating agent happens to be that cell's tower. Two things need to happen: one, the code allocated to each phone needs to be sufficiently different,[8] at least with respect to other nearby phones, which means the tower has to allocate codes. Additionally, the distance involved between cellphone and tower (as against laptop and router) causes the near-far problem.[9]

For synchronous CDMA, the concept analogous to frequency reuse is code reuse — a tower needs to take into account the codes being used by its nearest neighbors, next-nearest neighbors and so on, which might be easier than coordinating timing in a TDMA system. For asynchronous CDMA (the most commonly used variant), even that is not required — the low cross-correlation pseudorandom codes that are used have so many possibilities that the likelihood of a collision would be small, though other users would appear as gaussian noise, so just like GSM, the number of users is limited by QoS limits. This makes intro-operator sharing of spectrum between adjacent towers easier and asynchronous CDMA ends up with a frequency reuse factor of 1, meaning that a tower can access the same set of frequencies as its (intra-operator) neighbor, hypothetically making it easier to use in a shared-spectrum system.

LTE

LTE uses Orthogonal Frequency Division Multiplexing, or OFDM, which can be – very roughly — thought of as combining ideas used in FDMA as well as CDMA, in that information is redundantly split between several frequencies ('subcarriers' in the literature) and each frequency can have more than one channel, using an orthogonal coding schemes like (synchronous) CDMA, where, as mentioned earlier, a mobile phone can distinguish its channel by its code. As it's an FDMA system, the benefits of frequency sharing for LTE can be inferred as above for GSM.

The Regulatory Perspective

The European Commission has this to say about shared spectrum:[10] “From a regulatory point of view, band sharing can be achieved in two ways: either by the Collective Use of Spectrum (CUS), allowing spectrum to be used by more than one user simultaneously without a license; or using Licensed Shared Access (LSA), under which users have individual rights to access a shared spectrum band”.

CUS is how unlicensed spectrum like Wi-Fi is currently used, which does not require a central 'brain' allocating spectrum to users. It requires no setup or organization before or during use. LSA is what shared spectrum would have to be like when used by service providers: it requires setup and organization but could offer better efficiency and quality of service because the central 'brain' — in this case the CPU at the cellphone tower — can figure out the most efficient way to allocate spectrum to users, just like a city's traffic lights coordinate the flow of traffic to prevent jams, and for that multiple towers — or multiple transmitters on a single tower — would have to coordinate somehow. In other words, you don't require approval before setting up your Wi-Fi router in your living room, but (depending upon the router, how many neighbors have routers, how close they are, and how far you are from your router) your connection might get dropped; this kind of thing is okay because there usually aren't that many people with routers living that close to each other, though that's fast changing. The 2.4 GHz Wi-Fi band is further crowded in by other microwave radio technologies, like Bluetooth and microwave ovens. Cellphones are a different thing altogether, because you wouldn't want your cellphone to stop working in the middle of a crowded bus if you're late en route to meeting someone at a coffee shop, or if you're being mugged and need to call the police. Therefore it is the service providers' and regulatory agencies' responsibility to provide a high (minimum) quality of service. This classification is symbolized by the following diagram:[11]

CUS falls on the left, being contention-based – that is, different user devices (eg, laptops) could contend with each other for the attention of the base station (eg, Wi-Fi router — random access, CSMA), whereas LSA is conflict-free (which would be the case if the router decides, period). The potential for conflict exists in CUS, there being multiple devices asking for spectrum, whereas for LSA, a central authority decides which device to allocate spectrum to at any particular point in space and time. CUS isn't total chaos, however: it would now be appropriate — taking a leaf from ex-FCC chief technology officer Jon M. Peha – to introduce the concepts of coexistence and etiquette.

