Centre for Internet and Society

CCI Workshop on Competition Law and Policy

praskrishna — 2016-10-23T01:50:02Z

For more details visit http://editors.cis-india.org/a2k/blogs/cci-workshop-on-competition-law-and-policy.pdf

Some Key Words Are Missing

praskrishna — 2016-10-23T01:40:12Z

Google manipulating search results? The Competition Commission is on its case.

The article by Arindam Mukherjee was published by Outlook on October 23, 2016. Nehaa Chaudhari was quoted.

G’s Global Woes

Google’s problems aren’t restricted to India. It is facing similar cases around the world.

Europe: The search giant has been accused of using its dominant position on the web to dominate the market for online product searches. There’s another probe on possible abuse of dominant position with Android.

Brazil: Is being investigated for favouring its own services over others on the internet

Hong Kong & Argentina: Facing issues about collecting user data

Spain: Had to shut down Google News over copyright issues.

Germany: Its Google Street View navigation service got into problems over privacy issues

Mexico: The local regulator has brought up issues similar to those in Europe

***

There is an uneasy calm at Google’s India offices these days. Spokespersons are giving measured statements, watched over by an army of lawyers who are busy looking at the finer points. A case against Google’s advertising and search practices with the Competition Commission of India (CCI) has the potential to derail the search giant’s operations in India. Why, a nervous Google has even sought to make hearings in this case in-camera to totally shut out the media.

There is a lot at stake. An investigation report of the CCI has found Google squarely guilty of abusing its dominant position to manipulate search results on the internet and online advertising results to its own advantage and to those of companies paying for it. Google was found to “have abused its dominant position in the relevant markets of online general web search service in India and online search advertising in India in violation of the Competition Act 2002”.

Indeed, the report (which has been reviewed by Outlook) is blunt on many of the issues: “Google is found to be indulging in practices of search bias and by doing so it causes harm to its competitors as well as users.... Google steers users to its own products and services and produces biased results. This structure offers abundant opportunities for leveraging and has also raised issues of conflict of interest.” It says that through such practices Google was adversely affecting the competitive landscape in the markets for online general web search, search advertising as well as adjacent markets like travel, maps, social networking and e-commerce.

The whole brouhaha started with complaints from two parties—Chennai-based matchmaking portal Bharatmatrimony.com and Jaipur-based consumer rights organisation CUTS International—in 2012. “People who are subscribing to Google’s Adwords and are paying Google or are buying keywords are getting preference in their search results. Many of the search results on Google are either ads or sponsored links and not genuine search results. Google is pushing ads as news items which normal users would be unable to distinguish,” says Sharad Bhansali, managing partner, APJ SLG Law Offices which is representing CUTS.

CUTS also complained that Google was promoting its own products through search. Says Udai Singh Mehta, CUTS director, “Preference was being given by Google to its products and subsidiaries in search.” This, being a dominant player in search and online advertising, amounts to abusing its position. According to market estimates, Google enjoys a 93 per cent share of the search market and gets about 85 per cent of the revenues of online advertising. Says Nikhil Pahwa, editor-in-chief of Medianama: “In search cases, Google is clearly the dominant player in the market. So when they start integrating content into search, there is a problem and it becomes an issue.”

“In search cases, Google is clearly the dominant player. So when they integrate content into search, it’s a problem.”
Nikhil Pahwa, Medianama

In the course of the investigation, the CCI D-G also sought opinion from about 30 companies—most of them gave similar feedback about Google’s practices. The list includes Flipkart, mapmyindia.com, makemytrip.com, Microsoft and Nokia Maps.

Google will now have to appear before the full CCI bench on September 17 for a hearing based on the D-G report. After this, the CCI will take a final call on the issue. Of course, Google can seek an extension of this hearing. According to company insiders, they have not sought an extension yet. Google will have the right to appeal any order the CCI comes out with. The first appeal would be at the court of a competition appellate tribunal headed by a retired SC judge. The final appeal can happen only with the Supreme Court.

