Centre for Internet and Society

Priyanka Sachar

praskrishna — 2012-04-10T09:09:50Z

For more details visit http://editors.cis-india.org/home-images/priyanka.jpg

Private sector censors

praskrishna — 2012-04-26T13:30:47Z

If business decides what’s ‘good’ and ‘bad’ speech, it can lead to multiple interpretations and arbitrary decisions. The article by Salil Tripathi was published in LiveMint on April 25, 2012.

In Milan Kundera’s 1967 Czech novel, Žert (The Joke), Ludvik Jahn sends a postcard to an intense classmate who takes herself too seriously. In the card, he makes sarcastic comments against the Communist Party. Unsurprisingly, others don’t see the joke. He gets expelled from the party, conscripted and has to work in mines.

While The Joke was a work of fiction, in the real Soviet era as punishment for such actions, many people lost jobs, sometimes their homes; some went to jail, often betrayed by those they trusted. In Czechoslovakia (as the country was then known), the state ran the postal service and those who read the postcard were party members. In India, the private sector provides Internet access and others don’t have the legal right to see what’s being transmitted, unless they are intended recipients, or if the material is broadcast publicly. The state now wants the private sector to police and censor the Internet.

Under the draconian Information Technology (Intermediaries Guidelines) Rules, 2011, any intermediary (a search engine, a website, a domain name registry, a service provider, or a cyber café) must take down the “offending” material from its website within 36 hours. The intermediary need not inform the person who posted the material, nor would the creator get the right to respond. As Apar Gupta points out on the Indian Law and Technology Blog, in one recent case, based on these rules, an injunction has been granted.

These rules go significantly beyond the existing restraints on speech. The Constitution limits speech and sections of the criminal code impose further restrictions. To that, add the IT rules’ vaguely defined terms of what can’t be said—content which is “grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libelous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling or otherwise unlawful in any manner whatever, harms minors in any way, or infringes any patent, trademark, copyright, or other proprietary right”. Who decides that? The intermediaries.

These rules make the private sector act like the state. Nobody elected business to play such a role; it does not have the expertise, capacity, legal training, or authority to act as the state. Censorship is bad; whether in state or private hands. If business decides what’s “good” and “bad” speech, it can lead to multiple interpretations and arbitrary decisions, without recourse to appeal. In a country where those who feel offended have often threatened violence, businesses will understandably take the cautious approach and not allow anyone to say anything that’s remotely controversial, even if it is an opinion about a film.

Decisions will be made on opaque criteria. Apple and Amazon have arbitrarily stopped some products from being sold on their electronic stores, citing “community standards”. Amazon stopped providing server space to WikiLeaks, even though no government had asked it to do so. Credit card companies stopped processing donations going to WikiLeaks, without any legal order. Even Google, which has admirably stood up to China’s bullying, has had to take down content when governments have required that it does so through proper legal channels. India’s record is poor: of the 358 complaints India lodged with Google, 255 were about content that was controversial or political, but not illegal.

To demonstrate the reach of the rules, the Centre for Internet and Society in Bangalore sent random notices to seven companies, asking them to take down content. Of them, six complied beyond what they were called upon to do—instead of the three pages that the centre asked for, one company blocked an entire website. A few legally worded letters were enough to get compliance from companies. The centre’s executive director, Sunil Abraham, told me recently: “Companies which have no interest in free speech are now taking these decisions. They have the power to do so and they are using it without any sense of responsibility.”

Aseem Trivedi knows this well. The cartoonist who ran a website called cartoonistsagainstcorruption.com, found that his site had disappeared after a complaint from an individual that the cartoons violated laws. Since then he has been campaigning for freedom on the Internet. Everyone’s freedom is at stake—whether you want to see cartoons of Sonia Gandhi, Narendra Modi, Ramdev, Kisan Hazare, Binayak Sen, Arundhati Roy, Sachin Tendulkar, Poonam Pandey and even Mamata Banerjee. And yet look at what happened to Ambikesh Mahapatra, the professor who sent a cartoon mocking Banerjee to some friends via the Internet. He was arrested and later roughed up. These rules chill speech.

