The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 1 to 15.
You will need a license to create a WhatsApp group in Kashmir
http://editors.cis-india.org/internet-governance/news/governance-now-april-19-2016-you-will-need-a-license-to-create-whatsapp-group-in-kashmir
<b>The internet rights activists have criticised the move stating it as unconstitutional.</b>
<p>The article was <a class="external-link" href="http://www.governancenow.com/news/regular-story/you-may-need-a-license-in-kashmir-run-a-whatsapp-group">published by Governance Now</a> on April 19, 2016. Pranesh Prakash tweeted on this.</p>
<hr />
<p style="text-align: justify; ">Moving beyond internet ban, Kashmir’s Kupwara district issued a notice asking all admins of WhatsApp news groups to register their groups with the district authority within ten days.</p>
<p style="text-align: justify; ">With this move, the authorities are taking power in their hands to monitor WhatsApp news groups owned by private individuals. However, internet rights activists criticised it saying the move is unconstitutional as it breaches freedom of speech.</p>
<p style="text-align: justify; ">The circular is issued under the subject of ‘registering of WhatsApp news group and restrictions for spreading rumours thereof’. The district magistrate said that any spread of information by these WhatsApp news groups, “leading to untoward incidents will be dealt under the law”.</p>
<p style="text-align: justify; ">You may need a license in Kashmir to run a WhatsApp group</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/WhatsApp.jpg" alt="WhatsApp" class="image-inline" title="WhatsApp" /></p>
<p style="text-align: justify; ">The valley witnessed five-day internet shutdown following the Handwara firing incident. Internet ban is a common phenomenon in Kashmir. <br /><br /> “For how long will the government decide whether we can communicate with each other or not? Actually, the authorities do not want us to spread the truth about the army’s atrocities far and wide,” said a resident of Handwara as quoted in Kashmir Reader.<br /><br /> Earlier, parts of Haryan and Gujarat also witnessed internet ban during Jat and Patidar agitation, respectively.</p>
<p style="text-align: justify; "><a href="http://www.governancenow.com/gov-next/egov/hard-broad-ban-internet-haryana-jat-agitation" target="_blank"><span>Blocking all internet access </span></a>is clearly an unnecessary and disproportionate measure that cannot be countenanced as a ‘reasonable restriction’ on freedom of expression and the right to seek and receive information, which is an integral part of the freedom of expression,” said Pranesh Prakash.<br /><br /> For instance, he adds, a riot-affected woman seeking to find out the address of the nearest hospital cannot do so on her phone. “Instead of blocking access to the internet, the government should seek to quell rumours by using social networks to spread the truth, and by using social networks to warn potential rioters of the consequences,” he said. <br /><br /> Former Mumbai police commissioner Rakesh Maria used WhatsApp to counter rumours spread after circulation of a fake photo in January 2015. <br /><br /> “The way in which the ban is imposed is unreasonable. Problem is in the method that is being used in absence of guidelines, defining circumstances under which they can impose a restriction on internet sites,” says Arun Kumar, head of cyber initiatives at Observer Research Foundation (ORF). <br /><br /> If government formulates these rules or guidelines it will set a threshold for state or central authorities, which will define the urgency of imposing ban on internet services.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/governance-now-april-19-2016-you-will-need-a-license-to-create-whatsapp-group-in-kashmir'>http://editors.cis-india.org/internet-governance/news/governance-now-april-19-2016-you-will-need-a-license-to-create-whatsapp-group-in-kashmir</a>
</p>
No publisherpraskrishnaSocial MediaFreedom of Speech and ExpressionInternet GovernanceCensorshipWhatsApp2016-04-21T02:34:46ZNews ItemWhen the war’s on WhatsApp
http://editors.cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp
<b>Slick, jingoistic videos are whipping up pro-war rhetoric on social media after the Uri terror attack.</b>
<p style="text-align: justify; ">The article by Manju V was <a class="external-link" href="http://timesofindia.indiatimes.com/home/sunday-times/When-the-wars-on-WhatsApp/articleshow/54502035.cms">published in the Times of India</a> on September 25, 2016. Nishant Shah was quoted.</p>
<hr />
<p style="text-align: justify; ">It packs a meaner punch than any 140-character tweet. In 140 jingoistic seconds, the cleverly packaged YouTube film veers from Mohammed Rafi to Chandra Shekhar Azad drumming up pro-war rhetoric to avenge the Pathankot attack. Set to the tone of chirping crickets on a moonlit night somewhere along the western border that India shares with its neighbour, the short film has two armymen in fatigues deliberate over the absolute need to respond with a counter attack. It ends in a staccato military drumbeat with a voiceover quoting Azad: "If yet your blood does not rage, then it is water that flows in your veins."</p>
<p style="text-align: justify; ">Posted about 10 days after the Pathankot attack in January, the video was resurrected last week after the country woke up to the <a href="http://timesofindia.indiatimes.com/topic/Uri-attack">Uri attack</a> that killed 18 Indian soldiers in the deadliest assault on security forces in Kashmir in over two decades. Even as photographs of a grenade smoke-filled valley, tricolour-draped coffins, grieving sons, daughters and widows made the rounds in media outlets scores of Indians marched onto social media, some armed with incendiary prose and other with slick videos that expressed more anger than anguish.</p>
<p style="text-align: justify; ">In another video doing the rounds, a jawan, or someone in uniform, sings a poem warning Pakistan. His mates join in the refrain: "Kashmir toh hoga, lekin Pakistan nahi hoga."</p>
<p style="text-align: justify; ">These videos of jawans threatening to decimate Pakistan were shared by thousands. <a href="http://timesofindia.indiatimes.com/topic/WhatsApp">WhatsApp</a> profile pictures and statuses were changed, Facebook posts got longer and vitriolic, Twitter #UriAttack exploded with expletives as the enough-is-enough sentiment peaked. It heralded the beginning of an era where the dynamics of Indo-Pakistan relations will play out not just in the diplomatic corridors of Delhi and Islamabad, the valley of Kashmir or the barracks of security forces; but also on the mobile phones, tablets and laptops of millions of Indians.</p>
<p style="text-align: justify; ">When contacted for a comment, the makers of the war-mongering 'Pathankot Tolerance' video didn't endorse war outright. "My individual opinion is that war is not a solution," said producer Santosh Singh, who heads the Mumbai-based V Seven Pictures. "Before we resort to war, we have to solve our internal problems. How can we let infiltration take place so blatantly?" he asked. Why then does the video not talk about this? Singh said that when one hears about such attacks, the instant reaction is to retaliate. "The video is based on that sentiment."</p>
<p style="text-align: justify; ">An electronics engineer, Singh also owns an IT recruitment firm. His film production company, which he runs along with his friend Vivek Joshi, made the Mauka Mauka World Cup video that went viral and also produces short films and videos for clients. "We have no political affiliations, in fact we turned down a couple of political parties who approached us," says Singh, adding that his company has made 30-35 films in less than two years. "Of these, about 10 are on issues close to our heart, like those on Afzal Guru and the Pathankot attack. We upload them on YouTube, they are aired without ads. We don't earn money from them," he adds.</p>
<h3 style="text-align: justify; ">Ugly gets outlet</h3>
<p style="text-align: justify; ">Nitin Pai, director of Takshashila Institution, an independent centre for research and education in public policy, says that social media and some television studios have enabled people to express their subconscious fears and desires. "It is not just today that the people of India have been angry with Pakistan for fomenting terrorism in our country. But it is only now that they have ways to express this anger; unfortunately, social media dynamics amplify this anger in a grotesque, distorted manner, allowing the ugly and less-sensible views to rise to the top of the public discourse," said Pai.</p>
<p style="text-align: justify; ">Tracing the many origins of this phenomenon, psychiatrist Harish Shetty says that in an angst-ridden, globalized world, we need a whipping boy. "With the Uri attacks, the entire nation had a common enemy. In expressing collective anger, there's catharsis." The current outpouring is not just over the deaths of soldiers; such an incident also opens up older wounds, he says. "For a long time, Indians have found their leaders to be helpless. It's like a family that is attacked again and again by a neighbour, but the father does nothing about it. There has been a lack of strong response from 'papa figures' across time, which has led to a sense of anger and rage. After the Uri attacks, the collective self-esteem of the country took a beating, and people felt a need to assert themselves on social media. At such times strong action is viewed as legitimate, valid and free of guilt," he adds.</p>
<h3 style="text-align: justify; ">Amplifying angst</h3>
<p style="text-align: justify; ">If social media brought together protesters in Tunisia and Egypt during the Arab spring, in democratic India it has turned into a platform for expressing mass disenchantment with the government, especially in the wake of such attacks.</p>
<p style="text-align: justify; ">Social media plays several roles in times of crises, says Nishant Shah, professor of digital media and co-founder of the Centre for Internet & Society, Bengaluru. One, it amplifies what is already being said in friend circles and living-room conversations in front of the telly, but spreads it to a larger audience. "The second role it plays is distribution: social media allows people to inherit other people's opinions, thus exposing them to new ways of thinking but also find corroborators for their own viewpoints," he says. The third is catalysis — social media also has the capacity to generate new information. "The format creates new kinds of truths. Things that can be caught in Snapchat videos, or visuals which can be remixed, all become a part of this zeitgeist," Shah says.</p>
<h3 style="text-align: justify; ">Virtual wars</h3>
<p>But in India at least, social media is no indicator of considered public opinion, points out Pai. Shah adds: "What we are seeing is a filter bubble of a privileged set of people who are engaging in this debate."</p>
<p>Then again, what's said on social media needn't be endorsed in real life. Vivek Joshi, who wrote and directed the Pathankot video, says nobody in the world would want a war. "But when it comes to the lives of our soldiers, an answer has to be given. If the government had taken any visible action, then there would have been no need to put out a video like this," Joshi adds. And therein probably comes the new-age heuristic of venting out on social media.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp'>http://editors.cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet Governance2016-09-25T16:36:01ZNews ItemWhatsApp ruling: Experts seek privacy law
http://editors.cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law
<b>On August 25, Whatsapp updated its policy to share user content with social network; the decision opened new monetisation models for the messaging app.</b>
<p style="text-align: justify; ">The article by Apurva Venkat and Moulishree Srivastava quoted Sunil Abraham. It was <a href="http://www.business-standard.com/article/current-affairs/whatsapp-ruling-experts-seek-privacy-law-116092400750_1.html">published in the Business Standard</a> on September 24, 2016.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; "><span>The recent<span class="Apple-converted-space"> </span></span><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Delhi+High+Court" target="_blank">Delhi High Court<span class="Apple-converted-space"> </span></a><span>ruling that<span class="Apple-converted-space"> </span></span><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Messaging+App" target="_blank">messaging app</a><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Whatsapp" target="_blank">Whatsapp<span class="Apple-converted-space"> </span></a><span>cannot share user data highlights the need for legislation on privacy, according to experts.</span><br /> <br /> <span>On August 25, Whatsapp, a platform with 70 million users in India that was acquired by Facebook in 2014, updated its policy to share user content with the social network. The decision opened new monetisation models for the messaging app.</span></p>