As expected, Google denies any wrongdoing and says the abuse of dominant position will need to be proved. Manas Chaudhuri, lawyer with Khaitan & Co which deals with competition cases, told Outlook, “The report says that Google is dominant, which is correct. If it is dominant, there is nothing wrong under the Competition Act. The issue is whether or not it has abused its dominance. The ‘abuse’ is a rule-of-reason argument and as such the CCI will have to assess quite a few international best practices theories eg, ‘objective justification’, ‘analysing the statutory mandate of meeting the competition in the relevant market’, ‘consumer harm’ and ‘counterfactuals’.”

In response to queries, a Google spokesperson said, “We’re currently reviewing the report from the CCI’s ongoing investigation. We continue to work closely with the CCI and remain confident that we comply fully with India’s competition laws. Regulators and courts around the world, including in the US, Germany, Taiwan, Egypt and Brazil, have looked into and found no concerns on many of the issues raised in this report.” Actually, Google is facing a similar case in the EU, while similar issues have been raised in Brazil, Hong Kong, Argentina and Mexico (see box).

Outlook’s cover from Oct 28, 2013

Sure, at first blush, the report appears tilted against Google. What may go in its favour is the CCI’s dismal record in treating such cases. Though it is the final investigation report, experts say it is not sacrosanct: the CCI bench might not agree with it. In the last six years, over 20 such investigation reports have been dismissed by the CCI after the final hearing. And Google will try its best to bring forth the fact that it has been exonerated in similar cases in the US, Germany and Taiwan.

But with the D-G’s final investigation report giving a clear verdict against Google’s practices, it might not be so easy for the search giant to come out cleanly from this one. Says Nehaa Chaudhari, lawyer with the Centre for Internet and Society (cis), “Given that India is not the only jurisdiction where Google is using its secret algorithm to promote its own products, there is enough for the CCI to proceed on against it.” What will also help is the testimony of several companies who have said that they have suffered because of Google’s web practices.

The entire world is watching India. Clearly, if the CCI upholds the D-G report and pronounces Google guilty, it could seriously affect the search giant’s growth in India, one of the fastest growing internet markets for Google with over 300 million internet users and an even faster growing Android landscape (where also it is a dominant player). With the final EU verdict on the case yet to come out, will India set a new example for the world to follow?

For more details visit http://editors.cis-india.org/internet-governance/news/outlook-arindam-mukherjee-october-23-2016-some-key-words-are-missing

Workshop on Competition Law and Policy

praskrishna — 2016-10-23T01:51:25Z

National School of Law India University and the Delegation of European Union to India jointly organized a workshop at Competition Commission of India in New Delhi from October 19 - 21, 2016. Anubha Sinha and Rohini Lakshané participated and made presentations.

The workshop was organized under the broader EU-India project titled "Capacity Building Initiative in Competition Area under Trade Development Programme" sponsored jointly by European Union Delegation and National Law School of India University, Bengaluru.

Download

Workshop brochure
Anubha Sinha's presentation on "Investigation into the sub $100 Mobile Device Industry from IPR + Competition law lens"
Rohini Lakshané's presentation on CCI Workshop on Competition Law and Policy Competition Policy and Internet

For more details visit http://editors.cis-india.org/a2k/news/workshop-on-competition-law-and-policy

Investigation into the sub $100 Mobile Device Industry from IPR + Competition law lens

praskrishna — 2016-10-21T15:12:43Z

For more details visit http://editors.cis-india.org/a2k/blogs/cci-presentation.pdf

Workshop of Competition Law and Policy Brochure

praskrishna — 2016-10-21T14:58:21Z

For more details visit http://editors.cis-india.org/a2k/blogs/workshop-brochure-cci.pdf

The Big Debit Card Breach: Three Things Card Holders Need To Understand

praskrishna — 2016-10-21T13:43:17Z

A total of 32 lakh debit cards across 19 banks could have been compromised on account of a purported fraud, the National Payment Corporation of India said in a statement.

The article by Alex Mathew was published by Bloomberg on October 20, 2016. Udbhav Tiwari was quoted.

The issue was brought to light when State Bank of India blocked the debit cards of 6 lakh customers on October 14. This was done after the bank was alerted to a possible fraud by the National Payment Corporation of India, MasterCard and Visa, said Managing Director Rajnish Kumar in a telephonic interview with BloombergQuint.

