Centre for Internet and Society

UNESCO Internet Universality Indicators consulted at the 8th Asia Pacific Regional Internet Governance Forum

praskrishna — 2017-08-23T02:05:44Z

“Internet Universality indicators should measure broad social implications of the Internet and serve as a powerful tool to foster sustainable development,” was a strong message delivered by Asia-Pacific stakeholders at UNESCO consultation to develop Internet Universality indicators during the 8th Asia Pacific Regional Internet Governance Forum (APrIGF) in Bangkok (Thailand), 29 July 2017.

This was published by UNESCO on August 9, 2017.

The Bangkok consultation event, co-moderated by Ms. Xianhong Hu (UNESCO) and Ms. Chat Garcia Ramilo (Association for Progressive Communications, APC), brought multi-stakeholders and experts from the Asia Pacific region to contribute to prioritizing issues within the five categories indicators along the Internet Universality R.O.A.M principles, namely on human Rights, Openness, Accessibility, Multi-stakeholder participation, as well as concerning Crosscutting issues.

“Rights entail a number of digital rights including freedom of religious and political expression and right to assembly and association online. Privacy concerns on the Internet are extremely important as well”, stated Ms Gayatri Khandahi from APC on human Rights indicators. In addition, she noted the importance of social and economic rights exercised on the Internet, such as the right to work and the right to political participation, and the jurisdiction challenges of these rights in the pretext of Internet. She emphasized the need to consult also with vulnerable groups, such as women, trans-gender groups and migrants.

Dr. Anja Kovacs from Internet Democracy Project pointed out that rights have impact on other themes or indicators, for instance online abuse of women impacts access in India. She also noted that in the course of developing these indicators, it is crucial to take into account future trends because digital rights are evolving and these indicators might not be useful in 10 years.

“Open Internet is a top concern since it is being limited by many localized requirements. Thus openness requires open and transparent policy and decision making process which is at the core of multi-stakeholder approach”, commented by Prof. Xue Hong from Beijing Normal University on Openness indicators. She suggested “open access” needs to consider people’s various barriers to access Internet, including legal barriers. She suggested that “open source”, “open innovation” and “open market” are also important aspects to measure the level of openness.

On Accessibility indicators, Mr Winston Roberts from the International Federation of Library Associations & Institutions (IFLA) suggested that the definition of universal access needs to be updated and access in various forms can be used as an indicator, such access to broadband. He stressed the importance to include quality access and access in rural areas.

“Access and accessibility should be defined clearly. Access should include indicators to assess quality of service and openness should include assessment of the market”, stated Ms. Bishakha Datta. Mr. Naveed Haq from Internet Society suggested those accessibility indicators could check how many government websites are available to people with disabilities.

“Internet is a classic example where various communities are represented and thus multistakeholderism becomes important”, said Mr. Naveed Haq from Internet Society on Multistakeholder indicators. Mr. Sunil Abraham from Center for Internet Society raised challenges that the government needs to deregulate policies and laws and redo them with a multi-stakeholder process, but on the other hand, private sectors fail to mitigate harm through the self-regulatory model. Mr. Joyce Chen, ICANN representative, highlighted the importance to engage with governments, who need to facilitate more dialogue.

“The rights and interest of those vulnerable groups, such as transgender and women should be considered by the indicators, particularly to assess how rights, such as the right to privacy intersect with their agenda”, suggested by Ms. Bishakha Datta from Point of View on Crosscutting dimension indicators. Dr Anja Kovacs pointed out that it is crucial not miss out groups of people whose interests might not be directly aligned with their governments, for instance refugees or migrants.”

In addition to the ongoing on-site Multistakeholder consultation sessions, UNESCO is now also offering the possibility for interested actors, including Member States, to participate in the consultation online at https://en.unesco.org/internetuniversality.

As an ongoing project developed by UNESCO, Internet Universality Indicators aims to serve as a recognized and authoritative global research tool for national assessing Internet development along the lines of UNESCO’s Internet Universality concept as endorsed by UNESCO 38^th General Conference in 2015. The final indicators will be presented in 2018 and will be submitted to the UNESCO Member States in the International Programme for the Development of Communication (IPDC) for endorsement.

