Centre for Internet and Society

ITU

praskrishna — 2013-01-07T06:40:29Z

ITU

For more details visit http://editors.cis-india.org/home-images/ITU.png

It’s mainstream vs social

praskrishna — 2012-04-30T04:23:27Z

Mainstream and social media share an increasingly uneasy relationship. Mahima Kaul, a Guest Columnist with the Sunday Guardian wrote this article. Sunil Abraham is quoted in this.

The Abhishek Manu Singhvi CD scandal brought into focus the increasingly confrontational relationship between social media and mainstream media. When a court order kept the mainstream from broadcasting the CD, social media took centrestage in spreading it online and keeping a buzz about the scandal for days. Many termed it as a "victory" for social media. Others slammed social media users as "eternal voyeurs" and wondered why they seemed to be above the court order. In return, blogs went as far as to title a post, "Why the Indian MSM (mainstream media) Wants Social Media Dead".

A quick recap: after the CD leak, Singhvi moved court to stop certain media organisations from telecasting it. The Delhi High Court gave an ex parte order that "the defendants (media house), their agents ... are restrained from publishing, broadcasting and disseminating or distributing in any form or any manner..." However, people caught hold of the video and kept linking it on Twitter, Facebook, YouTube etc. It went viral. Singhvi resigned from all political posts and settled the matter out of court. In his statement of resignation, Singhvi's bitterness at the role of social media was apparent: "in either event it raises no public interest issue... contumacious internet violation of a flagrant kind." I will save you a Google search: contumacious means to be wilfully disobedient to authority.

There are questions to be asked. Who was the 13 April court order aimed at? Is Singhvi's proposition that an internet violation took place true?

The order was explicitly binding on only specific organisations (Aaj Tak, India Today Group and Headlines Today). The rest of the mainstream media showed remarkable restraint. In the case of the video being linked on social media, it was users' prerogative, as they were not covered under that order even though Singhvi's statement suggests otherwise. However, there is another angle to consider. Social media users would have broken the law only if the video content itself was objectionable. "If the video is judged to be 'obscene', then under s.67 of the Information Technology Act, 'causing [obscenity] to be transmitted', is also a crime," says Sunil Abraham of the Center for Internet and Society. So, the question is, was this video obscene? While my journalistic integrity did not extend to watching the video, I've been told it has neither nudity nor explicit sexual activity, and cannot be considered obscene. Therefore, it appears that social media has functioned well within its rights.

What remains, then, is the view that social media "should" be restrained. How? A court order could stop users from linking the video online, but it would only be applicable in India. Also, there are already provisions in the IT Amendment Act 2008, which allows for "offensive" material to be removed by the intermediary, or site blockage by the government. Twitter has already announced national policies of censorship, although this incident would probably not qualify for such a drastic action. Sunil Abraham adds that the court could also give a "John Doe order" against prospective offenders that enables the IP owner to serve notice and take action at the same time against anyone who is found to be guilty. However, this step is to be taken with caution. In criticising the existing order on the Singhvi case, Arun Jaitley wrote in an editorial that "a pre-publication injunction (should) ... be exercised with great caution specially in a case of libel and slander," because in this case it was yet to be proven that the CD was indeed fabricated.

It seems there is offline outrage about online outrage. However, for mainstream media to call for restraint on social media based on their own actions seems to be hypocritical in this particular instance, because they did so only because of a court order. One need to look at stories ranging from the Mumbai attacks to the Arushi Talwar murder case to understand the invasive nature of mainstream media in India. What is more worrying is that the mainstream media is equating itself with social media in some ways, wondering why it needs to have editorial checks if citizens can gossip away on Twitter. In return, social media is counting its victories against the mainstream in a manner that suggests that the two consider each other competitors. Although most conversation on social media would not exist without mainstream news sources, ultimately their function in society is not the same. The media is considered the fourth pillar of democracy, while social media is considered an "unofficial" channel. If either is found indulging in illegal or harmful activities, they can and must be checked. But, in the end, it serves freedom of speech to keep the two functioning in context, not in confrontation.

Read the original published in the Sunday Guardian on April 30, 2012.

For more details visit http://editors.cis-india.org/news/mainstream-vs-social

It's That Eavesdrop Endemic

praskrishna — 2016-07-30T15:45:31Z

Whatsapp Says It’s Snoop-Proof Now, But There’s Always A Way In

The article by Arindam Mukherjee was published in Outlook on July 25, 2016. Pranesh Prakash was quoted.

Lock and Key

WhatsApp says it has end-to-end encryption, so no one, not even WhatsApp, can snoop into calls.