<p style="text-align: justify; "><span>In response to a PIL, the court ordered<span class="Apple-converted-space"> </span></span><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Whatsapp" target="_blank">WhatsApp<span class="Apple-converted-space"> </span></a><span>to delete data of users who chose to opt out of its policy changes before September 25. It also ordered</span><a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Whatsapp" target="_blank">WhatsApp<span class="Apple-converted-space"> </span></a><span>not to share data collected before September 25 with Facebook for users who had not opted out.</span><br /> <br /> <span>"The decision makes a strong statement on privacy," said Sunil Abraham, executive director of the Centre for Internet Society. According to him, a user trusts a platform and provides access to his data. As another firm acquires the platform, it gains access to the data.</span><br /> <br /> <span>"Facebook owns Whatsapp. It has to look at ways of monetising it," said Nikhil Pahwa, co-founder of SavetheInternet.in.</span><br /> <br /> <span>"With so much digital data being generated, there is a need for a privacy law in the country," said Pahwa.</span><br /> <br /> <span>"Facebook's consent interface is confusing. It can make a person who wants to opt out let the company access his data," said Abraham, adding a law would take care of such intricacies. The government is working on a privacy bill.</span><br /> <br /> <span>Saroj Kumar Jha, partner, SRGR Law Offices, said there were few judgments on privacy in India based on constitutional rights.</span><br /> <br /> <span>"While the Information Technology Act enables courts to pass judgments on global companies on privacy, enforcing the orders is difficult," he said.</span><br /> <br /> <span>"What is required is a privacy law that can protect user data and uphold the individual's right to privacy," he added.</span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law'>http://editors.cis-india.org/internet-governance/news/business-standard-september-24-apurva-venkat-and-moulishree-srivastava-whasapp-ruling-experts-seek-privacy-law</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet GovernancePrivacy2016-09-27T02:35:06ZNews ItemWhatsApp races against time to fix fake news mess ahead of 2019 general elections
http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections
<b>On Friday, when WhatsApp announced that it would pilot a ‘five media-based forwards limit’ in India, the government came up with an unequivocal reminder.</b>
<p style="text-align: justify; ">The article by Venkat Ananth was published in <a class="external-link" href="https://economictimes.indiatimes.com/tech/internet/whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections/articleshow/65112280.cms">Economic Times</a> on July 24, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">“When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter face consequent legal action,” noted a ministry of electronics and information technology (MeitY) statement.</p>
<p style="text-align: justify; ">The statement also said there was a need for bringing in traceability and accountability, “when a provocative/inflammatory message is detected and a request is made by law enforcement agencies.”</p>
<p style="text-align: justify; ">Significantly, MeitY took aim at WhatsApp’s core end-to-end encryptionbased product feature and its oft-quoted and reiterated commitment to privacy. It was specific, going beyond the usual “do more” requests.</p>
<p style="text-align: justify; ">The stand also poses an interesting dilemma for the messenger service. How can it act while protecting its privacy commitment?</p>
<p style="text-align: justify; ">“It is practical ly impossible for WhatsApp to regulate content in the peer-to-peer encrypted environment it is set up in,” says Rahul Matthan, partner, Trilegal. “An encrypted platform is what we want. The government is trying to maintain a strict and difficult balance. The government tends to err on the side of violating civil liberties over offering privacy to innocent users. The WhatsApp case is going in that direction.”</p>
<h3 style="text-align: justify; ">No Longer Low-Key</h3>
<p style="text-align: justify; ">In India, its largest market, WhatsApp has benefitted from quietly operating in the shadows of its more popular parent, Facebook, growing to a currently active user base of 200 million.</p>
<p style="text-align: justify; ">However, in the last six months, while it continues to be perceived as an asset by politicos for outreach and propaganda, WhatsApp is now increasingly being tapped by the bad guys to disseminate deliberate misinformation, rumour mongering and fake news. And not the Donald Trump kind either.</p>
<p style="text-align: justify; ">It is leading to loss of lives on the ground, through lynchings, kidnappings and related crimes.</p>
<p style="text-align: justify; ">WhatsApp spokesperson Carl Woog says, “The recent acts of violence in India have been heartbreaking and reinforce the need for government, civil society and technology companies to work together to keep people safe.”</p>
<p style="text-align: justify; ">“By focusing on solutions to fake news inside our smartphones, we are ignoring a tougher problem that requires several complementary solutions,” says Apar Gupta, a Delhi-based lawyer and cofounder of the Internet Freedom Foundation.</p>
<p style="text-align: justify; ">“Let us not forget that a platform is not responsible for policing.”</p>
<p style="text-align: justify; ">But the general public and government perception — and, to some extent, concern — remains that WhatsApp has been slow to react to these situations.</p>
<h3 style="text-align: justify; ">To Police or Not to Police</h3>
<p style="text-align: justify; ">Interestingly, the government and ruling party realise WhatsApp could be pivotal to their fortunes in the next electoral cycle — in the run-up to Elections<br />2019.</p>
<p style="text-align: justify; ">“The government is coming under increased pressure to act on these lynchings, which is why it is taking a shootthe-messenger kind of an approach,” says Matthan. “An unsophisticated government would have advocated a blanket ban on the source. But here, the government, it appears, wants to regulate tech by having access to your device, through an app, in the case of the (telecom regulator) Trai DND app to battle spam.”</p>
<p style="text-align: justify; ">This is also why WhatsApp has intensified its outreach efforts. Over the past 10 days, a team of its US and India-based executives have been meeting key stakeholders in Delhi and Mumbai, including the Election Commission, political parties, the Reserve Bank of India, banks and civil society, as ET reported last week.</p>
<p style="text-align: justify; ">The team includes public policy manager Ben Supple, senior director, customer operations, Komal Lahiri and WhatsApp India communication manager Pragya Misra Mehrishi. They are now expected to meet key government officials from MeitY from Monday, sources say.</p>
<p style="text-align: justify; ">“The intense outreach efforts is essentially linked to WhatsApp wanting to protect its payments play in India,” says a Delhi-based public policy professional, who did not want to be named as he is not authorised to speak to the media.</p>
<p style="text-align: justify; ">“It (WhatsApp) is really worried about Google’s efforts with Tez and the gap that will only widen if the government delays grant of permission.”</p>
<p style="text-align: justify; ">WhatsApp is stressing some key points while reinforcing the steps it is taking to counter challenges. One, the best practices of using the platform. Two, the need to work together to prevent abuse of WhatsApp, and three, most importantly, to educate people about the best ways of using the platform. WhatsApp was primarily designed for private, oneon-one messaging or group chats among acquaintances, not for mass broadcast, which parties resort to during elections.</p>
<p style="text-align: justify; ">WhatsApp says it is working on a warfooting to tackle the problems. It has introduced product changes to counter user behaviour. There’s more control, where a group ‘admin’ can restrict users who can send messages to the group, modify a group icon or edit description, a feature for which it has taken a leaf out of rival Telegram’s book. To counter fake news, it added a ‘forwarded’ label. And now, limited the forwarding to five in India, and 20 in the rest of the markets, a significant reduction from 250 prior to that.</p>
<p style="text-align: justify; ">While the impact of these product tweaks is yet to be seen at an individual user level, the larger concern for WhatsApp today is the potential misuse of its platform to manipulate elections, a very real possibility next year.</p>
<h3 style="text-align: justify; ">Tipping Point</h3>
<p style="text-align: justify; ">The company’s noticeable change of tack comes after it noticed certain trends during the recent Karnataka elections, during which one of its executives spent a week in Bengaluru.</p>
<p style="text-align: justify; ">One of the political parties, which a person aware of the developments in WhatsApp declined to name, was using “dozens of accounts to create thousands of groups,” as part of its campaign.</p>
<p style="text-align: justify; ">The party, the source says, was adding random numbers (approximately 100) to the group during creation. By random numbers, he meant people who did not know each other, something WhatsApp can identify using the metadata it collects when a user gives it access to its phone book. WhatsApp deems this behaviour ‘organised spamming.’</p>
<p style="text-align: justify; ">“These were real people not necessarily known to each other,” says the person quoted above. “A specific account would be added to that group to be made the admin.”</p>
<p style="text-align: justify; ">Mostly, this admin was the number used to create these multiple groups or, in WhatsApp terms, the account that was not behaving the way private or group communication happens.</p>
<p style="text-align: justify; ">Also, the users would be a mix of fake accounts, which is a major red flag for WhatsApp. “The group starts with some bulk added users and then the real ones get bulk-added,” says the source. WhatsApp deems this practice a violation of its terms of service.</p>
<p style="text-align: justify; ">Company sources add that WhatsApp was able to detect these trends and proactively banned these users before they were able to add people. “In some cases, our systems didn’t catch this in time, but we were able to proactively prevent users from receiving such spam. That detection is now internalised and if someone tries to replicate that behaviour anywhere in the world, we will be able to detect them,” says another person familiar with developments at WhatsApp.</p>
<p style="text-align: justify; ">According to several media reports, the BJP and the Congress too created over 30,000 groups for campaigning and organising efforts. To counter organised political spamming, WhatsApp has now begun using machine learning tools. WhatsApp can trace the last few messages in a group and block it entirely from the platform. At the detection level, WhatsApp checks for familiarity. “Do the persons know each other, or have they interacted before?” through metadata it possesses through phone numbers.</p>
<p style="text-align: justify; ">The second person quoted in the story says the company now focuses its detection “upstream,” that is, catching the user at the registration stage. “When you register on WhatsApp and immediately create a group, questions asked are, ‘Does this behaviour look like what a regular user does? Or does it look like users who have misused it in the past?’” he says.</p>
<p style="text-align: justify; ">WhatsApp, sources tell ET, is also using machine learning to detect sequential numbers that could be used to create these groups. “If they go and buy a phone number, they go to one carrier and its mostly sequential. If we notice 100 numbers with the same prefix have signed up, nearly 80 get automatically banned. What we do is feed these sequences, permutations and combinations to detect good/bad users,” the person quoted above says. “It learns millions of these combination signals on behaviour and help us make a decision.”</p>
<h3 style="text-align: justify; ">Civil Society as a Key Layer</h3>
<p style="text-align: justify; ">WhatsApp also sees an enabling role for civil society, especially for digital literacy. Its team has currently met seven non-governmental organisations, including digital literacy groups and others involved in the area of financial inclusion. This is part of its public policy efforts while also solidifying its payments play.</p>
<p style="text-align: justify; ">“The level of responsibility for a platform is to not consciously cause — and, in fact, to take active measures to prevent — social harm,” says Gupta of IFF. “It has to be done without injury to end-to-end encryption, which offers safety and privacy to users.</p>
<p style="text-align: justify; ">Many products and product strategies can be adopted — from increasing media diversity on the platform to promoting auditing features that rely on partnerships with fact-checking organisations. We must demand accountability but resist the rhetorical attraction of technophobia.”</p>
<p style="text-align: justify; ">As ET has reported, WhatsApp will adapt a fact-checking model, Verificado 2018, deployed during the recent Mexican presidential elections. Verificado proactively debunked fake news and misinformation on the platform. “The rumours were found to be very similar to India.</p>
<p style="text-align: justify; ">Verificado was specifically focused on misinformation from candidates,” says the first person quoted in the story. “Plus, it helped effectively tackle misinformation during an earthquake in Mexico.”</p>
<p style="text-align: justify; ">For WhatsApp, one of the key learnings from the Mexico elections was that it could look at the spam reports and categorise them as politics-related. The company, unsurprisingly, saw an increase in political spam in the buildup to election day.</p>
<p style="text-align: justify; ">“They realised Verificado assists users to get help within the app. But it also aids news organisations, political parties, the government and users,” adds the person. The company is undertaking a similar exercise in Brazil, where 24 media outlets have come together under the Comprova initiative to fact-check viral content and rumours on WhatsApp.</p>
<p style="text-align: justify; ">Sunil Abraham, executive director of the Bengaluru-based Centre for Internet and Society believes WhatsApp can further tweak its product to enable real-time checks. “They can enable a ‘fact check this’ button for users to upload content to a fact-checking database. If the content has already been fact-checked, the score can be displayed immediately. Alternatively, the fact-checking service can return the score at a later date,” he explains.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections'>http://editors.cis-india.org/internet-governance/news/economic-times-venkat-ananth-july-24-2018-whatsapp-races-against-time-to-fix-fake-news-mess-ahead-of-2019-general-elections</a>
</p>
No publisherAdminSocial MediaWhatsAppInternet GovernancePrivacy2018-07-25T15:27:20ZNews ItemWhat’s up with WhatsApp?
