The Centre for Internet and Society
http://editors.cis-india.org
These are the search results for the query, showing results 111 to 115.
Automated Facial Recognition Systems (AFRS): Responding to Related Privacy Concerns
http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns
<b>Arindrajit Basu and Siddharth Sonkar have co-written this blog as the second of their three-part blog series on AI Policy Exchange under the parent title: Is there a Reasonable Expectation of Privacy from Data Aggregation by Automated Facial Recognition Systems? </b>
<p> </p>
<p> </p>
<p>The Supreme Court of India, in <a href="https://indiankanoon.org/doc/91938676/">Puttaswamy I</a><em> </em>recognized<em> </em>that
the right to privacy is not surrendered merely because the individual
is in a public place. Privacy is linked to the individual as it is an
essential facet of human dignity. Justice Chelameswar further clarified
that privacy is contextual. Even in a public setting, people trying to
converse in whispers would signal a claim to the right to privacy.
Speaking on a loudspeaker would naturally not signal the same claim.</p>
<p>The Supreme Court of Canada has also affirmed the notion of
contextual privacy. As recently as on 7 March, 2019, the Supreme Court
of Canada <a href="http://www.thecourt.ca/r-v-jarvis-carving-out-a-contextual-approach-to-privacy/" rel="noreferrer noopener" target="_blank">in a landmark decision</a> defined privacy rights in public areas implicitly applying <a href="https://crypto.stanford.edu/portia/papers/RevnissenbaumDTP31.pdf">Helena Nissenbaum’s theory of contextual integrity</a>.
Helena Nissenbaum explains that the extent to which the right to
privacy is eroded in public spaces with the help of her theory of
contextual integrity.</p>
<p>Nissenbaum suggests that labelling information as exclusively public
or private fails to take into account the context which rationalises the
desire of the individual to exercise her privacy in public. To explain
this with an illustration, there exists a reasonable expectation of
privacy in the restroom of a restaurant, even though it is in a public
space.</p>
<p>In <a href="http://www.thecourt.ca/r-v-jarvis-carving-out-a-contextual-approach-to-privacy/"><em>R v Jarvis</em></a> (Jarvis), the Court overruled a Court of Appeal for Ontario <a href="https://www.canlii.org/en/on/onca/doc/2017/2017onca778/2017onca778.pdf">decision</a>
to hold that people can have a reasonable expectation of privacy even
in public spaces. In this case, Jarvis was charged with the offence of
voyeurism for secretly recording his students. The primary issue that
the Supreme Court of Canada was concerned with was whether the students
filmed by Mr. Jarvis enjoyed a reasonable expectation of privacy at
their school.</p>
<p>The Court in this case unanimously held that students did indeed have
a reasonable expectation of privacy. The Court concluded nine
contextual factors relevant in determining whether a person has a
reasonable expectation to privacy would arise. The listed factors were:</p>
<p>“1. The location the person was in when he or she was observed or recorded,</p>
<p>2. The nature of the impugned conduct (whether it consisted of observation or recording),</p>
<p>3. Awareness of or consent to potential observation or recording,</p>
<p>4. The manner in which the observation or recording was done,</p>
<p>5. The subject matter or content of the observation or recording,</p>
<p>6. Any rules, regulations or policies that governed the observation or recording in question,</p>
<p>7. The relationship between the person who was observed or recorded and the person who did the observing or recording,</p>
<p>8. The purpose for which the observation or recording was done, and</p>
<p>9. The personal attributes of the person who was observed or recorded.” (paragraph 29 of the judgement).</p>
<p>The Court emphasized that the factors are not an exhaustive list, but
rather were meant to be a guiding tool in determining whether a
reasonable expectation of privacy existed in a given context. It is not
necessary that each of these factors is present in a given situation to
give rise to an expectation of privacy.</p>
<p>Compared to the above-mentioned factors in Jarvis, the Indian Supreme Court in <a href="https://indiankanoon.org/doc/127517806/">Justice K.S Puttaswamy (Retd.) v. Union of India</a>: Justice Sikri (Puttaswamy II) <strong>—</strong>
the case which upheld the constitutionality of the Aadhaar project
relied on the following factors to determine a reasonable expectation of
privacy in a given context:</p>
<p>“(i) What is the context in which a privacy claim is set up?</p>
<p>(ii) Does the claim relate to private or family life, or a confidential relationship?</p>
<p>(iii) Is the claim a serious one or is it trivial?</p>
<p>(iv) Is the disclosure likely to result in any serious or significant injury and the nature and extent of disclosure?</p>
<p>(v) Is disclosure relates to personal and sensitive information of an identified person?</p>
<p>(vi) Does disclosure relate to information already disclosed publicly? If so, its implication?”</p>
<p>These factors (acknowledged in Puttaswamy II in paragraph 292) seem
to be very similar to the ones laid down in Jarvis, i.e., there is a
strong reliance on the context in both cases. While there is no explicit
mention of individual attributes of the individual claiming a
reasonable expectation, the holding that children should be given an opt
out indicates that the Court implicitly takes into account personal
attributes (e.g. age) as well.</p>
<p>The Court in Jarvis further (in paragraph 39) took the example of a
woman in a communal change room at a public pool. She may expect other
users to incidentally observe her undress but she would continue to
expect only other women in the change room to observe her and reserve
her rights against the general public. She would also expect not to be
video recorded or photographed while undressing, both from other users
of the pool and by the general public. </p>
<p>If it is later found out that the change room had a one-way glass
which allowed the pool staff to view the users change — or if there was a
concealed camera recording persons while they were changing, she could
claim a breach of her reasonable expectation of privacy under such
circumstances and it would constitute an invasion of privacy.</p>
<p><strong>So, in the context of an AFRS, an individual walking down a
public road may still signal that they wish to avail of their right to
privacy. In such contexts, a concerted surveillance mechanism may come
up against constitutional roadblocks.</strong></p>
<p><strong>What is the nature of information being collected?</strong></p>
<p>The second big question <strong>—</strong> the nature of information
which is being collected plays a role in determining the extent to which
a person can exercise their reasonable expectation of privacy.