Last year, Kapil Sibal, minister for information technology, asked companies to screen content manually and censor the Web. The demand was audacious. It showed lack of understanding of how the Internet works and revealed fundamental ignorance of the state’s role: it has to protect the rights of the one who wishes to express and not the one who claims offence.

In Parliament, P. Rajeev, member of Parliament (Rajya Sabha), wants to annul those rules. Everyone should support him.

Read the original in LiveMint here

For more details visit http://editors.cis-india.org/news/private-sector-censors

Private Sector

praskrishna — 2014-04-22T11:44:36Z

Private Sector

For more details visit http://editors.cis-india.org/home-images/PrivateSector.png

Privacy: from regional regulations to global connections ?

praskrishna — 2013-10-21T08:18:56Z

This workshop is being organised by Internet Society at Bali on October 24. Sunil Abraham is one of the panelists for this.

The Internet Governance Forum 2013 is being held at Bali from October 22 to 25. The overarching theme for the 2013 IGF meeting is: "Building Bridges"- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development".

Read the original published on the IGF website.

Theme: Internet Governance Principles

The Internet dissolves geographical boundaries on a greater scale than any prior invention. It allows data, personal and otherwise, to flow across borders, supporting social and economic interactions. However, there is a complex mix of factors at play: multiple policy objectives that are sometimes in conflict; individuals’ rights; the interests of the communities; “monetization” of personal data for short-term and long-term commercial gain; different historical cultural and regulatory approaches to privacy; etc.

Across a diverse, global Internet, how can we best deal with the tensions that naturally result from differences in personal privacy expectations, economic aspirations, and regulatory regimes, particularly when it comes to online data protection?

This workshop will explore what core principles and strategies are needed to achieve a balanced and fair approach to data protection that is effective internationally and regionally. In the process, we will examine the possible paths to a global solution, together with impediments, and explore how successful local and regional approaches could be leveraged at the international level.

We will also strive to articulate lessons learned from recent initiatives such as the modernisation of the Council of Europe Convention 108, the revision of the OECD Privacy Guidelines, the APEC Cross Border Privacy Rules System, and the proposed revisions to the EU data protection framework, etc. in tackling these challenging issues.

Has the proponent organised a workshop with a similar subject during past IGF meetings?
Yes

Indication of how the workshop will build on but go beyond the outcomes previously reached

The submitter has not previously organised a workshop at the IGF. However, his colleague has co-organised the following workshops on related issues: 2012: ICC BASIS and ISOC - Solutions for enabling cross-border data flows – http://wsms1.intgovforum.org/sites/default/files/IGF%202012%20ws86%20report_10%2012%2012%20final.doc 2012: CoE and ISOC – Who is following me: tracking the trackers – http://wsms1.intgovforum.org/content/no181-who-following-me-tracking-trackers#report 2010: ISOC and EFF – The Future of Privacy – http://www.internetsociety.org/sites/default/files/future-privacy%2020100914.pdf Background papers: Report from a WSIS Forum 2012 thematic workshop entitled: “Data Privacy on a global scale: keeping pace with an evolving environment” – http://www.internetsociety.org/sites/default/files/Data%20Privacy%20on%20a%20global%20scale_0.pdf Report from a IGF2012 workshop entitled “Solutions for enabling cross-border data flows - https://www.internetsociety.org/sites/default/files/IGF%202012%20cross-border%20data%20flows.pdf

Background Paper

Download background paper

Co-organisers

Ms. Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Intergovernmental Organizations, FRANCE, Western Europe and Others Group - WEOG
Mr. Frederic Donck, Internet Society, Technical Community, BELGIUM, Western Europe and Others Group - WEOG

Have the Proponent or any of the co-organisers organised an IGF workshop before?
Yes

The link(s) to the workshop report(s)