Experts say any encryption can be broken by security agencies. Android phones can also get infected by malware.

For years, a Delhi power-broker used to call from nondescript landline numbers, changing them ever so often. Of late, he has started using WhatsApp calls for ‘sensitive’ conversations. He’s not alone. WhatsApp has revealed that over 100 million voice calls are being made on the social network every day. That’s over 1,100 calls a second! India is one of the biggest user bases of WhatsApp. And many Indian users are making the app their main engine for voice calls.

One reason for this shift is that WhatsApp calls are seen to be essentially free (though they indeed have data charges). But for a lot of people, the chief allure lies in the touted fact that WhatsApp calling is far more secure than mobile calling. In April, the app introduced end-to-end encryption for its messages and voice calls.

Consequent to this, Sudhir Yadav, a Gurgaon-based software engineer filed a PIL in the Supreme Court seeking a ban on WhatsApp on the grounds that its calls are so safe that it could be misused by ‘terrorists’. Last month, a court in Brazil issued orders to block WhatsApp for 72 hours after it failed to provide the authorities access to encrypted data.

Are WhatsApp calls really impenetrable? WhatsApp believes so and says that the encryption key is held by the two persons at the two ends of the message or call and no one, not even the company, can snoop in. “The calls are end-to-end encrypted so WhatsApp and third parties can’t listen to them,” a WhatsApp spokesperson told Outlook. This is precisely Yadav’s concern. “Because the encryption is end to end, the government can’t break it and WhatsApp cannot provide the decryption key,” he says.

However, experts do not buy this argument. They believe everything on the Internet is vulnerable. “Anything that uses a phone number is vulnerable,” says Kiran Jonnalagadda, founder of technology platform HasGeek. “Anyone can impersonate the phone number by getting a duplicate SIM and get access to a phone. There are also bugs in the system which security agencies use.”

WhatsApp uses a person’s phone number to open an account and authenticate a user. So, if the government or a security agency wants to get access to a WhatsApp call, it would be very easy. “Telecom companies cannot access these calls as they are encrypted before they reach the network. But the government can. It just has to replicate a SIM to access any number and its messages or voice calls,” says Aravind R.S., a volunteer for Save the Internet campaign and founder of community chat app Belong,

There are other modes of attack as well. It is a given that Android phones, which form the majority of mobile phones used in India today, are most vulnerable to malware attacks. So, even if the app itself is secure, the device is not and if the device is attacked, just about everything in it can be tapped into. For instance, there’s the ‘man in the middle’ mode of attack, where a third person gets into a call and mirrors the messages to both the sides and relays the messages or calls to a different server. There is also the SS7 signalling protocol that can help hackers get into networks and calls. These attacks can make even a WhatsApp encryption vulnerable.

Security agencies and hackers routinely implant viruses into the phones of people they are monitoring. Once a phone is “infected”, everything is accessible. And Android phones are extremely prone to attacks from malware. “It's not perfectly secure, especially if there is any virus in an Android phone, which is what security agencies work with. They have many more ways to get into a phone. There is no defence against that,” says Aravind,

Experts believe it is possible that US intelligence agencies like the FBI and the NSA may have access to or are capable of breaking into even the WhatsApp encryption. This is proven by the recent incident where the FBI, after being refused by Apple to open up an iPhone used by a terrorist, broke into the phone by itself.

“If you are on the NSA list, there is nothing you can do to protect yourself,” says Pranesh Prakash, policy director with the Centre for Internet and Society. “They will find a way to get into your phone. In WhatsApp, many things like photographs and videos are not encrypted; these can get access to a person’s account.”

In India, the debate on access to encrypted phones has been on since the government engaged with Blackberry a few years ago. “There is no law governing an Over The Top (OTT) service like WhatsApp. If the government orders decryption of a call and WhatsApp cannot comply, it will become illegal,” says cyber lawyer Asheeta Regidi. The government’s seeming comfort level with all this legal ambiguity is yet another indicator that all is not what is seems with WhatsApp. As for callers, they would do well to speak discreetly on any network.

For more details visit http://editors.cis-india.org/internet-governance/news/outlook-july-25-2016-arindam-mukherjee-its-that-eavesdrop-endemic

IT Leaders, Lawyers Welcome SC Ruling on 66A of the IT Act

praskrishna — 2015-03-26T15:58:19Z

The Supreme Court of India has delivered a landmark judgment in scrapping section 66A of the Information Technology Act, which prescribed 'punishment for sending offensive messages through communication service, etc.' and had been branded as grossly 'unconstitutional' by various lawyers and legal advisors.

