The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 11 to 25.
Workshop on Set-top Boxes
http://editors.cis-india.org/telecom/events/workshop-set-top-boxes
<b>The Centre for Internet and Society (CIS) is organising a one-day workshop in Delhi on Tuesday, July 12 on the evolution and state of the set-top box as an access device in India. </b>
<p style="text-align: justify;">The workshop will be conducted by Dr. Rakesh Mehrotra who is a professor at Sharda University. It will be supported by an advisor from the Telecom Regulatory Authority of India to cover the aspect of regulation. The workshop will focus on the expanding functionality and innovations in set-top box (STB) technologies. It will also include an exposition on the regulatory regime applicable to STBs, around issues of interoperability, competition and privacy, and conclude with an outlook on the future of STBs.</p>
<p style="text-align: justify;">We will initiate research collaborations with suitable participants to produce papers after the workshop. Certificates of participation will be provided.</p>
<h3>Apply</h3>
<p style="text-align: justify;">There are limited spots for participants. Please state your interest by filling out this form here- <a class="external-link" href="http://goo.gl/forms/Mj77h0nkeVBJgHJn2">http://goo.gl/forms/Mj77h0nkeVBJgHJn2</a> The deadline for filling application is <strong>July 5, 2016</strong>.</p>
<h3>Fee and Funding</h3>
<p style="text-align: justify;">There is no registration fee for the workshop. Participants will be served lunch and refreshments at the venue. Please note that there is no funding for travel and accommodation.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/telecom/events/workshop-set-top-boxes'>http://editors.cis-india.org/telecom/events/workshop-set-top-boxes</a>
</p>
No publishersinhaTelecomEventPrivacy2016-06-24T15:13:22ZEventWorkshop on Democratic Accountability in the Digital Age (Delhi, November 14-15)
http://editors.cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15
<b>IT for Change, along with Centre for Internet and Society (CIS), Digital Empowerment Foundation (DEF), Mazdoor Kisan Shakti Sangathan (MKSS) and National Campaign for People’s Right to Information (NCPRI), is organising a two day workshop on ‘Democratic Accountability in the Digital Age’. The workshop will focus on evolving a comprehensive policy approach to data based governance and digital democracy, grounded in a rights and social justice framework. It will be held at the United Service Institution of India, Delhi, during November 14-15, 2016. The CIS team to participate in the workshop includes Sumandro Chattapadhyay (speaker), Amber Sinha (speaker), Vanya Rakesh (participant), and Himadri Chatterjee (participant).</b>
<p> </p>
<p>The workshop aims to:</p>
<ul><li>
<p>Discuss the institutional norms, rules and practices appropriate to the rise of ‘governance by networks’ and ‘rule by data’ that can guarantee democratic accountability and citizen participation, and</p>
</li>
<li>
<p>Articulate the steps to claim the civic-public value of digital technologies so that data and the new possibilities for networking are harnessed for a vibrant grassroots democracy.</p>
</li></ul>
<p>We hope the workshop can create a civil society coalition that can build effective strategies for legal and policy reform to further participatory democracy in the digital age. On the first day, the workshop will set the context through knowledge sharing and thematic presentations and discussions. On the second day, we aim to concretize strategies for collective action to further democratic accountability in the digital age.</p>
<hr />
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/11/Workshop-Agenda-Democratic-accountability-in-the-digital-age-14-to-15-Nov-2016-2.pdf">Workshop Agenda</a> (PDF)</h4>
<h4><a href="http://itforchange.net/mavc/wp-content/uploads/2016/10/Background-note-for-workshop-on-Democracy-in-Digital-Age-Sep21.odt">Background Note</a> (ODT)</h4>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15'>http://editors.cis-india.org/internet-governance/events/workshop-on-democratic-accountability-in-the-digital-age-delhi-november-14-15</a>
</p>
No publishersumandroDigital IDDigital GovernancePrivacyUIDInternet GovernanceAccountabilityDigital IndiaAadhaarWelfare GovernanceE-GovernanceDigital Rights2016-12-15T09:27:22ZEventWorkshop on 'Urban Data, Inequality and Justice in the Global South'
http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south
<b>Aayush Rathi and Ambika Tandon presented our research on video-based surveillance in New Delhi at a workshop on urban data, inequality, and justice in the global South at the University of Manchester on 14 June 2019.</b>
<p style="text-align: justify; ">The agenda for the workshop and the presentations made by CIS can be <a class="external-link" href="https://cis-india.org/raw/unpacking-video-based-surveillance-in-new-delhi-urban-data-justice">accessed here</a>. <span>The research was conducted as part of a grant from the University, as part of a project on justice in data systems within cities. It will bepublished as a working paper by the university in July-August.</span></p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south'>http://editors.cis-india.org/internet-governance/news/workshop-on-urban-data-inequality-and-justice-in-the-global-south</a>
</p>
No publisherAdminSurveillanceInternet GovernancePrivacy2019-07-06T01:30:16ZNews ItemWorkshop on 'Privacy after Big Data' (Delhi, November 12)
http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016
<b>The Centre for Internet and Society (CIS) and the Sarai programme, CSDS, invite you to a workshop on 'Privacy after Big Data: What Changes? What should Change?' on Saturday, November 12. This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy. It is an open event. Please register to participate.</b>
<p> </p>
<h4>Invitation note and agenda: <a href="https://github.com/cis-india/website/raw/master/docs/CIS-Sarai_PrivacyAfterBigData_ConceptAgenda.pdf">Download</a> (PDF)</h4>
<hr />
<h3>Venue and RSVP</h3>
<p><strong>Venue:</strong> Centre for the Study of Developing Societies 29, Rajpur Road, Civil Lines, Delhi 110054.</p>
<p><strong>Location on Google Maps:</strong> <a href="https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/">https://www.google.com/maps/place/CSDS/@28.677775,77.2162523,17z/</a>.</p>
<p><strong>Registration:</strong> <a href="https://goo.gl/forms/py0Q0u8rMppu4smE3">Complete this form</a>.</p>
<h3>Concept Note</h3>
<p>In this age of big data, discussions about privacy are intertwined with the use of technology and the data deluge. Though big data possesses enormous value for driving innovation and contributing to productivity and efficiency, privacy concerns have gained significance in the dialogue around regulated use of data and the means by which individual privacy might be compromised through means such as surveillance, or protected. The tremendous opportunities big data creates in varied sectors ranges from financial technology, governance, education, health, welfare schemes, smart cities to name a few.</p>
<p>With the UID (“Aadhaar”) project re-animating the Right to Privacy debate in India, and the financial technology ecosystem growing rapidly, striking a balance between benefits of big data and privacy concerns is a critical policy question that demands public dialogue and research to inform an evidence based decision.</p>
<p>Also, with the advent of potential big data initiatives like the ambitious Smart Cities Mission under the Digital India Scheme, which would rely on harvesting large data sets and the use of analytics in city subsystems to make public utilities and services efficient, the tasks of ensuring data security on one hand and protecting individual privacy on the other become harder.</p>
<p>As key privacy principles are at loggerheads with big data activities, it is important to consider privacy as an embedded component in the processes, systems and projects, rather than being considered as an afterthought. These examples highlight the current state of discourse around data protection and privacy in India and the shapes they are likely to take in near future.</p>
<p>This workshop aims to build a dialogue around some of the key government-led big data initiatives in India and elsewhere that are contributing significant new challenges and concerns to the ongoing debates on the right to privacy.</p>
<h3>Agenda</h3>
<h4>09:00-09:30 Tea and Coffee</h4>
<h4>09:30-10:00 Introduction</h4>
<p><a href="#amber">Mr. Amber Sinha</a> and <a href="#sandeep">Mr. Sandeep Mertia</a><br />
<em>This session will introduce the topic of the workshop in the context of the ongoing works at CIS and Sarai.</em></p>
<h4>10:00-11:00 From Privacy Bill(s) to ‘Habeas Data’</h4>
<p><a href="#usha">Dr. Usha Ramanathan</a> and <a href="#vipul">Mr. Vipul Kharbanda</a><br />
<em>This session will present a brief history of the privacy bill(s) in India and end with reflections on ‘habeas data’ as a lens for thinking and actualising privacy after big data.</em></p>
<h4>11:00-11:30 Tea and Coffee</h4>
<h4>11:30-12:30 Digital ID, Data Protection, and Exclusion</h4>
<p><a href="#amelia">Ms. Amelia Andersdotter</a> and <a href="#srikanth">Mr. Srikanth Lakshmanan</a><br />
<em>This session will discuss national centralised digital ID systems, often operating at a cross-functional scale, and highlight its implications for discussions on data protection, welfare governance, and exclusion from public and private services.</em></p>
<h4>12:30-13:30 Digital Money and Financial Inclusion</h4>
<p><a href="#anupam">Dr. Anupam Saraph</a> and <a href="#astha">Ms. Astha Kapoor</a><br />
<em>This session will focus on the rise of digital banking and online payments as core instruments of financial inclusion in India, especially in the context of the Jan Dhan Yojana and UPI, and reflect on the concerns around privacy and financial data.</em></p>
<h4>13:30-14:30 Lunch</h4>
<h4>14:30-15:30 Big Data and Mass Surveillance</h4>
<p><a href="#anja">Dr. Anja Kovacs</a> and <a href="#matthew">Mr. Matthew Rice</a><br />
<em>This session will reflect on the rise of mass communication surveillance across the world, and the evolving challenges of regulating il/legal surveillance by government agencies.</em></p>
<h4>15:30-16:15 Privacy is (a) Right</h4>
<p><a href="#apar">Mr. Apar Gupta</a> and <a href="#kritika">Ms. Kritika Bhardwaj</a><br />
<em>This brief session is to share initial ideas and strategies for articulating and actualising a constitutional right to privacy in India.</em></p>
<h4>16:15-16:30 Tea and Coffee</h4>
<h4>16:30-17:30 Round Table</h4>
<p><em>An open discussion session to conclude the workshop.</em></p>
<h3>Speakers</h3>
<h4 id="amber">Mr. Amber Sinha</h4>
<p>Amber works on issues surrounding privacy, big data, and cyber security. He is interested in the impact of emerging technologies like artificial intelligence and learning algorithms on existing legal frameworks, and how they need to evolve in response. Amber studied humanities and law at National Law School of India University, Bangalore.</p>
<p>E-mail: amber at cis-india dot org.</p>
<p>Twitter: <a href="https://twitter.com/ambersinha07">@ambersinha07</a>.</p>
<h4 id="amelia">Ms. Amelia Andersdotter</h4>
<p>Amelia Andersdotter has been a Member of the European Parliament. She works on practical implications of data protection laws and consumer information security in Sweden, and digital rights in the Europe in general. Presently she is residing in Bangalore, where she is a visiting scholar with Centre for Internet and Society. She holds a BSc in Mathematics.</p>
<p>URL: <a href="https://dataskydd.net">https://dataskydd.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/teirdes">@teirdes</a>.</p>
<h4 id="anja">Dr. Anja Kovacs</h4>
<p>Dr. Anja Kovacs directs the Internet Democracy Project in Delhi, India, which works for an Internet that supports free speech, democracy and social justice in India and beyond. Anja’s research and advocacy focuses especially on questions regarding freedom of expression, cybersecurity and the architecture of Internet governance. She has been a member of the of the Investment Committee of the Digital Defenders Partnership and of the Steering Committee of Best Bits, a global network of civil society members. She has also worked as an international consultant on Internet issues, including for the Independent Commission on Multilateralism, the United Nations Development Programme Asia Pacific and the UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, as well as having been a Fellow at the Centre for Internet and Society in Bangalore, India.</p>
<p>Internet Democracy Project: <a href="https://internetdemocracy.in/">https://internetdemocracy.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anjakovacs">@anjakovacs</a>.</p>
<h4 id="anupam">Dr. Anupam Saraph</h4>
