Centre for Internet and Society

Noose tightens on freedom of speech on the Internet

praskrishna — 2015-03-27T01:01:18Z

A worrying trend has emerged in the last few years, where intermediaries around the world are being used as chokepoints to restrict freedom of expression online, and to hold users accountable for content.

The blog post by Gabey Goh was originally published by Digital News Asia and mirrored in Malaymail Online on March 26, 2015. Jyoti Panday gave her inputs.

“All communication across the Internet is facilitated by intermediaries: Service providers, social networks, search engines, and more,” said Electronic Frontier Foundation (EFF) senior global policy analyst Jeremy Malcolm.

“These services are all routinely asked to take down content, and their policies for responding are often muddled, heavy-handed, or inconsistent.

“That results in censorship and the limiting of people’s rights,” he told Digital News Asia (DNA) on the sidelines of RightsCon, an Internet and human rights conference hosted in Manila from March 24-25.

This year, the government of France is moving to implement regulation that makes Internet operators “accomplices” of hate-speech offences if they host extremist messages.

In February, the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) urged ICANN (the Internet Corporation for Assigned Names and Numbers) to ensure that domain name registries and registrars “investigate copyright abuse complaints and respond appropriately.”

Closer to home, the Malaysian Government passed a controversial amendment to the Evidence Act 1950 – Section 114A – back in 2012.

Under Section 114A, an Internet user is deemed the publisher of any online content unless proven otherwise. The new legislation also makes individuals and those who administer, operate or provide spaces for online community forums, blogging and hosting services, liable for content published through their services.

Due to the potential negative impact on freedom of expression, a roadmap called the Manila Principles on Internet Liability was launched during RightsCon.

The EFF, Centre for Internet Society India, Article 19, and other global partners unveiled the principles, whose framework outlines clear, fair requirements for content removal requests and details how to minimise the damage a takedown can do.

For example, if content is restricted because it’s unlawful in one country or region, then the scope of the restriction should be geographically limited as well.

The principles also urge adoption of laws shielding intermediaries from liability for third-party content, which encourages the creation of platforms that allow for online discussion and debate about controversial issues.

“Our goal is to protect everyone’s freedom of expression with a framework of safeguards and best practices for responding to requests for content removal,” said Malcolm.

Jyoti Panday from the Centre for Internet and Society India noted that people ask for expression to be removed from the Internet for various reasons, good and bad, claiming the authority of myriad local and national laws.

“It’s easy for important, lawful content to get caught in the crossfire. We hope these principles empower everyone – from governments and intermediaries, to the public – to fight back when online expression is censored,” she said.

The Manila Principles can be summarised in six key points:

Intermediaries should be shielded by law from liability for third-party content
Content must not be required to be restricted without an order by a judicial authority
Requests for restrictions of content must be clear, be unambiguous, and follow due process
Laws and content restriction orders and practices must comply with the tests of necessity and proportionality
Laws and content restriction policies and practices must respect due process
Transparency and accountability must be built in to laws and content restriction policies and practices

“Right now, different countries have differing levels of protection when it comes to intermediary liability, and we’re saying that there should be expansive protection across all content,” said Malcolm.

“In addition, there is no logic in distinguishing between intellectual property (IP) and other forms of content as in the case in the United States for example, where under Section 230 of the Communications Decency Act, intermediaries are not liable for third party content but that doesn’t apply to IP,” he added.

The Manila Principles have two main targets: Governments and intermediaries themselves. The coalition, led by EFF, will be approaching governments to present the document and discuss the recommendations on how best to establish an intermediary liability regime.

This includes immunising intermediaries from liability and requiring a court order before any content can be taken down.

With intermediaries, the list includes companies such as Facebook, Twitter and Google, to discuss establishing transparency, responsibility and accountability in any actions taken.

“We recognise that a lot of the time, intermediaries are not waiting for a court order before taking down content, and we’re telling them to avoid removing content unless there is a sufficiently good reason and users have been notified and presented that reason,” said Malcolm.

The overall aim with the Manila Principles is to influence policy changes for the better.

Malcolm pointed out that by coincidence, some encouraging developments have taken place in India. On the same day the principles were released, the Indian Supreme Court struck down the notorious Section 66A of the country’s Information Technology Act.

Since 2009, the law had allowed both criminal charges against users and the removal of content by intermediaries based on vague allegations that the content was “grossly offensive or has menacing character,” or that false information was posted “for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will.”

Calling it a “landmark decision,” Malcolm noted that the case shows why the establishment and promotion of the Manila Principles are important.

“Not only is the potential overreach of this provision obvious on its face, but it was, in practice, misused to quell legitimate discussion online, including in the case of the plaintiffs in that case – two young women, one of whom made an innocuous Facebook post mildly critical of government officials, and the other who ‘liked’ it,” he said.

The court however, upheld section 69A of the Act, which allows the Government to block online content; and Section 79(3), which makes intermediaries such as YouTube or Facebook liable for not complying with government orders for censorship of content. — Digital News Asia

For more details visit http://editors.cis-india.org/internet-governance/news/malaymail-online-gabey-goh-march-26-2015-noose-tightens-on-freedom-of-speech-on-the-internet

Noopur Raval

praskrishna — 2011-08-10T07:14:35Z

For more details visit http://editors.cis-india.org/home-images/noopur.jpg

Noopur Raval

praskrishna — 2011-11-24T09:10:02Z

For more details visit http://editors.cis-india.org/home-images/copy_of_noopur.jpg

