Centre for Internet and Society

India’s net neutrality debate is unique and complex

praskrishna — 2015-12-30T16:38:45Z

Connectivity to millions in India is main issue

The article by Pratap Vikram Singh was published in Governance Now on December 14, 2015.

The net neutrality debate has perplexed layman and policy experts alike. For a developing country like India, where a majority of the population doesn’t have access to internet, whether government should stick to the core principles or should it allow flexibility in network management practices to operators is still not clear yet. Whether India should go for an overarching, prophylactic regulation (ex ante), prohibiting any kind of zero rating, or should it adopt evidence-based, contextual regulation (ex post facto)? Whether zero rating should be allowed and if allowed then on what conditions? This is what experts from telecom industry and civil society deliberated in a round table on network neutrality jointly organised by Observer Research Foundation and Centre for Internet and Society on Saturday.

Neutrality refers to open and non-discriminatory nature of internet; information (or say data packets) has always flown freely on the network. Facebook, Google and many other internet businesses have emerged as a result of free and non discriminatory nature of internet.

Warning against taking a 'doctrinaire' approach to net neutrality, a telecom industry expert said that regulators must have flexibility to respond to market demand in the telecom industry. Adding that Indian market is unique with more than seven-ten telecom operators providing internet facility, the expert said that net neutrality will play differently in developing countries.

He said if implemented properly, the zero-rating approach or sponsored content followed by TSPs, “can be one of the ways to scale up internet access” to the unconnected regions.

Another industry expert said that the regulations on network neutrality has to be contextualized in terms of geography. He criticized the ‘savetheinternet’ movement, which galvanised support of one million internet users in favour of strict neutrality, for preventing one billion people from accessing ‘free’ internet. He said that telecom operators’ revenue from zero rating plans is less than one percent.

He was also against bringing net neutrality under the purview of competition commission of India. He said that there are already several laws related to consumer protection, information technology and monopoly to deal with situations arising out of neutrality issue.

An internet freedom activist said that zero rating can be allowed under stringent conditions of transparency, non-exclusivity and reasonability. He said that one way of setting the neutrality debate would be to allow zero rating with an amount of equal rating. This means that telecom players can offer toll free access to certain websites but they would also have to provide free 100 Mb or 200 Mb data connectivity within which a user can access any website or app for free.

“Countries like the US can afford to debate on net neutrality as almost 90 percent of their population are connected to internet. Here (in India) we should first worry about providing internet access to our people,” an ORF researcher said, speaking on the sidelines of the roundtable discussion.

The neutrality debate is getting momentum again with TRAI’s consultation paper being released on December 9. In its second paper, TRAI suggested, “that TSPs could provide initial data consumption for free, without limiting it to any particular content. Current examples of this approach include allowing free browsing or discounted tariffs for specified time windows, or giving away a certain amount of data for free.”

The regulator also called for regulation that “must seek a balance between ensuring wider access to the internet,” and in the manner that does not allow discrimination in charging tariffs from the users consuming varied content. The regulator has asked all stakeholders in telecom industry to come up with alternative methods in order to provide free access of internet to the consumers, and keep competition and innovation in the market intact.

For more details visit http://editors.cis-india.org/internet-governance/news/india2019s-net-neutrality-debate-is-unique-and-complex

India’s National ID Program May Be Turning The Country Into A Surveillance State

praskrishna — 2017-04-07T12:49:30Z

For seven years, India’s government has been scanning the irises and fingerprints of its citizens into a massive database. The once voluntary program was intended to fix the country’s corrupt welfare schemes, but critics worry about its Orwellian overtones.

The blog post by Pranav Dixit was published by BuzzFeedNews on April 4, 2017. Sunil Abraham was quoted.

An abridged version of the blog post containing Sunil Abraham's quotes are reproduced below:

“You can’t change your fingerprints”

Sunil Abraham, the CIS director, calls himself a “technological critic” of the Aadhaar platform. For years, he’s been warning of the security risks associated with a centralized repository of the demographic and biometric details of a billion or so people.

“Aadhaar is a sitting duck,” Abraham told BuzzFeed News. That’s not an unreasonable assessment considering that India’s track record for protecting people’s private data is far from stellar. Earlier this year, for example, a security researcher discovered a website that was leaking the Aadhaar demographic data of more than 500,000 minors. The website was subsequently shut down, but the incident raised questions about Aadhaar’s security protocols — particularly those around data shared with third parties.

Abraham’s concerns are not without global precedent. In 2012, Ecuadorian police jailed blogger Paul Moreno for breaking into the country’s online national identity database and registering himself as Ecuadorian President Rafael Correa. In April 2016, hackers posted a database containing names, national IDs, addresses, and birth dates of more than 50 million Turkish citizens, including Turkish President Recep Tayyip Erdogan; later that month, Mexico’s entire voter database — over 87 million national IDs, addresses, and more — was leaked onto Amazon’s cloud servers by as-yet-untraced sources; and in the Philippines, more than 55 million voters had their private information — including fingerprints — released on the Dark Web.

“When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data.”

“What is the price that we pay as a nation if our database of over a billion people — complete with all 10 fingerprints and iris scans — leaks?” Abraham asked. The consequences, he said, will be permanent. Unlike a password, which you can reset at any time, your biometrics, if compromised, are the ultimate privacy breach. “You can’t change your fingerprints.”

The UIDAI claims that the Aadhaar database is protected using the “highest available public key cryptography encryption (PKI-2048 and AES-256)” and would take “billions of years” to crack.

“Encryption like this doesn’t typically get broken, it gets circumvented,” security researcher Troy Hunt told BuzzFeed News. “For example, the web application that sits in front of it is compromised and data is retrieved after decryption.” Or alternatively, he said, the encryption key itself is compromised. “Naturally, governments will offer all sorts of assurances on these things, but the simple, immutable fact is that once large volumes are centralized like this, there is a heightened risk of security incidents and of the data consequently being lost or exposed,” he added.

Cryptographer and cybersecurity expert Bruce Schneier echoed Hunt’s assessment. “When this database is hacked — and it will be — it will be because someone breaches the computer security that protects the computers actually using the data,” he said. “They will go around the encryption.”

Nilekani — who did not respond to BuzzFeed News’ requests for comment — recently dismissed concerns around the project’s privacy implications as “hand-waving.” In an interview with the Economic Times, he repeatedly stressed how secure Aadhaar’s “advanced encryption technology” was. “I can categorically say that it’s the most secure system in India and among the most secure systems in the world,” he said.

Abraham is unconvinced by such assurances. He believes Aadhaar fundamentally changes the equation between a citizen and a state. “There’s a big difference between you identifying yourself to the government, and the government identifying who you are,” he said.

Aadhaar’s opponents say the program’s implementation has left India’s poorest people with no choice but to use it. “If you link people’s food subsidies, wages, bank accounts, and other crucial things to Aadhaar, you hit them where it hurts the most,” Ramanathan argued. “You leave them with no choice but to sign up.”

“Can you imagine if the United States passed a law that said that every person who wished to get food stamps would need their fingerprints registered in a government-owned database?” a journalist turned Aadhaar activist who did not wished to be named told BuzzFeed News. “Imagine what a scandal that would be.”

For Nilekani, such criticism is just overstatement and drama. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he said during a recent interview with Indian business news channel ET Now. “The reality is that a billion people are using Aadhaar. A lot of the accusations are just delusional. Aadhaar is not a system for surveillance. [The critics] live in a bubble and are not connected to reality.”

Abraham laughed off Nilekani’s comments. “The Unique Identification Authority of India will become the monopoly provider of identification and authentication services in India,” he said. “That sounds like a centrally planned communist state to me. I don’t know which left liberal elites he’s talking about.”