For more details visit http://editors.cis-india.org/internet-governance/news/unesco-internet-universality-indicators-consulted-at-the-8th-asia-pacific-regional-internet-governance-forum

July 2017 Newsletter

praskrishna — 2017-08-23T02:03:19Z

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
In an article published in the Huffington Post on July 1, 2017, Nirmita Narasimhan stated that imposing taxes on assistive devices is unfair. It is unconscionable that disability aids and assistive technology are considered a luxury and taxed at a higher rate than rough semi-precious stones or cashew nuts. A research paper on patent working requirements and complex products in India authored by Prof Jorge L. Contreras, University of Utah, and Rohini Lakshané, CIS has been accepted for publication in the Jindal Global Law School Law Review 2017. Negotiators from 16 countries met in Hyderabad for discussing a free trade agreement titled Regional Comprehensive Economic Partnership. Anubha Sinha along with Arul George Scaria reported this in an article published by Live Law.in. Supreme Court of India while dismissing an appeal by the Indian Reprographic Rights Organization ruled that there was no copyright infringement and no licence was required since the activities fell under the education exception in Indian copyright law. In an article published by EIFL, Anubha Sinha discusses the judgment and what it means for access to educational materials in India. Odia Wikipedians, in conjunction with Indian Athletics Federation and Sports and Youth Services collaborated to document the 2017 Asian Athletics Championships. Hundreds of photos were uploaded and new Wikipedia content added to inform the event’s fans, wrote Sailesh Patnaik and Jnanaranjan Sahu in a blog post. As recently as May 27, 2016, the General Data Protection Regulation (REGULATION (EU) 2016/679 was adopted The Data Protection Directive (1995/46/EC) will be replaced by this Regulation. It is expected that under this Regulation data privacy will be strengthened. Aditi Chaturvedi analyses the developments in a report.

CIS in the news:

UIDAI declining multiple requests by police to share Indian citizens’ biometrics (Justin Lee; Biometrics; July 4, 2017).
Act now to protect yourself against future ransomware attacks (Sanjay Kumar Singh; Business Standard; July 5, 2017).
Reliance Jio data leaked on website : report (Livemint; July 10, 2017).
Supreme Court sets up constitution bench to hear Aadhaar privacy issues (Priyanka Mittal; Livemint; July 12, 2017).
Centre to form panel to 'encrypt' MGNREGA-DBT database and prevent leaks (Sanjeeb Mukherjee; Business Standard; July 14, 2017).
Calls for law change after Indians left in dark over data leaks (Rahul Bhatia and Sankalp Phartiyal; Reuters; July 14, 2017).
Indians Call For More Stringent Data Protection Laws (PYMTNS; July 17, 2017).
Social Activist Alleges Threat By Police Officer Over Possession of Aadhaar (Gaurav Vivek Bhatnagar; Wire; July 16, 2017).

Aadhaar privacy: Key issues that all Aadhaar card holders should bear in mind (Business Today, July 19, 2017).
Data in the open makes it easy for cyber criminals (Kiran Parashar KM; New Indian Express; July 26, 2017).

CIS members wrote the following articles

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).
Course Packs for Education Ruled Legal in India (Anubha Sinha; EIFL; July 12, 2017).
Digital native: Not only words (Nishant Shah; Indian Express; July 16, 2017).
Aadhar: Privacy is not a unidimensional concept (Amber Sinha; Economic Times; July 23, 2017).
RCEP IP Chapter: A Serious Threat to Access to Knowledge/ Cultural Goods? (Arul George Scaria and Anubha Sinha; July 27, 2017).
Digital native: Ever on the go (Nishant Shah; Indian Express; July 30, 2017).

-------------------------------------
Accessibility & Inclusion
-------------------------------------
India has an estimated 70 million persons with disabilities who don't have access to read printed materials due to some form of physical, sensory, cognitive or other disability. As part of our endeavour to make available accessible content for persons with disabilities, we are developing a text-to-speech software in 15 languages with support from the Hans Foundation. The progress made so far in the project can be accessed here.

Article

Why GST Is A Step Backward For The Disabled (Nirmita Narasimhan; Huffington Post; July 1, 2017).

-----------------------------------
Access to Knowledge
-----------------------------------
Our Access to Knowledge programme currently consists of two projects. The Pervasive Technologies project, conducted under a grant from the International Development Research Centre (IDRC), aims to conduct research on the complex interplay between low-cost pervasive technologies and intellectual property, in order to encourage the proliferation and development of such technologies as a social good. The Wikipedia project, which is under a grant from the Wikimedia Foundation, is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

►Pervasive Technologies and Copyright

Research Paper

Patent Working Requirements and Complex Products: An Empirical Assessment of India's Form 27 Practice and Compliance (Jorge L. Contreras and Rohini Lakshané; SSRN and Jindal Global Law School Review; July 17, 2017).

Participation in Event

19th RCEP Meeting (Organized by Ministry of Commerce, Government of India; July 17 - 28, 2017; Hyderabad). Anubha Sinha participated in the meeting.

►Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Note: The events were organized earlier but reports were published in July 2017:

Christ University Wikipedia Education Program Internship (Manasa Rao and Ananth Subray; July 5, 2017).
Christ University Wikipedia Education Program Faculty Orientation Report (Ananth Subray; July 7, 2017).
How It Came To Be: Wiki Loves Uniformed Services (Krishna Chaitanya Velaga; July 10, 2017).
Tallapaka Pada Sahityam is now on Wikisource (Pavan Santhosh; July 10, 2017).
Thematic Edit-a-thon at Yashawantrao Chavan Institute of Science, Satara (Subodh Kulkarni; July 11, 2017).
Asian Athletics Championships 2017 Edit-a-thon (Sailesh Patnaik and Jnanaranjan Sahu; July 31, 2017).