In a statement released on Thursday evening, the NPCI clarified that the problem was brought to their attention when they received complaints from a few banks that customers’ cards were used fraudulently, mainly in China and the U.S., while those cardholders were in India.

“The complaints of fraudulent withdrawal are limited to cards of 19 banks and 641 customers. The total amount involved is Rs 1.3 crore as reported by various affected banks to NPCI,” the payments corporation said.

SISA Security, a Bengaluru-based company is currently undertaking a forensic study to identify the extent of the problem and will submit a final report in November.

Based on the advisory issued by NPCI and other schemes, it is gathered that banks have advised their customers to change their debit card PIN. In situations where customers could not be contacted, the cards have been blocked and fresh cards are being issued by member banks.

NPCI statement

State Bank of India has blocked 6 lakh cards, while other banks have sent notifications to customers advising them to change their personal identification numbers.

How The Breach Could Have Occured

The breach that has apparently given hackers access to the PIN codes of several bank customers is likely to be on account of a malware attack. This attack is believed to have originated at an ATM.

The actual modus operandi of the hackers will only become clear once the forensic audit is released in November, but BloombergQuint spoke to cyber security expert Udbhav Tiwari to find out how the attack could have been orchestrated.

First, the hacker would have had to gain physical access to an ATM. The malware was then likely injected by connecting a laptop or another special device to a port on the cash disbursing machine, said Tiwari, a consultant at Centre For Internet & Society in Bengaluru.

Once the malware is injected, it automatically spreads across the network and infects other devices that are not protected against it. In this case, the malware could have infected a payment switch provider’s network.

A payment switch provider is an entity that facilitates a transaction either from an ATM or an online payment gateway. The service provider decides to whom the request for authorisation will be sent and then transmits the request back to the merchant or the ATM where the transaction originated.

In this case, one payment switch provider, Hitachi Payment Services, which manages close to 50,000 ATMs across the country, was asked by banks to investigate 30 of its ATMs on account of around 400 suspicious transactions that took place outside India, Managing Director Loney Antony told BloombergQuint in a telephonic interview.

The company had earlier said in a statement that an interim report by the audit agency does not suggest any breach or compromise in its systems.

The Scale Of The Breach

According to a study conducted by NPCI in collaboration with the banks, the number of debit cards that were infected by the malware has been set at 32 lakh. But Tiwari said this number could be higher.

The hypothetical limit to how much the malware can spread is dependent on the vulnerability of the systems, and if one of the payment switch provider’s systems was vulnerable and they still haven’t decided how many systems are vulnerable, it is quite possible that the malware is spreading at this point.

Udbhav Tiwari, Consultant, Centre For Internet & Society

What A Customer Should Do

The first, and most important step a customer should take is to immediately change their debit card PIN, Tiwari pointed out.

State Bank of India has said that its customers can opt to restrict the usage of their debit cards, for example whether it can be used both internationally and domestically or only domestically. Also, the daily limit of the debit card can be changed.

Once these steps have been taken, according to Tiwari, it is most important that customers stay vigilant and keep monitoring their bank statements. If an unauthorised transaction takes place, a customer should immediately contact their bank and block their card.

For more details visit http://editors.cis-india.org/internet-governance/news/bloomberg-alex-mathew-october-20-2016-the-big-debit-card-breach

Intelligence agencies will not have open access to Aadhaar data: UIDAI chief

praskrishna — 2016-10-21T01:32:56Z

Intelligence agencies will not have free access to Aadhaar data, a top government official said on Thursday, looking to assuage fears of abuse of personal information.

The article by Aloke Tikku was published in the Hindustan Times on October 20, 2016. Sunil Abraham was quoted.

The Unique Identification Authority of India (UIDAI), which issued identity cards to 1.07 billion Indians, last month decided to retain data related to the verification of Aadhaar-enabled transactions for seven years, leading to security concerns over data safety.

As reported by HT on Monday, privacy experts expressed concerns that transaction data retained for so long could be accessed by the security establishment for surveillance on individuals without sufficient grounds.