http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp
<b>In 2016, WhatsApp Inc announced it was rolling out end-to-end encryption, but is the company doing what it claims to be doing?</b>
<p style="text-align: justify; ">The article by Aayush Rathi and Sunil Abraham was published in <a class="external-link" href="http://www.atimes.com/article/whats-up-with-whatsapp/">Asia Times</a> on April 20, 2018.</p>
<hr />
<p style="text-align: justify; ">Back in April 2016, when WhatsApp Inc announced it was rolling out end-to-end encryption (E2EE) for its billion-plus strong user base as a default setting, the messaging behemoth signaled to its users it was at the forefront of providing technological solutions to protect privacy.</p>
<p class="p4" style="text-align: justify; ">Emphasized in the security white paper explaining the implementation of the technology is the encryption of both forms of communication – one-to-one and group and also of all types of messages shared within such communications – text as well as media.</p>
<p class="p4" style="text-align: justify; ">Simply put, all communication taking place over WhatsApp would be decipherable only to the sender and recipient – it would be virtual gibberish even to WhatsApp.</p>
<p class="p4" style="text-align: justify; ">This announcement came in the backdrop of <a href="https://www.theguardian.com/us-news/2016/feb/17/apple-ordered-to-hack-iphone-of-san-bernardino-shooter-for-fbi">Apple locking horns with the FBI</a> after being asked to provide a backdoor to unlock the San Bernardino mass shooter’s iPhone. This further reinforced WhatsApp Inc’s stand on the ensuing debate between the interplay of privacy and security in the digital age.</p>
<p class="p4" style="text-align: justify; ">Kudos to WhatsApp, for there is <a href="http://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/CallForSubmission.aspx">growing discussion</a> around how encryption and anonymity is central to enabling secure online communication which in turn is integral to essential human rights such as those of freedom of opinion and expression.</p>
<p class="p4" style="text-align: justify; ">WhatsApp may have taken encryption to the masses, but here we outline why WhatsApp’s provisioning of privacy and security measures needs a more granular analysis – is the company doing what it claims to be doing? Security issues with WhatsApp’s messaging protocol certainly are not new.</p>
<h3 style="text-align: justify; ">Man-in-the-middle attacks</h3>
<p class="p4" style="text-align: justify; ">A <a href="https://eprint.iacr.org/2017/713.pdf">study</a> published by a group of German researchers from Ruhr University highlighted issues with WhatsApp’s implementation of its E2EE protocol to group communications. Another <a href="https://courses.csail.mit.edu/6.857/2016/files/36.pdf">paper</a> points out how WhatsApp’s session establishment strategy itself could be problematic and potentially be targeted for what are called man-in-the-middle (MITM) attacks.</p>
<p class="p4" style="text-align: justify; ">An MITM attack takes the form of a malicious actor, as the term suggests, placing itself between the communicating parties to eavesdrop or impersonate. The Electronic Frontier Foundation also <a href="https://www.eff.org/deeplinks/2016/10/where-whatsapp-went-wrong-effs-four-biggest-security-concerns">highlighted</a> other security vulnerabilities, or trade-offs, depending upon ideological inclinations, with respect to WhatsApp allowing for storage of unencrypted backups, issues with WhatsApp’s web client and also with its approach to cryptographic key change notifications.</p>
<p class="p4" style="text-align: justify; ">Much has been written questioning WhatsApp’s shifting approach to ensuring privacy too. Quoting straight from <a href="https://www.whatsapp.com/legal/#privacy-policy-affiliated-companies">WhatsApp’s Privacy Policy:</a> “We joined the Facebook family of companies in 2014. As part of the Facebook family of companies, WhatsApp receives information from, and shares information with, this family of companies.” Speaking of Facebook …</p>
<p class="p4" style="text-align: justify; ">Culling out larger issues with WhatsApp’s privacy policies is not the intention here. What we specifically seek to explore is right at the nexus of WhatsApp’s security and privacy provisioning clashing with its marketing strategy: the storage of data on WhatsApp’s servers, or ‘blobs,’ as they are referred to in the technical paper. Facebook’s rather. In WhatsApp’s words: “Once your messages (including your chats, photos, videos, voice messages, files and share location information) are delivered, they are deleted from our servers. Your messages are stored on your own device.”</p>
<p class="p4" style="text-align: justify; ">In fact, this non-storage of data on their ‘blobs’ is emphasizes at several other points on the official website. Let us call this the deletion-upon-delivery model.</p>
<h3 style="text-align: justify; ">A simple experiment</h3>
<p class="p4" style="text-align: justify; ">While drawing up a rigorous proof of concept, made near-impossible thanks to WhatsApp being a closed source messaging protocol, a simple experiment is enough to raise some very pertinent questions about WhatsApp’s outlined deletion-upon-delivery model. It should, however, be mentioned that the Signal Protocol developed by Open Whisper Systems and pivotal in WhatsApp’s rolling out of E2EE is <a href="https://github.com/signalapp">open source</a>. Here is how the experiment proceeds:</p>
<p class="p4" style="text-align: justify; "><i>Rick sends Morty an attachment.</i></p>
<p class="p4" style="text-align: justify; "><i>Morty then switches off the data on her mobile device.</i></p>
<p class="p4" style="text-align: justify; "><i>Rick downloads the attachment, an image.</i></p>
<p class="p4" style="text-align: justify; "><i>Subsequently, Rick deletes the image from his mobile device’s internal storage.</i></p>
<p class="p4" style="text-align: justify; "><i>Rick then logs into a WhatsApp’s web client on his browser. (Prior to this experiment, both Rick and Morty had logged out from all instances of the web client)</i></p>
<p class="p4" style="text-align: justify; "><i>Upon a fresh log-in to the web client and opening the chat with Morty, the option to download the image is available to Rick.</i></p>
<p class="p4" style="text-align: justify; ">The experiment concludes with bewilderment at WhatsApp’s claim of deletion-upon-delivery as outlined earlier. The only place from which Morty could have downloaded the image would be from Facebook’s ‘blobs.’ The attachment could not have been retrieved from Morty’s mobile device as it had no way of sending data and neither from Rick’s mobile device as it no longer existed in the device’s storage.</p>
<p class="p4" style="text-align: justify; ">As per the Privacy Policy, the data is stored on the ‘blobs’ for a period of 30 days after transmission of a message only when it can’t be delivered to the recipient. Upon delivery, the deletion-upon-delivery model is supposed to kick in.</p>
<p class="p4" style="text-align: justify; ">Another straightforward experiment that leads to a similar conclusion is seeing the difference in time taken for a large attachment to be forwarded as opposed to when the same large attachment is uploaded. Forwarding is palpably quicker than uploading afresh: non-storage of attachments on the ‘blob’ would entail that the same amount should be taken for both.</p>
<p class="p4" style="text-align: justify; ">The plot thickens. WhatsApp’s Privacy Policy goes on to state: “To improve performance and deliver media messages more efficiently, such as when many people are sharing a popular photo or video, we may retain that content on our servers for a longer period of time.” The technical paper offers no help in understanding how WhatsApp systems assess frequently shared encrypted media messages without decrypting it at its end.</p>
<p class="p4" style="text-align: justify; ">A possible explanation could be the usage of metadata by WhatsApp, which it discloses in its Privacy Policy while simultaneously being sufficiently vague about the specifics of it. That WhatsApp may be capable of reading encrypted communication through the inclusion of a backdoor bodes well for law enforcement, but not so much for unsuspecting users.</p>
<h3 style="text-align: justify; ">The weakest link in the chain</h3>
<p class="p4" style="text-align: justify; ">Concerns about backdoors in WhatsApp’s product have led the French government to start developing their <a href="https://www.reuters.com/article/us-france-privacy/france-builds-whatsapp-rival-due-to-surveillance-risk-idUSKBN1HN258">own encrypted messaging service</a>. This will be built using Matrix – an open protocol designed for real-time communication. Indeed, the Privacy Policy lays out that the company “may collect, use, preserve, and share your information if we have a good-faith belief that it is reasonably necessary to respond pursuant to applicable law or regulations, to legal process, or to government requests.”</p>
<p class="p4" style="text-align: justify; ">The Signal Protocol is the undisputed gold standard of E2EE implementations. It is the integration with the surrounding functionality that WhatsApp offers which leads to vulnerabilities. After all, a chain is only as strong as its weakest link. Assuming that the attachments stored on the ‘blobs’ are in encrypted form, indecipherable to all but the intended recipients, this does not pose a privacy risk for the users from a technological point of view.</p>
<p class="p4" style="text-align: justify; ">However, it is easy lose sight of the fact that the Privacy Policy is a legally binding document and it specifically states that messages are not stored on the ‘blobs’ as a matter of routine. As a side note, WhatsApp’s Privacy Policy and Terms of Service are refreshing in their readability and lack of legalese.</p>
<p class="p4" style="text-align: justify; ">As we were putting the final touches to this piece, <a href="https://wabetainfo.com/whatsapp-allows-to-redownload-deleted-media/#more-2781">news from <i>WABetaInfo</i></a>, a well-reputed source of information on WhatsApp features, has broken that newer updates of WhatsApp for Android are permitting users to re-download media deleted up to three months back. WhatsApp cannot possibly achieve this without storing the media in the ‘blobs,’ or in other words, in violation of its Privacy Policy.</p>
<p class="p4" style="text-align: justify; ">As the aphorism goes: “When the service is free, you are the product.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp'>http://editors.cis-india.org/internet-governance/blog/asia-times-april-20-2018-aayush-rathi-sunil-abraham-what-s-up-with-whatsapp</a>
</p>
No publisherAayush Rathi and Sunil AbrahamSocial MediaPrivacyInternet GovernanceFeaturedWhatsAppHomepage2018-04-23T16:45:51ZBlog EntryWe Truly are the Product being Sold
http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold
<b>WhatsApp has announced it will begin sharing user data such as names, phone numbers, and other analytics with its parent company, Facebook, and with the Facebook family of companies. This change to its terms of service was effected in order to enable users to “communicate with businesses that matter” to them. How does this have anything to do with Facebook?