Noopur

praskrishna — 2014-08-13T01:14:42Z

Noopur

For more details visit http://editors.cis-india.org/home-images/Noopur.jpg

Non-Discrimination and Equal Opportunities Policy

praskrishna — 2020-07-29T06:59:09Z

Preliminary

This Non-Discrimination and Equal Opportunities Policy ("Policy") states the internal policy of the Centre for Internet & Society ("CIS") with regard to non-discrimination at the workplace and equal opportunities during recruitment.
This Policy is internal to CIS and is meant to provide a safe, diverse and comfortable workplace at CIS. This Policy is not legally mandated and, therefore, is not judicially enforceable in India. This Policy is without prejudice to any anti-discrimination provisions of applicable law including, but not restricted to, the provisions of:
- Article 17 of the Constitution of India;
- the Protection of Civil Rights Act, 1955,
- the Scheduled Castes and Scheduled Tribes (Prevention of Atrocities) Act, 1989;
- the Sexual Harassment of Women at the Workplace (Prevention, Prohibition and Redressal) Act, 2013;
- Sections 354 and 509 of the Indian Penal Code, 1860; and,
- the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act, 1995.

Non-discrimination

CIS will not adversely discriminate, and prohibits other adverse discrimination at the workplace, on the basis of religion, race, caste, sex, place of birth, descent, sexual orientation, gender identity, disability, age or any of them ("Discrimination Characteristics"). CIS will not condone any adverse discrimination against any person on its premises, whether that person is in its employment or otherwise.
Any person who believes himself or herself to have been subjected to adverse discrimination on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity. No person will be punished, retaliated against, or limited in employment or other opportunity for exercising anything set out in this Policy, or for filing a complaint, furnishing information for, or participating in an investigation, or any other activity related to the administration of this Policy.
Any adverse discrimination or other action or behaviour that constitutes a violation of law will be reported to the police.

Equal Opportunities

CIS provides equal opportunities to its employment, consultancy or otherwise without regard for the Discrimination Characteristics. All actions of CIS with regard to its employees, consultants, advisors, interns and staff, including but not limited to those relating to compensation, benefits, transfers, leave, layoffs, training, education, and assistance, will be made without regard for the Discrimination Characteristics.
Notwithstanding anything contained in the previous paragraph, if CIS reasonably believes that its employment, workplace or premises do not adequately represent the balance of diversity of persons who share one or more of the Discrimination Characteristics, it may, with the aim only of redressing that imbalance, take positive discriminatory action in respect of persons who share that aspect, or those aspects, of the Discrimination Characteristics that are sought to be adequately represented.
Any person who believes himself or herself to have been subjected to adverse discrimination, or impermissible positive discrimination, on the basis of the Discrimination Characteristics is encouraged to bring the matter to the attention of the Diversity Committee of CIS at the earliest practical opportunity.

Diversity Committee

The Interim Diversity Committee of CIS is comprised of:

Pallavi Bedi
Torsha Sarkar
Gurshabad Grover

For more details visit http://editors.cis-india.org/about/policies/non-discrimination-equal-opportunities-policy

Nokia eyes GeNext to tap mobile email mkt

praskrishna — 2011-04-02T12:48:01Z

Finnish handset giant banks on youth to be in the technology race

In a booming market, the rich as well as the poor might like to shrink the Internet--at least while on the go.

To woo 20-something, jet-set executives and the man on the street with no computer, cellphone firm Nokia has begun to boost its mobile email market.

By targeting business users, in competition with other handheld service providers like BlackBerry, Nokia's 'all-new' E63 model has a whole range of business and personal mail and media options built in, said Viral Oza, the Finnish firm's India head of media and online marketing on Tuesday.

Unrelated, earlier mobile operator MTS launched a prepaid service with free surfing for websites like Yahoo and Wikipedia.

Airtel and BSNL also have introduced affordable Internet plans.

Oza said his company targets people aged below 25, a population segment expected to grow from the current share of 47 per cent to 55 per cent by 2016. "It is a generation that has grown with technology, entering professions, at the same time wanting to keep in touch with their friends," he said. So they get corporate mail, personal media and chatting in future. The firm is set to launch its instant messaging, Ovi Chat, in India soon, he added.

Meanwhile, there are also downloadable free email solutions, including 'pushmail', which are compatible with scores of other models, Oza said.

Pushmail that allows real-time delivery without logging in and collecting (pulling) mail manually is a boon to executives on the move. You can get icons for your Microsoft Exchange, Gmail and Yahoo on your handset--and even link your mobile to your office mail server.

At the same time, first-time email user can register with the free Ovi Mail--without using a computer. Ovi--meaning door in Finnish--is Nokia's Internet services brand that covers games, music, maps and messaging.

Observers see this as part of the technology trend in the country. Mobile email users are growing at 96 per cent a year to cross 50 million by 2014, experts note. Only six per cent of the mobile users have email access on their handsets, while 78 per cent would like to have it, Oza pointed out.

"For most of our people mobile phone will be the only way to access the Internet," said Sunil Abraham, executive director of the Centre for Internet and Society here. As opposed to personal computers, cellphones are cheap, sharable, portable and are easily chargeable.

However, Abraham noted that Nokia, a pioneer in userfriendly and innovative cellphone interfaces, now has lagged behind in the tech race and has to catch up with better and more creative features.

"You have to make it all simple and accessible," he said.

Growing from its device market, Nokia is now moving more into the Internet arena in direct competition with players like Microsoft, Yahoo, Google and Apple. Experts note that the battle among handset makers, portals and mobile telephony operators will intensify this year as economies are recovering after the slowdown.

Read the original story in India Today

For more details visit http://editors.cis-india.org/news/nokia-eyes-genNext

Noida cyber cell gives tips on preventing WannaCry attack

praskrishna — 2017-06-07T01:18:22Z

The attackers targeted a weakness found in older versions of Microsoft Windows.

