Centre for Internet and Society

Why did India fail to discover the ISIS Twitter handle?

praskrishna — 2014-12-27T03:27:16Z

India's surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country, says a leading cyber law expert.

The article by Anita Babu was published in the Business Standard on December 26, 2014. Sunil Abraham gave his inputs.

Back in 2009, after the investigation team, probing into the 26/11 Mumbai terror attacks, almost cracked the case, it was the US’s Federal Bureau of Investigation (FBI) which connected the missing links by arresting David Headley, the mastermind.

Five years later, India is staring at a similar situation, when Bengaluru-based Mehdi Masroor Biswas, was allegedly found to be operating a pro-ISIS (Islamic State) Twitter handle. It was a British broadcaster, Channel 4, which blew the lid off Biswas’s activity. Soon after the report, Indian authorities swung into action. Last year, when communal violence broke out in some parts of Uttar Pradesh, a Pakistani news organisation reported that a fake video was being circulated to fan sentiments.

But, why have Indian agencies failed to detect such activities which pose a threat to the national security? A senior government official said intelligence agencies in the country scan the internet for leads. But, in the light of increased threats, systems need to be beefed up significantly. Perhaps, as a first step towards this, the home ministry on Wednesday formed a committee to prepare a road map for tackling cyber crimes in the country.

It will give suitable recommendations on all facets of cyber crime, apart from suggesting possible partnerships with public and private sector, non-governmental organisations and international bodies.

According to Sunil Abraham, executive director of a Bengaluru-based research organisation, the Centre for Internet and Society, it’s time we move closer towards intelligent and targeted surveillance, rather than mass surveillance. This will require monitoring a selected accounts or profiles, instead of tapping information from across the population. Old-fashioned detective work is also very important, as it has helped zero in on Biswas.

Another problem the country faces is that a lot of data is being pooled in by multiple agencies, but of little use. “We must free up our law enforcement agencies and intelligence services from the curse of having too much data,” Abraham adds. Since most of the internet companies are headquartered outside India, the authorities face a lot of difficulties in accessing information from these networks.

“India’s surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country. Our system is only confined within the country,” says Pavan Duggal, a leading cyber law expert.

Since the US has the capability to access information from telecom companies, service providers such as Twitter and Facebook and the consortia that run submarine cables, these companies cooperate in a much more effective and immediate manner, adds Abraham. “But these are things that we will never be able to do in India,” he adds.

For instance, India follows the mutual legal assistance treaty procedure, to gather and exchange information in an effort to enforce public laws or criminal laws. However, this is a time-consuming process and often takes up to two years before we get any data from these companies.

But due to the threat of cyber-terrorism being shared by both companies and governments, companies such as Google, Twitter and Facebook are cooperating more than before, experts say.

Internet and Jurisdiction Project, an international group that works towards ensuring digital coexistence, tries to get a procedural law between two countries in a harmonised manner and includes collection, storage, handling and processing of evidence.

More lubricating efforts should be undertaken internationally on these lines, say experts. Hopefully, the new committee will take steps in this direction.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle

Why aren’t Indians using Wikipedia to hold the government to account?

praskrishna — 2016-02-14T11:07:49Z

Despite its popularity, the site's benefits are going unutilised.

Madhav Gadgil's post was published by Scroll.in on February 6, 2016. CIS work was quoted.

Thanks to modern science and technology, the treasury of human material as well as intellectual and cultural wealth is overflowing. Enormous quantities of information are exchanged today at lightning speed, and incredible numbers of people separated by great distances are in constant touch with one another. Two contrasts characterise this world: on the one hand, disparities are growing in material wealth, and on the other, there is growing equality in access to informational and cultural resources.

The inequities in material wealth has accelerated the rate of degradation of the natural world, but at the same time progressive laws flowing from equality in intellectual wealth are helping people combat the degradation. This is one reason why, as much as ever, a well-informed citizenry is the lifeblood of social progress. Ensuring that citizens have ready access to reliable information is the prime responsibility of all of us, including obviously of our governments.

Wayward rulers

Regrettably, the government machinery is failing to discharge its responsibility.

Consider, for instance, Maharashtra’s irrigation scam, in which thousands of crores were siphoned off or wasted on dud irrigation projects. The statistics provided at various times by the state’s agriculture and irrigation departments are inconsistent. It is probable that none of them reflect the ground reality. Most rivers in Maharashtra are polluted well beyond legally permissible levels, yet the Maharashtra Pollution Control Board hardly acknowledges this sorry state of affairs. Such pollution often results in mass deaths of fish, but neither the fisheries department nor the Pollution Control Board maintains reliable records.

Or consider these two examples. After the people of Kerala succeeded in moving the government machinery, a committee of the legislature reported that 90% of the stone crushers in the state were operating without permission from local panchayats or without registering with district collectors. Another time, when the Central government-appointed Western Ghats Ecology Expert Panel revealed similar irregularities with solid evidence, the Centre first suppressed its report and then, pushed by a Delhi High Court order, made only an English version available. To top it all, the Maharashtra government uploaded on its website a Marathi summary full of distortions.

Clearly then, with the government machinery failing, people must work on their own to bring to light the true state of affairs. Fortunately, our media provides a good deal of reliable information on issues of public interest. For instance, it was newspaper reports that forced the Goa Forest Department to accept the presence of tigers in the state. It is again the media that often records large-scale fish deaths in our rivers.

Such information gets recorded on social media too, but this remains scattered, barring systematic efforts like as the one launched by the Hyderabad-based “Save Our Urban Lakes” coalition. Besides, much of the material on social media like Facebook is often self-centred and prejudiced, making it difficult to ascertain the veracity. On the other hand, newspapers and TV channels are continually exposed to sceptical public scrutiny, ensuring that, by and large, they deliver reliable information.

