Centre for Internet and Society

Surveillance in India: Policy and Practice

praskrishna — 2017-03-15T01:05:07Z

The National Institute of Public Finance and Policy organized a brainstorming session on net neutrality on February 8, 2017 and a public seminar on surveillance in India the following day on February 9, 2017 in New Delhi. Pranesh Prakash gave a talk.

Pranesh presented a narrative of the current state of surveillance law, our knowledge of current surveillance practices (including noting where programmes like Natgrid, CMS, etc. fit in), and charted a rough map of reforms needed and outstanding policy research questions.

Pranesh Prakash

Pranesh Prakash is a Policy Director at - and was part of the founding team of - the Centre for Internet and Society, a non-profit organisation that engages in research and policy advocacy. He is also the Legal Lead at Creative Commons India and an Affiliated Fellow at the Yale Law School's Information Society Project, and has been on the Executive Committee of the NCUC at ICANN. In 2014, he was selected by Forbes India for its inaugural "30 under 30" list of young achievers, and in 2012 he was recognized as an Internet Freedom Fellow by the U.S. government.

His research interests converge at the intersections of technology, culture, economics, law, and justice. His current work focuses on interrogating, promoting, and engaging with policymakers on the areas of access to knowledge (primarily copyright reform), 'openness' (including open government data, open standards, free/libre/open source software, and open access), freedom of expression, privacy, digital security, and Internet governance. He is a prominent voice on these issues, with the newspaper Mint calling him “one of the clearest thinkers in this area”, and his research having been quoted in the Indian parliament. He regularly speaks at national and international conferences on these topics. He has a degree in arts and law from the National Law School in Bangalore, and while there he helped found the Indian Journal of Law and Technology, and was part of its editorial board for two years.

Click here to see the agenda for the brainstorming session on net neutrality.

Video

For more details visit http://editors.cis-india.org/internet-governance/news/surveillance-in-india-policy-and-practice

Indian public concerned about fingerprint payment scheme

praskrishna — 2017-02-12T15:10:23Z

The Guardian is reporting that a prominent think tank has found that the prospect of using fingerprint authentication for everyday payments is raising privacy concerns among the Indian public.

The blog post by Rawlson King was published by Biometric Update.com on February 9, 2017. Sumandro Chattapadhyay was quoted.

The Centre for Internet and Society says that many Indians are concerned about the “privacy implications” of using Aadhaar as a payment scheme.

Aadhaar is the 12-digit unique identification number issued by the Indian government to every individual resident of India. The Aadhaar project aims to provide a single, unique identifier which captures all the demographic and biometric details of every Indian resident. Currently, Aadhaar has issued over 900 million Aadhaar numbers. BiometricUpdate.com recently reported that over one billion people have now been enrolled.

The Indian government is intent on expanding the use of Aadhaar beyond the provision of social services to include financial transactions. The government’s “Digital India” initiative aims to create a “cradle-to-grave digital identity” that can enable a digital economy. Moving towards a digital economy will allow low income people to access the banking system. The use of Aadhaar for most transactions however would also allow the government to reduce the cash supply, which would work to eliminate untaxed cash transactions.

The government took a big step towards reducing the cash supply last November by removing 500 and 1,000 rupee notes, thereby eliminating 85 percent of the country’s circulating currency. Indian residents responded by setting up three million, enabled by fingerprint verification. BiometricUpdate.com has reported that banks, including DCB Bank, have introduced Aadhaar enhanced services, and that financial service firms including YES Bank and Spice Money are introducing Aadhaar-enabled payment systems.

The unveiling of this biometric-based payment ecosystem however is creating consternation among the general public. Sumandro Chattapadhyay, a director at the Centre for Internet and Society told the Guardian that Indian residents are concerned about the “data-sharing possibilities opened up by Aadhaar.”

He noted that Aadhaar “makes it easier for companies not only to share information on individuals’ consumption and mobility habits, but also to link this data up with public records like the electoral register. Both lead to significant threats to privacy of individuals.”

Chattapadhyay also told the Guardian that “the law governing use of the biometric database, fast-tracked through parliament last year, is flimsy when it comes to the private sector. Since India lacks a general privacy or data protection law, this leaves corporate use of Aadhaar services effectively unregulated.”

He told the UK newspaper that his greatest fear is that “private companies could eventually gain access to government-held personal data, such as income or medical records, while the government could use company data like phone records to target specific individuals in political campaigns.”

Despite these fears, the government continues to move ahead with link Aadhaar with more elements of the financial system. Recent reports have stated that the Indian government may allow citizens to use Aadhaar to file their income tax returns.