Puttaswamy II laid down that collection of core biometric information
such as fingerprints, iris scans in the context of the Aadhaar-Based
Biometric Authentication (‘ABBA’) is constitutionally permissible. The
basis of this conclusion is that the Aadhaar Act does not deal with the
individual’s intimate or private sphere.</p>
<p>The judgement of the Supreme Court in Puttaswamy II is in a very
specific context (i.e. the ABBA). It does not explain or identify the
contextual factors which determine the extent to which privacy may be
reasonably expected over biometrics generally. In this judgment, the
Court observed that demographic information and photographs do not raise
a reasonable expectation of privacy under Article 21 unless there exist
special circumstances such as the disclosure of juveniles in conflict
of law or a rape victim’s identity.</p>
<p><strong>Most importantly, the Court held that face photographs for
the purpose of identification are not covered by a reasonable
expectation of privacy. The Court distinguished face photographs from
intimate photographs or those photographs which concern confidential
situations. </strong></p>
<p><strong>Face photographs, according to the Court, are shared by
individuals in the ordinary course of conduct for the purpose of
obtaining a driving </strong>l<strong>icense, voter id, passport,
examination admit cards, employment cards, and so on. Face photographs
by themselves reveal no information.</strong></p>
<p>Naturally, this pronouncement of the Apex Court is a huge boost for the introduction of AFRS in India.</p>
<p>Abroad, however, on 4 September 2019, in <a href="https://www.judiciary.uk/wp-content/uploads/2019/09/bridges-swp-judgment-Final03-09-19-1.pdf">Edward Bridges v. Chief Constable of South Wales Police</a>, a Division Bench of the High Court in England and Wales heard a challenge against an AFRS introduced by law enforcement (<em>see</em>
Endnote 1). The High Court rejected a claim for judicial review holding
that the AFRS in question does not violate inter alia the right to
privacy under Article 8 of the European Convention of Human Rights
(‘ECHR’).</p>
<p>According to the Court, the AFRS was used for specific and limited
purposes, i.e., only when the image of the public matched a person on an
existing watchlist. The use of the AFRS was therefore considered a
lawful and fair restriction.</p>
<p>The Court, however, acknowledged that extracting biometric data
through AFRS is “well beyond the expected and unsurprising”. This seems
to be a departure from the Indian Supreme Court’s observation in
Puttaswamy II that there is no reasonable expectation of privacy over
biometric data in the context of ABBA, and may be a wiser approach for
the Indian courts to adopt.</p>
<h6><strong>Endnote </strong></h6>
<p>1. The challenge was put forth by Edward Bridges, a civil liberties
campaigner from Cardiff for being caught on camera in two particular
deployments of the AFRS a) when he was at Queen Street, a busy shopping
area in Cardiff and b) when he was at the Defence Procurement, Research,
Technology and Exportability Exhibition held at the Motorpoint Arena.</p>
<p> </p>
<p>This was published by <a class="external-link" href="https://aipolicyexchange.org/2019/12/28/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns/">AI Policy Exchange</a>.</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns'>http://editors.cis-india.org/internet-governance/automated-facial-recognition-systems-afrs-responding-to-related-privacy-concerns</a>
</p>
No publisherArindrajit Basu, Siddharth SonkarCybersecurityCyber Securityinternet governanceInternet Governance2020-01-02T14:09:14ZBlog EntryA Critical Look at the Visual Representation of Cybersecurity
http://editors.cis-india.org/internet-governance/blog/paromita-bathija-padmini-ray-murray-and-saumyaa-naidu
<b>The Centre for Internet and Society and design collective Design Beku came together on the 15th of November for a workshop on Illustrations and Visual Representations of Cybersecurity. Images in the public sphere such as visuals in the media, Wikipedia commons, and stock images - play a vital role in the public’s perception of cybercrime and cybersecurity. </b>
<ul>
<li>Edited by Karan Saini / Illustrations by - Paul Anthony George, and Roshan Shakeel</li></ul>
<ul>
<li>Download the <a class="external-link" href="https://cis-india.org/internet-governance/files/critical-look-at-visual-representation-of-cybersecurity/">file here</a></li></ul>
<hr />
<p style="text-align: justify;">The existing imagery comprises of largely stereotypical images of silhouettes of men in hoodies, binary codes, locks, shields; all in dark tones of blue and green. The workshop aimed at identifying the concerns with these existing images and ideating on creating visuals that capture the nuanced concepts within cybersecurity as well as to contextualise them for the Global South. It began with a discussion on the various concepts within cybersecurity including disinformation, surveillance in the name of security, security researchers, regulation of big technology companies, gender and cybersecurity, etc. This was followed by a mapping of different visual elements in the existing cybersecurity imagery to infer the biases in them. Further, an ideation session was conducted to create alternate visualisations that counter these biases. A detailed report of the workshop can be read <a href="https://cis-india.org/internet-governance/workshop-on-cyber-security-illustrations">here</a>.</p>