Panelists

Please click on Biography to view the biography of panelist

Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Female, Intergovernmental Organizations, FRANCE, Western Europe and Others Group – WEOG
Nigel Waters, Public Officer, Australian Privacy Foundation , Male, Civil Society, Australia, Asia-Pacific Group
Wendy Seltzer, Policy Counsel, World Wide Web Consortium (W3C) , Female, Technical Community, United States, Western Europe and Others Group – WEOG
Biography
Joseph Alhadeff, Vice President for Global Public Policy, Chief Privacy Officer, Oracle Corporation, Male, Private Sector, United States, Western Europe and Others Group – WEOG
Biography
Sunil Abraham, Executive Director, Centre for Internet and Society (CIS), Bangalore, Male, Civil Society, India, Asia-Pacific Group
Biography

Moderator

Frederic Donck, Internet Society, Director European Regional Bureau

Remote Moderator

Luca Belli, CERSA,Université Panthéon-Assas Sorbonne University

Agenda

Moderator will briefly introduce the session as well as the different panellists. Each panellist will have 2 minutes (maximum) to introduce his/her own perspective on the general issues addressed by the moderator.

No powerpoints allowed. Very dynamic session with regular interventions from remote participants and audience, as well as between panellists is sought.

Moderator will work out questions (including through a coordinated approach before the session with panellists) and will organise the session in a way that allows a balanced conversation between all stakeholders (on-site/remotely).

Inclusiveness of the Session

Suitability for Remote Participation

Dynamic interaction with remote participants (ISOC community and chapters, technical community, Businesses, etc.) will be ensured through social medias, jabber, webex, and twitter (hashtag will be provided) etc.

Coordinated approach with remote moderator will be ensured as well as the necessary communication and information to remote participants in advance of and during the session.

For more details visit http://editors.cis-india.org/news/igf-2013-workshop-335-privacy-from-regional-regulations-to-global-connections

Privacy, what? Bengaluru police leaks 46,000 phone numbers on Twitter

praskrishna — 2017-04-07T02:57:49Z

Bengaluru police made the biggest goof up of all time by releasing private information of people who called 100 to complain since April 2015 and was seemingly unapologetic about the breach of privacy.

The article by Neha Vashishth was published by India Today on April 6, 2017. Pranesh Prakash was quoted.

We all love our privacy, don't we?

We put various locking apps and hide our private pictures on Facebook, Twitter etc and only share what we want the world to see. But sometimes even after our countless efforts, we end up losing our information on the internet. After all, a breach of privacy is the greatest nightmare one can have.

Bengaluru police goofed up too when it came to handling privacy concerns of Bengaluru citizens. The police department posted phone numbers of thousands of citizens on their Twitter handle (@BCPCR) who called 100 and complained against harassment, quarrels, and gambling etc.

The police posted over 46,000 tweets online since April 2015 sharing information of people who called on 100 along with the app known as 'Suraksha' to lodge complaints. The account was made private as soon as the matter escalated.

The police was unapologetic regarding the matter and said that the tweets were auto-generated from their twitter handle @BCPCR.

Pranesh Prakash, Policy Director at the Centre for Internet and Society said the "police officer who ordered to create such an account should be held responsible if any harm comes to a complainant."

This not only created a major breach of privacy of complainants but also risked their lives. This incident only proves that privacy and sensitivity of the matter has vanished in today's time.

For more details visit http://editors.cis-india.org/internet-governance/news/india-today-neha-vashishth-april-6-2017-privacy-what-bengaluru-police-leaks-phone-numbers-on-twitter

Privacy, speech at stake in cyberspace

praskrishna — 2012-02-03T11:27:58Z

Internet censorship is becoming a trend, with many countries around the world filtering the Web in varying degrees, writes Leslie D’Monte in Livemint on February 3, 2012.

Privacy and freedom of expression are gradually being compromised in cyberspace, say advocacy groups, with social networking sites and Internet companies buckling under pressure from governments to monitor and block “objectionable” content.

Take the case of Twitter Inc., which on 26 January posted on its official blog that “...starting today, we give ourselves the ability to reactively withhold content from users in a specific country—while keeping it available in the rest of the world”. While Twitter reasoned that as it continues to grow internationally, it will have to deal with “countries that have different ideas about the contours of freedom of expression”, activists and bloggers cautioned that the new censorship policies could muffle online freedom.