For more details visit http://editors.cis-india.org/internet-governance/news/biometric-update-february-9-2017-rawlson-king-indian-public-concerned-about-fingerprint-payment-scheme

Securing Digital Payments: Imperatives for a Growing Ecosystem

praskrishna — 2017-02-09T01:40:22Z

A round-table conference was organised by ORF and Koan Advisory on “Securing Digital Payments: Imperatives for a Growing Ecosystem”, at “The Claridges”, APJ Abdul Kalam Road, New Delhi, between 11.30 - 13.30 on February 3, 2017. Udbhav Tiwari attended the round-table conference.

The discussion was very enriching, with stakeholders from the government, industry and civil society participating in the event. The discussions mainly focused on:

Most Pressing Challenges - Convince v/s Security balance, Lack of Sector Specific Security Standards, User Digital Literacy (esp Security), Lackof economic incentives, Lack of clear liability guidelines, capable security talent.
Mobile proliferation - Massively, device dependent (Chinese models), increase in attack surface, fragmentation makes security harder toimplement and enforce, low amount high volume fraud, user literacy, etc.
Regulatory Harmonisation - Yes, they can and should be, current process is largely law based, only public consultation, needs to move to amultistage holder model, ISO model is ideal - allows for industry, civil society and governments to participate at equal level, knowledge and perspective sharing. Core legislation/regulations with minimum standards and principles with detailed document made by multistakeholder body.
Infrastructural liabilities - 4 main ones - - device, connectivity medium, payment and transfer switches (Gov & Private) and service provider server. Ways to overcome - Standards, Critical Infrastructure protection, Digital Literacy, High audit and liability requirements, Testing (Red Team/Blue Team)

For more details visit http://editors.cis-india.org/internet-governance/news/securing-digital-payments-imperatives-for-a-growing-ecosystem

Digital Security for Journalists

praskrishna — 2017-02-09T01:28:42Z

Pranesh Prakash conducted two workshops on consecutive days, February 2 and 3, 2017 in Mumbai. The first one organized by IndiaSpend was held in their office. The second one organized by a fellow with the International Center Journalists was held in the Hindustan Times office.

The workshops covered topics such as:

What are you protecting?
Whom are you protecting yourself against?
What capabilities does the adversary have?
What do you hope to achieve?
To what lengths are you willing to go?
Casual vs. Employers vs. Police vs. Intelligence Agency vs. NSA/GCHQ
Access to device vs. Access to network vs. Access to intermediaries
To what lengths are you willing to go?

For more info on the workshop training see the presentation slides here.

For more details visit http://editors.cis-india.org/internet-governance/news/digital-security-for-journalists

Giving out your fingerprint for Aadhar payments is as bad as telling the seller your banking password

praskrishna — 2017-02-07T16:09:53Z

PRS India recently released a report card enlisting the status of all the major policy announcements made by the President on India in his address to the Parliament on 23 February 2016. The policies cover all the major sectors including economy and finance, industry and manufacturing, governance and legal reform, skill development, science and innovation among others.

The blog post by Nimish Sawant was published by First Post Tech 2 on February 3, 2017. Pranesh Prakash was quoted.

Ever since the current government has come into power, there has been a concerted effort to take India on the information highway with technology-backed initiatives. Projects such as Digital India, Smart City Project, Startup India to the latest policy announcements post the demonetisation on 8 November 2016, a lot of has been said about technology.

But there are still areas of improvement, for instance we are yet to have a privacy and data protection law, there is an alarming shortage of cybersecurity experts and we have seen our fair share of government as well as personal data being under jeopardy in the years gone by.

Pranesh Prakash, policy director of the Centre for Internet and Society, has his reservations against the speed at which we are moving towards the dream of a digitised India, without covering the core policies on security, legal frameworks and more. Here is what Prakash has to say.

“All in all, we in India are in a really precarious situation when it comes to Digital India, especially from a legal and regulatory perspective. While the push for digitisation is to be welcome, it should make this more convenient for citizens and that can’t be accomplished by forcing digitisation on people without giving them options.

The Planning Commission put together a group of experts chaired by Justice AP Shah, which came out with a report on privacy principles which were to inform a privacy and data protection law that the government was to introduce in Parliament. That report came out in 2012. In 2017, we are no closer to a privacy and data protection law. The data security practices at the levels of the government and of the private sector are very worrying.

For instance, the Narendra Modi app, which is operated by the BJP, for many months was leaking the personal details of more than 7 million users.