For more details visit http://editors.cis-india.org/internet-governance/news/buzzfeednews-pranav-dixit-april-4-2017-indias-national-id-program-may-be-turning-the-country-into-a-surveillance-state

India’s Internet Curbs Under Legal Cloud

praskrishna — 2012-08-26T05:48:12Z

India’s crackdown on the Internet has caused much debate. But was it legal?

This article by Rumman Ahmed and R Jai Krishna was published in Wall Street Journal on August 25, 2012. Pranesh Prakash is quoted.

India’s government says its moves this week to block websites, Twitter accounts and news portals was necessary to reduce simmering tensions over ethnic violence in the northeast of the country.

Authorities have far-reaching powers to do just that, laid down in rules framed in April 2011 under the country’s controversial new IT law.

But those rules state authorities must give companies 48 hours notice before blocking Web pages. In cases of emergency, New Delhi can block first and inform a special government committee within 48 hours. That committee must notify the blocked sites.

Many of the sites that India blocked or sought to block, including Twitter accounts of anti-government commentators and mainstream news organizations, say they were given no forewarning of the actions and weren’t contacted afterwards, either.

Indian news website Firstpost.com and Kanchan Gupta, a newspaper columnist who is critical of the government, were among those who faced blocks. Mr. Gupta and First Post Editor-in-Chief R. Jagannathan both said they were not contacted by the government either before or after the blocks.

The Home Ministry this week provided lists of around 300 web pages, including Twitter accounts and news stories, to the Ministry of Communications and IT, which then ordered Internet Service Providers to block them.

Kuldeep Dhatwalia, a Home Ministry spokesman, confirmed the lists. The government, he said, was not bound to give notice in an emergency situation.

The government’s reading of the IT law is unlikely to win it any friends among those who say the government is curtailing Internet freedoms.

“It seems the government is yet to have a well planned strategy in place to counter threats to public security and law and order events arising out of viral distribution of malicious content via social media networks,” said Anirban Banerjee, an associate vice president at CyberMedia Research, a New Delhi-based information technology research firm.

India’s government has defended its conduct by saying the blocked Web pages and Twitter handles were inciting communal hatred amid recent violence between Muslims and northeasterners in the state of Assam that has cost almost 80 lives.

The government says some off the sites hosted fake pictures purporting to show violence against Muslims in Assam. In fact, many of these pictures showed Muslim refugees from Myanmar, authorities say.

“We are only taking strict action against those accounts or people which are causing damage or spreading rumors. We are not taking action against other accounts, be it on Facebook, Twitter or even SMSes. There is no censorship at all,” the Home Ministry said in a statement Friday.

“We decided on taking action because there were pictures of Myanmar etc. online, which were disturbing the atmosphere here in India.”

Critics, though, say the government also targeted Twitter accounts that were critical of Prime Minister Manmohan Singh, giving a political tinge to the censorship.

Some commentators said the government asked Internet Service Providers to block sites without invoking any laws.

“The four orders that were sent to the ISPs don’t say under which section or under what power these orders are being sent,” said Pranesh Prakash, a lawyer and program manager at the Bangalore-based Centre for Internet and Society.

“They were sent without invoking any statute or without invoking any law. The orders just say that those on the list would have to be blocked immediately. It doesn’t say these have be decided by whom, under what provision or what law,” Mr. Prakash added.

One telecom operator said on condition of anonymity that the government has not sent any new lists since Aug. 21. Google Inc and Facebook Inc. say they are working with the government to take down offensive content. Twitter Inc. has not commented.

The latest clampdown comes as public-interest groups are pressing the government to scrap the latest Web censorship laws. Critics say the rules not only limit free speech but also expose Internet companies to unfair liability for material posted by Web users.

“In the 21st century, you cannot censor your way to public tranquility,” said Mishi Choudhary, lawyer and director of international practice at New York-based Software Freedom Law Center.

For more details visit http://editors.cis-india.org/news/wsj-com-aug-25-2012-rumman-ahmed-r-jai-krishna-indias-internet-curbs-under-legal-cloud

India’s Indigenous Languages Drive Wikipedia’s Growth

praskrishna — 2013-08-09T09:58:05Z

Despite accommodating the world’s second largest English-speaking population behind the United States, it is India’s indigenous language speakers that are creating and consuming the content that is driving Wikipedia’s growth on the subcontinent.

Note: We have published only portions where CIS has been mentioned and T. Vishnu Vardhan, Programme Director, Access to Knowledge has been quoted. The complete post by Mahesh Sharma was published in TechCrunch on August 6, 2013, you can read it here.

The Wikimedia Foundation last year issued a ~~$40,000~~ $440,000 grant to the Bangalore-based Centre for Internet and Society (CIS), which, along with the local Wikimedia chapter, has trained almost 2,500 Indians how to edit and create content in their local languages.

Last September, CIS targeted ten tongues — Assamese, Bengali, Gujarati, Hindi, Kannada, Malayalam, Marathi, Odia, Punjabi and Telugu — and started working with India’s Wikimedia chapter, responsible for coordinating the local volunteer efforts, to boost the amount of local language content being created on a range of websites including, Wikipedia, Wiktionary, and WikiCommons.

CIS said that between September 2012 and April 2013 the number of page views increased by almost four million.

While the program has had an impact, director T. Vishnu Vardhan admitted there were some ominous findings. After CIS stopped supporting the Assamese Wikipedia in January 2013, the 20 active editors all but left the site.

“The decline over the last three months also alerts us to the possibility of building dependencies on the program, which is a concern that we need to address going forward,” Vishnu said. ”We need to ensure this community and new people are sustained, that we engage them keep and them interested by showing them the excitement of being part of open knowledge building.”

Ultimately, Vardhan hopes this capacity building exercise will spark a self-fulfilling cycle of local Wikipedia content production and consumption. These reach of these tools is growing as last month, mobile operator Aircel and Wikimedia India announced that subscribers could freely access m.wikipedia.org, available in 19 Indian languages, from their mobile phones

For more details visit http://editors.cis-india.org/news/techcrunch-august-6-2013-mahesh-sharma-indias-indigenous-languages-drive-wikipedias-growth

India’s ethnic clashes intensify within social-media maelstrom

praskrishna — 2012-08-24T12:25:47Z

It began in mid-July: First came a series of retaliatory killings between ethnic communities in the state of Assam in mid-July. Soon nearly 500,000 people had fled their homes for grim refugee camps. The central government belatedly sent in troops to assist, although that has barely quieted matters. But in the meantime, the violence in remote Assam triggered a bizarre series of knock-on events that has affected the entire country.

Published in the Globe and Mail. Sunil Abraham is quoted.

First a Mumbai demonstration in support of Muslims in Assam turned violent, leaving two people dead. Then tens of thousands of people from the northeast who lived and worked in big cities in the south of India packed up and fled back home – terrorized by Facebook, Twitter and text messages threatening them with violence in “retaliation” for what was happening in the north. The Indian government accused Pakistani agents of producing the threatening material to destabilize India. Then India went on a web crackdown, ostensibly trying to shut off the social media causing the panic – but setting off a fierce debate about censorship in the process.

Violence in the northeast

The seven states in the Indian northeast are connected to the rest of the country by only a tiny strip of land and often seem to exist in a whole other country. Several states have ongoing ethnic conflicts, and are covered by a law giving the Indian armed forces central powers, sharply criticized by human rights organizations. But the rest of the country knows little and, it often seems, cares less about these disputes.