</b>
<p style="text-align: justify; ">The article was <a class="external-link" href="http://www.hindustantimes.com/analysis/we-truly-are-the-product-being-sold/story-fz6FN77xizMuxOBS3KBNtJ.html">published in the Hindustan Times</a> on August 31, 2016.</p>
<hr />
<p style="text-align: justify; ">WhatsApp clarifies in its blog post, “... by coordinating more with Facebook, we’ll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook’s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.”</p>
<p style="text-align: justify; ">WhatsApp’s further clarifies that it will not post your number on Facebook or share this data with advertisers. This means little because it will share your number with Facebook for advertisement. It is simply doing indirectly, what it has said it won’t do directly. This new development also leads to the collapsing of different personae of a user, even making public their private life that they have so far chosen not to share online. Last week, <a href="https://www.washingtonpost.com/news/the-intersect/wp/2016/08/19/98-personal-data-points-that-facebook-uses-to-target-ads-to-you/?tid=sm_tw" shape="rect" title="www.washingtonpost.com">Facebook published a list of 98 data points it collects on users</a>. These data points combined with your WhatsApp phone number, profile picture, status message, last seen status, frequency of conversation with other users, and the names of these users (and their data) could lead to a severely uncomfortable invasion of privacy.</p>
<p style="text-align: justify; ">Consider a situation where you have spoken to a divorce lawyer in confidence over WhatsApp’s encrypted channel, and are then flooded with advertisements for marriage counselling and divorce attorneys when you next log in to Facebook at home. Or, you are desperately seeking loans and get in touch with several loan officers; and when you log in to Facebook at work, colleagues notice your News Feed flooded with ads for loans, articles on financial management, and support groups for people in debt.</p>
<p style="text-align: justify; ">It is no secret that Facebook makes money off interactions on its platform, and the more information that is shared and consumed, the more Facebook is benefitted. However, the company’s complete disregard for user consent in its efforts to grow is worrying, particularly because Facebook is a monopoly. In order for one to talk to friends and family and keep in touch, Facebook is the obvious, if not the only, choice. It is also increasingly becoming the most accessible way to engage with government agencies. For example, Indian embassies around the world have recently set up Facebook portals, the Bangalore Traffic Police is most easily contacted through Facebook, and heads of states are also turning to the platform to engage with people. It is crucial that such private and collective interactions of citizens with their respective government agencies are protected from becoming data points to which market researchers have access.</p>
<p style="text-align: justify; ">Given Facebook’s proclivity for unilaterally compromising user privacy, the Federal Trade Commission (FTC) in 2011 charged the company for deceiving consumers by misleading them about the privacy of their information. Following these charges, Facebook reached an agreement to give consumers clear notice and obtain consumers’ express consent before extending privacy settings that they had established. The latest modification to WhatsApp’s terms of service seems to amount to a clear violation of this agreement and brings out the grave need to treat user consent more seriously.</p>
<p style="text-align: justify; ">There is a way to opt out of sharing data for Facebook ads targeting <a href="https://www.whatsapp.com/faq/general/26000016" shape="rect" title="www.whatsapp.com">that is outlined by WhatsApp on its blog</a>, which is the best example for a case of invasion-of-privacy-by-design. WhatsApp plans to ask the users to untick a small green arrow, and then click on a large green button that says “Agree” (which is the only button) so as to indicate that they are opting-out. The interface of the notice seems to be consciously designed to confuse users by using the power of default option. For most users, agreeing to terms and conditions is a hasty click on a box and the last part of an installation process. Predictably, most users choose to go with default options, and this specific design of the opt-out option is not meaningful at all.</p>
<p style="text-align: justify; ">In 2005, Facebook’s default profile settings were such that anyone on Facebook could see your name, profile picture, gender and network. Your photos, wall posts and friends list were viewable by people in your network. Your contact information, birthday and other data could be seen by friends and only you could view the posts that you liked. Fast forward to 2010, and the entire internet, not just all Facebook users, can see your name, profile picture, gender, network, wall posts, photos, likes, friends list and other profile data. There hasn’t been a <a href="http://mattmckeon.com/facebook-privacy/" shape="rect" title="mattmckeon.com">comprehensive study since 2010</a>, but one can safely assume that Facebook’s privacy settings will only get progressively worse for users, and exponentially better for Facebook’s revenues. The service is free and we truly are the product being sold.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold'>http://editors.cis-india.org/internet-governance/blog/hindustan-times-vidushi-marda-august-31-2016-we-truly-are-the-product-being-sold</a>
</p>
No publishervidushiSocial MediaWhatsAppFacebookInternet Governance2016-09-01T02:08:37ZBlog EntryThe Competition Law Case Against Whatsapp’s 2021 Privacy Policy Alteration
http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration
<b>Having examined the privacy implications of Whatsapp's changes to its privacy policy in 2021, this issue brief is the second output in our series examining the effects of those changes. This brief examines the changes in the context of data sharing between Whatsapp and Facebook as being an anticompetitive action in violation of the Indian Competition Act, 2002. </b>
<span id="docs-internal-guid-2e4a5c52-7fff-f416-6970-948314f0b524">
<p style="text-align: justify;" dir="ltr"> </p>
<h3 style="text-align: justify;">Executive Summary</h3>
<p style="text-align: justify;" dir="ltr">On January 4, 2021, Whatsapp announced a revised privacy policy through an in-app notification. It highlighted that the new policy would impact user interactions with business accounts, including those which may be using Facebook's hosting services. The updated policy presented users with the option of either accepting greater data sharing between Whatsapp and Facebook or being unable to use the platform post 15th May, 2021. The updated policy resulted in temporarily slowed growth for Whatsapp and increased growth for other messaging apps like Signal and Telegram. While Whatsapp has chosen to delay the implementation of this policy due to consumer outrage, it is important for us to unpack and understand what this (and similar policies) mean for the digital economy, and its associated competition law concerns. Competition law is one of the sharpest tools available to policy-makers to fairly regulate and constrain the unbridled power of large technology companies.</p>
<p style="text-align: justify;" dir="ltr">While it is evident the Indian competition landscape will benefit from revisiting the existing law and policy framework to reign in Big technology companies, we argue that the change in Whatsapp’s privacy policy in 2021 can be held anti-competitive using legal provisions as they presently stand. Therefore, in this issue brief, we largely limit ourselves to evaluating the legality of Whatsapp’s privacy policy within the confines of the present legal system. </p>
<p style="text-align: justify;" dir="ltr">First, we dive into an articulation of the present abuse of dominance framework in Indian Competition Law. Second, we analyze whether there was abuse of dominance-bearing in mind an economic analysis of Whatsapp’s role in the relevant market by using tests laid out in previous rulings of the CCI</p>
<br />
<p style="text-align: justify;" dir="ltr">The framework for determining abuse of dominance as per The Competition Act is based on three factors:</p>
<p style="text-align: justify;" dir="ltr">1. Determination of relevant market</p>
<p style="text-align: justify;" dir="ltr">2. Determination of dominant position</p>
<p style="text-align: justify;" dir="ltr">3. Abuse of the dominant position</p>
<br />
<p style="text-align: justify;" dir="ltr">In two previous orders in 2016 and 2020, CCI has held that Whatsapp is dominant in its relevant market based on several factors which we explore. These include:</p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Advantage in user base, usage and reach,</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Barriers to entry for other competitors</p>
</li><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Power of acquisition over competitors.</p>
</li></ol>
<br />
<p style="text-align: justify;" dir="ltr">However, in both orders, CCI held that Whatsapp did not abuse its dominance by arguing that the practices in question allowed for user choice. We critique these judgments for not reflecting the market structures and exploitative practices of large technology companies. We also argue that even if we use the test of user choice laid down by the CCI in its previous orders concerning Whatsapp and Facebook, the changes made to the privacy policy in 2021 did abuse dominance,and should be held guilty of violating competition law standards.</p>
<p style="text-align: justify;" dir="ltr">Our analysis revolves around examining the explicit and implicit standards of user choice laid out by the CCI in its 2016 and 2020 judgements as the standard for evaluating fairness in an Abuse of Dominance claim.We demonstrate how the 2021 changes failed to meet these standards. </p>
<p style="text-align: justify;" dir="ltr">Finally, we conclude by noting that the present case offers a crucial opportunity for India to take a giant step forward in its regulation of big tech companies and harmonise its rulings with regulatory developments around the world.</p>
<p style="text-align: justify;" dir="ltr">The full issue brief can be found <a href="https://cis-india.org/internet-governance/whatsapp-privacy-policy-2021-issue-brief-competition-law">here</a></p>
<div> </div>
<p style="text-align: justify;" dir="ltr"> </p>
<p style="text-align: justify;" dir="ltr"> </p>
<div> </div>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration'>http://editors.cis-india.org/internet-governance/blog/the-competition-law-case-against-whatsapp2019s-2021-privacy-policy-alteration</a>
</p>
No publisherAman Nair and Arindrajit BasuConsumer RightsDigital EconomyData ProtectionFacebookCompetitionWhatsAppCompetition Law2021-03-24T16:12:09ZBlog EntryTech companies like Gmail, WhatsApp may be asked to store user information
http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information
<b>The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.</b>
<p style="text-align: justify; ">The article by Surabhi Agarwal was <a class="external-link" href="http://economictimes.indiatimes.com/tech/ites/tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information/articleshow/54839888.cms">published in Economic Times</a> on October 14, 2016. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.</p>
<p style="text-align: justify; ">Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.</p>
<p style="text-align: justify; ">Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.</p>
<p style="text-align: justify; "><img class="gwt-Image" src="http://img.etimg.com/photo/54839953/.jpg" /></p>
<p style="text-align: justify; ">The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.</p>
<p style="text-align: justify; ">“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."</p>
<div style="text-align: justify; ">Google and Facebook did not respond to requests for comment.</div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; "></div>
<div style="text-align: justify; ">
<div><b>‘Huge balancing act’</b></div>
<p style="text-align: justify; ">Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.</p>
<p style="text-align: justify; ">While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.</p>
<p style="text-align: justify; ">Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.</p>
<p style="text-align: justify; ">For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.</p>
<p>Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.</p>
<p>And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.</p>
<p> </p>
<p> </p>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information'>http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet Governance2016-10-14T01:12:14ZNews ItemPolice to counter fake news on WhatsApp
http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp
<b>State police across Karnataka, Assam, Telangana and Kerala are designing social media campaigns as an antidote to fake news on messaging apps like WhatsApp following claims that these platforms have been used to incite violence across several locations in recent weeks.</b>
<p style="text-align: justify; ">The article by Nilesh Christopher and Naveen Menezes was published in the <a class="external-link" href="https://www.gadgetsnow.com/tech-news/police-to-counter-fake-news-on-whatsapp/articleshow/64584326.cms">Times of India</a> on June 14, 2018. Pranesh Prakash was quoted. Also see the story on <a class="external-link" href="https://economictimes.indiatimes.com/news/politics-and-nation/police-join-social-media-to-counter-whatsapp-vitriol/articleshow/64580982.cms">Economic Times</a> here.</p>
<hr />
<p style="text-align: justify; ">Alarmed by the rising incidence of attacks on individuals as a result of rumours spread by users of the app — owned by social network <a class="key_underline" href="https://www.gadgetsnow.com/topic/facebook">Facebook</a> — law enforcement authorities across several states are intensifying community policing using the same platforms.<br /><br />Bengaluru police commissioner T Suneel Kumar said the department is creating awareness about #FakeRumourOnChildKidnappers on social media as well as by distributing pamphlets across the city. “We have not written to either Facebook or WhatsApp as they would take their own time to respond. Instead, we have alerted our police personnel to be aware of repetition and are reaching out to people through different means,” he told ET.<br /><br />Last month, a mob lynched a man in a Bengaluru locality suspecting him to be a child abductor.<br /><strong><br />SPECIAL POLICE TEAMS FORMED</strong><br />This was preceded by widely circulated videos on WhatsApp warning people about kidnappers being on the prowl in the city. Police arrested 25 people including four women and a minor in connection with the case.<br /><br />Incidents of lynching have also been reported across Assam, Telangana, Tamil Nadu and Kerala, where fake news and videos about suspected child abductors distributed on WhatsApp caused alarm among villagers.<br /><br />In Assam, over a dozen people have been arrested after a mob lynched two youngsters last week suspecting them to be child kidnappers. “We are monitoring social media and have chalked out counter strategies to ensure fake messages are not spread. The department also interacts with the public constantly,” DS Chauhan, Additional Commissioner of Police (Law and Order), Hyderabad City, told ET.<br /><br />“I do not have the details on whether anyone is arrested for spreading fake messages. It’s difficult to trace who started the rumours,” he said.<br /><br />In response to ET’s queries, a WhatsApp spokesperson said, “The privacy and security of our users is very important to WhatsApp. We've made it easy to block any phone number or report spam and we encourage people to report problematic messages so that we can take action. We’re also stepping up our education efforts so that people know about our safety features, as well as how to spot fake news or hoaxes on WhatsApp.”<br /><br />In Telangana and Assam, special police teams have been formed to monitor social media and to track fake messages and prepare a counter response.<br /><br />“In a week we get at least three calls of WhatsApp rumours causing unrest in various locations”, said an officer from the cybercrime branch of the Kerala Police.<br /><br />“We have given them (people) directions to start counter propaganda immediately, and we are assisting them in dispelling the rumour. We try to identify the administrator of the (WhatsApp) group that is used to spread rumours,” said the officer. He said the social messaging app has, so far, not cooperated with the police on these efforts.<br /><br /><strong>ANALYSTS DIVIDED</strong><br />Cyber security analysts are divided on whether more can be done by social media platforms to counter the rising threat of fake news on these platforms. “This is clearly a case of a platform like WhatsApp (owned by Facebook) not doing enough. Just because WhatsApp is end-to-end encrypted it does not mean their hands are tied,” said Pranesh Prakash, a fellow at the Centre for Internet and Society, a policy advocacy group.<br /><br />“The WhatsApp application is linked to a mobile number, the platform has access to trace the individual who spread rumours,” said Prakash. They (social media networks) can “remind or signal to users about the terms of services when anyone spreads rumours,” he added.</p>
<p style="text-align: justify; ">India has the largest user base for both WhatsApp and Facebook with over 240 million people accessing the platform. WhatsApp is also testing a digital payment system using the homegrown UPI network in the country.<br /><br />On the other hand, Apar Gupta, cofounder of Internet Freedom Foundation (IFF), reckons the danger from rumours that spread on WhatsApp is not just a technology issue but also a societal one.<br /><br />“Looking to decrease privacy in these platforms as a solution to curb fake news, or introducing a pre-screening mechanism to check every message that is sent is not a credible solution,” he said.<br /><br />To be sure, WhatsApp is testing a new feature wherein messages that are forwarded carry the tagline saying ‘forwarded as received’ alerting users that it is not an original creation but just a forward. The feature has not been rolled to all users in India.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp'>http://editors.cis-india.org/internet-governance/news/the-times-of-india-nilesh-christopher-and-naveen-menezes-june-14-2018-police-to-counter-fake-news-on-whatsapp</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-06-26T01:45:20ZNews ItemPDP Bill is coming: WhatsApp Privacy Policy analysis
http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis
<b>WhatsApp started off the new year with changes to its privacy policy that has several implications for data protection and the digital governance ecosystem at large. This post is the first in a series by CIS unpacking the various implications of the policy.