-----------------------------------

Internet Governance
-----------------------------------

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and IDRC) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on restrictions that the Indian government has placed on freedom of expression online.

►Privacy

Blog Entry

Data Protection: Understanding the General Data Protection Regulation (Aditi Chaturvedi; July 4, 2017).

Participation in Event

IViR Summer Course on Privacy Law and Policy (Organized by the University of Amsterdam; July 3 - 7, 2017; Amsterdam). Amber Sinha attended the course.

►Free Speech and Expression and Cyber Security

Participation in Events

OHD on Consultation Paper on Net Neutrality (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.
UNESCO Multistakeholder consultation at 8th Asia Pacific Regional Internet Governance Forum (APrIGF) (Organized by UNESCO; Bangkok; July 26 - 29, 2017). Sunil Abraham was a speaker. Vidhushi Marda also participated in the event.
Cybersecurity Workshop: Spotlight On GCCS 2017 (Organized by Global Partners Digital (GPD) and the Centre for Communication Governance at National Law University, Delhi, in collaboration with Digital Empowerment Foundation, Digital Asia Hub and Open Net Korea; Bangkok; July 25 - 27, 2017). Sunil Abraham was a speaker. Udbhav Tiwari and Vidushi Marda participated in the event.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Participation in Event

Workshop on Public Open Wi-Fi Pilot (Organized by Telecom Regulatory Authority of India; July 25, 2017). Pranesh Prakash was a speaker.

-----------------------------------
Researchers at Work
-----------------------------------
The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by an emerging need to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It aims to produce local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Event Organized

Dr. Prerna Prabhakar - Impact of Digitisation of Land Records in Rural India (CIS, New Delhi; July 7, 2017).

-----------------------------------

About CIS
-----------------------------------
The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with disabilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the reconfigurations of social and cultural processes and structures as mediated through the internet and digital media technologies.

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer and citizen rights on the Internet! Write a cheque in favour of 'The Centre for Internet and Society' and mail it to us at No. 194, 2nd 'C' Cross, Domlur, 2nd Stage, Bengaluru - 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit http://editors.cis-india.org/about/newsletters/july-2017-newsletter

Privacy Newsletter May - June 2017

praskrishna — 2017-07-20T14:11:11Z

For more details visit http://editors.cis-india.org/internet-governance/files/privacy-newsletter-may-june-2017.pdf

Privacy Newsletter March 2017

praskrishna — 2017-07-20T14:08:00Z

For more details visit http://editors.cis-india.org/internet-governance/files/privacy-newsletter-march-2017.pdf

Privacy Newsletter April 2017

praskrishna — 2017-07-20T14:03:37Z

For more details visit http://editors.cis-india.org/internet-governance/files/privacy-newsletter-april-2017.pdf

Privacy Newsletter February 2017

praskrishna — 2017-07-20T14:00:13Z

For more details visit http://editors.cis-india.org/internet-governance/files/privacy-newsletter-february-2017.pdf

Cyber Security Newsletter (September 2016 - June 2017)

praskrishna — 2017-07-20T13:45:18Z

For more details visit http://editors.cis-india.org/internet-governance/files/cyber-security-newsletter-september-16.pdf

Indians Call For More Stringent Data Protection Laws

praskrishna — 2017-07-18T13:36:49Z

The government is India is facing calls to establish better cybersecurity laws to protect consumers’ data after fears have crept up that Reliance Jio, the telecom startup in India, suffered a major data leak.

This report was published by PYMNTS on July 17, 2017. Pranesh Prakash was quoted.

According to a report in Reuters announcing the news, Jio denied the data leak took place, saying the names, telephone numbers and email addresses of Jio users that showed up on Magicpak, a website, were unauthentic. Its parent Reliance Industries said customers’ data was safe and protected.

But at the same time that it was issuing reassurances, Jio filed a complaint claiming unlawful access to its computer systems, reported Reuters. That discrepancy has led Indians to call for better laws for data protection for consumers.

“It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organization, in the report. “A rule to report breaches exists, but it is unenforceable. It says you’re not liable if you’re following reasonable security practices. What ‘reasonable’ means is not defined.”

Supporters of stronger data protection laws in India said that countries that have stronger cybersecurity laws on the books would have started an inquiry into what happened with Reliance Jio. They point to the data breach last week at Verizon. Verizon quickly responded with an explanation of what went down, how it occurred and how many customers’ data privacy it impacted.

“India is at a nascent stage. For good norms in Asia, look to Singapore. It’s been praised for not having cybersecurity issues by the UN,” Srinivas Kodali, an independent security researcher, said in the same Reuters report.