Another example: the government, as per press reports, is going ahead with using fingerprints for authentication of Aadhaar Enabled Payment Systems (AEPS) transactions. While the security architecture of AEPS might in itself be good, the idea of providing your fingerprints to merchants for financial transactions is a terrible idea since that is like asking you to give your bank password to a merchant, and the merchant can reuse that password, and you can’t ever change the password.

Last year Symantec revealed that for more than two years a cyberespionage project (that Symantec called “SuckFly“) had penetrated deep into Indian systems, including Indian government and banking systems. Yet, the government didn’t conduct an enquiry about this and reassure the public on actions being taken to mitigate this.

So while digitisation initiatives are great, there also needs to be a concerted effort to have a secure framework, and there has to be an ease in onboarding the non tech-savvy population as well.”

For more details visit http://editors.cis-india.org/internet-governance/news/first-post-february-3-2017-nimish-sawant-giving-out-your-fingerprint-for-aadhar-payments-is-as-bad-as-telling-the-seller-your-banking-password

Crowdsourced innovation for government projects and services is easier said than done

praskrishna — 2017-02-07T15:36:38Z

Late January. The buzz was palpable at the MLR Convention Centre in South Bengaluru. Developers were streaming into 50p, a conference organised by HasGeek, which has curated technology forums since 2011. But this wasn't just one of the six HasGeek communions that the programmers attend annually. 50p put the spotlight on digital payments, which meant the gathering would be more diverse than anything before.

The article by Kunal Talgeri was published in the Times of India on February 3, 2017. Sunil Abraham was quoted.

Of the 250-plus attendees in two days, only 40% were developers. There were around 10 lawyers, an activist here, a social-impact investor there, product managers, and a 20-strong team from online payment systems company PayPal. There were managers from traditional banks too. "We realised early on that one thing the developer community really needs to know is how various payment-systems work, like who makes what percentage (in the value chain)?," said Zainab Bawa, cofounder of HasGeek. "It is a big mystery to them."

Kiran Jonnalagadda, co-founder of HasGeek and Bawa's husband, concurred: "A payment conference cannot primarily be centred on technology. Regulations make a bulk of the difference." So the interdisciplinary forum traversed areas as diverse as customer data and privacy, payment-systems unique to India, regulations, and the Watal Committee report apart from technology.

HasGeek got folks from the payments industry to converse with developers. At the outset, Bawa spelt out to the audience something about technology's role in society. "While we (coders) are here to bridge gaps, we also need to understand that technology is not necessarily the solution. Developers must have their ears to the ground." She had touched upon the divide between the coder community and the government.

Globally, governments are only just beginning to be exposed to the geeks. "The broader theme of digitisation and opening up of APIs (application programming interface) is happening across the world," said Sanjay Swamy, managing partner at Prime Venture Partners, and an Aadhaar volunteer with the Unique Identity Authority of India (UIDAI) until early 2011. APIs empower developers to build applications that access the features or data of an operating system or service. This requires developers to come together with, in this case, the government.

The digital dream has never showed more promise in India—the chance for a few developers to build a platform that can digitise government services for millions of users. "The government wants to use hackathons for digital disruption—leverage hackers to build solutions for them," says Subhendu Panigrahi, co-founder of Venturesity that helps companies find developers.

This is easier said than done. But how did India even get to this point?

CODE NAME: GENESIS
On 10 June 2016, the Indian Software Product Industry Round Table (iSPIRT) think-tank released a paper that took note of the country moving from "data poor to data rich."

This was a few weeks after the UIDAI platform Aadhaar crossed 1 billion enrolments. "The Aadhaar system can authenticate 100 million transactions per day in real time," iSPIRT stated. The paper also pointed to three national platforms - essentially services that would in time digitise government services on a national scale.

These were the Goods and Services Tax (GST) Network, the Bharat Bill Payment System which would cover utility services (electricity, water, gas, and so on), and the electronic toll collection system.

All three platforms come under the National Payments Corporation of India (NPCI), an umbrella organisation for retail payment systems in India. iSPIRT had helped NPCI organise a hackathon in Mumbai in February 2016 to build prototypes for harnessing the Unified Payment Interface (UPI) platform's application programming interface to digitise bank transfers in real time. Similarly, steps were being taken to open up APIs to large companies for the other NPCI platforms.

On its part, iSPIRT was drawing the attention of a breed of software developers to the national-scale opportunities ahead. It unequivocally stated: "Data flows benefit public services and governments." But even as India moves to being data rich, the outreach to developers - estimated to be more than 5 million in India - could be futile for two reasons.

