The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 11 to 25.
The Future of Privacy in the Age of Big Data
http://editors.cis-india.org/internet-governance/news/study-tour-on-future-of-privacy-in-age-of-big-data
<b>A study tour on privacy and big data was organised by Friedrich Naumann Foundation for Freedom from September 3 to 10, 2016 in Berlin and Hamburg. Vanya Rakesh was one of the participants from South Asia who went for the tour.</b>
<h3>List of Participants</h3>
<ul>
<li>Shahid Ahmad, Deputy Director, Digital Empowerment Foundation</li>
<li>Shahzad Ahmad, Country Director, Bytes for All</li>
<li>Shivam Satnani, Senior Analyst, Data Security Council of India</li>
<li>Vanya Rakesh, Senior Policy Officer, Centre for Internet & Society</li>
<li>Anja Kovacs, Director, Internet Democracy Project</li>
<li>Tshering Cigay Dorji, CEO, Thimphu Tech Park</li>
<li>Vrinda Bhandari, Lawyer and Journalist, Chambers of Trideep Pais (Anwaltskanzlei)</li>
<li>Tahsin Ifnoor Sayeed, Head of Business Intelligence, DNet</li>
</ul>
<p><a class="external-link" href="http://cis-india.org/internet-governance/files/study-tour-big-data-privacy.pdf">Click to see the Agenda</a></p>
<ul>
</ul>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/study-tour-on-future-of-privacy-in-age-of-big-data'>http://editors.cis-india.org/internet-governance/news/study-tour-on-future-of-privacy-in-age-of-big-data</a>
</p>
No publisherpraskrishnaInternet GovernanceBig DataPrivacy2016-09-22T23:24:16ZNews ItemThe Fintech Disruption - Innovation, Regulation, and Transformation
http://editors.cis-india.org/internet-governance/news/the-fintech-disruption-innovation-regulation-and-transformation
<b>Sumandro Chattapadhyay attended an event organized by Carnegie India on March 28, 2017. The aim of the initiative was that inclusive and sustainable regulations require constant interaction between policy makers and industry. </b>
<p style="text-align: justify; ">Select senior level policymakers, leaders from the banking industry and dynamic start-up founders and innovators gathered for the meet-up. The intention is to follow up on the discussions and debates from the round-table and come out with a detailed report on Fintech Regulations based on the research and conversations with start-ups and other valuable stakeholders.</p>
<p><a class="external-link" href="http://cis-india.org/internet-governance/files/fintech-conference-agenda">See the conference agenda</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-fintech-disruption-innovation-regulation-and-transformation'>http://editors.cis-india.org/internet-governance/news/the-fintech-disruption-innovation-regulation-and-transformation</a>
</p>
No publisherpraskrishnaInternet GovernanceBig Data2017-03-29T02:10:49ZNews ItemThe Changing Landscape of ICT Governance and Practice - Convergence and Big Data
http://editors.cis-india.org/internet-governance/news/the-changing-landscape-of-ict-governance-and-practice-convergence-and-big-data
<b></b>
<p style="text-align: justify; ">Sharat Chandra Ram was granted the <a href="http://www.cprsouth.org/2015/02/call-for-applications-2015-young-scholar-awards/">Young Scholar Award 2015</a> to attend the <i>Young Scholar Workshop (August 24 - 25, 2015)</i> followed by main <a href="http://www.cprsouth.org/"><i>CPRSouth2015 conference</i> (Communication Policy Research South) conference <i>(26th - 28th August 2015</i>)</a> - "The Changing Landscape of ICT Governance and Practice - Convergence and Big Data" that was co-organized by the 'Innovation Center for Big Data and Digital Convergence, Yuan Ze University, Taiwan. The agenda for Young Scholar 2015 pre-conferernce workshop can be accessed <a class="external-link" href="http://www.cprsouth.org/cprsouth-2015-call-for-abstracts/cprsouth-2015-young-scholar-awards-call-for-applications/">here</a>. The CPR South 2015: Conference Programme agenda can be accessed <a class="external-link" href="http://www.cprsouth.org/cprsouth-2015-call-for-abstracts/cpr-south-2015-conference-programme/">here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/the-changing-landscape-of-ict-governance-and-practice-convergence-and-big-data'>http://editors.cis-india.org/internet-governance/news/the-changing-landscape-of-ict-governance-and-practice-convergence-and-big-data</a>
</p>
No publisherpraskrishnaInternet GovernanceBig Data2015-09-07T13:48:37ZNews ItemSummary Report Internet Governance Forum 2015
http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015
<b>Centre for Internet and Society (CIS), India participated in the Internet Governance Forum (IGF) held at Poeta Ronaldo Cunha Lima Conference Center, Joao Pessoa in Brazil from 10 November 2015 to 13 November 2015. The theme of IGF 2015 was ‘Evolution of Internet Governance: Empowering Sustainable Development’. Sunil Abraham, Pranesh Prakash & Jyoti Panday from CIS actively engaged and made substantive contributions to several key issues affecting internet governance at the IGF 2015. The issue-wise detail of their engagement is set out below. </b>
<p align="center" style="text-align: left;"><strong>INTERNET
GOVERNANCE</strong></p>
<p align="justify">
I. The
Multi-stakeholder Advisory Group to the IGF organised a discussion on
<em><strong>Sustainable
Development Goals (SDGs) and Internet Economy</strong></em><em>
</em>at
the Main Meeting Hall from 9:00 am to 12:30 pm on 11 November, 2015.
The
discussions at this session focused on the importance of Internet
Economy enabling policies and eco-system for the fulfilment of
different SDGs. Several concerns relating to internet
entrepreneurship, effective ICT capacity building, protection of
intellectual property within and across borders were availability of
local applications and content were addressed. The panel also
discussed the need to identify SDGs where internet based technologies
could make the most effective contribution. Sunil
Abraham contributed to the panel discussions by addressing the issue
of development and promotion of local content and applications. List
of speakers included:</p>
<ol>
<li>
<p align="justify">
Lenni
Montiel, Assistant-Secretary-General for Development, United Nations</p>
</li><li>
<p align="justify">
Helani
Galpaya, CEO LIRNEasia</p>
</li><li>
<p align="justify">
Sergio
Quiroga da Cunha, Head of Latin America, Ericsson</p>
</li><li>
<p align="justify">
Raúl
L. Katz, Adjunct Professor, Division of Finance and Economics,
Columbia Institute of Tele-information</p>
</li><li>
<p align="justify">
Jimson
Olufuye, Chairman, Africa ICT Alliance (AfICTA)</p>
</li><li>
<p align="justify">
Lydia
Brito, Director of the Office in Montevideo, UNESCO</p>
</li><li>
<p align="justify">
H.E.
Rudiantara, Minister of Communication & Information Technology,
Indonesia</p>
</li><li>
<p align="justify">
Daniel
Sepulveda, Deputy Assistant Secretary, U.S. Coordinator for
International and Communications Policy at the U.S. Department of
State </p>
</li><li>
<p align="justify">
Deputy
Minister Department of Telecommunications and Postal Services for
the republic of South Africa</p>
</li><li>
<p align="justify">
Sunil
Abraham, Executive Director, Centre for Internet and Society, India</p>
</li><li>
<p align="justify">
H.E.
Junaid Ahmed Palak, Information and Communication Technology
Minister of Bangladesh</p>
</li><li>
<p align="justify">
Jari
Arkko, Chairman, IETF</p>
</li><li>
<p align="justify">
Silvia
Rabello, President, Rio Film Trade Association</p>
</li><li>
<p align="justify">
Gary
Fowlie, Head of Member State Relations & Intergovernmental
Organizations, ITU</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">http</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">://</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">www</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">.</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">.</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">org</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">/</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">cms</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">/</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">igf</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">2015-</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">main</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">-</a><a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">sessions</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2327-2015-11-11-internet-economy-and-sustainable-development-main-meeting-room</a></u></p>
<p align="justify">
Video
link Internet
economy and Sustainable Development here
<a href="https://www.youtube.com/watch?v=D6obkLehVE8">https://www.youtube.com/watch?v=D6obkLehVE8</a></p>
<p align="justify"> II.
Public
Knowledge organised a workshop on <em><strong>The
Benefits and Challenges of the Free Flow of Data </strong></em>at
Workshop Room
5 from 11:00 am to 12:00 pm on 12 November, 2015. The discussions in
the workshop focused on the benefits and challenges of the free flow
of data and also the concerns relating to data flow restrictions
including ways to address
them. Sunil
Abraham contributed to the panel discussions by addressing the issue
of jurisdiction of data on the internet. The
panel for the workshop included the following.</p>
<ol>
<li>
<p align="justify">
Vint
Cerf, Google</p>
</li><li>
<p align="justify">
Lawrence
Strickling, U.S. Department of Commerce, NTIA</p>
</li><li>
<p align="justify">
Richard
Leaning, European Cyber Crime Centre (EC3), Europol</p>
</li><li>
<p align="justify">
Marietje
Schaake, European Parliament</p>
</li><li>
<p align="justify">
Nasser
Kettani, Microsoft</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS
India</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">://</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">www</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">org</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">cms</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshops</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">list</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">of</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">published</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshop</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">proposals</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2467-2015-11-12-ws65-the-benefits-and-challenges-of-the-free-flow-of-data-workshop-room-5</a></p>
<p align="justify">
Video link https://www.youtube.com/watch?v=KtjnHkOn7EQ</p>
<p align="justify"> III.
Article
19 and
Privacy International organised a workshop on <em><strong>Encryption
and Anonymity: Rights and Risks</strong></em>
at Workshop Room 1 from 11:00 am to 12:30 pm on 12 November, 2015.
The
workshop fostered a discussion about the latest challenges to
protection of anonymity and encryption and ways in which law
enforcement demands could be met while ensuring that individuals
still enjoyed strong encryption and unfettered access to anonymity
tools. Pranesh
Prakash contributed to the panel discussions by addressing concerns
about existing south Asian regulatory framework on encryption and
anonymity and emphasizing the need for pervasive encryption. The
panel for this workshop included the following.</p>
<ol>
<li>
<p align="justify">
David
Kaye, UN Special Rapporteur on Freedom of Expression</p>
</li><li>
<p align="justify">
Juan
Diego Castañeda, Fundación Karisma, Colombia</p>
</li><li>
<p align="justify">
Edison
Lanza, Organisation of American States Special Rapporteur</p>
</li><li>
<p align="justify">
Pranesh
Prakash, CIS India</p>
</li><li>
<p align="justify">
Ted
Hardie, Google</p>
</li><li>
<p align="justify">
Elvana
Thaci, Council of Europe</p>
</li><li>
<p align="justify">
Professor
Chris Marsden, Oxford Internet Institute</p>
</li><li>
<p align="justify">
Alexandrine
Pirlot de Corbion, Privacy International</p>
</li></ol>
<p align="justify"><a name="_Hlt435412531"></a>
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">://</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">www</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">intgovforum</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">.</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">org</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">cms</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">worksh</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">o</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">ps</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">/</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">list</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">of</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">published</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">workshop</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">-</a><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">proposals</a><u>
</u></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2407-2015-11-12-ws-155-encryption-and-anonymity-rights-and-risks-workshop-room-1</a></p>
<p align="justify">
Video link available here https://www.youtube.com/watch?v=hUrBP4PsfJo</p>
<p align="justify"> IV.
Chalmers
& Associates organised a session on <em><strong>A
Dialogue on Zero Rating and Network Neutrality</strong></em>
at the Main Meeting Hall from 2:00 pm to 4:00 pm on 12 November,
2015. The Dialogue provided access to expert insight on zero-rating
and a full spectrum of diverse
views on this issue. The Dialogue also explored alternative
approaches to zero rating such as use of community networks. Pranesh
Prakash provided
a
detailed explanation of harms and benefits related to different
approaches to zero-rating. The
panellists for this session were the following.</p>
<ol>
<li>
<p align="justify">
Jochai
Ben-Avie, Senior Global Policy Manager, Mozilla, USA</p>
</li><li>
<p align="justify">
Igor
Vilas Boas de Freitas, Commissioner, ANATEL, Brazil</p>
</li><li>
<p align="justify">
Dušan
Caf, Chairman, Electronic Communications Council, Republic of
Slovenia</p>
</li><li>
<p align="justify">
Silvia
Elaluf-Calderwood, Research Fellow, London School of Economics,
UK/Peru</p>
</li><li>
<p align="justify">
Belinda
Exelby, Director, Institutional Relations, GSMA, UK</p>
</li><li>
<p align="justify">
Helani
Galpaya, CEO, LIRNEasia, Sri Lanka</p>
</li><li>
<p align="justify">
Anka
Kovacs, Director, Internet Democracy Project, India</p>
</li><li>
<p align="justify">
Kevin
Martin, VP, Mobile and Global Access Policy, Facebook, USA</p>
</li><li>
<p align="justify">
Pranesh
Prakash, Policy Director, CIS India</p>
</li><li>
<p align="justify">
Steve
Song, Founder, Village Telco, South Africa/Canada</p>
</li><li>
<p align="justify">
Dhanaraj
Thakur, Research Manager, Alliance for Affordable Internet, USA/West
Indies</p>
</li><li>
<p align="justify">
Christopher
Yoo, Professor of Law, Communication, and Computer & Information
Science, University of Pennsylvania, USA</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/igf2015-main-sessions" target="_top">http://www.intgovforum.org/cms/igf2015-main-sessions</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2457-2015-11-12-a-dialogue-on-zero-rating-and-network-neutrality-main-meeting-hall-2</a></p>
<p align="justify"> V.
The
Internet & Jurisdiction Project organised a workshop on
<em><strong>Transnational
Due Process: A Case Study in MS Cooperation</strong></em>
at Workshop Room
4 from 11:00 am to 12:00 pm on 13 November, 2015. The
workshop discussion focused on the challenges in developing an
enforcement framework for the internet that guarantees transnational
due process and legal interoperability. The discussion also focused
on innovative approaches to multi-stakeholder cooperation such as
issue-based networks, inter-sessional work methods and transnational
policy standards. The panellists for this discussion were the
following.</p>
<ol>
<li>
<p align="justify">
Anne
Carblanc Head of Division, Directorate for Science, Technology and
Industry, OECD</p>
</li><li>
<p align="justify">
Eileen
Donahoe Director Global Affairs, Human Rights Watch</p>
</li><li>
<p align="justify">
Byron
Holland President and CEO, CIRA (Canadian ccTLD)</p>
</li><li>
<p align="justify">
Christopher
Painter Coordinator for Cyber Issues, US Department of State</p>
</li><li>
<p align="justify">
Sunil
Abraham Executive Director, CIS India</p>
</li><li>
<p align="justify">
Alice
Munyua Lead dotAfrica Initiative and GAC representative, African
Union Commission</p>
</li><li>
<p align="justify">
Will
Hudsen Senior Advisor for International Policy, Google</p>
</li><li>
<p align="justify">
Dunja
Mijatovic Representative on Freedom of the Media, OSCE</p>
</li><li>
<p align="justify">
Thomas
Fitschen Director for the United Nations, for International
Cooperation against Terrorism and for Cyber Foreign Policy, German
Federal Foreign Office</p>
</li><li>
<p align="justify">
Hartmut
Glaser Executive Secretary, Brazilian Internet Steering Committee</p>
</li><li>
<p align="justify">
Matt
Perault, Head of Policy Development Facebook</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2475-2015-11-13-ws-132-transnational-due-process-a-case-study-in-ms-cooperation-workshop-room-4</a></p>
<p align="justify">
Video
link Transnational
Due Process: A Case Study in MS Cooperation available here <a href="https://www.youtube.com/watch?v=M9jVovhQhd0">https://www.youtube.com/watch?v=M9jVovhQhd0</a></p>
<p align="justify"> VI.
The Internet Governance Project organised a meeting of the
<em><strong>Dynamic
Coalition on Accountability of Internet Governance Venues</strong></em>
at Workshop Room 2 from 14:00
– 15:30 on
12 November, 2015. The coalition
brought together panelists to highlight the
challenges in developing an accountability
framework
for internet governance
venues that include setting up standards and developing a set of
concrete criteria. Jyoti Panday provided the perspective of civil
society on why acountability is necessary in internet governance
processes and organizations. The panelists for this workshop included
the following.</p>
<ol>
<li>
<p>
Robin
Gross, IP Justice</p>
</li><li>
<p>
Jeanette
Hofmann, Director
<a href="http://www.internetundgesellschaft.de/">Alexander
von Humboldt Institute for Internet and Society</a></p>
</li><li>
<p>
Farzaneh
Badiei,
Internet Governance Project</p>
</li><li>
<p>
Erika
Mann,
Managing
Director Public PolicyPolicy Facebook and Board of Directors
ICANN</p>
</li><li>
<p>
Paul
Wilson, APNIC</p>
</li><li>
<p>
Izumi
Okutani, Japan
Network Information Center (JPNIC)</p>
</li><li>
<p>
Keith
Drazek , Verisign</p>
</li><li>
<p>
Jyoti
Panday,
CIS</p>
</li><li>
<p>
Jorge
Cancio,
GAC representative</p>
</li></ol>
<p>
Detailed
description of the workshop is available here
<a href="http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no">http://igf2015.sched.org/event/4c23/dynamic-coalition-on-accountability-of-internet-governance-venues?iframe=no&w=&sidebar=yes&bg=no</a></p>
<p>
Video
link https://www.youtube.com/watch?v=UIxyGhnch7w</p>
<p> VII.
Digital
Infrastructure
Netherlands Foundation organized an open forum at
Workshop Room 3
from 11:00
– 12:00
on
10
November, 2015. The open
forum discussed the increase
in government engagement with “the internet” to protect their
citizens against crime and abuse and to protect economic interests
and critical infrastructures. It
brought
together panelists topresent
ideas about an agenda for the international protection of ‘the
public core of the internet’ and to collect and discuss ideas for
the formulation of norms and principles and for the identification of
practical steps towards that goal.
Pranesh Prakash participated in the e open forum. Other speakers
included</p>
<ol>
<li>
<p>
Bastiaan
Goslings AMS-IX, NL</p>
</li><li>
<p>
Pranesh
Prakash CIS, India</p>
</li><li>
<p>
Marilia
Maciel (FGV, Brasil</p>
</li><li>
<p>
Dennis
Broeders (NL Scientific Council for Government Policy)</p>
</li></ol>
<p>
Detailed
description of the open
forum is available here
<a href="http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf">http://schd.ws/hosted_files/igf2015/3d/DINL_IGF_Open%20Forum_The_public_core_of_the_internet.pdf</a></p>
<p>
Video
link available here <a href="https://www.youtube.com/watch?v=joPQaMQasDQ">https://www.youtube.com/watch?v=joPQaMQasDQ</a></p>
<p>
VIII.
UNESCO, Council of Europe, Oxford University, Office of the High
Commissioner on Human Rights, Google, Internet Society organised a
workshop on hate speech and youth radicalisation at Room 9 on
Thursday, November 12. UNESCO shared the initial outcome from its
commissioned research on online hate speech including practical
recommendations on combating against online hate speech through
understanding the challenges, mobilizing civil society, lobbying
private sectors and intermediaries and educating individuals with
media and information literacy. The workshop also discussed how to
help empower youth to address online radicalization and extremism,
and realize their aspirations to contribute to a more peaceful and
sustainable world. Sunil Abraham provided his inputs. Other speakers
include</p>
<p>
1.
Chaired by Ms Lidia Brito, Director for UNESCO Office in Montevideo</p>
<p>
2.Frank
La Rue, Former Special Rapporteur on Freedom of Expression</p>
<p>
3.
Lillian Nalwoga, President ISOC Uganda and rep CIPESA, Technical
community</p>
<p>
4.
Bridget O’Loughlin, CoE, IGO</p>
<p>
5.
Gabrielle Guillemin, Article 19</p>
<p>
6.
Iyad Kallas, Radio Souriali</p>
<p>
7.
Sunil Abraham executive director of Center for Internet and Society,
Bangalore, India</p>
<p>
8.
Eve Salomon, global Chairman of the Regulatory Board of RICS</p>
<p>
9.
Javier Lesaca Esquiroz, University of Navarra</p>
<p>
10.
Representative GNI</p>
<p>
11.
Remote Moderator: Xianhong Hu, UNESCO</p>
<p>
12.
Rapporteur: Guilherme Canela De Souza Godoi, UNESCO</p>
<p>
Detailed
description of the workshop
is available here
<a href="http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no">http://igf2015.sched.org/event/4c1X/ws-128-mitigate-online-hate-speech-and-youth-radicalisation?iframe=no&w=&sidebar=yes&bg=no</a></p>
<p>
Video
link to the panel is available here
<a href="https://www.youtube.com/watch?v=eIO1z4EjRG0">https://www.youtube.com/watch?v=eIO1z4EjRG0</a></p>
<p> <strong>INTERMEDIARY
LIABILITY</strong></p>
<p align="justify">
IX.
Electronic
Frontier Foundation, Centre for Internet Society India, Open Net
Korea and Article 19 collaborated to organize
a workshop on the <em><strong>Manila
Principles on Intermediary Liability</strong></em>
at Workshop Room 9 from 11:00 am to 12:00 pm on 13 November 2015. The
workshop elaborated on the Manila
Principles, a high level principle framework of best practices and
safeguards for content restriction practices and addressing liability
for intermediaries for third party content. The
workshop
saw particpants engaged in over lapping projects considering
restriction practices coming togetehr to give feedback and highlight
recent developments across liability regimes. Jyoti
Panday laid down the key details of the Manila Principles framework
in this session. The panelists for this workshop included the
following.</p>
<ol>
<li>
<p align="justify">
Kelly
Kim Open Net Korea,</p>
</li><li>
<p align="justify">
Jyoti
Panday, CIS India,</p>
</li><li>
<p align="justify">
Gabrielle
Guillemin, Article 19,</p>
</li><li>
<p align="justify">
Rebecca
McKinnon on behalf of UNESCO</p>
</li><li>
<p align="justify">
Giancarlo
Frosio, Center for Internet and Society, Stanford Law School</p>
</li><li>
<p align="justify">
Nicolo
Zingales, Tilburg University</p>
</li><li>
<p align="justify">
Will
Hudson, Google</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></p>
<p align="justify">
Transcript
of the workshop is available here
<a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2423-2015-11-13-ws-242-the-manila-principles-on-intermediary-liability-workshop-room-9</a></p>
<p align="justify">
Video link available here <a href="https://www.youtube.com/watch?v=kFLmzxXodjs">https://www.youtube.com/watch?v=kFLmzxXodjs</a></p>
<p align="justify"> <strong>ACCESSIBILITY</strong></p>
<p align="justify">
X.