<p>Anupam Saraph has extensively researched India's UID number that has been widely regarded as the game changer in development programs. It has come to be linked with both public and private databases and become the requirement for access to entitlements, benefits, services and rights. Dr. Saraph, who has the design of at least two identification programs to his credit has researched the UID’s functional creep since its inception.</p>
<p>He has been dissecting the myths of what the UID is or is not. He has also tracked the consequences of its linkages on databases that protect national security, sovereignty, democratic status and the entire banking and money system in India. He has also highlighted the implications of its use for targeted delivery of cash subsidies from the Consolidated Fund of India. He has written and lectured widely about the devastating impact of the UID number on development programs, national security and the governability of India.</p>
<p>As a Professor of Systems, Governance and Decision Sciences, Environmental Systems and Business he mentors students and teaches systems, information systems, environmental systems and sustainable development at universities in Europe, Asia and the Americas. He has worked with the Rensselaer Polytechnic Institute, Rijksuniversitiet Groningen, RIVM, University of Edinburgh, Resource Use Institute, Systems Research Institute among others. Dr. Saraph has had the unique distinction of being India’s only person who has held the only office of a City CIO in India, in a PPP arrangement with government, industry and himself. He has also been the first e-governance Advisor to a State government. Dr. Saraph has held CxO and ministerial level positions and serves as an independent director on the boards of Public and Private Sector companies and NGOs. He is also the President of the Nagrik Chetna Manch, an NGO charged with the mission to bring accountability in governance.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>Dr. Saraph is also actively engaged in civil society where he participates in several environmental, resource and nature conservation initiatives, has authored draft legislations for river and natural resource conservation, right to good governance and has contributed to governance, election and democratic reforms. Dr. Saraph is a regular columnist in newspapers and writes on issues of governance, future design, technology and education from a systems perspective.</p>
<p>As a future designer and recognized as a global expert on complex systems he helps individuals and organisations understand and design the future of their worlds. Together they address the toughest challenges, accomplish missions and achieve business goals. He also supports building capacity to address the challenges of today as well as to build future designs through teams and effective leadership. Since the eighties Dr. Saraph has modeled complex systems of cities, countries, regions and even the planet. His models have been awarded internationally and even placed in 10-year permanent exhibitions.</p>
<p>Dr Saraph works with business and government executives, civil society leaders, politicians, generals, civil servants, police, trade unionists, community activists, United Nations and ASEAN officials, judges, writers, media, architects, designers, technologists, scientists, entrepreneurs, board members and business leaders of small, mid and large single and trans-national companies, religious leaders and artists across a dozen countries and various industry sectors to help them and their organisations succeed in their missions. He advises the World Economic Forum through its Global Agenda Council for Complex Systems and the Club of Rome, Indian National Association as a founder life member.</p>
<p>Dr Saraph holds a PhD in designing sustainable systems from the faculty of Mathematics and Natural Sciences of the Rijksuniversiteit Groningen, the Netherlands.</p>
<p>Website: <a href="http://anupam.saraph.in/">http://anupam.saraph.in</a>.</p>
<p>Twitter: <a href="https://twitter.com/anupamsaraph">@anupamsaraph</a>.</p>
<h4 id="apar">Mr. Apar Gupta</h4>
<p>Apar Gupta practices law in Delhi. He is also one of the co-founders of the Internet Freedom Foundation. His work and writing on public interest issues can be accessed at his personal website <a href="http://www.apargupta.com/">www.apargupta.com</a>.</p>
<p>Twitter: <a href="https://twitter.com/aparatbar">@aparatbar</a>.</p>
<h4 id="astha">Ms. Astha Kapoor</h4>
<p>Astha Kapoor is a public policy strategy consultant working on financial inclusion and digital payments. Currently, she is working with MicroSave. Her tasks involve a focus on government to people (G2P) payments - and her work spans strategy, advisory and evaluation with the DBT Mission, Office of the Chief Economic Advisor, NITI Aayog and ministries pertaining to food, fuel and fertilizer. She recently designed a pilot to digitize uptake of fertilizers in Krishna district, and evaluated the newly introduced coupon system in the Public Distribution System in Bengaluru.</p>
<p>Twitter: <a href="https://twitter.com/kapoorastha">@kapoorastha</a>.</p>
<h4 id="kritika">Ms. Kritika Bhardwaj</h4>
<p>Kritika Bhardwaj works as a Programme Officer at the Centre for Communication Governance (CCG), National Law University, Delhi. Her main areas of research are privacy and data protection. At CCG, she has written about the privacy implications of several contemporary issues such as Aadhaar (India's unique identification project), cloud computing and the right to be forgotten. A lawyer by training, Kritika has a keen interest in information law and human rights law.</p>
<p>Centre for Communication Governance, NLU Delhi: <a href="http://ccgdelhi.org/">http://ccgdelhi.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/Kritika12">@Kritika12</a>.</p>
<h4 id="matthew">Mr. Matthew Rice</h4>
<p>Matthew Rice is an Advocacy Officer at Privacy International working across the organisation engaging with international partners and strengthening their capacity on communications surveillance issues. He has previously worked at Privacy International as a consultant building the Surveillance Industry Index, the largest publicly available database on the private surveillance sector ever assembled. Matthew graduated from University of Aberdeen with an LLB (Hons.) and also has an MA in Human Rights from University College London.</p>
<p>Privacy International: <a href="https://privacyinternational.org/">https://privacyinternational.org</a>.</p>
<p>Twitter: <a href="https://twitter.com/mattr3">@mattr3</a>.</p>
<h4 id="sandeep">Mr. Sandeep Mertia</h4>
<p>Sandeep Mertia is a Research Associate at The Sarai Programme, Centre for the Study of Developing Societies, Delhi. He is an ICT engineer by training with research interests in Science & Technology Studies, Software Studies
and Anthropology. He is conducting an ethnographic study of emerging modes of data-driven knowledge production in the social sector.</p>
<p>Sarai: <a href="http://sarai.net/">http://sarai.net</a>.</p>
<p>Twitter: <a href="https://twitter.com/SandeepMertia">@SandeepMertia</a>.</p>
<p>Academia: <a href="https://daiict.academia.edu/SandeepMertia">https://daiict.academia.edu/SandeepMertia</a>.</p>
<h4 id="srikanth">Mr. Srikanth Lakshmanan</h4>
<p>Srikanth is a software professional with interests in Internet, follower of Internet policy discussions, volunteers for multiple online campaigns related to Internet. He is also fascinated by FOSS, opendata, localization,
Wikipedia, maps, public transit, civic tech and occasionally contributes to them.</p>
<p>Site: <a href="http://www.srik.me/">http://www.srik.me</a>.</p>
<p>Twitter: <a href="https://twitter.com/logic">@logic</a>.</p>
<h4 id="vipul">Mr. Vipul Kharbanda</h4>
<p>Vipul Kharbanda is a consultant with the Center for Internet and Society, Bangalore. After finishing his BA.LLB.(Hons.) from National Law School of India University in Bangalore, he worked for India’s largest corporate law firm for two and a half years in their Mumbai office for two years working primarily on the financing of various infrastructure projects such as Power Plants, Roads, Airports, etc. Since quitting his corporate law job, Vipul has been working as the Associate Editor in a legal publishing house which has been publishing legal books and journals for the last 90 years in India. He has also been involved with the Center for Internet and Society as a Consultant working primarily on issues related to privacy and surveillance.</p>
<p> </p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016'>http://editors.cis-india.org/internet-governance/events/privacy-after-big-data-delhi-nov-12-2016</a>
</p>
No publishersumandroData SystemsDigital GovernancePrivacyData RevolutionSurveillanceBig DataDigital IndiaInternet GovernanceBig Data for DevelopmentDigital Rights2016-11-12T10:14:52ZEventWith digitisation at the forefront, government departments need to be cautious about digital security
http://editors.cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned
<b> The huge leak of Aadhar data from four websites belonging to a central ministry and the Andhra Pradesh government has been on the government radar for a while. The leak, caused by poor security protocols, had left around 130 million numbers and their allied information, like bank and post office account details, open to access for several months. As the last website finally plugged loophole, violation echoed in Supreme Court.</b>
<p style="text-align: justify; ">The blog post by Manas Pratap Singh was <a class="external-link" href="http://www.ndtv.com/india-news/government-knew-of-mega-aadhaar-leak-ministries-were-warned-1688970">published by NDTV</a> on May 4, 2017.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Deliberate revelation of Aadhaar can lay people open to financial fraud and it is a punishable offence and this is what the Electronics and Information ministry has reminded all government departments.<br /><br />"Aadhaar numbers and demographic information and other sensitive personal data" collected by "ministries/departments, state departments" have been published online, read a letter from the ministry dated April 24.<br /><br />Such publishing, it added, "is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment upto 3 years". Such outing of financial information is also a violation of IT Act, it said.<br /><br />Besides asking web managers to sensitise the ministries, the letter also said that display of such information be stopped immediately. <br /><br />On May 1, a report by non-profit research organisation Centre for Internet & Society said two of the websites from where the data leak took place, belongs to the Union Ministry of Rural Development.<br /><br />One stored data for the MNREGA - the mammoth Central scheme for rural employment which caters to 25.46 crore people. The other was the National Social Assistance Programme, another Central scheme under which pension is provided to the elderly people, widows and persons with disabilities.<br /><br />Amber Sinha, co-author of the CIS report, told NDTV, "For portals that had not masked data, we informed the relevant authorities and asked them to take down the available information."<br /><br />The Rural Development ministry has now decided to form an expert group on IT and cyber security, which will be headed by Kiran Karnik, a former chief of Nasscom. The ministry, however, is yet to comment on the data leak.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned'>http://editors.cis-india.org/internet-governance/news/ndtv-may-4-2017-manas-pratap-singh-government-knew-of-mega-aadhaar-leak-ministries-were-warned</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-20T08:33:37ZNews ItemWinter School on Privacy, Surveillance and Data Protection
http://editors.cis-india.org/internet-governance/news/winter-school-on-privacy-surveillance-data-protection
<b>The Centre for Communication Governance (CCG) in collaboration with the UNESCO Chair on Freedom of Communication and Information at the University of Hamburg and the Hans Bredow conducted a week-long winter school on 'Privacy, Surveillance and Data Protection at National Law University, Delhi, from January 19 to 23, 2015.</b>
<p style="text-align: justify; ">The winter school focused on the law governing privacy in the EU and in India and covered issues ranging from surveillance to data protection. German and Indian members of faculty used interactive methods of teaching and group activities in each session, to help students from Germany, India and Israel contribute to the classroom and learn from each other.</p>
<p style="text-align: justify; ">Bhairav Acharya was a speaker at the event. He spoke on 'privacy theory'. More <a class="external-link" href="http://www.nludelhi.ac.in/wp-content/uploads/CCG-at-NLUD-Call-for-Delhi-Winter-School.pdf">information here</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/winter-school-on-privacy-surveillance-data-protection'>http://editors.cis-india.org/internet-governance/news/winter-school-on-privacy-surveillance-data-protection</a>
</p>
No publisherpraskrishnaInternet GovernancePrivacy2015-02-07T00:37:55ZNews ItemWill Only Legal Backing For Aadhaar Suffice?