So it was, initially, with the violence in Assam: in mid-July, killings began in the west of the state that has seen historic conflict between people in the Bodo ethnic group, which makes up about 35 per cent of the state population, and Bengali-speaking Muslims who migrated to the region, in some cases generations ago, from farther south – they are about 29 per cent of people in the state. The fight, said Sanjoy Hazarika, who directs the Centre for North East Studies at Jamia Millia University in Delhi, is over access to resources, and land. Simply put, the Bodo, who hold political power in the state, won’t share the resources they receive from New Delhi, which angers other groups, while the Bodo, who fear their status as the dominant group is ebbing, are desperate to hold on to power. Over the course of two weeks, some 79 people were killed, often gruesomely; at least 14,000 homes were burnt and people from both sides of the fight fled to refugee camps in one of the largest movements of people in the region since partition in 1947.

Mr. Hazarika noted that the dispute had existed as warm embers to a long-running demand for a separate Bodo state: “When governments don’t get at the core of issues and when [they] leave things half-baked and unresolved these things fester.” Some 190,000 people were still living in camps left over from riots in the 1990s, he said. “Governments come and go and are incapable of sending people home in safety.”

Right-wing Hindu organizations in the country including the Bharatiya Janata Party (BJP), the official opposition, blamed the trouble on illegal immigrants from Bangladesh. Mr. Hazarika rejected the idea. “Of course there are Bangladeshis coming in but nothing on the scale they are propagating – it’s a mantra to divert attention from the real core issues of natural resources, political power and just economic distribution of central funds.” Because the central government has failed to respond except by sending troops, he added, there is real danger these sporadic clashes could become a wider armed conflict.

Repercussions in the south

The first sign that this episode of violence in the northeast was going to have an impact outside the region came when a demonstration in Mumbai on Aug. 11, organized in support of Muslim victims of alleged atrocities, became violent. Two people were killed and at least 14 were seriously injured. Some protesters said they had been shown images taken from the Internet of Muslim victims in the northeast, which inflamed the crowd.

Days later, the exodus began: thousands of people of northeastern origin who had migrated for work to the more prosperous big cities of the south, such as Bangalore and Pune, suddenly began to flood into train stations, desperate to flee. They said they had received text messages warning them to go or face violent reprisal for what had been done to Muslims in Assam. But it wasn’t just Assamese who were fleeing: people from Manipur and the other five states went too, because Indians from the rest of the country rarely distinguish between the northeast states and they all felt afraid.

In vain, the Prime Minister and other major political figures pleaded with them to stay put and stay in their jobs. Nitin Pai, an expert on social media with a think tank called the Takshashila Institution, said it was the first time India saw what it means to be what he calls a “radically networked” country – more than three-quarters of Indians have cellphones and can receive text messages. Far fewer have Internet access – but one person who sees a Facebook page or Twitter post can quickly text 50 others, he noted. “When people are connected in such a fashion it’s very easy to mobilize them quickly, and mobilization is much faster than counter-mobilization. In Bangalore, by the time people in authority came to know there was a rumour and people were packing their bags, they were too late – by then 5,000 people were at the train station.” The government response needed to go up a hierarchy and across ministries – and meanwhile the text messages were flying.

It was also, said Mr. Pai, indicative of how little faith people had in government’s ability to protect them, and, Mr. Hazarika said, illustrated the deep distrust people from the northeast have for the central government

Internet crackdown

As the government began to dig in to the cause of the panic, the story became increasingly bizarre. Almost none of the images that were ostensibly outraging Muslims in the rest of India, and potentially spurring them to acts of vicious revenge, were actually of Assam. The much-circulated Facebook images were Photoshopped (often badly) pictures of atrocities allegedly carried out against Muslims in Burma several years ago or entirely unrelated pictures (such as those of Buddhist monks helping earthquake victims in Tibet) purporting to be from Assam. But the media consumers in question were not sophisticated, Mr. Pai noted, and the irrationality was lost in the mass panic.

On Aug. 19, Indian Home Minister Sushil Kumar Shinde said that government intelligence agencies had determined that the posts were originating in Pakistan, and that he had asked his Pakistani counterparts to track down and stop those responsible. Pakistan denied responsibility. Relations between the two countries, which had been thawing perceptibly, suddenly became chilly once more.

To try to stanch the exodus to the northeast, the Indian government first banned the sending of bulk text messages and then began to try to block Internet sites that hosted offensive material. But this undertaking fast became fraught: for the past three years the Indian government has battled in court with big Internet companies, such as Facebook and Google, and its own citizens over efforts at censorship. The government has been engaged in a prolonged skirmish with the companies to try to force them to screen and remove “objectionable” material.

But up until now, that material has been satirical Twitter handles and Facebook groups that mock senior members of government or the ruling Indian National Congress. “Now for a change, the government has legitimate grounds to censor speech,” said Sunil Abraham, director of the Centre for Internet and Society in Bangalore, “but they’ve cried wolf on so many occasions before.”

Nevertheless, the companies concerned have engaged the government on the issue, acknowledged that the material in question is causing harm and disrupting public order, and appear to be co-operating in its removal. The government has listed 310 items – Twitter feeds, Facebook pages, URLs – for blocking. But, Mr. Abraham noted, instead of doing that directly with the firms, it is using the much slower and more erratic approach of relying on Internet Service Providers or ISPs to do it.

Mr. Abraham said he fears what may come next: that government will see this incident as reason – or use it as a pretext – to attempt to get an even tighter hold over the Internet. “Then we’re headed for big trouble.”

For more details visit http://editors.cis-india.org/news/www-the-globe-and-mail-stephanie-nolen-august-23-2012-indias-ethnic-clashes-intensify-within-social-media-maelstrom

India’s Digital ID Rollout Collides With Rickety Reality

praskrishna — 2017-01-17T15:35:04Z

India’s new digital identification system, years in the making and now being put into widespread use, has yet to deliver the new era of modern efficiency it promised for shop owner Om Prakash and customer Daya Chand.

The article by Gabriele Parussini was published in the Wall Street Journal on January 13, 2017. Hans Varghese Mathews was quoted.

At first, it drove both men up a tree.

The system, which relies on fingerprints and eye scans to eventually provide IDs to all 1.25 billion Indians, is also expected to improve the distribution of state food and fuel rations and eventually facilitate daily needs such as banking and buying train tickets.

But Mr. Prakash couldn’t confirm his customers’ identities until he dragged them to a Java plum tree in a corner of his village near New Delhi’s international airport. That was the only place to get the phone signal needed to tap into the government database.

“I hopped on a chair and put my finger in the machine,” said Mr. Chand, a 60-year-old taxi driver. Getting his state food ration “used to be much easier,” he said.

In a system so vast, even small glitches can leave millions of people empty-handed.

The government began building the system, called Aadhaar, or “foundation,” with great fanfare in 2009, led by a team of pioneering technology entrepreneurs. Since then, almost 90% of India’s population has been enrolled in what is now the world’s largest biometric data set.

Prime Minister Narendra Modi, who set aside early skepticism about the Aadhaar project after taking power in 2014, is betting that it can help India address critical problems such as poverty and corruption, while also saving money for the government.

But the technology is colliding with the rickety reality of India, where many people live off the grid or have fingerprints compromised by manual labor or age.

Panna Singh, a 55-year-old day laborer in the northwestern state of Rajasthan who breaks stones used to build walls, says the machine recognized his scuffed-up fingerprints only a couple of times.

“I’ve come twice today,” he said at a ration shop in the village of Devdungri. “That’s a full day of work, gone.”

Iris scans are meant to resolve situations where fingerprints don’t work, but shops don’t yet have iris scanners.

Ajay Bhushan Pandey, chief executive of the government agency that oversees Aadhaar, said kinks will be ironed out as the system is used, as is the case with software rollouts. It works 92% of the time, and that will rise to 95%, he said.

“On the scale of what [Aadhaar] has achieved, the rollout has been remarkably smooth,” said Nandan Nilekani, the Infosys co-founder who spearheaded the project. “I don’t see any issues that are disproportionate to the size of project.”

