Centre for Internet and Society

Open Letter to the Finance Committee: Finance and Security

praskrishna — 2011-02-17T11:57:42Z

This note explores the three connections between finance and security and demonstrates the cost implications of operating a centrally designed identity management system as proposed by the UID. In doing so, it shows how the monitoring, storing, and securing of transactional data in a centralized database fall short of meeting the project's objectives of authentication, and thus is an additional cost. Further, it is argued that the blanket monitoring of the transaction database is not an effective method of detecting fraud, and is an expensive component of the project.

Operating a centralized identity management system that requires the use of a remote database for every transaction is always more expensive than a decentralized identity management system that could optionally use a local database.

Centralized database costs

Both public and private keys must be centrally stored
All transactions require connectivity for the sending and receiving of authentication of data, and have an associated connectivity cost
Securing all data at a central database has augmented costs

Decentralized database costs

Only the public key must be centrally stored
Some transactions require connectivity for the sending and receiving of authentication data

The cost of building an identity management system that includes recording, monitoring, and securing each transaction is more than the cost of building only an identity authentication system. The goal of the project is to identify a person. Recording each transaction will add unnecessary cost.

Cost of identity authentication system
Cost of monitoring transactions	> Cost of identity authentication system
Cost of securing transaction data

Increasing security or fighting fraud can be done in two ways - having a targeted approach or through blanket monitoring. The UID scheme, through the monitoring of the transaction database featuring trillions of transaction by 1.2 billion people is a blanket approach, and will provide lower return on investment than a targeted approach.

For more details visit http://editors.cis-india.org/internet-governance/blog/privacy/finance-and-security

Open Letter to the Finance Committe: Biometrics

praskrishna — 2011-02-17T13:12:22Z

This note points out the weaknesses inherent in biometrics and the pitfalls in using them. It recommends procedural safeguards that should be adopted by the UID in order to make the use of biometrics more secure and inclusive.

Biometrics are not centrally stored and are used only for identification

Biometrics, as our first letter notes 1 are better suited for identification, and are inappropriate for authentication. Therefore, the central server need not store biometric information, and need only store the public key of each citizen's digital signature.2 Biometrics on a smart card for authentication will allow service providers to determine if the card is being carried by the right person. This configuration of biometrics has many positives. It is :
- Cost effective
- More secure
- Places the control of biometric information in the hands of the data subject
Use encrypted data, rather than live data

The UID scheme has stated that biometrics will be encrypted, but has not provided further details. 3
It is recommended that biometrics are:
- Encrypted whenever it is used, stored and transferred;
- A biometric should be encrypted to such a degree that it is not possible to reconstruct the biometric data; and
- After an encrypted version of the biometric is made, the original biometric should be deleted.
In order to perform an identification check – the biometrics presented should be encrypted and then compared to the encrypted version stored on the card. If the card is stolen – the thief would not be able to harvest biometrics.
Security clearance for all associated entities and personnel

UID registrations and transactions will be handled by 'registrars' or in other words personnel who work at organizations not directly under the control of the UIDAI. A clear process associated with who can perform transactions and a proper audit system is needed to prevent 'insider' attacks.
Clearly defined alternate identification factors

There are many situations in which a biometric cannot be accepted in a transaction. For example, when the biometric changes, is misread, or is unreadable. The UID has recognized this possibility and has stated: “In case of authentication, the operator needs to find an alternate method of authentication if fingerprint verification fails. The operator/application would not know the cause of verification failure. A timeout will be implemented in service after five attempts.”4
The alternative identity factors that will be accepted need to be clearly defined and articulate.
Standards for acceptance of biometric as authentication factor

The UIDAI has proposed a whole range of authentication factors – pin, password, partial biometrics, full biometrics, mobile phone and combination's thereof. 5 Some of these authentication factors may also be presented by the data subject over the Internet. As our previous letters have stated – some authentication factors are more secure than others. Therefore, the UIDAI should publish standards for acceptance of different authentication factors based on the security requirements of different types of transactions. Even if biometrics are used as an authentication standard – in our opinion it should only be used for trivial transactions without major financial or citizenship implications.