The report noted that in May there were two data privacy breaches of Indian companies with the records of 17 million Zomato customers being compromised. In another breach, as many as 135 million of India’s Aadhaar numbers had been stolen from government databases and placed online. Aadhaar numbers are similar to social security numbers.

For more details visit http://editors.cis-india.org/internet-governance/news/pymnts-july-17-2017-indians-call-for-more-stringent-data-protection-laws

June 2017 Newsletter

praskrishna — 2017-07-18T02:21:10Z

Welcome to the Centre for Internet & Society (CIS) newsletter for June 2017.

Dear readers,

Previous issues of the newsletters can be accessed here.

Highlights
CIS made a submission on the Goods and Services Tax (GST) that has come into force this year. In the submission assessed the impact of GST on persons with disabilities. Indian Patent Office updated the Guidelines for Examination of Computer Related Inventions. Anubha Sinha throws light on the updated guidelines in a blog post. She has clarified that the updated Guidelines take no concrete position to help clarify the ambiguity around patentability of software inventions in India. A strategic symposium on Marathi Wikipedia and its sister projects was conducted in April 2017. Subodh Kulkarni has shared the developments in a report. Compiled a compendium on cyber security from the Indian context. The document is a comprehensive source compiling all the cyber-security related regulations, policies, guidelines, notifications, executive orders, court rulings, etc. CIS commented on the renewal of the .NET Registry Agreement. CIS expressed its strong opposition to the proposed renewal. The comments were prepared by Vidushi Marda with inputs from Sunil Abraham and Pranesh Prakash. Harsh Gupta discussed "FAT ML (Fairness, Accountability, and Transparency in Machine Learning) for Lawyers and Lawmakers" at the CIS office in Delhi on June 29, 2017. Shyam Ponappa in an article in the Business Standard opined that broadband in India needs reforms for local manufacturing and for infrastructure expansion and utilisation

CIS in the news:

Aadhaar: Ushering in a Commercialized Era of Surveillance in India (Jyoti Panday; Electronics Frontier Foundation; June 1, 2017).
Privacy is culture specific, MNCs hit by Aadhaar, says TRAI chief (Pranav Mukul; Indian Express; June 1, 2017).
Centre brings in new safeguards following cases of Aadhaar data leaks on government websites (Nidhi Sharma; Economic Times; June 2, 2017).
New rules for govt agencies to ensure security of personal data (Komal Gupta; Livemint; June 2, 2017).
Explore money apps but watch your data (Shaikh Zoaib Saleem; Livemint; June 8, 2017).
New law to unlock data economy (Yuthika Bhargava; Hindu; June 9, 2017).
Placements at NUJS: Class of 2017 Scores 100% (Simran Sahni; Livelaw; June 10, 2017).
Why did Nandan Nilekani praise a Twitter troll? (Kiran Jonnalgadda; Indian Express; June 10, 2017).
Are biometrics hack-proof? (Shaikh Zoaib Saleem; Livemint; June 11, 2017).
GoldenEye ransomware attack hit operations at Pipavav Port, JNPT (Jyotika Sood and Utpal Bhaskar; Livemint; June 28, 2017).

CIS members wrote the following articles

Digital Native: In digiville attention is Currency (Nishant Shah; Indian Express; June 11, 2017).
Digital Native: On mute, the Voice of the People (Nishant Shah; Indian Express; June 24, 2017).

Submission

GST - A Barrier to Human Rights for Persons with Disabilities (Nirmita Narasimhan; June 24, 2017).

Participation in Events

WSIS Forum 2017 (Co-organized by ITU, UNESCO, UNCTAD and UNDP, in close collaboration with all UN agencies; Geneva; June 12 - 16, 2017). Nirmita Narasimhan was a speaker.
Digital Accessibility (Organized by National Informatics Centre; Bengaluru; June 17, 2017). Rakesh Paladugula, a web accessibility trainer and Nirmita Narasimhan made a presentation to scientists about digital accessibility.

►Copyright

Participation in Event

Fixing Copyright for Education (SCCR34 Side Event) (Communia, EIFL, Creative Commons, and PIJIP; June 7, 2017). Anubha Sinha was a speaker.

►Pervasive Technologies

Participation in Event

Preliminary Findings: Working Requirements for Complex Products under the Indian Patent System (Organized by O.P. Jindal University; New Delhi; June 10 - 11, 2017). Prof. Jorge Contreras gave a talk on a forthcoming paper.

►Wikipedia

Blog Entries

Train The Trainer 2017 (Manasa Rao; June 5, 2017).
Thematic Edit-a-thon at J.P.Naik Centre for Education & Development, Pune (Subodh Kulkarni; June 7, 2017).
Wiki Loves Mayabazaar (Pavan Santhosh; June 7, 2017).
Marathi Wikipedia Symposium at Gokhale Institute Of Politics & Economics (Subodh Kulkarni; June 7, 2017).
Digitisation, Wikimedia Commons and Wikisource Orientation Workshop at Vigyan Ashram, Pabal, Pune District (Subodh Kulkarni; June 7, 2017).