Dynamic
Coalition
on Accessibility and Disability and Global Initiative for Inclusive
ICTs organised a workshop on <em><strong>Empowering
the Next Billion by Improving Accessibility</strong></em><em>
</em>at
Workshop Room 6 from 9:00 am to 10:30 am on 13 November, 2015. The
discussion focused on
the need and ways to remove accessibility barriers which prevent over
one billion potential users to benefit from the Internet, including
for essential services. Sunil
Abraham specifically spoke about the lack of compliance of existing
ICT infrastructure with well established accessibility standards
specifically relating to accessibility barriers in the disaster
management process. He discussed the barriers faced by persons with
physical or psychosocial disabilities. The
panelists for this discussion were the following.</p>
<ol>
<li>
<p align="justify">
Francesca
Cesa Bianchi, G3ICT</p>
</li><li>
<p align="justify">
Cid
Torquato, Government of Brazil</p>
</li><li>
<p align="justify">
Carlos
Lauria, Microsoft Brazil</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS India</p>
</li><li>
<p align="justify">
Derrick
L. Cogburn, Institute on Disability and Public Policy (IDPP) for the
ASEAN(Association of Southeast Asian Nations) Region</p>
</li><li>
<p align="justify">
Fernando
H. F. Botelho, F123 Consulting</p>
</li><li>
<p align="justify">
Gunela
Astbrink, GSA InfoComm</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2438-2015-11-13-ws-253-empowering-the-next-billion-by-improving-accessibility-workshop-room-3</a></u></p>
<p align="justify">
Video
Link Empowering
the next billion by improving accessibility <a href="https://www.youtube.com/watch?v=7RZlWvJAXxs">https://www.youtube.com/watch?v=7RZlWvJAXxs</a></p>
<p align="justify"> <strong>OPENNESS</strong></p>
<p align="justify">
XI.
A
workshop on <em><strong>FOSS
& a Free, Open Internet: Synergies for Development</strong></em>
was organized at Workshop Room 7 from 2:00 pm to 3:30 pm on 13
November, 2015. The discussion was focused on the increasing risk to
openness of the internet and the ability of present & future
generations to use technology to improve their lives. The panel shred
different perspectives about the future co-development
of FOSS and a free, open Internet; the threats that are emerging; and
ways for communities to surmount these. Sunil
Abraham emphasised the importance of free software, open standards,
open access and access to knowledge and the lack of this mandate in
the draft outcome document for upcoming WSIS+10 review and called for
inclusion of the same. Pranesh Prakash further contributed to the
discussion by emphasizing the need for free open source software with
end‑to‑end encryption and traffic level encryption based
on open standards which are decentralized and work through federated
networks. The
panellists for this discussion were the following.</p>
<ol>
<li>
<p align="justify">
Satish
Babu, Technical Community, Chair, ISOC-TRV, Kerala, India</p>
</li><li>
<p align="justify">
Judy
Okite, Civil Society, FOSS Foundation for Africa</p>
</li><li>
<p align="justify">
Mishi
Choudhary, Private Sector, Software Freedom Law Centre, New York</p>
</li><li>
<p align="justify">
Fernando
Botelho, Private Sector, heads F123 Systems, Brazil</p>
</li><li>
<p align="justify">
Sunil
Abraham, CIS
India</p>
</li><li>
<p align="justify">
Pranesh
Prakash, CIS
India</p>
</li><li>
<p align="justify">
Nnenna
Nwakanma- WWW.Foundation</p>
</li><li>
<p align="justify">
Yves
MIEZAN EZO, Open Source strategy consultant</p>
</li><li>
<p align="justify">
Corinto
Meffe, Advisor to the President and Directors, SERPRO, Brazil</p>
</li><li>
<p align="justify">
Frank
Coelho de Alcantara, Professor, Universidade Positivo, Brazil</p>
</li><li>
<p align="justify">
Caroline
Burle, Institutional and International Relations, W3C Brazil Office
and Center of Studies on Web Technologies</p>
</li></ol>
<p align="justify">
Detailed
description of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals" target="_top">http://www.intgovforum.org/cms/workshops/list-of-published-workshop-proposals</a></u></p>
<p align="justify">
Transcript
of the workshop is available here
<u><a href="http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7" target="_top">http://www.intgovforum.org/cms/187-igf-2015/transcripts-igf-2015/2468-2015-11-13-ws10-foss-and-a-free-open-internet-synergies-for-development-workshop-room-7</a></u></p>
<p align="justify">
Video
link available here <a href="https://www.youtube.com/watch?v=lwUq0LTLnDs">https://www.youtube.com/watch?v=lwUq0LTLnDs</a></p>
<p align="justify">
<br /><br /></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015'>http://editors.cis-india.org/internet-governance/blog/summary-report-internet-governance-forum-2015</a>
</p>
No publisherjyotiAccess to KnowledgeBig DataFreedom of Speech and ExpressionEncryptionInternet Governance ForumIntermediary LiabilityAccountabilityInternet GovernanceCensorshipCyber SecurityDigital GovernanceAnonymityCivil SocietyBlocking2015-11-30T10:47:13ZBlog EntryStudying the Emerging Database State in India: Notes for Critical Data Studies (Accepted Abstract)
http://editors.cis-india.org/raw/studying-the-emerging-database-state-in-india-accepted-abstract
<b>"Critical Data Studies (CDS) is a growing field of research that focuses on the unique theoretical, ethical, and epistemological challenges posed by 'Big Data.' Rather than treat Big Data as a scientifically empirical, and therefore largely neutral phenomena, CDS advocates the view that data should be seen as always-already constituted within wider data assemblages." The Big Data and Society journal has provisionally accepted a paper abstract of mine for its upcoming special issue on Critical Data Studies.</b>
<p> </p>
<h2>Introduction</h2>
<p>Through the last decade, the Government of India has given shape to an digital identification infrastructure, developed and operated by the Unique Identification Authority of India (UIDAI). The infrastructure combines the task of assigning unique identification numbers, called Aadhaar numbers, to individuals submitting their biometric and demographic details, and the task of authenticating their identity when provided with an Aadhaar number and associated data (biometric data, One Time Pin sent to the pre-declared mobile number, etc.). The aim of UIDAI is to provide universal authentication-as-a-service for all residents of India who approach any public or private agencies for any kind of service or transaction. Simultaneously, the Aadhaar numbers will function as unique identifiers for joining up databases of different government agencies, and hence allow the Indian government to undertake big data analytics at a governmental scale, and not only at a departmental one.</p>
<p>In this paper, I am primarily motivated by the challenge of finding points and objects to enter into a critical study of such an in-progress data infrastructure. As I proceed with an understanding that data is produced within its specific social and material context, the question then is to read through the data to reflect on its possible social and material context. This is complicated when approaching a big data infrastructure that is meant to produce data for explicitly intra-governmental consumption and circulation. The problem then is not one of reading through available big data, but one of reading through the assemblage and imaginaries of big data to reflect on the kind of data it will give rise to, and thus on the politics of the data assemblage and the database state it enables.</p>
<p> </p>
<h2>Logic of the Database State</h2>
<p>Application of data to inform governmental acts have taken place at least since government has been understood as responsible for the welfare of the population and the territory. The measurement of the population and the territory – the number of people, their demographic features, amounts and locations of natural resources, and so on – have always been integral to the functioning of the modern nation-state. Database state is used in this paper to identify a particular mode of mobilisation of data within governmental acts, which is fundamentally shaped by the possibilities of big data extraction, appropriation, and analytics pioneered by a range of companies since late 1990s. The reason for not using big data state but database dtate is that big data refers to a body of technologies emerging in response to a set of data management and analysis challenges situated in a certain moment of development of information technologies, whereas database refers to a symbolic form (Manovich 1999): a form in which not only the population is made visible to the government (as a collection of visual, textual, numeric, and other forms of records), but also how the acts of government are made visible to the population (as a collection of performance indicators, budget allocation and utilisation tables, and other data visualised through dashboards, analog and digital).</p>
<p>The data production and management logic of this database state is specifically inspired by the notion of platform introduced by the so-called Web 2.0 companies: providing a common service layer upon which various other applications may also run, but under specific arrangements (including distribution of generated user data) with the original common layer provider. Data assemblages of the database state are expected to enable the government to function as a platform, as an intensely data-driven layer that widely gathers data about population individuals and feeds it back selectively to various providers of public and private services. This transforms the data assemblage from one vertical of governmental activities to a horizontal critical infrastructure for modularisation of governmental activities.</p>
<p> </p>
<h2>Studying the Emerging Database State in India</h2>
<p>Government of India is presently debating the legal and technical validity of the digital identity infrastructure programme in the Supreme Court, while simultaneously carrying out the enrollment drive for the same, linking up assignment of unique identity numbers with a national drive for population registration, and rolling out citizen-facing services and applications that implement the Aadhaar number as a necessary key to access them. With the enrollment process going on and the integration with various governmental processes (termed seeding by Aadhaar policy literature) just beginning, I enter this study through two key sets of objects reflecting the imaginaries and the technical specifications of the emerging database state in India. The first entry point is through the various official documents of vision, intentions, plans, and reconsiderations, and the second entry point is through the Application Programming Interface (API) documentations published by UIDAI to specify how its identity authentication platform will collaborate with various public and private services.</p>
<p>The first section of the paper provides a brief survey of pre-UIDAI attempts by the Government of India to deploy unique identification numbers and Smart Cards for specific population groups, so as to understand the initial conceptualisation of this data assemblage of a digital identification platform. The second section foregrounds how this platform undertakes a transformation of the components and relations of the pre-existing data assemblage of the Government of India, as articulated in various official documents of promised utility and proposed collaborations. The third section studies the API documentations to track how such imaginaries are materially interpreted and operationalised through the design of protocols of data interactions with various public and private agencies offering services utilising the identity authentication platform.</p>
<p> </p>
<h2>Notes for Critical Data Studies</h2>
<p>Expanding the early agenda note on Critical Data Studies by Craig Dalton and Jim Thatcher (2014), Rob Kitchin and Tracey P. Lauriault have taken steps towards emphasising the responsibility of this nebulous research strategy to chart and unpack the data assemblages (2014). This is exactly what I propose to do in this paper. While Kitchin and Lauriault provide a detailed list of the components of the apparatus of a data assemblage (2014: 7), I find the concepts of infrastructural components and infrastructural relations very useful in thinking through the emerging infrastructure of authentication. Thus, my approach to these tasks of charting and unpacking is focused on the infrastructural relations that the digital identity infrastructure re-configures, instead of the infrastructural components it mobilises (Bowker et al 2010). This tactical choice of focusing on the infrastructural relations is also necessitated by the practical difficulty in having comprehensive access to the individual components of the data assemblage concerned. Addressing questions of causality and quality becomes difficult when studying the assemblage sans the produced data, and rigorously analysing concerns of security and uncertainty pre-requires an actually existing data assemblage, with a public interface to investigating its leakages, breakages, and internal functioning. In the absence of such points of entry into the data assemblage, which I fear may not be an exceptional case, I attempt an inverted reading. Turning the data infrastructure inside out, in this paper I describe how the digital identity platform is critically reshaping the basis of governmental acts in India, through a specific model of production, extraction and application of big data.</p>
<p> </p>
<h2>Bibliography</h2>
<p>Bowker, Geoffrey C., Karen Baker, Florence Millerand, & David Ribes. 2010. Toward Information Infrastructure Studies: Ways of Knowing in a Networked Environment. Jeremy Hunsinger, Lisbeth Klastrup, & Matthew Allen (Eds.) International Handbook of Internet Research. Springer Dordrecht Heidelberg London New York. Pp. 97-117.</p>
<p>Dalton, Craig, & Jim Thatcher. 2014. What does a Critical Data Studies Look Like, and Why do We Care? Seven Points for a Critical Approach to ‘Big Data.’ Society and Space. May 19. Accessed on July 08, 2015, from <a href="http://societyandspace.com/material/commentaries/craig-dalton-and-jim-thatcher-what-does-a-critical-data-studies-look-like-and-why-do-we-care-seven-points-for-a-critical-approach-to-big-data/" target="_blank">http://societyandspace.com/material/commentaries/craig-dalton-and-jim-thatcher-what-does-a-critical-data-studies-look-like-and-why-do-we-care-seven-points-for-a-critical-approach-to-big-data/</a>.</p>
<p>Kitchin, Rob, & Tracey P. Lauriault. 2014. Towards Critical Data Studies: Charting and Unpacking Data Assemblages and their Work. The Programmable City Working Paper 2. July 29. National University of Ireland Maynooth, Ireland. Accessed on July 08, 2015 from <a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2474112" target="_blank">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2474112</a>.</p>
<p>Manovich, Lev. 1999. Database as Symbolic Form. Convergence. Volume 5, Number 2. Pp. 80-99.</p>
<p> </p>
<p><em>Note: Call for Papers for the special issue can found here: <a href="http://bigdatasoc.blogspot.in/2015/06/call-for-proposals-special-theme-on.html" target="_blank">http://bigdatasoc.blogspot.in/2015/06/call-for-proposals-special-theme-on.html</a>.</em></p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/raw/studying-the-emerging-database-state-in-india-accepted-abstract'>http://editors.cis-india.org/raw/studying-the-emerging-database-state-in-india-accepted-abstract</a>
</p>
No publishersumandroBig DataData SystemsResearchFeaturedAadhaarResearchers at WorkE-Governance2015-11-13T05:54:53ZBlog EntrySmart City Policies and Standards: Overview of Projects, Data Policies, and Standards across Five International Smart Cities
http://editors.cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities
<b>This blog post aims to review five Smart Cities across the globe, namely Singapore, Dubai, New York City, London and Seoul, the Data Policies and Standards adopted. Also, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions.</b>
<p> </p>
<h4>Download the brief: <a href="http://cis-india.org/internet-governance/files/SmartCitiesPoliciesStandards-20160608/at_download/file">PDF</a>.</h4>
<hr />
<h2 style="text-align: justify;">Introduction</h2>
<p style="text-align: justify;">Smart City as a concept is evolutionary in nature, and the key elements like Information and Communication Technology (ICT), digitization of services, Internet of Things (IoT), open data, big data, social innovation, knowledge, etc., would be intrinsic to defining a Smart City <a href="#_ftn1">[1]</a>.</p>
<p style="text-align: justify;">A Smart City, as a “system of systems”, can potentially generate vast amounts of data, especially as cities install more sensors, gain access to data from sources such as mobile devices, and government and other agencies make more data accessible. Consequently, Big Data techniques and concepts are highly relevant to the future of Smart Cities. It was noted by Kenneth Cukier, Senior Editor of Digital Products at The Economist, that Big Data techniques can be used to enhance a number of processes essential to cities - for example, big data can be used to spot business trends, determine quality of research, prevent diseases, tack legal citations, combat crime, and determine real-time roadway traffic conditions <a href="#_ftn2">[2]</a>. Having said this, data is deemed to be the lifeblood of a Smart City and its availability, use, cost, quality, analysis, associated business models and governance are all areas of interest for a range of actors within a smart city <a href="#_ftn3">[3]</a></p>
<p style="text-align: justify;">This blog reviews five Smart Cities namely Singapore, Dubai, New York City, London and Seoul. In doing so, the research seeks to point the similarities, differences and best practices in the development of smart cities across jurisdictions. To achieve this, the research reviews:</p>
<ul style="text-align: justify;">
<li>The definition of a Smart City in a given context or project (if any).</li>
<li>Existing policy/regulations around data or notes the lack thereof.</li>
<li>The cities adherence to the International standards and providing an update on the current status of the Smart City programme.</li></ul>
<p> </p>
<h2 style="text-align: justify;">Singapore</h2>
<h3 style="text-align: justify;"><strong> </strong><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation programme in Singapore was launched on 24th November, 2014. The programme is being driven by the Infocomm Development Authority of Singapore, through which Singapore seeks to harness ICT, networks and data to support improved livelihoods, stronger communities and creation of new opportunities for its residents <a href="#_ftn4">[4]</a> According to the IDA, a Smart Nation is a city where <em>“people and businesses are empowered through increased access to data, more participatory through the contribution of innovative ideas and solutions, and a more anticipatory government that utilises technology to better serve citizens’ needs”</em> <a href="#_ftn5">[5]</a>. The Smart Nation programme is driven by a designated Office in the Prime Minister’s Office <a href="#_ftn6">[6]</a>. As a core component to the Smart Nation Programme, the Smart Nation Platform has been developed as the technical architecture to support the Programme. This Platform enables greater pervasive connectivity, better situational awareness through data collection, and efficient sharing and access to collected sensor data, allowing public bodies to use such data to develop policy and practical interventions <a href="#_ftn7">[7]</a> Such access would allow for anticipatory governance - a goal of the Smart Nation Programme as noted by Dr. Yaacob Ibrahim, Minister for Communications and Information stating “Insights gained from this data would enable us to better anticipate citizens’ needs and help in better delivery of services” <a href="#_ftn8">[8]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<div style="text-align: justify;"><strong> </strong>The Smart Nation Programme is an ongoing initiative, being built on the past programme Intelligent Nation 2015 (iN2015 masterplan). The plan involves putting in place the infrastructure, policies, ecosystem and capabilities to enable a Smart Nation, by adopting a people-centric approach <a href="#_ftn9">[9]</a>. A number of co-creating solutions adopted by the Government include:</div>
<ul style="text-align: justify;">
<li>Development of Mobile Apps to facilitate communication between the public and the providers of public services.</li>
<li>Organization of Hackathons by government agencies or corporations in collaboration with schools and industry partners to ideate and develop solutions to tackle real-world challenges.</li>
<li>Adopt measure for smart mobility to create a more seamless transport experience and providing greater access to real-time transport information so that citizens can better plan their journeys.</li>
<li>Smart technologies are also being introduced to the housing estates <a href="#_ftn10">[10]</a>.</li></ul>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation plan derives its legitimacy from the constitution of Singapore, holding the Prime Minister responsible to take charge of the subject ‘Smart Nation’ blueprint under the Statutory body of ‘Smart Nation’ Programme Office <a href="#_ftn11">[11]</a>. Singapore has a comprehensive data protection law – the Personal Data Protection Act 2012, rules governing the collection, use, disclosure and care of personal data. The Personal Data Protection Commission of Singapore has committed to work closely with the private sector, and also to support the Smart Nation vision on data privacy and cyber security ecosystem <a href="#_ftn12">[12]</a> <a href="#_ftn13">[13]</a>.</p>
<p style="text-align: justify;">Towards achieving the Smart Nation vision the government has also promoted the use of open data. In 2015 the Department of Statistics has made a vast amount of data available (across multiple themes say transport, infocomm, population, etc.) for free to the public in order to encourage innovation and facilitate the Smart Nation <a href="#_ftn14">[14]</a>. Prior to this initiative, the government had adopted the Open Data Policy in 2011, enabling public data for analysis, research and application development <a href="#_ftn15">[15]</a>. The concept of Virtual Singapore, which is a part of the Smart Nation Initiative, has been developed to adopt and simulate solutions on a virtual platform using big data analytics <a href="#_ftn16">[16]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC). It specifies three types of Internet of Things (IoT) Standards – sensor network standards (TR38 - for public areas & TR40 - for homes), IoT foundational standards (common set of guidelines for IoT requirements and architecture, information and service interoperability, security and data integrity) and domain-specific standards (healthcare, mobility, urban living, etc.) <a href="#_ftn17">[17]</a>.</p>
<p style="text-align: justify;">Singapore is part of ISO/IEC JTC 1/WG7 Sensor Networks and ISO/IEC JTC 1/WG10 Internet of Things (IoT) <a href="#_ftn18">[18]</a>. <a href="https://www.itsc.org.sg/standards/singapore-it-standards">Singapore IT standards</a> abides to the international standards as defined by ISO, ITU, etc.Singapore is a member of many international standards forums (see <a href="https://www.itsc.org.sg/international-participation/memberships-in-iso-iec-jtc1">Singapore International Standards Committee</a>) which includes JTC1/WG9 - Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities.</p>
<p> </p>
<h2 style="text-align: justify;">Dubai, United Arab Emirates</h2>
<h3><strong> </strong><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Dubai Smart City strategy was launched as part of the Dubai Plan 2021 vision, in the year 2015 <a href="#_ftn19">[19]</a>. Dubai Plan 2021 describes the future of Dubai evolving through holistic and complementary perspectives, starting with the people and the society and places the government as the custodian of the city’s development. Within the Plan, the smart city theme envisions a platform that is fully connected and integrated infrastructure that enables easy mobility for all residents and tourists, and provides easy access to all economic centers and social services, in line with the world’s best cities <a href="#_ftn20">[20]</a>. Center to the smart city platform is data and data analytics, particularly cross functional data and big data techniques to give a complete view of the city <a href="#_ftn21">[21]</a> As envisioned, the Dubai Data portal would provide a gateway to empower relevant stakeholders to understand the nuances of the city and pursue questions that will result in the greatest impact from the city’s data <a href="#_ftn22">[22]</a>. The platform will be based on current data and existing services, initiatives, and networks to identify opportunities for a smart city <a href="#_ftn23">[23]</a>. The Smart City Plan also includes a framework for aligning districts of Dubai with the Smart City vision and dimensions <a href="#_ftn24">[24]</a>.</p>