“The decision of Twitter to censor its content based on the political masters’ wishes in each country is an indication that commercial interests are always higher than democratic interests for these companies. The move of the Indian government to arm-twist the major intermediaries is, therefore, expected to succeed in due course once the initial resistance wears off,” cautioned Na. Vijayashankar, a Bangalore-based e-business consultant and founder secretary of the Cyber Society of India.

In December, minister for communications and information technology (IT) Kapil Sibal said in New Delhi that the Centre had no option but to “evolve guidelines” to ensure that “blasphemous content on the Internet or television is not allowed”, since Internet and social networking sites such as Google Inc., Microsoft Corp., Twitter, Yahoo Inc., and Facebook Inc. failed “to respond to and cooperate with” the government’s request to keep “objectionable” content off their sites.

A few days later, Sibal clarified that “...this government (of the United Progressive Alliance) does not believe in censorship”. And in an interview to Mint on 1 February, Gulshan Rai—head of the elite Indian Computer Emergency Response Team and coordinator of a committee on cyberlaw—said, inter alia, “We value the freedom of speech. We do not interfere there.”

Internet censorship is a rising trend, with approximately 40 countries filtering the Web in varying degrees, including democratic and non-democratic governments. YouTube and Gmail (both from Google), BlackBerry maker Research In Motion Ltd, WikiLeaks, Twitter and Facebook have all been censored, at different times, in China, Iran, Egypt and other countries.

“The clampdown on online free speech and the roll-out of a multi-tiered blanket surveillance regime via the draconian IT Act and its associated rules in India is part of a global trend,” said Sunil Abraham, executive director of the Centre for Internet and Society. “Big brother tendencies with the government have found common cause with powerful rights-holders, who are keen to crack down on intellectual property rights infringements. This, combined with the dramatic growth of the surveillance industry, has resulted in civil liberties being undermined across the world for a variety of pretexts ranging from child porn, obscenity, hate speech, organized crime, terrorism and piracy.”

Transparency Report website—which logs content removal requests it receives from governments—the Internet company received 67 requests from the Indian government for the removal of 282 content items (such as videos critical of politicians) from YouTube and blogs during July-December 2010. Google said it complied with 22% of the requests. For the January-June 2011 (latest data available) period, Google received 68 content removal requests for 358 items from Indian government agencies. Google complied in 51% cases.

Entangling the user

Even as they face pressure from governments, companies such as Google and Facebook are tweaking their policies to allow for sharing of user data across multiple product offerings. They claim it will give their users a more “intuitive” experience, but advocacy groups say the policies are being altered to give advertisers more bang for the buck at the expense of user privacy.

Google, for instance, is making changes to its privacy policies and terms of service, which take effect from 1 March. “Regulators globally have been calling for shorter, simpler privacy policies—and having one policy covering many different products is now fairly standard across the Web,” said Alma Whitten, Google’s director of privacy, product and engineering, on the official company blog. Google has begun notifying users of these changes since 24 January.

For example, a search for restaurants in Mumbai may throw up Google+ posts or photos that people have shared with other users, or that are in their albums. Usability can be enhanced, for instance, by allowing memos from Google Docs to be read in Gmail, or adding a Gmail contact to a meeting in Google Calendar. Google, according to Whitten, does not sell personal information nor share it externally without permission “except in very limited circumstances like a valid court order”.

Facebook, on its part, introduced its “Timeline” feature in December, which digs up a user’s past and displays it, but does not allow opting out of the service. The feature is being introduced for all 800 million users, around 40 million of whom are in India. Those not accustomed to checking their privacy settings will have a hard time going through the hundreds of messages they’ve posted over the last few years (Facebook was founded in 2004).

The Electronic Privacy Information Center said the launch of Timeline forces more privacy setting changes on Facebook users, “which flies in the face of both privacy and a settlement reached between the firm and the US Federal Trade Commission (FTC)”. On 29 November, Facebook agreed to an FTC order that bars it from “deceiving” consumers about privacy practices and requires it to submit to monitoring for 20 years.