The blog past was published by Cio.in on March 25, 2015. Pranesh Prakash is quoted.

Here's what 66A of the IT (Amendment) Act, 2008 stated: Any person who sends, by means of a computer resource or a communication device,(a) any information that is grossly offensive or has menacing character;(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently by making use of such computer resource or a communication device, or (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine.

As per the study conducted by the Centre for Internet and Society, Bangalore, intermediaries over-comply and tend to take down even legitimate information when they receive a takedown notice. There were also several arrests made as a result. The most recent among which was when a class XI student from Bareilly was arrested for sharing an “objectionable” post on Facebook against senior Samajwadi party leader and state Urban Development Minister, Azam Khan.

The ruling by the Supreme Court has not only been welcomed by Shreya Singhal, the young law student who was among the first to challenge it in the Supreme Court, but also lawyers, legal advisors as well as IT leaders.

Pranesh Prakash, a Policy Director with the Centre for Internet and Society, Bangalore, and a graduate of the National Law School tweeted: While the case is about 'Internet' censorship, the SC judgment is against ALL censorship. That's important. #66A

According to Pavan Duggal, advocate, Supreme Court of India, Section 66A symbolized the tyranny of ambiguous vague terms over the purity of legitimate free speech.

"It represented a tool for suppressing bonafide free speech, which was extensively misused. Sec 66A was a foe more than your friend. In scrapping Sec 66A, Supreme Court has done a great service to the cause of free speech of vibrant digital Indians. Digital free speech in India owes a great deal to the SC ruling," said Duggal.

Various Indian IT leaders also expressed their satisfaction towards the apex court's ruling, and called it a balanced judgment.

Anjani Kumar, CIO, Safexpress says, the ruling is by and large, a favorable one. “Previously, people who were writing against the establishment were being harassed. However, with this ruling, the apex court has protected the constitutional right of freedom of speech,” he said.

There will be freedom of speech and everyone will be able to express their views openly on social media platforms. It will help maintain an equilibrium over a period of time,” said T.G Dhandapani, group CIO, TVS Motors.

While the general sentiment was fairly positive. Manas Mati, executive director and technology head, Walt Disney said, “I think the Section should not have been scrapped. Every person needs to be responsible and accountable for what they post on social media.”

Accountable or not, the judgment clearly indicates that's there won't be any arrests on the subjective interpretation of vague expressions such as “grossly offensive” and “menacing character” etc. under section 66A of the Information Technology Act, 2000.

“However, the ruling is a very balanced one, with the court stating that the government has the right to remove objectionable content, but not arrest the person. The negative can be that some people go overboard on social media and they need to be checked," Kumar said.

For more details visit http://editors.cis-india.org/internet-governance/news/cio-in-march-25-2015-it-leaders%2C-lawyers-welcome-sc-ruling-on-66a-of-the-it-act

IT Inc oppose Sibal’s ‘great’ firewall proposal

praskrishna — 2011-12-07T05:36:34Z

Information Technology and social media experts have questioned telecom and IT minister Kapil Sibal’s directive to social media and search engine firms to remove "disparaging, inflammatory or defamatory" user generated content from India and are doubting the cogency of such an exercise.

"It is virtually impossible to monitor all incoming content. Yes, internet service providers — both mobile and landline — could install equipment to find and filter certain phrases, but this would prove expensive," said Mahesh Murthy, founder and CEO of Pinstorm, an internet marketing company with a global presence.

Websites such as Facebook and Youtube already have mechanisms in place to report objectionable photographs and content. If some particularly inflammatory content does manage to seep through such filters, a complaint to one of the Cyber Crime Cells would get it offline, Murthy said. "What Mr Sibal is trying to do is build a great firewall of India, but at what cost? It is clear he has no grasp of technology," he added.

Such a "firewall" would not just curb freedom of speech, but could also reduce internet speeds, said Sampath Iyengar, social engineering officer with Neo Social7 Media Solutions, a social media company based in Mumbai. "This is a very complicated process, and quite unnecessary. We would need a lot of infrastructure similar to what China has," he said.

Nishant Shah, head of research at the Centre for Society and Internet, Bangalore, said keyword-based filtering is not the solution. "You wouldn’t want to end up with a situation where you are denied access to, say, the website of the University of Sussex because the address contains the word ‘sex’," he said. "So what we are really talking about is 10 million people sitting down and manually weeding through material, no less. Obviously, Kapil Sibal has not thought this through." India has over 100 million Internet users and about 30 million of them are on Facebook. Even by a conservative estimate, Facebook would need to scan through 90 million updates from India every day, Shah said. A Facebook representative, declined to talk to the media.