Note: The workshops for the above blog posts were held earlier but the reports were published during the month of June.

-----------------------------------

Internet Governance
-----------------------------------

►Cybersecurity

Blog Entry

Cybersecurity Compilation: Indian Context (Leilah Elmokadem and edited by Elonnai Hickok; June 18, 2017).

Participation in Events

2nd India Think Tank Forum (Organized by Observer Research Foundation; New Delhi; June 19 - 21, 2017). Udbhav Tiwari participated in the forum.
Second India China Think-Tank Forum (Organized by Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences; Beijing; June 22 - 27, 2017). Saikat Dutta represented an Indian think tank.

►Free Speech and Expression

Submission

Comments from the Centre for Internet and Society on Renewal of .NET Registry Agreement (Vidushi Marda, Sunil Abraham and Pranesh Prakash; June 6, 2017).

Participation in Events

ISEA 2017 (Organized by the University of Caldas, Manizales; Columbia; June 11 - 16, 2017). Sharat Chandra Ram was a panelist.
Freedom of Expression on the Internet : Possibilities and Challenges (Organized by Bolivar Technological University; Cartagena; June 29, 2017). Sharat Chandra Ram was a speaker.

►Privacy

Participation in Events

BIS LITD 17 Privacy Panel meeting (Organized by National School of India University; Bangalore; June 21, 2017). Udbhav Tiwari attended the meeting.
DSCI Best Practices Meet (Organized by Data Security Council of India; Bangalore; June 22 - 23, 2017). Udbhav Tiwari attended the meeting.

-----------------------------------
Telecom
-----------------------------------
CIS is involved in promoting access and accessibility to telecommunications services and resources, and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Newspaper Column

Broadband Reforms for Local Manufacturing (Shyam Ponappa; Business Standard; May 31, 2017 and Organizing India Blogspot; June 5, 2017).

Event Organized

CISxScholars Delhi - Harsh Gupta - FAT ML for Lawyers and Lawmakers (CIS; New Delhi; June 29, 2017). Harsh Gupta gave a talk.

-----------------------------------

► Follow us elsewhere

Twitter: http://twitter.com/cis_india
Twitter - Access to Knowledge: https://twitter.com/CISA2K
Twitter - Information Policy: https://twitter.com/CIS_InfoPolicy
Facebook - Access to Knowledge: https://www.facebook.com/cisa2k
E-Mail - Access to Knowledge: a2k@cis-india.org
E-Mail - Researchers at Work: raw@cis-india.org
List - Researchers at Work: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

► Request for Collaboration

For more details visit http://editors.cis-india.org/about/newsletters/june-2017-newsletter

Centre to form panel to 'encrypt' MGNREGA-DBT database and prevent leaks

praskrishna — 2017-07-14T10:46:45Z

Around 5 crore bank accounts of active MGNREGA workers yet to be seeded with Aadhaar.

The article by Sanjeeb Mukherjee was published in the Business Standard on July 14, 2017.

Alarmed over reports of ‘public disclosure’ of sensitive Aadhaar data through various portals and payment gateways, the Centre is in the process of appointing a high-powered panel of almost 20 experts to suggest ways and means through which data, particularly one which can be accessed through the MGNREGA-DBT platform can be encrypted.

Encryption, officials believe, would prevent the Aadhaar data and other related information from falling into wrong hands.

The need for proper encryption of Aadhaar data rose after the government made it mandatory for availing almost all benefits - be it school scholarships, payments of MGNREGA wages, identification of beneficiaries under mid-day meal scheme and even public distribution system along with others.

Ensuring cyber security has become all the more necessary as the Central government, in a notification issued last month, has made it mandatory for all bank accounts to be seeded with Aadhaar numbers by December 31, 2017, or else they would cease to be operational until the time the account holder furnishes his Aadhaar number.

This could seriously hamper payment of wages to MGNREGA workers because as per available information almost 5 crore active workers don’t have their bank accounts seeded with Aadhaar.

To complete the process before December 2017, the ministry of rural development has planned special Aadhaar camps to be held in villages from July 20 to September 2017.

Recently, a website published all confidential details of customers of a private telecom company including Aadhaar numbers and other information.

The breach was another instance of secure confidential information falling into public domain.

Officials of the panel, which would be headed by former NASSCOM head Kiran Karnik are expected to submit their report on the same within the next few months.

Other members of the panel include Director General of National Institute of Smart Governance (NISG), officials from Indian Computer Emergency Response Team (ICERT) and others.

However, cyber security experts believe that encrypting Aadhaar-DBT details mainly for those schemes and programmes which have a direct linkage with the public at this later stage has its own challenges as the entire ecosystem around Aadhaar has grown manifold ever since it was made mandatory for a variety of programmes.

Also, in the absence of a national encryption policy, such a move will have its own legal and regulatory challenges.