Footnotes:

1http://www.cis-india.org/advocacy/igov/privacy-india/letter-to-finance-committee

2 Distinguish and separate the authentication process from the identification process: Identification is a comparison of one set of biometric data against all sets of collected biometrics in one central database to verify the identity of the owner of the biometric data. Authentication is a comparison of a biometric against a stored template to validate the existence of that specific biometric

3 http://uidai.gov.in/index.php?option=com_fsf&view=faq&Itemid=206&catid=7

4 Biometric Design Standards for UID Applications: pg 37

5 UIDAI Strategy Overview. Creating a Unique Identity Number for Every Resident in India. Pg. 28

For more details visit http://editors.cis-india.org/internet-governance/blog/privacy/biometrics

Open letter from CIS to PM Modi on Intellectual Property Rights issues on his Visit to US

praskrishna — 2015-09-24T02:48:32Z

Centre for Internet and Society, through its Policy Director Mr. Pranesh Prakash and Programme Officer Nehaa Chaudhari has addressed an open letter to Prime Minister Narendra Modi on the intellectual property right issues concerning his visit to the United State of America in September, 2015.

The article by Apoorva Mandhani was published by LiveLaw on September 23, 2015. CIS Open Letter here.

The letter makes a two-fold request: first, that the Government of the USA be requested to ratify the Marrakesh Treaty for visually impaired persons and second, that the Indian Government should not enter into any negotiations around the Trans-Pacific Partnership trade agreement.

The letter relies on the statistics released by the World Blind Union, according to which 90% of all published material is not accessible to blind or print disabled people. The severity of the ‘book famine’, it says, was highlighted by India in its Closing Statement at the Diplomatic Conference convened to conclude the Marrakesh Treaty.

India was the first country to ratify the Marrakesh Treaty in June, 2014. However, the Marrakesh Treaty will come into effect only after 20 Member States have ratified it or acceded to it. As per information available from the World Intellectual Property Organization, only 9 countries have ratified or acceded to the treaty and USA is not one of it. The letter therefore requests Mr. Modi to request USA ratify the Marrakesh Treaty at the earliest.

It says, “The USA is home to some of the largest publishers of both academic and other/leisure material including Penguin Random House, Harper Collins, John Wiley & Sons, the RELX Group, McGraw-Hill Education, Scholastic and Cengage Learning to name a few. It accounts for a large volume of the world’s book and other print material export. The active participation of the USA through the ratification of the Marrakesh treaty is critical if the treaty is to be truly effective.”

With regard to the Trans-Pacific Partnership trade agreement, the letter communicates its concern regarding the secrecy of negotiations as well as the content of the chapter on intellectual property in the TPP.

Provisions sought to be imposed through the TPP mandate the inclusion of TRIPS plus provisions in national laws, envisage possible extensions in term of protection on patents, restrict copyright exceptions and limitations, extend copyright protection terms and impose a higher liability on intermediaries. All these provisions, it says, “would be disastrous for an emerging economy such as India’s, which is a heavy user of intellectual property and not a heavy producer of the same.”

Highlighting CIS’s concerns, the letter requests that any engagement in TPP negotiations be preceded by national consultations on the same, soliciting input from various stakeholders with diverging interests, including academia, civil society, industry associations, large Indian corporations, small and medium enterprises and multi- national corporations, rights holders associations and other interest groups.

For more details visit http://editors.cis-india.org/a2k/news/live-law-apoorva-mandhani-september-23-2015-open-letter-from-cis-to-pm-modi-on-intellectual-property-rights-issues-on-his-visit-to-us

Open Knowledge Festival 2014

praskrishna — 2014-07-28T10:17:38Z

Subhashish Panigrahi represented India as the India Ambassador of OpenGLAM local in Berlin. The event was organized by Google, Omidyar, et.al., in Berlin from July 15 to 17, 2014.

Click to read the details on the website here. See the official programme here. Download Subhashish's presentation at this page.