<p style="text-align: justify;">The Smart Dubai roadmap 2015 provides a consolidated report and planned smart city services, its status and the stage of its implementation, for e.g. Smart Grid, Mobile Payment, Smart Water, Health applications, Public Wi-Fi, Municipality, E-Traffic solutions, etc <a href="#_ftn25">[25]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;"><strong> </strong>The Smart Dubai strategy is envisioned to be completed by the year 2020, and currently it’s ongoing. The first phase of Smart Dubai masterplan is expected to end by 2016. Between 2017 and 2019, the plan aims to deliver new initiatives and services. The second phase of the masterplan is expected to be completed by the year 2020 <a href="#_ftn26">[26]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">The Smart City Plan is being driven by the <strong>Dubai Smart City Office</strong> – which has been established under Law No. (29) of 2015 on the establishment of Dubai Smart City Office; Law No. (30) of 2015 on the establishment of Dubai Smart City Establishment; Decree No. (37) of 2015 on the formation of the Board of the Dubai Smart City Office; and Decree No (38) of 2015- appointing a Director General for the Office, which will develop overall policies and strategic plans, supervise the smart transformation process and approve joint initiatives, projects and services <a href="#_ftn27">[27]</a>. Also, an open data law called <strong>Dubai Open Data Law</strong> was issued to complete the legislative framework for transforming Dubai into a Smart City <a href="#_ftn28">[28]</a>. This law will enable the sharing of non-confidential data between public entities and other stakeholders.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">In 2015 the Smart Dubai Executive Committee has collaborated through an agreement with the International Telecommunications Union (ITU) adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators <a href="#_ftn29">[29]</a>. The Focus Group is working towards identifying global best practices for the development of smart cities <a href="#_ftn30">[30]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">New York City, United States of America</h2>
<h3 style="text-align: justify;"><strong>Introduction</strong></h3>
<p style="text-align: justify;">The ‘One New York Plan’ announced in the year 2015 is a comprehensive plan for a sustainable and resilient city. It includes the adoption of digital technology and considers the importance of the role of data in transforming every aspect of the economy, communications, politics, and individual and family life <a href="#_ftn31">[31]</a>. Furthermore, through a publication on '<a href="http://www1.nyc.gov/site/forward/innovations/smartnyc.page">Building a Smart+Equitable City</a>', the Mayor’s Office of Technology and Innovation (MOTI) describes efforts to leverage new technologies to build Smart city.</p>
<p style="text-align: justify;">Accordingly, the plan seeks to establish better lives through establishing principles and strategic frameworks to guide connected device and Internet of Things (IoT) implementation; MOTI serving as the coordinating entity for new technology and IoT deployments across all City agencies; collaborating with academia and the private sector on innovative pilot projects, and partnering with municipal governments and organizations around the world to share best practices and leverage the impact of technological advancements <a href="#_ftn32">[32]</a>.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;">OneNYC represents a unified vision for a sustainable, resilient, and equitable city developed with cross-cutting interagency collaboration, public engagement, and consultation with leading experts in their respective fields. The Mayor’s Office of Sustainability oversees the development of OneNYC and now shares responsibility with the Mayor’s Office of Recovery and Resiliency for ensuring its implementation <a href="#_ftn33">[33]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">As per the Local Law 11 of 2012, each City entity must identify and ultimately publish all of its digital public data for citywide aggregation and publication by 2018. In adherence to this law, there exists a NYC Open Data Plan which requires annual data updation <a href="#_ftn34">[34]</a>.</p>
<p style="text-align: justify;">The LinkNYC initiative, one of the key projects to make New York a ‘smart’ city, aims to connect everyone through a city wide wi-fi network. The LinkNYC initiative will retrofit payphones with kiosks to provide high-speed WiFi hotspots and charging stations for increased connectivity <a href="#_ftn35">[35]</a>. Data Privacy in the initiative is addressed through the customer first privacy policy, which considers user’s privacy on priority and will not sell any personal information or share with third parties for their own use. LinkNYC will use anonymized, aggregate data to make the system more efficient and to develop insights to improve your Link experience <a href="#_ftn36">[36]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">The ANSI Network on Smart and Sustainable Cities (ANSSC) is a forum for information sharing and coordination on voluntary standards, conformity assessment and related activities for smart and sustainable cities in the US <a href="#_ftn37">[37]</a>. The US is a signatory of the ISO/ITU defined standards on smart cities <a href="#_ftn38">[38]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">London, United Kingdom</h2>
<h3><strong>Introduction</strong></h3>
<p style="text-align: justify;">The Smart London Plan was unveiled in the year 2013 by the Mayor of London. The plan is being driven through the Greater London Authority, with the advice of the Smart London Board. The Smart London Plan envisions <em>‘Using the creative power of new technologies to serve London and improve Londoner’s lives</em>’ <a href="#_ftn39">[39]</a>. ‘Smart London’ is about harnessing new technology and data so that businesses, Londoners and visitors experience the city in a better way, and do not face bureaucratic hassle and congestion. Smart London seeks to improve the city as a whole and focuses on city macro functions that result from the interplay between city subsystems - such as local labour markets to financial markets, from local government to education, healthcare, transportation and utilities. According to strategy documents, a smarter London recognises and employs data as a service and will leverage data to enable informed decision making and the design of new activities.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;">This project is currently ongoing. Since its formation in March 2013, the Smart London Board has been advising the Greater London Authority.The Plan sits within the overarching framework of the Mayor’s Vision 2020 <a href="#_ftn40">[40]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations</strong></h3>
<p style="text-align: justify;">The Smart London Plan incorporates the existing open data platform called ‘London DataStore’. The rules and guidelines for this platform are defined by the Greater London Authority, which includes working with public and private sector organisations to create, maintain and utilise it, enabling common data standards, identify and prioritise which data are needed to address London’s growth challenges, establish a Smart London Borough Partnership to encourage boroughs to free up London’s local level data. Also, privacy is protected and there is transparent use of data - to ensure data use is managed in the best interests of the public rather than private enterprise.<sup>42</sup> The Smart London Plan aims to build on this existing datastore to identify and publish data that addresses specific growth challenges, with an emphasis on working with companies and communities to create, maintain, and use this data <a href="#_ftn41">[41]</a>.</p>
<p style="text-align: justify;">The Open Data White Paper, issued by the Office of Paymaster General, seeks to build a transparent society by releasing public data through open data platforms and leveraging the potential of emerging technologies <a href="#_ftn42">[42]</a>. The Greater London Authority processes personal data in accordance with the Data Protection Act 1998 <a href="#_ftn43">[43]</a>.</p>
<h3 style="text-align: justify;"><strong>Adoption of International Standards</strong></h3>
<p style="text-align: justify;">The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same <a href="#_ftn44">[44]</a>. The following standards and publications help address various issues for a city to become a smart city:</p>
<ul style="text-align: justify;">
<li>The development of a standard on <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-180-smart-cities-terminology/">Smart city terminology (PAS 180)</a></li>
<li>The development of a <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-181-smart-cities-framework/">Smart city framework standard (PAS 181)</a></li>
<li>The development of a <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PAS-182-smart-cities-data-concept-model/">Data concept model for smart cities (PAS 182)</a></li>
<li>A <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8100-smart-cities-overview/">Smart city overview document (PD 8100)</a></li>
<li>A <a href="http://www.bsigroup.com/en-GB/smart-cities/Smart-Cities-Standards-and-Publication/PD-8101-smart-cities-planning-guidelines/">Smart city planning guidelines document (PD 8101)</a></li>
<li>BS 8904 Guidance for community sustainable development provides a decision-making framework that will help setting objectives in response to the needs and aspirations of city stakeholders</li>
<li>BS 11000 Collaborative relationship management</li>
<li>BSI BIP 2228:2013 Inclusive urban design - A guide to creating accessible public spaces.</li></ul>
<p style="text-align: justify;">Further, the Smart London Plan incorporates open data standards in accordance with London DataStore <a href="#_ftn45">[45]</a>. Various government reports – Smart Cities background paper, Open Data White Paper, etc., have suggested the use of standards related to Internet of Things (IoT), open data standards, etc <a href="#_ftn46">[46]</a>.</p>
<p> </p>
<h2 style="text-align: justify;">Seoul, Korea</h2>
<h3 style="text-align: justify;"><strong>Introduction</strong></h3>
<p style="text-align: justify;"><strong></strong>Smart Seoul 2015 was announced in June 2011 by the Seoul Metropolitan Government, which envisions integrating IT services into every field, including administration, welfare, industry and living. Through this, the Seoul Metropolitan Government plans to create a Seoul that uses smart technologies by 2015 <a href="#_ftn47">[47]</a>. Towards this, the Seoul Metropolitan Government plans to make use of Big Data in policy development, and through scientific analytics, will provide customized administrative services and reduce wasteful spending. Also, the government is utilising Big Data to analyse trends emerging from existing services <a href="#_ftn48">[48]</a>. Examples of projects that leverage big data that the government has undertaken include the Taxi Matchmaking Project – analyzes the data related to taxi stands and passengers, the Owl Bus <a href="#_ftn49">[49]</a> - maps the bus routes, etc.</p>
<h3 style="text-align: justify;"><strong>Status of the Project</strong></h3>
<p style="text-align: justify;"><strong></strong>Building on the Smart Seoul 2015, the Seoul Metropolitan Government plans to establish 'Global Digital Seoul 2020 – New Connections, Different Experiences' vision in next five-years. In this multi-objective plan, it aims to establish a ’Big Data campus’ providing win-win cooperation among public, private, industry and university <a href="#_ftn50">[50]</a>.</p>
<h3 style="text-align: justify;"><strong>Policies and Regulations </strong></h3>
<p style="text-align: justify;"><strong></strong>The Smart Seoul 2015 aims to create a ‘Seoul Data Mart’, which will be an open platform that makes public information available for data processing <a href="#_ftn51">[51]</a>. Furthermore, Seoul has opened the Seoul Open Data Plaza <a href="#_ftn52">[52]</a>, an online channel to share and provide citizens with all of Seoul’s public data, such as real-time bus operation schedules, subway schedules, non-smoking areas, locations of public Wi-Fi services, shoeshine shops, and facilities for disabled people, and the information registered in Seoul Open Data Plaza is provided in the open API format.<sup>45</sup></p>
<p style="text-align: justify;">South Korea has a comprehensive law governing data privacy – Personal Information Protection Act, 2011. The law includes data protection rules and principles, including obligations on the data controller and the consent of data subjects, rights to access personal data or object to its collection, and security requirements. It also covers cookies and spam, data processing by third parties and the international transfer of data <a href="#_ftn53">[53]</a>.</p>
<h3 style="text-align: justify;"><strong>International Standards</strong></h3>
<p style="text-align: justify;"><strong></strong>The smart city standards are adopted in the development of smart cities in Korea <a href="#_ftn54">[54]</a>. Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities. Korea also has one working group developing city indicators and another working group developing metrics for smart community infrastructures <a href="#_ftn55">[55]</a>.</p>
<p> </p>
<h2>Conclusion</h2>
<p style="text-align: justify;">The smart city projects studied are at different levels of implementation and have both similarities and differences. Below is an analysis of some of the key similarities and differences between smart city projects, a comparison of these points to India’s 100 Smart City Mission, and a summary of best practices around the development of smart city frameworks.</p>
<h3><strong>Nodal Agency</strong></h3>
<p style="text-align: justify;">All cities studied have nodal agencies driving the smart city initiatives and many have policies in place backing these initiatives. For example, while the Smart Nation programme in Singapore is being driven by the Infocomm Development Authority, in London the smart city project is governed by the Great London Authority. The Smart Seoul Project in Korea is governed by the Seoul Metropolitan Government and New York has the Mayor’s Office of Technology and Innovation serving as the coordinating entity for new technology and IoT deployments across all City agencies. In India, the nodal agency driving the 100 Smart Cities Project is the Ministry of Urban Development under the Indian Government. In India, the implementation of the Mission at the City level will be done by a Special Purpose Vehicle (SPV), which will be a limited company and will plan, appraise, approve, release funds, implement, manage, operate, monitor and evaluate the Smart City development projects.</p>
<h3><strong>Policies</strong></h3>
<p style="text-align: justify;">Many of the cities had open data policies and data protection policies that pertain to the Smart City initiatives. In Dubai, an open data law called Dubai Open Data Law has been issued to complete the legislative framework for transforming Dubai into a Smart City and the Smart City Establishment will develop policies for the project. New York also has an Open Data Plan in place and LinkNYC will use anonymized, aggregate data to address data privacy of users. In London, the Smart London Plan incorporates the existing open data platform called ‘London DataStore’, the rules for which are defined by the Greater London Authority, which also ensures privacy and transparent use of data by processing personal data in accordance with the Data Protection Act 1998. For regulation of data in Seoul, a ‘Seoul Data Mart’ will be established to make public information available for data processing and the Seoul Open Data Plaza is an existing online channel to share and provide citizens with all of Seoul’s public data. South Korea has a comprehensive law governing data privacy in place as well. In Singapore, the Personal Data Protection Commission has committed to work and support the Smart Nation vision on data privacy and cyber security ecosystem. To achieve the vision of the project, the government has also promoted the use of open data. It can be said the these countries , with clearly laid out policies to support and guide the project, have well planned ecosystem for regulation and governance of systems, technologies and cities. All cities have incorporated open data into smart cities and many have developed guidelines for its use. All cities have similar goals of enhancing the lives of citizens and developing anticipatory regulation, however, there appears to be little discussion on the need to amend existing law or enable new law around privacy and data protection in light of data collection through smart cities. In India, no enabling legislation or policy has been formulated by the Government, apart from releasing “Mission Statement and Guidelines”, which provides details about the Project and vision, excluding a definition of a ‘smart city’ or the relevant applicable laws and policies. No information is publicly available regarding deployment of open data, use of specific technologies like cloud, big data, etc., the relevant policies and applicability of laws. Unlike India, all cities recognize the importance of big data techniques in enabling smart city visions, technology and policies. On the lines of these cities, India must work towards addressing the need for an open data framework in light of the 100 Smart Cities Mission to enable the sharing of non-confidential data between public entities and other stakeholders. This requires co-ordination to incorporate, enable and draw upon open data architecture in the cities by the Government with the existing open data framework in India, like the National Data Sharing and Accessibility Policy, 2012. Use of technology in the form of IoT and Big Data entails access to open data, bringing another policy area in its ambit which needs consideration. Also, identification and development of open standards for IoT must be looked at. Also, as data in smart cities will be generated, collected, used, and shared by both the public and private sector. It is essential that India’s existing data protection standards and regime must be amended to extend the data regulation beyond a body corporate and oversee the collection and use of data by the Government, and its agencies.</p>
<h3><strong>Standards</strong></h3>
<p style="text-align: justify;">In Singapore, the Smart Nation initiative follows the standards laid under the purview of the Singapore Standards Council (SSC)and the <a href="https://www.itsc.org.sg/standards/singapore-it-standards">Singapore IT standards</a> abides to the international standards as defined by ISO, ITU, etc. The Country is also a member of many international standards forums (see <a href="https://www.itsc.org.sg/international-participation/memberships-in-iso-iec-jtc1">Singapore International Standards Committee</a>) which includes JTC1/WG9- Big Data; JTC1/WG10 - Internet of Things; JTC1/WG11 - Smart Cities. In Dubai, the Smart Dubai Executive Committee with the International Telecommunications Union (ITU) to adopt the performance indicators by the ITU Focus Group on Smart Sustainable Cities to evaluate the feasibility of the indicators. For the purpose of standards, the ANSI Network on Smart and Sustainable Cities (ANSSC) in New York is a forum smart and sustainable cities, along with US being a signatory of the ISO/ITU defined standards on smart cities. Also, The British Standards Institution (BSI) has already established Smart City standards and has associated with the ISO Advisory Group on smart city standards. The UK subscribes to the BSI standards for smart cities and has adopted the same and the Smart London Plan incorporates open data standards in accordance with London DataStore. For development of smart cities, Korea has adopted the ISO/TC 268, which is focused on sustainable development in communities and also has one working group developing city indicators and another working group developing metrics for smart community infrastructures. However, in India, the Bureau of Indian Standards (BIS) has undertaken the task to formulate standardised guidelines for central and state authorities in planning, design and construction of smart cities by setting up a technical committee under the Civil engineering department of the Bureau. However, adoption of the standards by implementing agencies would be voluntary and intends to complement internationally available documents in this area. Also, The Global Cities Institute (GCI) has undertaken a mission in the year 2015 to align with the Bureau of Indian Standards regarding development of standards of smart cities and also to forge relationships with Indian cities in light of ISO 37120. It can be said that India has currently not yet adopted international standards, but is in the process of developing national standards and adopting key international standards. Unlike other cities,which are adopting standards - national, ISO, or ITU, Indian cities are yet to adopt standards for regulation of the future smart cities.</p>
<h3><strong>Notes for India</strong></h3>
<p style="text-align: justify;">India is in the nascent stages of developing smart cities across the country. Drawing from the practices adopted by cities across the world, smart cities in India should adopt strong regulatory and governance frameworks regarding technical standards, open data and data security and data protection policies. These policies will be essential in ensuring the sustainability and efficiency of smart cities while safeguarding individual rights. Some of these policies are already in place - such as India’s Open Data Policy and India’s data protection standards under section 43A of the ITA. It will be important to see how these policies are adopted and applied to the context of smart cities.</p>
<p> </p>
<h2>References</h2>
<p><a name="_ftn1">[1]</a> Smart Cities and Transparent Evolution, <a href="http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf">http://www.posterheroes.org/Posterheroes3/_mat/PH3_eng.pdf</a>.</p>
<p><a name="_ftn2">[2]</a> "Data, Data Everywhere." The Economist, February 25, 2010. Accessed March 17, 2016, <a href="http://www.economist.com/node/15557443">http://www.economist.com/node/15557443</a>.</p>
<p><a name="_ftn3">[3]</a> "Smart Cities." ISO. 2015. Accessed March 17, 2016, <a href="http://www.iso.org/iso/smart_cities_report-jtc1.pdf">http://www.iso.org/iso/smart_cities_report-jtc1.pdf</a>.</p>
<p><a name="_ftn4">[4]</a> Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, <a href="http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november">http://www.pmo.gov.sg/mediacentre/transcript-prime-minister-lee-hsien-loongs-speech-smart-nation-launch-24-november</a>.</p>
<p><a name="_ftn5">[5]</a> Smart Nation Vision, <a href="https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision">https://www.ida.gov.sg/Tech-Scene-News/Smart-Nation-Vision</a>.</p>
<p><a name="_ftn6">[6]</a> Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn7">[7]</a> Smart Nation Platform, <a href="https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf">https://www.ida.gov.sg/~/media/Files/About%20Us/Newsroom/Media%20Releases/2014/0617_smartnation/AnnexA_sn.pdf</a>.</p>
<p><a name="_ftn8">[8]</a> Transcript of Prime Minister Lee Hsien Loong's speech at Smart Nation launch on 24 November, <a href="https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/">https://www.ida.gov.sg/blog/insg/featured/singapore-lays-groundwork-to-be-worlds-first-smart-nation/</a>.</p>
<p><a name="_ftn9">[9]</a> Prime Ministers’ Office Singapore-Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn10">[10]</a> Prime Ministers’ Office Singapore-Smart Nation, <a href="http://www.pmo.gov.sg/smartnation">http://www.pmo.gov.sg/smartnation</a>.</p>
<p><a name="_ftn11">[11]</a> Constitution of the Republic of Singapore (Responsibility of the Prime Minister) Notification 2015, <a href="http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes">http://statutes.agc.gov.sg/aol/search/display/view.w3p;page=0;query=Status%3Acurinforce%20Type%3Aact,sl%20Content%3A%22smart%22;rec=4;resUrl=http%3A%2F%2Fstatutes.agc.gov.sg%2Faol%2Fsearch%2Fsummary%2Fresults.w3p%3Bquery%3DStatus%253Acurinforce%2520Type%253Aact,sl%2520Content%253A%2522smart%2522;whole=yes</a>.</p>
<p><a name="_ftn12">[12]</a> Personal Data Protection Singapore-Annual Report 2014-15, <a href="https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf">https://www.pdpc.gov.sg/docs/default-source/Reports/pdpc-ar-fy14---online.pdf</a>.</p>
<p><a name="_ftn13">[13]</a> Balancing Innovation and Personal Data Protection, <a href="https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection">https://www.ida.gov.sg/Tech-Scene-News/Tech-News/Digital-Government/2015/9/Balancing-innovation-and-personal-data-protection</a>.</p>
<p><a name="_ftn14">[14]</a> Department of Statistics Singapore- Free Access to More Data on the SingStat Website from 1 March 2015, <a href="http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf">http://www.singstat.gov.sg/docs/default-source/default-document-library/news/press_releases/press27022015.pdf</a>.</p>
<p><a name="_ftn15">[15]</a> Singapore Marks 50th Birthday With Open Data Contest, <a href="https://blog.hootsuite.com/singapore-open-data/">https://blog.hootsuite.com/singapore-open-data/</a>.</p>
<p><a name="_ftn16">[16]</a> Virtual Singapore - a 3D city model platform for knowledge sharing and community collaboration, <a href="http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx">http://www.sla.gov.sg/News/tabid/142/articleid/572/category/Press%20Releases/parentId/97/year/2014/Default.aspx</a>.</p>
<p><a name="_ftn17">[17]</a> Internet of Things (IoT) Standards Outline to Support Smart Nation Initiative Unveiled, <a href="http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx">http://www.spring.gov.sg/NewsEvents/PR/Pages/Internet-of-Things-(IoT)-Standards-Outline-to-Support-Smart-Nation-Initiative-Unveiled-20150812.aspx</a>.</p>
<p><a name="_ftn18">[18]</a> Information Technology Standards Committee, <a href="https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc">https://www.itsc.org.sg/technical-committees/internet-of-things-technical-committee-iottc</a> and <a href="https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf">https://www.ida.gov.sg/~/media/Files/Infocomm%20Landscape/iN2015/Reports/realisingthevisionin2015.pdf</a>.</p>
<p><a name="_ftn19">[19]</a> Government of Dubai-2021 Dubai Plan-Purpose, <a href="http://www.dubaiplan2021.ae/the-purpose/">http://www.dubaiplan2021.ae/the-purpose/</a>.</p>
<p style="text-align: justify;"><a name="_ftn20">[20]</a> Government of Dubai-2021 Dubai Plan, <a href="http://www.dubaiplan2021.ae/dubai-plan-2021/">http://www.dubaiplan2021.ae/dubai-plan-2021/</a>.</p>
<p><a name="_ftn21">[21]</a> Smart Dubai, <a href="http://www.smartdubai.ae/foundation_layers.php">http://www.smartdubai.ae/foundation_layers.php</a>.</p>