http://editors.cis-india.org/internet-governance/new-indian-express-march-14-2016-will-only-legal-backing-for-aadhaar-suffice
<b>Aadhaar is set to become mandatory, but the opponents of the scheme are not amused. Concerns about privacy of the Aadhaar number and the authenticity of the biometric data being collected have been expressed by people right from the beginning. But the government has not done much to address these issues.</b>
<p>The article was published in <a class="external-link" href="http://www.newindianexpress.com/nation/Will-Only-Legal-Backing-For-Aadhaar-Suffice/2016/03/14/article3326144.ece">New Indian Express </a>on March 14, 2016. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">“It does not matter what legislative backing they give it, it is still a surveillance programme. How can you have a privacy Bill for a surveillance programme? Legislative backing would be band-aid. I do not agree with it,” says Sunil Abraham, Executive Director of The Centre for Internet and Society. The society is a Bengaluru-based organisation looking at multi-disciplinary research and advocacy.</p>
<p style="text-align: justify; ">Abraham says that ever since the Aadhaar scheme was implemented, there was a massive degradation of civil liberties. “It is an opaque technology. Why should the government have such a database?” he asks.</p>
<p style="text-align: justify; "><img src="http://editors.cis-india.org/home-images/Aadhaar1.jpg" alt="Aadhaar" class="image-inline" title="Aadhaar" /></p>
<p style="text-align: justify; ">Abraham says that the keys to the data should not have rested with the government where it is vulnerable. Instead, the government should have explored the concept of introducing smart cards issued to the citizen with the data stored on it.</p>
<p style="text-align: justify; ">Access to this data could not be had without the permission of the citizen, he says. At present, if something goes wrong or if the data is compromised, the government can always blame a lapse in technology, Abraham adds.</p>
<p style="text-align: justify; ">He questions the government’s logic where it assumes that only the poor section of society can misuse the benefits and says that it is well known that the problem exists in the supply chain and that the government has done nothing to address this.</p>
<p style="text-align: justify; ">Mathew Thomas of The Fifth Estate, an NGO, wonders what advantage the BJP suddenly found that they decided to pursue Aadhaar rather than send it to the trash bin as they had promised before the general elections.</p>
<p style="text-align: justify; ">Thomas says Aadhaar is flawed and is a fraud on the Constitution and the government has taken the money bill route simply to avoid a debate on it.</p>
<p style="text-align: justify; ">“Just passing a Bill is meaningless. This is radically wrong and we all know that protection of privacy is nonsense. How do they plan to plug the leakages? Have they even conducted a study, because there is no evidence of it. The correct beneficiary can get an LPG cylinder, but what is stopping the person from using it for an auto or for his car? That the government can lie to its own people is terrible,” he says.</p>
<p style="text-align: justify; ">A five-judge bench of the Supreme Court, which is hearing the matter on privacy concerns about Aadhaar, is expected to have a hearing by the end of this month.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/new-indian-express-march-14-2016-will-only-legal-backing-for-aadhaar-suffice'>http://editors.cis-india.org/internet-governance/new-indian-express-march-14-2016-will-only-legal-backing-for-aadhaar-suffice</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-03-16T02:31:52ZNews ItemWill FASTag raise privacy concerns?
http://editors.cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns
<b>FASTag, an electronic device that enables direct, cashless toll payment, has been touted as the Aadhaar for vehicles as it would help the government track movement of automobiles. But the move can also stoke fresh concerns on privacy.</b>
<p style="text-align: justify; ">The article by Shreya Nandi and Prathma Sharma was <a class="external-link" href="https://www.livemint.com/news/india/will-fastag-raise-privacy-concerns-11571125214325.html">published in Livemint</a> on October 15, 2019. Pranesh Prakash was quoted.</p>
<hr />
<p style="text-align: justify; ">The device can track movement of vehicles, toll booth cameras can catch traffic law violations, prevent crime, and help authorities curb tax evasion.</p>
<p style="text-align: justify; ">While the movement of commercial vehicles will be tracked by revenue authorities by integrating with e-way bill system under <a href="https://www.livemint.com/news/india/ihmcl-gstn-to-ink-pact-to-link-fastag-with-gst-e-way-bill-system-on-oct-14-11570973104434.html" target="_blank">Goods and Services Tax (GST)</a> to curb revenue leakage, experts believe that tracking personal vehicle is a matter of concern.</p>
<p style="text-align: justify; ">It is not that the government will only use the stored data or video under limited and well-defined circumstances such as for evidence in case of traffic accidents, according to Pranesh Prakash, fellow, Centre for Internet Society.</p>
<p style="text-align: justify; ">“As transport minister Gadkari said (on Monday), the government will also use the video or data for any for analysis. And that will happen in a non-consensual manner, and outside the purview of a data protection framework, and without paying heed to the Supreme Court's landmark judgment on privacy," Prakash said.</p>
<p style="text-align: justify; ">On Monday, transport minister <a href="https://www.livemint.com/news/india/gadkari-says-revenue-from-toll-collection-to-hit-rs-1-lakh-crore-in-5-years-11571057140954.html" target="_blank">Nitin Gadkari</a> said cameras at the toll booth will take photos of passengers in a vehicle, which will be useful for the home ministry as there will be a record of the vehicle’s movement.</p>
<p style="text-align: justify; ">FASTag, which comes into effect 1 December, uses radio frequency identification technology to enable direct toll payments from a moving vehicle. The toll fare is deducted from the bank account linked to FASTag. It will not only encourage cashless payments at toll plaza, but also decongest national highways, thereby ensuring seamless movement of vehicles, and reduce pollution and logistics cost.</p>
<p style="text-align: justify; ">Amid privacy concerns related to sharing Aadhaar details with banks, telecom companies or any other authority for fulfilling KYC norms, the Supreme Court had in September last year ruled that Aadhaar can only be used for welfare schemes and for delivering state subsidies. It had barred private companies from using Aadhaar data for authenticating customers.<br />Another expert said since FASTag data includes information that is personally identifiable with the vehicle owner, it can be misused if shared with various entities.<br />"With FASTag being linked with National Vehicle Database (Vahan database), it does raise privacy concerns, specially as Nitin Gadkari, the minister of road transport and highways, has admitted that the government has provided access to Vahan and Sarathi database to 32 government and 87 private entities for ₹65 crore till date," Salman Waris Managing Partner, TechLegis Advocates & Solicitors, said.</p>
<p style="text-align: justify; ">“With the Personal Data Protection Bill still in the making there are little regulatory measures to prevent or even punish FasTag data breaches," Waris said.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns'>http://editors.cis-india.org/internet-governance/news/livemint-shreya-nandi-prathma-sharma-october-15-2019-will-fastag-raise-privacy-concerns</a>
</p>
No publisherShreya Nandi and Prathma SharmaInternet GovernancePrivacy2019-10-18T15:22:27ZNews ItemWill Aadhaar leaks be used as an excuse to shut out scrutiny of welfare schemes?