Subhashish presented on the following:

Situation in India

Wikimedia India chapter and WMF's India program working on first India GLAM project
Good traction of image contribution through Wiki Loves Monuments photo contest
Mass communication and other media institutes slowly taking interest in open audio library
Digitization is a priority across government departments, with funding available
Majority of GLAMs lack knowledge about open culture, need for outreach
Relicensing and book digitization have gained public interest
Goals of the survey
Data
Mapping the sector
Encourage institutions to think beyond their digital strategy
Show institutions what is there for them

What we have done so far

Started filing Right to Information (RT) asking state government departments for lists of institutions
Reached out to WMIN (Wikimedia India chapter) for help in creating a list
Difficulty with getting people and contact details

Collaborative Presentation

OKFest2014 glam-survey_workshop_20140717 from Beat Estermann

For more details visit http://editors.cis-india.org/news/ok-festival-2014

Open Knowledge Day in Mysore (Media Coverage)

praskrishna — 2014-07-24T07:01:16Z

For more details visit http://editors.cis-india.org/openness/blog-old/open-knowledge-day-mysore-media-coverage-zip

Open Knowledge Day at Mysore

praskrishna — 2014-07-14T09:41:39Z

Mysore University along with the Centre for Internet and Society's Access to Knowledge (CIS-A2K) team invites you to an Open Knowledge Day at the University of Mysore on July 15, 2014.

We signed a memorandum of understanding (MoU) with the University of Mysore earlier this year in January to re-release the first six volumes of their Kannada encyclopaedia under Creative Commons (CC) license.

CIS-A2K facilitated extracting the legacy text from the soft-copies, converting them to Unicode, distributing the files among volunteers and Christ University interns and uploading them to Kannada Wikisource. So far about 1200 articles have been added. These articles will feed to articles in Kannada Wikipedia.

To commemorate this, the University of Mysore and CIS-A2K is organizing this event. This will also coincide with the Open Knowledge Festival happening at Berlin from July 15 to 17, 2014.

The invitation for the Mysore program given below:

For more details visit http://editors.cis-india.org/openness/events/open-knowledge-day-mysore

Open is the Future

praskrishna — 2011-05-01T02:55:12Z

The third Open World Forum will gather together decision-makers from the open digital world, in Paris. 1,500 participants from 40 countries will come together to analyze the technological, economic and social impact of Open Source, the invisible engine behind the digital revolution. The aim: to interpret future trends and cross-fertilize initiatives.

Paris, 22 July 2010. Technologies – Economic Models – Governance... Year after year the Free/Open Source movement is establishing itself as the invisible engine driving the digital revolution, and the hidden backbone of key digital players like Google, Amazon and Wikipedia, as well as the catalyst for numerous emerging trends including Cloud computing, the Internet of Things, green technologies, new organizational models, new-generation NGOs, open democracy… Following the success of the first two events, the Open World Forum will once again be staged in Paris this year, on 30 September and 1 October, bringing together 1,500 experts and decision-makers from 40 countries. The aim of this ‘Davos’ of open technologies is to debate and cross-fertilize initiatives, to shape the open digital landscape of the future.

Two Days of High-Level Sessions

With 15 keynote addresses, 20 workshops and 8 think-tanks, featuring 140 presenters from 40 countries, the Open World Forum will include eight flagship sessions:

30 September

Opening keynote addresses: The state of the open world: what impact will it have on the digital future? With Walter Bender (MIT Media Labs/OPLC/Sugarlabs), James Governor (RedMonk), Jeffrey Hammond (Forrester), Simon Phipps (ForgeRock), Dirk Riehle…
The revolution in open innovation: collective intelligence actively supporting growth. With Stefan Lindegaard (15Inno), Steve Shapiro (Innocentive), Roberto Di Cosmo (INRIA), Patrick Chanezon (Google), Michel Guillemet (Bull)…
Open Cloud: Open Source at the heart of tomorrow’s ‘computing power plants’? With Matt Asay (Canonical), Larry Augustin (SurgarCRM), Kyle Mac Donald (Cloud.com), Matt Wood (Amazon)...
Open communities: the emblematic organizations of the 21st century? With Eben Moglen (Software Freedom Law Center), Bertrand Delacretaz (Apache), Mike Milinkovich (Eclipse), Cedric Thomas (OW2)...