</b>
<span id="docs-internal-guid-153739d2-7fff-f133-6a27-53060c29814c">
<p dir="ltr"> </p>
<p dir="ltr">On January 4, 2021, WhatsApp announced a revised privacy policy. The announcement was through an in-app notification. Users were asked to agree to the policy by February 8, else they will lose access to their accounts. The announcement triggered a backlash, globally and in India and it led to <a href="https://economictimes.indiatimes.com/tech/information-tech/messaging-app-signal-faces-global-outage-days-after-adding-millions-of-users/articleshow/80296362.cms">millions of users in India migrating to other messaging platforms. </a>In light of the backlash, WhatsApp had on January 15 announced that it will delay rolling out the new policy to May 15, 2021. </p>
<p dir="ltr"> It is important to note that many users have also commented that the new explicit terms of mandatory data sharing with Facebook and the extent of metadata collection haven’t changed drastically from WhatsApp’s existing operations. In 2016, WhatsApp had revised its privacy policy to enable data sharing with Facebook. Users were provided 30 days to opt out of such data sharing. However, the option to opt out was not provided to users who joined the service after September 25, 2016 or who failed to exercise the opt-out option. The changes in the policy were challenged in the Delhi High Court. The High Court (i) directed WhatsApp to delete the complete information of users who exercised the option to opt out before September 25, 2016; and (ii) with respect to users who did not exercise the opt-out option, WhatsApp was directed to not share the information of users collected until September 25, 2016 with Facebook. The matter is currently pending before the Supreme Court. </p>
<p dir="ltr">The change in people’s reactions to the data processing from 2016 can partly be attributed to the change in the users perception of privacy and personal data protection. Conversations around privacy and data protection and harms arising out of unauthorized data collection are much more prevalent. What has also irked a large number of users is the difference between the privacy policy applicable to the European Region and the policy applicable to the rest of the world; There is a disparity in the two policies regarding the rights of the users in relation to sharing of data with Facebook Companies(Facebook payments inc, Facebook Payments International Limited, Onavo, Facebook technologies LLC, Facebook Technologies Ireland limited, WhatsApp inc. WhatsApp Ireland Limited and Crowdtangle) due to the application of the General Data Protection Regulation. </p>
<p dir="ltr">Currently, Indian users have a fundamental right to privacy and an overarching data protection framework is set to be tabled in the Parliament soon. The Personal Data Protection Bill, 2019, being deliberated by the Joint Parliamentary Committee, is expected to provide comprehensive requirements for authorized collection and management of personal data. The proposed Bill, despite several shortcomings, does offer significantly more protection than the current framework consisting of S. 43A of Information Technology Act, 2000 and the Information Technology (Reasonable Security practices and procedures and sensitive personal data or Information) Rules, 2011. This blogpost will examine the viability of the revised privacy policy of WhatsApp if the proposed bill is enacted in the currently available public version of the Bill. In the subsequent posts we will analyse the effect of the revised privacy policy on the pending litigation. </p>
<h3>
Privacy notice</h3>
<p dir="ltr">Section 7 of the proposed bill puts an obligation on the data fiduciary to provide a privacy notice, i.e. a document containing granular details of the processing of personal data to the data principals. The details must be provided in a manner that is clear, concise and easily comprehensible to a reasonable person. The notice should also be provided in multiple languages where necessary and practicable. The importance of a clear and concise policy has been highlighted in the Justice Srikrishna Report on Data Protection. However, there is no guidance from the Indian authorities on what it constitutes. Guidance from the <a href="https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227">Article 29 working party</a> in the EU suggests that the policy must be presented in a manner that avoids information fatigue. In the digital context, it has been recommended that presenting a policy in a layered format enhances readability. The guidance also suggests that policy should avoid reliance on complex sentences and abstract terms to convey the details of the processing operations. The revised privacy policy of WhatsApp cannot be termed a clear and concise policy. The purely text-based policy, containing around 3800 words, is not presented in a layered format resulting in shockingly low readability for the amount and type of personal data collection the policy is attempting to convey. In addition to improper design and structure, the policy contains vague language providing an average user a hazy understanding of the extent of data processing and can leave room for different interpretations. The earlier version of the policy also uses similar language and structure to convey details regarding the processing and <a href="https://www.irishtimes.com/business/technology/whatsapp-ireland-sets-aside-77-5m-for-possible-data-compliance-fines-1.4412449">doesn’t provide transparent details regarding its data sharing with Facebook</a>. Relying on a similar format as its earlier versions without revising it based on global discussions around the best methods seems to be an opportunity lost to remedy the privacy policy. The structure, form and language of the policy will have to be revised if the Bill is enacted in its current form and the policy will also have to be provided in multiple languages. </p>
<h3>Bundled consent</h3>
<p dir="ltr">According to its policy, WhatsApp relies on the consent of the user for the purpose of providing messaging and communication services, sharing information with third party service providers that help WhatsApp “operate, provide, improve, understand, customize, support, and market” their Services, and sharing information with other Facebook companies for “providing integrations with Facebook Company products” to name a few. It is important to verify if the consent being obtained is valid according to the standard set by the proposed framework.</p>
<p dir="ltr">For consent to be valid under the proposed framework (Section 11(4)) , the provision and quality of services provided should not be linked to consenting to processing of personal data that is not directly necessary for that purpose. In WhatsApp’s case, the primary purpose of processing is to provide messaging and communication services on that particular platform. Neither sharing personal data with third party service providers for better marketing of their services on other platforms nor sharing it with Facebook company of products for better integration of services is incidental to the primary purpose of processing. The bundling of consent results in forcing individuals to either accept processing of personal data for all of the purposes outlined or lose the services altogether resulting in an invalid consent. An explicit opt-in mechanism for all those processing operations that are not compatible with the primary purpose of processing will have to be provided to the Indian users if the Bill is enacted in its current form and consent is being relied on as the lawful ground of processing.</p>
<h3>Data sharing with Facebook</h3>
<p dir="ltr">WhatsApp’s policy on sharing of information with Facebook has garnered a significant amount of attention and has also raised privacy concerns amongst WhatsApp users in non-European countries. This is because the policy applicable to non- European countries now does not provide the user option to opt out from sharing the information if the user wants to continue using and operating WhatsApp. The policy under the heading ‘How we work with other Facebook Companies’ states that “As part of the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>, WhatsApp receives information from, and shares information (see<a href="https://faq.whatsapp.com/general/security-and-privacy/what-information-does-whatsapp-share-with-the-facebook-companies"> here</a>) with, the other<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-companies"> Facebook Companies</a>. We may use the information we receive from them, and they may use the information we share with them, to help operate, provide, improve, understand, customize, support, and market our Services and their offerings, including the<a href="https://faq.whatsapp.com/general/security-and-privacy/the-facebook-company-products"> Facebook Company Products</a>.” The information that may be shared by WhatsApp with Facebook Companies includes; (i) users phone number; (ii) transaction data; (iii) service-related information, (iv) information on how the users interact with others (including businesses); (v) mobile device information; (vi) the user’s IP address; and (vii) and any other data covered by the privacy policy. All this information/data will fall within the ambit of personal data in terms of the current version of the Bill and therefore WhatsApp would have to comply with the obligations put on it under the Bill for it to be able to share personal data with other data fiduciaries including Facebook Companies.</p>
<p dir="ltr">As noted earlier, it is pertinent to note that the privacy policy is not the same globally. As per the privacy policy applicable to Europe, WhatsApp states that any information that it shares with Facebook Companies is to be used on WhatsApp’s behalf and in accordance with its instructions. Any such information cannot be used for the Facebook Companies own purposes. This statement is not reflected in the privacy policy applicable to non European countries. Facebook has in a <a href="https://www.irishtimes.com/business/technology/whatsapp-says-european-users-do-not-have-to-share-data-with-facebook-1.4452435">statement </a>stated that “For the avoidance of any doubt, it is still the case that WhatsApp does not share European region WhatsApp user data with Facebook for the purpose of Facebook using this data to improve its products or advertisements”</p>
<p dir="ltr"><strong id="docs-internal-guid-dbd02a4a-7fff-ed41-bc54-e5cce9a8b5ca"><br /></strong></p>
<h3>Data sharing with other third party service providers</h3>
<p dir="ltr">It is also important to note that sharing of information is not limited to Facebook Companies, but also extends to other third party service providers. However, apart from a vaguely drafted statement stating that WhatsApp works with third party service providers as well as other Facebook Companies to help it to “operate, provide, improve, understand, customize, support, and market our Services”, the privacy policy is silent and does not provide any insight or clear information on (a) the nature of these third party entities; (b) extent of information shared with such third party entities. Further, even though the policy provides a link to the other Facebook Companies (Facebook Payments Inc, Facebook International Limited, Onavo CrowdTangle) that it works with; there is again no clarity as to what are the specific services provided by these companies.</p>
<p dir="ltr">One of the rights provided to a data principal under Section 17 (3) and Section 7 (1)(g) of the current version of the Bill, is the right to be informed and the consent to be obtained from the data principal about the individuals or entities with whom personal data may be shared. The data principal also has the right to be informed about and given access to the categories of personal data shared with the other data fiduciaries. However, the policy as it stands on date is silent about both the details of the third parties service providers as well as the categories of personal data that could be shared with them.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Metadata collection and data minimisation</h3>
<p dir="ltr">The details on usage and log information in the previous version of the policy were rather vague as a result of which the extent of data collection was difficult to ascertain. The revised version indicates that WhatsApp’s metadata collection went further than most of the other popular messaging applications and the data being collected was linked back to the user and device identity. The principle of data minimisation (Section 6 of the proposed framework) limits the collection of personal data to that which is necessary for the purpose of processing. The compelling reasons that justify the metadata collection for the primary purpose of messaging and communication are so far unclear. The metadata collection section is similar in the privacy policy for the EU region and on the face of it doesn’t look GDPR compliant as well. Collection of those categories of personal data that are not necessary for processing of the primary purpose will need to be discontinued if the Bill is enacted in its current form.</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Data Principal rights</h3>