In our Wi-Fi example, the Wi-Fi routers merely coexist, and the technological standard allows them to try and use the codes/spectral bands that are in their best interests, to best communicate with their client devices (though actual Wi-Fi routers also follow some sort of etiquette with other routers). One could additionally introduce some sort of etiquette into the equation by requiring that one router should, for example, “wait in the cue” for another — and vice versa — as and when required, as well as other requirements for cooperation depending upon the technology used. This minimal cooperation would be enough for them to, in Mr Peha's words, “greatly improve efficiency if and only if designed appropriately for the applications in the band” - depending upon the technology used, being too 'polite' could cause longer wait times that decrease efficiency. The situation is complicated by the existence of multiple technologies at the same spot – for example, your Bluetooth receiver, two-way radio and Wifi router working in the same room. If there is potential for interference, common communication protocols could be implemented to enable all those devices to 'talk' to each other and effectively follow some form of wireless etiquette so that they can cooperate and not get in each others way. This is all the more important as Wi-Fi will become an essential part of the cellphone communication network for 4G.

To conclude, there are many ways shared spectrum technology could hypothetically work, and in practice the core technologies that are used would dictate the details of the spectrum sharing solution. Spectrum sharing would reduce the regulatory conundrum that is spectrum allocation, and make more efficient use of spectrum — most obviously through trunking efficiency, though there may be other technological benefits depending upon the core technology used. For maximum efficiency and robustness, there would have to be some kind of rules followed, so that devices apply for spectrum like people in a cafeteria queue as opposed to the scrum you might find trying to get into an Indian bus; the etiquette we were talking about earlier should be baked into the design of the communication infrastructure. Some services (like voice calling) by their nature, need a guaranteed high QoS — need to be conflict-free — and therefore need Licensed Shared Access. Others need a minimum of regulation — but with the movement of what used to be CUS-appropriate devices (In many plans for 4G LTE-Advanced, specifically Wi-Fi) towards LSA-appropriate applications, a careful optimization needs to be done in deciding where to draw the line.

The Big Question: Infrastructure Sharing

We've gone through a thought experiment on intra- and inter-operator sharing of spectrum for the particular case of mobile towers in adjacent cells, and come to the general conclusion that the solution is in principle a question of fast and efficient coordination between the geographically separated towers, toward which there are two driving forces at present: the demand for more efficient use of spectrum by a growing body of users with growing data needs, and the supply of low latency, cheaper and higher bandwidth communication options using fiber-optic cables.

There are essentially two parts to the big question we're going to ask: one, what happens when there are multiple operators serving the same geographical area, and two, is it necessary to have multiple towers standing right next to each other for multiple operators?

To answer the first question, one could have a 'roaming' agreement between multiple operators at the same spot: if all the channels of one operator are busy, the user just has to switch to a channel of an operator which isn't. For the second, a single tower (the physical tower structure as well as the transmitting equipment on it) could serve any operator, who could rent it's usage on a per-call basis. That, in fact, already seems to be the case: Airtel and Vodaphone, for instance, each own a 42% share in India's largest tower corporation Indus Towers, the remaining 16% belonging to Idea Cellular.

To answer the first question, one could have a 'roaming' agreement between multiple operators at the same spot: if all the channels of one operator are busy, the user just has to switch to a channel of an operator which isn't.

For the second, a single tower (the physical tower structure as well as the transmitting equipment on it) could serve any operator, who could rent it's usage on a per-call basis. That, in fact, already seems to be the case: Airtel and Vodaphone, for instance, each own a 42% share in India's largest tower corporation Indus Towers, the remaining 16% belonging to Idea Cellular.

Infrastructure sharing will be explored further in a forthcoming post.

Coarse-grained Spectrum Sharing

For completeness, we should point out that there are more course-grained (simpler but less efficient) means of sharing in time as well as geography: the appropriate thought experiment is to imagine a radio station at the base of a hill that only has two shows, one for breakfast and one for dinner. Using its radio spectrum on the other side of that hill, or beyond the area it serves, would be fine at anytime; using it's spectrum in between the morning and evening shows would be fine anywhere.

Caveats

It must be emphasized at this point that the above is a purely hypothetical scenario, and not a prescription. Getting this to work would involve technical hurdles that a brief overview such as the one above could not bring up, that could only be discovered in the process of bringing the technology to market. Each technological solution – GSM, CDMA and LTE – would present its own difficulties, which may become apparent only when the product is shipped, so to speak. Fine technical judgments would need to be made: an example of the difficulty involved could be gauged from the early debates comparing the first CDMA standard (IS-95) with GSM at the time.