First, government departments and traditional systems of, say, nationalised banks have a technology procurement culture that is at odds with how developers build digital solutions. While government is the largest technology procurer, procurement contracts typically have clauses that encourage lowest (cost) bidders, which rarely spawns innovation.

"Government needs to adopt and evangelise pro-challenger tools and policies that reduce barriers to experimentation, level-playing field and encourage innovating around national issues," wrote Swati T Satpathy for iSPIRT in a November 2015 paper titled 'Igniting Hundreds of Experiments'.

Second, independent developers still have to come out in larger numbers for the best solutions to shine. Sachin Gupta, CEO of HackerEarth, another developer platform, agrees: "Governments may still go ahead and give projects to a TCS and Wipro, but they want to crowdsource the innovation, prototype and the whole concept. They want to build an active relationship with the tech community."

These can be government bodies at the state level, too, like the Department of Urban Land Transport in Karnataka, for whom Venturesity helped with a 'transit hack' to solve traffic in Bangalore with submissions like how to enable carpooling or track public transport.

"The government is really interested in the final product or an app they can use," Panigrahi said. For this, governments are willing to distribute their APIs to eventually own the app. "Developers participate in such hackathons to make it part of their portfolios or resumes, or because they love building products, or for the prize-money."

This is crowd sourced innovation. Yet, culturally, it is hard for developers and governments' interests to be aligned.

INSIDE THE DICHOTOMY
The API-driven approach is based on a philosophy in the United States that dates back to the 1960s. It a culture of giving powerful building blocks, as opposed to just building an actual solution, said Jonnalagadda. A 'solution' evolves into a platform if it can serve as 'building blocks' for the next set of developers to build on.

"A good product is also one on top of which something more can be built. That has been the principle on which the developer community has thrived," he said. This approach works well in technology. "It means you are slow, but also that you are a lot more mature and innovative."

The government has got this aspect right, by opening up secure APIs to nationalscale projects and systems. But while they have provided such building blocks, they have already decided the path to meet goals like financial inclusion. Mobile apps like BHIM (Bharat Interface for Money) are becoming the default mode of reaching the masses. Many observers agree with the smartphone as a medium for India, but developers feel web browsers are more secure than apps.

Jonnalagadda cites a 50p session, 'Everyone can see your credit card details. Seriously,' where the speaker Arnav Gupta described the flow of the web as independent websites that can't actually communicate with each other. As against this, every function of a mobile app is a subset of the parent app. "So whatever password you type for one 'function' can be visible to the parent, which never happens on the web," Jonnalagadda said. "If security is defined by the fact that it is tested against being broken, a mobile app is trusted on the basis of goodwill. For developers, this is a shitty way to do technology. It bothers the heck out of him when a security model assumes goodwill because government wants an app."

Also, solutions need a decentralised approach from governing bodies like local municipalities. Independent budgets and decision-making can lead to stronger links between government and local service providers. There are exceptions to this, like Singapore, a city nation. But in larger developed countries like the United States, local government bodies are stronger than in India. "Here, we are getting even more centralised over time," Jonnalagadda said. It makes the government look like a monolith in the eyes of developers. How can the two be compatible? "We haven't found a solution yet."

For more details visit http://editors.cis-india.org/internet-governance/news/the-times-of-india-february-3-2017-kunal-talegri-crowdsourced-innovation-for-government-projects-and-services-is-easier-said-than-done

Don't dive headlong into money-making schemes on the internet

praskrishna — 2017-02-07T15:02:24Z

If you do fall victim to fraud, file your complaint at RBI's Sachet web site.

The article by Sanjay Kumar Singh was published in the Business Standard on February 7, 2017. Udbhav Tiwari was quoted.

By now you have surely read the news about a Noida-based company called Ablaze Info Solutions, which is said to have defrauded about 700,000 people of Rs 3,700 crore. In this scheme, participants first had to pay a substantial subscription fee to join it, after which they were compensated for clicking on links. There were also incentives for bringing in other members, which made it akin to a multi-level marketing (MLM) scheme. Experts advise that investors should do the due diligence before putting their money in such schemes. According to cyber experts, this scheme took off because the activity it was pursuing was a legitimate one per se. There is an entire industry on the Internet, wherein you can earn money by clicking on links: This improves the traffic on websites and allows them to demand higher advertising rates. Many websites outsource the task of improving traffic to third parties, which in turn recruit people in countries like India for the task. You can also earn money through activities like filling up forms, answering surveys, etc.