<p dir="ltr">The difference between the protection afforded to Indian resident users and European resident users is highlighted in the rights accorded to the data principal under the two privacy policies. The European privacy policy has a section dedicated to how users can exercise their rights and specifies that users have the right to access, rectify, port, and erase their information, as well as the right to restrict and object to certain processing of their information. These rights are a reflection of the protection afforded to data principles under the GDPR. As per the current version of the Bill, the data principal will have the right to (i) confirmation and access (Section 17); (ii) correction and erasure (Section 18); and (iii) data portability (Section 19). If the current version of the Bill is enacted, then WhatsApp will be required to amend its privacy policy regarding its applicability to India and incorporate the rights of data accorded to the data principal .</p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Grievance redressal </h3>
<p dir="ltr">The European Region privacy policy specifies the entity within WhatsApp responsible for addressing the complaints of the users and it further also informs the user that they have the right to approach the Irish Data Protection Commission, or any other competent data protection supervisory authority. None of these provisions are specified in the Non-European Region privacy policy. The current version of the PDP Bill places an obligation on the data fiduciary to establish an effective grievance redressal mechanism (Section 32(1)) and to inform the data principal about their right to approach the Data Protection Authority (which is proposed to be established under the PDP Bill) (Section 7(k)). Additional details regarding the same will have to be provided if the Bill is enacted in its current form. </p>
<p dir="ltr"><strong><br /></strong></p>
<h3>Clarifications from WhatsApp </h3>
<p dir="ltr">On January 13, 2021, WhatsApp published a blog stating that the changes to the privacy policy will not affect users who use the platform messaging with friends and family, the changes will only apply to users who use the platform to communicate with business accounts. As per WhatsApp messages to business accounts on WhatsApp can be shared with third-party service providers, which may include Facebook itself. As per the blog, “But whether you communicate with a business by phone, email, or WhatsApp, it can see what you’re saying and may use that information for its own marketing purposes, which may include advertising on Facebook.” It is important to note that we recognise that the content of the messages and the call remains encrypted, however, the concern arises from the collection and use of ‘metadata.’ </p>
<p dir="ltr">WhatsApp’s repeated assurances and clarifications asserting their commitment to data privacy falls short. Their insistence that their chats still use end to end encryption and that only interactions with WhatsApp Business will be shared with Facebook indicates ignorance with regard to the different contours of informational privacy. The expectations of privacy that individuals have over their personal data is linked to the extent of control they have over disclosure of such data. The mandatory metadata collection and lack of opt out clauses for data sharing for marketing purposes results in a mere illusion of control through its façade consent collecting process.</p>
<p dir="ltr"><strong><br /></strong></p>
<p dir="ltr">For the most part, the proposed framework should provide us the same level of protection offered to EU users of WhatsApp regarding some of the key contentions highlighted above. However, additional data principal rights such as the right to object and right to restrict processing will give additional protections to the data principal in case of data processing for marketing purposes. The uproar over the data collection practices of WhatsApp have cemented the immediate need for an effective data protection legislation in the country. The final draft of the Bill with <a href="https://economictimes.indiatimes.com/news/politics-and-nation/parliamentary-panel-examining-personal-data-protection-bill-recommends-89-changes/articleshow/80138488.cms">89 new amendments</a> is expected to be released soon. Considering the renewed apprehensions regarding unwarranted processing of personal data, we can only hope that the amendments have taken into consideration the feedback and comments provided by relevant stakeholders. </p>
<p dir="ltr"><br /><br /></p>
<p dir="ltr">(This post was edited and reviewed by Amber Sinha, Arindrajit Basu and Aman Nair)</p>
</span>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis'>http://editors.cis-india.org/internet-governance/blog/pdp-bill-is-coming-whatsapp-privacy-policy-analysis</a>
</p>
No publisherPallavi Bedi & Shweta ReddyWhatsAppFacebookPrivacy2021-01-19T08:12:23ZBlog EntryPatanjali's Kimbho swiftly retreats over security scare, ripped on Twitter
http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter
<b>Swadeshi" messaging app targeted at WhatsApp taken off from app stores hours after launch.</b>
<p style="text-align: justify; ">The article by Alnoor Peermohamed and Manavi Kapur was published in the <a class="external-link" href="https://www.business-standard.com/article/companies/patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter-118053101326_1.html">Business Standard</a> on May 31, 2018. Gurshabad Grover was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">The fate of Patanjali’s “swadeshi” instant messaging app Kimbho was sealed in the span of just a few hours, thanks to viral messages being shared on Facebook-owned WhatsApp, the app that the Baba Ramdev-promoted company was trying to combat.</p>
<p style="text-align: justify; "><a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>on Thursday launched Kimbho with the sole intent of checking the rise of messaging giant <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp </a>in India. However, after Kimbho’s various data vulnerabilities were exposed by the security expert and whistleblower who goes by the pseudonym Elliot Alderson on Twitter, the app made a quiet exit from Google’s Play Store.</p>
<p style="text-align: justify; "><iframe frameborder="0" height="1" marginheight="0" marginwidth="0" scrolling="no" title="3rd party ad content" width="1"></iframe></p>
<p style="text-align: justify; ">Jokes surrounding the app’s quick retreat spread like wildfire on rival platform <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp.</a> It was perhaps the quickest rise and fall in the popularity of a mobile application.</p>
<p style="text-align: justify; ">Alderson, who has exposed data breaches in the UIDAI’s website, took to Twitter to rip apart the <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=kimbho+app" target="_blank">Kimbho app.</a> “This @KimbhoApp is a joke, next time before making press statements, hire competent developers... If it is not clear, for the moment don't install this app,” he wrote. His next tweet sent alarm bells ringing among users: “The #Kimbho #android #app is a security disaster. I can access the messages of all the users...”</p>
<p style="text-align: justify; ">Kimbho, though, claims that every message on its platform is encrypted by the Advance Encryption Standard and that it saves “no data on our servers or cloud”. But Alderson pointed out that the one-time password security could be worked around. “It's possible to choose a security code between 0001 and 9999 and send it to the number of your choice,” he tweeted. Kimbho, explained as a Sanskrit greeting by S K Tijarawala, Ramdev’s spokerperson, on Twitter, is also a patched-up application over the existing Bolo messaging app.</p>
<p style="text-align: justify; ">This is most likely the reason the app was taken off the Google Play Store. “There were basic authentication and authorisation related vulnerabilities where an end user can see the data of other users. These flaws may be the reason the developers took down the app. Google flags such things,” said Anand Prakash, a Bengaluru-based ethical hacker.</p>
<p style="text-align: justify; ">“<a class="storyTags" href="https://www.business-standard.com/search?type=news&q=whatsapp" target="_blank">WhatsApp </a>uses end-to-end encryption that essentially means even they can’t access the messages you send. But Kimbho, on the other hand, was not using end-to-end security and probably even saving every message as plain text on its server,” adds Gurshabad Grover, policy officer at the Centre for Internet and Society.</p>
<p style="text-align: justify; ">Google did not respond to queries about whether the developer took the app down or Google flagged it as unsecure. Kimbho declared on its Twitter handle that its app was removed from the Play Store because of heavy traffic, claiming that it was downloaded 150,000 times in a mere three hours since its launch.</p>
<p style="text-align: justify; ">On Apple’s App Store, it was trending in the social networking category at the fourth position in India, just below WhatsApp, Facebook and Facebook’s Messenger, and above popular messaging apps such as Skype, LinkedIn and hike messenger.</p>
<p style="text-align: justify; ">Tijarawala had announced Kimbho’s launch on Twitter, calling it an app developed by the “shishyas” (disciples) and “navdikshit sadhus” (newly ordained priests) of Ramdev and Acharya Balkrishna, managing director, <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>Ayurved and co-founder, <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali" target="_blank">Patanjali </a>Yogpeeth in Haridwar. Tijarawala’s tweet also claimed that this app was built using “swadeshi” techniques, though what these are remains a mystery. Emails, text messages and calls to Tijarawala went unanswered.</p>
<p style="text-align: justify; ">In keeping with an “Indian” aesthetic, the app’s logo has a “shankh” (conch shell), perhaps signifying a war cry against foreign-born WhatsApp, which has over 200 million active users in India. The conch shell also blends well with Kimbho’s tag line, “Ab Bharat Bolega” (now India will speak). But that is where its tenuous Indianness begins to crumble.</p>
<p style="text-align: justify; ">While the app was registered as a product of <a class="storyTags" href="https://www.business-standard.com/search?type=news&q=patanjali+ayurved" target="_blank">Patanjali Ayurved </a>on the Play Store, the developer on Apple’s App Store is Appdios Inc, a San Francisco-based app development company. Aditi Kamal and Sumit Kumar are this company’s founders according to LinkedIn. The duo has worked with technology giants such as Google and Apple and hold masters degrees from University of Southern California in the US. A blonde man features on the screenshots that the app has featured on its landing page on the App Store.</p>
<p style="text-align: justify; ">Taking forward Bolo’s keyboard suggestions, cheekily called “Quickies”, Kimbho offers pre-typed messages such as “hugs and kisses”, “what the heck” and “parents are watching”. Whether these millennial-friendly features and Kimbho itself are an attempt to get young millennials in touch with their “swadeshi” roots remains to be seen.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter'>http://editors.cis-india.org/internet-governance/news/business-standard-manavi-kapur-alnoor-peermohamed-may-31-2018-patanjali-s-kimbho-swiftly-retreats-over-security-scare-ripped-on-twitter</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-06-01T14:15:44ZNews ItemNasscom chief saying full data protection isn’t possible should wake us from our digital slumber
http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber
<b>Considering India is rapidly moving towards a digital economy, the hurdles not withstanding, data and identity security are topics which have to be taken very seriously. Since the demonetisation, a large part of the population who would never bother with digital transactions has suddenly come online. But there is no such thing as complete security of personal data, according to Nasscom chief R Chandrashekhar.</b>
<p style="text-align: justify; ">This was published by <a class="external-link" href="http://tech.firstpost.com/news-analysis/nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber-367183.html">First Post</a> on March 16, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Attending the World Consumer Rights Day, R Chandrashekhar said that personal data of online consumers cannot be completely secure and stressed on the need to have strict enforcement of consumer protection laws. Speaking to <i>PTI,</i> Chandrashekhar said, “More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT.”</p>
<p style="text-align: justify; "><b>It’s high time we call a spade, a spade</b></p>
<p style="text-align: justify; "><b><img alt="Image: PIB" class="wp-image-367245 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2017/03/RChandrasekhar_PIB380.jpg" width="640" /><br /></b>R Chandrashekhar, President Nasscom. Image: PIB</p>