The economic model to use for shared spectrum and shared infrastructure is also something under intense discussion right now, and a number of scholarly papers have already been written up.

[1]. This is what you'd get in your first few Google search results when you look for “shared spectrum”, because the former has become so widely accepted that it's now part of the linguistic background.

[2]. Explained on http://www.radioraiders.com/gsm-frequency.html, referring to 3GPP spec http://www.3gpp.org/ftp/Specs/latest/Rel-7/45_series/45005-7d0.zip

[3]. From http://www.umtsworld.com/technology/cdmabasics.htm

[4]. From Mike Buehrer, William Tranter-Code Division Multiple Access (CDMA)-Morgan & Claypool Publishers (2006).

[5]. There are multiple definitions; the simplest one is “how many steps (in cells) that you have to walk from the tower before you can reuse the frequency”, which will suffice for us.

[6]. Of course, it's going to be messier in practices.

[7]. From http://www.vumc.com/branch/PICA/Software/

[8]. Orthogonal for synchronous CDMA, or 'sufficiently' orthogonal for asynchronous CDMA

[9]. Remember that the receiver on the tower has to demux (split) the signals received from many cellphones, and while a Wifi router would perhaps service multiple laptops in the same building, a CDMA tower has to work for a couple of hundred phones at varying distances – some a building-length away and some, many kilometers away. Every receiver has its own maximum signal to noise ratio, where the strength of the signal received has to be more that a certain fraction (which can be quite small, for a good receiver) of the strength of the electromagnetic (radio) noise it receives from other sources; cellphone towers have to deal with much larger signal to noise ratios than Wifi routers. For an FDMA or TDMA system, different users' data arrives at different frequency or time-slots, so as long as those slots are properly differentiated, one user's signal won't be another user's noise. For the commonly used asynchronous CDMA system, however, this is not the case, so at a receiver on a tower, the signal transmitted by a distant cellphone could be swamped by that from a much closer phone. The way this is dealt with is to have phones closer to the tower decrease their transmission power. So even in CDMA, the tower is still telling the phone what to change, only in this case it's the transmission power as opposed to the exact frequency and time.

[10]. http://ec.europa.eu/digital-agenda/en/promoting-shared-use-europes-radio-spectrum

[11]. From Mike Buehrer, William Tranter-Code Division Multiple Access (CDMA)-Morgan & Claypool Publishers (2006)

For more details visit http://editors.cis-india.org/telecom/blog/an-introduction-to-spectrum-sharing

Navigating the Digitalisation of Finance: User experiences of risks and harms

2025-04-10T05:49:23Z

Our study unpacks the experiences of marginalised users navigating the digitalisation of finance. Through a survey of 3,784 users, 18 interviews and 7 focus group discussions, our study’s findings highlight user experiences of risks and harms while accessing digital financial services, unpacking experiences specifically of persons with disabilities, transgender persons, gender and sexual minorities, elderly persons, women, regional language-first users, and persons facing digital and economic vulnerabilities.

Read the full report here

Executive Summary

The last couple of decades have seen significant changes in the financial ecosystem in India, both within the fintech sector and with respect to digital financial inclusion. The rapid growth in the reach of banking services to previously unbanked citizens through the Pradhan Mantri Jan Dhan Yojana has been followed by digitalisation in financial and public services.

However, a commensurate increase in digital and financial literacy has not followed, and rates of access to digital devices and the internet are still growing for many user groups, like rural women and regional language speakers. From the proliferation of fraudulent schemes and cybercrime to regulatory loopholes and inadequate consumer protections, the landscape of online financial services in India presents numerous risks. Factors such as weak cybersecurity measures, data breaches, lack of awareness among users, and the absence of comprehensive regulations create a fertile ground for financial scams. Simultaneously, rapid digitalisation of financial services, especially post demonetisation and the COVID-19 pandemic, has also brought to the fore concerns around omissions and exclusion of sections of users from databases, and a steep learning curve in adapting to this new digital ecosystem.