“Privacy is certainly a very serious concern for Internet users. Some of the big brands like Facebook and Google simply have access to too much information about the life of their users, and this information could easily be misused by the brand or wilfully by someone else. Our guidance to consumers and clients is that first and foremost, they should be very conscious of these privacy challenges. If we put out any communication on a social network, it is akin to broadcast communication. By default, choose the tightest privacy setting and then gradually loosen up instead of accepting the default privacy setting of Facebook or Google. Don’t give out information like cellphone number, date of birth...or even names of close relations on social networks,” said Hareesh Tibrewala, joint chief executive officer of Social Wavelength, a company that advises clients on social media strategies.

Mahesh Murthy, founder of digital marketing firm Pinstorm, acknowledged that “in reality, there is virtually no privacy online. Governments and companies try to assure apprehensive citizens about privacy, while at the same time doing everything to destroy it in reality”.

He advises marketers to be upfront about their data collection and management policies, and declare them prominently on their online properties. On an individual level, Murthy takes comfort “in the fact that I could just be one of those 3 billion+ Internet users worldwide with my data a small part of the swarm out there that no one might take a special interest in”.

Electronic police state?

India has a history of exerting pressure on companies for access to communications data. According to Cryptohippie Inc., a provider of communication security services, India ranked 26 among the most policed states in the world in 2010—“one in which every surveillance camera recording, every email sent, every Internet site surfed, every post made, every check written, every credit card swipe, every cellphone ping…are all criminal evidence, and all are held in searchable databases”, according to the company that discontinued the report in 2011, stating that “…most people are defending their ignorance; not much good will come from us repeating ourselves”.

Currently, the Indian Telegraph Act and the IT Act, 2008 (amendments introduced in the IT Act, 2000), give the government the power to monitor, intercept and even block online conversations and websites. Moreover, under section 79 of the IT Intermediary (Rules and Guidelines), 2011, intermediaries—telcos, Internet services providers, network services providers, search engines, cyber cafes, Web-hosting companies, online auction portals and online payment sites—are mandated to exercise “due diligence” and advise users not to share/distribute information violative of the law or a person’s privacy and rights. Intermediaries are expected to act on a complaint within 36 hours of receiving it, and remove such content when warranted. In case the intermediary doesn’t find the content objectionable, the matter will have to be contested in a court of law.

“The Indian government can, and should, monitor conversations and websites if it believes the content can harm the security, defence, sovereignty and integrity of the country,” maintained Pavan Duggal, a Supreme Court lawyer and a cyberlaw expert, but wondered how it would go about implementing the task of monitoring conversation on an unstructured Internet. “The intention is good, but the path is not clear,” said Duggal, who envisions a lot of cases being filed against misuse of these laws.

“While the affected party can lodge a complaint with the intermediary, removal has to follow a due process, which should include suitable documentary evidence placed by the party. There should be a process of examination through an ombudsman, a process of arbitration where the request is disputed or a court order as may be required on a case to case basis,” said Vijayashankar of the Cyber Society of India.

The original was published in Livemint on 3 February 2012. Sunil Abraham was quoted in it.

For more details visit http://editors.cis-india.org/news/privacy-speech-at-stake-in-cyberspace-1

Privacy, Security, and Access to Rights: A Technical and Policy Analyses

praskrishna — 2011-09-22T09:28:56Z

Privacy and security are often presented as zero-sum outcomes with respect to issues affecting Internet governance. This dichotomous treatment often results in policy outcomes that directly limit access and rights. The meanings of privacy and security, however, are not used uniformly and often vary with the regards to the issue at hand (i.e. financial crimes, copyright enforcement) as well as cultural and political context.

This workshop aims to explore the nuances in the relationship between privacy and security through a series of technical demonstrations alongside policy analyses from different regions to determine how rights and access can be best protected.

The Workshop Agenda is as follows:

Introduction - Workshop Agenda, Issues, and Panelists (5 minutes)
Regional Perspectives - Cultural and Policy Understandings of Privacy and Security, and the implications for access and rights (20 min)
Technical Perspectives - Designing privacy and security through technology (20 min)
Policy Opportunities and Challenges (10 min)
Question and Answer (30 min)

Which of the five broad IGF Themes or the Cross-Cutting Priorities does your workshop fall under?