<p><a name="_ftn22">[22]</a> The Internet of Things: Connections for People’s happiness, <a href="http://www.smartdubai.ae/story021002.php">http://www.smartdubai.ae/story021002.php</a>.</p>
<p><a name="_ftn23">[23]</a> Smart Dubai - Current State, <a href="http://www.smartdubai.ae/current_state.php">http://www.smartdubai.ae/current_state.php</a>.</p>
<p><a name="_ftn24">[24]</a> Smart Dubai - District Guidelines, <a href="http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf">http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf</a>.</p>
<p><a name="_ftn25">[25]</a> See; <a href="http://roadmap.smartdubai.ae/search-services-public.php">http://roadmap.smartdubai.ae/search-services-public.php</a> and <a href="http://roadmap.smartdubai.ae/search-initiatives-public.php">http://roadmap.smartdubai.ae/search-initiatives-public.php</a>.</p>
<p><a name="_ftn26">[26]</a> Smart Dubai-Smart District Guidelines, <a href="http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf">http://smartdubai.ae/districtguidelines/Smart_Dubai_District_Guidelines_Public_Brief.pdf</a>.</p>
<p><a name="_ftn27">[27]</a> Dubai Ruler issues new laws to further enhance the organisational structure and legal framework of Dubai Smart City, <a href="https://www.wam.ae/en/news/emirates/1395288828473.html">https://www.wam.ae/en/news/emirates/1395288828473.html</a>.</p>
<p><a name="_ftn28">[28]</a> See: <a href="http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439">http://slc.dubai.gov.ae/en/AboutDepartment/News/Lists/NewsCentre/DispForm.aspx?ID=147&ContentTypeId=0x01001D47EB13C23E544893300E8367A23439</a> and <a href="http://www.smartdubai.ae/dubai_data.php">http://www.smartdubai.ae/dubai_data.php</a>.</p>
<p><a name="_ftn29">[29]</a> Dubai first city to trial ITU key performance indicators for smart sustainable cities, <a href="http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU">http://www.itu.int/net/pressoffice/press_releases/2015/12.aspx#.VtaYtlt97IU</a>.</p>
<p><a name="_ftn30">[30]</a> Smart Dubai Benchmark Report 2015 Executive Summary, <a href="http://smartdubai.ae/bmr2015/methodology-public.php">http://smartdubai.ae/bmr2015/methodology-public.php</a>.</p>
<p><a name="_ftn31">[31]</a> Building a Smart + Equitable City, <a href="http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf">http://www1.nyc.gov/assets/forward/documents/NYC-Smart-Equitable-City-Final.pdf</a></p>
<p><a name="_ftn32">[32]</a> Building a Smart + Equitable City, <a href="http://www1.nyc.gov/site/forward/innovations/smartnyc.page">http://www1.nyc.gov/site/forward/innovations/smartnyc.page</a>.</p>
<p><a name="_ftn33">[33]</a> One New York: The Plan for a Strong and Just City, <a href="http://www1.nyc.gov/html/onenyc/about.html">http://www1.nyc.gov/html/onenyc/about.html</a></p>
<p><a name="_ftn34">[34]</a> Open Data for All, <a href="http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf">http://www1.nyc.gov/assets/home/downloads/pdf/reports/2015/NYC-Open-Data-Plan-2015.pdf</a>.</p>
<p><a name="_ftn35">[35]</a> 7 public projects that are turning New York into a “smart city”, <a href="http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub">http://www.builtinnyc.com/2015/11/24/7-projects-are-turning-new-york-futuristic-technology-hub</a>.</p>
<p><a name="_ftn36">[36]</a> LinkNYC, <a href="https://www.link.nyc/faq.html#privacy">https://www.link.nyc/faq.html#privacy</a>.</p>
<p><a name="_ftn37">[7]</a> ANSI Network on Smart and Sustainable Cities, <a href="http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3">http://www.ansi.org/standards_activities/standards_boards_panels/anssc/overview.aspx?menuid=3</a></p>
<p><a name="_ftn38">[38]</a> IoT-Enabled Smart City Framework, <a href="http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf">http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Links%20Within%20Stories/IoT-EnabledSmartCityFrameworkWP20160213.pdf</a>.</p>
<p><a name="_ftn39">[39]</a> Smart London (UK) Plan: Digital Technologies, London and Londoners, <a href="http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf">http://munkschool.utoronto.ca/ipl/files/2015/03/KleinmanM_Smart-London-UK-v5_30AP2015.pdf</a>.</p>
<p><a name="_ftn40">[40]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn41">[41]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn42">[42]</a> Open Data White Paper, <a href="https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf">https://data.gov.uk/sites/default/files/Open_data_White_Paper.pdf</a>.</p>
<p><a name="_ftn43">[43]</a> London Datastore-Privacy, <a href="http://data.london.gov.uk/about/privacy/">http://data.london.gov.uk/about/privacy/</a>.</p>
<p><a name="_ftn44">[44]</a> Future Cities Standards Centre in London, <a href="https://eu-smartcities.eu/commitment/5937">https://eu-smartcities.eu/commitment/5937</a>.</p>
<p><a name="_ftn45">[45]</a> Smart London Plan, <a href="http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf">http://www.london.gov.uk/sites/default/files/smart_london_plan.pdf</a>.</p>
<p><a name="_ftn46">[46]</a> Smart Cities background paper, October 2013, <a href="https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf">https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246019/bis-13-1209-smart-cities-background-paper-digital.pdf</a>.</p>
<p><a name="_ftn47">[47]</a> Presentation of 2015 Blueprint of Seoul as ‘State-of-the-art Smart City’, <a href="http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/">http://english.seoul.go.kr/presentation-of-2015-blueprint-of-seoul-as-%E2%80%98state-of-the-art-smart-city%E2%80%99/</a>.</p>
<p><a name="_ftn48">[48]</a> “Policy Where There is Demand,” Seoul Utilizes Big Data, <a href="http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/">http://english.seoul.go.kr/policy-demand-seoul-utilizes-big-data/</a></p>
<p><a name="_ftn49">[49]</a> Seoul’s “Owl Bus” Based on Big Data Technology, <a href="http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf">http://www.citiesalliance.org/sites/citiesalliance.org/files/Seoul-Owl-Bus-11052014.pdf</a></p>
<p><a name="_ftn50">[50]</a> Seoul Launches “Global Digital Seoul 2020”, <a href="http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/">http://english.seoul.go.kr/seoul-launches-global-digital-seoul-2020/</a></p>
<p><a name="_ftn51">[51]</a> Smart Seoul 2015, <a href="http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf">http://english.seoul.go.kr/wp-content/uploads/2014/02/SMART_SEOUL_2015_41.pdf</a></p>
<p><a name="_ftn52">[52]</a> Disclosing public data through the Seoul Open Data Plaza, <a href="http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/">http://english.seoul.go.kr/policy-information/key-policies/informatization/seoul-open-data-plaza/</a></p>
<p><a name="_ftn53">[53]</a> Data protection in South Korea: overview, <a href="http://uk.practicallaw.com/2-579-7926">http://uk.practicallaw.com/2-579-7926</a>.</p>
<p><a name="_ftn54">[54]</a>Smart Cities Seoul: a case study, <a href="https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf">https://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000190001PDFE.pdf</a></p>
<p><a name="_ftn55">[55]</a> Smart Cities-ISO, <a href="http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764">http://www.iso.org/iso/livelinkgetfile-isocs?nodeid=16193764</a>.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities'>http://editors.cis-india.org/internet-governance/blog/policies-and-standards-overview-of-five-international-smart-cities</a>
</p>
No publisherKiran A. B., Elonnai Hickok and Vanya RakeshBig DataInternet GovernanceFeaturedSmart CitiesPoliciesHomepage2016-06-11T13:29:04ZBlog EntrySeminar on Understanding Financial Technology, Cashless India, and Forced Digitalisation (Delhi, January 24)
http://editors.cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017
<b>The Centre for Financial Accountability is organising a seminar on "Understanding Financial Technology, Cashless India, and Forced Digitalisation" on Tuesday, January 24, at YWCA, Ashoka Road, New Delhi. Sumandro Chattapadhyay will participate in the seminar and speak on the emerging architecture of FinTech in India, as being developed and deployed by UIDAI and NPCI.</b>
<p> </p>
<p><em>Cross-posted from <a href="https://letstalkfinancialaccountability.wordpress.com/2017/01/20/understanding-financial-technology-cashless-india-forced-digitalisation/">Centre for Financial Accountability</a>.</em></p>
<hr />
<h2>Programme Schedule</h2>
<h4>09.30 - Registration</h4>
<h4>10:00 - Introduction to the Seminar & Setting the Context</h4>
<p>Madhuresh Kumar, National Alliance of People’s Movements</p>
<h4>10:15–11:30 - Session 1 - Understanding the Political Context of FinTech</h4>
<p>B P Mathur, Former Dy CAG</p>
<p>Prabir Purkayastha, Free Software Movement of India and Knowledge Commons</p>
<p>C P Chandrasekhar, Centre for Economic Studies and Planning, JNU</p>
<h4>11:30-11:45 – Tea / Coffee break</h4>
<h4>11:45-13:15 - Session 2 - How will FinTech Impact the Poor, and Labour and Banking Sector?</h4>
<p>Ashim Roy, New Trade Union of India</p>
<p>Nikhil Dey, Mazdoor Kisan Shakti Sangathan</p>
<p>Ravinder Gupta, General Secretary, State Bank of India Officers Association</p>
<h4>13:15-14:00 – Lunch</h4>
<h4>14:00-15:30 - Session 3 - Understanding the Economic Context of FinTech</h4>
<p>Indira Rajaraman, Former Director, RBI</p>
<p>Tony Joseph, Sr. Journalist</p>
<h4>15:30-17:00 - Session 4 - Understanding the Architecture of FinTech: Linkages to Aadhaar, IndiaStack etc</h4>
<p>Sumandro Chattapadhyay, the Centre for Internet and Society</p>
<p>Gopal Krishna, ToxicsWatch</p>
<h4>17:00 – Tea</h4>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017'>http://editors.cis-india.org/internet-governance/news/seminar-on-understanding-financial-technology-cashless-india-and-forced-digitalisation-delhi-jan-24-2017</a>
</p>
No publishersumandroUnified Payments InterfaceFinancial TechnologyDigital IDBig DataDigital EconomyUIDInternet GovernanceDigital IndiaAadhaarFinancial InclusionBiometricsDigital Payment2017-01-23T13:17:19ZBlog EntrySecurity: Privacy, Transparency and Technology
http://editors.cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology
<b>The Centre for Internet and Society (CIS) has been involved in privacy and data protection research for the last five years. It has participated as a member of the Justice A.P. Shah Committee, which has influenced the draft Privacy Bill being authored by the Department of Personnel and Training. It has organised 11 multistakeholder roundtables across India over the last two years to discuss a shadow Privacy Bill drafted by CIS with the participation of privacy commissioners and data protection authorities from Europe and Canada.</b>
<p> </p>
<p>The article was co-authored by Sunil Abraham, Elonnai Hickok and Tarun Krishnakumar. It was published by Observer Research Foundation, <a href="http://editors.cis-india.org/internet-governance/blog/security-privacy-transparency-technology.pdf" class="internal-link">Digital Debates 2015: CyFy Journal Volume 2</a>.</p>
<hr />
<p style="text-align: justify;">Our centre’s work on privacy was considered incomplete by some stakeholders because of a lack of focus in the area of cyber security and therefore we have initiated research on it from this year onwards. In this article, we have undertaken a preliminary examination of the theoretical relationships between the national security imperative and privacy, transparency and technology.</p>
<h3 style="text-align: justify;">Security and Privacy</h3>
<p style="text-align: justify;">Daniel J. Solove has identified the tension between security and privacy as a false dichotomy: "Security and privacy often clash, but there need not be a zero-sum tradeoff." <a name="fr1" href="#fn1">[1]</a> Further unpacking this false dichotomy, Bruce Schneier says, "There is no security without privacy. And liberty requires both security and privacy." <a name="fr2" href="#fn2">[2]</a> Effectively, it could be said that privacy is a precondition for security, just as security is a precondition for privacy. A secure information system cannot be designed without guaranteeing the privacy of its authentication factors, and it is not possible to guarantee privacy of authentication factors without having confidence in the security of the system. Often policymakers talk about a balance between the privacy and security imperatives—in other words a zero-sum game. Balancing these imperatives is a foolhardy approach, as it simultaneously undermines both imperatives. Balancing privacy and security should instead be framed as an optimisation problem. Indeed, during a time when oversight mechanisms have failed even in so-called democratic states, the regulatory power of technology <a name="fr3" href="#fn3">[3]</a> should be seen as an increasingly key ingredient to the solution of that optimisation problem.</p>
<p style="text-align: justify;">Data retention is required in most jurisdictions for law enforcement, intelligence and military purposes. Here are three examples of how security and privacy can be optimised when it comes to Internet Service Provider (ISP) or telecom operator logs:</p>
<ol>
<li style="text-align: justify;"><strong>Data Retention</strong>: We propose that the office of the Privacy Commissioner generate a cryptographic key pair for each internet user and give one key to the ISP / telecom operator. This key would be used to encrypt logs, thereby preventing unauthorised access. Once there is executive or judicial authorisation, the Privacy Commissioner could hand over the second key to the authorised agency. There could even be an emergency procedure and the keys could be automatically collected by concerned agencies from the Privacy Commissioner. This will need to be accompanied by a policy that criminalises the possession of unencrypted logs by ISP and telecom operators.<br /><br /></li>
<li style="text-align: justify;"><strong>Privacy-Protective Surveillance</strong>: Ann Cavoukian and Khaled El Emam <a name="fr4" href="#fn4">[4]</a> have proposed combining intelligent agents, homomorphic encryption and probabilistic graphical models to provide “a positive-sum, ‘win–win’ alternative to current counter-terrorism surveillance systems.” They propose limiting collection of data to “significant” transactions or events that could be associated with terrorist-related activities, limiting analysis to wholly encrypted data, which then does not just result in “discovering more patterns and relationships without an understanding of their context” but rather “intelligent information—information selectively gathered and placed into an appropriate context to produce actual knowledge.” Since fully homomorphic encryption may be unfeasible in real-world systems, they have proposed use of partially homomorphic encryption. But experts such as Prof. John Mallery from MIT are also working on solutions based on fully homomorphic encryption.<br /><br /></li>
<li style="text-align: justify;"><strong>Fishing Expedition Design</strong>: Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal have proposed a standard <a name="fr5" href="#fn5">[5]</a> that could be adopted by authorised agencies, telecom operators and ISPs. Instead of giving authorised agencies complete access to logs, they propose a format for database queries, which could be sent to the telecom operator or ISP by authorised agencies. The telecom operator or ISP would then process the query, and anonymise/obfuscate the result-set in an automated fashion based on applicable privacypolicies/regulation. Authorised agencies would then hone in on a subset of the result-set that they would like with personal identifiers intact; this smaller result set would then be shared with the authorised agencies.</li></ol>
<p style="text-align: justify;">An optimisation approach to resolving the false dichotomy between privacy and security will not allow for a total surveillance regime as pursued by the US administration. Total surveillance brings with it the ‘honey pot’ problem: If all the meta-data and payload data of citizens is being harvested and stored, then the data store will become a single point of failure and will become another target for attack. The next Snowden may not have honourable intentions and might decamp with this ‘honey pot’ itself, which would have disastrous consequences.</p>
<p style="text-align: justify;">If total surveillance will completely undermine the national security imperative, what then should be the optimal level of surveillance in a population? The answer depends upon the existing security situation. If this is represented on a graph with security on the y-axis and the proportion of the population under surveillance on the x-axis, the benefits of surveillance could be represented by an inverted hockey-stick curve. To begin with, there would already be some degree of security. As a small subset of the population is brought under surveillance, security would increase till an optimum level is reached, after which, enhancing the number of people under surveillance would not result in any security pay-off. Instead, unnecessary surveillance would diminish security as it would introduce all sorts of new vulnerabilities. Depending on the existing security situation, the head of the hockey-stick curve might be bigger or smaller. To use a gastronomic analogy, optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.</p>
<p style="text-align: justify;">In India the designers of surveillance projects have fortunately rejected the total surveillance paradigm. For example, the objective of the National Intelligence Grid (NATGRID) is to streamline and automate targeted surveillance; it is introducing technological safeguards that will allow express combinations of result-sets from 22 databases to be made available to 12 authorised agencies. This is not to say that the design of the NATGRID cannot be improved.</p>
<h3>Security and Transparency</h3>
<p style="text-align: justify;">There are two views on security and transparency: One, security via obscurity as advocated by vendors of proprietary software, and two, security via transparency as advocated by free/open source software (FOSS) advocates and entrepreneurs. Over the last two decades, public and industry opinion has swung towards security via transparency. This is based on the Linus rule that “given enough eyeballs, all bugs are shallow.” But does this mean that transparency is a necessary and sufficient condition? Unfortunately not, and therefore it is not necessarily true that FOSS and open standards will be more secure than proprietary software and proprietary standards.</p>
<blockquote style="text-align: justify;" class="pullquote">Optimal surveillance is like salt in cooking—necessary in small quantities but counter-productive even if slightly in excess.</blockquote>
<p style="text-align: justify;">The recent detection of the Heartbleed <a name="fr6" href="#fn6">[6]</a> security bug in Open SSL, <a name="fr7" href="#fn7">[7]</a> causing situations where more data can be read than should be allowed, and Snowden’s revelations about the compromise of some open cryptographic standards (which depend on elliptic curves), developed by the US National Institute of Standards and Technology, are stark examples. <a name="fr8" href="#fn8">[8]</a></p>
<p style="text-align: justify;">At the same time, however, open standards and FOSS are crucial to maintaining the balance of power in information societies, as civil society and the general public are able to resist the powers of authoritarian governments and rogue corporations using cryptographic technology. These technologies allow for anonymous speech, pseudonymous speech, private communication, online anonymity and circumvention of surveillance and censorship. For the media, these technologies enable anonymity of sources and the protection of whistle-blowers—all phenomena that are critical to the functioning of a robust and open democratic society. But these very same technologies are also required by states and by the private sector for a variety of purposes—national security, e-commerce, e-banking, protection of all forms of intellectual property, and services that depend on confidentiality, such as legal or medical services.</p>
<p style="text-align: justify;">In order words, all governments, with the exception of the US government, have common cause with civil society, media and the general public when it comes to increasing the security of open standards and FOSS. Unfortunately, this can be quite an expensive task because the re-securing of open cryptographic standards depends on mathematicians. Of late, mathematical research outputs that can be militarised are no longer available in the public domain because the biggest employers of mathematicians worldwide today are the US military and intelligence agencies. If other governments invest a few billion dollars through mechanisms like Knowledge Ecology International’s proposed World Trade Organization agreement on the supply of knowledge as a public good, we would be able to internationalise participation in standard-setting organisations and provide market incentives for greater scrutiny of cryptographic standards and patching of vulnerabilities of FOSS. This would go a long way in addressing the trust deficit that exists on the internet today.</p>
<h3 style="text-align: justify;">Security and Technology</h3>
<p style="text-align: justify;">A techno-utopian understanding of security assumes that more technology, more recent technology and more complex technology will necessarily lead to better security outcomes.</p>
<p style="text-align: justify;">This is because the security discourse is dominated by vendors with sales targets who do not present a balanced or accurate picture of the technologies that they are selling. This has resulted in state agencies and the general public having an exaggerated understanding of the capabilities of surveillance technologies that is more aligned with Hollywood movies than everyday reality.</p>
<h3 style="text-align: justify;">More Technology</h3>
<p style="text-align: justify;">Increasing the number of x-ray machines or full-body scanners at airports by a factor of ten or hundred will make the airport less secure unless human oversight is similarly increased. Even with increased human oversight, all that has been accomplished is an increase in the potential locations that can be compromised. The process of hardening a server usually involves stopping non-essential services and removing non-essential software. This reduces the software that should be subject to audit, continuously monitored for vulnerabilities and patched as soon as possible. Audits, ongoing monitoring and patching all cost time and money and therefore, for governments with limited budgets, any additional unnecessary technology should be seen as a drain on the security budget. Like with the airport example, even when it comes to a single server on the internet, it is clear that, from a security perspective, more technology without a proper functionality and security justification is counter-productive. To reiterate, throwing increasingly more technology at a problem does not make things more secure; rather, it results in a proliferation of vulnerabilities.</p>
<h3 style="text-align: justify;">Latest Technology</h3>
<p style="text-align: justify;">Reports that a number of state security agencies are contemplating returning to typewriters for sensitive communications in the wake of Snowden’s revelations makes it clear that some older technologies are harder to compromise in comparison to modern technology. <a name="fr9" href="#fn9">[9]</a> Between iris- and fingerprint-based biometric authentication, logically, it would be easier for a criminal to harvest images of irises or authentication factors in bulk fashion using a high resolution camera fitted with a zoom lens in a public location, in comparison to mass lifting of fingerprints.</p>
<h3 style="text-align: justify;">Complex Technology</h3>
<p style="text-align: justify;">Fifteen years ago, Bruce Schneier said, "The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future." <a name="fr10" href="#fn10">[10]</a> This is because complexity increases fragility; every feature is also a potential source of vulnerabilities and failures. The simpler Indian electronic machines used until the 2014 elections are far more secure than the Diebold voting machines used in the 2004 US presidential elections. Similarly when it comes to authentication, a pin number is harder to beat without user-conscious cooperation in comparison to iris- or fingerprint-based biometric authentication.</p>
<p style="text-align: justify;">In the following section of the paper we have identified five threat scenarios <a name="fr11" href="#fn11">[11]</a> relevant to India and identified solutions based on our theoretical framing above.</p>
<h3 style="text-align: justify;">Threat Scenarios and Possible Solutions</h3>
<p style="text-align: justify;"><strong>Hacking the NIC Certifying Authority</strong><br />One of the critical functions served by the National Informatics Centre (NIC) is as a Certifying Authority (CA). <a name="fr12" href="#fn12">[12]</a> In this capacity, the NIC issues digital certificates that authenticate web services and allow for the secure exchange of information online. <a name="fr13" href="#fn13">[13]</a> Operating systems and browsers maintain lists of trusted CA root certificates as a means of easily verifying authentic certificates. India’s Controller of Certifying Authority’s certificates issued are included in the Microsoft Root list and recognised by the majority of programmes running on Windows, including Internet Explorer and Chrome. <a name="fr14" href="#fn14">[14]</a> In 2014, the NIC CA’s infrastructure was compromised, and digital certificates were issued in NIC’s name without its knowledge. <a name="fr15" href="#fn15">[15]</a> Reports indicate that NIC did not "have an appropriate monitoring and tracking system in place to detect such intrusions immediately." <a name="fr16" href="#fn16">[16]</a> The implication is that websites could masquerade as another domain using the fake certificates. Personal data of users can be intercepted or accessed by third parties by the masquerading website. The breach also rendered web servers and websites of government bodies vulnerable to attack, and end users were no longer sure that data on these websites was accurate and had not been tampered with. <a name="fr17" href="#fn17">[17]</a> The NIC CA was forced to revoke all 250,000 SSL Server Certificates issued until that date <a name="fr18" href="#fn18">[18]</a> and is no longer issuing digital certificates for the time being. <a name="fr19" href="#fn19">[19]</a>Public key pinning is a means through which websites can specify which certifying authorities have issued certificates for that site. Public key pinning can prevent man-in-the-middle attacks due to fake digital certificates. <a name="fr20" href="#fn20">[20]</a> Certificate Transparency allows anyone to check whether a certificate has been properly issued, seeing as certifying authorities must publicly publish information about the digital certificates that they have issued. Though this approach does not prevent fake digital certificates from being issued, it can allow for quick detection of misuse. <a name="fr21" href="#fn21">[21]</a></p>