http://editors.cis-india.org/internet-governance/news/scroll-may-20-2017-anumeha-yadav-will-aadhaar-leaks-be-used-as-an-excuse-to-shut-out-scrutiny-of-welfare-schemes
<b>Aadhaar data of all 23 crore beneficiaries of Direct Benefit Transfer schemes could be publicly available, says a report by Centre for Internet and Society. </b>
<div class="article-body" style="text-align: justify; ">
<p>The blog post by Anumeha Yadav was <a class="external-link" href="https://scroll.in/article/837717/will-aadhaar-leaks-be-used-as-an-excuse-to-shut-out-scrutiny-of-welfare-schemes">published on Scroll </a>on May 20, 2017.</p>
<hr />
<p>In the past three months, there have been several <a href="https://scroll.in/article/835546/the-centres-casual-response-to-aadhaar-data-breaches-spells-trouble">reports</a> about caches of Aadhaar data being publicly displayed on government websites across the country.</p>
<p>Personal information associated with the biometric-based 12-digit unique identification number, which the government wants every Indian resident to have, is mandated to be confidential under the Aadhaar Act, 2016.</p>
<p>But exactly how much Aadhaar data has been compromised by negligent government departments?</p>
<p>On May 2, researchers at the non-profit Centre for Internet and Society released a comprehensive report on the extent of the data breaches. They documented four government portals using Aadhaar for making payments and found that sensitive personal and financial information of nearly 13 crore people was being displayed on them, including details of about 10 crore bank accounts.</p>
<p>Two of the portals, for the Mahatma Gandhi National Rural Employment Guarantee Act and the National Social Assistance Programme, belong to the Union rural development ministry. The others are run by the Andhra Pradesh government for the workers’ insurance scheme Chandranna Bima and for filing Daily Online Payment Reports of MNREGA.</p>
<p>The researchers estimated that Aadhaar data of all 23 crore beneficiaries of the central government’s various Direct Benefit Transfer schemes could be publicly available. This means nearly a fifth of India’s population is potentially exposed to irreversible privacy harm, and financial and <a href="https://scroll.in/article/833230/explainer-aadhaar-is-vulnerable-to-identity-theft-because-of-its-design-and-the-way-it-is-used">identity fraud</a>.</p>
<p>The Unique Identification Authority of India, the agency which manages the Aadhaar database, however, and had earlier <a class="link-external" href="http://timesofindia.indiatimes.com/india/no-leak-biometric-data-safe-says-uidai/articleshow/58486390.cms" rel="nofollow" target="_blank">denied any breach</a> of confidential data, has now reportedly said that such a data leak could only be the result of a potentially <a class="link-external" href="http://timesofindia.indiatimes.com/india/provide-hacker-details-outfit-that-claimed-data-leak-told/articleshow/58725132.cms?from=mdr" rel="nofollow" target="_blank">illegal hack attack</a> and asked CIS to provide details of the persons involved in the data theft.</p>
<p>The rural development ministry, on its part, has changed how its MNREGA database is accessed, redacting Aadhaar numbers and bank account details of the beneficiaries. Senior officials of the ministry, however, denied making systemic changes in the wake of the Centre for Internet and Society report.</p>
<p>“The researchers claimed that financial information of over 10 crore individuals was available publicly, on pension and MNREGA portals,” said Nagesh Singh, additional secretary in the ministry, “but bank account details were displayed only on two state department websites of Andhra Pradesh and Telangana as these states are far advanced in transparency practices.”</p>
<p>“For all other states,” Singh added, “financial information and Aadhaar numbers were removed or masked last year. For pension schemes we masked the data in June 2016, and for MNREGA this data was removed in December. Even if any data was showing, it would only be for the particular block the resident is in, not for any other state workers.”</p>
<p>All this was done, he said, “because the UIDAI communicated to us that this information is sensitive and should not be displayed and the Aadhaar regulations prohibit display of Aadhaar numbers”. The Aadhaar (Sharing of Information) Regulations were introduced last September.</p>
<figure class="cms-block-image cms-block"><img src="https://d1u4oo4rb13yy8.cloudfront.net/grvhfkothd-1494862823.png" /></figure>
<p>Contrary to Singh’s claims, social activists outside Andhra Pradesh and Telangana confirmed they could access bank account details of MNREGA workers until May 3. Only on May 4, two days after the Centre for Internet and Society report was released, did the details stop showing on the Management Information System.</p>
<p>“We could no longer access the electronic muster roll, and it started returning error messages,” said Ashish Ranjan of Jan Jagran Shakti Sangathan, a registered union of unorganised workers in Araria, Bihar. But until early May, he added, the Management Information System allowed anyone in any state to access the personal information of workers, even from other states.</p>
<p>Activists and beneficiaries relied on this system for two things. “Several of the new bank accounts have errors, and accessing this information directly helped get the discrepancies corrected without going to block level officials,” Ranjan explained. “It also helped track where the wages of workers were stuck.”</p>
<p>When activists asked why the data was no longer accessible, Ranjan said, rural development department officials said the Management Information System was changed “on the directions of the Supreme Court and the Union cabinet secretary.”</p>
<p>“This has been the pattern with the MNREGA MIS for long,” Ranjan said, referring to the information system. “Senior officials change access to a feature as they wish without clear processes or explanations.”</p>
<p>James Herenj, an activist with NREGA Watch, a non-profit which monitors the implementation of MNREGA in Jharkhand, had the same experience. “Bank account details were removed from the website last week,” he said, “this is a problem as we can no longer help MNREGA workers get data entry errors corrected.”</p>
<p>The Centre for Internet and Society researchers too contested the rural development ministry’s claim that Aadhaar numbers and bank account details were displayed only on Andhra Pradesh and Telangana government websites. They released a video clip showing them accessing bank account details and Aadhaar numbers of 801 MNREGA workers of Agara panchayat in Bengaluru through an internet search on March 25.</p>
<figure class="has-subtext cms-block-image cms-block"><img alt="Screenshot of a Chandigarh Union Territory website displaying Aadhaar information." src="https://scroll-img-process.s3.amazonaws.com/original/ogghbkwxim-1493054055.png" title="Screenshot of a Chandigarh Union Territory website displaying Aadhaar information." />Screenshot of a Chandigarh Union Territory website displaying Aadhaar information.</figure>
<h3 class="cms-block-heading cms-block"><b>Consent, please?</b></h3>
<p>The <a class="link-external" href="https://uidai.gov.in/images/the_aadhaar_act_2016.pdf" rel="nofollow" target="_blank">Aadhaar Act</a>, 2016 requires both government and private agencies to take informed consent before using a person’s Aadhaar for authentication, but there is little evidence that consent is sought before Aadhaar is seeded with personal and financial information.</p>
<p>Indeed, when the Supreme Court first permitted the voluntary use of Aadhaar for MNREGA in October 2015, Aadhaar numbers of 2.36 crore workers had already been seeded to their bank accounts, without the consent of over 99% of them.</p>
<p>The rural development ministry’s <a class="link-external" href="http://nrega.nic.in/Netnrega/WriteReaddata/Circulars/1669D.O._letter_MGNREGA_dtd_10.06.2016.pdf" rel="nofollow" target="_blank">data</a> shows that until June 2016, only about 4,10,000, or less than 1% of the 10.7 crore MNREGA workers, had agreed to Aadhaar-based payments. The ministry worked around this by organising “consent camps” to retrospectively collect proof of consent.</p>
<h3 class="cms-block-heading cms-block"><b>Poor standards</b></h3>
<p>Writing in <i>The Economic Times</i>, Ram Sewak Sharma, chairperson of the Telecom Regulatory Authority of India and former director general of the Unique Identification Authority of India, <a class="link-external" href="http://blogs.economictimes.indiatimes.com/et-commentary/there-has-been-no-aadhaar-data-leak/" rel="nofollow" target="_blank">argued</a> that the reports about “Aadhaar leaks” on government websites failed to account for provisions of the Right to Information Act, 2005. Section 4 of this law provides for proactive disclosure of government decisions while Section 8 mandates public authorities to publish all information on welfare schemes, including details of beneficiaries.</p>
<p>This has created a situation, Sharma pointed out, where the transparency law may require even Aadhaar numbers of beneficiaries to be made public even though the Aadhaar Act mandates them to be confidential.</p>
<p>Right to Information activists, however, said the authorities were anything but devoted to the transparency law. Crucial information they seek on the <a href="https://scroll.in/article/833060/how-efficient-is-aadhaar-theres-no-way-to-know-as-the-government-wont-tell">efficacy of Aadhaar</a> in welfare schemes is routinely denied.</p>
<p>“The government is willfully manipulating information systems to subvert details of biometric failures,” said Amrita Johri, a member of the National Campaign for People’s Right to Information and an activist with the Right to Food campaign, which has petitioned the Delhi High Court against Aadhaar being mandatory for food rations. “We have come across instances of ration cardholders being turned back because of fingerprints being falsely rejected, or network failure, but on the Delhi government’s website, this is shown as the beneficiaries not having come to the ration shop at all.”</p>
<p>“Similarly, the government claims it has removed bogus ration cards through Aadhaar,” Johri added, “but they do not show any administrative action if such bogus cards were really found through Aadhaar even though Section 4 of the RTI Act requires disclosure of such decisions.”</p>
<figure class="has-subtext cms-block-image cms-block"><img alt="Jharkhand Directorate of Social Security displayed Aadhaar numbers, bank accounts numbers and transaction details of over 15 lakh pensioners." src="https://d1u4oo4rb13yy8.cloudfront.net/rzxkohofbe-1493106358.jpg" title="Jharkhand Directorate of Social Security displayed Aadhaar numbers, bank accounts numbers and transaction details of over 15 lakh pensioners." />Jharkhand Directorate of Social Security displayed Aadhaar numbers, bank accounts numbers and transaction details of over 15 lakh pensioners.</figure>
<p>Johri is concerned that the “Aadhaar leaks” could become an excuse to deny people “other useful information”. “When we requested officials to display how many biometric transaction were not successful, they told us that in a few days, they will remove the entire MIS as there had received orders from the food ministry to not display demographic data associated with Aadhaar,” she said. “But we pointed out that it was the creation of a single identification number that is the problem. Why should information on all other government schemes be removed?”</p>
<p>The Centre for Internet and Society report points out that while the law now makes Aadhaar numbers confidential, the government has failed to specify data masking standards. Section 6 of the Aadhaar Regulations lays down that no government or private agency should publish Aadhaar numbers unless they are redacted or blacked out “through appropriate means”.</p>
<p>But this is too vague, the report points out. “In some instances, the first four digits are masked while in others the middle digits are masked,” Srinivas Kodali, one of the authors of the report, explained, “which means someone with access to different databases can use tools for aggregation to reconstruct information hidden or masked in a particular database.”</p>
<p>Kodali said that for information other than Aadhaar numbers, each ministry and department is required to classify the data that is sensitive, restricted or open, which they have failed to do. “The National Data Sharing and Accessibility Policy, 2012 requires securing information of sensitive and restricted data but it does not recommend the ways to do it,” he said. “The standards around information disclosure and control do not exist, and the Ministry of Statistics expert committee on this was <a class="link-external" href="http://www.mospi.gov.in/sites/default/files/publication_reports/SDC_Report_30mar17.pdf?download=1" rel="nofollow" target="_blank">unable to suggest</a> one last month.”</p>
<p>“Even for MNREGA data,” Kodali continued, “the Ministry of Rural Development’s chief data officer should have classified the financial information as restricted or open when the database was first created. But did they do this.”</p>
<p>Nagesh Singh, the additional secretary, however said his ministry “does not have a chief data officer to do this”. “The ministry’s economic advisor is the official responsible for categorising data and advises us on this,” he added.</p>
</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/scroll-may-20-2017-anumeha-yadav-will-aadhaar-leaks-be-used-as-an-excuse-to-shut-out-scrutiny-of-welfare-schemes'>http://editors.cis-india.org/internet-governance/news/scroll-may-20-2017-anumeha-yadav-will-aadhaar-leaks-be-used-as-an-excuse-to-shut-out-scrutiny-of-welfare-schemes</a>
</p>
No publisherAnumeha YadavAadhaarInternet GovernancePrivacy2017-05-20T07:09:51ZNews ItemWill Aadhaar Act Address India’s Dire Need For a Privacy Law?