The article by Juana McKenzie was published in the World News Journal on May 20, 2017.

Since late last week, the WannaCry cyber scourge has blocked customers the world over from accessing their data - unless they paid a ransom using Bitcoin. Here's what you should do to protect yourself.

Third, and perhaps more important: like the emperor's new clothes, even this new-fangled ransomware isn't as sophisticated as it's cracked up to be. If you're unsure about the legitimacy of something, delete it.

When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches, said Michael Scott, a professor at Southwestern Law School.

It pays to know the proper file extensions that are available.

If you happen to come across files such as worklog.doc.exe, or financial_statement.xls.scr, do not open them as the files are most likely malicious.

'And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cyber security threats in the world today - nation-state action and organised criminal action'.

Then there's the USA government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.

However, a cyber security expert working with the Centre for Internet and Society, Udbhav Tiwari working on vulnerabilities such as these, said as most ATMs in the country especially of the public-sector banks run on outdated operating systems, or are not updated regularly, they can be easily compromised.

No. This strain of ransomware was spread from device to device by taking advantage of an old security hole in some versions of Microsoft's Windows operating system.

Microsoft released a patch for this vulnerability in March and, on the heels of the attack Friday, even took the unusual step of releasing fixes for older versions of Windows that are no longer supported, such as Windows XP, Windows Server 2013, and Windows 8. This included the release of the patch in March and an update on Friday to Windows Defender to detect the WannaCrypt attack.

As there are different types of ransomware, there is no single, easy solution to restore your computer if it has been infected. Enterprises need to test patches before installing them to ensure that they don't have compatibility issues with existing applications and break existing workflows.

Security experts have hailed Microsoft's decision to publicly call out the U.S. government and the NSA's decision to stockpile cyberweapons.

"As software has become ever more complex, interdependent and interconnected, our reputation as a company has in turn become more vulnerable", Gates wrote in an email to employees identifying trustworthy computing as Microsoft's top priority. Such software will act as the first line of defence by blocking auto downloads and actively scan for suspected threats on the PC.

The culprit was "ransomware" known as WanaCryptOr 2.0, or WannaCry.

Europol said a special task force at its European Cybercrime Centre was "specially created to assist in such investigations and will play an important role in supporting the investigation".

Kaspersky said it was seeking to develop a decryption tool "as soon as possible". If the ransomware has locked your entire PC, as WannaCry has done, combating it is more hard. Backups often are also out of date and missing critical information.

Cloud storage services such as Google Drive, Microsoft OneDrive, Dropbox and Box offer large amount of storage space for a monthly or yearly subscription fee.

For more details visit http://editors.cis-india.org/internet-governance/news/world-news-journal-juana-mckenzie-may-20-2017-noida-cyber-cell-gives-tips-on-preventing-wannacry-attack

No UID Campaign in New Delhi - A Report

praskrishna — 2012-06-20T03:51:45Z

The Unique Identification (UID) Bill is not pro-citizen. The scheme is deeply undemocratic, expensive and fraught with unforseen consequences. A public meeting on UID was held at the Constitution Club, Rafi Marg in New Delhi on 25 August, 2010. The said Bill came under scrutiny at the meeting which was organised by civil society groups from Mumbai, Bangalore and Delhi campaigning under the banner of "No UID". The speakers brought to light many concerns, unanswered questions and problems of the UID scheme.

Since 2009, when the UID Bill was presented to the general public by Nandan Nilekani, the project has been characterized as a landmark initiative that will transform India, bring in good governance, and provide relief and basic services for the poor. The scheme is rapidly being put in place; the draft Bill has been put before the Parliament of India and the resident numbers and data have been collected.

The UID proposes to take the finger prints and iris scans of every resident of India for authentication of each individual. J. T. D'Souza, an expert in free software technology exposed the flaws of the entire technical aspect of the UID project. He presented the risks and loopholes that technology such as iris and fingerprint scanners pose, and the risks in using a biometric system as a form of identification system. Contrary to the claim of the UID authority, that a scheme based on biometrics is foolproof, he explained how fingerprints are not unchanging, both fingerprints and iris scans can be easily spoofed (with a budget of only $10), and there are many ways in which the technology can break, be inconsistent, or be inaccurate.

From a human rights perspective the lack of democracy in the entire project was stressed. Usha Ramanathan reiterated the fact that no white paper was issued, the Bill has not gone through the Parliament and yet citizens’ data is being collected, citizens were given only a two week period to comment on the Bill, and in practice the UID number will not be voluntary for individuals.

The UID authority has posited the scheme as bringing benefits to the poor, plugging leakages in the Public Distribution System and the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS), as well as enabling inclusive growth by providing each citizen with a verifiable and portable identity. These claims were debunked. An identity number will not fix the waste of grain that takes place every day, the portability of the number raises new problems of accessibility and distribution of resources, and the MGNREGS system is already working to be financially inclusive with a majority of its members already having a bank account.

In response to hearing the presentations of the speakers and the comments by the audience, senior Member of Parliament of the Revolutionary Socialist Party of India (RSP), Abani Roy called for the launching of a massive campaign to resist this expensive and dangerous project through which several companies will gain massive contracts from the public exchequer.

The campaigners for No UID plans to hold further meetings across the country and lobby Parliamentarians in the coming months.

For more information contact: Mathew Thomas (Bangalore) mathew111983@gmaill.com, Elonnai Hickok (Bangalore) elonnai@cis-india.org , Sajan Venniyoor (Delhi): +91-9818453483 - Bobby Kunhu (Delhi): +91-9654510398

For more details visit http://editors.cis-india.org/internet-governance/blog/no-uid-campaign

No to homosexuals, yes to their vote

praskrishna — 2014-04-04T09:54:39Z

The ad appears at the bottom of the page. It has BJP’s symbol and Modi’s photograph displayed prominently.