<p style="text-align: justify;"><strong>‘Logic Bomb’ against Airports</strong><br />Passenger operations in New Delhi’s Indira Gandhi International Airport depend on a centralised operating system known as the Common User Passenger Processing System (CUPPS). The system integrates numerous critical functions such as the arrival and departure times of flights, and manages the reservation system and check-in schedules. <a name="fr22" href="#fn22">[22]</a> In 2011, a logic bomb attack was remotely launched against the system to introduce malicious code into the CUPPS software. The attack disabled the CUPPS operating system, forcing a number of check-in counters to shut down completely, while others reverted to manual check-in, resulting in over 50 delayed flights. Investigations revealed that the attack was launched by three disgruntled employees who had assisted in the installation of the CUPPS system at the New Delhi Airport. <a name="fr23" href="#fn23">[23]</a> Although in this case the impact of the attack was limited to flight delay, experts speculate that the attack was meant to take down the entire system. The disruption and damage resulting from the shutdown of an entire airport would be extensive.</p>
<p style="text-align: justify;">Adoption of open hardware and FOSS is one strategy to avoid and mitigate the risk of such vulnerabilities. The use of devices that embrace the concept of open hardware and software specifications must be encouraged, as this helps the FOSS community to be vigilant in detecting and reporting design deviations and investigate into probable vulnerabilities.</p>
<p style="text-align: justify;"><strong>Attack on Critical Infrastructure</strong><br />The Nuclear Power Corporation of India encounters and prevents numerous cyber attacks every day. <a name="fr24" href="#fn24">[24]</a> The best known example of a successful nuclear plant hack is the Stuxnet worm that thwarted the operation of an Iranian nuclear enrichment complex and set back the country’s nuclear programme. <a name="fr25" href="#fn25">[25] </a></p>
<p style="text-align: justify;">The worm had the ability to spread over the network and would activate when a specific configuration of systems was encountered <a name="fr26" href="#fn26">[26]</a> and connected to one or more Siemens programmable logic controllers. <a name="fr27" href="#fn27">[27]</a> The worm was suspected to have been initially introduced through an infected USB drive into one of the controller computers by an insider, thus crossing the air gap. <a name="fr28" href="#fn28">[28]</a> The worm used information that it gathered to take control of normal industrial processes (to discreetly speed up centrifuges, in the present case), leaving the operators of the plant unaware that they were being attacked. This incident demonstrates how an attack vector introduced into the general internet can be used to target specific system configurations. When the target of a successful attack is a sector as critical and secured as a nuclear complex, the implications for a country’s security and infrastructure are potentially grave.</p>
<p style="text-align: justify;">Security audits and other transparency measures to identify vulnerabilities are critical in sensitive sectors. Incentive schemes such as prizes, contracts and grants may be evolved for the private sector and academia to identify vulnerabilities in the infrastructure of critical resources to enable/promote security auditing of infrastructure.</p>
<p style="text-align: justify;"><strong>Micro Level: Chip Attacks</strong><br />Semiconductor devices are ubiquitous in electronic devices. The US, Japan, Taiwan, Singapore, Korea and China are the primary countries hosting manufacturing hubs of these devices. India currently does not produce semiconductors, and depends on imported chips. This dependence on foreign semiconductor technology can result in the import and use of compromised or fraudulent chips by critical sectors in India. For example, hardware Trojans, which may be used to access personal information and content on a device, may be inserted into the chip. Such breaches/transgressions can render equipment in critical sectors vulnerable to attack and threaten national security. <a name="fr29" href="#fn29">[29]</a></p>
<p style="text-align: justify;">Indigenous production of critical technologies and the development of manpower and infrastructure to support these activities are needed. The Government of India has taken a number of steps towards this. For example, in 2013, the Government of India approved the building of two Semiconductor Wafer Fabrication (FAB) manufacturing facilities <a name="fr30" href="#fn30">[30]</a> and as of January 2014, India was seeking to establish its first semiconductor characterisation lab in Bangalore. <a name="fr31" href="#fn31">[31]</a></p>
<p style="text-align: justify;"><strong>Macro Level: Telecom and Network Switches</strong></p>
<p style="text-align: justify;">The possibility of foreign equipment containing vulnerabilities and backdoors that are built into its software and hardware gives rise to concerns that India’s telecom and network infrastructure is vulnerable to being hacked and accessed by foreign governments (or non-state actors) through the use of spyware and malware that exploit such vulnerabilities. In 2013, some firms, including ZTE and Huawei, were barred by the Indian government from participating in a bid to supply technology for the development of its National Optic Network project due to security concerns. <a name="fr32" href="#fn32">[32]</a> Similar concerns have resulted in the Indian government holding back the conferment of ‘domestic manufacturer’ status on both these firms. <a name="fr33" href="#fn33">[33]</a></p>
<p style="text-align: justify;">Following reports that Chinese firms were responsible for transnational cyber attacks designed to steal confidential data from overseas targets, there have been moves to establish laboratories to test imported telecom equipment in India. <a name="fr34" href="#fn34">[34]</a> Despite these steps, in a February 2014 incident the state-owned telecommunication company Bharat Sanchar Nigam Ltd’s network was hacked, allegedly by Huawei. <a name="fr35" href="#fn35">[35]</a></p>
<blockquote style="text-align: justify;" class="pullquote">Security practitioners and policymakers need to avoid the zero-sum framing prevalent in popular discourse regarding security VIS-A-VIS privacy, transparency and technology.</blockquote>
<p style="text-align: justify;">A successful hack of the telecom infrastructure could result in massive disruption in internet and telecommunications services. Large-scale surveillance and espionage by foreign actors would also become possible, placing, among others, both governmental secrets and individuals personal information at risk.</p>
<p style="text-align: justify;">While India cannot afford to impose a general ban on the import of foreign telecommunications equipment, a number of steps can be taken to address the risk of inbuilt security vulnerabilities. Common International Criteria for security audits could be evolved by states to ensure compliance of products with international norms and practices. While India has already established common criteria evaluation centres, <a name="fr36" href="#fn36">[36]</a> the government monopoly over the testing function has resulted in only three products being tested so far. A Code Escrow Regime could be set up where manufacturers would be asked to deposit source code with the Government of India for security audits and verification. The source code could be compared with the shipped software to detect inbuilt vulnerabilities.</p>
<h3 style="text-align: justify;">Conclusion</h3>
<p style="text-align: justify;">Cyber security cannot be enhanced without a proper understanding of the relationship between security and other national imperatives such as privacy, transparency and technology. This paper has provided an initial sketch of those relationships, but sustained theoretical and empirical research is required in India so that security practitioners and policymakers avoid the zero-sum framing prevalent in popular discourse and take on the hard task of solving the optimisation problem by shifting policy, market and technological levers simultaneously. These solutions must then be applied in multiple contexts or scenarios to determine how they should be customised to provide maximum security bang for the buck.</p>
<hr />
<p style="text-align: justify;">[<a name="fn1" href="#fr1">1</a>]. Daniel J. Solove, Chapter 1 in Nothing to Hide: The False Tradeoff between Privacy and Security (Yale University Press: 2011), http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1827982.</p>
<p style="text-align: justify;">[<a name="fn2" href="#fr2">2</a>]. Bruce Schneier, “What our Top Spy doesn’t get: Security and Privacy aren’t Opposites,” Wired, January 24, 2008, http://archive.wired.com/politics/security commentary/security matters/2008/01/securitymatters_0124 and Bruce Schneier, “Security vs. Privacy,” Schneier on Security, January 29, 2008, https://www.schneier.com/blog/archives/2008/01/security_vs_pri.html.</p>
<p style="text-align: justify;">[<a name="fn3" href="#fr3">3</a>]. There are four sources of power in internet governance: Market power exerted by private sector organisations; regulatory power exerted by states; technical power exerted by anyone who has access to certain categories of technology, such as cryptography; and finally, the power of public pressure sporadically mobilised by civil society. A technically sound encryption standard, if employed by an ordinary citizen, cannot be compromised using the power of the market or the regulatory power of states or public pressure by civil society. In that sense, technology can be used to regulate state and market behaviour.</p>
<p style="text-align: justify;">[<a name="fn4" href="#fr4">4</a>]. Ann Cavoukian and Khaled El Emam, “Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism,” Information & Privacy Commisioner, September 2013, Ontario, Canada, http://www.privacybydesign.ca/content/uploads/2013/12/pps.pdf.</p>
<p style="text-align: justify;">[<a name="fn5" href="#fr5">5</a>]. Madan Oberoi, Pramod Jagtap, Anupam Joshi, Tim Finin and Lalana Kagal, “Information Integration and Analysis: A Semantic Approach to Privacy”(presented at the third IEEE International Conference on Information Privacy, Security, Risk and Trust, Boston, USA, October 2011), ebiquity.umbc.edu/_file_directory_/papers/578.pdf.</p>
<p style="text-align: justify;">[<a name="fn6" href="#fr6">6</a>]. Bruce Byfield, “Does Heartbleed disprove ‘Open Source is Safer’?,” Datamation, April 14, 2014, http://www.datamation.com/open-source/does-heartbleed-disprove-open-source-is-safer-1.html.</p>
<p style="text-align: justify;">[<a name="fn7" href="#fr7">7</a>]. “Cybersecurity Program should be more transparent, protect privacy,” Centre for Democracy and Technology Insights, March 20, 2009, https://cdt.org/insight/cybersecurity-program-should-be-more-transparent-protect-privacy/#1.</p>
<p style="text-align: justify;">[<a name="fn8" href="#fr8">8</a>]. “Cracked Credibility,” The Economist, September 14, 2013, http://www.economist.com/news/international/21586296-be-safe-internet-needs-reliable-encryption-standards-software-and.</p>
<p style="text-align: justify;">[<a name="fn9" href="#fr9">9</a>]. Miriam Elder, “Russian guard service reverts to typewriters after NSA leaks,” The Guardian, July 11, 2013, www.theguardian.com/world/2013/jul/11/russia-reverts-paper-nsa-leaks and Philip Oltermann, “Germany ‘may revert to typewriters’ to counter hi-tech espionage,” The Guardian, July 15, 2014, www.theguardian.com/world/2014/jul/15/germany-typewriters-espionage-nsa-spying-surveillance.</p>
<p style="text-align: justify;">[<a name="fn10" href="#fr10">10</a>]. Bruce Schneier, “A Plea for Simplicity,” Schneier on Security, November 19, 1999, https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html.</p>
<p style="text-align: justify;">[<a name="fn11" href="#fr11">11</a>]. With inputs from Pranesh Prakash of the Centre for Internet and Society and Sharathchandra Ramakrishnan of Srishti School of Art, Technology and Design.</p>
<p style="text-align: justify;">[<a name="fn12" href="#fr12">12</a>]. “Frequently Asked Questions,” Controller of Certifying Authorities, Department of Electronics and Information Technology, Government of India, http://cca.gov.in/cca/index.php?q=faq-page#n41.</p>
<p>[<a name="fn13" href="#fr13">13</a>]. National Informatics Centre Homepage, Government of India, http://www.nic.in/node/41.</p>
<p style="text-align: justify;">[<a name="fn14" href="#fr14">14</a>]. Adam Langley, “Maintaining Digital Certificate Security,” Google Security Blog, July 8, 2014, http://googleonlinesecurity.blogspot.in/2014/07/maintaining-digital-certificate-security.html.</p>
<p style="text-align: justify;">[<a name="fn15" href="#fr15">15</a>]. This is similar to the kind of attack carried out against DigiNotar, a Dutch certificate authority. See: http://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=1246&context=jss.</p>
<p>[<a name="fn16" href="#fr16">16</a>]. R. Ramachandran, “Digital Disaster,” Frontline, August 22, 2014, http://www.frontline.in/the-nation/digital-disaster/article6275366.ece.</p>
<p>[<a name="fn17" href="#fr17">17</a>]. Ibid.</p>
<p>[<a name="fn18" href="#fr18">18</a>]. “NIC’s digital certification unit hacked,” Deccan Herald, July 16, 2014, http://www.deccanherald.com/content/420148/archives.php.</p>
<p>[<a name="fn19" href="#fr19">19</a>]. National Informatics Centre Certifying Authority Homepage, Government of India, http://nicca.nic.in//.</p>
<p>[<a name="fn20" href="#fr20">20</a>]. Mozilla Wiki, “Public Key Pinning,” https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning.</p>
<p style="text-align: justify;">[<a name="fn21" href="#fr21">21</a>]. “Certificate Transparency - The quick detection of fraudulent digital certificates,” Ascertia, August 11, 2014, http://www.ascertiaIndira.com/blogs/pki/2014/08/11/certificate-transparency-the-quick-detection-of-fraudulent-digital-certificates.</p>
<p style="text-align: justify;">[<a name="fn22" href="#fr22">22</a>]. “Indira Gandhi International Airport (DEL/VIDP) Terminal 3, India,” Airport Technology.com, http://www.airport-technology.com/projects/indira-gandhi-international-airport-terminal -3/.</p>
<p style="text-align: justify;">[<a name="fn23" href="#fr23">23</a>]. “How techies used logic bomb to cripple Delhi Airport,” Rediff, November 21, 2011, http://www.rediff.com/news/report/how-techies-used-logic-bomb-to-cripple-delhi-airport/20111121 htm.</p>
<p style="text-align: justify;">[<a name="fn24" href="#fr24">24</a>]. Manu Kaushik and Pierre Mario Fitter, “Beware of the bugs,” Business Today, February 17, 2013, http://businesstoday.intoday.in/story/india-cyber-security-at-risk/1/191786.html.</p>
<p>[<a name="fn25" href="#fr25">25</a>]. “Stuxnet ‘hit’ Iran nuclear plants,” BBC, November 22, 2010, http://www.bbc.com/news/technology-11809827.</p>
<p>[<a name="fn26" href="#fr26">26</a>]. In this case, systems using Microsoft Windows and running Siemens Step7 software were targeted.</p>
<p>[<a name="fn27" href="#fr27">27</a>]. Jonathan Fildes, “Stuxnet worm ‘targeted high-value Iranian assets’,” BBC, September 23, 2010, http://www.bbc.com/news/technology-11388018.</p>
<p style="text-align: justify;">[<a name="fn28" href="#fr28">28</a>]. Farhad Manjoo, “Don’t Stick it in: The dangers of USB drives,” Slate, October 5, 2010, http://www.slate.com/articles/technology/technology/2010/10/dont_stick_it_in.html.</p>
<p>[<a name="fn29" href="#fr29">29</a>]. Ibid.</p>
<p style="text-align: justify;">[<a name="fn30" href="#fr30">30</a>]. “IBM invests in new $5bn chip fab in India, so is chip sale off?,” ElectronicsWeekly, February 14, 2014, http://www.electronicsweekly.com/news/business/ibm-invests-new-5bn-chip-fab-india-chip-sale-2014-02/.</p>
<p style="text-align: justify;">[<a name="fn31" href="#fr31">31</a>]. NT Balanarayan, “Cabinet Approves Creation of Two Semiconductor Fabrication Units,” Medianama, February 17, 2014, http://articles.economictimes.indiatimes.com/2014-02-04/news/47004737_1_indian-electronics-special-incentive-package-scheme-semiconductor-association.</p>
<p style="text-align: justify;">[<a name="fn32" href="#fr32">32</a>]. Jamie Yap, “India bars foreign vendors from national broadband initiative,” ZD Net, January 21, 2013, http://www.zdnet.com/in/india-bars-foreign-vendors-from-national-broadband-initiative-7000010055/.</p>
<p style="text-align: justify;">[<a name="fn33" href="#fr33">33</a>]. Kevin Kwang, “India holds back domestic-maker status for Huawei, ZTE,” ZD Net, February 6, 2013, http://www.zdnet.com/in/india-holds-back-domestic-maker-status-for-huawei-zte-70 00010887/. Also see “Huawei, ZTE await domestic-maker tag,” The Hindu, February 5, 2013, http://www.thehindu.com/business/companies/huawei-zte-await-domesticmaker-tag/article4382888.ece.</p>
<p style="text-align: justify;">[<a name="fn34" href="#fr34">34</a>]. Ellyne Phneah, “Huawei, ZTE under probe by Indian government,” ZD Net, May 10, 2013, http://www.zdnet.com/in/huawei-zte-under-probe-by-indian-government-7000015185/.</p>
<p style="text-align: justify;">[<a name="fn35" href="#fr35">35</a>]. Devidutta Tripathy, “India investigates report of Huawei hacking state carrier network,” Reuters, February 6, 2014, http://www.reuters.com/article/2014/02/06/us-india-huawei-hacking-idUSBREA150QK20140206.</p>
<p>[<a name="fn36" href="#fr36">36</a>]. “Products Certified,” Common Criteria Portal of India, http://www.commoncriteria-india.gov.in/Pages/ProductsCertified.aspx.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology'>http://editors.cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology</a>
</p>
No publishersunilBig DataPrivacyInternet GovernanceFeaturedHomepage2015-09-15T10:53:52ZBlog EntrySean McDonald - Ebola: A Big Data Disaster
http://editors.cis-india.org/papers/ebola-a-big-data-disaster
<b>We are proud to initiate the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modeling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.</b>
<p> </p>
<h2>Read</h2>
<h4>Download the paper: <a href="https://github.com/cis-india/papers/raw/master/CIS_Papers_2016.01_Sean-McDonald.pdf">PDF</a>.</h4>
<p> </p>
<h2>Preface</h2>
<p>This study titled “Ebola: A Big Data Disaster” by Sean Martin McDonald, undertaken with support from the Open Society Foundation, Ford Foundation, and Media Democracy Fund, explores the use of Big Data in the form of Call Detail Record (CDR) data in humanitarian crisis.</p>
<p> It discusses the challenges of digital humanitarian coordination in health emergencies like the Ebola outbreak in West Africa, and the marked tension in the debate around experimentation with humanitarian technologies and the impact on privacy. McDonald’s research focuses on the two primary legal and human rights frameworks, privacy and property, to question the impact of unregulated use of CDR’s on human rights. It also highlights how the diffusion of data science to the realm of international development constitutes a genuine opportunity to bring powerful new tools to fight crisis and emergencies.</p>
<p>Analysing the risks of using CDRs to perform migration analysis and contact tracing without user consent, as well as the application of big data to disease surveillance is an important entry point into the debate around use of Big Data for development and humanitarian aid. The paper also raises crucial questions of legal significance about the access to information, the limitation of data sharing, and the concept of proportionality in privacy invasion in the public good. These issues hold great relevance in today's time where big data and its emerging role for development, involving its actual and potential uses as well as harms is under consideration across the world.</p>
<p>The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modelling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.</p>
<p>This study offers an important perspective for us at the Centre for Internet and Society, and our works on Privacy, Big Data, and Big Data for Development, and very productively articulates the risks of adopting solutions to issues important for development without taking into consideration legal implications and the larger impact on human rights. We look forward to continue to critically engage with issues raised by Big Data in the context of human rights and sustainable development, and bring together diverse perspectives on these issues.</p>
<p><em>- Elonnai Hickok, Policy Director, the Centre for Internet and Society</em></p>
<p> </p>
<h2>CIS Papers</h2>
<p>The CIS Papers series publishes open access monographs and discussion pieces that critically contribute to the debates on digital technologies and society. It includes publication of new findings and observations, of work-in-progress, and of critical review of existing materials. These may be authored by researchers at or affiliated to CIS, by external researchers and practitioners, or by a group of discussants. CIS offers editorial support to the selected monographs and discussion pieces. The views expressed, however, are of the authors' alone.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/papers/ebola-a-big-data-disaster'>http://editors.cis-india.org/papers/ebola-a-big-data-disaster</a>
</p>
No publishersumandroBig DataPrivacyOpen DataDisaster ResponseInternet GovernanceHumanitarian ResponseCIS Papers2016-04-21T09:57:26ZBlog EntryRight to Food Campaign, Ranchi Convention, 2016
http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016
<b>The Right to Food Campaign held its 2016 Convention in Ranchi during September 23-25, 2016. While three years have elapsed since the passage of the National Food Security Act, despite improvements in the Public Distribution System (PDS), large implementation gaps remain. This is what the Convention focused on, and gathered researchers and campaigners from across the country to share experiences and case studies on effectiveness and exclusions from the PDS. Sumandro Chattapadhyay took part in a session of the Convention to discuss how UID-linked welfare delivery is being rolled out across key programmes like provision of pension and rationed distribution of essential commodities, and their impact on people's right to welfare services.</b>
<p> </p>
<h4>Right to Food Campaign: <a href="http://www.righttofoodcampaign.in/">Website</a>.</h4>
<h4>Right to Food Campaign: <a href="https://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxoYXFyb3ppcm90aXxneDo3MmQ3MTMyZjU2N2FjOGU">Cash Transfers and UID: Our Main Demands</a>.</h4>
<h4>Ranchi Convention, 2016: <a href="https://docs.google.com/document/d/110_asJ1t14IWALbhWN1RjDiOV8WE-fIK2xJC5Yltyc4/edit">Programme</a>.</h4>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016'>http://editors.cis-india.org/internet-governance/news/right-to-food-campaign-ranchi-convention-2016</a>
</p>
No publishersumandroBig DataData SystemsInternet GovernanceSurveillanceAadhaarWelfare GovernanceBiometricsBig Data for DevelopmentUID2019-03-16T04:40:52ZBlog EntryReport on Understanding Aadhaar and its New Challenges
http://editors.cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges
<b>The Trans-disciplinary Research Cluster on Sustainability Studies at Jawaharlal Nehru University collaborated with the Centre for Internet and Society, and other individuals and organisations to organise a two day workshop on “Understanding Aadhaar and its New Challenges” at the Centre for Studies in Science Policy, JNU on May 26 and 27, 2016. The objective of the workshop was to bring together experts from various fields, who have been rigorously following the developments in the Unique Identification (UID) Project and align their perspectives and develop a shared understanding of the status of the UID Project and its impact. Through this exercise, it was also sought to develop a plan of action to address the welfare exclusion issues that have arisen due to implementation of the UID Project.</b>
<p> </p>
<h4>Report: <a href="http://editors.cis-india.org/internet-governance/files/report-on-understanding-aadhaar-and-its-new-challenges/at_download/file">Download</a> (PDF)</h4>
<hr />
<p style="text-align: justify;">This Report is a compilation of the observations made by participants at the workshop relating to myriad issues under the UID Project and various strategies that could be pursued to address these issues. In this Report we have classified the observations and discussions into following themes:</p>
<p><strong>1.</strong> <a href="#1">Brief Background of the UID Project</a></p>
<p><strong>2.</strong> <a href="#2">Legal Status of the UIDAI Project</a></p>
<ul>
<li><a href="#21">Procedural issues with passage of the Act</a></li>
<li><a href="#22">Status of related litigation</a></li></ul>
<p><strong>3.</strong> <a href="#3">National Identity Projects in Other Jurisdictions</a></p>
<ul>
<li><a href="#31">Pakistan</a></li>