An Aadhaar ID is intended to be a great convenience, replacing the multitude of paperwork required by banks, merchants and government agencies. The benefits are only just beginning, backers say, as the biometric IDs are linked to programs and services.

But in rural areas, home to hundreds of millions of impoverished Indians dependent on subsidies, the impact of technical disruptions has already been evident.

After walking for two hours across rough underbrush in Rajasthan to get kerosene for the month, Hanja Devi left empty-handed because the machine couldn’t match her fingerprint with her Aadhaar number.

“It’s always so difficult” using the system, said Ms. Devi, who lives with her husband and a nephew on 1,500 rupees ($22) a month.

Ranjit Singh, who operates the shop, said five of the 37 customers before Ms. Devi also left the shop empty-handed, a failure rate of over 15%.

A shop manager in a neighboring village said identification had failed for a similar portion of his 500 customers.

Any biometric recognition system of Aadhaar’s size is bound to show duplicates, meaning some people’s biometric identifiers will match someone else’s when they try to enroll.The new system hasn’t eliminated attempts at fraud. In August, police in Rajasthan accused two shop managers of linking their fingerprints to a multitude of cards and stealing for months the rations of dozens of clients.

Hans Varghese Mathews, a mathematician at the Bangalore-based Center for Internet and Society, used the results of a test run by Aadhaar officials on a sample of 84 million people to extrapolate the figure for India’s total population. The error level is less than 1%, but in the world’s second-most populous country, the snag would still affect about 11 million people, he said.

Government officials disputed the calculation, saying the number of duplicates would be much smaller—and that it would take only seven analysts to manage the error caseload.

As for trouble connecting to the registry, better infrastructure, including steadier internet connections, will eventually also help, Mr. Pandey said.

For now, Mr. Prakash has found a way to cope without climbing trees. After scouring the village, he set up a shack in a spot with enough bandwidth for his fingerprint scanner to work. It is hardly efficient. He issues receipts in the morning at the shack, then goes back to his shop to hand out the grains. Customers have to line up twice, sometimes for hours.

Mr. Prakash has applied to the government to operate without biometric identification, but his request was turned down, he said. “They said: ‘You have to keep trying.’ ”

For more details visit http://editors.cis-india.org/internet-governance/news/wall-street-journal-gabriele-parussini-january-13-2017-indias-digital-id-rollout-collides-with-rickety-reality

India’s dedicated Cryptology centre gets Rs. 115 crore funding

praskrishna — 2014-07-29T07:18:08Z

Work on India's first dedicated cryptology centre – plans for which were first announced in June 2012 – will likely accelerate as the project has gained initial funding of Rs. 115 crore from the federal government, stepping up the nation's efforts to stay on top of an area critical to its military and financial interests.

The blog post by Harichandan Arakali was published in SearchSecurity.in on July 28, 2014. Sunil Abraham gave his inputs.

The research facility, called the RC Bose Centre For Cryptology and Security, is to be built on the campus of the Indian Statistical Institute at Kolkata, where there is already ongoing cryptology research and consultancy work, albeit on a smaller scale, according to professor Rana Barua, the centre's head.

In a world where electronic transactions and access to an ever-increasing number of places, installations and objects have made physical borders less relevant, the task of securing them against threats means strong encryption of data is critical to national defense.

"This centre is of course a welcome initial step, but it can't be the only thing. We will have to, ideally, take a billion dollars from some of the big funds, such as the Universal Service Obligation fund or from the next (wireless) spectrum auctions, and throw it at cryptography," said Sunil Abraham, director for policy at the Centre for Internet and Society, a non-profit research organisation.

"If the country takes our military superiority seriously, then when it comes to cyber wars, without having an upper hand in cryptography, there is no use discussing anything else," he added.

The new cryptology centre will focus on basic research, but take on applied work for India's defense needs and those of its financial institutions, professor Barua said, developing algorithms, testing encryption products for robustness, detecting vulnerabilities and so on.

The center will augment indigenous capabilities in cryptology and information security, Bimal K Roy, director of the India Statistical Institute told India's Press Trust, which reported the funding earlier this month.

"It is an important element of the overall efforts and framework to enhance capabilities to ensure holistic security of the Indian cyber space. With an eminent body of world class experts, it will act as a hub for all cryptographic requirements, cutting edge research and technology development within the country," Press Trust cited Roy as saying.

Once centre is up and running and, over the next two years, it will have the infrastructure to allow more than 30 researchers to work, but "the problem of course is to get good researchers in this area," Barua said.

Pretty much all the best mathematicians in the world today work with the US government either directly or as part of the American academia and via research projects funded by the US government, said the Centre for Internet and Society's Abraham.

Given that most of the standards used today are those set by the National Institute of Standards and Technology (NIST), the US standard-setting organisation, "we should ensure that our participation at NIST is of the highest quality and we need an army of mathematicians," he said.

However, in India there may be a small number of mathematicians who are capable of the highest level of cryptology research. Even if there are more, there is another problem for them to keep abreast of the latest advances.

In the past, maths used to be an open science and all advances would be published and available for peers to learn from each other. With the militarisation of the areas of maths that deal with cryptology, the latest research isn't available and mathematicians have to essentially work things out on their own as well as conjecture what others might be doing.

Today, every country other than the US faces a shortage of skilled cryptographers, according to Abraham: "Everybody is in the soup, but India is in worse soup because we went with this engineering craze instead of pure sciences and math, we've ignored building capacity in that area."

For more details visit http://editors.cis-india.org/news/search-security-july-28-2014-harichandan-arakali-indias-dedicated-cryptology-centre-gets-funding

India’s cyber-security budget 'woefully inadequate': Experts

praskrishna — 2015-02-09T01:20:07Z

India's cyber-security budget was more than doubled last year. Yet, it is "woefully inadequate" in the wake of revelations made by US National Security Agency contractor Edward Snowden and increasing cyber-attacks on government infrastructure, according to experts.

The article by Jayadevan P.K. and Neha Alawadhi was published in the Economic Times on January 28, 2015. Sunil Abraham was quoted in this.

2014-15, the Department of IT has set aside Rs 116 crore for cyber security. The country has proposed to set up a national cyber coordination centre (NCCC) with a separate budget of Rs 1,000 crore. The coordination centre is still awaiting Cabinet clearance. "Allocation is woefully inadequate given Snowden's revelations - we need at least 10 times that amount," said Sunil Abraham, executive director at Center for Internet and Society.

According to the Computer Emergency Response Team-India (CERT-In), reported attacks on Indian websites have increased nearly five times in the past four years. Until mid-2014, CERT-In recorded more than 60,000 incidents.

Cyber security of government infrastructure faces multiple issues. It needs better hardware and software audits and implementation of proposed projects.

According to Sivarama Krishnan, executive director at consultancy firm PwC which works on various government projects, cyber security budgets might be spread across various government departments and the allocation has seen encouraging growth since the Narendra Modi government has come into power. "In real essence, the government spending in security has been growing," said Krishnan. "Every Digital India discussion ends with cyber security being talked about."

Experts also pointed out the need for a singular view of the government's cyber security infrastructure. "Various states are doing many things for cyber security. Once these kinds of islands are get set up, it would be worth seeing how the government is going to integrate all of them to convert into a productive vehicle," said Krishnan.

Cyber security of government infrastructure faces multiple issues. It needs better hardware and software audits and implementation of proposed projects.

For more details visit http://editors.cis-india.org/internet-governance/news/economic-times-jayadevan-pk-neha-alawadhi-india-cyber-security-budget-woefully-inadequate-experts

India’s Civil Liberties Crisis: Of Bans, Blocks, Bullying and Biometrics

praskrishna — 2013-03-25T10:39:43Z

Malavika Jayaram will be a speaker at this event which is organized by the Center for Global Communication Studies and will be held at Annenberg School of Communication, University of Pennslyvania, Philadelphia, on March 28, 2013, from 12 p.m. to 1.30 p.m.