The article by Yogesh Pawar was published in DNA on March 21, 2014. Sunil Abraham is quoted.

In a hotly contested election where every vote will count, the scramble among political parties to scrounge for votes is understandable. Yet, what would you make of a party that hates a community but wants their votes? The BJP had opposed any move to nullify Supreme Court's order re-criminalizing consensual sex among consenting adults, dealing a huge setback to any move to scrap or dilute Section 377 of the Indian Penal Code (IPC). Party chief Rajnath Singh went to the extent of saying, "Gay sex is not natural and we cannot support something which is unnatural."

This is why the gay community across the country has expressed surprise to find a BJP ad asking for votes on the popular gay social media dating website grindr. The ad which will obviously lead to to a lot of red faces in the BJP, appears at the bottom of the page has both the party' lotus symbol and their prime-ministerial candidate Narendra Modi's photograph displayed prominently. It exhorts voters to vote BJP to stop price rise.

"This exposes the party's hypocrisy," guffawed India's pioneering gay rights activist Ashok Row Kavi. "So you want our votes and not us. I'm glad this has happened. The country will finally know the true face of falsehood of the party."

He's not alone. Many from the community have taken to social media sites like facebook and twitter to make their disgust known. Counselling psychologist Deepak Kashyap is one of them. "So, #BJP says it'd never support the "unnatural act" of homosexuality, but #NaMO has no qualms about asking for support on gay dating apps, like grindr! What a sham(e)!" he posted.

Linking most homophobia with an intense struggle with latent homosexuality Kashyap, the University of Bristol pass-out and equal rights activist for the LGBTQ community told dna, "Whatever makes you jump up in your chair, essentially makes you insecure about your own condition in some way or the other." According to him, similar results were shown in a research called 'Is Homophobia Associated with Homosexual Arousal?', by Georgia University published in the Journal of Abnormal Psychology.

When reached for comment, the BJP's National IT head Arvind Gupta said, "I am not aware of such an ad being placed on this website. If this is indeed true we will take it up with the advertising agency responsible." BJP spokesperson and Lok Sabha candidate from New Delhi Meenakshi Lekhi too told dna, "This is the first I am hearing of such an advertisement," and added, "In the first instance it seems like a deliberate act of mischief in the poll season to embarrass our party."

Centre for Internet and Society, Executive Director Sunil Abraham felt the ad on grindr may have to do more with the lack of knowledge than anything else. "We find many ads by top Indian corporate brands on pirate websites. This happens because people are still not completely conversant with negotiating with advertising networks when it comes to websites."

For more details visit http://editors.cis-india.org/news/dna-march-21-2014-yogesh-pawar-no-to-homosexuals-yes-to-their-vote

No Software Patents: Meetup at CIS on February 6

praskrishna — 2011-04-05T04:14:13Z

Our team at CIS India thanks you for opposing software patents in India by signing the petition. If you stay in Bangalore, we invite you to a meetup on the topic of Software Patents, this Saturday (Feb 6th). We will have a few subject matter experts amongst us too.

There will be Barcamp style discussions on Software Patents with the following interesting elements:

How do software patents affect entrepreneurs, particularly start-ups and SMEs.
Impact of software patents on open source.
What can we do about it.

Please send an email to "Amit Singh" amitsingh.mail@gmail.com amitsingh.mail@gmail.com with the subject line "Software Patents Meetup" to confirm your participation.

If you want to organise a similar meetup in your city, please write to "Pranesh Prakash" pranesh@cis-india.org,

If you cannot make it for the event kindly continue to support the cause by referring your friends to http://petition.nosoftwarepatents.in.

We are targeting as many virtual supporters as can be, to sign the petition.

For more details visit http://editors.cis-india.org/events/meet-up-software-patents

No party's got a clear stand, Aadhaar's fate hangs in balance

praskrishna — 2014-05-05T06:01:08Z

A non-UPA government for sure will review the multi-crore UID programme, but none of the parties have yet talked about scrapping it.

The article by Pratap Vikram Singh was published in GovernanceNow.com on April 13, 2014. Sunil Abraham is quoted.

Since inception, Aadhaar’s foundation has been shaky. The Unique Identification Authority of India (UIDAI) has been functioning on an executive fiat, without parliamentary ratification. When the government first came up with a bill on the UID programme, it was rejected by the parliamentary standing committee, which questioned the purpose of the programme.

Aadhaar’s acceptability as proof of residence and its issuance to the illegal immigrants too has courted controversy. The opposition and the ministry of home affairs have repeatedly flagged the issue. Recently, the supreme court (SC) instructed the government to withdraw all orders mandating Aadhaar number for service delivery. In September last year too the apex court had ruled that no one should be denied a service for want of Aadhaar.

While the Congress hasn’t changed its position on Aadhaar and wishes to continue with Aadhaar-linked benefits transfer, the BJP hasn’t mentioned it even once in its 52-page manifesto. On April 8, Narendra Modi, BJP’s prime ministerial candidate, in an election rally near Bangalore was quoted as saying, “I asked several questions on the Aadhaar project. I asked them questions relating to illegal migrants and national security. They (the government) did not have any answer.”

Rajendra Pratap Gupta, member of BJP’s core committee on manifesto, told Governance Now: “If we come to power we will review this in totality. There is scepticism around the whole project and even the SC has ruled against mandating it.” He called Aadhaar one of the ‘biggest scams’ of the UPA. “We have found people owning multiple Aadhaar cards. It (Aadhaar) is not a very secure system,” he added.