These combined factors open up users to a range of potential financial risks and harms, with differential impact on specific marginalised and vulnerable groups. With this understanding, we use the term digital financial harms to refer to adverse financial outcomes and other related detrimental consequences in the use of digital financial services.

Through this study, we aim to situate these experiences in a continuum of harms within a rapidly digitalising financial ecosystem. By exploring questions of access, accessibility and language we hope to bring aspects of cybersecurity, digital and financial literacy and design justice into conversation with each other. While some research has aimed to understand technology-facilitated gender based violence, financial fraud, misinformation, and other forms of digital risks in siloes, the correlations between these risks online remain severely understudied. In this report, we focus on the experiences of groups long marginalised within the financial system, to recommend that their needs are centred in shaping digital financial services.

Key questions guiding our research were:

How were digital financial risks understood and experienced by users of digital financial services across groups? What factors have amplified risks for marginalised and at-risk user groups?
What potential vulnerabilities, risks and harms have emerged relating to digital financial services around device and internet access, accessibility, challenges with use, exclusions from digitalised social protection, and forms of social engineering and digital financial fraud?
How accessible were digital financial service providers’ and governments’ reporting and grievance redressal systems?
What role should fintech platforms, social media platforms, banking and financial institutions, government, and regulatory bodies play in reducing digital financial risks across the ecosystem?

This was a mixed methods study, consisting of a review of available literature in the field, followed by quantitative and qualitative data collection through surveys and in-depth interviews. The report highlights the experiences of persons with disabilities, gender minorities, the elderly, low income users, and regional language first users; to better understand how discrimination, exclusion or slow redressal processes may increase their risk or cause disproportionate harm when using digital financial services. It discusses users’ experiences of fraud in the context of an evolving regulatory ecosystem, as well as practical challenges users face with redressal systems.

Key findings include:

Access to digital financial services, still requires improving access and accessibility of physical and phygital banking services, and good internet connectivity.
Even among mobile phone owners, many users still rely on shared devices, particularly among women and persons with disabilities.
There is a high need for support in utilising net banking services, with 60% of surveyed netbanking users mentioning that they sought help to conduct online banking transactions. Migrating to digital financial services is not a purely digital journey for users who are still building comfort with digital interfaces, or those whose languages are deprioritised in the development of digital financial platforms.
Age, gender, and income were significant factors in the access to the internet, and adoption of digital financial services. For instance, women and transgender persons over 45 years were less likely to have a Unified Payments Interface (UPI) account. Women, transgender persons, and disabled users of UPI were also more likely to be infrequent users compared to the rest of the sample.
Over reliance on digital platforms for the administration of direct benefit transfer programmes results in challenges and risks of exclusions for beneficiaries.
While awareness of common forms of fraud is high, awareness of security protocols, Know Your Customer (KYC) requirements and markers of trustworthy banking and non-banking institutions is low.
Irrespective of the amount of money lost during frauds, it caused significant financial and emotional burden, especially for low-income persons.
In the absence of monitoring frameworks, bad actors within the financial system are able to exploit vulnerabilities like the dependence of account holders on banking correspondents.
Gender and sexual minorities, and women face disproportionate impacts of harm in the event of financial loss, including the consequences of image-based sexual abuse, victim blaming, domestic violence and limits on financial independence.
Ineffective grievance redressal for cybercrimes is a major deterrent to reporting.
Digitalisation and the use of assistive technology have allowed some persons with visual impairments to gain relative levels of independence in managing their own finances and conducting transactions. However, implementation of accessibility policies and features remains uneven, and is marred by the continued exclusion and discrimination within traditional banking services.

Based on these findings, this report offers a set of recommendations addressed to stakeholders within the financial ecosystem such as banking and other financial institutions, regulatory bodies, fintech companies, cybersecurity professionals, as well as social media platforms and civil society organisations working on digital inclusion, safety and literacy. The recommendations offer nuanced perspectives on how digital financial harms can be prevented and mitigated based on our interactions with various stakeholders during the research process.