The mistake participants made in this case was to join the scheme without exploring other options. "Many players would have offered a similar level of compensation without demanding a subscription fee. Moreover, the very fact that the company was demanding a substantial subscription fee should have made people suspicious," says Udbhav Tiwari, policy officer, Centre for Internet and Society, Bengaluru. Before participating in such money-making schemes, spend time doing a detailed background check of the company's credentials, especially if the promised returns are realistic or not. "If the return offered by the company is high compared to the market rates of return, or the company is new, you should be extra cautious. Check various blogs and forums on the internet for possible complaints against the company and its key stakeholders," says Mukul Shrivastava, partner, fraud investigation and dispute services, EY India.

If you join such a programme, be warned the moment the company defaults on payments, delays them, or avoids your queries. Stop all interactions with it and lodge a complaint with the police. If the company had used forged documents, especially the ones claiming that the scheme had the approval of a regulator like Sebi, submit them.

You can also file a complaint at Sachet, a website set up by the Reserve Bank of India (see box). Another option is to contact the Serious Fraud Investigation Office (SFIO) under the Ministry of Corporate Affairs. As the police take up a case usually when many complaints pour in against an entity, motivate other victims to complain, too. The state fights the case on your behalf. Your task after complaining is to cooperate with the investigation and depose in court. Nowadays victims can be compensated under the Criminal Procedure Code as well. They also have the option to file a civil suit for recovering their money.

Finally, there is a need for new laws to tackle online frauds. "There is a gap both in terms of legislation and effective enforcement. We only have a central 1978 Act for Prize Chits and allied rules in states, which need to be updated," says Nishant Joshi, partner, Shardul Amarchand Mangaldas.

Word box
Turn to Sachet

RBI has launched a website, sachet.rbi.org.in, where you can complain if you have been cheated by an entity that has illegally collected money from you
The website also provides information on legitimate entities that are authorised to collect money
Many regulators and enforcement agencies take up the complaints filed on this site
Investors don’t have to know the regulator under whose jurisdiction the company they want to complain against falls
You will get an email informing you about the regulator/entity that will take up your case

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-sanjay-kumar-singh-february-7-2017-dont-dive-headlong-into-money-making-schemes-on-the-internet

Comparison Table GDPR DPD

praskrishna — 2017-02-07T13:45:58Z

For more details visit http://editors.cis-india.org/internet-governance/files/comparison-table-gdpr-dpd

India WhatsApp Privacy Fight May Affect Multinationals

praskrishna — 2017-02-02T02:28:23Z

The Indian Supreme Court’s review of Facebook Inc.'s and WhatsApp Inc.'s data security practices may lack teeth but also presages a desire for a stronger privacy regime and oversight of multinationals, internet and privacy specialists told Bloomberg BNA.

The article by Nayanima Basu was published by Bloomberg BNA on February 1, 2017. Pranesh Prakash was quoted.

WhatsApp revised its privacy policy in August 2016 to share data with owner Facebook and allow targeted ads and messages from businesses, laying the groundwork for the free messaging service to monetize such data. But a public interest complaint, akin to a class action in the U.S., filed by two Indian students and regulatory inquiries have resulted in India’s top court asking Facebook and WhatsApp about their data protection practices.

The court’s move Jan. 17 to seek the information may make multinational companies jittery, Rahul Khullar, former secretary of commerce for India’s Ministry of Commerce and Industry, told Bloomberg BNA. Although stronger data privacy enforcement is needed, all the high court has done is aggravate Facebook and other large multinationals, he said.

Facebook is the second largest media company in the world with a $367 billion market capitalization, Bloomberg data show. It acquired WhatsApp in 2014 for approximately $18 billion, data show. Facebook didn’t immediately respond to Bloomberg BNA’s e-mail request for comments.

Khullar, who is also the former chairman of the Telecom Regulatory Authority of India, said multinationals need to be more careful in sharing their data because of the “distinction between digital non-commercial data and digitally sensitive data,” he said. A strong national data privacy law would resolve some of these issues, he said.

An U.S. official based at the U.S. Embassy in New Delhi, speaking on background, told Bloomberg BNA that any maneuver that restricts the free flow of data may harm the operations of U.S.-based multinationals and similar companies.

Clarity, Stronger Laws Needed

Some internet and privacy specialists say that Facebook and WhatsApp failed to provide effective data protection under Indian law.

Pranesh Prakash, policy director at the nonprofit digital technologies advocate Centre for Internet and Society, told Bloomberg BNA that Facebook and WhatsApp are in violation of Section 43A of the Information Technology Act that lays out “reasonable security practices and procedures.”

Indian citizens are reaching out to the courts for data protection enforcement because lawmakers have “failed to do so,” he said. That highlights the need for robust data protection laws in India and, he said, hopefully “goads the government and Parliament into enacting a privacy and data protection law.”