On the other hand, Aam Aadmi Party doesn’t oppose the idea of Aadhaar, though it is critical of its linkage to delivering food and other subsidies. Atishi Marlena, the party’s manifesto committee chief, said, “In principle, we don’t oppose the Aadhaar programme. If it’s about providing an identification proof to the poor who don’t have other documents, we certainly welcome it. But Aadhaar’s linkage with benefits-transfer needs to be questioned. Who gets what and who doesn’t should be determined by gram sabhas and mohalla sabhas. It should be done via people participation.”

The CPI(M), in its manifesto, called for halting the project unless it gets parliamentary approval. It also underlined the need for a privacy and data protection law prior to the rollout of the UID programme. “The moment Aadhaar is linked with service delivery, the scope for exclusion widens. You need to have universal coverage of Aadhaar and banking before you roll out the benefits transfer programme,” CPI(M) Rajya Sabha member Tapan Sen said.

In its manifesto, the party has talked about ‘constituting an independent high-level expert panel for an appraisal of the technology of biometrics used in the project’.

Sunil Abraham of the Centre for Internet and Society said, “The centralised online authentication automatically raises issues of privacy infringement. The authentication, in a decentralised fashion, with help of smart cards, is less intrusive, as the logs are stored in a local fashion and not centralised as in the case of Aadhaar. It will be a welcome move if the next government selects resident ID (smart) card, issued by the home ministry, as proof for identification and service delivery.”

For more details visit http://editors.cis-india.org/news/governance-now-april-13-2014-pratap-vikram-singh-no-party-has-got-clear-stand-aadhaar-fate-hangs-in-balance

No more blocking of entire websites?

praskrishna — 2012-06-26T09:47:02Z

The Madras HC has taken one step to ensure that entire websites are no longer blocked, but it doesn't mean that arbitrary takedowns will cease.

CIS research is quoted in this article by Danish Sheikh published in the Business Standard on June 24, 2012

Vimeo’s back. As is Pastebin, and Pirate Bay and IsoHunt. For your, you know, legitimate file-sharing practices.

Having been approached by a consortium of Internet Service Providers, the Madras High Court has issued a welcome clarification of its “John Doe order” issued in favour of RK Productions for the films 3 and Dammu. Designed to protect against potential offences by yet-unidentified persons, the sweeping scope of the order left a very wide, undefined scope to ISPs dealing with potentially infringing material. The ISPs over-complied, a host of file-sharing websites were barred from Indian servers overnight — oh, and “Anonymous” got more annoyed. Note here that the vagueness of the order extended to not specifying any infringing websites in particular.

Following the representation from the ISPs, the Court has provided them a specific directive. The new order states that the interim injunction was granted only with respect to the particular URL which featured the infringing movie, and not the entire website. No more blocking entire websites — the ISPs are now required to be informed about the particulars of where the infringing movie is kept within 48 hours.

The clarification couldn’t have come at a more vital time, and will hopefully serve as a precedent to curb an alarming practice that can be traced back to 2002. Back then, the Delhi High Court was approached in a matter concerning the unauthorised transmission of Ten Sports by unlicensed cable operators. The result was the Court’s first John Doe order with respect to media transmission: a commissioner was appointed to search premises of unnamed cable operators and seize evidence by taking photographs and video films. This particular order was then relied on by the Court almost a decade later in pre-emptively injuncting piracy of UTV Software Communication’s Saat Khoon Maaf and Thank You. The trend escalated from there, with similar orders being obtained for a number of films including Don 2, Bodyguard, Kahaani and Department, to name a few.

Where the last few years have seen a steadily rising output of orders largely from the Delhi and Madras High Court, just last week it was the Bombay High Court that joined the fray. Approached by Viacom 18 Motion Pictures, it passed a John Doe pre-emptively banning the piracy of Viacom’s Gangs of Wasseypur prior to its June 22 release. Considering the Bombay High Court’s noted apprehension in granting ex-parte orders, this decision looked set to add further momentum to the John Doe juggernaut.

Instead, we get the Madras High Court’s welcome restraint. That vague injunctions are an abuse of process is a principle that has been noted time and again, with the Delhi High Court even noting that “vague and general injunction of anticipatory nature can never be granted”. This is coupled with the larger access to information and free speech issue that has been raised more vocally following the ire with the mass block of file-sharing websites. The antecedents to this scenario may well be the media infrastructure cases of the ‘50s and ‘60s, where newspaper content was indirectly being regulated by way of regulation of newsprint, advertisement space, etc. Recognising these indirect control mechanisms in their ultimate speech-restricting form, the Supreme Court struck them down as unreasonable restrictions to the right to free expression under Article 19(1)(a) of the Constitution.

Prevention isn’t always better than cure. The Madras High Court has thankfully taken one step in the direction. What is left dangling is the other big question — that of the intermediary rules. There may now be a barrier to blocking of entire websites in this manner, but as so many internet users have found, one doesn’t have to necessarily approach the Courts if they want internet service providers to take down content: the ISPs are happy to do that for free. As a Centre for Internet and Society study found, takedown requests sent to ISPs, no matter how trivial or flimsy, will for the most part be met by acquiescence of the order. Without appropriate checks and balances, the intermediary will over-comply.

While the ISPs’ intervention before the Madras High Court is an encouraging sign, it doesn’t mean that the arbitrary takedowns under the intermediary rules will cease to happen. The digital media site Medianama quotes an ISP representative citing concern that ISPs were being wrongfully vilified on the Internet — and (significantly) that it would adversely impact their business if video streaming was disabled for users. The same commercial considerations wouldn’t likely stand when it comes to the bit-by-bit requests that come forward under the IT rules. Along with focusing attention on the High Court’s clarification, we need to sustain the movement to strike down the intermediary rules and push for a more transparent and fair mechanism.