Key recommendations emerging from the study are:

Create meaningful connectivity and access to digital platforms by improving public infrastructure and addressing the challenges associated with shared devices and mediated use.
Improve platform design to engender trust; increase accessibility and usability through assessment and better implementation of available technologies, regular design audits and facilitate availability in Indian languages.
Building awareness and capacity across user and stakeholder groups through customised and inclusive programming, working in partnership with communities.
Centre consumer protection in regulatory interventions and approaches to law enforcement, by implementing robust time-sensitive reporting and redressal mechanisms, placing accountability on financial institutions, and monitoring and curbing fraudulent activity.
Encourage transparent governance and public oversight by measuring and evaluating digital public infrastructures to maximise their public value.

Contributors

Research design and/or report writing: Amrita Sengupta, Chiara Furtado, Garima Agrawal, Nishkala Sekhar, Puthiya Purayil Sneha, and Vipul Kharbanda

Research advice and/or review: Antara Rai Chowdhury, Janaki Srinivasan, Nayantara Sarma, Palak Gadhiya, Pallavi Bedi, Sameet Panda, Semanti Chakladar, Shashidhar K J, Shweta Mohandas, and Taranga Sriraman

Research and/or data analysis support: Chetna V M, Pallavi Krishnappa, and Yesha Tshering Paul

Data analysis: Chiara Furtado, Garima Agrawal, and Nishkala Sekhar

Research tool translation: Aravind R (Kannada), Balaji J (Tamil), Bhaskar Bhuyan (Assamese), Nettime Sujata (Bangla), and Suresh Khole (Marathi)

Research tool pilots: Raveenaben (Megha Cooperative, SEWA), Sunaben (Megha Cooperative, SEWA), and Raja Mouli N

Data collection (survey): D-Cor Consulting

Data collection (focus group discussions): D-Cor Consulting; Jnana Prabodhini, Pune; Transgender Rights Association, Chennai; and Subodh Kulkarni

This work is shared under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0)

For more details visit http://editors.cis-india.org/raw/navigating-the-digitalisation-of-finance

Digital Futures: Internet Freedom and Millennials

nishant — 2012-02-15T04:25:50Z

Last year was a turbulent year for freedom of speech and online expression in India. Early in 2011 we saw the introduction of an Intermediaries Liability amendment to the existing Information Technologies Law in the country, which allowed intermediaries like internet service providers (ISPs), digital content platforms (like Facebook and Twitter) and other actors managing online content, to remove material that is deemed objectionable without routing it through a court of law. Effectively, this was an attempt at crowdsourcing censorship, where at the whim or fancy of any person who flags information as offensive, it could be removed from digital platforms, writes Nishant Shah in DMLcentral on 3 February 2012.

While we were still reeling from the potential abuse this could lead to – from weekend drunken games where people send take-down notices on an ad hoc basis to regressive fundamentalists using this to silence voices of protests – we encountered another shock. The Information and Technologies minister of India called some of the biggest social networking platforms that support user generated content to exercise a regime of self-regulation and censorship. Citing content that was considered slanderous to political leaders in the country and potentially offensive to the religious sentiments of certain groups, he called for a ‘pre-screening’ of online content – invoking visions of thought police, where an army of thousands will be trained to read your personal and private information, sift it for offensive content, and disallow it to be published online.

And while we deal with the aftermath of what this might mean to the future of openness and our constitutionally enshrined rights of freedom of speech and expression, there was another shock that awaited us in 2012. Even as I write this, Facebook and Google – two of the largest social media platforms in India – have been 'implicated' in a gamut of civil and criminal charges. It has been alleged that these companies knowingly allowed obscene and immoral material capable of inciting prurience, communal tension, hatred and violence, to proliferate in their systems because it helps generate revenue. Because the people who uploaded the information are outside the jurisdiction of the court, they cannot be punished but these intermediaries that have allowed this content that is deemed ‘obscene, lascivious, indecent and shocking’, are now being held responsible.