In the US, a similar move, in the form of the Stop Online Piracy Act (SOPA), has been vehemently opposed by the public on the grounds that it would clamp down on the free Web. The Act, if passed, would allow service providers to block websites suspected to be hosting or enabling the sharing of copyrighted content. In the first half of this year, India asked Google to remove 358 items — up from 282 in the second half of 2010 — that it found objectionable. In almost 300 of these cases, government criticism and defamation were cited as the reasons for removal.

The article by V Shoba was originally published in the Indian Express on December 7, 2011. Nishant Shah was quoted in this article. Read it here

For more details visit http://editors.cis-india.org/it-inc-oppose-sibals-firewall-proposal

IT companies in Bengaluru on high alert over WannaCry ransomware

praskrishna — 2017-05-19T09:05:46Z

In the wake of the ransomware attack triggered by WannaCry virus, IT firms in Bengaluru are racing against time to updating their security systems. At some firms, employees have been asked to stay away from work for a few hours, while many other companies have declared holiday for a day or two for their employees.

The article by Kiran Parashar K M & Shruthi H M was published in the New Indian Express on May 17, 2017. Pranesh Prakash was quoted.

Sources said IT teams in many firms are working overtime to ensure such attacks do not harm their systems. Employees have been communicated to be aware of unsolicited emails and were asked to stay away from work at a few places where the security systems update was in progress.

A network engineer of a secondary source software firm, who provides security solutions, said, “We were asked to work on weekend and monitor the servers. The monitoring process is likely to continue. Some of the outsourcing companies have declared holiday as network engineers are flooded with work.”
“Recent developments have affected work at IT firms but there is no report of any company getting affected,” a techie said.

Wipro Ltd officials told Express: “Wipro has not seen any impact. However, we remain vigilant and have strengthened security controls at all layers to detect and mitigate any such threat.”

Companies providing financial technology are struggling to ensure that all ATMs are running on updated software. “We are in touch with the original equipment manufacturers for the patches that may be required to be rolled out on the ATMs running on Windows XP and Windows 7, to make them additionally secure,” said Radha Rama Dorai (Country Head - ATM & Allied Services), FIS, a financial technology provider.
“Fortunately ATMs in India have not been affected by WannaCry ransomware,” said Dorai.

Sudesh Shetty, Partner, Forensics, KPMG in India, said: “Banks need to apply the patch which Windows has released for outdated operating systems. Organisations need to make use of it.”

WannaCry under reported

The Indian Cyber Army sources said that there has been under reporting of such incidents as many individuals use pirated version of the Windows software. Also, people have no idea whom to report if they fall prey to WannaCry.

For more details visit http://editors.cis-india.org/internet-governance/news/new-indian-express-kiran-parashar-km-and-shruthi-hm-it-companies-in-bengaluru-on-high-alert-over-wannacry-ransomware

IT Act if enforced will leave internet use in India no freer than in China

praskrishna — 2011-05-18T02:28:38Z

The Centre for Internet & Societies (CIS), a Bangalore-based NGO, recently filed an RTI query with the Department of Information Technology (DIT), asking for a list of websites blocked by the Indian government under the IT Act. The department handed them a list of 11 websites. It was just one department’s list, but this was the first time such a list was being made public. This news written by R Krishna was published by the Daily News & Analysis on May 15, 2011.

"The information given was not comprehensive. For instance, we still don’t know who ordered these blocks," says Sunil Abraham, executive director, CIS, "We will file another RTI application to get those details out."

As of now, Indians enjoy considerably free access to information online, and the right to freedom of expression is protected by the Constitution. But you run into a veil of secrecy when trying to find out what sort of information is being blocked online, who is doing it, and for what reason. The list of 11 revealed by the DIT is only representative — no one can even guess the real number because, well, there is no way of knowing when a website gets blocked.

What is more disturbing is that the government has formulated a set of rules that can block content considered "disparaging", "harassing", or "blasphemous", besides a whole range of other labels that are vague and hence open to interpretation. The rules put the onus of removing such material on intermediaries such as ISPs (internet service providers) and websites that host the content — within 36 hours of a complaint being filed. And just about anyone can request that the content be taken down — all they have to do is write a letter or an email with an electronic signature. There is no provision for the intermediary to challenge the complainant’s assessment of the content in question.

Users will be afraid

In other words, censorship will now be a free-for-all exercise. Protests, such as the one we saw during the Jan Lokpal agitation, can be nipped in the bud since anyone, including politicians, can claim that they are being "harassed". Information revealed by websites like WikiLeaks can be blocked because they may "threaten friendly relations with foreign states".