On balance then, people at large can wean genuine, reliable information only by carefully collating it from newspapers and TV channels, official documents and scientific studies and systematically organising it through some responsible social media.

Starting a discussion

Wikipedia is just such a reliable social medium. It is an entirely voluntary, cooperative, web-based enterprise aimed at freely and readily delivering all the knowledge in the world to all the citizens of the world in their own languages. The platform started off in 2000 with a call to experts to contribute articles on the pattern of Encyclopaedia Britannica, but without any remuneration. When experts showed little interested, Wikipedia was thrown open to citizens in 2001, converting it into an anyone-can-edit enterprise. After all, experts too acquire much of their knowledge reading what others have written.

Wikipedia operates on the understanding that laypeople may make mistakes, but these can be eliminated by ensuring open scrutiny and giving full scope for additions, deletions and corrections. That this system has resulted in material of a quality on a par with expert-written encyclopaedias has been established by studies by respected scientific journals. Moreover, not being constrained by the page limits of a printed encyclopaedia, it has generated greater amount of material with a broader scope.

All this has been achieved due to the dedication of 50,000-odd voluntary editors improving existing and writing new articles. This community of editors follow a set of conventions arrived at over the years through consensus. It has been decided that Wikipedia will not include material based on original observations, but instead verifiable information compiled from published studies or reports. Wikipedia believes in a “neutral point of view” presenting the different perspectives, provided these are supported by good evidence. Besides reliability, Wikipedia articles aim for speed (Wiki means quick). For instance, the article on the December 2004 tsunami was composed in two days through contributions of some 1,000 editors largely relying on newspaper and TV reports.

Every Wikipedia article is accompanied by a “discussion” page, on which a variety of issues can be explored without the strict constraints of neutrality and verifiability. This is in addition to the “discussion” page accompanying the “User” page that automatically gets assigned to anyone who registers on the website as a user. On all these debating platforms the site imposes only one major discipline – that they will not be used for self-promotion or abusing others.

Because of these noteworthy conventions, the information on Wikipedia has acquired a special significance. For instance, in Europe and the United States, it has served to subject the performance of political leaders to careful scrutiny. Biographical articles on leaders often include documentation of the promises made before election and the extent to which these were fulfilled. In the past, whenever agents of these leaders tried to delete unfavourable content, they were caught out quickly because Wikipedia preserves all versions of any article, including a record of the IP address of the computer employed to make changes.

The grassroots

Since Wikipedia is unconstrained by governmental control and cannot be subjected to commercial pressures because of its donation-based ad-free model, it is an outstanding medium to document what is happening on the ground. This information can be accumulated through incremental, asynchronous micro-contributions. In India, it presents an excellent instrument for common citizens to document their experiences and issues of concern on the English and the 21 Indian language editions.

The articles could deal with specific geographical localities such as cities (e.g. Pune), wards in a city (e.g. Kothrud in Pune), villages (e.g. Warkhand in Pedne taluka of Goa), talukas (e.g. Dodoamarg in Maharashtra), districts (e.g. Kolhapur or North Goa), rivers (e.g. Panchaganga, Mula-Mutha, Zuari). All we need is some official information source to initiate such articles. The 2011 Census of India is one such excellent database. Every census locality in this database is assigned a unique Census Location Code.

To explain with an example: each of the many villages named Loni, Wadgaon or Mendha in Maharashtra has a different Census Location Code. Similarly, there is a district and a city in Madhya Pradesh as also a town and a taluka in Karnataka, all sharing the name Sagar. Again, these are assigned four different Census Location Codes. This facility permits us to refer unambiguously to any geographical locality at various spatial scales such as district, taluka or city or village. In addition, on their Wikipedia entries, one could readily add the latitude, longitude and altitude off Google Earth.

As it happens, there exists a code – developed by Prashant Pawar – to automatically generate base articles on census localities. Three such Marathi articles, on villages Haladi (Karavir), Rukadi (Hatkangale) and Parite in the Panchaganga basin of Kolhapur district, have been uploaded on the Marathi Wikipedia.

No less than 40,000 such articles were automatically uploaded on the English Wikipedia around 2003-’04 and were then quickly developed further by other interested citizens. However, that was not the norm. While Bollywood celebrates Wikipedia with Shah Rukh Khan singing Mere bareme Wikipediape padh lo, Indians participate little in editing or creating new Wikipedia articles. For instance, an article on the Pune Bus Rapid Transit System on the English Wikipedia is merely based on an official pamphlet. It ignores the vigorous discussion on the subject, including the many news reports in the past several years. The discussion page accompanying the article is almost blank. Surely, the more aware citizens of Pune could put the powerful medium to good use to provide a more detailed and balanced account of their city’s Rapid Transit System.

Bonding across languages

We could, of course, follow the American pattern of automatically generating articles on all Indian localities covered in the 2011 Census. But Wikipedia is not just an encyclopaedia – it is a community, and in the absence of awareness about the enterprise, this approach might not be fruitful. The communal effort was visible when the residents of Haladi in Maharashtra initiated a base article on their locality.

Besides creating base articles, interested citizens can upload photographs, audio and video clips on Wikimedia Commons under a Creative Commons license, permitting anybody to freely use or modify the material after giving due credit to the original creator. Aside from this, citizens can also augment information on issues of their concern through Right to Information queries or enquiries from forums like zilla parishads, municipalities, state legislatures or the Parliament. The Centre for Internet and Society has developed excellent resource material to support citizens taking up Wikipedia-related activities. A group of volunteers led by Subodh Kulkarni is also promoting this participation, as is Goa University.