1 October

Open democracy in 2010: what are the initiatives and prospects? With Philippe Aigrin (Sopinspace), Ellen Miller (Sunlight Foundation), Dominique Piotet (RebellionLab), Francis Pisani (Transnet)...
Managing ‘the commons’: ‘tragedy’ or opportunity? With David Bollier (Onthecommons.org), Michel Bauwens (P2P Foundation), John Wilbanks (Creative Commons)...
Open Generation: from ‘Generation Y’ to ‘Generation O’? With Sandrine Murcia (Silicon Sentier/Mindblush), Sunil Abraham (Centre for Internet and Society), Benjamin Bejbaum (founder of DailyMotion)…
Closing keynote addresses: Open Innovation Awards and FLOSS 2020 RoadMap. With Michael Tiemann (OSI, Red Hat ), Jean-Pierre Laisne (OW2, Bull)...

Numerous workshops and seminars will also enable delegates to evaluate emerging trends in the open world: the development of open media; the advent of new-generation NGOs based on collaborative strategies (Sahana, CrisisCommons…); the revolution in community marketing; new forms of business organization inspired by Open Source; etc. The innovative events being staged this year for the first time include a summit meeting addressing the points of view of leading industry analysts on the Open Source world (Forrester, 451 Group, PAC, RedMonk) and another on diversity and women in the Free/Open Source world. Finally, the Open Source Think-tank, dedicated to analyzing Open Source economic models, will once again be partnering the Open World Forum.

The Global Meeting Point for Open Innovation

Above and beyond the forward-looking analysis and networking, the event aims to foster the development of multiple, cross-cutting initiatives, during or following the Forum. Complementing the Open CIO Summit – the leading Open Source summit meeting organized by CIOs, for CIOs – and the FLOSS International Competence Centers Summit, the Open World Forum 2010 will also be hosting several new initiatives:

The first BRIC Think-tank, bringing together decision-makers from the Brazilian, Russian, Indian and Chinese governments to discuss ways of accelerating their digital development using open technologies
The first Open Cloud Summit, bringing together technical directors from the biggest players in Cloud computing to evaluate ways forward in terms of interoperability.
The first Open Forges Summit, bringing together decision-makers from the major open digital software forges.

The Forum will also stage the presentation of the 2010 Open Innovation Awards, as part of a Demo Cup event, and will continue forward-thinking initiatives with further input into the 2020 FLOSS RoadMap. Over a number of months, international experts will compare their visions of the future, to generate scenarios and make recommendations that will be published at the Forum. The Open World Forum is an initiative launched and led by a number of major international and European organizations from the Free/Open Source and digital world, with the support of public institutions (the EU, Paris city council, the Ile-de-France region) and the active involvement of a wide ecosystem of businesses, including almost 70% of the world’s largest IT companies. Major sponsors of the 2010 OWF already include Bull (co-founder), Red Hat, HP, AlterWay, QualComm, Smile, HP, INRIA, Nuxeo, Pilot Systems, Canonical, Cap Gemini, Oracle, Jaspersoft, SugarCRM, Ayeba and Accenture. In 2010, the Forum is being organized by the Systematic competitiveness cluster, in partnership with Cap Digital and the European Qualipso consortium. The program committee includes some 50 international experts from six continents.

About the Open World Forum

The Open World Forum is the leading global summit meeting bringing together decision-makers and communities to cross-fertilize open digital technological, economic and social initiatives. At the very heart of the Free/Open Source revolution, the event was founded in 2008 and now takes place every year in Paris, with over 140 speakers from 40 countries, an international audience of 1,500 delegates and some forty seminars, workshops and think-tanks. Organized by a vast network of partners, including the leading Free/Open Source communities and main global players from the IT world, the Open World Forum is the definitive event for discovering the latest trends in open computing. As a result, it is a unique opportunity to share ideas and best practice with visionary thinkers, entrepreneurs and leaders of the top international Free/Open Source communities and to network with technology gurus, CxOs, analysts, CIOs, researchers, politicians and investors from six continents. The Open World Forum
is being run this year by the Systematic competitiveness cluster, in partnership with Cap Digital and the European QualiPSo consortium. Some 70% of the world’s leading information technology companies are involved in the Forum as partners and participants.

For more information, visit: http://www.openworldforum.org

Click here for the original.
See the list of speakers here
See the video on Youtube here

For more details visit http://editors.cis-india.org/news/open-future

Open house on information breaches

praskrishna — 2017-06-07T00:41:55Z

On May 26, 2017 at the Has Geek open house participants discussed the state of information security in India the legal and regulatory measures that companies must comply with, and consumers should be aware of. Udbhav Tiwari was a speaker at the event organized by Has Geek in Bengaluru.