<li><a href="#32">United Kingdom</a></li>
<li><a href="#33">Estonia</a></li>
<li><a href="#34">France</a></li>
<li><a href="#35">Argentina</a></li></ul>
<p><strong>4.</strong> <a href="#4">Technologies of Identification and Authentication</a></p>
<ul>
<li><a href="#41">Use of Biometric Information for Identification and Authentication</a></li>
<li><a href="#42">Architectures of Identification</a></li>
<li><a href="#43">Security Infrastructure of CIDR</a></li></ul>
<p><strong>5.</strong> <a href="#5">Aadhaar for Welfare?</a></p>
<ul>
<li><a href="#51">Social Welfare: Modes of Access and Exclusion</a></li>
<li><a href="#52">Financial Inclusion and Direct Benefits Transfer</a></li></ul>
<p><strong>6.</strong> <a href="#6">Surveillance and UIDAI</a></p>
<p><strong>7.</strong> <a href="#7">Strategies for Future Action</a></p>
<p><strong>Annexure A</strong> <a href="#AA">Workshop Agenda</a></p>
<p><strong>Annexure B</strong> <a href="#AB">Workshop Participants</a></p>
<hr />
<h3 id="1" style="text-align: justify;"><strong>1. Brief Background of the UID Project</strong></h3>
<p style="text-align: justify;">In the year 2009, the UIDAI was established and the UID project was conceived by the Planning Commission under the UPA government to provide unique identification for each resident in India and to be used for delivery of welfare government services in an efficient and transparent manner, along with using it as a tool to monitor government schemes. The objective of the scheme has been to issue a unique identification number by the Unique Identification Authority of India, which can be authenticated and verified online. It was conceptualized and implemented as a platform to facilitate identification and avoid fake identity issues and delivery of government benefits based on the demographic and biometric data available with the Authority.</p>
<p style="text-align: justify;">The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 (the “<strong>Act</strong>”) was passed as a money bill on March 16, 2016 and was notified in the gazette March 25, 2016 upon receiving the assent of the President. However, the enforceability date has not been mentioned due to which the bill has not come into force.</p>
<p style="text-align: justify;">The Act provides that the Aadhaar number can be used to validate a person’s identity, but it cannot be used as a proof of citizenship. Also, the government can make it mandatory for a person to authenticate her/his identity using Aadhaar number before receiving any government subsidy, benefit, or service. At the time of enrolment, the enrolling agency is required to provide notice to the individual regarding how the information will be used, the type of entities the information will be shared with and their right to access their information. Consent of an individual would be obtained for using his/her identity information during enrolment as well as authentication, and would be informed of the nature of information that may be shared. The Act clearly lays that the identity information of a resident shall not be sued for any purpose other than specified at the time of authentication and disclosure of information can be made only pursuant to an order of a court not inferior to that of a District Judge and/or disclosure made in the interest of national security.</p>
<h3 id="2" style="text-align: justify;"><strong>2. Legal Status of the UIDAI Project</strong></h3>
<p style="text-align: justify;">In this section, we have summarised the discussions on the procedural issues with the passage of the Act. The participants had criticised the passage of the Act as a money bill in the Parliament. The participants also assessed the litigation pending in the Supreme Court of India that would be affected by this law. These discussions took place in the session titled, ‘Current Status of Aadhaar’ and have been summarised below.</p>
<h3 id="21" style="text-align: justify;">Procedural Issues with Passage of the Act</h3>
<p style="text-align: justify;">The participants contested the introduction of the Act in the form of a money bill. The rationale behind this was explained at the session and is briefly explained here. Article 110 (1) of the Constitution of India defines a money bill as one containing provisions only regarding the matters enumerated or any matters incidental to the following: a) imposition, regulation and abolition of any tax, b) borrowing or other financial obligations of the Government of India, c) custody, withdrawal from or payment into the Consolidated Fund of India (CFI) or Contingent Fund of India, d) appropriation of money out of CFI, e) expenditure charged on the CFI or f) receipt or custody or audit of money into CFI or public account of India. The Act makes references to benefits, subsidies and services which are funded by the Consolidated Fund of India (CFI), however the main objectives of the Act is to create a right to obtain a unique identification number and provide for a statutory mechanism to regulate this process. The Act only establishes an identification mechanism which facilitates distribution of benefits and subsidies funded by the CFI and this identification mechanism (Aadhaar number) does not give it the character of a money bill. Further, money bills can be introduced only in the Lok Sabha, and the Rajya Sabha cannot make amendments to such bills passed by the Lok Sabha. The Rajya Sabha can suggest amendments, but it is the Lok Sabha’s choice to accept or reject them. This leaves the Rajya Sabha with no effective role to play in the passage of the bill.</p>
<p style="text-align: justify;">The participants also briefly examined the writ petition that has been filed by former Union minister Jairam Ramesh challenging the constitutionality and legality of the treatment of this Act as a money bill which has raised the question of judiciary’s power to review the decisions of the speaker. Article 122 of the Constitution of India provides that this power of judicial review can be exercised to look into procedural irregularities. The question remains whether the Supreme Court will rule that it can determine the constitutionality of the decision made by the speaker relating to the manner in which the Act was introduced in the Lok Sabha. A few participants mentioned that similar circumstances had arisen in the case of Mohd. Saeed Siddiqui v. State of U.P. <a href="#ftn1">[1]</a>.</p>
<p style="text-align: justify;">where the Supreme Court refused to interfere with the decision of the Uttar Pradesh legislative assembly speaker certifying an amendment bill to increase the tenure of the Lokayukta as a money bill, despite the fact that the bill amended the Uttar Pradesh Lokayukta and Up-Lokayuktas Act, 1975, which was passed as an ordinary bill by both houses. The Court in this case held that the decision of the speaker was final and that the proceedings of the legislature being important legislative privilege could not be inquired into by courts. The Court added, “the question whether a bill is a money bill or not can be raised only in the state legislative assembly by a member thereof when the bill is pending in the state legislature and before it becomes an Act.”</p>
<p style="text-align: justify;">However, it is necessary to carve a distinction between Rajya Sabha and State Legislature. Unlike the State Legislature, constitution of Rajya Sabha is not optional therefore significance of the two bodies in the parliamentary process cannot be considered the same. Participants also made another significant observation about a similar bill on the UID project (National Identification Authority of India (NIDAI) Bill) that was introduced before by the UPA government in 2010 and was deemed unacceptable by the standing committee on finance, headed by Yashwant Sinha. This bill was subsequently withdrawn.</p>
<h3 id="22" style="text-align: justify;">Status of Related Litigation</h3>
<p style="text-align: justify;">A panellist in this session briefly summarised all the litigation that was related to or would be affected by the Act. The panellist also highlighted several Supreme Court orders in the case of <em>KS Puttuswamy v. Union of India</em> <a href="#ftn2">[2]</a> which limited the use of Aadhaar. We have reproduced the presentation below.</p>
<ul>
<li style="text-align: justify;"><em>KS Puttuswamy v. Union of India</em> - This petition was filed in 2012 with primary concern about providing Aadhaar numbers to illegal immigrants in India. It was contended that this could not be done without a law establishing the UIDAI and amendment to the Citizenship laws. The petitioner raised concerns about privacy and fallibility of biometrics.</li>
<li style="text-align: justify;"> Sudhir Vombatkere & Bezwada Wilson <a href="#ftn3">[3]</a> - This petition was filed in 2013 on grounds of infringement of right to privacy guaranteed under Article 21 of the Constitution of India and the security threat on account of data convergence.</li>
<li style="text-align: justify;">Aruna Roy & Nikhil Dey <a href="#ftn4">[4]</a> - This petition was filed in 2013 on the grounds of large scale exclusion of people from access to basic welfare services caused by UID. After their petition, no. of intervention applications were filed. These were the following:</li>
<li style="text-align: justify;">Col. Mathew Thomas <a href="#ftn5">[5]</a> - This petition was filed on the grounds of threat to national security posed by the UID project particularly in relation to arrangements for data sharing with foreign companies (with links to foreign intelligence agencies).</li>
<li style="text-align: justify;">Nagrik Chetna Manch <a href="#ftn6">[6]</a> - This petition was filed in 2013 and led by Dr. Anupam Saraph on the grounds that the UID project was detrimental to financial service regulation and financial <em>inclusion.</em></li>
<li style="text-align: justify;">S. Raju <a href="#ftn7">[7] </a> - This petition was filed on the grounds that the UID project had implications on the federal structure of the State and was detrimental to financial inclusion.</li>
<li style="text-align: justify;"><em>Beghar Foundation</em> - This petition was filed in 2013 in the Delhi High Court on the grounds invasion of privacy and exclusion specifically in relation to the homeless. It subsequently joined the petition filed by Aruna Roy and Nikhil Dey as an intervener.</li>
<li style="text-align: justify;">Vickram Crishna – This petition was originally filed in the Bombay High Court in 2013 on the grounds of surveillance and invasion of privacy. It was later transferred to the Supreme Court.</li>
<li style="text-align: justify;">Somasekhar – This petition was filed on the grounds of procedural unreasonableness of the UID project and also exclusion & privacy. The petitioner later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013.</li>
<li style="text-align: justify;">Rajeev Chandrashekhar– This petition was filed on the ground of lack of legal sanction for the UID project. He later intervened in the petition filed by Aruna Roy and Nikhil Dey in 2013. His position has changed now.</li>
<li style="text-align: justify;">Further, a petition was filed by Mr. Jairam Ramesh initially challenging the passage of the Act as a money bill but subsequently, it has been amended to include issues of violation of right to privacy and exclusion of the poor and has advocated for five amendments that were suggested to the Aadhaar Bill by the Rajya Sabha.</li></ul>
<h3 id="23" style="text-align: justify;">Relevant Orders of the Supreme Court</h3>
<p>There are six orders of the Supreme Court which are noteworthy.</p>
<ul>
<li style="text-align: justify;">Order of Sept. 23, 2013 - The Supreme court directed that: 1) no person shall suffer for not having an aadhaar number despite the fact that a circular by an authority makes it mandatory; 2) it should be checked if a person applying for aadhaar number voluntarily is entitled to it under the law; and 3) precaution should be taken that it is not be issued to illegal immigrants.</li>
<li style="text-align: justify;">Order of 26th November, 2013 – Applications were filed by UIDAI, Ministry of Petroleum & Natural Gas, Govt of India, Indian Oil Corporation, BPCL and HPCL for modifying the September 23rd order and sought permission from the Supreme Court to make aadhaar number mandatory. The Supreme Court held that the order of September 23rd would continue to be effective.</li>
<li style="text-align: justify;">Order of 24th March, 2014 – This order was passed by the Supreme Court in a special leave petition filed in the case of <em>UIDAI v CBI</em> <a href="#ftn8">[8] </a> wherein UIDAI was asked to UIDAI to share biometric information of all residents of a particular place in Goa to facilitate a criminal investigation involving charges of rape and sexual assault. The Supreme Court restrained UIDAI from transferring any biometric information of an individual without to any other agency without his consent in writing. The Supreme Court also directed all the authorities to modify their forms/circulars/likes so as to not make aadhaar number mandatory.</li>
<li style="text-align: justify;">Order of 16th March, 2015 - The SC took notice of widespread violations of the order passed on September 23rd, 2013 and directed the Centre and the states to adhere to these orders to not make aadhaar compulsory.</li>
<li style="text-align: justify;">Orders of August 11, 2015 – In the first order, the Central Government was directed to publicise the fact that aadhaar was voluntary. The Supreme Court further held that provision of benefits due to a citizen of India would not be made conditional upon obtaining an aadhaar number and restricted the use of aadhaar to the PDS Scheme and in particular for the purpose of distribution of foodgrains, etc. and cooking fuel, such as kerosene and the LPG Distribution Scheme. The Supreme Court also held that information of an individual that was collected in order to issue an aadhaar number would not be used for any purpose except when directed by the Court for criminal investigations. Separately, the status of fundamental right to privacy was contested and accordingly the Supreme Court directed that the issue be taken up before the Chief Justice of India.</li>
<li style="text-align: justify;">Orders of October 16, 2015 – The Union of India, the states of Gujarat, Maharashtra, Himachal Pradesh and Rajasthan, and authorities including SEBI, TRAI, CBDT, IRDA , RBI applied for a hearing before the Constitution Bench for modification of the order passed by the Supreme Court on August 11 and allow use of aadhaar number schemes like The Mahatma Gandhi National Rural Employment Guarantee Scheme MGNREGS), National Social Assistance Programme (Old Age Pensions, Widow Pensions, Disability Pensions) Prime Minister's Jan Dhan Yojana (PMJDY) and Employees' Providend Fund Organisation (EPFO). The Bench allowed the use of aadhaar number for these schemes but stressed upon the need to keep aadhaar scheme voluntary until the matter was finally decided.</li></ul>
<p style="text-align: justify;">Status of these orders<br />The participants discussed the possible impact of the law on the operation of these orders. A participant pointed out that matters in the Supreme Court had not become infructuous because fundamental issues that were being heard in the Supreme Court had not been resolved by the passage of the Act. Several participants believed that the aforementioned orders were effective because the law had not come into force. Therefore, aadhaar number could only be used for purposes specified by the Supreme Court and it could not be made mandatory. Participants also highlighted that when the Act was implemented, it would not nullify the orders of the Supreme Court unless Union of India asked the Supreme Court for it specifically and the Supreme Court sanctioned that.</p>
<h3 id="3" style="text-align: justify;"><strong>3. National Identity Projects in Other Jurisdictions</strong></h3>
<p style="text-align: justify;">A panellist had provided a brief overview of similar programs on identification that have been launched in other jurisdictions including Pakistan, United Kingdom, France, Estonia and Argentina in the recent past in the session titled ‘Aadhaar - International Dimensions’. This presentation mainly sought to assess the incentives that drove the governments in these jurisdictions to formulate these projects, mandatory nature of their adoption and their popularity. The Report has reproduced the presentation here.</p>
<h3 id="31" style="text-align: justify;">Pakistan</h3>
<p style="text-align: justify;">The Second Amendment to the Constitution of Pakistan in 2000 established the National Database and Regulation Authority in the country, which regulates government databases and statistically manages the sensitive registration database of the citizens of Pakistan. It is also responsible for issuing national identity cards to the citizens of Pakistan. Although the card is not legally compulsory for a Pakistani citizen, it is mandatory for:</p>
<ul>
<li>Voting</li>
<li>Obtaining a passport</li>
<li>Purchasing vehicles and land</li>
<li>Obtaining a driver licence</li>
<li>Purchasing a plane or train ticket</li>
<li>Obtaining a mobile phone SIM card</li>
<li>Obtaining electricity, gas, and water</li>
<li>Securing admission to college and other post-graduate institutes</li>
<li>Conducting major financial transactions</li></ul>
<p style="text-align: justify;">Therefore, it is pretty much necessary for basic civic life in the country. In 2012, NADRA introduced the Smart National Identity Card, an electronic identity card, which implements 36 security features. The following information can be found on the card and subsequently the central database: Legal Name, Gender (male, female, or transgender), Father's name (Husband's name for married females), Identification Mark, Date of Birth, National Identity Card Number, Family Tree ID Number, Current Address, Permanent Address, Date of Issue, Date of Expiry, Signature, Photo, and Fingerprint (Thumbprint). NADRA also records the applicant's religion, but this is not noted on the card itself. (This system has not been removed yet and is still operational in Pakistan.)</p>
<h3 id="32" style="text-align: justify;">United Kingdom</h3>
<p style="text-align: justify;">The Identity Cards Act was introduced in the wake of the terrorist attacks on 11th September, 2001, amidst rising concerns about identity theft and the misuse of public services. The card was to be used to obtain social security services, but the ability to properly identify a person to their true identity was central to the proposal, with wider implications for prevention of crime and terrorism. The cards were linked to a central database (the National Identity Register), which would store information about all of the holders of the cards. The concerns raised by human rights lawyers, activists, security professionals and IT experts, as well as politicians were not to do with the cards as much as with the NIR. The Act specified 50 categories of information that the NIR could hold, including up to 10 fingerprints, digitised facial scan and iris scan, current and past UK and overseas places of residence of all residents of the UK throughout their lives. The central database was purported to be a prime target for cyber attacks, and was also said to be a violation of the right to privacy of UK citizens. The Act was passed by the Labour Government in 2006, and repealed by the Conservative-Liberal Democrat Coalition Government as part of their measures to “reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion.”</p>
<h3 id="33" style="text-align: justify;">Estonia</h3>
<p style="text-align: justify;">The Estonian i-card is a smart card issued to Estonian citizens by the Police and Border Guard Board. All Estonian citizens and permanent residents are legally obliged to possess this card from the age of 15. The card stores data such as the user's full name, gender, national identification number, and cryptographic keys and public key certificates. The cryptographic signature in the card is legally equivalent to a manual signature, since 15 December 2000. The following are a few examples of what the card is used for:</p>
<ul>
<li>As a national ID card for legal travel within the EU for Estonian citizens</li>
<li>As the national health insurance card</li>
<li>As proof of identification when logging into bank accounts from a home computer</li>
<li>For digital signatures</li>
<li>For i-voting</li>
<li>For accessing government databases to check one’s medical records, file taxes, etc.</li>
<li>For picking up e-Prescriptions</li>
<li>(This system is also operational in the country and has not been removed)</li></ul>
<h3 id="34" style="text-align: justify;">France</h3>
<p style="text-align: justify;">The biometric ID card was to include a compulsory chip containing personal information, such as fingerprints, a photograph, home address, height, and eye colour. A second, optional chip was to be implemented for online authentication and electronic signatures, to be used for e-government services and e-commerce. The law was passed with the purpose of combating “identity fraud”. It was referred to the Constitutional Council by more than 200 members of the French Parliament, who challenged the compatibility of the bill with the citizens’ fundamental rights, including the right to privacy and the presumption of innocence. The Council struck down the law, citing the issue of proportionality. “Regarding the nature of the recorded data, the range of the treatment, the technical characteristics and conditions of the consultation, the provisions of article 5 touch the right to privacy in a way that cannot be considered as proportional to the meant purpose”.</p>
<h3 id="35" style="text-align: justify;">Argentina</h3>
<p style="text-align: justify;">Documento Nacional de Identidad or DNI (which means National Identity Document) is the main identity document for Argentine citizens, as well as temporary or permanent resident aliens. It is issued at a person's birth, and updated at 8 and 14 years of age simultaneously in one format: a card (DNI tarjeta); it's valid if identification is required, and is required for voting. The front side of the card states the name, sex, nationality, specimen issue, date of birth, date of issue, date of expiry, and transaction number along with the DNI number and portrait and signature of the card's bearer. The back side of the card shows the address of the card's bearer along with their right thumb fingerprint. The front side of the DNI also shows a barcode while the back shows machine-readable information. The DNI is a valid travel document for entering Argentina, Bolivia, Brazil, Chile, Colombia, Ecuador, Paraguay, Peru, Uruguay, and Venezuela. (System still operational in the country)</p>
<h3 id="4" style="text-align: justify;"><strong>4. Technologies of Identification and Authentication</strong></h3>
<p style="text-align: justify;">The panel in the session titled ‘Aadhaar: Science, Technology, and Security’ explained the technical aspects of use of biometrics and privacy concerns, technology architecture for identification and inadequacy of infrastructure for information security. In this section, we have summarised the presentation and the ensuing discussions on these issues.</p>
<h3 id="41" style="text-align: justify;">Use of Biometric Information for Identification and Authentication</h3>
<p style="text-align: justify;">The panelists explained with examples that identification and authentication were different things. Identity provides an answer to the question “who are you?” while authentication is a challenge-response process that provides a proof of the claim of identity. Common examples of identity are User ID (Login ID), cryptographic public keys and ATM or Smart cards while common authenticators are passwords (including OTPs), PINs and cryptographic private keys. Identity is public information but an authenticator must be private and known only to the user. Authentication must necessarily be a conscious process and active participation by the user is a must. It should also always be possible to revoke an authenticator. After providing this understanding of the two processes the panellist then explained if biometric information could be used for identification or authentication under the UID Project. Biometric information is clearly public information and it is questionable if it can be revoked. Therefore it should never be used for authentication, but only for identity verification. There is a possibility of authentication by fingerprints under the UID Project, without conscious participation of the user. One could trace the fingerprints of an individual from any place the individual has been in contact with. Therefore, authentication must certainly be done by other means. The panellist pointed out that there were five kinds of authentication under the UID Project, out of which two-factor authentication and one time password were considered suitable but use of biometric information and demographic information was extremely threatening and must be withdrawn.</p>
<h3 id="42" style="text-align: justify;">Architectures of Identification</h3>
<p style="text-align: justify;">The panelists explained the architecture of the UID Project that has been designed for identification purposes, highlighted its limitations and suggested alternatives. His explanations are reproduced below.</p>
<p style="text-align: justify;">Under the UID Project, there is a centralised means of identification i.e. the aadhaar number and biometric information stored in one place, Central Identification Data Repository (CIDR). It is better to have multiple means of identification than one (as contemplated under the UID Project) for preservation of our civil liberties. The question is what the available alternatives are. Web of trust is a way for operationalizing distributed identification but the challenge is how one brings people from all social levels to participate in it. There is a need for registrars who will sign keys and public databases for this purpose.</p>