For more details visit http://editors.cis-india.org/news/no-more-blocking-of-websites

No laws in India to protect customers if they lose money during digital transactions

praskrishna — 2016-12-02T17:07:02Z

The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services.

The article by Alnoor Peermohamed was published by Business Standard on December 2, 2016. Sunil Abraham was quoted.

India lacks laws to protect consumers if they lose money during digital transactions even as the government pushes for a less-cash economy after it withdrew Rs 500 and Rs 1,000 currency notes as the legal tender.

The Modi government's demonetisation move might have warranted an increase in transaction activity on digital wallets, but measures to ensure the underlying cyber security parameters for digital payments is still kept largely under the ambit of the Information Technology Act.

"We don't have any dedicated law on digital payments. That's very important to grant complete legality and remove and doubts and clarifications pertaining to legal efficacies and legal validity of digital payments," says Pavan Duggal, an advocate in the Supreme Court specialising in cyber law.

While the Reserve Bank of India usually sets security and privacy standards for banks in the country, the various digital wallets such as Paytm, Freecharge and Mobikwik fall under the category of Non-banking Financial Corporations (NBFCs) excluding them from this. For FinTech companies, security compliance falls under just Section 43 A of the IT Act.

Today, transactions between a user and a mobile wallet service provider are merely contractual agreements which can always be repudiated. There's a heightened need to legally back digital payments in India, not only to ensure the safety of consumer money but also for the safety of these companies.

Since the demonetisation on November 8, digital wallet firms such as Paytm have seen 35 million transactions by users to either buy goods and services, or transfer funds to another account. Rival Freecharge has tied up with police forces of Mumbai to pay traffic fines using its platform.

Research by Bengaluru-based think tank Centre for Internet and Society (CIS) shows that some of India's largest technology companies still do not comply with Section 43 A.

"We have a minimal data protection law in our IT Act and that will apply to all the FinTech players. But our ISPs and Telcos don't comply with Section 43 A, so you can imagine in the FinTech sector the compliance will be even lower," says Sunil Abraham, Executive Director at CI

The lack of basic privacy and security laws pertaining to digital payments in India puts the onus on consumers who use such services. While the issue is not being completely ignored by the authorities, some of the proposed workarounds such as creating a virtual sandbox around digital payment services raised questions.

The RBI limits the maximum balance on digital wallets to Rs 10,000 per user, ensuring that in the case of a breach the damage caused to a consumer is minimal but on November 23, the banking regulator increased the limit to Rs 20,000 .

Just last week India's largest digital wallet provider Paytm rolled out the option for customers to increase their wallet balance to a maximum of Rs 100,000 by getting a KYC check done.

"There are no legal mechanisms available should there be disputes pertaining to digital payments,"aid Duggal. He added that there are no effective remedy mechanisms available in case money in the digital payment ecosystem gets lost, hacked, stolen or misused.

While laws might take years to be framed and implemented, Abraham says there are temporary workarounds with which the overall cyber security of digital payment services can be improved. Under Section 43 A there are provisions to allow a sector to form a consortium that mutually agrees to set security standards, which all players must follow and is valid in the court of law during dispute resolution.

This move is encouraged by experts as governments often lack the bandwidth to define sectoral specific laws but is where private sector expertise can go a long way.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-december-2-2016-alnoor-peermohammed-no-laws-in-india-to-protect-customers-if-they-lose-money-during-digital-transactions

No ID, no benefits: thousands could lose lifeline under India’s biometric scheme

praskrishna — 2017-03-22T14:27:25Z

Controversial Aadhaar card restricts fundamental rights, argue critics, limiting access to free school meals and exposing 1 billion people to privacy risks.

The article was published in the Guardian on March 21, 2017. Sumandro Chattapadhyay was quoted.

An Aadhaar biometric identity card, which will be mandatory for Indians to access many essential government services and benefits. Photograph: Bloomberg/Getty Images

Hundreds of thousands of people in India could be left without essential government services and benefits – including free school meals and uniforms, food subsidies and pensions – under new rules that make access to more than three dozen state-funded schemes conditional on showing identification.

Over the past month, citizens have been notified that they have to prove their identity with a biometric ID, known as an Aadhaar card, to be eligible to use various services. Booking railway tickets online, applying for some jobs, and getting fuel subsidies will also be dependent on showing the controversial card.

Aadhaar cards were introduced by the Indian government in 2009, and rolled out by prime minister Narendra Modi in 2014. They record personal biometric data, including fingerprints and eye scans, which the government says allows it to ensure that welfare services are being delivered to those who really need them, and saving billions of rupees by reducing welfare fraud.

The Unique Identification Authority of India (UIDAI), which oversees the Aadhaar programme, says that more than 1.13 billion people have been enrolled on an official database. But activists say that hundreds of thousands of Indians and migrants are still undocumented and could miss out on their fundamental rights because of the new rules.

“What if a Facebook account was necessary to log in to the internet, and what if Facebook was owned by the government of the US?” asked Sumandro Chattapadhyay, research director at the Centre for Internet and Society (CIS), a thinktank with offices in Bangalore and Delhi. “We are building a system that will decide whether a child will eat or not on an afternoon based on [the] quality of internet connectivity and cleanliness of the child’s thumbprint.”

Chattapadhyay argued that Aadhaar, which is effectively being forced upon Indians, and which is used increasingly by private companies, exposed more than a billion people to huge privacy risks.