<p style="text-align: justify;">The participants began by discussing the concerning impacts of present visualisations – there is a lack of representation and context of the global south. Misrepresentation of cybersecurity leads people to be susceptible to disinformation, treats cybercrime as an abstract concept that does not have a direct impact, and oversimplifies the problem and its solutions. The ecosystem in which this imagery exists also presented a larger issue. A majority of the images are created as clickbait alongside media articles. Media houses thus benefit from the oversimplification and mystification of cybersecurity in such images.</p>
<p style="text-align: justify;">Through the mapping of existing images present online, several concerns were identified. The vague elements and unclear representation add to the mystification of cybersecurity as a concept. In present depictions, the use of technological devices and objects, leads to the lack of a human element, distancing the threat from any real impact to people using these devices. The metaphor of a physical threat is often used to depict cybersecurity using elements such as a lock and key. Recurring use of these elements gives a false idea of what is being secured or breached and how. Representations rely on tropes regarding the identity of hackers, and fail to capture the vulnerability of the system. The imagery gives the impression that systems which are breached are immensely secure to begin with and are compromised only as a result of sophisticated attacks carried out by malicious actors. The identity of hackers is commonly associated with cyber attacks and breaches, and the existing imagery reinforces this. Visuals showing a masked man or a silhouette of a man in dark background are the usual markers of a malicious hacker in conventional cybersecurity imagery. While there is a lack of representation of women in stock cybersecurity images, another trope found was that of a cheerful woman coder. There were also images of faceless women with laptops<a name="_ftnref1" href="#_ftn1"><sup><sup>[1]</sup></sup></a>. The reductive nature of these images point to deeper concerns around gender representation in cybersecurity.</p>
<p style="text-align: justify;">The participants examined what the implications of such visual representation would be, and why there is a need to change the imagery. How can visual depictions be more representative? Can they avoid subscribing to a homogenised idea of an Indian context – specific without being reductive? Can better depiction broaden understanding of cybercrime and emphasize the proximity of those threats? With technology, concepts are often understood through metaphors – how data is explained impacts how people perceive it. Visual imagery can play a critical role in demystifying concepts when done well; illustrations can change the discourse. They must begin to incorporate intersecting aspects of gender, privacy, susceptibility of vulnerable populations, generational and cultural gaps, as well as manifestations of the described crimes to make technological laypersons more aware of the threat.</p>
<p style="text-align: justify;">Potential new imagery would need to address aspects such as disinformation, the importance of privacy and who has a right to it, change representation of hackers, depict the cybersecurity community, explain specific concepts to both – the general user and to the people part of cybersecurity efforts in the country, the implications of cybercrime on vulnerable populations, and more in an attempt to deconstruct and disseminate what cybersecurity looks like today.</p>
<p style="text-align: justify;">The ideation session involved rethinking specific concepts such as disinformation, and ethical hacking to create alternate imagery. For instance, disinformation was visually imagined as a distortion of an already distorted message being perceived by the viewer. In order to bring attention to the impact of devices, a phone was thought of as a central object to which different concepts of cybersecurity can be connected.</p>
<p style="text-align: justify;"><img src="http://editors.cis-india.org/home-images/FakeNewsCascade.jpg" alt="null" class="image-inline" title="Fake News Cascade" /></p>
<p><em>‘Fake News Cascade’ by Paul Anthony George</em></p>
<p><img src="http://editors.cis-india.org/home-images/FakeNews.jpg" alt="null" class="image-inline" title="Fake News" /></p>
<p><em>‘Fake News’ by Paul Anthony George</em></p>
<p><img src="http://editors.cis-india.org/home-images/Disinformation1.jpg" alt="null" class="image-inline" title="Disinformation 1" /></p>
<p><img src="http://editors.cis-india.org/home-images/Disinformation2.jpg" alt="null" class="image-inline" title="Disinformation 2" /></p>