<p style="text-align: justify;">The aadhaar number functions as a common index and facilitates correlation of data across Government databases. While this is tremendously attractive it raises several privacy concerns as more and more information relating to an individual is available to others and is likely to be abused.</p>
<p style="text-align: justify;">The aadhaar number is available in human readable form. This raises the risk of identification without consent and unauthorised profiling. It cannot be revoked. Potential for damage in case of identity theft increases manifold.</p>
<p style="text-align: justify;">Under the UID Project, for the purpose of information security, Authentication User Agencies (“<strong>AUA</strong>”) are required to use local identifiers instead of aadhaar numbers but they are also required to map these local identifiers to the aadhaar numbers. Aadhaar numbers are not cryptographically secured; in fact they are publicly available. Hence this exercise for securing information is useless. An alternative would be to issue different identifiers for different domains and cryptographically embed a “master identifier” (in this case, equivalent of aadhaar number) into each local identifier.</p>
<p style="text-align: justify;">All field devices (for example POS machines) should be registered and must communicate directly with UIDAI. In fact, UIDAI must verify the authenticity (tamper proof) of the field device during run time and a UIDAI approved authenticity certificate must be issued for field devices. This certificate must be made available to users on demand. Further, the security and privacy frameworks within which AUAs work must be appropriately defined by legal and technical means.</p>
<h3 id="43" style="text-align: justify;">Security Infrastructure of CIDR</h3>
<p style="text-align: justify;">The panelists also enumerated the security features of the UID Project and highlighted the flaws in these features. These have been summarised below.</p>
<p>The security and privacy infrastructure of UIDAI has the following main features:</p>
<ul>
<li>2048 bit PKI encryption of biometric data in transit</li>
<li>End-to-end encryption from enrolment/POS to CIDR</li>
<li>HMAC based tamper detection of PID blocks</li>
<li>Registration and authentication of AUAs</li>
<li>Within CIDR only a SHA 1 Hash of Aadhaar number is stored</li>
<li>Audit trails are stored SHA 1 encrypted. Tamper detection?</li>
<li>Only hashes of passwords and PINs are stored. (biometric data stored in original form though!)</li>
<li>Authentication requests have unique session keys and HMAC</li>
<li>Resident data stored using 100 way sharding (vertical partitioning). First two digits of Aadhaar number as shard keys</li>
<li>All enrolment and update requests link to partitioned databases using Ref IDs (coded indices)</li>
<li>All accesses through a hardware security module</li>
<li>All analytics carried out on anonymised data</li></ul>
<p style="text-align: justify;">The panellists pointed out the concerns about information security on account of design flaws, lack of procedural safeguards, openness of the system and too much trust imposed on multiple players. All symmetric and private keys and hashes are stored somewhere within UIDAI. This indicates that trust is implicitly assumed which is a glaring design flaw. There is no well-defined approval procedure for data inspection, whether it is for the purpose of investigation or for data analytics. There is a likelihood of system hacks, insider leaks, and tampering of authentication records and audit trails. The ensuing discussions highlighted that the UIDAI had admitted to these security risks. The enrolment agencies and the enrolment devices cannot be trusted. AUAs cannot be trusted with biometric and demographic data; neither can they be trusted with sensitive user data of private nature. There is a need for an independent third party auditor for distributed key management, auditing and approving UIDAI programs, including those for data inspection and analytics, whitebox cryptographic compilation of critical parts of the UIDAI programs, issue of cryptographic keys to UIDAI programs for functional encryption, challenge-response for run-time authentication and certification of UIDAI programs. The panellist recommended that there was a need to to put a suitable legal framework to execute this.</p>
<p style="text-align: justify;">The participants also discussed that information infrastructure must not be made of proprietary software (possibility for backdoors for US) and there must be a third party audit with a non-negotiable clause for public audit.</p>
<h3 id="5" style="text-align: justify;"><strong>5. Aadhaar for Welfare?</strong></h3>
<p style="text-align: justify;">The Report has summarised the discussions that took place in the sessions on ‘Direct Benefits Transfers’ and ‘Aadhaar: Broad Issues - II’ where the panellists critically analysed the claims of benefits and inclusion of Aadhaar made by the government in light of the ground realities in states where Aadhaar has been adopted for social welfare schemes.</p>
<h3 id="51" style="text-align: justify;">Social Welfare: Modes of Access and Exclusion</h3>
<p style="text-align: justify;">Under the Act, a person may be required to authenticate or give proof of the aadhaar number in order to receive subsidy from the government (Section 7). A person is required to punch their fingerprints on POS machines in order to receive their entitlement under the social welfare schemes such as LPG and PDS. It was pointed out in the discussions that various states including Rajasthan and Delhi had witnessed fingerprint errors while doling out benefits at ration shops under the PDS scheme. People have failed to receive their entitled benefits because of these fingerprint errors thus resulting in exclusion of beneficiaries <a href="#ftn9">[9]</a>. A panellist pointed out that in Rajasthan, dysfunctional biometrics had led to further corruption in ration shops. Ration shop owners often lied to the beneficiaries about functioning of the biometric machines (POS Machines) and kept the ration for sale in the market therefore making a lot of money at the expense of uninformed beneficiaries and depriving them of their entitlements.</p>
<p style="text-align: justify;">Another participant organisation also pointed out similar circumstances in the ration shops in Patparganj and New Delhi constituencies. Here, the dealers had maintained the records of beneficiaries who had been categorized as follows: beneficiaries whose biometrics did not match, beneficiaries whose biometrics matched and entitlements were provided, beneficiaries who never visited the ration shop. It had been observed that there were no entries in the category of beneficiaries whose biometrics did not match however, the beneficiaries had a different story to tell. They complained that their biometrics did not match despite trying several times and there was no mechanism for a manual override. Consequently, they had not been able to receive any entitlements for months. The discussions also pointed out that the food authorities had placed complete reliance on authenticity of the POS machines and claim that this system would weed out families who were not entitled to the benefits. The MIS was also running technical glitches as a result there was a problem with registering information about these transactions hence, no records had been created with the State authority about these problems. A participant also discussed the plight of 30,000 widows in Delhi, who were entitled to pension and used to collect their entitlement from post offices, faced exclusion due to transition problems under the Jan Dhan Yojana (after the Jandhan was launched the money was transferred to their bank accounts in order to resolve the problem of misappropriation of money at the hands of post office officials). These widows were asked to open bank accounts to receive their entitlements and those who did not open these accounts and did not inform the post office were considered bogus.</p>
<p style="text-align: justify;">In the discussions, the participants also noted that this unreliability of fingerprints as a means of authentication of an individual’s identity was highlighted at the meeting of Empowered Group of Ministers in 2011 by J Dsouza, a biometrics scientist. He used his wife’s fingerprints to demonstrate that fingerprints may change overtime and in such an event, one would not be able to use the POS machine anymore as the machine would continue to identify the impressions collected initially.</p>
<p style="text-align: justify;">The participants who had been working in the field had contributed to the discussions by busting the myth that the UID Project helped to identify who was poor and resolve the problem of exclusion due to leakages in the social welfare programs. These discussions have been summarised below.</p>
<ul>
<li style="text-align: justify;">It is important to understand that the UID Project is merely an identification and authentication system. It only helps in verifying if an individual is entitled to benefits under a social security scheme. It does not ensure plugging of leakages and reducing corruption in social security schemes as has been claimed by the Government. The reduction in leakage of PDS, for instance, should be attributed to digitization and not UID. The Government claims, that it has saved INR 15000 crore in provision of LPG on identification of 3.34 crore inactive accounts on account of the UID Project. This is untrue because the accounts were weeded by using mechanisms completely unrelated to the UID Project. Consequently, the savings on account of UID are only of INR 120 crore and not 15000 crore.</li>
<li style="text-align: justify;">The UID Project has resulted in exclusion of people either because they do not have an aadhaar number, or they have a wrong identification, or there are errors of classification or wilful misclassification. About 99.7% people who were given aadhaar numbers already had an identification document. In fact, during enrolment a person is required to produce one of 14 identification documents listed under the law in order to get an aadhaar number which makes it very difficult for a person with no identity to become entitled to a social welfare scheme.</li></ul>
<p style="text-align: justify;">A participant condemned the Government’s claim that the UID Project had helped in removing fake, bogus and duplicate cards and said that these terms could not be used synonymously and the authorities had no clarity about the difference between the meanings of these terms. The UID Project had only helped in removal of duplicate cards but had not helped in combating the use of fake and bogus cards.</p>
<h3 id="52" style="text-align: justify;">Financial Inclusion and Direct Benefits Transfer</h3>
<p style="text-align: justify;">The participants also engaged in the discussions about the impact of the UID project on financial inclusion in India in the sessions titled ‘Aadhaar: Broad Issues - I & II’. We have summarised these discussions below.</p>
<p style="text-align: justify;">The UID Project seeks to directly transfer money to a bank account in order to combat corruption. The discussions highlighted that this was nothing but introducing a neo liberal thrust in social policy and that it was not feasible for various reasons. First, 95% of rural India did not have functioning banks and banks are quite far away. Second, in order to combat this dearth of banks the idea of business correspondents, who handled banking transactions and helped in opening of bank accounts, had been introduced which had created various problems. The Reserve Bank of India reported that there was dearth of business correspondents as there was very little incentive to become one; their salary is merely INR 4000. Third, there were concerns about how an aadhaar number was considered a valid document for Know Your Customer (KYC) checks. There was a requirement for scrutiny and auditing of documents submitted during the time of enrolment which, in the present scheme of things, could not be verified. Fourth, there were no restrictions on number of bank accounts that could be opened with a single aadhaar number which gave rise to a possibility of opening multiple and shell accounts on a single aadhaar number. Therefore, records only showed transactions when money was transferred from an aadhaar number to another aadhaar number as opposed to an account-to-account transfer. The discussion relied on NPCI data which shows which bank an aadhaar number is associated with but does not show if a transaction by an aadhaar number is overwritten by another bank account belonging to the same aadhaar number.</p>
<h3 id="6" style="text-align: justify;"><strong>6. Surveillance and UIDAI</strong></h3>
<p style="text-align: justify;">The participants had discussed the possibility of an alternative purpose for enrolling Aadhaar in the session titled ‘Privacy, Surveillance, and Ethical Dimensions of Aadhaar’. The discussion traced the history of this project to gain insight on this issue. We have summarised below the key take aways from this discussion.</p>
<p style="text-align: justify;">There are claims that the main objective of launching the UID Project is not to facilitate implementation of social security schemes but to collect personal (financial and non-financial) information of the citizens and residents of the country to build a data monopoly. For this purpose, PDS was chosen as a suitable social security scheme as it has the largest coverage. Several participants suggested that numerous reports authored by FICCI, KPMG and ASSOCHAM contained proposals for establishing a national identity authority which threw some light on the commercial intentions behind information collection under the UID Project.</p>
<p style="text-align: justify;">It was also pointed out that there was documented proof that information collected under the UID Project might have been shared with foreign companies. There are suggestions about links established between proponents of the UID Project and companies backed by CIA or the French Government which run security projects and deal in data sharing in several jurisdictions.</p>
<h3 id="7" style="text-align: justify;"><strong>7. Strategies for Future Action</strong></h3>
<p>The participants laid down a list of measures that must be taken to take the discussions forward. We have enumerated these recommendations below.</p>
<ul>
<li>Prepare and compile an anthology of articles as an output of this workshop. </li>
<li>Prepare position papers on specific issues related to the UID Project </li>
<li>Prepare pamphlets/brochures on issues with the UID Project for public consumption </li>
<li>Prepare counter-advertisements for Aadhaar</li>
<li>Publish existing empirical evidence on the flaws in Aadhaar.</li>
<li>Set up an online portal dedicated to providing updates on the UID Project and allows discussions on specific issues related to Aadhaar.</li>
<li>Use Social Media to reach out to the public. Regularly track and comment on social media pages of relevant departments of the government.</li>
<li>Create groups dedicated to research and advocacy of specific aspects of the UID Project. </li>
<li>Create a Coordination Committee preferably based in Delhi which would be responsible for regularly holding meetings and for preparing a coordinated plan of action. Employ permanent to staff to run the Committee.</li>
<li>Organise an advocacy campaign against use of Aadhaar in collaboration with other organisations and build public domain acceptance. </li>
<li>The campaign must specifically focus on the unfettered scope of UID and expanse, misrepresentation of the success of Aadhaar by highlighting real savings, technological flaws, status of pilot programs and increasing corruption on account of the UID Project</li>
<li>Prepare a statement of public concern regarding the UID Project and collect signatures from eminent persons including academics, technical experts, civil society groups and members of parliament.</li>
<li>Organise events and discussions on issues relating to Aadhaar and invite members og government departments to speak and discuss the issues. </li>
<li style="text-align: justify;">Write to Members of Parliament and Members of Legislative Assemblies raising questions on their or their parties’ support for Aadhaar and silence on the problems created by the UID Project. </li>
<li style="text-align: justify;">Organise public hearings in states like Rajasthan to observe and document ground realities of the UID Project and share these outcomes with the state government and media. </li>
<li>Plan a national social audit and public hearing on the working of UID Project in the country. </li>
<li style="text-align: justify;">File Contempt Petitions in the Supreme Court and High Courts against mandatory use of Aadhaar number for services not allowed by the Supreme Court. </li>
<li style="text-align: justify;">Reach out to and engage with various foreign citizens and organisations that have been fighting on similar issues. The organisations and individuals who could be approached would include EPIC, Electronic Frontier foundation, David Moss, UK, Roger Clarke, Australia, Prof. Ian Angel, Snowden, Assange and Chomsky.</li>
<li style="text-align: justify;">Work towards increasing awareness about the UID Project and gaining support from the student and research community, student organisations, trade unions, and other associations and networks in the unorganised sector.</li></ul>
<h3 id="AA" style="text-align: justify;"><strong>Annexure A – Workshop Agenda</strong></h3>
<h4>May 26, 2016</h4>
<table>
<tbody>
<tr>
<td>
<p>9:00-9:30</p>
</td>
<td>
<p><strong>Registration</strong></p>
</td>
</tr>
<tr>
<td>
<p>9:30-10:00</p>
</td>
<td>
<p>Prof. Dinesh Abrol - <em>Welcome</em><br />
<em>Self-introduction and expectations of participants</em><br />
Dr. Usha Ramanathan - <em>Overview of the Workshop</em></p>
</td>
</tr>
<tr>
<td>
<p>10:00-11:00</p>
</td>
<td>
<p><strong>Session 1: Current Status of Aadhaar</strong><br />
Dr. Usha Ramanathan, Legal Researcher, New Delhi - <em>What the 2016 Law Says, and How it Came into Being</em><br />
S. Prasanna, Advocate, New Delhi - <em>Status and Force of Supreme Court Orders on Aadhaar</em><br /> <em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>11:00-11:30</p>
</td>
<td>
<p><strong>Tea Break</strong></p>
</td>
</tr>
<tr>
<td>
<p>11:30-13:30</p>
</td>
<td>
<p><strong>Session 2: Direct Benefits Transfers</strong><br />
Prof. Reetika Khera, Indian Institute of Technology, Delhi - <em>Welfare Needs Aadhaar like a Fish Needs a Bicycle</em><br />
Prof. R. Ramakumar, Tata Institute of Social Sciences, Mumbai - <em>Aadhaar and the Social Sector: A critical analysis of the claims of benefits and inclusion</em><br />
Ashok Rao, Delhi Science Forum - <em>Cash Transfers Study</em><br />
<em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>13:30-14:30</p>
</td>
<td>
<p><strong>Lunch</strong></p>
</td>
</tr>
<tr>
<td>
<p>14:30-16:00</p>
</td>
<td>
<p><strong>Session 3: Aadhaar: Science, Technology, and Security</strong><br />
Prof. Subashis Banerjee, Dept of Computer Science & Engineering, IIT, Delhi - <em>Privacy and Security Issues Related to the Aadhaar Act</em><br />
Pukhraj Singh, Former National Cyber Security Manager, Aadhaar, New Delhi - <em>Aadhaar: Security and Surveillance Dimensions</em><br />
<em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>16:00-16:30</p>
</td>
<td>
<p><strong>Tea Break</strong></p>
</td>
</tr>
<tr>
<td>
<p>16:30-17:30</p>
</td>
<td>
<p><strong>Session 4: Aadhaar - International Dimensions</strong><br />
Joshita Pai, Center for Communication Governance, National Law University, Delhi - <em>Biometrics and Mandatory IDs in Other Parts of the World</em><br />
Dr. Gopal Krishna, Citizens Forum for Civil Liberties - <em>International Dimensions of Aadhaar</em><br />
<em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>17:30-18:00</p>
</td>
<td>
<p><strong>High Tea</strong></p>
</td>
</tr>
</tbody>
</table>
<h4>May 27, 2016</h4>
<table>
<tbody>
<tr>
<td>
<p>9:30-11:00</p>
</td>
<td>
<p><strong>Session 5: Privacy, Surveillance and Ethical Dimensions of Aadhaar</strong><br />
Prabir Purkayastha, Free Software Movement of India, New Delhi - <em>Surveillance Capitalism and the Commodification of Personal Data</em><br />
Arjun Jayakumar, SFLC - <em>Surveillance Projects Amalgamated</em><br />
Col Mathew Thomas, Bengaluru - <em>The Deceit of Aadhaar<em></em><br />
<em>Discussion</em></em></p>
<em>
</em></td>
</tr>
<tr>
<td>
<p>11:00-11:30</p>
</td>
<td>
<p><strong>Tea Break</strong></p>
</td>
</tr>
<tr>
<td>
<p><em>11:30-13:00</em></p>
</td>
<td>
<p><strong>Session 6: Aadhaar - Broad Issues I</strong><br />
Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai - <em>How to prevent linked data in the context of Aadhaar</em><br />
Dr. Anupam Saraph, Pune - <em>Aadhaar and Moneylaundering</em><br />
<em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>13:00-14:00</p>
</td>
<td>
<p><strong>Lunch</strong></p>
</td>
</tr>
<tr>
<td>
<p>14:00-15:30</p>
</td>
<td>
<p><strong>Session 7: Aadhaar - Broad Issues II</strong><br />
Prof. MS Sriram, Visiting Faculty, Indian Institute of Management, Bangalore - <em>Financial lnclusion</em><br />
Nikhil Dey, MKSS, Rajasthan - <em>Field witness: Technology on the Ground</em><br />
Prof. Himanshu, Centre for Economic Studies & Planning, JNU - <em>UID Process and Financial Inclusion</em><br />
<em>Discussion</em></p>
</td>
</tr>
<tr>
<td>
<p>15:30-16:00</p>
</td>
<td>
<p><strong>Session 8: Conclusion</strong></p>
</td>
</tr>
<tr>
<td>
<p>16:00-18:00</p>
</td>
<td>
<p><strong>Informal Meetings</strong></p>
</td>
</tr>
</tbody>
</table>
<h3 id="AB" style="text-align: justify;"><strong>Annexure B – Workshop Participants</strong></h3>
<p>Anjali Bhardwaj, Satark Nagrik Sangathan</p>
<p>Dr. Anupam Saraph</p>
<p>Arjun Jayakumar, Software Freedom Law Centre</p>
<p>Ashok Rao, Delhi Science Forum</p>
<p>Prof. Chinmayi Arun, National Law University, Delhi</p>
<p>Prof. Dinesh Abrol, Jawaharlal Nehru University</p>
<p>Prof. G Nagarjuna, Homi Bhabha Center for Science Education, Tata Institute of Fundamental Research, Mumbai</p>
<p>Dr. Gopal Krishna, Citizens Forum for Civil Liberties</p>
<p>Prof. Himanshu, Jawaharlal Nehru University</p>
<p>Japreet Grewal, the Centre for Internet and Society</p>
<p>Joshita Pai, National Law University, Delhi</p>
<p>Malini Chakravarty, Centre for Budget and Governance Accountability</p>
<p>Col. Mathew Thomas</p>
<p>Prof. MS Sriram, Indian Institute of Management, Bangalore</p>
<p>Nikhil Dey, Mazdoor Kisan Shakti Sangathan</p>
<p>Prabir Purkayastha, Knowledge Commons and Free Software Movement of India</p>
<p>Pukhraj Singh, Bhujang</p>
<p>Rajiv Mishra, Jawaharlal Nehru University</p>
<p>Prof. R Ramakumar, Tata Institute of Social Sciences, Mumbai</p>
<p>Dr. Reetika Khera, Indian Institute of Technology, Delhi</p>
<p>Dr. Ritajyoti Bandyopadhyay, Indian Institute of Science Education and Research, Mohali</p>
<p>S. Prasanna, Advocate</p>
<p>Sanjay Kumar, Science Journalist</p>
<p>Sharath, Software Freedom Law Centre</p>
<p>Shivangi Narayan, Jawaharlal Nehru University</p>
<p>Prof. Subhashis Banerjee, Indian Institute of Technology, Delhi</p>
<p>Sumandro Chattapadhyay, the Centre for Internet and Society</p>
<p>Dr. Usha Ramanathan, Legal Researcher</p>
<p><em>Note: This list is only indicative, and not exhaustive.</em></p>
<hr />
<p><a name="ftn1"><strong>[1]</strong></a> Civil Appeal No. 4853 of 2014</p>
<p><a name="ftn2"><strong>[2]</strong></a> WP(C) 494/2012</p>
<p><a name="ftn3"><strong>[3]</strong> </a>. WP(C) 829/2013</p>
<p><a name="ftn4"><strong>[4]</strong></a> WP(C) 833/2013</p>
<p><a name="ftn5"><strong>[5]</strong></a> WP (C) 37/2015; (Earlier intervened in the Aruna Roy petition in 2013)</p>
<p><a name="ftn6"><strong>[6]</strong></a> WP (C) 932/2015</p>
<p><a name="ftn7"><strong>[7]</strong></a> Transferred from Madras HC 2013.</p>
<p style="text-align: justify;"><a name="ftn8"><strong>[8]</strong></a> SLP (Crl) 2524/2014 filed against the order of the Goa Bench of the Bombay HC in CRLWP 10/2014 wherein the High Court had directed UIDAI to share biometric information held by them of all residents of a particular place in Goa to help with a criminal investigation in a case involving charges of rape and sexual assault.</p>
<p><a name="ftn9"><strong>[9]</strong></a> See :http://scroll.in/article/806243/rajasthan-presses-on-with-aadhaar-after-fingerprint-readers-fail-well-buy-iris-scanners</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges'>http://editors.cis-india.org/internet-governance/blog/report-on-understanding-aadhaar-and-its-new-challenges</a>
</p>
No publisherJapreet Grewal, Vanya Rakesh, Sumandro Chattapadhyay, and Elonnai HickockBig DataData SystemsPrivacyResearchers at WorkInternet GovernanceAadhaarWelfare GovernanceBiometricsBig Data for DevelopmentUID2019-03-16T04:42:52ZBlog EntryPrivacy in the Age of Big Data
http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data
<b>Personal data is freely accessible, shared and even sold, and those to whom this information belongs have little control over its flow.</b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="http://www.asianage.com/india/all-india/100417/privacy-in-the-age-of-big-data.html">Asian Age</a> on April 10, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In 2011 it was estimated that the quantity of data produced globally surpassed 1.8 zettabyte. By 2013, it had increased to 4 zettabytes. This is a result of digital services which involve constant data trails left behind by human activity. This expansion in the volume, velocity, and variety of data available, together with the development of innovative forms of statistical analytics on the data collected, is generally referred to as “Big Data”. Despite significant (though largely unrealised) promises about Big Data, which range from improved decision-making, increased efficiency and productivity to greater personalisation of services, concerns remain about the impact of such datafication of all human activity on an individual’s privacy. Privacy has evolved into a sweeping concept, including within its scope matters pertaining to control over one’s body, physical space in one’s home, protection from surveillance, and from search and seizure, protection of one’s reputation as well as one’s thoughts. This generalised and vague conception of privacy not only comes with great judicial discretion, it also thwarts a fair understanding of the subject. Robert Post called privacy a concept so complex and “entangled in competing and contradictory dimensions, so engorged with various and distinct meanings”, that he sometimes “despairs whether it can be usefully addressed at all”.</p>