Much could be accomplished if Indians become active participants on Wikipedia. People could use their articles and their discussion pages to draw the attention of journalists or scholars to their concerns. For instance, people in the command area of a dam could call attention to the fact that no canals have been constructed to bring water to them. A journalist could then investigate the issue and develop a news story, which in turn could provide a verifiable reference for a Wikipedia article. Such interaction could constitute an effective and transparent social audit. One can visualise an array of topics for a social audit, ranging from the status of wage payments in rural employment guarantee works, pending forest rights claims, encroachment of real estate on river beds, privatisation of public beaches, and availability of public toilets for women.

The newly emerging facility of Wikidata can strengthen this social audit. Wikidata permits integration of data not only from English but from multiple languages, such as Hindi, Marathi, Malayalam and Kannada. For instance, sacred groves – forest fragments that are communally protected – constitute a traditional conservation practice not only in India, but also in Bhutan, Myanmar and even Nigeria. This tradition is still relevant – indeed, new sacred groves have recently been constituted in villages granted Community Forest Rights such as Pachgaon in Chandrapur district of Maharashtra.

Using Wikidata and keywords such as Devari (Marathi), Devpan (Konkani), Nagarbana or Devarakadu (Kannada), Sarpakavu (Malayalam), Oran (Hindi), one can quickly compile quantitative information on this practice, helping bring together people from across the country. Similarly, using keywords in different languages for a phenomenon such as mass fish mortalities, one may compile systematic information on this phenomenon that Pollution Control Boards deliberately ignore.

Of course, the objective of the Wikipedia enterprise is to compile objective, verifiable information from a neutral point of view and the Wikipedia community will not be involved in any activism. Nevertheless, such an exercise of putting together information could serve a useful function of organising a social audit. This could help, say, scattered members of fishing communities that are adversely affected by pollution-related fish mortalities to organise themselves.

Democratic approach

This is a golden age for those fascinated by knowledge. And Wikipedia is a triumphant manifestation of the age, a progressive enterprise of good-faith collaboration with the noble objective of making all knowledge available to people all over the world. The English Wikipedia has taken giant strides towards such a goal. The key to this success of science has been the rejection of all authority other than empirical facts and logical inferences, and its aim is to engage all those interested in knowledge regardless of their social, economic or educational background. It is this democratic approach that has facilitated the rapid accumulation of knowledge. Yet there are continual attempts by so-called experts to monopolise knowledge.

It is the duty of true lovers of knowledge to resist such attempts. Knowledge has a vast canvas. Our environment, our social settings are legitimate subject matters of knowledge and every citizen can be involved in nurturing it. Wikipedia is an important step in the direction of bringing on board all citizens in the pursuit of knowledge. The ability of the Wikidata facility to bring together knowledge scattered in multiple Indian languages is one manifestation of this progressive development. All of us Indians should join hands in developing a reliable understanding of the nature around us and of our society, polity and economy. This enterprise of taking Wikipedia to the grassroots would be a worthy contribution to the cause of nation building.

For more details visit http://editors.cis-india.org/a2k/news/scroll.in-february-6-2016-madhav-gadgil-why-arent-indians-using-wikipedia-to-hold-the-government-to-account

Why Aadhaar leaks should worry you, and is biometrics really safe?

praskrishna — 2017-05-12T15:48:48Z

What’s worrying is that the UIDAI seems to always be in denial mode over security concerns.

The blog post was published by the News Minute on May 4, 2017. Amber Sinha was quoted.

If you’ve paid the slightest bit of attention to news about Aadhaar, you’ll have heard about a series of leaks of Aadhaar data from multiple government websites. Some of the latest government websites to leak Aadhaar and demographic data, were the Jharkhand Directorate of Social Security and the Kerala government’s pension department.

Shockingly, a report by The Centre for Internet and Society (CIS) revealed that the Aadhaar details along with demographic details and financial information of around 135 million people in the country has been leaked by four government portals. And this could just be the tip of the iceberg.

However, the public response to these revelations has been muted. The government and the UIDAI, the authority behind Aadhaar, have retreated behind the defence that only Aadhaar numbers have been leaked, and not biometric details, and hence there is no major problem.

However, experts warn that Aadhaar numbers by themselves pose a sufficient risk when leaked, and that the UIDAI has been consistently underplaying the risks of such leaks and overplaying the security of biometric identification.

Amber Sinha, who co-authored the CIS report, points out that it’s not just Aadhaar numbers that have been leaked on government websites, but also demographic information as well as financial details. Various such bits of data can be aggregated by fraudsters and used to steal identities and commit financial fraud online or through phones.

“We see a lot of examples of social engineering techniques where fraudsters collect data from various sources and impersonate people,” he says. The report points out that one of the most common techniques is to call persons impersonating bank officials requiring sensitive information, and provide Aadhaar and demographic details to make the bid for this information convincing.

Amber also points out that in online and phone verifications, it is possible to impersonate other persons with such information.

“Somebody can call the bank pretending to be me, and he could also authenticate himself as me if he has all the data about me. The bank will ask him some four questions and if he has all that information, then the bank has no reason to believe that he is not me,” he explains.

Co-Founder of HasGeek, Kiran Jonnalagadda, an active voice on net neutrality, freedom of speech and privacy, points out that one of the main problems is that the Aadhaar system assumes biometric verification in every transaction, but Aadhaar cards are often used as identity documents without biometrics particularly for many non-financial transactions.

“Somebody can apply for a SIM card with your Aadhaar number, and if the place that is issuing the SIM card didn't do a biometric verification then your card is good enough, because now they can do anything they want in your name,” Kiran said. In such cases, he points out, impersonation is almost ridiculously easy because the Aadhaar card, just a colour printout with no security features, can be faked by almost anyone.

He points out that, particularly in cases of online verifications, the problem of fraud is acutely heightened. “The thing is that if they have your number and your demographic details, if the government does a verification online, the details will match. Which means that the ID is not fake. It's just that you didn't actually authorise any of this. In a perfect world, everybody would do biometrics. The problem is that that does not exist right now.”