<p style="text-align: justify; ">Coming from the head of Nasscom, this announcement pertaining to security is very important. According to Chandrashekhar one cannot expect complete cyber security, but there are definitely ways in which such attacks and incidents can be minimised. He very rightly said that that protecting the online consumer data, specially looking at how rapidly e-commerce is growing in the country, is of prime importance.</p>
<p style="text-align: justify; ">One cannot help but agree with Chandrashekhar, specially considering the fact India <a href="http://tech.firstpost.com/news-analysis/demonetisation-privacy-laws-need-to-be-in-place-before-giving-the-biggest-push-to-digital-transactions-348478.html"><b>does not have a privacy law ecosystem</b></a> that is present in countries such as the US and the UK, where online consumer protection is taken very seriously. <a href="http://tech.firstpost.com/news-analysis/facebook-asked-to-delete-whatsapp-user-data-in-germany-over-data-protection-law-infringement-337708.html"><b>Germany</b></a> and <a href="https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=5&cad=rja&uact=8&ved=0ahUKEwjljYHpzNrSAhUkSI8KHa6oB_MQFgg2MAQ&url=http%3A%2F%2Ftech.firstpost.com%2Fnews-analysis%2Ffrance-fines-google-150000-euros-over-data-privacy-216266.html&usg=AFQjCNE15FPlAi9rR5yCXNzS_hnua81QAw&sig2=GVGgF_cxGNhXo-SJhLo4Gg&bvm=bv.149397726,d.c2I" rel="nofollow"><b>other EU nations</b></a> have always been at the forefront, when it comes to protecting data privacy, and it has ensured that consumer-facing technology companies do not run roughshod when it comes to protecting user data.</p>
<p style="text-align: justify; ">Chandrashekhar stated that there was no need for separate regulations for e-commerce sites, but the priority was ensuring means to enforce consumer laws in the digital world.</p>
<p style="text-align: justify; "><b>Lack of dedicated privacy laws</b></p>
<p style="text-align: justify; ">According to cyberlaw and cybersecurity expert, Pavan Duggal, “Going forward, there is an urgent need for India to take a strong view on privacy in terms of legislative frameworks. Unfortunately, at the time of writing, <a href="http://tech.firstpost.com/news-analysis/privacy-protection-need-for-proactive-cyber-legal-approaches-in-india-357248.html"><b>India does not have a dedicated law on privacy</b></a>.”</p>
<p style="text-align: justify; "><img alt="Image: Foamy Media" class="wp-image-353936 size-full" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/social-media.jpeg" width="640" /><br />Image: Foamy Media</p>
<p style="text-align: justify; ">Social media websites for instance have a lot of user data. But what happens when they suddenly change their privacy policies? For instance, a lot of users signed on to WhatsApp when it was an independent company. But post the Facebook acquisition, there have been a lot of instances where WhatsApp has updated its terms and conditions to suit its parent Facebook.</p>
<p style="text-align: justify; ">That’s not completely illegal one may say. Loss of privacy is a price you pay for free services. But what if, I as a consumer of WhatsApp <a href="http://tech.firstpost.com/news-analysis/german-consumer-rights-group-accuses-whatsapp-of-illegally-sharing-user-data-with-facebook-359979.html"><b>do not want the app to share any of my data with Facebook</b></a>? The only option I am left with is to delete WhatsApp. But then again, I do not know if my data is also deleted from WhatsApp servers or it has already been shared. Social media apps, only let you know what updates are being added. Consent is only required to update the app. You can stall that, up to a point. But there will come a time when you will have to update an app. Then by default you have given approval to all the terms and conditions associated with the app.</p>
<p style="text-align: justify; ">Two students had challenged WhatsApp’s revision to its privacy policy before Delhi High Court. The Court dismissed the petition insisting that users could opt out by <a href="http://www.thehindu.com/news/cities/Delhi/delete-or-share-high-court-tells-whatsapp-users/article9143285.ece" rel="nofollow"><b>deleting their accounts</b></a>.</p>
<p style="text-align: justify; ">When a similar challenge was mounted before the authorities in UK, Facebook had to put a pause on their data sharing – and this was because of its strong data protection policy. Under the UK data protection law, the company has to inform the authority established under the Act of any changes in the use of user data. In the case of WhatsApp, the <a href="http://tech.firstpost.com/news-analysis/why-india-failed-to-prevent-whatsapp-data-sharing-with-facebook-while-uk-succeeded-346115.html"><b>UK authority objected to such sharing.</b></a></p>
<p style="text-align: justify; "><b>Aadhaar – the 12-digit biometric storehouse</b></p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg"><img alt="aadhaar_251002219381" class="wp-image-303751 size-full aligncenter" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/03/aadhar_251002219381.jpg" width="640" /></a></p>
<p style="text-align: justify; ">Aadhaar card is being used for many financial and non financial transactions. Also the Aadhaar number associated with an individual also holds a lot of personal and biometric data. So when recently, there was news about a possible Aadhaar data breach when <a href="http://tech.firstpost.com/news-analysis/aadhaar-data-breach-uidai-finds-multiple-transactions-done-with-the-same-fingerprint-364155.html"><b>UIDAI filed a police complaint</b></a> against Axis Bank, business correspondent Suvidhaa Infoserve and e-sign provider eMudhra, it was naturally a shock to many.</p>
<p style="text-align: justify; ">Unlike a password which can be changed, with biometric information there is no scope to do that if it is compromised. Although UIDAI claims that there are <a href="http://tech.firstpost.com/news-analysis/aadhaar-is-being-used-by-few-corporates-for-salary-disbursements-but-the-potential-is-immense-361749.html"><b>multiple levels of security and firewalls</b></a> to ensure there is no breach of Aadhaar information of an individual, one can only hope that it is robust enough to withstand any attack. Collection of biometric data by the government to form a database, for instance, was debated and ultimately not used in the UK.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director of the Centre for Internet and Society, expressed concern about the pace at which we are progressing when it comes to having a legal and regulatory framework when it comes to the Digital India push. “While the security architecture of Aadhaar Enabled Payment Systems (AEPS) might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password,” said Prakash.</p>
<p style="text-align: justify; "><b>Enforcing the correct processes</b></p>
<p style="text-align: justify; ">Last year, a malware affected the systems of Hitachi Payment Services, which provides back end services to ATM machines and Point of Sale nodes across India. As a result of this, around <b><a href="http://tech.firstpost.com/news-analysis/32-lakh-debit-cards-compromised-affected-banks-include-sbi-hdfc-yes-axis-bob-and-icici-342220.html" target="_blank">32 lakh debit cards were compromised</a></b> including those issued by SBI, HDFC, Yes Bank, Axis, BOB and ICICI. Security experts and consultants have pointed out <b><a href="http://tech.firstpost.com/news-analysis/banks-need-to-switch-to-fully-encrypted-security-solutions-to-avoid-security-breaches-343696.html" target="_blank">various holes in the electronic transaction systems</a></b> in place in India. Intel has also warned that <b><a href="http://tech.firstpost.com/news-analysis/demonetisation-security-experts-warn-that-atms-are-easy-targets-for-hackers-351182.html" target="_blank">ATM machines in India</a></b> are vulnerable to malicious attacks. Intel points out that countries in the Asia Pacific region are developing and are particularly vulnerable because of old systems and machines being used.</p>
<p style="text-align: justify; "><a href="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg"><img alt="Image: REUTERS/Amit Dave " class="wp-image-353328" height="360" src="http://tech.firstpost.com/wp-content/uploads/2016/12/atm-queue-demonetisation.jpg" width="640" /></a></p>
<div class="prodtxtinf" style="text-align: justify; ">Image: REUTERS/Amit Dave</div>
<p style="text-align: justify; ">According to Mahesh Patel, president and group CTO, AGS Transact Technologies this was more of a governance issue of the data centre than any technical error. “It is not about the software, but it is about the processes and procedures you put in place to ensure that the system is secure. Everything from physical security to computing security to admin management, etc should be process driven. So somewhere there could have been a weak link there. Cloud has to be secure and encrypted which suffices the use case of payments. This cloud is different from the ones used by e-commerce sites to display all their products,” said Patel.</p>
<p style="text-align: justify; ">We may have the best of software and security measures, but ensuring that they are implemented the right way is equally important. Plugging the loopholes in current regulations is also important.</p>
<p style="text-align: justify; "><b>Existing laws and regulations, not enough</b></p>
<p style="text-align: justify; ">According to Duggal, “The Information Technology Act, 2000 hardly has effective provisions to protect any data and personal privacy in the digital ecosystem. The Indian Government needs to come up with strong privacy law which can protect both personal privacy and data privacy in an effective manner.”</p>
<p style="text-align: justify; ">One may find it really shocking to hear the head of Nasscom saying something to the extent that full data protection for online consumers is not possible, but there is definitely truth to the matter. It will require concerted efforts from not only regulators, governments, digital wallet players and banking industry to come up with these privacy laws, but also you the consumer has to ensure that you are aware of the dangers lurking in the digital world. Educating oneself of the various ways in which your data can be compromised is a good way to protect your online self.</p>
<p style="text-align: justify; ">Because, let’s face it, for all practical purposes if you are online, your <a href="http://tech.firstpost.com/news-analysis/privacy-is-dead-stop-whining-and-get-some-real-work-done-357090.html"><b>privacy is dead</b></a>.</p>
<p style="text-align: justify; "><span class="tags"> </span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber'>http://editors.cis-india.org/internet-governance/news/first-post-march-16-nimish-sawant-nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber</a>
</p>
No publisherpraskrishnaWhatsAppAadhaarInternet GovernancePrivacy2017-03-17T01:47:25ZNews ItemIt's That Eavesdrop Endemic
http://editors.cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic
<b>Whatsapp Says It’s Snoop-Proof Now, But There’s Always A Way In
</b>
<p style="text-align: justify; ">The article by Arindam Mukherjee was <a class="external-link" href="http://www.outlookindia.com/magazine/story/its-that-eavesdrop-endemic/297534">published in Outlook</a> on July 25, 2016. Pranesh Prakash was quoted.</p>
<hr />
<h3 style="text-align: justify; ">Lock and Key</h3>
<ul style="text-align: justify; ">
<li>WhatsApp says it has end-to-end encryption, so no one, not even WhatsApp, can snoop into calls.</li>
</ul>
<ul style="text-align: justify; ">
<li>Experts say any encryption can be broken by security agencies. Android phones can also get infected by malware.</li>
</ul>
<p style="text-align: justify; ">For years, a Delhi power-broker used to call from nondescript landline numbers, changing them ever so often. Of late, he has started using WhatsApp calls for ‘sensitive’ conversations. He’s not alone. WhatsApp has revealed that over 100 million voice calls are being made on the social network every day. That’s over 1,100 calls a second! India is one of the biggest user bases of WhatsApp. And many Indian users are making the app their main engine for voice calls.<br /><br />One reason for this shift is that WhatsApp calls are seen to be essentially free (though they indeed have data charges). But for a lot of people, the chief allure lies in the touted fact that WhatsApp calling is far more secure than mobile calling. In April, the app introduced end-to-end encryption for its messages and voice calls.<br /><br />Consequent to this, Sudhir Yadav, a Gurgaon-based software engineer filed a PIL in the Supreme Court seeking a ban on WhatsApp on the grounds that its calls are so safe that it could be misused by ‘terrorists’. Last month, a court in Brazil issued orders to block WhatsApp for 72 hours after it failed to provide the authorities access to encrypted data.</p>