http://editors.cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law
<b></b>
<p>The article was published by <a class="external-link" href="http://www.thequint.com/opinion/2016/03/30/will-aadhaar-act-address-indias-dire-need-for-a-privacy-law">Quint </a>on March 31, 2016.</p>
<hr />
<table class="plain">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/Snapshot.jpg" alt="Snapshot" class="image-inline" title="Snapshot" /></th>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">The passage of the <i>Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016</i> (will hereby be referred to as “the Act”) has led to flak for the government from <a href="http://cis-india.org/internet-governance/blog/aadhaar-bill-fails-to-incorporate-suggestions-by-the-standing-committee" rel="external"><span>privacy advocates</span></a>, academia and <a href="http://cis-india.org/internet-governance/blog/list-of-recommendations-on-the-aadhaar-bill-2016" rel="external"><span>civil society</span></a>, to name a few.</p>
<p style="text-align: justify; ">To my mind, the opposition deserves its fair share of criticism (lacking so far), for its absolute failure to engage with and act as a check on the government in the passage of the Act, and the events leading up to it.</p>
<p style="text-align: justify; ">The government’s introduction of the Act as a ‘money bill’ under Article 110 of the <a href="http://indiacode.nic.in/coiweb/welcome.html" rel="external"><span>Constitution of India</span></a> (“this/the Article”) is a mockery of the constitutional process. It renders redundant, the role of the Rajya Sabha as a check on the functioning of the Lower House.</p>
<blockquote class="quoted">Article 110 limits a ‘money bill’ only to six specific instances: covering tax, the government’s financial obligations and, receipts and payments to and from the Consolidated Fund of India, and, connected matters.</blockquote>
<p>The Act lies well outside the confines of the Article; the government’s action may attract the attention of the courts.</p>
<h2>Political One-Upmanship</h2>
<table class="plain">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/copy_of_Arun.jpg/@@images/93b5fc12-dc62-419d-8ef1-e0b188a12db9.jpeg" alt="Arun Jaitely" class="image-inline" title="Arun Jaitely" /></th>
</tr>
<tr>
<td>Finance Minister Arun Jaitley (left) listens to Reserve Bank of India (RBI) Governor Raghuram Rajan. (Photo: Reuters)</td>
</tr>
</tbody>
</table>
<p style="text-align: justify; ">In the past, the Supreme Court (“the Court”) has stepped into the domain of the Parliament or the Executive when there was a complete and utter disregard for India’s constitutional scheme. In recent constitutional history, this is perhaps most noticeable in the anti-defection cases, (beginning with Kihoto Hollohan in 1992); and, in the SR Bommai case in 1994, on the imposition of the President’s rule in states.</p>
<p style="text-align: justify; ">In hindsight, although India has benefited from the Court’s action in the <i>Bommai </i>and <i>Hollohan </i>cases, it is unlikely that the passage of the Aadhaar Act as a ‘money bill’, reprehensible as it is, meets the threshold required for the Court’s intervention in Parliamentary procedure.</p>
<p>Besides, the manner of its passage, the Act warrants</p>
<ul>
<li>Censure for its <a href="http://cis-india.org/internet-governance/blog/epw-27-february-2016-hans-varghese-mathews-flaws-in-uidai-process" rel="external"><span>process</span></a></li>
<li>Its (in)<a href="http://www.thehindu.com/opinion/lead/lead-article-on-aadhaar-bill-by-chinmayi-arun-privacy-is-a-fundamental-right/article8366413.ece" rel="external"><span>compatibility with fundamental rights</span></a></li>
<li>The<a href="http://thewire.in/2016/03/10/aadhaar-bill-fails-to-incorporate-standing-committees-suggestions-24433/" rel="external"><span> failure to incorporate the suggestions</span></a> of the Yashwant Sinha-led Standing Committee to UPA’s NIDAI Bill</li>
<li>The <a href="http://economictimes.indiatimes.com/news/politics-and-nation/aadhaar-more-intrusive-than-us-surveillance-exposed-by-snowden-say-privacy-advocates/articleshow/51425678.cms" rel="external"><span>possibility of surveillance</span></a> that it presents</li>
<li>The lack of measures to protect personal information</li>
<li>Its inadequate privacy safeguards</li>
<li>The <a href="http://www.business-standard.com/article/economy-policy/aadhaar-linked-lpg-govt-says-rs-15-000-cr-saved-survey-says-only-rs-14-cr-in-fy15-116031800039_1.html" rel="external"><span>questions</span></a> around the realisation of its <a href="http://www.business-standard.com/article/economy-policy/aadhaar-enabled-e-kyc-can-save-rs-10-000-cr-over-next-5-yrs-survey-116031800760_1.html" rel="external"><span>stated purpose</span></a>.</li>
</ul>
<p>Instead, a part of the Aadhaar debate has involved political one-upmanship between the Congress and the BJP, <a href="http://www.businesstoday.in/current/policy/nda-aadhaar-is-a-far-cry-from-what-upa-proposed/story/230403.html" rel="external"><span>pitting the former’s NIDAI Bill against the latter’s Aadhaar Act</span></a>.</p>
<p>While an academic <a href="http://cis-india.org/internet-governance/blog/a-comparison-of-the-2016-aadhaar-bill-and-the-2010-nidai-bill" rel="external"><span>comparison </span></a>between the two is welcome, its use as a tool for political supremacy would be laughable, were it not deeply problematic, given the many serious concerns highlighted above.</p>
<h2>Better Than UPA Bill?</h2>
<table class="plain">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/copy2_of_PrivacyLaw.jpg/@@images/ce543cf9-a4aa-4bcd-8483-98e0c3a58148.jpeg" alt="Privacy" class="image-inline" title="Privacy" /></th>
</tr>
<tr>
<td style="text-align: center; ">The Act may have more privacy safeguards than the earlier UPA Bill. (Photo: iStockphoto)</td>
</tr>
</tbody>
</table>
<div>
<p>And while the Act may have more privacy safeguards than the earlier UPA Bill, <a href="http://economictimes.indiatimes.com/news/politics-and-nation/aadhaar-more-intrusive-than-us-surveillance-exposed-by-snowden-say-privacy-advocates/articleshow/51425678.cms" rel="external"><span>critics have argued</span></a> that they not up to the international standard, and instead, that they are plagued by opacity.</p>
<p>Additionally, despite claims that the Act is a <a href="http://scroll.in/article/805348/corex-correction-the-real-problem-with-the-recent-ban-of-344-drugs-in-india" rel="external"><span>significant improvement over the UPA Bill</span></a>, it fails to address concerns, including around the centralised storage of information, that were<a href="http://www.livemint.com/Politics/l0H1RQZEM8EmPlRFwRc26H/Govt-narrative-on-Aadhaar-has-not-changed-in-the-last-six-ye.html" rel="external"><span> raised by civil society members</span></a> and others.</p>
<p style="text-align: justify; ">Perhaps most problematically, however, the Act takes away an individual’s control of her own information. Subsidies, government benefits and services are linked to the mandatory possession of an Aadhar number (Section 7 of the Act), effectively <a href="http://www.firstpost.com/india/no-aadhaar-for-invading-privacy-uid-is-mandatory-even-though-govt-wants-you-to-believe-its-not-2681214.html" rel="external"><span>negating the ‘freedom’ </span></a>of voluntary enrollment (Section 3 of the Act). This directly contradicts the recommendations of the Justice AP Shah Committee, before whom the Unique Identification Authority of India <a href="http://scroll.in/article/804922/seven-reasons-why-parliament-should-debate-the-aadhaar-bill-and-not-pass-it-in-a-rush" rel="external"><span>had earlier stated that </span></a>enrollment in Aadhaar was voluntary.</p>
<p>To make matters worse, the individual does not have the authority to correct, modify or alter her information; this lies, instead, with the UIDAI alone (Section 31 of the Act). And the sharing of such personal information does not require a court order in all cases.</p>
<table class="plain">
<tbody>
<tr>
<th><img src="http://editors.cis-india.org/home-images/Students.jpg/@@images/af2356b9-df1f-45b9-8a7b-8fb3321769f7.jpeg" alt="Students" class="image-inline" title="Students" /></th>
</tr>
<tr>
<td style="text-align: center; ">Kanhaiya Kumar speaking in JNU on 3 March 2016. (Photo: PTI)</td>
</tr>
</tbody>
</table>
</div>
<p> </p>
<div>It may be authorised by Executive authorities under the vague, ill-understood concept of ‘national security’, (Section 33(2) of the Act) which the Act does not define. We would do well to learn the dangers of leaving ‘national security’ open to interpretation, in the aftermath of the recent events at JNU.</div>
<div></div>
<p><br />These recent events around Aadhaar have only underscored the dire urgency for comprehensive privacy legislation in India and, the need to overhaul our data protection laws to meet our constitutional commitments along with international standards.</p>
<div style="text-align: justify; ">Meanwhile, constitutional challenges to the Aadhaar scheme are currently pending in the Supreme Court. The Court’s verdict may well decide the future of the Aadhaar Act, with the stage already set for a constitutional challenge to the legislation. The BJP’s victory in this case may be short-lived.</div>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law'>http://editors.cis-india.org/internet-governance/blog/the-quint-march-31-2016-nehaa-chaudhari-will-aadhaar-act-address-indias-dire-need-for-a-privacy-law</a>
</p>
No publishernehaaAadhaarInternet GovernancePrivacy2016-04-05T16:01:06ZBlog EntryWhy your Facebook Stalker is Not the Real Problem
http://editors.cis-india.org/internet-governance/facebook-stalker-is-not-real-problem
<b>We live in networked conditions. This is a statement that can now be taken at face-value, and immediately explains our highly connected, inter-meshed environments finds Nishant Shah in this article published in FirstPost on March 20, 2012.</b>
<p>Especially within the digital world, the World Wide Web has become synonymous with social networking systems, where increasingly all our access, communication and interaction is located within a series of interconnected networks.</p>
<p>From the imagination of the web as a complex network, we have evolved to looking at the web as facilitating networks where different relationships, transactions and connections can be mapped and managed. This is why we often have romantic imaginations of networks as free, open, collaborative, shared spaces of interaction and expression.</p>
<p>However, we have reached a stage where this idea of a network as a liberatory space is under threat. Even as I write this, Internet Service Providers are now planning to set up sophisticated, automated systems that will do a deep-spy on your data transfer to see if you are sharing files (sometimes also called piracy) using the Internet.</p>
<p>These systems will now keep track of all your digital transactions and will monitor what you consume, who you talk to and determine whether you are a good ethical subject who is only using the Internet in ways that the powers to be want you to.<br /><br />For me, this particular networked condition of being constantly monitored and watched is scary. And it surprises me that this invasive process is less in public attention than Google’s recently changed privacy policies or the TOS-in-progress nature of privacy on Facebook.<br /><br />This is because the ubiquitous presences of networks in our lives have made them transparent to us – we do not think of the networks themselves as entities but as spaces where interactions with other objects is possible. Hence, if I ask you, right now, to name the top 5 entities that you interact with the most on Facebook, I am sure you will be able to name them. More probably than not, these top 5 entities with people that you have formed strong Facebook Friendships with.<br /><br />In fact there are platforms designed to let you know who you are talking with most on your networks. Network influence measurement indices by services like Klout are able to tell you not only who you talk to but also what are your key areas of influence. This is a way by which the network becomes invisible to us. It hides the fact that the thing that talks to you the most on Facebook is Facebook itself.<br /><br />The marketing of Facebook might tell you that you are talking to other human beings, but reality is that the network is more than the sum total of all human beings on the system. Just look at the amount of information Facebook produces on your behalf and to you. Notifications for adding friends, for liking people, for people writing to you, for people commenting on your walls and posts, form more than 50% of the information traffic on Facebook or social networking systems.<br /><br />This information is produces and shared by scripts, coded bots, algorithmic applications, and non-human entities that not only support and sustain the network but are also significant members of the networks.<br /><br />This is the actual networked condition – where the processes and entities that make the networks possible, produce an illusion of seamless communication and interaction, while performing and extraordinary amount of information and for you.</p>