There has been a lot of debate in and outside the country about the implications this has for the form and nature of information online. Freedom of speech and expression, information regulation regimes in emerging information societies, resurgence of authoritative governmentality in the face of quickly eradicating sovereignty, and the diminishing openness of the web, have all been variously discussed, much like the debates around SOPA/PIPA discussions in the US. In all of these conversations, there has been talk about the future but not about the people whose futures are the most at stake – digital natives. Pulling from my research, here are some summarized reflections of members of a younger generation pondering their digital futures:

Innovation: One of the tropes that allows digital natives intimate relationships with their technology gadgets, platforms and environments is to innovate. Especially in the global south where we cannot take ubiquitous and affordable access to the internet for granted, innovation is not merely about creativity in producing new content. Innovation is in mobilizing meager resources in order to achieve large tasks. Innovation is in cutting through existing boundaries of inequity and building communities of learning and information. Innovation is in finding ways by which access can be facilitated for large user bases. Free and open information is the reward that follows innovation. There is consensus that restricting access to information is a negative incentive for those approaching the information superhighway. And for some it is also “a challenge to find ways of accessing that information. They can ban it, but by the time they will ban it, our way of accessing it will have changed!”

Information Read/Write: Sometimes the promise of digital networks providing abundant information and knowledge, which is free to access and consume, overrides the actual allure of speech and expression. As one interlocutor explained in Wikipedia terms, “more people access Wikipedia to consume information others have produced rather than contribute to it...and it is the same everywhere. It is fun to write, but it is fun to write only because there is somebody reading it. Sometimes I go online to read rather than write.” The censorship debates often restrict themselves to freedom of speech and expression, but what they overlook is that this also interferes with the freedom to read. Reading is a form of engagement, interaction, formation of trust and affection online. And when information can no longer be easily read, it will have drastic effects on how young people connect and form communities.

Mapping Learning: For many digital natives in my work, the digital domain is not only a playground but also a space of learning. Not learning in its didactic forms, replacing universities and offering abundance of knowledge. For some, the digital space is a new process of learning. It helps them negotiate and cope with their formal curricula and offers alternative sources to understand and analyze reality. As many in our research group mentioned, “we already have access to enough academic material through our libraries. What we find on the internet are things that help us understand ideas through things that are familiar to us.” When pressed for an example, I was shown a wide range of popular and academic, cultural and social spaces – blogs, videos, movies, music, commentaries, tweets, mashups, etc., which the students often map back to their existing curriculum. “Sometimes the textbooks talk about things that happened before we were born. Or belonging to countries we don’t know much about,” explained a 19-year-old. So as a group they try and pull different and more familiar objects back into their discussions, using the web, its search potential, and social networking sites as filters to gain access to relevant knowledge.

It is in the nature of information to be filtered or censored. Even at a personal level we constantly filter out information that is not desirable or useful to us. It is understandable that certain kinds of information that are produced with malicious intent needs to be controlled. However, the recent attempts attack the very structures that define the social web as we understand it now -- openness, distribution, sharing, collaboration, co-creation and interactivity. For digital natives, being digital is not just about infrastructure and access. It is an integral part of how they embed themselves and negotiate with our information society. Regulation of information is not just about resolving the crisis of the present but also about shaping the digital futures for a generation that is growing up digital.

Banner image credit: zebble http://www.flickr.com/photos/zebble/6080622/

Read the original published in DML Central

For more details visit http://editors.cis-india.org/internet-governance/digital-futures-internet-freedom-and-millennials-2

Towards Algorithmic Transparency

Radhika Radhakrishnan, and Amber Sinha — 2020-07-15T13:16:44Z

This policy brief examines the issue of transparency as a key ethical component in the development, deployment, and use of Artificial Intelligence.

This brief proposes a framework that seeks to overcome the challenges in preserving transparency when dealing with machine learning algorithms, and suggests solutions such as the incorporation of audits, and ex ante approaches to building interpretable models right from the design stage. Read the full report here.