One of the major flaws of the current security practices of Aadhaar is that the UIDAI only takes responsibility for the security of data stored within its Central Identities Data Repository. However, explains Amber, over the last five years, the UIDAI has proactively seeded Aadhaar data across multiple government databases. However, the UIDAI has not exercised strict disclosure controls on these government databases, and there are no clear standards for publicity of information.

The CIS report points to the example of the Andhra Pradesh portal of the NREGA, which carries information on Aadhaar numbers and disbursal amounts on a simple text file, with no encryption or other security measures. The report argues that this system could easily be exploited to transfer illegal sums of money into these accounts, making beneficiaries liable for them.

Importantly, Amber points out that the recent publications of Aadhaar details cannot properly be called leaks. A leakage occurs, he points out, when information is treated as secret and stored accordingly and then breached from the outside or leaked by abusing access.

“Here the websites that we looked at are designed in such a way that anybody without any technical knowledge can access information. They are available for download as spreadsheets, how much simpler could it get?” he asks.

Even with the much-vaunted infallibility of biometric verification, experts warn, there are some scarily large loopholes present. While the UIDAI regularly goes to town with the claim that the biometric data stored in the CIDR is well protected behind multiple firewalls, detractors point out that biometric data collected at each transaction point is not similarly secure.

Other kinds of financial transactions such as card transactions , explains Amber, use two-factor authentication (a physical card and a pin number or card details and an OTP, for instance). With Aadhaar, however, authentication is possible with just biometrics.

This is risky because biometric data is not duplication-proof. When biometric data is collected for authentication, he says, there are ways in which this data can be stored for re-use. “At the end of the day, the way the biometric authentication works is by comparing two images. There is a copy of an image which is collected at the time of enrolment which is stored by the UIDAI, and every time you authenticate yourself you give a fresh image. As far as the CIDR is concerned, it has nothing to do with how that image is being created at that stage,” says Amber.

This can and has led to what is called a “replay attack”, where stored biometric images are used to complete transactions without the presence of the actual owner of the biometric data. This is what happened in the case involving Axis Bank, Suvidha Infoserve and eMudhra in February.

Such situations arise, says Kiran, because Aadhaar confuses two very separate functions–authentication (establishing that I am who I am) and authorisation (certifying that I want an action done in my name). “It’s the difference between signing a cheque and showing a photo ID to prove that you are who you are,” explains Kiran. The problem with biometrics is that both processes are combined in one, and there is nothing to verify that the person to whom the biometrics belongs to is actually present for each transaction.

While the UIDAI has now proposed registered and encrypted biometric devices to overcome this problem, some detractors argue that a way around this is not impossible to find either.

“The larger problem is that the UIDAI constantly plays a game of denial and catch up. They keep pretending like other people are stupid and their system will never be broken. And other people keep pointing out that they've forgotten the most obvious things about security in any information system. They are currently in denial mode, where they insist such things are not possible until after it happens, and then they say oh it's happening, let's go do something to fix it,” Kiran says.

What’s more, Kiran and Amber point out that biometrics can even be physically duplicated. On iris scans, Amber argues, “Now, with a lot of CCTV cameras, if their resolution is high enough it is possible to capture things like an iris scan. So the means for biometric authentication can be used covertly, and that is a technological truth,” he asserts.

Duplicating fingerprints, says Kiran is even easier, pointing out to attendance fraud carried out by students of the Institute of Chemical Technology in Mumbai. These students used a resin adhesive to make copies of their fingerprints, which their friends used to give them proxy attendance in the biometric attendance system.

“Lifting fingerprints is ridiculously easy. Anything you touch will leave fingerprints on it. All it requires is some cello-tape to make a copy of your fingerprints. And then you can apply some wax to it and you get an actual impression of your finger. You can go place that on any fingerprint reader and it'll be fooled,” says Kiran.

It’s not as if such duplication is not possible with devices like credit cards. However, says Kiran, there are two key differences. Firstly, credit card companies have built up elaborate checks and balances over years to tackle fraud. Secondly, and far more importantly, credit cards that have been compromised can be cancelled. “Revocability is a feature in the credit card system. In Aadhaar you can't revoke anything. If fraud happens, you are stuck with fraud for the rest of your life,” explains Kiran.

For more details visit http://editors.cis-india.org/internet-governance/news/the-news-minute-rakesh-mehar-may-4-2017-why-aadhaar-leaks-should-worry-you-and-is-biometrics-really-safe

Whose Data is it Anyway?

praskrishna — 2012-04-28T04:12:15Z

Tactical Technology Collective and the Centre for Internet & Society invite you to the second round of discussions of the Exposing Data Series at the CIS office in Bangalore on 24 January 2012. Siddharth Hande and Hapee de Groot will be speaking on this occasion.

Like countless others, this title is a convenient adaptation of a 1972 play by Brian Clark, Whose Life is it Anyway?, a meditation on 'euthanasia' and the extent to which governments or the law can determine the private life of an individual. In a similar sense we use the title to help frame the second set of conversations in the Exposing Data Series, to zero in on the idea of data and who has the right to decide what happens with it. Philosophically, and also at the level of code, computing and the law, the ownership of data can be a somewhat odd and a contentious thing to grapple with. The only other understandings of 'ownership' we really have are those of property and identity and these get imputed onto the intangibility of data. And, in some senses now, many aspects of one's identity exist as data.

There are a range of experiences of data ownership that we talk about and experience daily. On the one hand you can hoard hard disks with favourite content to retrieve memories and experiences. On the other end of things, you can aggregate your experiences and memories with that of thousands of others, that then gets treated almost like a private hard disk belonging to some mysterious X. Who is this Mysterious X? Is there a Y? Or an XY? What is the trajectory of data in its movement from the individual to a larger, shadowy infrastructure that harvests it? What happens to our idea of data in its reconfiguration from intangible code to an idea of politics and rights? To introduce another provocation, do our existing ideas of data ownership objectify individuals? What does this objectification imply for the notion of personal privacy? For example, does the fetishization of 'things' called data obfuscate the idea of personal privacy?