<p><em>‘Disinformation/ Fake News’ by Roshan Shakeel; The sketch is about questioning the validity of what we see online, and that every message we see is constructed in some form or the other by someone else.</em></p>
<p><em><img src="http://editors.cis-india.org/home-images/Disinformation3.jpg" alt="null" class="image-inline" title="Disinformation 3" /></em></p>
<p><em>‘Disinformation/ Fake News’ by Roshan Shakeel; </em>The sketch visualizes how the source of information ('the original') gets distorted after a certain point.</p>
<p>For ethical hacking, a visualisation depicting a day in the life of an ethical hacker was thought of to normalize hacking and to focus on their contribution in security research.</p>
<p><img src="http://editors.cis-india.org/home-images/ADayinLife.jpg" alt="null" class="image-inline" title="A Day in Life" /></p>
<p><em>‘A Day in the Life of an Indian Hacker’ by Paul Anthony George</em></p>
<p><em><img src="http://editors.cis-india.org/home-images/SurveillanceinthenameofSecurity.jpg" alt="null" class="image-inline" title="Surveillance in the name of Security" /></em></p>
<p><em>'Surveillance in the Name of Security' by</em> <em>Roshan Shakeel</em></p>
<p style="text-align: justify;">Resources on ethical hacking (HackerOne)<a name="_ftnref2" href="#_ftn2"><sup>[2]</sup></a> and hacker culture (2600.com)<a name="_ftnref3" href="#_ftn3"><sup>[3]</sup></a> were also consulted as part of the exercise to gather references on the work done by hackers. This allowed a deeper understanding of how the hacker community depicts itself. Check Point Research<a name="_ftnref4" href="#_ftn4"><sup>[4]</sup></a> and Kerala Police Cyberdome<a name="_ftnref5" href="#_ftn5"><sup>[5]</sup></a> were also examined for further insight into cybersecurity. With regard to gender representation, sources that use visual techniques to communicate concerns and advocacy campaigns were also referred to. The Gendering Surveillance<a name="_ftnref6" href="#_ftn6"><sup>[6]</sup></a> initiative by the Internet Democracy project<a name="_ftnref7" href="#_ftn7"><sup>[7]</sup></a>, which looks at how surveillance harms and restricts women, also offered insights on the use of illustrations supporting the case studies. Another reference was the "Visualising Women's Rights in the Arab World"<a name="_ftnref8" href="#_ftn8"><sup>[8]</sup></a> project by the Tactical Technology Collective<a name="_ftnref9" href="#_ftn10"><sup>[9]</sup></a>. The project aims to “strengthen the use of visual techniques by women's rights advocates in the Arab world, and to build a network of women with these skills”.<a name="_ftnref10" href="#_ftn10"><sup>[10]</sup></a></p>
<p style="text-align: justify;">More visual explainers and animations<a name="_ftnref11" href="#_ftn11"><sup><sup>[11]</sup></sup></a> from the Tactical Technology Collective were noted for their broader engagement with digital security and privacy. A video by the Internet Democracy Project that explains the Internet through <em>rangoli</em><a name="_ftnref12" href="#_ftn12"><sup><sup>[12]</sup></sup></a>, was observed specifically for setting the concept in Indian context through the use of aesthetics.</p>
<p style="text-align: justify;">The workshop concluded with a discussion of potential visual iterations – imagery of cybersecurity that is not technology-oriented but focussed on the behavioural implications of access to such technology, illustrated public service announcements enhancing the profile of cybersecurity researchers or the everyday hacker. The impact of the discussion itself can indicate the relevance of such an effort. Artists and designers can be encouraged to create a body of imagery that shifts discourse and perception, to begin visualising for advocacy, demystify and stop the abstraction of cybercrime that can lead to a false sense of security, incorporate unique aspects of the debate within the Indian context, and generate new dialogue and understanding of cybersecurity. A potential step forward from this workshop would be to engage with the design community at large along with the domain experts to create more effective imagery for cybersecurity.</p>
<hr />
<p><a name="_ftn1" href="#_ftnref1"><sup><sup>[1]</sup></sup></a> https://www.hackerone.com/</p>
<p><a name="_ftn2" href="#_ftnref2"><sup><sup>[2]</sup></sup></a> https://2600.com/</p>
<p><a name="_ftn3" href="#_ftnref3"><sup><sup>[3]</sup></sup></a> https://research.checkpoint.com/about-us/</p>
<p><a name="_ftn4" href="#_ftnref4"><sup><sup>[4]</sup></sup></a> http://www.cyberdome.kerala.gov.in/</p>
<p><a name="_ftn5" href="#_ftnref5"><sup><sup>[5]</sup></sup></a> https://genderingsurveillance.internetdemocracy.in/</p>
<p><a name="_ftn6" href="#_ftnref6"><sup><sup>[6]</sup></sup></a> https://internetdemocracy.in/</p>
<p><a name="_ftn7" href="#_ftnref7"><sup><sup>[7]</sup></sup></a> https://visualrights.tacticaltech.org/index.html</p>
<p><a name="_ftn8" href="#_ftnref8"><sup><sup>[8]</sup></sup></a> https://tacticaltech.org/</p>
<p><a name="_ftn9" href="#_ftnref9"><sup><sup>[9]</sup></sup></a> https://visualrights.tacticaltech.org/content/about-website.html</p>