The Regulatory Practices Lab at CIS aims to produce regulatory policy suggestions focused on India, but with global application, in an agile and targeted manner and to promote transparency around practices affecting digital rights.
The Regulatory Practices Lab is supported by Google and Facebook.

For more details visit http://editors.cis-india.org/internet-governance/blog/towards-algorithmic-transparency

IFAT and ITF - Protecting Workers in the Digital Platform Economy: Investigating Ola and Uber Drivers’ Occupational Health and Safety

2021-06-29T06:53:47Z

Between July to November 2019, Indian Federation of App-based Transport Workers (IFAT) and International Transport Workers’ Federation (ITF), New Delhi office, conducted 2,128 surveys across 6 major cities: Bengaluru, Chennai, Delhi NCR, Hyderabad, Jaipur, and Lucknow, to determine the occupational health and safety of app-based transport workers. CIS is proud to publish the study report and the press release. Akash Sheshadri, Ambika Tandon, and Aayush Rathi of CIS supported post-production of this report.

Report: Download (PDF)

Press Release: Download (PDF)

Press Release, August 25, 2020

Between July to November 2019, IFAT and ITF conducted 2,128 surveys across 6 major cities: Bengaluru, Chennai, Delhi NCR, Hyderabad, Jaipur, and Lucknow, to determine the occupational health and safety of app-based transport workers.

Some of the most startling findings from the survey are below:

There is a complete absence of social security and protection—a glaring 95.3% claimed to have no form of insurance, accidental, health or medical. This reflects the inability of workers to invest in their own health. This partly is a result of declining wages—after paying off their EMIs, penalties and commission to the companies and having less than Rs. 20,000 left at the end of the month.
Only 0.15% of the respondents reported to have access to accidental insurance, which is the bare minimum companies like Ola and Uber should have provided to their drivers.
Uber and Ola provide no assistance with regard to harassment and violence while drivers are on the road. Ola or Uber for the most part do not intervene if there is any intimidation from traffic police or local authorities, incidents of road rage, violent attack by customers or criminal elements that endanger drivers’ lives, accidents while driving etc.
On average drivers spend close to 16-20 hours in their cars in a day. 39.8% of the respondents spent close to 20 hours in their vehicle in a day, and 72.8% of the respondents from Bengaluru, Chennai and Hyderabad drive for close to 20 hours a day. Due to long hours, 89.8% of the respondents claim they get less than 6 hours of sleep.
Health issues arising directly as a result of conditions of work is affecting the day-to-day lives of workers. Backache, constipation, liver issues, waist pain and neck pain are the top five health ailments that app-based transport workers suffer from due to their work. 60.7% respondents identified backache as a major health issue.

App-based drivers/driver partners work in a very toxic and isolated work environment. Drivers can’t exit their current occupational status even if they want to because they are shackled in debts and outstanding EMIs. As a result, they race every day to complete targets so that they may earn just enough to pay these liabilities.

The work these drivers are engaged in cannot be considered to be within the ambit of decent work and in reality, is representative of modern slavery. The algorithm of the companies they work for, pits them against their peers in order to maximize profit, while at the same time denying them social security or protection and essentially refusing to acknowledge them as employees.

Drivers working in various cities and working for different app-based platforms have complained about the lack of transparency in how these app-based companies determine fares, promotional cost, surge pricing, incentives, penalties and bonuses. There is little to no information on how rides are being fixed or are being allocated. There also isn't any effective grievance redressal mechanism to resolve any of the issues faced by workers.

The apathy of the state and the exploitation by app-based companies have brought the transport and delivery workers in a precipitous position across the globe. This is underlined and explained by the absence and lack of any social security or protection for the workforce, there are some other issues that the workforce is battling during the Covid-19 pandemic.

Hear our voices and address our demands.