“Ever since the government made Aadhaar mandatory for many things, the entire ecosystem around it including the Central Identities Data Repository (the agency which stores Aadhaar data is exposed to leaks,” noted cyber law expert Pawan Duggal told Business Standard.

He said that without a proper national encryption law, it would be extremely challenging to provide legal and regulatory backing to encrypt all Aadhaar- DBT data details for MGNREGA. “Also now that the ‘cat is out of the bag,’ encryption of Aadhaar details will be hugely challenging,” Duggal said.

Already, civil society activists said that after some concern, the central government has removed all Aadhaar numbers and bank details from MGNREGA website, which has made tracking payments difficult.

A recent study by Amber Sinha and Srinivas Kodali from the Centre for Internet and Society (CIS) found that granular details about individuals including sensitive personally identifiable information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away through government schemes dashboard and portals.

“While initiatives such as the government open data portals may be laudable for providing easy access to government data condensed for easy digestion, however in the absence of proper controls exercised by the government departments the results can be disastrous by divulging sensitive and adversely actionable information about the individuals who are responding units of such databases,” the report said.

It specifically studied two major schemes of the ministry of rural development; the National National Social Assistance Programme and MGNREGA along with some state schemes.

Pointers

a) Centre to form a panel to encrypt all MGNREGA-DBT database to prevent leaks.

b) The panel might also suggest ways and means in which such ‘encryption’ could be applied in other platforms.

c) The panel is expected to be headed by former NASSCOM head Kiran Karnik.

d) The encryption is essential as from January 2018 all non-Aadhaar seeded bank accounts will cease to be operational unless the holders seed them.

e) A recent study found that vivid details about individuals can be easily accessed from government platforms and databases.

f) The MGNREGA database was one such publicly available platform which formed part of the study.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-sanjeeb-mukherjee-july-14-2017-centre-to-form-panel-to-encrypt-mgnrega-dbt-database-and-prevent-leaks

Supreme Court sets up constitution bench to hear Aadhaar privacy issues

praskrishna — 2017-07-14T10:55:04Z

The Supreme Court ‘s five-judge constitution bench will also decide if the Aadhaar privacy issue should be heard by a larger bench.

The article by Priyanka Mittal was published in Livemint on July 12, 2017. Sunil Abraham was quoted.

A five-judge constitution bench will hear arguments on 18-19 July as to whether Indian citizens have the right to privacy, and whether the Aadhaar unique identity project breaches the right.

Chief Justice of India (CJI) J.S. Khehar on Wednesday set the dates for the hearing by the constitution bench, which will decide whether the issue should be heard by a larger bench.

Should the five-judge bench decide to rule on the case itself and not refer it to a larger bench, it will decide the future of Aadhaar, which has become the backbone of government welfare programmes, the tax administration network and online financial transactions.

This will be based on whether the right to privacy is a fundamental right of Indian citizens.

Privacy rights activists argue that personal data gathered under the Aadhaar programme, aimed at giving a unique 12-digit identity number to every Indian, is vulnerable to abuse. Then attorney general Mukul Rohatgi told the Supreme Court in 2015 that Indian citizens don’t have a fundamental right to privacy under the Indian Constitution—an argument he repeated subsequently.

“In the two-day hearing, the court is not going to decide the full issue of privacy,” said Alok Prasanna Kumar, a lawyer and visiting fellow at think tank Vidhi Centre for Legal Policy, explaining how the Constitution bench is likely to proceed. “They are going to take a call on whether, in light of precedents, there is a need to refer the issue to a larger bench. There are past judgements and the court will have to look at the scope of privacy under each to decide the number of judges.”

He added: “If the five-judge bench agrees with the precedents, then it would continue to address the angle of privacy; if not, then it would be referred back to the CJI to constitute a larger bench of nine judges.”

All cases related to Aadhaar, including the right to privacy, will be heard by the constitution bench; the court decided to set up the constitution bench to hear the privacy case in August 2015.

The CJI’s decision came on a plea by advocate Shyam Divan, who has appeared in several cases opposing Aadhaar, and attorney general K.K. Venugopal seeking the speedy creation of a Constitution bench. It came a week after justice J. Chelameswar said that all matters related to Aadhaar should be addressed by a constitution bench.

“I see it as a step in the right direction. Personally, I hope that the privacy issue is heard by a five-judge bench as against a larger bench as that can bring more disagreement,” said Sunil Abraham, executive director of Bengaluru-based research think tank Centre for Internet and Society.

Last month, the Supreme Court court upheld the government’s decision to link Aadhaar with the permanent account number (PAN) for filing of income-tax returns but ruled that non-compliance with the law will carry no retrospective consequences.

Under the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the unique identity number is mandatory only to receive social welfare benefits.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-priyanka-mittal-july-12-2017-supreme-court-sets-up-constitution-bench-to-hear-aadhaar-privacy-issues

Reliance Jio data leaked on website : report

praskrishna — 2017-07-10T14:53:42Z

Reliance Jio customer data was leaked on independent website magicapk.com, including details such as names, mobile numbers and email IDs , said a report.