One of the ways in which we may consider looking at open data initiatives for transparency and accountability is to assess it as discourse, and in relation to what happens when communities aggregate data. Open Government Data usually involves a top-down approach in terms of how it is aggregated, collated, shared, whilst community based approaches are more particular, contextual and local. What do these different approaches give us when we bring them to the same table?

The second event in the Exposing Data Series will focus on data ownership, looking into open government data and community-based data aggregation, to explore the various levels of data collection, the movement of data and its exchange, its representation, and dissemination in different contexts.

Speakers

Siddharth Hande, Transparent Chennai
Hapee de Groot, Hivos, Netherlands

This event is free and open to everyone. However, we would appreciate a confirmation of attendance ahead of time so as to ensure that your space is reserved. To confirm your attendance please write to: yelena.gyulkhandanyan@gmail.com

Photo Source: http://www.freedigitalphotos.net/images/view_photog.php?photogid=2000

VIDEOS

For more details visit http://editors.cis-india.org/internet-governance/whose-data-is-it

Whose Change is it Anyway?

praskrishna — 2013-07-02T15:41:46Z

For more details visit http://editors.cis-india.org/digital-natives/blog/whose-change-is-it-anyway.pdf

Whose Change is it Anyway?

praskrishna — 2013-06-05T08:40:17Z

The first product from the Whose Change is it Anyway? Hague workshop with Hivos in February is out. The video captures the process of knowledge generation there.

Videos

For more details visit http://editors.cis-india.org/news/whose-change-is-it-anyway

WHO's WHO LEGAL names Malavika Jayaram as one of the top lawyers for Internet and e-Commerce Issues in India

praskrishna — 2012-11-20T11:22:03Z

Malavika Jayaram was one of 10 Indian lawyers selected for inclusion as the top lawyers for internet and e-commerce issues in India. The new volume for 2012 was recently published following a process of peer reviews and independent research.

WHO'sWHOLEGAL published an online biography of Malavika:

A dual-qualified lawyer, Malavika spent eight years in London - with Allen & Overy as an IP/IT lawyer in the communications, media & technology group; and with Citigroup, first as vice president and counsel in the technology legal team, and later as senior business analyst.

A lawyer for over 15 years, she relocated to India in 2006. She is a partner at Jayaram & Jayaram, focusing on domestic and cross-border corporate and technology intensive transactions. She represents clients in the aerospace, automotive, hydraulics and pharmaceutical sectors, as well as in the information technology, e-commerce and communication spaces. She has a special interest in new media and the arts, and advises start-ups, innovators, educational institutions and artists on digital rights, cultural heritage and the dissemination of creative works. Malavika is a fellow at the Centre for Internet and Society, reviewing and commenting on legislative and policy developments, and will have a monograph on privacy and identity in India published this year.

A graduate of the National Law School of India, she has an LLM from Northwestern University, Chicago. She is working on a PhD on data protection and privacy, with a special focus on India's e-governance schemes and the new biometric ID project. She is on the advisory board of the Indian Journal of Law & Technology, and is the author of the India chapter of Getting the Deal Through - Data Protection & Privacy, which is being launched this year. Malavika will be a visiting scholar during autumn 2012 at the Center for Global Communication Studies at the Annenberg School, University of Pennsylvania.

For more details visit http://editors.cis-india.org/news/whoswholegal-profiles-malavika-jayaram

Who the Hack?

praskrishna — 2015-05-14T12:16:59Z

A hacker is not an evil spirit, instead he can outwit digital systems to bring about social change, writes Nishant Shah in this column published in the Indian Express on April 24, 2011.

One of the most sullied words that have pervaded public discourse, with the rise of the internet, is “hacker”. The word conjures up images of a silent, menacing, technology-savvy young man, who, with his almost magical control over the digital realm, manipulates systems, changes the laws, rewrites the rules and takes complete control. We hear stories about criminals hacking often enough — people who break into national security systems and retrieve sensitive information, teenagers who crash servers by spamming them with unnecessary traffic, users who commit credit fraud by phishing or breaking into bank accounts, or shutting down entire systems by erasing all the code.

Hackers v/s Crackers

As many of us know, the term hacker has a different origin and meaning than its abused application. In fact, people who perform maleficent activities using their technological prowess are called “crackers” — these are people who use their ability to interact with a system in order to make personal gains or to harass others. A hacker is a person who has extraordinary technology skills and is able to manipulate digital systems and makes them perform tasks which were not a part of their original design. Which means that a geek who can hack into a server and uses the free space to host a free website, aimed for public good, or a techie who writes a programme that can use the idle computing time of your machines to run peer-to-peer networks, or a teenager who can break the constraints of an existing software to integrate it with other programmes, are all hackers. A hacker is defined by his ability to play around with the basic elements of a system (not necessarily digital and internet-based) and perform actions, sometimes for social good, but often, for fun and to explore the digital world’s frontiers. They are not the evil spirits that we often imagine them to be.

Hackers can be suffused with a spirit of civic good and of social beneficence. Around the world, hackers have used their technology skills to make public interventions to resolve a crisis in their environments. From the now notorious Julian Assange and his WikiLeaks platform to more positive efforts like Ipaidabribe.com, a civic hackers have emerged as our new heroes. Ipaidabribe.com is a civic hacking website, which allows users to use digital storytelling as a method by which they can start discussions on corruption and what we can do to change the systems.