<p><a name="_ftn10" href="#_ftnref10"><sup><sup>[10]</sup></sup></a> https://tacticaltech.org/projects/survival-in-the-digital-age-ono-robot-2012/</p>
<p><a name="_ftn11" href="#_ftnref11"><sup><sup>[11]</sup></sup></a> https://internetdemocracy.in/2018/08/dots-and-connections/</p>
<p><a name="_ftn12" href="#_ftnref12"><sup><sup>[12]</sup></sup></a> https://www.independent.co.uk/life-style/gadgets-and-tech/features/women-in-tech-its-time-to-drop-the-old-stereotypes-7608794.html</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/paromita-bathija-padmini-ray-murray-and-saumyaa-naidu'>http://editors.cis-india.org/internet-governance/blog/paromita-bathija-padmini-ray-murray-and-saumyaa-naidu</a>
</p>
No publisherParomita Bathija, Padmini Ray Murray, and Saumyaa NaiduCyber SecurityInternet Governance2019-08-21T08:00:11ZBlog Entry50p and Digital Payments Masterclass Learning - CIS
http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis
<b>Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future. </b>
<p style="text-align: justify;" dir="ltr">Sunil Abraham, Saikat Dutta and Udbhav Tiwari from the CIS team attended 50p on the 24 and 25 of January 2017 in Bangalore, India. We had the following learnings from the event, which will shape our work in the digital finance and payments space in the future.</p>
<p style="text-align: justify;" dir="ltr"> </p>
<ol><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Historical Developments of Digital Payments Regulation in India - The historical development of the digital payments ecosystem in India, starting with mobile/SMS banking around 2004, focusing mostly on high-end consumers. The widely varying implementations across banks led to the RBI taking an active regulatory approach, beginning with the introduction of compulsory two factor authentication in the form of mandatory PIN usage for credit and debit cards. This move helped secure “card not present” (CNP) transactions, which in turn allowed the e commerce, online streaming services and other digital services to rapidly gain customers. This serves as an example of how simple, targeted and uniformly imposed regulations can help secure widely used digital payment modes, securing customers while expanding opportunities for businesses. The Watal Committee report has also stressed on how the the industry and consumers alike, in the medium term, will benefit from focused sectoral regulation for the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="2"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Expansion in the Modern Digital Payments Industry - The digital payments industry has expanded from having three main stakeholders (banks, card issuing agencies and customers) in mid 2000s to over eight distinct entities who take part in the same payments chain. These include Digital Wallet Providers, Payment Gateways, Payment Processors, Ticketing or Payment Service Providers Billers, all of which are operate with millions of transactions per day. This not only increases the potential attack surface for possible attempts at compromising them but also governance under traditional banking regulations difficult for the regulatory authority. The introduction of BBPS (Bharat Bill Pay System) to integrate the thousands of local utility bill payment system in India, into one centrally administered programme, is just one example of the vast amounts of data being generated (and integrated) by the digital payments industry. Therefore, the need for unique FinTech regulations and standards (maybe even a regulator) to handle the rapidly expanding and critical industry is quite strong in the booming space in India.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="3"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">UPI - The Unified Payments Interface (UPI) is a set of standards that allow for a single application to connect to and control multiple bank accounts (of participating banks), allowing users to use several banking services such as funds transfer (P2P), merchant payments, etc. Initially launched in August, 2016 with support from 16 banks and is gaining rapid acceptance among users, businesses and payment providers alike. While built on the same technological underpinnings as the IMPS system, the UPI standard allows for a wide variety of data, including credit scores, Aadhaar numbers and geographical location to be transmitted. While the standard itself seems reasonably secure, its diverse and closed source implementation allow for the usual closed source development risks of security and unresolved bugs. It is stipulated to become the most widely used digital transaction protocol in India and the backbone of the FinTech industry due to its interoperability and regulatory acceptance. A set of security guidelines and practices that allow for a uniform, secure and auditable implementation of the UPI standard as well as its operational usage will aid in faster and more secure development of the standard while simultaneously protecting consumer interest.