The article was published by Livemint on July 10, 2017.

Reliance Jio Infocomm Ltd’s customer data was allegedly leaked on an independent website, magicapk.com, a report said. Jio, which crossed the 100 million mark in February, barely six months after it was launched, ended the financial year with 108.9 million subscribers as of 31 March.

The report, published first in a late-night article on Sunday on Fonearena.com, alleged that “several sensitive details” were exposed, including customers’ first and last names, mobile numbers, email IDs, circles, SIM activation dates and even the Aadhaar numbers. The Aadhaar numbers, however, were redacted on magicapk.

“To my disbelief I found my own details in the database and also couple of my colleagues are affected too,” wrote Varun Krish, the author of the article. However, if you now click on Magicapk.com, it reads: “This Account has been suspended .” The Registrar of the site, according to the whois database, is Godaddy.com, LLC.

When contacted, a Reliance Jio spokesperson said, “We have come across the unverified and unsubstantiated claims of the website and are investigating it. Prima facie, the data appears to be unauthentic. We want to assure our subscribers that their data is safe and maintained with highest security. Data is only shared with authorities as per their requirement. We have informed law enforcement agencies about the claims of the website and will follow through to ensure strict action is taken.”

Fonearena.com, on its site, has responded with a: “We still stand by our story.”

The report assumes significance because the site exposed redacted Aadhaar card details. There are nearly 1.2 billion Aadhaar number holders in the country. Aadhaar aims to plug leakages in the delivery of state benefits, such as subsidized grains to the poor, and aid in generating a savings of about Rs70,000 crore a year for the government. But data breaches have rattled citizens, especially since India does not have a Privacy Act.

In March, the Unique Identification Authority of India (UIDAI) blacklisted a common services centre for 10 years after it shared the Aadhaar details of former cricket captain Mahendra Singh Dhoni. On 25 April, Mint reported that many government departments, including the ministry of drinking water and sanitation, the Jharkhand Directorate of Social Security, and the Kerala government’s pension department, had published Aadhaar numbers of beneficiaries of the schemes they run in violation of the Aadhaar Act .

On 1 May, Bengaluru-based think tank Centre for Internet and Society (CIS) reported that a Central government ministry and a state government may have made public up to 135 million Aadhaar numbers .

Under the Aadhaar (Targeted Delivery of Financial Subsidies, Benefits and Services) Act, 2016, the unique identity number is mandatory only to receive social welfare benefits. However, tagging of the Aadhaar number is being made mandatory by the government for various schemes including PAN (permanent account number) accounts for taxation. On 7 July, the Supreme Court refused to pass any interim order against the mandatory use of Aadhaar for various government schemes. It, instead, suggested that petitioners call for immediate formation of a Constitution bench to decide on the case .

News of the alleged data leak also comes at a time when there have been a spate of cyber hacks.

For instance, just when companies started believing that WannaCry—the malware that held over 200,000 individuals across 10,000 organizations in nearly 100 countries to ransom—was on the wane, a virus christened GoldenEye (a variant of the Petya ransomware) by security firm Bitdefender Labs attacked companies, mostly in Ukraine. And while the target primarily appeared to be European countries, the ransomware was also reported to be making inroads in countries like India.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-july-10-2017-reliance-jio-data-leaked-on-website-report

Act now to protect yourself against future ransomware attacks

praskrishna — 2017-07-10T14:46:14Z

There was Wannacry, then Petya, and several other lesser-known ones: With ransomware attacks coming thick and fast, get proactive about protecting yourself.

The article by Sanjay Kumar Singh was published by Business Standard on July 5, 2017.

The Wannacry ransomware attack in May was followed by the Petya attack last week. This attack affected the Ukrainian government and large corporates like Maersk and Merck. In India it affected the operations of terminals at Jawaharlal Nehru Port Trust (JNPT), operated by Maersk. According to Kaspersky Lab, the rate of ransomware attacks on businesses grew from one every 120 seconds in January 2016 to one every 40 seconds by October that year. The rate of attack on individuals' computers rose from one every 20 seconds to one every 10 seconds over this period. Today, it has become imperative for everyone, including entrepreneurs and small business owners, to learn how to defend themselves against such attacks.

A trend witnessed in 2016 was the growth of ransomware-as-a-service business model. "Code creators offer their malicious product on demand, selling uniquely modified versions to criminals who then distribute it through spam and websites, paying a commission to the creator," says Altaf Halde, managing director, Kaspersky Lab (South Asia). He adds that the growth of cashless payments in India will undoubtedly attract the attention of cyber criminals and lead to more attacks in future.

Next, let us turn to how ransomware works. An operating system (OS) is a large and complicated piece of software with millions of lines of software code. A malware exploits vulnerabilities within the OS to infiltrate it. An infiltration can happen in multiple ways: if you download a malicious email attachment, visit a code-carrying web site, via an infected pen drive, and so on.