In lieu of further legislative action, companies may be able to resolve some issues by establishing clearer privacy policies, Niraj Gunde, a Mumbai-based attorney and consumer advocate, told Bloomberg BNA. Most software agreements have a clandestine clause that allows companies to access user data, but those agreements should also state how the data will be used, stored and eventually disposed of, he said.

For more details visit http://editors.cis-india.org/internet-governance/news/bloomberg-bna-february-1-2017-nayanima-basu-india-whatsapp-privacy-fight-may-affect-multinationals

Privacy after Big Data

praskrishna — 2017-01-27T00:08:39Z

For more details visit http://editors.cis-india.org/internet-governance/files/privacy-after-big-data

CPDP (Computers, Privacy and Data Protection) 2017

praskrishna — 2017-02-03T02:02:05Z

Amber Sinha participated as a panelist in a panel on 'EU Adequacy Status for International Data Transfers' in Brussels, Belgium on January 26, 2017. The event was organized by Privacy International.

EU Adequacy Status for International Data Transfers

According to EU data protection laws, countries only have blanket freedoms to receive and process personal data from the EU if they have been awarded an adequacy status by the Commission. Given the vital importance of data transfers between countries in the global economy, having such a status is a valuable asset, as other available legal means of transfer are more limited. India, for e.g. is said to be losing in excess of Euro 30 billion per year through lost trade with the EU, as it lacks such adequacy status. In the 20+ years since the data protection Directive was passed, only 11 states have been decided to be ‘adequate’ by the Commission – which include the US with its recently awarded Privacy Shield. The Commission methodology and procedures for granting adequacy to countries is increasingly under scrutiny – for e.g. a recent study found that the way it makes adequacy decisions for its trade partners could be accused of being obscure, inconsistent and without clear criteria or rules or timeframes. This also makes EU data protection laws vulnerable to challenge under world trade rules. This panel will address the following questions:

Questions to be considered:

On what basis does the EU and the Commission make decisions on whom to grant adequacy status?

In the light of the Schrems judgement defining adequacy as ‘essentially equivalent’, should all past decision be revised?

Given that more than 100 countries now have general data protection laws, how should countries be chosen for adequacy judgements?
What criteria and methodologies should be used to ensure all countries are treated equally, to ensure fundamental rights are equally upheld, and to avoid possible challenge under WTO rules?
(New) What are your views on the EC proposal to facilitate international transfers of personal data, recently published?

Panel:

Chair: Jan Albrecht MEP

Panel:

Kristina Irion, Institute of Information Law (IVIR), University of Amsterdam:

Kristina is expert academic in both data protection and related trade issues, author of recent study ‘Trade and Privacy: complicated bedfellows’

Amber Sinha, Centre for Internet and Society (CIS), India

Amber is policy researcher specialising in privacy and big data ; CIS is an India NGO and partner organisation of Privacy International.

Daniel Cooper, Covington and Burling ;

Dan is partner at this global law firm, which advises both business and government clients round the world ; he leads the data protection practice in London

Bruno Gencarelli, European Commission DG Justice ;

Bruno is the head of the new DG Justice unit on data flows and data protection, and as such the Commission boss of adequacy

Veronica Perez-Asinari, European Data Protection Supervisor (EDPS).

Veronica is the EDPS head of unit for supervision and enforcement; she has also recently spent some months working with the Argentina DPA (Argentina has EU adequacy).

Moderator: Anna Fielder, Privacy International

For more details visit http://editors.cis-india.org/internet-governance/news/cpdp-computers-privacy-and-data-protection-2017

WhatsApp forward promising PM Modi scheme for double recharge is a scam

praskrishna — 2017-01-25T02:13:18Z

Cashing on the ignorance of users, social media platforms are increasingly being used to scam people.

The blog post by Nandini Yadav was published by BGR on January 24, 2017. Pranesh Prakash was quoted.

Ever since demonetization, and the ruling government’s vow to digitize the Indian economy, several incidents of cyber criminals trying to trick users into sharing delicate information like bank details, have been reported. Since the sudden digitization is still new to the Indians, many of us also tend to fall prey to these scams easily. In series of such incidents, a new scam is being circulated on WhatsApp that involves a link to a fake website carrying the name and picture of Prime Minister Narendra Modi.

The link lures users to tap on it and claims that on a recharge of Rs 500 to Rs 1,000, users will get double the amount as top-up on by their telecom operators. The link also claims that this is a scheme run by the Prime Minister. Now, what really happens here is, that the website makes a user complete transactions and takes a whatever amount they do the recharge for.