<p>This blindness to our own ‘networkedness’ has crucial ramifications for our online activities because it makes us oblivious to questions of privacy, control, safety and trust. We have privacy settings to protect us from human entities on Facebook. There is very little concern about the non-human entities who store, distribute and use the data that we produce. If we don’t even know what these watchers are, how do we protect ourselves from being watched? What happens when between you and your ‘friend’, is a series of silent interceptors who are recording and using your data without your knowledge?<br /><br />Being in a network is like being in a glass-house. We cannot see the walls and hence, we presume that we need our privacy from the other inhabitants of the same house. However, in that, we forget that the walls are watching, and that there are invisible watchers beyond the walls, who are in control.<br /><br />It is time to make our networks visible again. It is time to realise that what we really need to be afraid of, on social networking systems, is the social network itself, and not the mythical stranger who wants to stalk us or that unwanted friend you want to exclude from your information sharing.<br /><br />Privacy and safety are not merely compromised at the interface, where information might leak and travel into zones outside of your knowledge and control. The real questions of being safe are actually in the protocols and designs of the network itself.<br /><br />We need to start looking at larger invasive policies exercises by the different invisible actors like the ISP, ICT ministries, corporate policies, design choices and architecture of interception that sustain the networks we so gladly embrace.</p>
<p><em>Nishant Shah is Director-Research at the Bangalore based Centre for Internet and Society and recently edited a 4 volume book on youth, technology and change, titled ‘Digital AlterNatives with a Cause?’</em></p>
<p><a class="external-link" href="http://www.firstpost.com/tech/why-your-facebook-stalker-is-not-the-real-problem-249872.html">Read this in FirstPost</a></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/facebook-stalker-is-not-real-problem'>http://editors.cis-india.org/internet-governance/facebook-stalker-is-not-real-problem</a>
</p>
No publishernishantInternet GovernancePrivacy2012-03-21T05:02:16ZBlog EntryWhy We Should All Worry About The Mandatory Imposition Of Aadhaar
http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar
<b>It appears that with each passing day, the government is linking an increasing number of benefits and government services to the 12-digit biometric-based Aadhaar number for Indians, despite growing concerns around its data privacy and security.</b>
<p style="text-align: justify; ">The article by Rimin Dutt and Ivan Mehta was published by <a class="external-link" href="http://www.huffingtonpost.in/2017/03/24/why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaa_a_22009826/">Huffington Post</a> on March 24, 2017. Sunil Abraham was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">Aadhaar, which collects among other information, citizens' iris scans and fingerprints and stores them into a centralised database for a prolonged time with only loose guidelines and no pre-existing laws to ensure the privacy of that data, is now linked to no less than 38 government schemes, including the government's latest directive –- that Aadhaar become mandatory for tax filing and securing PAN numbers -- introduced by Finance Minister Arun Jaitley earlier this week.</p>
<p style="text-align: justify; ">Jaitley openly admitted on Wednesday in the Parliament that the government, in effect, would be forcing people to get Aadhaar in an effort to increase tax compliance.</p>
<p style="text-align: justify; ">Aadhaar's use, by no means, is restricted to government agencies alone. A growing number of private financial institutions are now fulfilling their "Know Your Customer" or e-KYC formalities by making Aadhaar compulsory. The government is also in the <a href="http://economictimes.indiatimes.com/news/economy/policy/aadhaar-based-kyc-likely-across-financial-sector/articleshow/57800209.cms" target="_blank">process</a> of making Aadhaar the basis of all financial transactions.</p>
<p style="text-align: justify; ">While the timing of the government's aggressive push of Aadhaar, in itself, is raising eyebrows among <a href="https://scroll.in/article/832503/what-explains-the-desperation-to-make-aadhaar-mandatory-for-tax-returns-after-july-1-2017" target="_blank">political observers</a>, there are some serious concerns about this unique experiment that deserve stronger scrutiny.</p>
<h3 style="text-align: justify; ">Why disregard the Supreme Court?</h3>
<p style="text-align: justify; ">In making Aadhaar mandatory for filing taxes and securing core taxpayer identity, the government has openly gone against a Supreme Court order from last year that explicitly stated that the Aadhaar Card scheme is "purely voluntary" and cannot be made mandatory until the court has decided on this.</p>
<p style="text-align: justify; ">The government has defended its move, saying it is allowed to do so under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act 2016.</p>
<p style="text-align: justify; ">However, as Gopal Krishna, a member of the Citizens Forum for Civil Liberties, <a target="_blank">writes</a> in Business Today, the passage of the Act by the Parliament "does not automatically imply that any agency can make UID/Aadhaar compulsory disregarding the Supreme Court's orders."</p>
<p style="text-align: justify; ">According to Krishna, in doing so, the government is "clearly stepping beyond" the mandate of the Aadhaar Act, and also acting in contempt of the Parliament, according to him.</p>
<p style="text-align: justify; ">In addition, if tax evasion was the driving factor behind the move, it begs the question — wouldn't forcing people to get Aadhaar actually do the opposite by adding another layer of hassle?</p>
<p style="text-align: justify; ">Indeed, tax experts have noted how this requirement may hinder tax collection. Archit Gupta, Founder & CEO ClearTax.com, a tax service provider <a href="http://www.huffingtonpost.in/2017/03/22/budget-part-ii-here-are-the-highlights-of-the-sweeping-changes_a_21905740/" target="_blank">told </a><i>HuffPost India, "</i>The [Aadhaar] announcement is likely to be a dampener to tax filers, specially first-timers ... FY 2016-17 filing is expected to see a large number of first-time filers due to demonetisation efforts, and this move may make them more guarded."</p>
<h3 style="text-align: justify; ">Why not strengthen PAN?</h3>
<p style="text-align: justify; ">The government already has an extensive mandate for the Permanent Account Number (PAN) cards, which are required to validate several important services or for undertaking transactions such as buying and selling property or jewellery worth over ₹2 lakhs. Last year, the government, in fact, said that the National Pension System (NPS) scheme would accept PAN cards over Aadhaar cards to validate new customers.</p>
<p style="text-align: justify; ">On Wednesday, however, Jaitley said PAN cards have been misused by certain people to evade taxes, and there are reports that Aadhaar may become the ultimate authenticating document. However, the continued and growing use of PAN along with Aadhaar adds an extra layer of formalities for citizens to access government services, which are their constitutionally guaranteed rights.</p>
<h3 style="text-align: justify; ">How safe is Aadhaar anyway?</h3>
<p style="text-align: justify; ">Depending on who you talk to, the safety concerns of Aadhaar come up as a pressing issue, especially in the wake of a recent security incident when the Unique Identification Authority of India initiated police action against entities associated with Axis Bank including Suvidhaa Infoserve and e-sign provider eMudhra, which had allegedly <a href="http://www.livemint.com/Industry/IKgrYL5pg3eTgfaP253XKI/Aadhaar-data-breach-triggers-privacy-concerns.html" target="_blank">engaged </a>in unauthorised authentication and impersonation by illegally storing Aadhaar biometrics.</p>
<p style="text-align: justify; ">Earlier this month, in a separate incident, security researcher Srinivas Kodali warned Indian authorities of a website that was leaking Aadhaar demographic data of over five lakh minors, as well as the existence several parallel databases that had key identification data linked to Aadhaar, <i>Scroll </i><a href="https://scroll.in/article/830589/under-the-right-to-information-law-aadhaar-data-breaches-will-remain-a-state-secret" target="_blank">reported.</a></p>
<p style="text-align: justify; ">In the absence of any privacy laws in India, these security concerns have assumed even greater significance.</p>
<p style="text-align: justify; ">UIDAI, the authority behind Aadhaar, has <a href="https://uidai.gov.in/images/news/Press_Statement_06032017.pdf" target="_blank">maintained </a>the technology behind Aadhaar is robust and that it uses advanced encryption to transmit and store data. It specifically denied that any breach of centralised data took place in the Axis Bank incident, saying the case was an isolated incident.</p>
<p style="text-align: justify; ">However, in a rather ironic twist in the Aadhaar Act, which itself contains no provisions to address privacy concerns, any legal action against any misuse or theft of Aadhaar data can only be initiated by UIDAI, leaving citizens with no legal recourse should a breach occur.</p>
<p style="text-align: justify; ">That represents an obvious conflict of interest as it gives exclusive power to the very authority that is responsible for the security and confidentiality of identity information and authentication records, PRS Legislative Research, has noted.</p>
<p style="text-align: justify; ">In addition, the controversial Aadhaar Act contains several other inherent dangers such as the potential to profile citizens based on the linking of other databases with Aadhaar by studying patterns of behaviour.</p>
<p style="text-align: justify; ">"Techniques such as running computer programmes across datasets for pattern recognition can be used for various purposes such as detecting potential illegal activities...However, these can also lead to harassment of innocent individuals who get identified incorrectly as potential threats," noted PRS Legislative.</p>
<p style="text-align: justify; ">There are currently no safeguards to prevent inappropriate profiling, instances of which could increase as more and more private organisations link their data to Aadhaar, and potentially exploit data for<a href="https://scroll.in/article/824874/what-happens-to-privacy-when-companies-have-your-aadhaar-number" target="_blank"> commercial purposes</a> without the consent of citizens.</p>
<p style="text-align: justify; ">The US, in comparison, has laws in place that require agencies that collects data to submit an annual report to US Congress on all such data mining activities.</p>
<h3 style="text-align: justify; ">Other unresolved concerns</h3>