There is a sense of shock among the handful of netizens who are aware of these rules and the potential for their misuse. "What are we, Saudi Arabia? We don’t expect this from India. This is something very serious," Pushkar Raj, general secretary of the People’s Union for Civil Liberties, has been quoted as saying. MediaNama, a website reporting on the media industry, points out, "Who defines 'blasphemous'?... India doesn’t even have a blasphemy law, so who interprets what is blasphemous or not?" Media watchdog The Hoot’s Geeta Seshu says, "This is chilling. Websites will be wary of putting up content. How can one appeal? How can one have a free discussion on anything at all online?"

Vishal Anand, product manager at Burrp, an online startup that hosts user-generated reviews of restaurants, is worried about the impact it will have on the discussions happening on the website. "I hope the ecosystem is not impacted. Users may be more afraid to respond, and businesses will be afraid about the content they host."

Guilty until proven innocent

The fundamental issue is that the onus is on the carrier or host to prove that the content is inoffensive, if any objection is raised. "The regulation is placing the burden on the intermediary so that there is no need to go to court (to get content blocked). This is going to lead to a lot of private intervention. You will have to go to court to get the content back up online, rather than the other way around," says Delhi-based lawyer Apar Gupta.

In fact, intermediary liability is a contentious topic globally, and this is not the first time it has caused a controversy in India. Back in 2004, Ebay India’s CEO Avinash Bajaj was arrested because a user tried to sell a pornographic CD on its website. This set off a furious debate on the issue, with the government finally agreeing to amend the IT Act. Gupta notes on his blog, "Even after the IT Act was amended, the government failed to make any rules… In the absence of rules, intermediaries continued to be dragged to court and to the police station. This includes a recent incident where an FIR was registered against Facebook."

Checks and balances exist

These developments lend credence to a recent report on internet freedom released by US-based NGO Freedom House, which ranks India 14th out of the 37 countries surveyed. Stating that the internet in India is only "partly free", the report notes, “Pressure on private intermediaries to remove certain information in compliance with administrative censorship orders has increased since late 2009, with the implementation of the amended IT Act. The revised law grants (the government) the authority to block internet material that is perceived to endanger public order or national security… and assigns up to seven years' imprisonment for representatives of a wide range of private service providers… if they fail to comply with government blocking requests." What is even more troubling is that the current rules weren’t even in place when this report was being prepared.

The new rules could worsen India’s internet freedom rankings. Responding to DNA, Sarah Cook, Asia research analyst and assistant editor, Freedom House, said, “We would have concerns over some of the rules and how they came about. This includes broad and vaguely worded censorship criteria, apparent initiation of the regulations "quietly" without significant consultation with key stakeholders, and absence of an appeals process for those who might disagree with censorship decisions."

Legal experts in India too are puzzled by the new restrictions when there are already reasonable restrictions on freedom of expression that the Constitution defines.

"There are anti-defamation provisions in the law. Then why include 'disparaging' in the new rules? Why is impersonating being made illegal? For example, on online dating websites for gays, users may not feel comfortable revealing their identities straightaway. And if somebody is impersonating to commit fraud, there are laws that already exist that deal with it. Instead of incorporating existing offences, the scope of what may be considered illegal is being broadened," says CIS’s Abraham.

The new rules are so broad-based that anyone can claim they are offended and demand that content be taken down, even out of business rivalry.

For example, Zone-H.org, run by Italy-based Roberto Preatoni, was one of the 11 websitesblocked by the Department of Information Technology. This was done after the Delhi High Court passed an ex-parte interim order (where the other party is not present) in the E2 Labs versus Zone-H case to block the website.

"This seems unnecessary since it is some kind of private business battle between E2 Labs and Zone H. Where was the need for the Indian government to get involved?" asks Abraham.

Bangalore-based cyber law expert N Vijayashankar agrees. "Websites are being blocked using interim orders. There is no national interest involved in some of these cases. Plus, there is no need to block the entire website, just a particular page could be blocked."

In fact, one of the webpages blocked was an opinion piece Vijayashankar had written about the Zone-H case on BloggerNews.net. "I had no intimation that the webpage was being blocked," says Vijayashankar, who got to know about the blockage only after CIS published the DIT’s response.