Ransomware is a form of malware that encrypts the files in a critical part of the computer, such as My Documents or Desktop, where people usually store their files. It could also encrypt specific file types, say, such .doc files. The user is then informed that his files have been encrypted along with the warning that unless he pays up within the next few hours his files will be deleted. Says Udbhav Tiwari, policy officer at the Centre for Internet and Society, Bengaluru: "You first have to first pay the attackers using anonymous money like bitcoins and then they give you the key for decrypting your files."

A ransomware attack can be dealt with in two ways: either pay the money and get the files unlocked, or find a way to circumvent the encryption. The latter option can, however, take a fair bit of time.

Safeguard measure you should adopt
Back up important files regularly. Check periodically that these files have not got damaged Enable ‘Show file extensions’ option in Windows settings. Stay away from extensions like “exe”, “vbs” and “scr”. Many familiar file types can be dangerous as scammers use multiple extensions (like hot-chics.avi.exe or doc.scr) If you discover an unknown process on your machine, cut off the Internet connection immediately If you have been infected, find the name of the ransomware. If it's an older version, your files can be restored. For restoration tools visit https://www.nomoreransom.org/

Among the safeguard measures you should adopt, first and foremost, never open a suspicious file. By being vigilant you can avoid a lot of ransomware attacks.

Most malware exploit vulnerabilities within the OS. "These vulnerabilities are frequently patched by the creators of the OS. But if people use pirated OS, or don't upgrade it regularly, they could land in trouble," says Tiwari. Soon after the Wannacry attack, Microsoft had issued a patch. People who updated their computers immediately didn't get affected by it. Also, use the latest version of an OS.

Use a quality antivirus (AV) solution, which is usually one you have to pay for. A high-quality AV can even protect you against vulnerabilities not patched by the OS manufacturer. AVs scan files. If they detect patterns indicating the presence of malware, they lock them apart from the rest of the computer, thereby preventing them from spreading.

One option is to use an OS that is less vulnerable, like Mac and Linux. Fewer malware are designed for these OS as fewer people use them.

Finally, if your files do get encrypted, don’t pay the ransom, unless instant access to those files is critical. "Each payment only fuels this unlawful business," says Halde.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-july-5-2017-sanjay-kumar-singh-act-now-to-protect-yourself-against-future-ransomware-attacks

Disabled demand rollback of GST on aids

praskrishna — 2017-07-09T02:21:46Z

It has been eight years since Mansoor Ahmed changed his caliper. The one he owns was bought for Rs 20,000. Now, they cost more than double. “It is a challenge to buy a caliper when the cost of living has gone up so much. I know really poor people who haven't changed calipers in 15-20 years. After a point, it could cause the disability to worsen,“ says Ahmed, a senior manager with a Bengaluru-based non-profit.

The article by Sandhya Soman was published in the Economic Times on July 7, 2017.

For disabled people like Ahmed, the 5% GST on basic aids and appliances like calipers, Braille writers and cochlear implants is an additional load. “We are already burdened by other costs -illnesses and medicines. It's quite unfair if I must pay more if I have to walk,“ says Ahmed.

The decision to tax aids and appliances for the disabled continues to draw flak despite a hastily put together statement last week reducing GST and capping it at 5% for 22 categories of products. Cars will continue to have 18% GST even if they are retrofitted for a disabled driver. The disabled find it hard to reconcile that they will have to shell out more while items such as sindoor and bangles got a waiver. This is the government that launched the Ac cessible India campaign and Inclusive India campaign. I don't understand why they should charge people to walk with a cane,“ says Nirmita Narasimhan, policy director, The Centre for Internet and Society.

The economic burden is accentuated by a lack of institutional support, whether in terms of accessibility to public transport or provision of affordable aids. “There is close correlation between poverty and disability . Most of us can't step out of our houses as roads, pavements and public transport are inaccessible,“ asks Javed Abidi, director, National Centre for Promotion of Employment for Disabled People.

Narasimhan notes in her submission to the government that the 21 million disabled record low literacy level (59%, below national average of 74.4%) and low work participation (36.3%).

To reduce the financial burden, Abidi and others fought to do away with taxes on aids since 2000. “We could bring down tax rates, sometimes as high as 20%, on various items to 5%. In 2006, it became zero and the last decade was the most important one for disability rights. Instead of making aids more affordable, we are now going back 10 years and charging 5% again,“ says Abidi, a wheelchair user.

For more details visit http://editors.cis-india.org/accessibility/news/economic-times-july-7-2017-sandhya-soman-disabled-demand-rollback-of-gst-on-aids

Cybersecurity - Threat or Opportunity

praskrishna — 2017-07-07T02:42:28Z

For more details visit http://editors.cis-india.org/internet-governance/files/cybersecurity-threat-or-opportunity