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<ol start="4"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">Need for Consumer Advocacy - The need for educating consumers about the technical operations of the digital payments industry, best practices to maximise user facing security and strategies for effective dispute redressal were tagged as key focus areas by various groups. The inadequacy of the Consumer Protection Act to deal with the labyrinth of digital payments and the relative lack of liability and breach notification laws (especially in the non-banking finance companies sector) have lead to bargaining power in consumer contracts to fall in the favour of the digital payments industry. While initiatives such as Cashless Consumer are attempting to rectify this, sustained and well planned initiatives implemented in a diverse and multi-lingual manner will be needed to keep up with the rapid pace of expansion in the industry and is burgeoning user base. Incidental benefits of such programmes (an increase in the demand for data protection and privacy aware practices) will also serve to further consumer interest in a manner that will have a positive impact outside the FinTech industry.</p>
</li></ol>
<p style="text-align: justify;" dir="ltr"> </p>
<p><span id="docs-internal-guid-a0d03bdc-abb4-587e-0c9f-186a5b07117c"></span></p>
<ol start="5"><li style="list-style-type: decimal;" dir="ltr">
<p style="text-align: justify;" dir="ltr">USSD - The recent push towards USSD based banking, which allows banking transactions to be carried using feature phones, has led to various concerns regarding its security, reliability and implementation. The varying levels of GSM encryption in the providers in India, the lack of open standards (such as HTTPS for Internet Banking) that allow consumers to verify security and the rapid but untested implementation by most banks have led to some players raising doubts about the possibility of exploitation of the particularly vulnerable section of users that will use USSD banking. The need for a detailed investigation into current practices, open and auditable standards unique to USSD banking in India and regulations that mandate a minimum level of compliance was expressed by multiple stakeholders.</p>
</li></ol>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis'>http://editors.cis-india.org/internet-governance/50p-and-digital-payments-masterclass-learning-cis</a>
</p>
No publisherUdbhav TiwariFinancial TechnologyDigital PaymentBankingBitcoinDigital MoneyCyber Security2017-06-15T12:29:52ZBlog Entry11th India Knowledge Summit 2013
http://editors.cis-india.org/news/eleventh-india-knowledge-summit-2013
<b>The Associated Chambers of Commerce and Industry in India (ASSOCHAM) is organizing the 11th Knowledge Summit 2013 in Hotel Shangri-La, New Delhi on October 14 and 15, 2013. The Centre for Internet and Society is supporting this event.</b>
<hr />
<p style="text-align: justify; ">Click to read the original <a class="external-link" href="http://www.assocham.org/events/showevent.php?id=888">published by ASSOCHAM here</a> , <a class="external-link" href="http://www.assocham.org/downloads/?filename=11th-India-Knowledege-Summit-Tentative-Agenda.docx">read the tentative agenda here</a> and the <a class="external-link" href="http://www.assocham.org/docs/11th-Konwledge-Summit-CyberSecurityBrochure_13.pdf">event brochure here</a>.</p>
<hr />
<p style="text-align: justify; ">The lack of a national-level doctrine has created an environment where we are entirely reactive in our cyber posture. Indeed, battlefield transcends physical borders and boundaries. The power of a nation-state is not required to inflict widespread damage to critical infrastructure systems; a single malicious actor can wreak havoc. The starkest difference, however, is that today both the private sector and individual citizens have unprecedented access to a myriad of infrastructure systems that can provide entry into sensitive systems – yet they are largely unaware of, and unaccountable for, their responsibilities in defending them.</p>
<p style="text-align: justify; ">As cyber networks rapidly transition from a mere utility to the undercurrent of our entire societal infrastructure, this reliance becomes a vulnerability. The modern Cyber Era demands a national-level doctrine that can be adopted by government agencies, armed forces, private sector organizations and individual citizens alike to establish a collective sense of purpose for our Cyber Security.</p>
<p style="text-align: justify; ">The Chamber is providing a forum to bring executive leaders, policymakers and academia together with the scientists and practitioners that intimately understand cyber technology to collaborate and begin a debate about the complex issues.<span> </span></p>
<p style="text-align: justify; ">The time has come when we should consider not only the military impact of the new cyber world, but also what role cyber defense will hold in shaping the future of our country’s economy, education, foreign affairs policies and critical infrastructure initiatives. Only then can our government, industry, and private citizens align under common goals to shape a safe and prosperous future.</p>