“The Aadhaar ID is being connected to digital communications via sim card registration, it is being connected to financial transactions via bank accounts, and all Indian citizens are being forced to enrol for it against the threat of losing out from welfare services,” he said.

“The potential of unmonitored and unregulated use of such linked data by the private sector is massive. It does not matter if the Indian state will finally go ahead with implementing this system or not. The fact that [it] is considering such a system is scary enough.”

Nanu Bhasin, spokesperson at the ministry of women and child development, confirmed that the order to link Aadhaar to government schemes had come directly from the Modi government. “There are leakages in the system,” she said. “This will plug leakages.”

Bhasin said Aadhaar was now mandatory: “You have to take it, it is necessary. You cannot take the right to a benefit if you don’t have the Aadhaar card.”

She said she did not know if those who did not want to enrol in the scheme because of potential privacy risks would still be able to receive benefits. “You have bank accounts, there you give all your details, everything. Why make a fuss [about privacy] for Aadhaar?” she said.

One of the most contentious new rules introduced this month, and coming into force in July, requires children to show Aadhaar cards to get free school meals. The notice led to a media storm in India, where malnutrition rates are high and nearly 60 million children are underweight.

On 7 March the government said alternative forms of ID would be accepted for free school meals where people did not yet have Aadhaar cards, and urged schools and childcare centres to enrol all attendees.

Activists argue that setting any barriers to free school meals is unethical and unconstitutional. Ambarish Rai, national convenor of the Right to Education Forum, said: “This is a very insensitive decision of the government. How can you make it mandatory? It is a clear-cut violation of the Right to Education Act 2009.”

Compulsory identification could deter school attendance if children struggle to get free school meals or uniforms, said Swati Narayan, visiting research scholar from the LSE and food activist. “India’s school meal programme covers almost 100 million children – the largest in the world. Instead of creating unnecessary barriers, the focus should be on how to improve these modest meals by adding eggs, fruit and nutritious foods to the menu.”

Glitches in the Aadhaar system have already led to reports of people being unfairly denied government subsidies. In February, the news website Scroll recorded a number of people in the state of Jharkhand being denied rice subsidies because of problems with Aadhaar card machines.

The constitutional validity of the government’s new orders is currently being debated in court, with questions raised as to whether the Indian parliament can restrict fundamental rights enshrined in the constitution, and whether the government has the power to force citizens to enrol.

In 2015, a supreme court order had ruled that the scheme was purely voluntary, and that it could not become mandatory with a court ruling. But in 2016, parliament passed the Aadhaar Act, which allowed the government to require identification for government services.

Khagesh Jha, a lawyer and activist, argued that the act was fundamentally unconstitutional. “Rescued children, children who have been trafficked or those who have been forced into child labour – [you] can’t expect them to hold an Aadhaar card or documents like a birth certificate. Right to education is a fundamental right, and is protected by the core of the constitution. It cannot be challenged by any other document.”

UIDAI, the agency overseeing Aadhaar, issued a statement saying the government had made savings of more than 490bn rupees (£6bn) in the past two and a half years, thanks to schemes linking government benefits to Aadhaar. It added that during the past seven years, there had been no report of a breach or leak of residents’ data.

For more details visit http://editors.cis-india.org/internet-governance/news/the-guardian-march-21-2017-no-id-no-benefits

No Genie At Your Fingertips

praskrishna — 2017-02-16T16:02:31Z

Aadhaar biometrics will now enable cashless shopping sans card and smartphone. A look at the hopes and fears.

The article by Arindam Mukherjee was published in the Outlook on February 20, 2017. Pranesh Prakash and Sunil Abraham were quoted.

Soon, you will be able to pay for your groceries and other purchased goods by using just your fingerprints and biometric data. You won’t need debit or credit cards, smartphones or e-wallets. You won’t need to sign or even remember your PIN.

In a bid to increase digitisation and move to the next phase of ‘cashless India’, the government is preparing to launch Aadhaar Pay, an initiative that will supersede the need to use credit cards, debit cards, smartphones and PINs to make payments or transfer money. The proposed system of payments will use a person’s biometric data and fingerprints to make payments through Aadhaar-linked bank accounts.

The initiative, which has been running as a pilot project in fair price shops in Andhra Pradesh, is expected to be launched in a month’s time. According to officials of the Unique Identification Authority of India (UIDAI), the system has been getting a positive response in these trials and is ready for a nationwide launch.

In Aadhaar Pay, all a person needs to carry to a shop are his fingerprints as merchant establishments will authenticate his or her identity through fingerprints, which will give them access to a person’s Aadhaar data. The only essential requirement for this new mode of payments is that bank accounts have to be linked with the account-holder’s Aadhaar number.

Unlike the post-demonetisation limits imposed on ATM and bank account withdrawals, no limits are proposed to be put on Aadhaar Pay transactions as of now. The proposal is to leave the fixing of limits to the discretion of banks. However, the government hopes Aadhaar Pay will be used mostly for small-value transactions rather than large deals.

The system will work through an app in the merchant establishment’s smartphone—with a fingerprint scanner device—eliminating the requirement of a Point of Sale (POS) terminal, which is required for credit card and debit card transactions. The scanner will be priced at around Rs 2,000, considerably cheaper than POS terminals that cost Rs 8,000-10,000.

Aadhaar Pay is the next step of the government’s successful run of Aadhaar Enabled Payment System (AEPS), under which transactions are made through ‘banking correspondents’, mostly in rural areas. These transactions are done through POS machines and micro-ATMs. Like Aadhaar Pay, AEPS disburses money without a signature or a debit or credit card, and without the need to visit a bank branch. But unlike AEPS, which works through banking correspondents, Aadhaar Pay will be available through merchant establishments much the same way as debit or credit cards work.