Learn from the world

Globally, excessive regulation of online discussions, particularly those related to political and social issues, can kill the open exchange of information. "In many countries, we saw that new laws, prosecutions, or proactive government censorship contributed to greater self-censorship among users. This is particularly pernicious when it affects discussions that relate to public interest or that affect people's well-being — such as an Indonesian housewife facing high fines for circulating critical comments about a local hospital, the Chinese authorities censoring content on torture in police custody, or the Korean government prosecuting a blogger who posted pessimistic predictions about the country’s economy," says Cook.

Cook acknowledges that balancing the right to freedom of expression against security threats, hate speech or child pornography is quite difficult — even for nations that rank high in their study. But there are a few best practices that India could learn from. "Examples of good practices would include no criminal defamation provisions (though criminal penalties for inciting violence would be appropriate), immunity for online content providers from being held liable for the information posted by their users (there is such a law in the United States), and multi-stakeholder consultations prior to the passing of regulations related to the internet/digital media."

The new rules India has come up with fly in the face of such best practices. Authorities and netizens alike should be on the guard, lest we go the China way.

Read the original story published by DNA here

For more details visit http://editors.cis-india.org/news/it-act-internet-use

IT Accessibility for People with Disabilities Policy and Guidelines

praskrishna — 2017-05-19T15:25:49Z

For more details visit http://editors.cis-india.org/accessibility/files/policy-and-guidelines.pdf

Issue of duplication of identities of users under control: Nilekani

praskrishna — 2013-07-02T10:13:10Z

Nandan Nilekani says UIDAI system almost completely accurate, duplication of identities virtually negligible.

The article by Anirban Sen was published in Livemint on June 29, 2013. Sunil Abraham is quoted.

The Unique Identification Authority of India (UIDAI) chief Nandan Nilekani said the government agency was in preliminary discussions with some embassies to use the Aadhaar project to simplify visa application procedures and that the issue of duplication of identities of users was well under control.

In March, a UIDAI spokesperson told Mint that it had detected 34,015 cases where one person had been issued two Aadhaar numbers. The figures represented a little over 0.01% of the 290 million people who had been enrolled at the time.

Nilekani, who was delivering a keynote address at a three-day conference on the success and failures of information technology (IT) in the public and private sector at the Indian Institute of Management in Bangalore, said the UIDAI system was almost completely accurate and duplication of identities was virtually negligible.

“Knowing what we know now, we believe we have accuracy of upto 99.99%,” said Nilekani, chairman of the Unique Identification Authority of India (UIDAI).

Nilekani, on Saturday, assured that the project was completely secure and user data and biometrics were safe in the hands of the agencies it works with and brushed aside any concerns on security of user data that have been widely raised by Internet security groups and activists.

“We’re not giving any access to data, except when it is resident authorized. It is shared only when a resident participates in a transaction and authorizes the data which is shared,” said Nilekani, who was one of the seven co-founders of India’s second largest software exporter Infosys Ltd. He served as CEO of Infosys from 2002 to 2007.

“The system is also not open to the internet—the system has rings of authentications of service agencies. There are lots of concentric rings of security,” he added. “The biometric data is not used except for enrolment, re-duplication and authentication.”

Internet rights groups and activists such as Sunil Abraham of the Centre for Internet and Society (CIS), a research thinktank that focuses on issues of Internet governance, have often raised concerns over UID’s overtly broad scope and privacy issues in the project.

“We don’t need Aadhaar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the Internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies,” Abraham wrote in a blog post on the CIS website last year.

Nilekani also acknowledged that the department had faced several challenges, due to the sheer scale of the project that aims to cover the country’s entire population of 1.2 billion.

“We have had lots of challenges on this project—we have backlogs of enrolment because we have more packets than we can process, we backlogs of letter deliveries because we cannot handle so many letters…but fundamentally notwithstanding those challenges, we believe we are on the right track,” said Nilekani.

Both UIDAI and the census department under the National Population Register project are recording biometric data, which includes fingerprint and iris data. Even though both the agencies reached a truce after a cabinet decision in January 2012 and were allowed to co-exist, there have been several reports of duplication between the two agencies in biometric collection.

UIDAI is not just being used as the main platform for rolling out the government’s direct cash transfer scheme, but is also being regarded as an important authentication scheme for financial transactions and other security measures.

For more details visit http://editors.cis-india.org/news/livemint-anirban-sen-june-29-2013-issue-of-duplication-of-identities-of-users-under-control

ISPs start blocking escort websites following govt order

praskrishna — 2016-07-02T04:17:25Z

DoT on Monday ordered blocking of 240 URLs; blocking of websites takes place under Section 69A of the IT Act, and Information Technology Rules.

The article by Moulishree Srivastava was published in the Business Standard on June 14, 2016.