Read about the event on the website of the Center for Global Communication Studies.

Unlike the US First Amendment, the first amendment to the Constitution of India actually strengthened state regulation over freedom of speech. Irony aside, the amendment that is considered by many scholars as the first media crisis in post-colonial India has increasing relevance today. Its prioritization of sovereignty and national security over democratic rights and institutions has resulted in a zone of contestation between nation building and free speech. This is playing out through a series of battles involving website blocking, book banning, biometric databases and bullying of all kinds.

In the last few months, an all-girl rock band in Kashmir was silenced, a village in Bihar banned women and girls from using mobile phones, and we had yet another Salman Rushdie controversy. Movies were blocked. Facebook and Google were taken to court for hosting objectionable content. Paintings were removed from an art gallery at the “suggestion” of the police because they depicted Hindu deities as semi-nude. At the same time, there was a drive to digitize governance and to build biometric databases to enumerate and record every individual. The impacts on free speech, anonymity, and privacy were considered fair game in the drive towards progress, inclusion, and maintenance of public order.

The relationship between the citizen and the state is undergoing a radical transformation mediated by the marriage of welfare schemes and commercial interests. The privacy of one’s body and identity is challenged by initiatives to capture fingerprints, irises, faces, and transactions. The heckler’s vote is increasingly powerful in silencing free expression. Civil society is under siege for resisting the onslaught of draconian legislation, arbitrary restrictions, and the banning of various forms of cultural output. Narratives are being constructed that attribute all civic engagement with “western values” and with being mouthpieces of foreign interests.

In this talk, I will give an overview of the strands of discord that are forming the fabric of India’s latest crisis of democracy. I will unpack some of the rhetoric behind the government’s drive to grasp the individual, and make the citizen visible to the state in an unprecedented manner. I will also discuss my experiences working with civil society in India, and the tools and techniques used to engage with policy formation and to adapt to the future of advocacy.

A dual-qualified lawyer, Malavika Jayaram spent eight years in London - with global law firm Allen & Overy in the Communications, Media & Technology group, and then with Citigroup. She relocated to India in 2006, and wears 3 hats as a practising lawyer, a Fellow at the Centre for Internet and Society (CIS) and a PhD scholar. As a partner at Jayaram & Jayaram, Bangalore, she focuses on corporate/tech transactions and has a special interest in new media and the arts. At CIS, Malavika collaborates on projects that study legislative and policy changes in the internet governance and privacy domains. As a PhD scholar, she is looking at data protection and privacy in India, with a special focus on e-governance schemes and the new biometric ID project.

A graduate of the National Law School of India, she has an LL.M. from Northwestern University, Chicago. She is on the advisory board of the Indian Journal of Law & Technology and is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Through series, launched this year. She is one of 10 Indian lawyers featured in “The International Who's Who of Internet e- Commerce & Data Protection Lawyers 2012” directory.

She is currently running a research project for Internews, studying internet policy in India. This will produce a landscape overview and interviews with various stakeholders in this domain.

For more details visit http://editors.cis-india.org/news/global-asc-upenn-events-indias-civil-liberties-crisis

India’s Central Monitoring System: Security can’t come at cost of privacy

praskrishna — 2013-07-15T06:43:21Z

During a Google hangout session in June this year, Milind Deora, minister of state for communications and information technology, addressed concerns related to the central monitoring system (CMS).

Danish Raza's article was published in FirstPost on July 10, 2013. Sunil Abraham is quoted.

The surveillance project, described as the Indian version of PRISM, will allow the government to monitor online and telephone data of citizens. prism-milind-deora-cms-central-monitoring-system/” target=”_blank”>

The minister tried to justify the project arguing that the union government will become the sole custodian of citizen’s data which is now accessible to other parties such as telecom operators. But his justification failed to persuade experts who argue that the data is hardly safe because it is held by the government. And the limited information available about the project has raised serious concerns about its need and the consequences of government snooping on such a mass scale.

A release by the Press Information Bureau, dated November 26, 2009, is perhaps the only government document related to CMS available in public domain. It merely states that the project will strengthen the security environment in the country. “In the existing system secrecy can be easily compromised due to manual intervention at many stages while in CMS these functions will be performed on secured electronic link and there will be minimum manual intervention. Interception through CMS will be instant as compared to the existing system which takes a very long time.”

One of the primary concerns raised by experts is the sheer lack of public information on the project. So far, there is no official word from the government about which government bodies or agencies will be able to access the data; how will they use this information; what percentage of population will be under surveillance; or how long the data of a citizen will be kept in the record.

“This makes it impossible for India’s citizens to assess whether surveillance is the only, or the best, way in which the stated goal can be achieved. Also, citizens cannot gauge whether these measures are proportionate i.e. they are the most effective means to achieve this aim. The possibility of having such a debate is crucial in any democratic country,” said Dr Anja Kovacs, project director at Internet Democracy Project, Delhi based NGO working for online freedom of speech and related issues.

There is also no legal recourse for a citizen whose personal details are being misused or leaked from the central or regional database. Unlike America’s PRISM project under which surveillance orders are approved by courts, CMS does not have any judicial oversight. “This means that the larger ecosystem of checks and balances in which any surveillance should be embedded in a democratic country is lacking. There is an urgent requirement for a strong legal protection of the right to privacy; for judicial oversight of any surveillance; and for parliamentary or judicial oversight of the agencies which will do surveillance. At the moment, all three are missing.” said Kovacs.

Given the use of technology by criminals and terrorists, government surveillance per se, seems inevitable. Almost in every nation, certain chunk of population is always under the scanner of intelligence agencies. However, mass-scale tracking the data of all citizens — not just those who are deemed persons of interest — enabled by the CMS has sparked a public furor. Sunil Abraham, executive director, Centre for Internet & Society, Bangalore, compared surveillance with salt in cooking. “A tiny amount is essential but any excess is counterproductive,” he said. “Unlike target surveillance, blanket surveillance increases the probability of false positives. Wrong data analysis will put more number of innocent civilians under suspicion as, by default, their number in the central server is more than those are actually criminals.”

Such blanket surveillance techniques also pose a threat to online business. With all the data going in one central pool, a competitor or a cyber criminal rival can easily tap into private and sensitive information by hacking into the server. “As vulnerabilities will be introduced into Internet infrastructure in order to enable surveillance, it will undermine the security of online transactions,” said Abraham. He notes that the project also can undermine the confidentiality of intellectual property especially pre-grant patents and trade secrets. “Rights-holders will never be sure if their IPR is being stolen by some government in order to prop up national players.”

Every time a surveillance system is exposed or its misuse sparks a debate, governments argue that such programs are required for internal security purposes and to help abort terror attacks. Obama made the same argument after PRISM was revealed to the public. Civil rights groups, on the other hand, argue that security cannot be prioritised by large-scale invasions of privacy especially in a country like India where there is little accountability or transparency. So is there a middle ground that will satisfy both sides?

“Yes, security and privacy can coexist,” said Commander (rtd) Mukesh Saini, former national information security coordinator, government of India, “We can design a system which takes care of national security aspect and yet gains the confidence of the citizens. Secrecy period must not be more than three to four years in such projects. Thereafter who all were snooped and when and why and under whose direction/circumstances must be made public through a website after this time gap.”

Kovacs agrees and says the right kind of surveillance program would focus on the needs of the citizen and not the government. “If a contradiction seems to exist between cyber security and privacy online, this is only because we have lost sight of who is supposed to benefit from any security measures. Only if a measure contributes to citizen’s sense of security, can it really be considered a legitimate security measure.”