<p style="text-align: justify; ">There are several other concerns related to the widespread use of Aadhaar card and the power it is afforded under the Aadhar act. The act allows UIDAI to collect biometric information beyond iris and fingerprint scans, for example, to include other bio-data such as DNA, noted PRS.</p>
<p style="text-align: justify; ">The act also allows private agencies to use Aadhaar, which contradicts an earlier stated objective of the scheme that sought to restrict the use of Aadhaar for only government expenditures.</p>
<p style="text-align: justify; ">"It allows private persons to use Aadhaar as a proof of identity for any purpose. This provision will enable private entities such as, airline, telecom, insurance, real estate etc. companies, to require Aadhaar as a proof of identity for availing their services," PRS has noted.</p>
<p style="text-align: justify; ">There's also the worrying prospect of Aadhaar being used as a surveillance tool by the government, instead of an e-governance technology, Sunil Abraham, executive director of research organisation, Centre for Internet and Society, <a href="http://www.thehindubusinessline.com/specials/india-file/aadhaar-the-12digit-conundrum/article9582271.ece" target="_blank">told </a>the <i>The Hindu Business Line, </i>adding<i> </i>biometrics only make citizens transparent to the state and not the state transparent to citizens.</p>
<p style="text-align: justify; ">"We warned the government six years ago, but they ignored us," said Abraham.</p>
<p style="text-align: justify; ">Krishna has a more dire <a href="http://www.businesstoday.in/current/economy-politics/will-aadhaar-cause-death-of-civil-rights/story/248331.html" target="_blank">warning:</a> "The JAM Trinity -- Jan Dhan Yojana, Aadhaar and mobile numbers -- may well be a fish bait to trap unsuspecting citizens into the world's biggest transnational biometric database to turn them into subjects under surveillance forever in the name of a set of welfare and anti-poverty policies.</p>
<h3 style="text-align: justify; ">What has been done to address the security concerns?</h3>
<p style="text-align: justify; ">It is unclear what the government or UIDAI may have done in the wake of the security incident to upgrade its systems. According to an expert <i>HuffPost Post India </i>talked to, many third party apps that are using Aadhar data may not be screened or audited for security, which is a huge worry.</p>
<p style="text-align: justify; ">Kodali told HuffPost India that Aadhaar has potential design issues when it comes to information security.</p>
<p style="text-align: justify; ">"By design it allows anyone store information of the Aadhaar holder through [application programming interface]. This is creating many parallel databases with Aadhaar as a key," he said.</p>
<p style="text-align: justify; ">He notes that security is an afterthought for many institutions and companies.</p>
<p style="text-align: justify; ">"UIDAI and the architects of Aadhaar do not accept that data can be a liability instead of an asset," he said. "The mandatory nature of Aadhaar without the right infrastructure and skilled workforce is not just a cyber security issue, but a national security issue."</p>
<h3 style="text-align: justify; ">When will India get privacy laws?</h3>
<p style="text-align: justify; ">No one quite knows. But there's a growing call for a need for strict privacy laws, given the move towards digital financial transactions and growing e-commerce use. Most advanced economies including the US, the UK, France, Australia and New Zealand have <a href="http://www.pcquest.com/no-your-aadhaar-data-is-not-secure/" target="_blank">enacted privacy laws.</a></p>
<p style="text-align: justify; ">However, in India, the right to privacy still doesn't exist despite it being recognised by even the UN charter of human rights. Article 12 of the Universal Declaration of Human Rights states, "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."</p>
<p style="text-align: justify; ">The potential for cyber criminals to misuse citizen data isn't lost on even prominent IT industry experts.</p>
<p style="text-align: justify; ">Recently, the chief of IT industry body Nasscom R Chandrashekhar <a href="http://tech.firstpost.com/news-analysis/nasscom-chief-saying-full-data-protection-isnt-possible-should-wake-us-from-our-digital-slumber-367183.html" target="_blank">told</a> <i>PTI </i>that personal data of online consumers can never be fully secure, emphasising the need for strict consumer protection laws. "More than 3 million credit card data details were misused recently. Let us face it, these kind of security breaches will take place. There is nothing called fully perfect security in IT," he said.</p>
<p style="text-align: justify; ">To be sure, Aadhaar has been lauded by several prominent experts and economists, and it is, undoubtedly, an ambitious project to potentially aid financial inclusion for a large population that has historically been outside of a formal financial services net. India also has one of the lowest tax compliance rates, making tax collection a priority for the government.</p>
<p style="text-align: justify; ">Recently, Paul Romer, World Bank's chief economist <a href="https://qz.com/933907/paul-romer-on-aadhaar-world-banks-top-economist-says-indias-controversial-id-program-should-be-a-model-for-other-nations/" target="_blank">told </a><i>Bloomberg, "</i>The system in India is the most sophisticated that I've seen ... It's the basis for all kinds of connections that involve things like financial transactions. It could be good for the world if this became widely adopted."</p>
<p style="text-align: justify; ">But given the sensitivity of citizen biometrics data and potential for misuse, the government ought to be held accountable for its proper use and ensure enough safeguards are put in place before its imposition on each citizen.</p>
<p style="text-align: justify; "><i><b> </b></i></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar'>http://editors.cis-india.org/internet-governance/news/huffington-post-rimin-dutt-ivan-mehta-march-24-2017-why-we-should-all-worry-about-the-mandatory-imposition-of-aadhaar</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-03-27T15:02:10ZNews Item Why the DNA Bill is open to misuse: Sunil Abraham
http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham
<b>The Human DNA Profiling Bill, the law that regulates the collection, storage and use of the human genetic code, has attracted some strong criticism from civil liberties groups including the Bengaluru-based Centre for Internet and Society (CIS) which had participated in the expert committee for DNA profiling constituted by the Department of Biotechnology in 2012.</b>
<p style="text-align: justify; "><span class="p-content">CIS circulated a detailed dissent note earlier this year on the draft of the Bill. As the government gets ready to table the Bill in Parliament, CIS Executive Director <b>Sunil Abraham</b> tells <i>Kanika Datta</i> why the provisions of the Bill are open to misuse and invasion of privacy. Edited excerpts:</span></p>
<p style="text-align: justify; "><span class="p-content"><span class="p-content"><b>Why does Centre for Internet and Society reject using DNA analysis for non-forensic use as set out in the Human DNA Profiling Bill in its current form? What are the possible risks involved here?</b><br /> <br /> The problem here is that the introduction to the Bill talks of DNA matches "without a doubt". But the way we understand it, biometric technology depends on approximate matching and not discrete matching. Unlike, say, the technology used for matching digital signatures, machines for matching DNA, fingerprints or the iris specify a false positive ratio when they leave the factory - that's what created the controversy in the O J Simpson trial, for example. This means you have to be very conservative in populating the database. For a given false positive ratio - the larger the database the greater the incidence of mistaken identification. That is why we think that for purposes other than forensic use, it would be better to create other databases.<br /> <br /> Let me clear: we are not Luddites but neither are we naïve techno-enthusiasts. After all, the Innocence Project in the US has managed to overturn the convictions of many people who were held guilty through DNA evidence. But it is a myth that the more sophisticated the technology the more secure and accurate it is. In fact, the reverse is often true. For instance, the voter machines we use in India are primitive technology but they are much harder to compromise compared to the voting machines used in the US. Given all this, we believe that there should be "process fixes", such as sending DNA collected from a crime scene to two laboratories as a check and balance against the fallibility of human beings and machines.<br /> <br /> <b>CIS made the point that the powers of the DNA Board are too wide. In what possible way could these powers be misused since the Board is to be an independent authority?</b><br /> <br /> When this exercise was started, the DNA Board had 26 functions. We proposed that this be cut this down to ten, which was accepted by a sub-committee. But when the final Bill came back it rejected the consensus view and restored the 26 functions, including things like "raising the general awareness". All this detracts from the Board's primary role and efficiency and expands its discretionary powers. It is true that a good regulator needs some amount of discretion but this should be a limited discretion within a tightly defined scope -- this is true for any regulator, not just the DNA Board.<br /> <br /> <b>The provision that no civil suit can be entertained on any matter on which the DNA Board is empowered under the Act looks excessive. Is there any precedent that explains why this provision was introduced? What kind of oversight and checks and balances are there in other jurisdictions that could be incorporated in the Indian law? </b><br /> <br /> I can understand the logic here; the government is trying to ensure that the regulator has final say. After all, if you look at telecom, the decisions of the TDSAT (Telecom Dispute Settlement & Appellate Tribunal) can be appealed in the High Court and the Supreme Court. But eliminating judicial appeal as this Bill has state amounts to a violation of classic regulatory design by circumventing the appellate process. Ideally, we need a tripartite separation of law in which the executive frames policies, the DNA board implements them and the courts adjudicate upon them.<br /> <br /> <b>You have said the term "DNA Analysis" has not been defined. Could you explain the possible risks of the absence of a definition?</b><br /> <br /> DNA analysis is of many types and some of them allow you to get to know a person quite intimately in terms of their medical history, genetic traits and so on. But forensic analysis looks at a limited set of markers which are essentially privacy-protecting and from which no genetic traits can be determined. You can't, for instance, do a study on the genetic make-up of criminals from this analysis. Now, if this Bill is around law enforcement - which we know is the policy intention - then the DNA analysis should be limited to those markers. That would reduce the chances of abuse.<br /> <br /> <b>You have also criticised the low standards of information disclosure and suggest the issue should be vested in an independent third party rather than the DNA Bank Manager. Could you explain how this would help?</b><br /> <br /> In information and technology and telecom there is an executive authorisation mechanism in place for information sharing that requires the home secretary's permission for non-emergency situations and the head of the police station in the case of an emergency. We want a similar authorisation process - say, a judge and an established paper trail so that there are proper checks and balances. When personal information is involved, even the DNA Board is not well placed because its members are scientists whereas disclosure of personal information is a question of the law.<br /> <br /> <b>You have said the Bill has not been brought in line with the nine national privacy principles set out by an expert committee in 2012. Shouldn't a privacy law precede the passing of the DNA Bill in any case?</b><br /> <br /> It's not a chicken-and-egg situation, but the point to consider is that the world is moving towards European data protection principles, and something like 100 countries have adopted it. If we in India want to trade in European personal information (via our BPO and outsourcing businesses) we must have a law that is adequate from the data protection perspective. This means, among other things, mandating that anyone whose DNA profile is accessed receives a notice to this effect, for instance. We know that the Department of Personnel and Training has incorporated the principles set out in the Justice Shah report in the privacy Bill two years ago but we haven't heard anything about it since. If and when this Bill is enacted, it will have overriding powers over a host of laws. But where the DNA Bill is concerned, there is no reason for it not to take cognisance of a later law.<br /> <br /> <b>What has been the government's reaction to this dissent note?</b><br /> <br /> No reaction!</span></span></p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham'>http://editors.cis-india.org/internet-governance/news/business-standard-kanika-datta-august-1-2015-why-the-dna-bill-is-open-to-misuse-sunil-abraham</a>