<p style="text-align: justify; ">Are WhatsApp calls really impenetrable? WhatsApp believes so and says that the encryption key is held by the two persons at the two ends of the message or call and no one, not even the company, can snoop in. “The calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them,” a WhatsApp spokesperson told Outlook. This is precisely Yadav’s concern. “Because the encryption is end to end, the government can’t break it and WhatsApp cannot provide the decryption key,” he says.<br /><br />However, experts do not buy this argument. They believe everything on the Internet is vulnerable. “Anything that uses a phone number is vulnerable,” says Kiran Jonnalagadda, founder of technology platform HasGeek. “Anyone can impersonate the phone number by getting a duplicate SIM and get access to a phone. There are also bugs in the system which security agencies use.”<br /><br />WhatsApp uses a person’s phone number to open an account and authenticate a user. So, if the government or a security agency wants to get access to a WhatsApp call, it would be very easy. “Telecom companies cannot access these calls as they are encrypted before they reach the network. But the government can. It just has to replicate a SIM to access any number and its messages or voice calls,” says Aravind R.S., a volunteer for Save the Internet campaign and founder of community chat app Belong,<br /><br />There are other modes of attack as well. It is a given that Android phones, which form the majority of mobile phones used in India today, are most vulnerable to malware attacks. So, even if the app itself is secure, the device is not and if the device is attacked, just about everything in it can be tapped into. For instance, there’s the ‘man in the middle’ mode of attack, where a third person gets into a call and mirrors the messages to both the sides and relays the messages or calls to a different server. There is also the SS7 signalling protocol that can help hackers get into networks and calls. These attacks can make even a WhatsApp encryption vulnerable.</p>
<p style="text-align: justify; ">Security agencies and hackers routinely implant viruses into the phones of people they are monitoring. Once a phone is “infected”, everything is accessible. And Android phones are extremely prone to attacks from malware. “It's not perfectly secure, especially if there is any virus in an Android phone, which is what security agencies work with. They have many more ways to get into a phone. There is no defence against that,” says Aravind,<br /><br />Experts believe it is possible that US intelligence agencies like the FBI and the NSA may have access to or are capable of breaking into even the WhatsApp encryption. This is proven by the recent incident where the FBI, after being refused by Apple to open up an iPhone used by a terrorist, broke into the phone by itself.<br /><br />“If you are on the NSA list, there is nothing you can do to protect yourself,” says Pranesh Prakash, policy director with the Centre for Internet and Society. “They will find a way to get into your phone. In WhatsApp, many things like photographs and videos are not encrypted; these can get access to a person’s account.”<br /><br />In India, the debate on access to encrypted phones has been on since the government engaged with Blackberry a few years ago. “There is no law governing an Over The Top (OTT) service like WhatsApp. If the government orders decryption of a call and WhatsApp cannot comply, it will become illegal,” says cyber lawyer Asheeta Regidi. The government’s seeming comfort level with all this legal ambiguity is yet another indicator that all is not what is seems with WhatsApp. As for callers, they would do well to speak discreetly on any network.</p>
<ul style="text-align: justify; ">
</ul>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic'>http://editors.cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet Governance2016-07-30T15:45:31ZNews ItemIndia WhatsApp Privacy Fight May Affect Multinationals
http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals
<b>The Indian Supreme Court’s review of Facebook Inc.'s and WhatsApp Inc.'s data security practices may lack teeth but also presages a desire for a stronger privacy regime and oversight of multinationals, internet and privacy specialists told Bloomberg BNA. </b>
<p style="text-align: justify; ">The article by Nayanima Basu was <a class="external-link" href="https://www.bna.com/india-whatsapp-privacy-n57982083152/">published by Bloomberg BNA</a> on February 1, 2017. Pranesh Prakash was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">WhatsApp revised its privacy policy in August 2016 to share data with owner Facebook and allow targeted ads and messages from businesses, laying the groundwork for the free messaging service to monetize such data. But a public interest complaint, akin to a class action in the U.S., filed by two Indian students and regulatory inquiries have resulted in India’s top court asking Facebook and WhatsApp about their data protection practices.<br /><br />The court’s move Jan. 17 to seek the information may make multinational companies jittery, Rahul Khullar, former secretary of commerce for India’s Ministry of Commerce and Industry, told Bloomberg BNA. Although stronger data privacy enforcement is needed, all the high court has done is aggravate Facebook and other large multinationals, he said.</p>
<p style="text-align: justify; ">Facebook is the second largest media company in the world with a $367 billion market capitalization, Bloomberg data show. It acquired WhatsApp in 2014 for approximately $18 billion, data show. Facebook didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.<br /><br />Khullar, who is also the former chairman of the Telecom Regulatory Authority of India, said multinationals need to be more careful in sharing their data because of the “distinction between digital non-commercial data and digitally sensitive data,” he said. A strong national data privacy law would resolve some of these issues, he said.<br /><br />An U.S. official based at the U.S. Embassy in New Delhi, speaking on background, told Bloomberg BNA that any maneuver that restricts the free flow of data may harm the operations of U.S.-based multinationals and similar companies.</p>
<h3 style="text-align: justify; ">Clarity, Stronger Laws Needed</h3>
<p style="text-align: justify; ">Some internet and privacy specialists say that Facebook and WhatsApp failed to provide effective data protection under Indian law.</p>
<p style="text-align: justify; ">Pranesh Prakash, policy director at the nonprofit digital technologies advocate Centre for Internet and Society, told Bloomberg BNA that Facebook and WhatsApp are in violation of <a class="bluenobold" href="http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf"> Section 43A of the Information Technology Act</a> that lays out “reasonable security practices and procedures.”</p>
<p style="text-align: justify; ">Indian citizens are reaching out to the courts for data protection enforcement because lawmakers have “failed to do so,” he said. That highlights the need for robust data protection laws in India and, he said, hopefully “goads the government and Parliament into enacting a privacy and data protection law.”</p>
<p style="text-align: justify; ">In lieu of further legislative action, companies may be able to resolve some issues by establishing clearer privacy policies, Niraj Gunde, a Mumbai-based attorney and consumer advocate, told Bloomberg BNA. Most software agreements have a clandestine clause that allows companies to access user data, but those agreements should also state how the data will be used, stored and eventually disposed of, he said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals'>http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals</a>
</p>
No publisherpraskrishnaSocial MediaWhatsAppInternet GovernancePrivacy2017-02-02T02:28:23ZNews ItemIndia steps up vigilance against WhatsApp abuse
http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse
<b>Delhi wants firm to open local office, appoint grievance officer as misinformation spreads.</b>
<p style="text-align: justify; ">The article by Debashree Dasgupta was published by <a class="external-link" href="https://www.straitstimes.com/asia/south-asia/india-steps-up-vigilance-against-whatsapp-abuse">Straits Times</a> on August 24, 2018. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">In one of its strongest directives yet to WhatsApp, the Indian government has asked the California-based messaging service firm to set up an office and appoint a grievance officer in India.</p>
<p style="text-align: justify; ">Indian Information Technology Minister Ravi Shankar Prasad conveyed the request to WhatsApp chief executive Chris Daniels during a meeting on Tuesday. It came against the backdrop of the growing misuse of the messaging app to disseminate misinformation.</p>
<p style="text-align: justify; ">"I requested WhatsApp chief executive Chris Daniels to set up a grievance officer in India, establish a corporate entity in India, comply with Indian laws. He assured me that #WhatsApp will soon take steps on all these counts," Mr Prasad tweeted after the meeting.</p>
<p style="text-align: justify; ">"I further asked WhatsApp CEO... to work closely with law enforcement agencies of India and create public awareness campaign to prevent misuse of WhatsApp. He assured me that #WhatsApp will undertake these initiatives," he added in another tweet.</p>
<p style="text-align: justify; ">The firm has not yet provided a confirmation of these claims.</p>
<p style="text-align: justify; ">The spread of misinformation about child kidnappings through WhatsApp has been linked to a series of mob lynchings that have led to the deaths of least 28 people across India since April.</p>
<blockquote class="pull-quote-left" style="text-align: justify; ">
<p>TAKING RESPONSIBILITY</p>
<p>When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action.</p>
<p>INDIA'S MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY</p>
</blockquote>
<p style="text-align: justify; ">There are also concerns that the spread of fake news via the application could gather further momentum ahead of next year's general elections in India. The firm has more than 200 million active monthly users in India - its biggest market and a sizeable chunk of its 1.5 billion global user base.</p>
<p style="text-align: justify; ">WhatsApp, the most widely used messaging app in India, has struggled to control the spread of misinformation in India on its platform.</p>
<p style="text-align: justify; ">With the government demanding greater accountability from it, the firm has made it more difficult for users to forward content by removing shortcuts. It has limited to five the number of people a message can be forwarded to each time, and introduced a "forwarded" label for such messages.</p>
<p style="text-align: justify; ">But the authorities have found this inadequate given the enormity of the challenge and rampant abuse.</p>
<p style="text-align: justify; ">Last month, the Indian Ministry of Electronics and Information Technology said: "There is a need for bringing in traceability and accountability when a provocative/inflammatory message is detected, and a request is made by law enforcement agencies.</p>
<p style="text-align: justify; ">"When rumours and fake news get propagated by mischief mongers, the medium used for such propagation cannot evade responsibility and accountability. If they remain mute spectators, they are liable to be treated as abettors and thereafter, face consequent legal action."</p>
<p style="text-align: justify; ">Mr Prasad, speaking to the media after the meeting, said: "I have said in the past that it does not take rocket science to locate a message being circulated in hundreds and thousands... You must have a mechanism to find a solution."</p>
<p style="text-align: justify; ">The Indian government's demand for WhatsApp to set up a local office is not unprecedented.</p>
<p style="text-align: justify; ">The European Union General Data Protection Regulation says a foreign firm that processes personal data of individuals in the EU "may be required" to appoint a representative in an EU state. However, calls by the government to detect messages and track down senders have prompted concerns over privacy violation, and pose a technical challenge.</p>
<p style="text-align: justify; ">Mr Sunil Abraham, executive director of the Centre for Internet and Society, a Bangalore-based nonprofit organisation, said: "Application-wide blocking of the same content is not possible on WhatsApp because it uses end-to-end cryptography, and there is no way WhatsApp can determine which messages are being forwarded."</p>
<p style="text-align: justify; ">But there are potential remedies that are less controversial, and easier to achieve.</p>
<p style="text-align: justify; ">Mr Abraham suggested that WhatsApp fund a large network of fact checkers and provide a "fact check this" button along with all forwarded messages. "This button could then transmit the suspicious message to a common database that is managed by the network for fact checkers," he added.</p>
<p style="text-align: justify; ">Last month, the Ministry of Electronics and Information Technology raised concerns on the expected roll-out of WhatsApp Payments, which lets users make financial transactions via the application. It has sought clarity on whether the service adheres to the Reserve Bank of India's security and privacy rules.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse'>http://editors.cis-india.org/internet-governance/news/the-straits-times-august-24-2018-debarshi-dasgupta-india-steps-up-vigilance-against-whatsapp-abuse</a>
</p>
No publisherAdminWhatsAppInternet Governance2018-08-27T15:22:23ZNews Item