<p style="text-align: justify; ">ASSOCHAM India's Apex Chamber for Commerce & Industry was set up in 1920. Today the Chamber is proud to have more than 450,000 Companies as it's esteemed Member which includes many of the big global technology companies.</p>
<p style="text-align: justify; ">ASSOCHAM is privileged to be a Member of the <b>“Cyber Regulation Advisory Committee” </b>set up by <b>Ministry of Communications and IT, </b>and the <b>Joint Working Group (JWG) on Cyber Security </b>set up by the <b>National Security Council Secretariat, </b>Government of India.</p>
<p style="text-align: justify; ">The ASSOCHAM’s flagship program the Annual <b>INDIA KNOWLEDGE SUMMIT, </b>organized since 1999 has been Addressed in the past by Noble Laureates, as the Distinguished ‘Key Note Speaker’ including – Dr. Craig Venter, Sir Harry Kroto, Prof. Aaron Ciechanover, Dr. Raj Reddy, Dr. A P J Abdul Kalam, Dr. Kirsty Duncan, Prof. John A Pickett to name a few.</p>
<p style="text-align: justify; ">This year the <b>11th INDIA KNOWLEDGE SUMMIT </b>is being organized from <b>14-15 October, 2013 in Hotel </b><b>Shangri-La, New Delhi.</b></p>
<p style="text-align: justify; ">The Theme for this year’s Summit is <b>“Cyber Era - Securing the Future”</b>.</p>
<p align="left"><b>Registration Fees: </b></p>
<blockquote><b>International Delegates</b>: $ 200/- for both days<b><br />Indian Delegates</b>: Rs. 5,000/- per day<b><br />Students</b>: Rs. 2,000/- per day
<p>The Delegate Registration Fee include:<br /> Tea & Coffee<br /> Copy of Background Paper / <br /> Copy of Workshop Study Material</p>
</blockquote>
<p align="left"><b>For more details please contact: </b></p>
<blockquote>
<p>Ajay Sharma, Senior Director, M: 9899188488 , eMail: <a href="mailto:ajay.sharma@assocham.com">ajay.sharma@assocham.com</a><br /> Varun Aggarwal, Joint Director, M: 9910613815 , eMail: <a href="mailto:varun.aggarwal@assocham.com">varun.aggarwal@assocham.com</a><br /> Himanshu Rewaria, Executive, M: 9654251077 , eMail: <a href="mailto:himanshu.rewaria@assocham.com">himanshu.rewaria@assocham.com</a><br /> Sahil Goswami Executive, M: 9871962311 , eMail: <a href="mailto:sahil.goswami@assocham.com">sahil.goswami@assocham.com</a><br /><br /> <b>Corporate Office</b><br /> The Associated Chambers of Commerce and Industry of India<br /> ASSOCHAM Corporate Office, 5, Sardar Patel Marg<br />Chanakyapuri, New Delhi – 110021<br /> Phone: 46550555 (Hunting Line)<br /> Fax: 01123017008/9<br /> <br /> Email: <a class="newslink" href="mailto:assocham@nic.in">assocham@nic.in</a></p>
</blockquote>
<p>
For more details visit <a href='http://editors.cis-india.org/news/eleventh-india-knowledge-summit-2013'>http://editors.cis-india.org/news/eleventh-india-knowledge-summit-2013</a>
</p>
No publisherpraskrishnaCyber SecurityInternet Governance2013-09-26T07:15:29ZNews Item'Ethical Hacker' Saket Modi Calls for Stronger Cyber Security Discussions
http://editors.cis-india.org/internet-governance/blog/saket-modi-calls-for-stronger-cyber-security-discussions
<b>Twenty-two year old Saket Modi is the CEO and co-founder of Lucideus, a leading cyber security company in India which claims to have worked with 4 out of 5 top global e-commerce companies, 4 out of 10 top IT companies in the world, and 3 out of 5 top banks of the Asia Pacific. </b>
<hr />
<p style="text-align: justify; "><i>This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC</i></p>
<hr />
<p style="text-align: justify; ">At the Confederation of Indian Industry (CII) conference on July 13, titled “<a href="http://editors.cis-india.org/internet-governance/blog/cii-conference-on-act" class="external-link">ACT – Achieving Cyber-Security Together</a>,” Modi as the youngest speaker on the agenda delivered an impromptu talk which lambasted the weaknesses of modern cyber security discussions, enlightened the audience on modern capabilities and challenges of leading cyber security groups, and ultimately received a standing ovation from the crowd. As a later speaker commented, Modi’s controversial opinions and practitioner insight had "set the auditorium ablaze for the remainder of the evening". Since then the Centre for Internet and Society (CIS) has had the pleasure of interviewing Saket Modi over Skype.</p>
<p style="text-align: justify; ">It is quite easy to find accounts of Saket Modi's introduction into hacking just by typing his name in the search engine. Faced with the pressure of failing, a teenage Saket discovered how to hack into his high school Chemistry teacher’s test and answer database. After successfully obtaining the answers, and revealing his wrong doings to his teacher, the young man grew intrigued by the possibilities of hacking. "I thought, if I could do this in a couple hours, four hours, then what might I be able to do in four days, four weeks, four months?"</p>