</p>
No publishersunilDNA ProfilingInternet GovernancePrivacy2015-09-13T08:37:44ZNews ItemWhy NPCI and Facebook need urgent regulatory attention
http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention
<b>The world’s oldest networked infrastructure, money, is increasingly dematerialising and fusing with the world’s latest networked infrastructure, the Internet. </b>
<p style="text-align: justify; ">The article was published in the <a class="external-link" href="https://economictimes.indiatimes.com/industry/banking/finance/banking/why-npci-and-facebook-need-urgent-regulatory-attention/articleshow/64522587.cms">Economic Times</a> on June 10, 2018.</p>
<hr />
<p style="text-align: justify; ">As the network effects compound, disruptive acceleration hurtle us towards financial utopia, or dystopia. Our fate depends on what we get right and what we get wrong with the law, code and architecture, and the market.</p>
<p style="text-align: justify; ">The Internet, unfortunately, has completely transformed from how it was first architected. From a federated, generative network based on free software and open standards, into a centralised, environment with an increasing dependency on proprietary technologies.</p>
<p style="text-align: justify; ">In countries like Myanmar, some citizens misconstrue a single social media website, Facebook, for the internet, according to LirneAsia research. India is another market where Facebook could still get its brand mistaken for access itself by some users coming online. This is Facebook put so many resources into the battle over Basics, in the run-up to India’s network neutrality regulation. an odd corporation.</p>
<p style="text-align: justify; ">On hand, its business model is what some term surveillance capitalism. On the other hand, by acquiring WhatsApp and by keeping end-toend (E2E) encryption “on”, it has ensured that one and a half billion users can concretely exercise their right to privacy. At the time of the acquisition, WhatsApp founders believed Facebook’s promise that it would never compromise on their high standards of privacy and security. But 18 months later, Facebook started harvesting data and diluting E2E.</p>
<p style="text-align: justify; ">In April this year, my colleague Ayush Rathi and I wrote in Asia Times that WhatsApp no longer deletes multimedia on download but continues to store it on its servers. Theoretically, using the very same mechanism, Facebook could also be retaining encrypted text messages and comprehensive metadata from WhatsApp users indefinitely without making this obvious.</p>
<p style="text-align: justify; ">My friend, Srikanth Lakshmanan, founder of the CashlessConsumer collective, is a keen observer of this space. He says in India, “we are seeing an increasing push towards a bank-led model, thanks to National Payments Corporation of India (NPCI) and its control over Unified Payments Interface (UPI), which is also known as the cashless layer of the India Stack.”</p>
<p style="text-align: justify; ">NPCI is best understood as a shape shifter. Arundhati Ramanathan puts it best when she says “depending on the time and context, NPCI is a competitor. It is a platform. It is a regulator. It is an industry association. It is a profitable non-profit. It is a rule maker. It is a judge. It is a bystander.”</p>
<p style="text-align: justify; ">This results in UPI becoming, what Lakshmanan calls, a NPCI-club-good rather than a new generation digital public good. He also points out that NPCI has an additional challenge of opacity — “it doesn’t provide any metrics on transaction failures, and being a private body, is not subject to proactive or reactive disclosure requirements under the RTI.”</p>
<p style="text-align: justify; ">Technically, he says, UPI increases fragility in our financial ecosystem since it “is a centralised data maximisation network where NPCI will always have the superset of data.” Given that NPCI has opted for a bank-led model in India, it is very unlikely that Facebook able to leverage its monopoly the social media market duopoly it shares with in the digital advertising market to become a digital payments monopoly.</p>
<p style="text-align: justify; ">However, NCPI and Facebook both share the following traits — one, an insatiable appetite for personal information; two, a fetish for hypercentralisation; three, a marginal commitment to transparency, and four, poor track record as a custodian of consumer trust. The marriage between these like-minded entities has already had a dubious beginning.</p>
<p style="text-align: justify; ">Previously, every financial technology wanting direct access to the NPCI infrastructure had to have a tie-up with a bank. But for Facebook and Google, as they are large players, it was decided to introduce a multi-bank model. This was definitely the right thing to do from a competition perspective. But, unfortunately, the marriage between the banks and the internet giant was arranged by NPCI in an opaque process and WhatsApp was exempted from the full NPCI certification process for its beta launch.</p>
<p style="text-align: justify; ">Both NPCI and Facebook need urgent regulatory attention. A modern data protection law and a more proactive competition regulator is required for Facebook. The NPCI will hopefully also be subjected to the upcoming data protection law. But it also requires a range of design, policy and governance fixes to ensure greater privacy and security via data minimisation and decentralisation; greater accountability and transparency to the public; separation of powers for better governance and open access policies to prevent anti-competitive behaviour.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention'>http://editors.cis-india.org/internet-governance/blog/economic-times-june-10-2018-sunil-abraham-why-npci-and-facebook-need-urgent-regulatory-attention</a>
</p>
No publishersunilSocial MediaInternet GovernancePrivacy2018-06-12T02:07:42ZBlog EntryWhy is the UIDAI cracking down on individuals that hoard Aadhaar data?
http://editors.cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data
<b>Private firms' offer to print Aadhaar details on plastic card a breach of law.</b>
<p style="text-align: justify; ">The article by Alnoor Peermohamed was published by <a class="external-link" href="http://www.business-standard.com/article/economy-policy/why-is-the-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data-116041200400_1.html">Business Standard </a>on April 13, 2016. Sunil Abraham was quoted.</p>
<hr />
<p style="text-align: justify; ">The billion-strong citizen identification system, Aadhaar, has given rise to businesses keen on illegal harnessing of this private data, say the authorities.<br /><br /> Outfits are offering services to print the <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Aadhaar" target="_blank"><span>Aadhaar </span></a>details on plastic cards, something the Union information technology ministry warned against on Monday. These entities charge anywhere between Rs 50 and Rs 600, and are listed on e-commerce websites, apart from own online presence.<br /><br /> Under the Aadhaar law, collecting and storing of the data by private companies without the user’s consent is a crime. Monday’s warning from the ministry to e-commerce marketplaces such as Amazon, Flipkart and eBay to disallow merchants from collecting and printing such details was a result of this.<br /><br /> This newspaper could not find any listings of Aadhaar printing services on Flipkart but there was one on Amazon (taken down) and no less than five such listings on eBay.<br /><br /> PrintMyAadhaar is one of the more well organised outfits operating in this space. “Get your E-Aadhaar printed on a PVC card for easier handling,” reads their website. Users are prompted to fill their Aadhaar details on the website, pay Rs 50 and have the card sent to their houses. PrintMyAadhaar even offers discounts for bulk orders.<br /><br /> “Collecting such information or unauthorised printing of an Aadhaar card or aiding such persons in any manner may amount to a criminal offence, punishable with imprisonment under the Indian Penal Code and also Chapter VI of The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016,” read the statement from the ministry.<br /><br /> Currently, Aadhaar stores a person’s name, date of birth, sex and address, apart from their biometric data.<br /><br /> While the biometric data isn’t available to these PDF printing shops, the rest of the information is, according to Srikanth Nadhamuni, chief executive officer of Khosla Labs and a former head of technology at the Unique Identification Authority of India. However, collecting this data poses no security risk to the Aadhaar infrastructure, he added.<br /><br /> “Allowing somebody to accumulate large amounts of data from Aadhaar users in general is not a good practice. We should ensure that the Aadhaar details of people remain private and it should only be up to the discretion of the end-user to share this,” said Nadhamuni.<br /><br /> Some security experts say Aadhaar does pose a security risk, as it makes available an individual's details in the public domain. Several institutions are treating Aadhaar just like any other proof of identity.<br /><br /> “Transactions that should have been conducted using biometric authentication are being conducted just by presentation of paper documents. What is happening most commonly is that people are giving a printout or photocopy of their Aadhaar acknowledgement as their proof of identity to get a SIM card. The risk here is that somebody can get a mobile number against your name,” said Sunil Abraham, executive director of the non-profit Centre for Internet and Society.<br /><br /> He says the other technical issue with Aadhaar is the lack of a smart card that stores a person’s information, as in a digital signature. Due to the lack of this, people don’t know what information to keep private and what to make public. Conventional security techniques would have had a person keeping their PIN private (as with a bank account). If this personal PIN would have been saved on a smart card, which users wouldn’t have had much to worry about.<br /><br /> “In the case of Aadhaar, the authentication factor and the identification factor are in the public domain, because many people might have your UID number and people release their biometric data everywhere. Due to this broken technological solution, we are now through policy putting band-aids, saying people should not disclose their UID number unnecessarily,” added Abraham.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data'>http://editors.cis-india.org/internet-governance/news/business-standard-alnoor-peermohamed-april-13-2016-why-is-uidai-cracking-down-on-individuals-that-hoard-aadhaar-data</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2016-04-17T16:16:26ZNews Item