“This fear is completely misplaced,” ABP Pandey, UIDAI’s chief executive officer told HT in an interview.

Security agencies can access the data only in case of national security after they get the nod of an oversight committee headed by the cabinet secretary. This committee has to clear every order made by the designated joint secretary-level officer before the information is shared, he said.

“You cannot have any legal protection stronger than this,” Pandey added.

Aadhaar transaction data is not only protected by the most powerful, contemporary law to restrict access but also by strong cryptography.

“Even if someone attempts, the 2048-bit encryption is so strong that it will take them millions of computers and billions of years to decrypt the data,” he said.

A vocal critic of Aadhaar’s design, Sunil Abraham of the Centre for Internet and Society (CIS) suggested he wouldn’t rely too much on the legal framework. “You cannot put a legal band-aid on a broken technological solution. You need to get privacy and security right by design,” the director of the Bengaluru-based research body said.

Abraham said the problem could have been averted if the UIDAI did not store the data in a centralised form. Instead, it could have used its digital signature to sign proof of authentication that could be stored by the authenticating agency and the citizen on a smart card.

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-20-2016-intelligence-agencies-will-not-have-open-access-to-aadhaar-data

Seminar on Quality of Services in Telecom and Data Services: Issues, Challenges and Solutions

praskrishna — 2016-10-19T02:15:43Z

National Institute of Public Finance and Policy, New Delhi, National Institute of Public Finance and Policy, New Delhi organized a seminar on quality of services in telecom and data in Delhi on September 21, 2016. Shyam Ponappa was a speaker.

CUTS and IIT have recently published a report on quality of services in mobile data services, which is available here. The aim of the organizers was to bring together a diverse group of stakeholders to generate a debate on the findings of the study. This will be followed by a broader discussion on the next steps towards achieving better QoS in telecom and data services. For agenda of the meeting, click here.

Video

For more details visit http://editors.cis-india.org/telecom/news/seminar-on-quality-of-services-in-telecom-and-data-services-issues-challenges-and-solutions

New regulations in place; Aadhaar Card records to be preserved for 7 yrs by Centre

praskrishna — 2016-10-17T14:46:31Z

UIDAI chief executive office ABP Pandey said that the concerns regarding Aadhar card-related benefits were "exaggerated" and that the agency will keep the records in case any disputes arise in the future.

The article was published in the Financial Express on October 17, 2016. Sunil Abraham was quoted.

As per new regulations, the government will now keep a record for seven years of all services and benefits that are availed using Aadhaar number. Fearing that the database might be used for surveillance, the Unique Identification Authority of India (UIDAI) will preserve the records.

UIDAI chief executive office ABP Pandey said that the concerns regarding Aadhar card-related benefits were “exaggerated” and that the agency will keep the records in case any disputes arise in the future.

Pandey added that the information will be available online for two years and shall be shifted to the offline archives for the next five years. In that case, users will be able to check the records only for two years. However, the rules won’t apply for security agencies and that they will need a district judge’s permission to access the data.

According to HT, the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.

Talking about this Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society said that once Aadhar becomes mandatory, it can be misused to conduct a 360-degree surveillance on any person.

Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.
The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail LPG subsidy, cheap ration and even passport, a day against a capacity to verify 100 million requests daily, reports HT.

Meanwhile, The Unique Identification Authority of India (UIDAI) has launched a drive to enrol any leftover population for Aadhaar in 22 states and UTs that have “statistically” hit 100 per cent coverage for adults.

The ‘Challenge drive’ starts from October 15 for a month, a UIDAI statement said, adding that as of today, over 106.69 crore Aadhaar numbers have been generated across the country.

For more details visit http://editors.cis-india.org/internet-governance/news/financial-express-october-17-2016-new-regulations-in-place-aadhaar-card-records-to-be-preserved-for-7-yrs-by-centre

Govt to keep Aadhaar record for 7 years, activists worried

praskrishna — 2016-10-17T01:53:24Z

The government will keep for seven years a record of all the services and benefits availed using the Aadhaar number, say new rules, prompting fears that the database could be used for surveillance.

The article by Aloke Tikku was published in the Hindustan Times on October 17, 2016. Sunil Abraham was quoted.