<p style="text-align: justify; ">This also leaves the idea of privacy vulnerable to considerable suspicion and ridicule. However, while there is a lack of clarity over the exact contours of what constitutes privacy, there is general agreement over its fundamental importance to our ability to lead whole lives. In order to understand the impact of datafied societies on privacy, it is important to first delve into the manner in which we exercise our privacy. The ideas of privacy and data management that are prevalent can be traced to the Fair Information Practice Principles (FIPP). These principles are the forerunners of most privacy regimes internationally, such as the OECD Privacy Guidelines, APEC Framework, or the nine National Privacy Principles articulated by the Justice A.P. Shah Committee Report. All of these frameworks have rights to notice, consent and correction, and how the data may be used, as their fundamental principles. It makes the data subject to the decision-making agent about where and when her/his personal data may be used, by whom, and in what way. The individual needs to be notified and his consent obtained before his personal data is used. If the scope of usage extends beyond what he has agreed to, his consent will be required for the increased scope.</p>
<p style="text-align: justify; ">In theory, this system sounds fair. Privacy is a value tied to the personal liberty and dignity of an individual. It is only appropriate that the individual should be the one holding the reins and taking the large decisions about the use of his personal data. This makes the individual empowered and allows him to weigh his own interests in exercising his consent. The allure of this paradigm is that in one elegant stroke, it seeks to ensure that consent is informed and free and also to implement an acceptable trade-off between privacy and competing concerns. This approach worked well when the number of data collectors were less and the uses of data was narrower and more defined. Today’s infinitely complex and labyrinthine data ecosystem is beyond the comprehension of most ordinary users. Despite a growing willingness to share information online, most people have no understanding of what happens to their data.</p>
<p style="text-align: justify; ">The quantity of data being generated is expanding at an exponential rate. From smartphones and televisions, trains and airplanes, sensor-equipped buildings and even the infrastructures of our cities, data now streams constantly from almost every sector and function of daily life, “creating countless new digital puddles, lakes, tributaries and oceans of information”. The inadequacy of the regulatory approaches and the absence of a comprehensive data protection regulation is exacerbated by the emergence of data-driven business models in the private sector and the adoption of data-driven governance approach by the government. The Aadhaar project, with over a billion registrants, is intended to act as a platform for a number of digital services, all of which produce enormous troves of data. The original press release by the Central Government reporting the approval by the Cabinet of Ministers of the Digital India programme, speaks of “cradle to grave” digital identity as one of its vision areas.</p>
<p style="text-align: justify; ">While the very idea of the government wanting to track its citizens’ lives from cradle to grave is creepy enough in itself, let us examine for a minute what this form of datafied surveillance will entail. A host of schemes under Digital India shall collect and store information through the life cycle of an individual. The result, as we can see, is building databases on individuals, which when combined, will provide a 360 degree view into the lives of individuals. Alongside the emergence of India Stack, a set of APIs built on top of the Aadhaar, conceptualised by iSPIRT, a consortium of select IT companies from India, to be deployed and managed by several agencies, including the National Payments Corporation of India, promises to provide a platform over which different private players can build their applications.</p>
<p style="text-align: justify; ">The sum of these interconnected parts will lead to a complete loss of anonymity, greater surveillance and impact free speech and individual choice. The move towards a cashless economy — with sharp nudges from the government — could lead to lack of financial agencies in case of technological failures as has been the case in experiments with digital payments in Africa. Lack of regulation in emerging data driven sectors such as Fintech can enable predatory practices where right to remotely deny financial services can be granted to private sector companies. An architecture such as IndiaStack enables datafication of financial transactions in a way that enables linked and structured data that allows continued use of the transaction data collected. It is important to recognise that at the stage of giving consent, there are too many unknowns for us to make informed decisions about the future uses of our personal data. Despite blanket approvals allowing any kind of use granted contractually through terms of use and privacy policies, there should be legal obligations overriding this consent for certain kinds of uses that may require renewed consent.</p>
<p style="text-align: justify; "><b>Biometrics-based identification in UK: </b>In 2005, researchers from London School of Economics and Political Science came out with a detailed report on the UK Identity Cards Bill (‘UK Bill’) — the proposed legislation for a national identification system based on biometrics. The project also envisaged a centralised database (like India) that would store personal information along with the entire transaction history of every individual. The report pointed strongly against the centralising storage of information and suggested other alternatives such as a system based on smartcards (where biometrics are stored on the card itself) or offline biometric-reader terminals.</p>
<p style="text-align: justify; ">As per the report, the alternatives would also have been cheaper as neither required real-time online connectivity. In India, online authentication is a far greater challenge. According to Network Readiness Index, 2016, India ranks 91, whereas UK is placed eight. Poor Internet connectivity can raise a lot of problems in the future including paralysis of transactions. The UK identification project was subsequently discarded as a result of the privacy and cost considerations raised in this report.</p>
<h3 style="text-align: justify; ">Aadhaar: Privacy concerns</h3>
<ol style="text-align: justify; ">
<li>Once the data is collected through National Information Utilities, it will be privatised and controlled by private utilities.</li>
<li>Once an individual’s data is entered in the system, it cannot be deleted. That individual will have no control over it.</li>
<li>Aadhaar Data (Demographic details along with photographs) are shared/transferred with the private entities including telecom companies as per the Aadhaar (Targeted delivery of Financial and other subsidies, benefits and services) Act, 2016 with the consent of Aadhaar number holder to fulfil their e-KYC requirements. The data is shared in encrypted form through secured channel.</li>
<li>Aadhaar Enabled Payment System (AEPS) on which 119 banks are live.</li>
<li>More than 33.87 crore transactions have taken place through AEPS, which was only 46 lakhs in May 2014.</li>
<li>As on 30-9-2016, 78 government schemes were linked to Aadhaar.</li>
<li>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, provides that no core-biometric information (fingerprints, iris scan) shall be shared with anyone for any reason whatsoever (Sec 29) and that the biometric information shall not be used for any purpose other than generation of Aadhaar and authentication.</li>
<li>Access to the data repository of UIDAI, called the Central Identities Data Repository(CIDR), is provided to third parties or private companies.</li>
</ol>
<p style="text-align: justify; "><b>Central Monitoring System</b> (CMS) is already live in Delhi, New Delhi and Mumbai. Union minister Ravi Shankar Prasad revealed this in one of his replies in the Lok Sabha last year. CMS has been set up to automate the process of Lawful Interception & Monitoring of telecommunications.</p>
<p style="text-align: justify; "><b>Central Monitoring System</b> (CMS) is already live in Delhi, New Delhi and Mumbai. Union minister Ravi Shankar Prasad revealed this in one of his replies in the Lok Sabha last year. CMS has been set up to automate the process of Lawful Interception & Monitoring of telecommunications.</p>
<p style="text-align: justify; "><b>Lawful Intercept </b>and Monitoring (LIM) systems are used by the Indian Government to intercept records of voice, SMSes, GPRS data, details of a subscriber’s application and recharge history and call detail record (CDR) and monitor Internet traffic, emails, web-browsing, Skype and any other Internet activity of Indian users.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data'>http://editors.cis-india.org/internet-governance/blog/asian-age-amber-sinha-april-10-2017-privacy-in-the-age-of-big-data</a>
</p>
No publisheramberInternet GovernanceAadhaarBig DataPrivacy2017-04-11T14:43:59ZBlog EntryPrivacy after Big Data: Compilation of Early Research
http://editors.cis-india.org/internet-governance/blog/privacy-after-big-data-compilation-of-early-research
<b>Evolving data science, technologies, techniques, and practices, including big data, are enabling shifts in how the public and private sectors carry out their functions and responsibilities, deliver services, and facilitate innovative production and service models to emerge. In this compilation we have put together a series of articles that we have developed as we explore the impacts – positive and negative – of big data. This is a growing body of research that we are exploring and
is relevant to multiple areas of our work including privacy and surveillance. Feedback and comments on the compilation are welcome and appreciated.</b>
<p> </p>
<h4><a href="https://github.com/cis-india/website/raw/master/docs/CIS_PrivacyAfterBigData_CompilationOfEarlyResearch_2016.11.pdf">Download the Compilation</a> (PDF)</h4>
<hr />
<h3><strong>Privacy after Big Data</strong></h3>
<p>Evolving data science, technologies, techniques, and practices, including big data, are enabling shifts in how the public and private sectors carry out their functions and responsibilities, deliver services, and facilitate innovative production and service models to emerge. For example, in the public sector, the Indian government has considered replacing the traditional poverty line with targeted subsidies based on individual household income and assets. The my.gov.in platform is aimed to enable participation of the connected citizens, to pull in online public opinion in a structured manner on key governance topics in the country. The 100 Smart Cities Mission looks forwards to leverage big data analytics and techniques to deliver services and govern citizens within city sub-systems. In the private sector, emerging financial technology companies are developing credit scoring models using big, small, social, and fragmented data so that people with no formal credit history can be offered loans. These models promote efficiency and reduction in cost through personalization and are powered by a wide variety of data sources including mobile data, social media data, web usage data, and passively collected data from usages of IoT or connected devices.</p>
<p>These data technologies and solutions are enabling business models that are based on the ideals of ‘less’: cash-less, presence-less, and paper-less. This push towards an economy premised upon a foundational digital ID in a prevailing condition of absent legal frameworks leads to substantive loss of anonymity and privacy of individual citizens and consumers vis-a-vis both the state and the private sector. Indeed, the present use of these techniques run contrary to the notion of the ‘sunlight effect’ - making the individual fully transparent (often without their knowledge) to the state and private sector, while the algorithms and means of reaching a decision are opaque and inaccessible to the individual.</p>
<p>These techniques, characterized by the volume of data processed, the variety of sources data is processed from, and the ability to both contextualize - learning new insights from disconnected data points - and de-contextualize - finding correlation rather than causation - have also increased the value of all forms of data. In some ways, big data has made data exist on an equal playing field as far as monetisation and joining up are concerned. Meta data can be just as valuable to an entity as content data. As data science techniques evolve to find new ways of collecting, processing, and analyzing data - the benefits of the same are clear and tangible, while the harms are less clear, but significantly present.</p>
<p>Is it possible for an algorithm to discriminate? Will incorrect decisions be made based on data collected? Will populations be excluded from necessary services if they do not engage with certain models or do emerging models overlook certain populations? Can such tools be used to surveil individuals at a level of granularity that was formerly not possible and before a crime occurs? Can such tools be used to violate rights – for example target certain types of speech or groups online? And importantly, when these practices are opaque to the individual, how can one seek appropriate and effective remedy.</p>
<p>Traditionally, data protection standards have defined and established protections for certain categories of data. Yet, data science techniques have evolved beyond data protection principles. It is now infinitely harder to obtain informed consent from an individual when data that is collected can be used for multiple purposes by multiple bodies. Providing notice for every use is also more difficult – as is fulfilling requirements of data minimization. Some say privacy is dead in the era of big data. Others say privacy needs to be re-conceptualized, while others say protecting privacy now, more than ever, requires a ‘regulatory sandbox’ that brings together technical design, markets, legislative reforms, self regulation, and innovative regulatory frameworks. It also demands an expanding of the narrative around privacy – one that has largely been focused on harms such as misuse of data or unauthorized collection – to include discrimination, marginalization, and competition harms.</p>
<p>In this compilation we have put together a series of articles that we have developed as we explore the impacts – positive and negative – of big data. This includes looking at India’s data protection regime in the context of big data, reviewing literature on the benefits of harms of big data, studying emerging predictive policing techniques that rely on big data, and analyzing closely the impact of big data on specific privacy principles such as consent. This is a growing body of research that we are exploring and is relevant to multiple areas of our work including privacy and surveillance. Feedback and comments on the compilation are welcome and appreciated.</p>
<p><em>Elonnai Hickok</em><br />Director - Internet Governance</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/privacy-after-big-data-compilation-of-early-research'>http://editors.cis-india.org/internet-governance/blog/privacy-after-big-data-compilation-of-early-research</a>
</p>
No publisherSaumyaa NaiduHuman RightsIT ActBig DataPrivacyInternet GovernanceSmart CitiesData ProtectionInformation TechnologyPublications2016-11-12T01:37:03ZBlog EntryPress Release, March 15, 2016: The New Bill Makes Aadhaar Compulsory!
http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory
<b>We published and circulated the following press release on March 15, 2016, to highlight the fact that the Section 7 of the Aadhaar Bill, 2016 states that authentication of the person using her/his Aadhaar number can be made mandatory for the
purpose of disbursement of government subsidies, benefits, and services; and in case the person does not have an Aadhaar number, s/he will have to apply for Aadhaar enrolment. </b>
<p> </p>
<p>Nandan Nilekani, the former chairperson of the Unique Identification Authority of India had repeatedly stated that Aadhaar is not mandatory. However, in the last few years various agencies and departments of the government, both at the central and state level, had made it mandatory in order to be able to avail beneficiary schemes or for the arrangement of salary, provident fund disbursals, promotion, scholarship, opening bank account, marriages and property registrations. In August 2015, the Supreme Court passed an order mandating that the Aadhaar number shall
remain optional for welfare schemes, stating that no person should be denied any benefit for reason of not having an Aadhaar number, barring a few specified services.</p>
<p>The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, however, has not followed this mandate. Section 7 of the Bill states that “a person should be authenticated or give proof of the Aadhaar number to establish his/her identity” “as a condition for receiving subsidy, benefit or service”. Further, it reads, “In the case a person does not have an Aadhaar number, he/she should make an application for enrollment.” The language of the provision is very clear in making enrollment in Aadhaar mandatory, in order to be entitled for welfare services. Section 7 also says that “the person will be offered viable and alternate means of identification for receiving the subsidy, benefit or service. However, these unspecified alternate means will be made available in the event “an Aadhaar number is not assigned”. This language is vague and it is not clear whether it mandates alternate means of identification for those who choose not to apply for an Aadhaar number for any reason. The fact that it does make it mandatory to apply for an Aadhaar number for persons without it, may lead to the presumption that the alternate means are to be made available for those who may have applied for an Aadhaar number but it has not been assigned for any reason. It is also noteworthy that draft legislation is silent on what the “viable and
alternate means of identification” could be. There are a number of means of identification, which are recognised by the state, and a schedule with an inclusive list could have gone a long way in reducing the ambiguity in this provision.</p>
<p>Another aspect of Section 7 which is at odds with the Supreme Court order is that it allows making an Aadhaar number mandatory for “for receipt of a subsidy, benefit or service for which the expenditure is incurred” from the Consolidated Fund of India. The Supreme Court had been very specific in articulating that having an Aadhaar number could not be made compulsory except for “any purpose other than the PDS Scheme and in particular for the purpose of distribution of foodgrains, etc. and cooking fuel, such as kerosene” or for the purpose of the LPG scheme. The restriction in the Supreme Court order was with respect to the welfare schemes, however, instead of specifying the schemes, Section 7 specified the source of expenditure from which subsidies, benefits and services can be funded, making the scope much broader. Section 7, in effect, allows the Central Government to circumvent the Supreme Court
order if they choose to tie more subsidies, benefits and services to the Consolidated Fund of India.</p>
<p>These provisions run counter to the repeated claims of the government for the last six years that Aadhaar is not compulsory, nor is the specification by the Supreme Court for restricting use of Aadhaar to a few services only, reflected anywhere in the Bill. The “viable and alternate means” clause is too vague and inadequate to prevent denial of benefits to those without an Aadhaar number. The sum effect of these factors is to give the Central Government powers to make Aadhaar mandatory, for all practical purposes.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory'>http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-15032016-the-new-bill-makes-aadhaar-compulsory</a>
</p>
No publisherAmber SinhaUIDBig DataPrivacyInternet GovernanceDigital IndiaAadhaarBiometrics2016-03-16T10:11:32ZBlog EntryPress Release, March 11, 2016: The Law cannot Fix what Technology has Broken!
http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-11032016-the-law-cannot-fix-what-technology-has-broken
<b>We published and circulated the following press release on March 11, 2016, as the Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016. This Bill was proposed by finance minister, Mr. Arun Jaitley to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).</b>
<p> </p>
<p>The Lok Sabha passed the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Bill, 2016 today. This Bill was proposed by finance minister, Mr. Arun Jaitley to give legislative backing to Aadhaar, being implemented by the Unique Identification Authority of India (UIDAI).</p>
<p>The Bill was introduced as a money bill and there was no public consultation to evaluate the provisions therein even though there are very serious ramifications for the Right to Privacy and the Right to Association and Assembly. The Bill has made it compulsory for an individual to enrol under Aadhaar in order to receive any subsidy,
benefit or service from the Government. Biometric information that is required for the purpose of enrolment has been deemed "sensitive personal information" and restrictions have been imposed on use, disclosure and sharing of such information for purposes other than authentication, disclosure made pursuant to a court order or in the interest of national security. Here, the Bill has acknowledged the standards of protection of sensitive personal information established under Section 43A of the Information Technology Act, 2000. The Bill has also laid down several penal provisions for acts that include impersonation at the time of enrolment, unauthorised access to the
Central Identities Data Repository, unauthorised use by requesting entity, noncompliance with intimation requirements, etc.</p>
<h3>Key Issues</h3>
<h4>1. Identification without Consent</h4>
<p>Before the Aadhaar project it was not possible for the Indian government to identify citizens without their consent. But once the government has created a national centralized biometric database it will be possible for the government to identify any citizen without their consent. Hi-resolution photography and videography make it trivial for governments and also any other actor to harvest biometrics remotely. In other words, the technology makes consent irrelevant. A German ministers fingerprints were captured by hackers as she spoke using hand gesture at at conference. In a similar manner the government can now identify us both as individuals and also as groups without requiring our cooperation. This has direct implications for the right to privacy as we will be under constant government surveillance in the future as CCTV camera resolutions improve and there will be chilling effects on the
right to free speech and the freedom of association. The only way to fix this is to change the technology configuration and architecture of the project. The law cannot be used as band-aid on really badly designed technology.</p>
<h4>2. Fallible Technology</h4>
<p>The technology used for collection and authentication as been said to be fallible. It is understood that the technology has been feasible for a population of 200 million. The Biometrics Standards Committee of UIDAI has acknowledged the lack of data on how a biometric authentication technology will scale up where the population is about 1.2 billion. Further, a report by 4G Identity Solutions estimates that while in any population, approximately 5% of the people have unreadable fingerprints, in India it could lead to a failure to enroll up to 15% of the population.</p>
<p>We know that the Aadhaar number has been issued to dogs, trees (with the Aadhaar letter containing the photo of a tree). There have been slip-ups in the Aadhaar card enrolment process, some cards have ended up with
pictures of an empty chair, a tree or a dog instead of the actual applicants. An RTI application has revealed that the Unique Identification Authority of India (UIDAI) has identified more than 25,000 duplicate Aadhaar numbers in the country till August 2015.</p>
<p>At the stage of authentication, the accuracy of biometric identification depends on the chance of a false positive— the probability that the identifiers of two persons will match. For the current population of 1.2 billion the expected proportion of duplicates is 1/121, a ratio which is far too high. In a recent paper in EPW by Hans Mathews, a mathematician with CIS, shows that as per UIDAI's own statistics on failure rates, the programme would badly fail to uniquely identify individuals in India. <strong>[1]</strong></p>
<h3>Endnote</h3>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process">http://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process</a></p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-11032016-the-law-cannot-fix-what-technology-has-broken'>http://editors.cis-india.org/internet-governance/blog/press-release-aadhaar-11032016-the-law-cannot-fix-what-technology-has-broken</a>
</p>
No publisherJapreet Grewal and Sunil AbrahamUIDBig DataPrivacyInternet GovernanceDigital IndiaAadhaarBiometrics2016-03-16T10:10:40ZBlog Entry