For more details visit http://editors.cis-india.org/news/firstpost-danish-raza-july-10-2013-indias-central-monitoring-system-security-cant-come-at-cost-of-privacy

India’s biometric ID scans make sci-fi a reality

praskrishna — 2017-03-28T02:45:28Z

I have been thinking about my fingerprints and the secrets that may lie within my eyes — and whether I want to share them with the Indian government. I may not however have a choice.

The article by Amy Kazmin was published in the Financial Times on March 27, 2017. Sunil Abraham was quoted.

India has the world’s largest domestic biometric identification system, known as Aadhaar. Since 2010, the government has collected fingerprints and iris scans from more than 1bn residents, and each has been assigned a 12-digit identification number.

The scheme is championed by Nandan Nilekani, the billionaire co-founder of IT company Infosys. It was initially conceived to ensure poor Indians received subsidised food entitlements and other welfare benefits that were previously siphoned off by unscrupulous intermediaries. It was also seen as offering poor Indians, many of whom lack birth certificates, with a portable ID that can be used anywhere in the country.

Until now, obtaining an Aadhaar number was voluntary, though most Indians enrolled without hesitation as they see its potential benefits. But New Delhi is now enlisting Aadhaar, which means “foundation” or “base” in Hindi, in more than just welfare schemes. This would mean sharing one’s biometric details isn’t really optional any more despite a Supreme Court ruling that it should be “purely voluntary”.

Last week, the government issued a rule requiring an Aadhaar number for filing tax returns, ostensibly to improve tax compliance. It has also decided that all cell phone numbers must be linked to an Aadhaar number by 2018. Even Indian Railways has plans to demand Aadhaar from those booking train tickets online.

What was once touted as an initiative to improve delivery of welfare suddenly now seems like the foundation of a surveillance state — and I admit the prospect of putting my own biometrics in the database leaves me uneasy.

As a US citizen, I’ve never had to give my biometric data to my government. Domestically, fingerprints are only taken from criminal suspects, or applicants for government jobs, though I know foreign citizens are fingerprinted on arrival.

To me, the idea of sharing eye scans evokes the dystopian Hollywood film, Minority Report, which depicts a near future in which optical-recognition cameras allow the authorities to identify anyone in any public place. The hero on the run, played by Tom Cruise, has an illegal eye transplant to avoid detection.

In recent days, many Indian academics and activists have raised concerns about Aadhaar data security, the lack of privacy rules and the absence of any accountability structure if data are misused.

"Biometrics is being weaponised," says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society. "What you need to be worried about is that someone will clean out your bank account or frame you in a crime," he says.

Pratap Bhanu Mehta, director of the Centre for Policy Research, has written of the “conversion of Aadhaar from a tool of citizen empowerment to a tool of state surveillance and citizen vulnerability”.

I call Mr Nilekani, of whose honourable intentions I have no doubt. After leaving Infosys in 2009, he spent five years in government, working to get Aadhaar off the ground. He says he is “extremely offended” when his project is accused of being part of a surveillance society, a narrative he says is “completely misrepresenting” the project. “I can steal your fingerprint off your glass. I don’t need this fancy technology,” he says. “Surveillance is far better done by following my phone, or when I use a map to order a taxi: the map knows where I am. Our internet companies know where you are.”

But in a society known for ingenious means of bypassing rules, such as having multiple taxpayer ID cards to aid evasion, Mr Nilekani says biometric authentication of individuals can bring discipline and reduce cheating. “It’s like you are creating a rule-based society,” he says, “it’s the transition that is going on right now.” I hang up, hardly reassured. To me, it seems clear that in India, as in so many places these days, Big Brother is increasingly watching.

For more details visit http://editors.cis-india.org/internet-governance/news/financial-times-march-27-2017-amy-kazmin-indias-biometric-id-scans-make-sci-fi-a-reality

India’s Big Bet on Identity

praskrishna — 2012-03-07T05:44:12Z

The world’s largest biometric authentication system reaches its first major milestone, but lots of challenges remain, writes Joshua J. Romero in ieeespectrum. Sunil Abraham was quoted in this story which was featured in March 2012 edition.

Driving around Bangalore, it’s immediately clear that the infrastructure hasn’t kept up with the IT boom in this once-sleepy South Indian city. Auto rickshaws, scooters, and motorcycles squeeze into a tight phalanx at each red light and choke the air with exhaust. Construction, such as the concrete supports of the new metro rail line that looms overhead, causes detours everywhere, and in spots the entire road abruptly disintegrates into gravel.

But something miraculous happens as you make your way south, past the outer ring road. A ramp lifts a select few vehicles out of the weaving traffic and onto an elevated tollway, where you suddenly have a bird’s-eye view of the urban landscape. This is the road to Electronic City, an oasis of glass and steel high-rises overlooking pristine black asphalt paths that snake through the perfectly manicured lawns of tech companies like Wipro, IBM, and Infosys Technologies.

“If you can have such good roads in the Infosys campus, why are the roads outside so terrible?” That’s the common question foreign visitors would ask Nandan Nilekani, one of the company’s cofounders. “Politics” was his usual reply, according to Nilekani’s 2008 book, Imagining India. Now the man who has been called the Bill Gates of India has jumped into politics to try to use what he learned at the IT giant to transform the dysfunctional country that lies beyond the borders of Electronic City.

Since July 2009, Nilekani has been a cabinet minister, leading hundreds of engineers and entrepreneurs as chairman of the Unique Identification Authority of India (UIDAI). By the most conservative estimates, at least a third of the country’s 1.2 billion citizens live below the poverty line and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system and outside the formal economy. The UIDAI is expected to connect those hundreds of millions of people to government programs, save public money, reduce fraud and corruption, and foster new business opportunities—all by creating an unprecedented biometric system.

“On the one hand, within India and across the world, people of Indian descent have done some remarkable work,” says Nilekani. “And on the other hand, here is a country that needs to solve some very basic problems. This project marries these two worlds.” UIDAI plans to use fingerprints and iris scans to assign every person in the country a unique 12-digit ID number that can be verified online. It’s one of the biggest IT projects in the world, and getting bigger: By early February, the UIDAI had issued 130 million ID numbers, and it can issue up to a million more IDs every day. The agency has set up 36 000 enrollment stations staffed by 87 000 certified enrollment operators. In India the project is called Aadhaar, which means “foundation” or “support,” because it’s meant to be a fundamental technology platform that will enable dozens of new public and private services to be created.

That’s if it all works. It’s easy to list major challenges: How exactly do you collect biometrics from every single person in the world’s second most populous country, especially those living at the margins? How do you keep bad data from getting into the database in a country rife with corruption? And how can you build the entire system around online authentication in a country where fewer than one in 20 people have access to the Internet?

The answers to these questions are getting more than the usual amount of scrutiny, because a lot of political fortunes are riding on the UIDAI.

The program has been heavily supported by the ruling Indian National Congress party; Nilekani was appointed by the prime minister himself, Manmohan Singh. But Singh and his Congress party have had a difficult time enacting many of their biggest policy goals, and the UIDAI has increasingly become the target of criticism.

Earlier this year, the whole scheme seemed in imminent danger of collapse, when a parliamentary committee killed the bill that would have given the program statutory authority, and a political turf war erupted between the UIDAI and the National Population Register, another government project collecting biometrics for the national census. But by late January the two sides had reached an agreement to share biometric data collection, and Aadhaar is once again moving full steam ahead with a new mandate and an estimated budget this year of 15 billion rupees [PDF] (about US $300 million).

Photo: Joshua J. Romero

EXISTING DOCUMENTS: A poster lists the variety of IDs a  person can use to register for an Aadhaar number.