The Unique Identification Authority of India (UIDAI), which issues the 12-digit biometric identity to all Indian residents, will be required to preserve its record of verification of an Aadhaar number for the duration.

“This is an unprecedented centralised data retention provision,” said Sunil Abraham, director of the Bengaluru-based think tank, Centre for Internet and Society.

UIDAI chief executive officer ABP Pandey said the concerns were exaggerated. The agency was keeping records in case a dispute arose over a transaction.

The information will be retained online for two years and another five years in the offline archives, say the rules notified in September.

Users will be able to check the records but only for two years.

This restriction won’t apply to security agencies. Pandey, however, said the records would not be available to them without a district judge’s permission.

But, HT found that the rules allow designated joint secretary-level officers at the Centre to order access to information on the grounds of national security.

“Once Aadhaar becomes mandatory for all services, it can be used by benign and malignant actors to conduct a 360-degree surveillance on any individual,” Abraham said.

This is how the system, which will need millions of fingerprint-reading machines, works.

Every time a person fingerprints and quotes the Aadhaar number, the agency concerned sends the data to UIDAI to crosscheck the particulars.

The UIDAI authenticates about five million Aadhaar numbers, which are quoted to avail LPG subsidy, cheap ration and even passport, a day against a capacity to verify 100 million requests daily.

“You can think of it as Natgrid Plus,” Abraham said, a reference to the National Intelligence Grid being built by the government.

A one-stop database for counter-terrorism agencies, Natgrid will collate information real time from databases of various agencies such as bank, rail and airline networks.

“…we do not record the purpose for which an authentication request was received but only the details of the agency that sent it,” UIDAI’s Pandey said.

But seven years is a long time. Only a select category of government files are kept for longer than five years.

Asked about two-year deadline for users, Pandey said it would have been a logistic nightmare to let people access the records once the information was offline.

The Supreme Court has a ruled that Aadhaar is not a must for availing welfare schemes and is to decide if collecting biometric data for the 12-digit number infringed an individual’s privacy.

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-17-2016-govt-to-keep-aadhaar-record-for-seven-years-activitsts-worried

Learning through Archives: A Colloquium on Digital Scholarship

praskrishna — 2016-11-05T11:27:10Z

FLAME University had invited Centre for Internet & Society to join a colloquium to delve into the opportunities and challenges of digital studies in India, with particular emphasis on pedagogy and the archive.

P.P. Sneha represented the Centre for Internet & Society in the event held at Pune on October 16, 2016. Asian Art Archive, Ashok Ranade Music Archive, National Film Archives of India, and National Museum also participated in the dialogue.

For more details visit http://editors.cis-india.org/raw/learning-through-archives-a-colloquium-on-digital-scholarship

Here is why government twitter handles have been posting offensive and partisan messages

praskrishna — 2016-10-16T03:24:45Z

You have failed us big time Mr Kejriwal, for your petty political gains you can become headlines for Pakistani press,” read a tweet on October 5 from @IndiaPostOffice, the official twitter handle of the Indian postal service.

The article by Danish Raza was published in the Hindustan Times on October 15, 2016. Nishant Shah was quoted.

It was a reference to Delhi Chief Minister Arvind Kejriwal urging the Prime Minister to counter Pakistan’s propaganda over surgical strikes.

Within hours, India Post tweeted an apology saying that the account was hacked.

This is the latest in a series of opinions and statements posted from official twitter handles of government departments and bodies. Of late, the Twitter handles meant to broadcast information related to government programmes have appeared like personal accounts tweeting slander and criticism.

Last month, the Twitter handle of Digital India tweeted a poem in Hindi calling on the Indian Army to persistently fire at protesters in Kashmir.

In August, the Twitter handle of Startup India retweeted a post suggesting that the Indian Army should ‘take care’ of #Presstitutes, a reference to sections of Indian media critical of the government.

The tweets expose loopholes in the government’s social media policy and raise questions about the norms followed in the recruitment of social media professionals for ministries and government institutions.