Sandesh Anand–InfoSec professional at Cigital was the other speaker. Alok Prasanna Kumar, former Supreme Court advocate and Senior Resident Fellow at the Vidhi Centre for Legal policy, moderated the discussion. Udbhav spoke about Breach Notifications and the legal and regulatory positions behind it in India. His presentation from the event can be found here: https://goo.gl/51GDba

For more details visit http://editors.cis-india.org/internet-governance/news/open-house-on-information-breaches

Open Govt Data

praskrishna — 2012-06-24T07:28:19Z

For more details visit http://editors.cis-india.org/home-images/OpenGovtData.jpg

Open Government Data Report

praskrishna — 2011-08-23T02:40:59Z

Open Government Data Report (PDF) published by CIS.

For more details visit http://editors.cis-india.org/openness/publications/ogd-report

Open Government Data India

praskrishna — 2013-03-26T12:11:09Z

Open Govt Data India

For more details visit http://editors.cis-india.org/home-images/OpenGovDataIndia.png

Open Government Data

praskrishna — 2011-08-23T02:43:15Z

pdf

For more details visit http://editors.cis-india.org/openness/publications/open-government.pdf

Open Government Data

praskrishna — 2011-08-23T02:42:46Z

pdf

For more details visit http://editors.cis-india.org/openness/publications/open-government-data.pdf

Open Forum - DINL, Digital Infrastructure Association

praskrishna — 2015-11-07T14:45:58Z

Internet Governance Forum (IGF) 2015 will be held at Jao Pessoa in Brazil from November 10 to 13, 2015. The theme of IGF 2015 is Evolution of Internet Governance: Empowering Sustainable Development. Digital Infrastructure Netherlands Foundation is organizing this workshop at IGF on Tuesday, November 10, 2015. Jyoti Panday will be speaking at this workshop.

In this open forum we wish to discuss the increase in government engagement with “the internet” to protect their citizens against crime and abuse and to protect economic interests and critical infrastructures. The fact that the traditional benign neglect of states towards the internet is increasingly replaced with political interest has positive and negative effects. We are particularly concerned with those state interventions – often for reasons of national security or economic interest - that impact on the technical and logical ‘core’ of the internet ecosystem – such as interventions in the DNS - and in the impact on organizations and businesses that are traditionally thought of as ‘technical’ and whose roles are in danger of being politicized, such as ISPs, CERTs and hard- and software developers. There is a growing need to separate out the legitimate interests of states from political overreach into the technical and logical core of the internet. A cooperative or constructive approach towards interaction, founded in firm principles, may strengthen the balance and lead to a sustainable protection of Internet values. In this open forum we will present ideas about an agenda for the international protection of ‘the public core of the internet’ and seek to collect and discuss ideas for the formulation of norms and principles and for the identification of practical steps towards that goal. More specifically we aim to discuss: A definition of a public core of the internet: this would comprise the core protocols and infrastructure of the internet which all governments should consider as a global public good, governed by the Internet community and protected from direct activities and involvement by any government Definitions of proper interfaces: outlining norms and mutual expectations that should govern the relations between governments and various central actors in the technical and economic internet ecosystem, such as ISPs, CERTs and hard- and software developers when it comes to fighting cybercrime, retrieve information, mandate takedowns, request information and more.

Speakers
In this IGF open forum DINL wants to explore these ideas and discuss them with thought leaders from other countries. Speakers include:

Bastiaan Goslings (AMS-IX, NL)
Jyoti Panday (CIS, India)
Marilia Maciel (FGV, Brasil)
Dennis Broeders (NL Scientific Council for Government Policy) and will be chaired by Michiel Steltman (DINL), but aims to broaden the debate on this issue with those present.

More information on IGF website here.

For more details visit http://editors.cis-india.org/internet-governance/news/open-forum-dinl-digital-infrastructure-association

Open Equitable Access (PDF)

praskrishna — 2011-08-23T02:42:17Z

file

For more details visit http://editors.cis-india.org/openness/publications/open-equitable-access