<p style="text-align: justify; ">Nowadays, Modi describes himself and his Lucideus team as "ethical hackers", a term recently espoused by hacker groups in the public eye. As opposed to "hacktivists", who utilize hacking methods (including attacks) to achieve or bring awareness to political issues, ethical hackers claim to exclusively use their computer skills to support defenses. At first, incorporation of <i>ethics</i> into a for-profit organization’s game plan may seem confusing, as it leaves room for key questions, like how does one determine which clients constitute ethical business? When asked, however, Modi clarifies by explaining how the ethics are not manifest in the entities Lucideus supports, but instead inherent in the choice of building defensive networks as opposed to using their skills for attack or debilitation. Nevertheless, considerations remain as to whether supporting the cyber security of some entities can lead to the insecurity of others, for example, strengthening the agencies which work in covert cyber espionage. On this point, Modi seems more ambivalent, saying "it depends on a case by case basis". But he still believes cyber security is a right that should be enjoyed by all, "entitled to [you] the moment you set foot on the internet".</p>
<p style="text-align: justify; ">As an experienced professional in the field who often gives input on major cyber policy decisions, Modi emphasizes the necessity of youth engagement in cyber security practice and policy. He calls his age bracket the “web generation,” those who have “grown with technology.” According to Modi, no one over 50 or 60 years of age can properly meet the current challenges of the cyber security realm. It is "a sad thing" that those older leaders carry the most power in policy making, and that they often have problems with both understanding and acceptability of modern technological capabilities. For the public, businesses, and also government, there are misconceptions about the importance of cyber security and the extent of modern cyber threats, threats which Modi and his company claim to combat regularly. "About 90 per cent of the crimes that take place in cyber space are because of lack of knowledge, rather than the expertise of the hacker,” he explains. Modi mentions a few basic misconceptions, as simple as, "if I have an anti-virus, my system is secured" or "if you have HTTPS certificate and SSL connection, your system is secured". “These are like wearing an elbow guard while playing cricket,” Modi tells. “If the ball comes at the elbow then you are protected, but what about the rest of the body?”</p>
<p style="text-align: justify; ">This highlights another problem evident in India’s current cyber security scene, the problem of lacking “quality institutes to produce good cyber security experts.” For example, Modi takes offence at there not being “a single institute which is providing cyber security at the undergraduate level [in India].” He alludes to the recently unveiled National Cyber Security Policy, specifically the call for five lakh cyber security experts in upcoming years. He calls this “a big figure,” but agrees that there needs to be a lot more awareness throughout the nation. “You really have to change a lot of things,” he says, “in order to get the right things in the right place here in India.”</p>
<p style="text-align: justify; ">When considering citizen privacy in relation to cyber security, and the relationship between the two (be it direct or inverse), Saket Modi says the important factor is the governing body, because the issue ultimately resolves to trust. Citizens must trust the “right people with the right qualifications” to store and protect their sensitive data, and to respect privacy. Modi is no novice to the importance of personal data protection, and his company works with a plethora of extremely sensitive information relating to both their clients and their clients’ clients data, so it operates with due care lest it create a “wikileaks part two.”</p>
<p style="text-align: justify; ">On internationalization and cyber security, he views the connection between the two as natural, intrinsic. “Cyberspace has added a new dimension to humanity,” says Modi, and tells how former constructs of physical constraints and linear bounds no longer apply. International cooperation is especially pertinent, according to Modi, because the greatest challenge for catching today’s criminal hackers is their international anonymity, “the ability to jump from one country to the other in a matter of milliseconds.”</p>
<p style="text-align: justify; ">With the extent of the challenges facing cyber defense specialists, and with the somewhat disorderly current state of Indian cyber security, it is curious to see that Saket Modi has devoted himself to the "ethical" side of hacking. Why hasn’t he or the rest of the Lucideus team resorted to offensive hacking, since Modi claims the majority of cyber attacks of the world who are committed by people also fall between the ages of 15 and 24? Apparently, the answer is simple. “We believe in the need for ethical hacking,” he defends. “We believe in the purpose of making the internet safer.”</p>
<p>
For more details visit <a href='http://editors.cis-india.org/internet-governance/blog/saket-modi-calls-for-stronger-cyber-security-discussions'>http://editors.cis-india.org/internet-governance/blog/saket-modi-calls-for-stronger-cyber-security-discussions</a>
</p>
No publisherkoveyCyber SecurityInternet GovernancePrivacy2013-08-05T13:11:08ZBlog Entry