The biggest task before the government to ensure the success of Aadhaar Pay is to develop a network of merchant establishments that will accept Aadhaar Pay just the way they accept credit or debit cards or e-wallet payments like Paytm. To do this, the government said in this year’s budget that banks would be encouraged to put 20 lakh Aadhaar Pay access machines across the country. “We have asked every bank to select 35 merchants for this. These merchants will have a smartphone and a biometric device attachment to carry out Aadhaar Pay transactions,” UIDAI CEO Ajay Bhushan Pandey tells Outlook.

This won’t be easy. Even in case of debit or credit cards, the biggest limiting factor is the relatively small number of POS terminals that accept them. According to data from the National Payment Corporation of India (NPCI), there are only 14 lakh POS terminals in India, which has over 3.5-4 crore merchant establishments and 80 crore cards (77 crore debit cards and three crore credit cards). The bulk of these terminals are in tier I and tier II cities and almost none in tier III and IV towns. To improve the situation, the government is already working towards bringing in 10 lakh new terminals by March, most of which will be put in tier III and tier IV towns, bringing them deeper within the ambit of the digitised, cashless economy.

Though a starting target of 20 lakh terminals for Aadhaar Pay may seem quite ambitious, according to the latest data, 111.51 crore adults have already obtained their Aadhaar numbers and 50 crore bank accounts (of a total 110 crore savings accounts in the country) of 40 crore people have been linked to Aadhaar and, according to UIDAI, nearly two crore people are linking their bank accounts with Aadhaar every month, brightening up the prospects of Aadhaar Pay. A majority of these numbers are from rural areas and smaller cities.

The government and UIDAI aim to roll out Aadhaar Pay primarily in rural areas and tier III and tier IV cities to begin with, as these areas do not have proper debit or credit card coverage and the people living there are not big users of plastic cards or smartphones. “We need to provide a solution for every segment of the population,” says Pandey. “We have to take care of the people who cannot use smartphones or other mobile phones and debit or credit cards, and those who cannot remember their PIN for authentication. The only tool with them is their fingerprint. Approximately 30 crore people are not comfortable with cards or phone. We had to get them into the mode of digital payments.”

Not surprisingly, critics of Aadhaar and Aadhaar-based services have attacked Aadhaar Pay and AEPS on issues of privacy and security of biometric and personal data. Pranesh Prakash, policy director with the Centre for Internet and Society (CIS), recently tweeted, “As long as AEPS encourages biometric authorisation of transactions, it is bound to be a security nightmare, with widespread fraud.” Would you tell a shopkeeper your debit card’s PIN? No. Then why share your fingerprint? A fingerprint, in this system, becomes a kind of unchangeable PIN, he asks.

Pointing out a possible danger, Usha Ramanathan, an independent law researcher who has been following Aadhaar since its inception, says, “In many payments, biometric data is authenticated and then it remains in the system where there are leakages. Intermediaries then have access to the data, which is thus made insecure.”

According to the UIDAI, however, once biometric data is provided by the consumer while making Aadhaar-based payments, it gets encrypted and a merchant doesn’t get access to that data. The Aadhaar Act also prohibits any storing of biometric data in local devices. And yet, there are many like CIS executive director Sunil Abraham who believe it is a mistake to use biometrics for authentication, especially when payments are concerned. “Our concern with Aadhaar Pay is about the biometric component of the project,” says Abraham. “Biometrics is an identification technology. Unfortunately, it is being presented as an authentication technology. It is not a secure authentication technology as biometric data can be stolen easily. It is also irrevocable; once biometric data is stolen, it cannot be re-issued like a smart card.”

Then there is the problem of availability of fingerprints. In the case of many people from rural areas and the working class, fingerprints get affected due to the manual nature of their work. This makes it difficult for this target group of UIDAI to conduct transactions properly through Aadhaar Pay. “In Rajasthan, 30 per cent of the households are not even able to procure ration using fingerprints,” says Ramanathan.

The launch of Aadhar Pay at this time becomes more challenging as there has been a decline in digital payments this January. According to RBI data, digital payments, including transactions made by using credit cards, debit cards, electronic fund transfers, digital wallets and mobile banking transactions, were 10.2 per cent lower by volume and 7 per cent lower by value in January 2017 as compared to December 2016. Also, digital transactions fell from 1,027.7 million (worth Rs 105.4 lakh crore) to 922.9 million (worth Rs 98 lakh crore). This could get worse as the RBI raised the cash withdrawal limits from Rs 24,000 to Rs 50,000 from February 20 and aims to remove all limits by mid-March.

Within digital transactions, debit and credit transactions at POS terminals declined 18.6 per cent month-on-month in January, while mobile banking transactions declined by 7.6 per cent, showing that people still prefer to deal in cash. According to NPCI data, however, IMPS transactions rose by 18 per cent in January and UPI-based transactions went up from 2 million transactions (worth Rs 700 crore) in December to 4.2 million transactions (worth Rs 1,666 crore) in January.

Clearly, considering India’s demography and its problems, when it comes to the security of personal and biometric data, the government and the UIDAI have many issues to clear before Aadhaar Pay can achieve any success. Moreover, there are over 100 crore mobile phones in India today, with even the lowest strata of the population having access to one. Yet mobile-based payments and m-wallets are yet to hit that critical mass. To make Aadhaar Pay a bigger success than that could be a gigantic task.

For more details visit http://editors.cis-india.org/internet-governance/news/outlook-arindam-mukherjee-february-20-2017-no-genie-at-your-fingertips