- Shaik Salauddin

National General Secretary, Indian Federation of App-based Transport Workers (IFAT)
Phone: +91 96424 24799

Indian Federation of App-based Transport Workers
Facebook: connectifat
Twitter: @connect_ifat
YouTube: Indian Federation of App-based Transport Workers

For more details visit http://editors.cis-india.org/raw/ifat-itf-protecting-workers-in-digital-platform-economy-ola-uber-occupational-health-safety

IFAT and ITF - Locking Down the Impact of Covid-19

2021-06-29T07:27:09Z

This report, by Indian Federation of App-based Transport Workers (IFAT) and International Transport Workers’ Federation (ITF), New Delhi office, explores the responses to the outbreak of Covid-19 by digital platform based companies, trade unions, and governments to help out workers for digital platform based companies hereafter app based workers during the lockdown. The research work in this article is a characterization of the struggles of app based workers during the global pandemic and how it has affected and changed the world of work for them. The surveys were conducted amongst the workforce working for app based companies like Ola, Uber, Swiggy, Zomato etc. This study is partially supported by CIS as part of the Feminist Internet Research Network led by the Association for Progressive Communications.

Report: Download (PDF)

Press Release: Download (PDF)

Press Release, 17 September, 2020

Between March and June 2020, IFAT and ITF conducted 4 surveys with transport and delivery workers to assess (i) their income levels during the Covid-19 pandemic, (ii) the burden of loan repayment during these months, (iii) the relief provided to them by companies, and (iv) the access to welfare schemes offered by state and central governments.

The first survey, on income levels and loans administered in March 2020, had 5964 respondents, across 55 cities, in 16 states. The second and third surveys conducted in April 2020, on financial relief from companies and governments, had 1630 respondents, across 59 cities, in 16 states. The fourth survey was conducted in June 2020 to assess income levels as the economies were slowing opening up. Some of the most startling findings from the 4 surveys are:

The average monthly EMI of the respondents in March 2020 was between Rs. 10,000 - 20,000. 51% of the respondents had taken vehicle loans from 19 national public sector banks.
30.3% of the respondents worked between 40-50 hours a week, in the week prior to the first national lockdown. Despite high hours of work, the average income of the drivers for the week commencing April 15, 2020 was less than Rs. 2500. 57% of respondents earned between 0 to Rs. 2250.
89.8% of workers did not receive any ration or food assistance, and 84.5% did not receive any financial assistance from either companies or governments.
Where companies had announced financial assistance programmes, including through donations collected by customers, there was no transparency in disbursement of funds. Other reasons for exclusion included administrative red tape (such as the requirement to produce bills that are GST compliant), and absence of clear criteria for eligibility, leading to random disbursement, among others.
Ola announced waiving off the rental amount for leased vehicles, and asked drivers to return such vehicles. However, there was no announcement of a plan to repossess vehicles once there was an easing of the lockdown, causing great anxiety among workers.
After the easing of the national lockdown, 69.7% of respondents indicated that they had no earnings, while 20% earned between Rs.500 to 1500.
2716 respondents from 19 states across gig platforms articulated their support for a peaceful demonstration against company practices.
Mandatory installation of Aarogya Setu by workers raised concerns of privacy, as this would allow companies to surveil workers and collect data on their movements after work hours.

IFAT organised several meetings and protests after each survey, to bring attention to the vulnerable conditions of workers. At these gatherings, workers raised the following key demands:

Companies must reduce commission rates to 5%, to allow workers to get back on their feet, and compensate for losses over the past few months;
Adequate protective equipment and health insurance cover to all drivers must be provided;
There must be increased transparency in disbursement process of funds, and in the criteria for selection of beneficiaries;
Compounded interest must be waived on EMIs for the 3 months of moratorium on loan repayment.

Hear our voices and address our demands.

Shaik Salauddin

National General Secretary, Indian Federation of App-based Transport Workers (IFAT)

Phone: +91 96424 24799

Indian Federation of App-based Transport Workers

Facebook: www.facebook.com/watch/connectifat/

Twitter: www.twitter.com/connect_ifat

YouTube: www.youtube.com/channel/UCA1AxGq0Fb_A_O_Ey44eiPg

For more details visit http://editors.cis-india.org/raw/ifat-itf-locking-down-the-impact-of-covid-19