The Internet Service Providers (ISPs) have started blocking websites allegedly offering escort services after an order from the Department of Telecommunication (DoT).

The DoT on Monday asked ISPs to immediately block around 240 such URLs (Uniform Resource Locator) offering escort services, to filter out obscene content on the internet. Speaking to Business Standard, Internet Service Providers Association of India’s (ISPAI) President Rajesh Chharia said the ISPs were in process of shutting down these websites. ISPAI represents 60 ISPs including Bharti Airtel, Tata Teleservices, Reliance Communication, Vodafone and Idea Cellular.

“We received the order yesterday, and it entails a list of about 240 websites that the government wants us to block,” said Chharia. “CERT-In, which works under the Department of Electronics and Information Technology (Deity), advised the department on certain websites that it feels could be a national or social threat. Deity then reached out to DoT, which is our licensor. We are the licensee, and as per the licensing agreement, we have to comply with the order.”

While declining to comment on whether this is the first such order the association had received this year, Chharia said, “Since last few years, we have been receiving orders to block websites which hosts content that may be a threat to social order or national security.” Blocking of websites takes place under Section 69A of the IT Act, and a 2009 secondary legislation called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules (“Blocking Rules”).

The rules empower the central government to direct any agency or intermediary to block access to information when satisfied that it is “necessary or expedient so to do” in the interest of the “sovereignty and integrity of India, defense of India, security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognisable offence relating to above. Intermediaries failing to comply are punishable with fines and prison terms up to seven years.”

In December 2014, around six months after the Modi-led BJP government came into power, the DoT ordered ISPs to block 32 websites, including Vimeo, Dailymotion, GitHub and Pastebin.

According to an RTI filed by no-for-profit organisation Software Freedom Law Centre in March last year, Deity said 2341 URLs were blocked in 2014, adding that “barring few numbers, all URLs were blocked on the orders of the Court”.

Another RTI filed by Bangalore based think tank Centre for Internet and Society (CIS) found that 143 URLs were blocked in first three months of 2015 in order to comply with the directions of the competent courts. Later that year, the government attempted to block about 857 porn websites, but it had to revoke the order following the backlash online and offline.

The recent notice named a number of websites that need to be banned, including pinkysingh.com, jasmineescorts.com, onlyoneescorts.com, payalmalhotra.in, localescorts.in, pearlpatel.in, kavyajain.in, xmumbai.in, shimi.in and anchu.in.

According to Freedom on the Net 2015 report by Freedom House, which termed India as a “partly free” country on the internet, there were 129 operational ISPs in India as of May 2015.

For more details visit http://editors.cis-india.org/internet-governance/news/business-standard-moulishree-srivastava-june-14-2016-isps-start-blocking-escort-websites-following-govt-order

iSpirt's Sharad Sharma: Sorry, I trolled Aadhaar critics

praskrishna — 2017-05-26T00:13:38Z

Sharad Sharma, the man who is seen as one of the critical backbones of India's digital drive, profusely apologized on Tuesday for anonymously trolling those arguing for better privacy and security standards in Aadhaar.

The article by Shalina Pillai and Anand J was published in the Times of India on May 24, 2017.

The apology came a few days after Kiran Jonnalagadda, co-founder of developer community platform HasGeek and one of those who were at the receiving end of the trolling, used internet tools to discover the faces behind the trolling.

The trolls allegedly included several other members of iSpirt, the software product association co-founded by Sharma and which leads IndiaStack, a set of technologies that can be used to digitise many everyday processes used by common people. The issue has divided India's nascent startup community like never before, and coming soon after the division over the arrest of Stayzilla co-founder Yogendra Vasupal, there are many who now worry for the ecosystem.This may also explain the apology by Sharma, who has been at the forefront of building this ecosystem.

In the apology mail that he tweeted, Sharma said: "There was a lapse of judgment on my part. I condoned tweets with uncivil comments. So I would like to unreservedly apologise to everybody who was hurt by them. Anonymity seemed easier than propriety, and tired as I was by personal events and attack on iSpirt's reputation, I slipped. I won't be part of anything like this again nor passively allow such behaviour to happen, even in the worst of times."

Nandan Nilekani tweeted in response to Sharma's apology that it was brave of him to do so. Several others in iSpirt also backed Sharma after the public apology . There was a surge of tweets in response to Sharma's and Nilekani's tweets, some welcoming the turn of events and others saying it wasn't enough. Jonnalagadda is among those who are not satisfied. "There were several individuals at iSpirt behind these trolls and Sharma's apology is not enough," he told TOI.