Many digital natives are civic hackers. Aditya Kulkarni, one of our earliest participants with the “Digital Natives with a Cause” programme, is a digital native civic hacker. Like many young people in India, Aditya, from Mumbai, found the field of electoral politics opaque. He found it difficult to understand why good people voted for bad leaders and why large sections of the society shirk their responsibility to vote, thus leading to flawed governments. He, with his friends, started VoteIndia.in, a website where they collected information from public domain sources about electoral candidates in their local constituencies, so that voters could make informed decisions. The website was an instance of civic hacktivism.

I talk about hacking because I want to draw your attention to the phenomenon that started with Anna Hazare’s anti-corruption stance and the series of public interventions that surrounded it. Hazare has emerged as a hero for many. He has been trending on Twitter, there are pages dedicated to him on Facebook, Tumblr blogs have been spreading his word, text messages have urged people to come out in support. While there is much speculation about Hazare’s politics and the media spectacle that it has created, little attention has been given to Hazare’s almost exclusively off-line campaign and the way in which social media tools have been able to capture his momentum and turn it into a series of civic hacktivist interventions.

Flashmobs with people bearing candles and chanting against corruption emerged in cities. Public consultations organised by young people saw critical engagement with questions of corruption. The interwebz have been abuzz with people expressing opinions and calling for public mobilisation. Anti-corruption convictions have found resonance with people who, otherwise, despite having access to these technologies, would not necessarily have engaged in these kinds of civic hacktivities. This, for me, is not only a sign of hope but also a moment of understanding that digital activism is not always restricted to the digital domain.

As in the case of Aditya, and that of Hazare, the germ of an idea is often offline. The processes of protest and demonstration towards social change travel across the physical and the digital world. The idea of a digital native as a civic hacktivist reminds us that the young person behind the computer, in a virtual reality, is not dissociated from the embedded contexts of everyday life. Their skills with the computer often help them make critical interventions to mobilise social change.

See the original article published by the Indian Express here

For more details visit http://editors.cis-india.org/digital-natives/blog/who-the-hack

Who is Following Me: Tracking the Trackers (IGF2012)

praskrishna — 2012-12-07T17:17:32Z

The Internet Society and the Council of Europe are co-organising a workshop at the IGF (Baku - 8 November 2012 - 09:00 - 10:30) regarding online tracking. Malavika Jayaram is a speaker.

Interest in online tracking as a policy issue spiked with the release of the Preliminary Federal Trade Commission Staff Report in December 2010 entitled Protecting Consumer Privacy in an Era of Rapid Change – A Proposed Framework for Businesses and Policymakers calling for a “do not track” mechanism, the launch of the W3C Tracking Protection Workng Group and the recent entry into force of the so-called European “Cookie Directive” provisions. However, the actual and potential observation of individuals’ interactions online has long been a concern for privacy advocates and others.

Much of the policy attention is currently focused on cookies used to track users to build profiles for more targeted advertising, but some of the more difficult issues are:

How to deal with less-observable tracking (e.g. browser and/or device fingerprinting, monitoring of publicly disclosed information)
How to develop laws that accommodate different tracking scenarios – for example:
- different entities (law enforcement, companies, etc.);
- different and sometimes multiple purposes (security, personalising user experience, targeting advertising, malicious activity; etc.);
- first-party and third-party tracking o single site and multiple site tracking
Transparency (particularly on small mobile devices)
Whether a traditional consent model is sufficient and effective

The panel:

Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C)
Kimon Zorbas, Vice President, Interactive Advertising Bureau (IAB) Europe
Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA
Malavika Jayaram, partner at Jayaram & Jayaram, Bangalore
Shaundra Watson, Counsel for international consumer protection, USA Federal Trade Commission
Rob van Eijk, Council of Europe expert, Leiden University (PhD student)

The moderators:

Christine Runnegar, Internet Society
Sophie Kwasny, Council of Europe

The remote moderator:

James Lawson, Council of Europe

This workshop will explore:

Current and emerging trends in online tracking (and their related purposes)
How to give individuals full knowledge of the tracking that occurs when they go online
Mechanisms to give individuals greater control over tracking and data use
The respective roles of all actors (government, law enforcement, Internet intermediaries, businesses, browser vendors, application developers, advertisers, data brokers, users, Internet technical community, etc.)
Whether effective data protection online can be ensured solely by law.
Whether self-regulation and voluntary consensus standards offer better options for tuning privacy choice to the rapidly advancing technology environment.

Please read our background paper and update

For more details visit http://editors.cis-india.org/news/who-is-following-me

Who governs the Internet? (Yojana Article)

praskrishna — 2014-04-04T06:11:27Z

For more details visit http://editors.cis-india.org/internet-governance/blog/yojana-april-2014-who-governs-the-internet.pdf

White Phone

praskrishna — 2012-11-02T15:25:47Z

White Phone

For more details visit http://editors.cis-india.org/home-images/Whitephone.png

Whistle Blowers Protection Act, 2014

praskrishna — 2014-07-02T08:00:31Z

For more details visit http://editors.cis-india.org/internet-governance/blog/whistle-blowers-protection-act-2014.pdf

When the war’s on WhatsApp

praskrishna — 2016-09-25T16:36:01Z

Slick, jingoistic videos are whipping up pro-war rhetoric on social media after the Uri terror attack.

The article by Manju V was published in the Times of India on September 25, 2016. Nishant Shah was quoted.

It packs a meaner punch than any 140-character tweet. In 140 jingoistic seconds, the cleverly packaged YouTube film veers from Mohammed Rafi to Chandra Shekhar Azad drumming up pro-war rhetoric to avenge the Pathankot attack. Set to the tone of chirping crickets on a moonlit night somewhere along the western border that India shares with its neighbour, the short film has two armymen in fatigues deliberate over the absolute need to respond with a counter attack. It ends in a staccato military drumbeat with a voiceover quoting Azad: "If yet your blood does not rage, then it is water that flows in your veins."