To understand why the government has invested so heavily, it helps to know the current state of affairs in India. Aadhaar is meant to provide a form of identification that’s free, national, impossible to counterfeit—and available to everyone. “There’s an ID divide,” Nilekani explains, between people who have multiple official IDs and the hundreds of millions who have none. Only about 60 million people in India have passports, he says, and only about 100 million have photo ID bank cards. The most prevalent document is a voter ID card, which has been issued to about 700 million people, covering just over half of the country. But these and the rest of the official IDs created by the country’s vast bureaucracy all have shortcomings.

The primary reason for creating a biometric ID system is to give India’s poorest citizens better access to an array of welfare programs. India spends about 2 percent of its gross domestic product on social programs like the Public Distribution System, which provides subsidized rice, wheat, and other staples, and a rural employment scheme that guarantees 100 days of work. But all such programs suffer from severe “leakage”: According to the World Bank, corrupt officials and middlemen siphon away 59 percent of the money before it reaches the intended recipients. Eventually, the government hopes to provide funds directly to each person who needs them.

Most states issue ration cards, but they usually aren’t valid in other states. An official ID that can be used throughout the country is increasingly important as more and more people move away from their hometowns to follow employment, Nilekani says.

Complicating the problem further, existing ID cards are easy to duplicate. Some states have more names on their food ration lists than there are people living in the state. To fight counterfeiting, the Aadhaar team decided to use biometrics instead of issuing just another ID card. From the beginning, they consulted biometric experts, used existing standards when they could, and studied similar systems like the U.S. Visitor and Immigrant Status Indicator Technology program, run by the U.S. Department of Homeland Security.

One thing the team realized early on is that a single biometric measurement wasn’t enough to guarantee uniqueness. In proof-of-concept studies, researchers determined that only by using all 10 fingerprints and a scan of both irises could error rates be kept manageable. Adding iris scans also makes the program more inclusive for people whose fingerprints have been worn down by manual labor.

Photos, clockwise from left: Ruth Fremson/The New York Times/Redux; Joshua J. Romero (2)
NECESSARY GEAR: Each enrollment station has the same basic set of equipment, including an iris scanner [top], a fingerprint scanner [bottom right], a webcam and light [bottom left], a laptop, a second monitor for the resident to view, and a scanner and printer to handle documents.

Getting an Aadhaar number is not a quick process. One Friday after midnight, I watch dozens of families wait patiently in a municipal building where only half the lights are on and there’s always a baby crying. While Anurodh Kanchan waits, he explains that he came at this hour because he’d heard the lines were even longer during the day. He’d already been once before to schedule this appointment. Now his 7-year-old daughter dozes on his wife’s shoulder as the whole family waits another half an hour for the enrollment agent to return from a break.

Hiring and training people to work as agents has been one of the project’s biggest logistical challenges. The UIDAI outsources enrollment to “registrars”—often state governments or banks—which in turn hire accredited agencies to actually set up and staff the centers. The agencies get paid a flat rate for each successful enrollment, as do the agents they hire. A coordinator for one of the largest agencies told me that his organization had significantly overestimated how many enrollments an agent could complete in a day. UIDAI says that an average station (see photos, “Necessary Gear”) can process each enrollment in under 10 minutes, but in the days I spent observing, it wasn’t uncommon for the process to take twice as long. And if you’re an agent looking at a line of people stretching out the door, it’s easy to see how you might begin to rush through your tasks.

That’s why enforcing quality is left to a piece of software known as the enrollment client, installed on each agent’s laptop. The program manages every step of the process and was developed jointly by engineers at UIDAI and MindTree, an Indian IT company. Because enrollment often takes place in remote locations with no Internet access, the client must be fully independent and be able to run off a single laptop. The developers also had to make sure that the enrollment client could work seamlessly with any of the 11 biometric devices from various manufacturers that had been certified for use. And the initial version had to be built fast: MindTree won the contract at the end of April 2010, and the UIDAI wanted to enroll the first resident by that August.

MindTree met the deadline, and the client it designed now manages to prevent and correct most errors an enrollment agent might make. In addition to a simple quality check, the software looks for self-consistency—for instance, verifying that each fingerprint isn’t coming from the operator or another recently enrolled resident and that all 10 fingerprints and two irises are distinct from each other. If something goes wrong in a biometric capture, the software tells the operator how to correct it—for instance, it can distinguish between a facial photo that’s too dark and one in which the person was photographed at the wrong angle.

Still, over the last 21 months, the software engineers have had to continually improve the program to address new challenges encountered in the field. For example, when the UIDAI began enrolling people in the Punjab region of North India, where many men wear long beards and large turbans, enrollment agents had a hard time taking a photo that the software considered acceptable: The turban would be interpreted as an unacceptable background, or the automatic cropping feature would crop around the turban instead of the face. The software team was able to quickly tweak the parameters and release a new version of the client so that enrollment could continue.

It isn’t just the biometric collection that’s tricky. A resident must also supply basic demographic data—name, age, gender, and address. Residents can fill out paper forms in any of the 16 official Indian languages, which agents must first transfer to the computer and then translate into an English version of the form. This is by far the most time-consuming part of the process, and MindTree has tried to speed it up by building transliteration into the client software. But Indic languages have many variations—some are written right to left, and many use unique character sets. Still, the agent is expected to check the results and clean up minor mistakes.

There are obviously both privacy and security concerns when you’re collecting personal data from more than a billion people. “You can’t change your biometrics,” points out Sunil Abraham, the executive director at the Center for Internet and Society, in Bangalore, so if they become compromised, it’s a difficult problem to fix.

Among the precautions the UIDAI takes is to encrypt all data as soon as they’re collected. The data can be decrypted only by UIDAI servers, so the records aren’t even accessible to the operator or enrollment agency that collected them. At the end of each day, all the encrypted enrollment data are stored on USB flash drives, and the drives are transported to a place with Internet access so the data can be uploaded to UIDAI’s servers. It’s in the best interests of the enrollment agencies to safeguard the data, because otherwise they won’t get paid.

From the enrollment centers the action moves to the racks of servers at the UIDAI Central Information Data Repository, which is also in Bangalore. Here is where deduplication—checking each new enrollment against every other record in the database—will arguably make this identity scheme rise above the rest. Ensuring that no person can get two numbers is key to making biometrics a worthwhile investment. A few years ago, one Indian state collected biometrics for everyone below the poverty line, but it didn’t have the technology or a plan to prevent duplicates. It ended up capturing 1.2 times the population, which resulted in a significant leakage of benefits.

Many critics, including members of Parliament, have doubted that it’s even possible to deduplicate records from the entire Indian populace. It’s certainly a big task. In order to issue 1 million Aadhaar numbers in a single day, the current maximum rate, the data center must conduct 100 trillion person matches. To improve this process, the UIDAI came up with an unusual arrangement. Rather than hiring a single firm for the job, it awarded the project to three contractors, each responsible for processing a portion of the enrollments, with the overlapping records used to compare performance between the systems. This arrangement lets the UIDAI know if a system isn’t working correctly and also gives the companies a financial incentive to improve their software—they’ll get to process more records, and get paid more, if their products perform better. The vendors were even required to use the same kind of hardware to build their systems, so the agency isn’t tied to any one company.

In late January, the UIDAI released a report [PDF] that for the first time detailed the results of this deduplication effort. There are two primary factors that determine the accuracy of a biometric system: the false-positive rate, which in this case is how often a newly registered person is incorrectly judged to be already enrolled, and the false-negative rate, which is how often true duplicates are not recognized as such. To measure the false-positive rate, the UIDAI tested 4 million unique records against a subset of the enrollment database containing 84 million records: Of the unique records, 2309 were falsely rejected, for a false-positive rate of 0.057 percent. The agency also tested 31 399 known duplicates. The system caught all but 11, for a false-negative rate of 0.035 percent.