Aadhaar, aggressively pushed by the government, is being fiercely questioned by privacy and security advocates. Though most of these activists say they are asking for implementation of safeguards, the Twitter hashtags used by some of them include #antiaadhaar, #destroyaadhaar and #attackaadhaar, which seem to suggest they are entirely opposed to the authentication mechanism.

Both sides have used intemperate and often abusive language on social media -many using anonymous names. The latest flashpoint was a report by the Centre for Internet and Society (CIS) released earlier this month that said some 135 million Aadhaar numbers were leaked through government databases. There have also been accusations that private companies that verify Aadhaar credentials often get access to the full Aadhaar information of individuals. These provoked the proAadhaar trolls. Jonnalagadda, Nikhil Pahwa, co-founder of the Internet Freedom Foundation, which works on issues including net neutrality, and free expression and privacy on the internet, and Sunil Abraham of CIS were under particular attack.

Some of the iSpirt fellows and volunteers TOI spoke to had little remorse. "I am not saying iSpirt should have done what it did. But I can imagine why iSpirt reacted like this as we all have been under constant personal attack for a year now," said an iSpirt fellow, who did not want to be identified. Jas Gulati, co-founder and CEO at Nowfloats and a volunteer at iSprit, said iSpirt was an open organisation. "Sharad was upfront about it and I think it's very positive."

The Aadhaar privacy advocates, including Jonnalagadda and Pahwa, are clear they value iSpirt, but say it was undermining itself by its actions. One pointed to a February meeting of iSpirt where they created a programme called Sudham that distributed prominent Aadhaar critiques into four quadrants -`Misinformed, fearful and engaging', `Informed, fearful and engaging', `Misinformed and trolling' and `Informed and trolling' -and assigned different members to deal with each quadrant. Some of those who were assigned responsibilities appear to have taken their job too seriously .

Pahwa told TOI, "The work done by the Product Nation initiative at iSpirt is what makes it an important organization. But when people raise questions of IndiaStack and Aadhaar, many in that team respond with venom. iSpirt is unique, in that it is a thinktank that plays the role of an activist and lobbyist with a high degree of influence with the government and so they must develop processes for better governance, transparency and accountability ."

Anand Venkatanarayanan, a senior engineer at NetApp and independent Aadhaar researcher, said iSpirt should not be judged based on what Sharma did. "What we are trying to do is strengthen the Aadhaar system. Currently, they do not even have a process to report bugs. Large companies all have SOPs (standard operating procedures) to deal with issues. UIDAI does not," he said, noting that his views are personal and not that of his employer's.

For more details visit http://editors.cis-india.org/internet-governance/news/the-times-of-india-may-24-2017-shalina-pillai-anand-j-ispirts-sharad-sharma-sorry-i-trolled-aadhaar-critics

ISP

praskrishna — 2015-06-19T01:37:02Z

ISP

For more details visit http://editors.cis-india.org/home-images/copy_of_ISP.png

ISP

praskrishna — 2013-01-04T10:25:40Z

ISP

For more details visit http://editors.cis-india.org/home-images/ISP.png

ISO/IEC JTC1/SC 27 Meetings

praskrishna — 2017-04-27T16:38:46Z

Udbhav Tiwari represented the Centre for Internet & Society in a series of meetings held at University of Waikato and Novotel in Hamilton, New Zealand between April 18 and 25, 2017.

The participation was by the virtue of our institutional membership in Information Systems Security Sectional Committee (LITD 17) at the Bureau of Indian Standards.

The first 5 days of the meetings (18 to 23 April, 2017) were the working group meetings, where Udbhav participated in Working Group 1 - Information security management systems and Working Group 5 - Identity management and privacy technologies. Udbhav's participation in WG1 was largely exploratory, where I made some connections and tagged projects for us to comment on prior to the next set of meetings. These projects were Cyber Security, Cyber Insurance, Government Use of the ISO 27001 Standards, International Framework for Cyber Security and the Standing Document on Regulatory Use of 27001.

In WG5, Udbhav was appointed as Co-Rapporteur in the Study Period on Smart Cities, which will go on for another 6 months. The plenary of SC 27 was held on April 24 and 25, 2017. The final resolutions from the Working Groups plenary can be accessed below:

WG1 Recommendations and Resolutions

WG5 Resolutions

For more details visit http://editors.cis-india.org/internet-governance/news/iso-iec-jtc1-sc-27-meetings

Isha Suri

praskrishna — 2022-01-21T14:59:36Z

For more details visit http://editors.cis-india.org/about/people/IshaSuri.png