Posted about 10 days after the Pathankot attack in January, the video was resurrected last week after the country woke up to the Uri attack that killed 18 Indian soldiers in the deadliest assault on security forces in Kashmir in over two decades. Even as photographs of a grenade smoke-filled valley, tricolour-draped coffins, grieving sons, daughters and widows made the rounds in media outlets scores of Indians marched onto social media, some armed with incendiary prose and other with slick videos that expressed more anger than anguish.

In another video doing the rounds, a jawan, or someone in uniform, sings a poem warning Pakistan. His mates join in the refrain: "Kashmir toh hoga, lekin Pakistan nahi hoga."

These videos of jawans threatening to decimate Pakistan were shared by thousands. WhatsApp profile pictures and statuses were changed, Facebook posts got longer and vitriolic, Twitter #UriAttack exploded with expletives as the enough-is-enough sentiment peaked. It heralded the beginning of an era where the dynamics of Indo-Pakistan relations will play out not just in the diplomatic corridors of Delhi and Islamabad, the valley of Kashmir or the barracks of security forces; but also on the mobile phones, tablets and laptops of millions of Indians.

When contacted for a comment, the makers of the war-mongering 'Pathankot Tolerance' video didn't endorse war outright. "My individual opinion is that war is not a solution," said producer Santosh Singh, who heads the Mumbai-based V Seven Pictures. "Before we resort to war, we have to solve our internal problems. How can we let infiltration take place so blatantly?" he asked. Why then does the video not talk about this? Singh said that when one hears about such attacks, the instant reaction is to retaliate. "The video is based on that sentiment."

An electronics engineer, Singh also owns an IT recruitment firm. His film production company, which he runs along with his friend Vivek Joshi, made the Mauka Mauka World Cup video that went viral and also produces short films and videos for clients. "We have no political affiliations, in fact we turned down a couple of political parties who approached us," says Singh, adding that his company has made 30-35 films in less than two years. "Of these, about 10 are on issues close to our heart, like those on Afzal Guru and the Pathankot attack. We upload them on YouTube, they are aired without ads. We don't earn money from them," he adds.

Ugly gets outlet

Nitin Pai, director of Takshashila Institution, an independent centre for research and education in public policy, says that social media and some television studios have enabled people to express their subconscious fears and desires. "It is not just today that the people of India have been angry with Pakistan for fomenting terrorism in our country. But it is only now that they have ways to express this anger; unfortunately, social media dynamics amplify this anger in a grotesque, distorted manner, allowing the ugly and less-sensible views to rise to the top of the public discourse," said Pai.

Tracing the many origins of this phenomenon, psychiatrist Harish Shetty says that in an angst-ridden, globalized world, we need a whipping boy. "With the Uri attacks, the entire nation had a common enemy. In expressing collective anger, there's catharsis." The current outpouring is not just over the deaths of soldiers; such an incident also opens up older wounds, he says. "For a long time, Indians have found their leaders to be helpless. It's like a family that is attacked again and again by a neighbour, but the father does nothing about it. There has been a lack of strong response from 'papa figures' across time, which has led to a sense of anger and rage. After the Uri attacks, the collective self-esteem of the country took a beating, and people felt a need to assert themselves on social media. At such times strong action is viewed as legitimate, valid and free of guilt," he adds.

Amplifying angst

If social media brought together protesters in Tunisia and Egypt during the Arab spring, in democratic India it has turned into a platform for expressing mass disenchantment with the government, especially in the wake of such attacks.

Social media plays several roles in times of crises, says Nishant Shah, professor of digital media and co-founder of the Centre for Internet & Society, Bengaluru. One, it amplifies what is already being said in friend circles and living-room conversations in front of the telly, but spreads it to a larger audience. "The second role it plays is distribution: social media allows people to inherit other people's opinions, thus exposing them to new ways of thinking but also find corroborators for their own viewpoints," he says. The third is catalysis — social media also has the capacity to generate new information. "The format creates new kinds of truths. Things that can be caught in Snapchat videos, or visuals which can be remixed, all become a part of this zeitgeist," Shah says.

Virtual wars

But in India at least, social media is no indicator of considered public opinion, points out Pai. Shah adds: "What we are seeing is a filter bubble of a privileged set of people who are engaging in this debate."

Then again, what's said on social media needn't be endorsed in real life. Vivek Joshi, who wrote and directed the Pathankot video, says nobody in the world would want a war. "But when it comes to the lives of our soldiers, an answer has to be given. If the government had taken any visible action, then there would have been no need to put out a video like this," Joshi adds. And therein probably comes the new-age heuristic of venting out on social media.

For more details visit http://editors.cis-india.org/internet-governance/news/times-of-india-september-25-2016-manju-vi-when-the-war-is-on-whatsapp

When the virtual world wakes up the real one

praskrishna — 2013-11-30T09:35:06Z

The unprecedented wave of voices speaking up against sexual harassment in recent times has as much to do with technology as the determination to seek justice. From Twitter to Tumblr, and blogs to pastebin, the internet's anonymity, reach and speed allow small, personal stories of abuse to swell into big stories.

The article by Malini Nair was published in the Times of India on November 24. Nishant Shah is quoted.

The outrage over the Tehelka case started with a post on pastebin, an anonymous document sharing site, on Wednesday evening. It contained the email managing editor Shoma Chaudhury had sent to the Tehelka staff with editor Tarun Tejpal's "atonement" letter appended below. A few hours later, the story had ballooned into a heated debate, and the outpouring forced what was being dismissed as an "internal matter" to be treated as a criminal case.