While users don’t get any free recharge, the amount they pay for also does not get added to their mobile balance. But they do end of up losing the money entirely. Any time a user makes the payment for the recharge, at the end of the process the transaction shows failed on the website, but the money gets deducted from their account.

Here, not only do users lose their money, but they also end up sharing their bank details on a very unreliable website, which probably retrieves the data you feed in on the transaction gateways. A senior police officer of cyber cell told India Today that the amount of these top-ups are usually small and so people don’t turn up to register an FIR, but these hoax websites end up making huge profits.

“It is highly advised, that if any user receives such a message, they should immediately delete it so that even by mistake they don’t end up tapping on this and forwarding it to their contacts. Such malicious links not only can affect your device, but may also seep into your phone and steal data,” Kisalay Chaudhary, cyber crime expert told the publication.

“These bogus websites try to appear like an official Government of India website or related to telecom operators to trap gullible customers. Government website are .gov.in or .nic.in but fraud websites are -gov.in or _nic.in which may appear real but do not belong to government. So all people making online transaction should be very alert about the website they are browsing. WhatsApp has been a breeding ground for such activities and spreading malicious links,” he added.

This isn’t the first time such a hoax has been circulated. Earlier this month, a message on WhatsApp was circulating that claimed that the Prime Minister was offering a free Rs 500 recharge to all Indians. The message read, “Rs 500 balance for every Indians. Reforming India. Modiji giving free balance. Click here.” The words ‘click here’ were followed by a link to a new webpage, which once tapped on, asked a user to share their personal details like, their contact number, operator name and the state they live in.

And it’s not just through messages, these scams are being run on every possible platform. Late last year, Internet expert Pranesh Prakash pointed out a fake Narendra Modi app, which actually claimed to be from the Government of India and its interface looks almost identical to the original application. However, when he dug deep, he found out that the app developer of the purported Government of India Narendra Modi app was actually a person based out of Bangladesh, suggesting that the app was possibly hosted by a con artist.

Once downloaded, the ‘fake’ app, automatically got excessive permission including full network access and ability to take pictures and videos from a user’s device. The original Narendra Modi app, on the other hand, only gets access to read, modify and delete user’s media files. Also, the original app was published by Narendramodi.in and the fake one shows under the name of Government Of India.

And this isn’t the only fake Narendra Modi app, if you launch the Google Play Store right now, you would easily be able to spot a score of fake apps like this. Within a week of launch if the new UPI app BHIM, we spotted 40 odd apps that were claiming to be the original BHIM app.

For more details visit http://editors.cis-india.org/internet-governance/news/bgr-nandini-yadav-january-24-2017-whatsapp-forward-promising-pm-modi-scheme-for-double-recharge-is-a-scam

For India’s complaints department, visit Facebook Live

praskrishna — 2017-01-25T02:03:03Z

Notebook: Social media cuts through red tape in a country beset by inertia.

The article by Amy Kazmin was published in the Financial Times on January 23, 2017. Sunil Abraham was quoted.

Rarely has a soldier’s lament about bad food received such attention. But Tej Bahadur Yadav, of India’s Border Security Force, made national headlines with Facebook videos complaining about his rations along India’s tense line-of-control with neighbouring Pakistan.

Standing against a landscape of desolate, snow-covered mountains, Mr Yadav bemoaned the fried flatbread and tea that constitutes breakfast, and the watery lentils, seasoned only with salt and turmeric, of his lunch. It was unclear whether his main complaint was about the poor cooking quality or limited food quantity but the video of the offending meals, including a burnt chapati, suggested both.

“I do not want to blame the government,” he said calmly in Hindi. “The government provides everything for us but these higher officers sell everything. Sometimes, we soldiers go hungry.”

Reaction to the videos, which were covered widely by the mainstream media, came fast and furious. The BSF publicly accused Mr Yadav of indiscipline, saying he was a chronic malcontent previously subjected to a court martial for aiming his weapon at a superior. It also noted he was taking voluntary retirement soon.

But many Indians found it easy to believe that their country’s troops are short-changed on food and they rallied to the disgruntled soldier as a courageous whistleblower. Prime Minister Narendra Modi ordered an investigation, and a dietitian was reportedly sent to the border to assess the soldiers’ food.

Analysts pointed out that Mr Yadav’s gripe echoed official critiques of deficiencies in the army’s food procurement. “One can imagine the toil our jawans [junior soldiers] go through while guarding the border in chilling conditions. And the least they can expect is a good meal after long hours of hard duty,” an Indian Express editorial declared.