Security, Openness and Privacy

Have you organized an IGF workshop before? No

If so, please provide the link to the report:

No link to this report

Provide the names and affiliations of the panellists you are planning to invite:
Invited Panelists:

Karen Reilly, Tor Project (United States)
Carlos Affonso Pereira de Souza, Centro de Technologica e Socieda (Brazil)
Smari McCarthy, International Modern Media Initiative (Iceland)
Christopher Soghoian, Indiana University (United States)
Bob Pepper, Cisco (United States)*
Sunil Abraham (India)

Remote Moderator:

Cameran Ashraf, University of California, Los Angeles

Provide the name of the organizer(s) of the workshop and their affiliation to various stakeholder groups:

Kim Pham, Expression Technologies, Civil Society
Karen Reilly, Tor Project, Technical/Civil Society

Organization: Expression Technologies

Contact Person: Kim Pham

See the event details on the IGF website

For more details visit http://editors.cis-india.org/news/privacy-security-access-to-rights

Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm

praskrishna — 2014-12-15T12:56:49Z

Pranesh Prakash was a panelist in the session "Beyond the familiar: how do other countries deal with security and surveillance oversight?" The event was organized by Wilton Park between November 17 and 19, 2014.

Complete details of the programme can be accessed here.

For more details visit http://editors.cis-india.org/internet-governance/news/wilton-park-november-17-19-privacy-security-surveillance

Privacy, Draft Discussion

praskrishna — 2010-09-10T09:51:11Z

Discussion paper

For more details visit http://editors.cis-india.org/internet-governance/publications/privacy-draft-discussion

Privacy, Data-Gathering Technologies Draft Discussion Paper

praskrishna — 2010-09-10T09:46:10Z

Discussion paper

For more details visit http://editors.cis-india.org/internet-governance/publications/privacy-discussion-paper

Privacy, Data-Gathering Technologies Draft Discussion Paper

praskrishna — 2010-09-10T09:42:30Z

Discussion paper

For more details visit http://editors.cis-india.org/internet-governance/publications/privacy-data-gathering-technologies

Privacy, Data-Gathering Agenda

praskrishna — 2010-09-10T09:39:09Z

Agenda

For more details visit http://editors.cis-india.org/internet-governance/publications/privacy-data-agenda

Privacy, By Design

praskrishna — 2011-04-12T06:45:36Z

The Centre for Internet and Society invites people and organizations in the business of 'privacy online' to engage with it in Privacy, By Design — an open space discussion that brings together coders, developers, users and entrepreneurs interested in the design of privacy online.

Is Privacy something we are born with or is it constructed for us? Different actors like governments, markets, cultural negotiators, are often attributed the responsibility of defining what it means to be 'private'. In our rapidly digitizing world, Internet and digital technologies have emerged as new factors that influence the design of privacy. Ranging from social networking systems to e-governance projects and economic transactions to interpersonal relationships, the design of privacy online has become a central concern.

Privacy, By Design is a part of The Identity Project (TIP), a collaboration between the Centre for Internet and Society and the Centre for the Study of Culture and Society. It is a research inquiry that hopes to consolidate multiple perspectives, and ideas in an attempt to initiate a dialogue between people who are in the business of designing platforms and applications that pivot around privacy. For instance: How do the platforms we use define our understanding of privacy? What does privacy in the cloud look like? What are the parameters by which privacy is defined within the digital world? What role do digital technologies play in producing the 'privacy effect?'

For more details visit http://editors.cis-india.org/events/privacy-by-design

Privacy Timeline

praskrishna — 2013-06-03T09:48:18Z

For more details visit http://editors.cis-india.org/internet-governance/blog/privacy-timeline

Privacy Timeline

praskrishna — 2013-09-26T10:08:07Z

For more details visit http://editors.cis-india.org/internet-governance/blog/privacy-timeline.pdf