The two women who recently spoke up against harassment at the hands of a retired Supreme Court judge also used Facebook and the blogosphere to tell their stories, ensuring that the real world was actually moved into taking action. "The social web's biggest comfort is that we are no longer alone," says Nishant Shah, director, Research at the Centre for Internet and Society, Bangalore. "No matter what has happened to us, it has happened to somebody else. The possibility of finding credulous and empathetic audiences who but share our pain, understand it, and respond to it is unprecedented." Retweets and comments have often been described as the digital equivalent of holding hands.

Shah's pick of web campaigns that highlighted the problems include Blank Noise which calls women to talk of small, everyday stories of harassment, the Pink Chaddi drive and Why We Need Feminism, a web venture across American universities.

The other reason why the net encourages victims of abuse who might otherwise have stayed quiet to speak out is its "pseudonymity", as Shah terms it. In societies where there is shame attached to talking about sexual assault, the online space saves women from having to put themselves out in the "physical space" while ensuring that the perpetrator is exposed, he points out.

A plus for social web is that it gets other victims to speak up as well, gathering force and magnitude in the process. This happened in the instance of the legal interns. Another instance that surfaced just a month ago was of two American women science bloggers Danielle Lee and Monica Byrne. When Lee refused to write a piece for free for Biology Online, she was called "urban whore" by an enraged editor. She blogged about it and the ensuing storm over social media got her huge support. After Lee's expose, Byrne blogged about an acutely sexual conversation a powerful science writer inflicted on her. The outrage this provoked abated only after he made amends.

As an article in Gender and Culture blog project puts it: "( The digital world provided) a forum for these victims to document their abuse, and a courtroom where the abusers have been judged and found guilty by public opinion".

Of course there are problems with the internet's version of justice — it tends to play judge, jury and executioner with giddy recklessness. In the Tehelka case, the first questionable moment came when the survivor's email was tweeted and re-tweeted with no concern for her requests for anonymity. "The problem with Twitter and Facebook is the incredible and gross violations of privacy of the survivor. And otherwise responsible adults join lynch mobs calling either the survivor or the accused names, making ridiculous allegations, desperately looking for an easy narrative to hang everything on," says author Nisha Susan, who led the Pink Chaddi campaign.

Commentator Santosh Desai says that it is tough to choose between an unbridled but powerful social web and one that is cautious and governed by norms. "Earlier, there were receivers and broadcasters who were few and governed by licenses and a code of behaviour. Now everyone is a broadcaster, everyone is a circulator and everyone is an aggregator. Having no oversight here could be problematic," he says.

Susan says communities need to go beyond social media in such situations. "It should also be a time for us to reflect. On what we would do in such a situation, how we could perhaps prevent it, on the sense of entitlement powerful men have all over the world, on the awful pressures young women face. We should all be reflecting. Instead we are just re-tweeting."

For more details visit http://editors.cis-india.org/news/the-times-of-india-malini-nair-november-24-2013-when-the-virtual-world-wakes-up-the-real-one

When the digital spills into the physical

praskrishna — 2011-12-22T05:42:39Z

Nishant Shah, Director-Research, Centre for Internet and Society, Bengaluru, tells us why flash mobs are an interesting sign of our times, and not just a passing fad.

What is a flash mob?
There are many different forms of flash mobs, if you look at their content. In terms of structure, it has to do with a bunch of people, who are connected to each other by common technologies but don't necessarily know each other, and yet, come together in a public space to perform a set of pre-decided actions. Congregate, Orchestrate and Disperse -- that is the anatomy of a flash-mob. Hence it is different from other kinds of mobilisations, because it is very rare for anybody to know who is the organiser of a flash mob.

There are no long speeches, political expositions or agendas used in order to bring people together for a flash mob. Once the brief performance has been done, people don't stay back to form communities and discuss. The word 'flash' draws its inspiration both from 'flash-floods' and 'flash-in-a-pan', both referring to the immanence and suddenness of a flashmob.

What is a smart mob?
Howard Rheingold coined the term smart mob in a book by the same name. Smart mobs are a more inclusive form of digital technology-based mobilisation. Rheingold uses the term to refer to a series of sharing, collaborative, performative engagements that have emerged around the world, especially with young people using the Internet. The people don't know each other, but through different Peer-to-Peer (p2p) protocols, are able to share their resources towards a particular purpose. So it might be a group of friends who want to dance at the train station, or geeks sharing their idle computing time to search for records of UFOs, or people using location based applications to meet each other in caf ©s and form friendships. Smart mobs are essentially different from flashmobs because they have a specific agenda and are geared towards a longer, sustained and enduring practice of community belonging and building.

What role does the Internet and digital technology play in organising flash mobs?
One of the fundamental tenets of flash mobs is the condition of anonymity. The web offers the necessary condition where the intended participant does not have to disclose any personal information. They are able to interact, communicate, receive and share information while giving out nothing more than their email addresses and cellphone numbers. It would have been impossible to think of a flash mob without the use of these technologies because while the postal service would also offer similar conditions (though the physical address is more of an identifier), the flash mob also requires a speed and scale which would otherwise have been impossible in an analogue world.

What is a flash mob best suited to achieve? Is it a form of celebration, a protest, campaign, a quick way to poke fun, or be ironic?
I would say the flash mob is a tool — a process that can be deployed for anything that you want. You can use it as a form of celebration or protest. You can also use it to bully somebody, to destroy public property or create conditions of danger. However, that is true of any tool that we use. A hammer, for example, can be used to hit a nail, or hit some one. The flash mob is a symptom of how our digital and physical realities are merging. It uses the aesthetics of p2p, interaction with strangers, gaming elements with more control over the spaces that we occupy, 'avatar'ification which allows for a pseudonymous existence, etc. to organise something in the physical world. And it is these spillages of the digital into the physical (and vice versa) that make flash mobs significantly more interesting than just a passing fad.

MidDay published this interview in their newspaper on 18 December 2011. The original can be read here

For more details visit http://editors.cis-india.org/when-digital-spills-into-physical