That a soldier posted in a remote border area could unleash such a kerfuffle via a video highlights how Indians armed with mobile phones are taking to social media to hold to account the traditionally non-responsive political and bureaucratic establishment.

Smartphones make up nearly 30 per cent of phones in use in India and that number is rising fast, according to the Asian research group CLSA. Sushma Swaraj, India’s foreign minister, has garnered attention for her rapid responses to individual Twitter pleas for help — whether from Indians in trouble abroad or those struggling to renew a passport or secure a visa for a visitor.

Now other ministers and government agencies, including local police forces, have begun to respond personally to pleas for help and public complaints on Twitter. It’s a big change from a time I recall well, when Indians tangled in red tape had no option but to find those with connections to try to influence, or prod, the seemingly impenetrable bureaucracy.

“Bureaucrats and politicians are now active and available on social media — ordinary citizens tweet politicians and there is a spectacle of immediate redress of complaints,” Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, told me. When New Delhi’s police department set up an office to receive complaints against corrupt officers, for example, many citizens provided audio or visual recordings of the alleged wrongdoing. It’s only a matter of time before such footage finds its way to social media — or beyond. Ironically, those whose plights gain traction on social media, and are then amplified by mainstream media, are sometimes low-ranking civil servants harassed by their superiors.

This week brought news of a female railway clerk punished for dereliction of duty after she refused to sing “one particular” duet with her senior manager at his farewell party. A friend who works for a major western social media platform here in India (who ironically can’t be identified as he wasn’t authorised to speak to me), tells me that “the power structures that governed who used to be heard and who wouldn’t be heard have changed”. As technology spreads further and deeper in India, we can expect that noise to amplify.

For more details visit http://editors.cis-india.org/internet-governance/news/financial-times-amy-kazmin-january-23-2017-for-indias-complaints-department-visit-facebook-live

Workplace Solutions Champions Consultative Workshop

praskrishna — 2017-02-03T01:23:38Z

A two day workshop was held on January 21 - 22 at Ecumenical Christian Centre in Bangalore. The workshop was organized by Enable India. Nirmita Narasimhan attended the workshop.

Agenda

Day 1: January 21, 2017

Sl. No.	Agenda Item	Description	Timings
1	Context Setting for the Workshop	What outcomes we hope to achieve during the workshop	9.30 - 10.00
2	Reflections and Sharing	Sharing on achievements and impact, through discussions and activities	10.00 - 10.45
	Tea Break		10.45 - 11.15
3	Reflections and Sharing (Continued)	Sharing on achievements and impact, through discussions and activities	11.15 – 12.45
	Lunch Break		12.45 - 13.45
4	Situational Context for WPS Champions Network	Understanding the background of workplace solutions and their critical role in shaping livelihoods for persons with vision impairment	13.45 - 14.30
5	Curriculum Development	Creation of curriculum for development of quality WPS Implementation professionals	14.30 - 16.30
	Tea Break		16.30 - 17.00
6	Curriculum Development	Creation of curriculum for development of quality WPS Implementation professionals	17.00 - 19.00

Day 2: January 22, 2017

Sl. No.	Agenda Item	Description	Timings
1	WPS Champions Network Long Term Vision and My Personal Vision	Understanding the future of WPS implementation, and personal vision alignment	9.00 - 10.00
	Tea Break		10.00 - 10.30
2	National track: Top Actions for the Year, and Who Will Do What	Understanding the roadmap for WPS across India	10.30 – 11.00
3	Regional Tracks for North, South and West regions: Top Actions for the Year, and Who Will do What	Preparing a region-specific roadmap for WPS in the north, south and west regions	11.00 - 12.00
4	Open Session on Employment	Group discussion on WPS in the context of employment and livelihoods	12.00 - 13.00
	Lunch Break		13.00 - 14.00
5	Logistics and communication channels for next steps	Service management tool demo, Whatsapp group and other information	14.00 - 15.00

For more details visit http://editors.cis-india.org/accessibility/news/workplace-solutions-champions-consultative-workshop

Odia Wikipedia and Orientation Training Programme

praskrishna — 2017-01-23T00:58:38Z

An Odia Wikipedia orientation and training programme is being organized by the Centre for Internet & Society's (CIS-A2K) team on 31 January 2017 at the Indian Institute of Mass Communication, Dhenkanal in Odisha.

Agenda

Bringing new editors on board.
Orientation programme for students of IIMC.
Finding possible partnership with the institute.

For more details visit http://editors.cis-india.org/a2k/events/odia-wikipedia-and-orientation-training-programme