The false-positive rate applies to the total number of records in the database. As that number grows, the rate should increase in a linear fashion, because there are more opportunities for false matches. The false-negative rate, on the other hand, applies only to the small minority of enrollments that really are true duplicates (the UIDAI estimates that these make up only 0.5 percent of all incoming enrollments). Because the false-negative rate doesn’t depend on the total number of records, it should remain steady unless more people try to enroll multiple times.

R.S. Sharma, the director general of UIDAI, says that preventing all duplicates with technology alone is impossible. There are some people who just can’t be uniquely identified through biometrics, because the data for them aren’t good enough—children under age 5, for instance, and people with multiple disabilities. That’s why the responsibility for accuracy and uniqueness isn’t all left up to the software. Several full-time employees manually review the roughly 0.2 percent of cases that the software can’t handle, resolving errors and looking for evidence of fraud.

Even if the system isn’t perfect, it’s likely to be much better than any existing alternative, simply because it will eliminate “ghost identities,” says M.R. Madhavan, who works at the Centre for Policy Research, in New Delhi. “At least people who died in 1995 or 2005 will not get into the system,” he says.

Photo: Joshua J. Romero

AUTHENTICATION TERMINAL: Widespread use of Aadhaar will  rely on biometric terminals, like this prototype at MindTree.

Now that the UIDAI has shown it can collect biometric and demographic data and eliminate duplicate enrollments, much of the attention will shift to the authentication system, where people can prove their identity with just the swipe of a finger. Such systems are still under development, so most residents I met weren’t clear about the benefits of the program. When I asked people why they were enrolling, they often had vague reasons: “It might make it easier to get my benefits,” said one middle-aged woman in Bangalore. “I heard you’ll need it to buy heating gas,” said another woman. “I think it’s mandatory,” an elderly man told me. Nilekani thinks that getting authentication services up and running will be the best way to demonstrate the power of the entire project.

Here’s how such a futuristic system might work: Walking up to a wirelessly connected terminal at a local shop, a person will type in his name and Aadhaar number, and then he’ll scan his fingerprints. The data will be sent to a central database, where the Aadhaar number will be used to locate his record. The submitted name and biometric data will be compared to those on file, and the software will determine whether they match.

The UIDAI imagines that such biometric terminals will eventually be ubiquitous. The first devices deployed will likely be micro-ATMs in rural shops. These machines process transactions electronically, just like a full-size ATM, except they don’t store and dispense cash—that gets handled from the shopkeeper’s till. The hope is that such systems will deliver financial services to the 40 percent of the Indian population who have never had bank accounts. When people enroll for Aadhaar, they simply need to check a box and an Aadhaar-enabled bank account will be created for them.

In January, the UIDAI began a pilot project in the state of Jharkhand, where workers in the rural employment program could collect cash payments by scanning their fingerprints at a micro-ATM. Another pilot program in Maharashtra transferred small amounts of money to individual Aadhaar numbers, showing that bank servers could be easily linked with the UIDAI system.

The authentication system is already available as an application programming interface (API), which means it won’t be limited to just government programs and banks. Private service providers could use it to verify new customers as well. Take India’s vaunted mobile-phone culture: Phone companies are currently required to collect and retain significant documentation for every person they sell a SIM card to, as I found out in the two days I spent collecting the photos and local references I needed to get one myself. “If you look at any service provider, they’re not going to offer the mobile-phone service unless they verify who you are,” says Bala Parthasarathy, an entrepreneur who worked in Silicon Valley but came back to India to volunteer on the project for a year. Parthasarathy says that using Aadhaar for identity verification could provide the telephone companies with major savings.

Still, setting up a nationwide network of biometric terminals has plenty of its own challenges. First, India will need better connectivity. Wireless voice networks now cover most of the country, but wireless data networks have trailed behind. Current penetration of 3G is mostly just in the cities, says Debabrata Das, an IEEE member and a professor of electrical engineering at the International Institute of Information Technology, Bangalore, who has been studying the network challenges of authentication as a technical advisor for the state of Karnataka.

The API will also need to be flexible enough to handle variations in the demographic data that are submitted. The system can’t enforce strict matches: Many Indians use initials in their names, and there is no guarantee that they will always spell their names the same way in English. Further, sometimes a married woman will use her father’s family name instead of her husband’s. Because of the ambiguity in names and addresses, the database must be able to perform partial and fuzzy matches. Eventually, Sharma says, the UIDAI hopes to be able to do database matching for all the Indian languages as well, so the API will continue to undergo revisions.

Now the UIDAI must wait for its partners to begin taking advantage of the system, and Nilekani admits that starting up such services is largely beyond his control. Cooperation with other agencies and industries is all part of Nilekani’s approach to how government initiatives should work. “The big thing to my mind has been, How do you create a model of change, and how do you carry a lot of people with it? How do you think this through in a way that everyone comes on board?” he says. In building the project to this point, he’s managed to bring, if not everyone, then certainly a pretty diverse crowd: technical experts; national, state, and local officials; banks and businesses; and all those millions who willingly wait in line for hours.

“Everyone puts their own aspirations on it…like Obama,” he jokes. But the downside of being so inclusive is that as the project matures, it may be difficult to keep all the interested parties happy, and there’s bound to be disappointment if the project fails to achieve all its lofty ambitions.

The project has made it this far by adapting quickly as problems arise. “Think of it as multigeneration, continuous improvement,” Nilekani says. “You launch and get feedback and you get criticism. You need to build a rapid feedback loop, which is what we’ve built.”

Read the original here

For more details visit http://editors.cis-india.org/news/big-bet-on-identity

India’s ballot battle will also run through Facebook

praskrishna — 2014-03-05T11:49:29Z

Facebook on Tuesday launched its widely awaited “election tracker” for the upcoming general elections, a move that signals the growing importance of social media as a political tool in a rapidly urbanizing India.

The article by Zia Haq was published in the Hindustan Times on March 4, 2014. Sunil Abraham is quoted.

India’s 2014 ballot battle will run through the social-media world, which could likely influence electoral outcomes by swinging 3-4% votes, as more and more young Indians go online to make sense of politics, according to two new surveys.

In these mostly urbanising seats, social-media usage is now “sufficiently widespread” to influence politics, according to the Internet and Mobile Association of India (IAMAI). An offline study conducted by market research firm TNS and Google India suggested similar shifts.

The Facebook tracker (http://on.fb.me/1g6ZJ3k) will help India’s 93 million Facebook users to see which parties and candidates as well as issues are trending.

Social-media platforms are likely to be influential in 160 of India’s 543 Parliament constituencies, making Facebook and Twitter users the nation’s newest voting bloc, according to the IAMAI survey.

These are constituencies where 10% of the voting population uses social media sites such as Facebook, or where the number of social media users is higher than the winning candidate’s margin of victory at the last election.

Research shows that social media is more persuasive than television ads. Nearly 100 million Indians, or more than Germany’s population, use the Internet each day. Of this, 40 million have assured broadband, the ones most likely to have at least one social media account.

“Unlike Obama who used social media directly for votes, Indian politicians have tended to use it more to mould public discourse,” says Sunil Abraham, the CEO of The Centre for Internet and Society.

“I think these trends are over-hyped and the impact, if any, would only be marginal,” said Communist Party of India MP, Gurudas Dasgupta, who created a Facebook account only last month.

For more details visit http://editors.cis-india.org/news/hindustan-times-zia-haq-march-4-2014-india-s-ballot-battle-will-also-run-through-facebook

India-EU Proposed FTA

praskrishna — 2013-07-10T08:49:44Z

For more details visit http://editors.cis-india.org/a2k/blogs/india-eu-proposed-fta.pdf

India- EU FTA: A Note on the Copyright Issues (PDF)

praskrishna — 2013-07-03T06:46:21Z

For more details visit http://editors.cis-india.org/a2k/blogs/india-eu-fta-copyright-issues.pdf