Work in Progress

The process of adopting new tools is work in progress. While the government agencies are trying to leverage social media to enhance citizen engagement, for the vast majority of government bodies, it is unexplored territory. Babus who have traditionally been dealing in paperwork and file notings are overwhelmed to see hash tags and trends. With a tech- savvy Prime Minister at the helm, every government department is trying to increase its digital footprint. At the same time, they face the challenge of reinterpreting existing work ethics and codes of conduct and applying them to the use of social media. Ministries such as the Ministry of External Affairs, Information & Broadcasting and the Prime Minister’s Office which have cohesive programmes and big mandate, have separate social media wings of their own with well- defined protocols. But these are exceptions.

Overall, the government bodies lack social media guidelines for their own efforts or which others can learn from. According to Chinmayi Arun, executive director, Centre for Communication Governance, National Law University, Delhi, mistakes are bound to happen given that everyone is new to social media. But it should be non-negotiable that when anything is said using an official governmental handle, the government should take more responsibility than just saying ‘oops’. “One of course is a clear and unequivocal statement apologising and taking back whatever was said. However, it should take pro-active measures to train and test people who handle its public-facing accounts and publish a clear monitoring and accountability mechanism by which they can be called to account. It should not be open to anyone to misuse the government’s official handles in this manner,” said Arun.

One of the areas where the lack of sensitisation is apparent is the usage of the same mobile device for multiple twitter handles – the most common reason for such goof-ups cited by social media consultants attached to various government departments. “I believe these were inadvertently posted by people handling these accounts. It may neither have been their mandate nor their intention. It happens when the person has configured multiple twitter handles from the same device and ends up posting from the wrong account,” said Amit Malviya, BJP’s National Convener, IT.

The majority of ministries and government departments do not give phones to members of the social media teams. It is up to the individual to use his personal device or get an additional one to manage the professional handle (s). A mistake will happen if a comment which was to be posted from the personal handle is posted from the official handle.

Twitter Goof-ups from GoI Accounts

“Because of the personalised and individual nature of social media, it is easy to forget that they are representing an institution and not themselves when using these handles. This also suggests the lack of public usage training in these organisations, and the need to educate our public actors in using social media with more responsibility as office bearers of an institution rather than a personal expression or an opinion,” said Nishant Shah, co-founder of the Centre for Internet and Society, Bangalore.

Another issue is that access to the account is given to multiple people. “Each one of them brings their individual personality and politics to their operation of the handle,” said Shah.

Hiring Issues

Part of the problem lies in the fact that there is no standard protocol on who can access the twitter handle of Indian government bodies and how this person or team is hired.

A few ministries (example: the ministry of railways) have a team comprising of government employees and staff of private agencies handling their account. Others have outsourced the job to agencies.

During the campaigning for the 2009 election, political parties got outside expertise to mark their presence online. The selection parameters of social media consultants – established public relations firms in some cases and individuals in others – was not uniform.

Unlike the traditional public relations officers who are from the Indian Information Services cadre, the social media consultants were selected based on their expertise in the field, political affiliation, and proximity to a party or leader.

Those who started handling social media accounts of political parties and leaders included trolls and social media influencers. “Parties got youngsters who were politically motivated and willing to work for political parties. They became cheaper alternatives for social media experts,” said Ishan Russel, political communication consultant.

After the NDA came to power, almost every ministry outsourced its digital expertise to agencies. Many individuals who were earlier directly working with leaders and parties got back with them via agencies. “If an agency is looking for people to handle the twitter account or Facebook page of a certain ministry in the BJP government, then those who are politically inclined towards the BJP will apply for the vacancies and their chances of getting hired are also much higher than someone who is neutral or known to be an AAP sympathiser,” said Vikas Pandey, 32-year-old software engineer, who headed the “I Support Namo” campaign on Facebook and Twitter, as a volunteer for the BJP.

Last year, the Prime Minister felicitated more than a dozen social media enthusiasts, including Vikas. The move raised eyebrows because many felt that the government was encouraging trolls. “It illuminates the fact that trolls have found gainful employment in the Government of India. Also that the entire edifice of the centre is being taken over by woefully undereducated bigots,” said Swati Chaturvedi, senior journalist and author.

Agency, the Soft Target

Till the time the government staff is well versed with social media tools, attributing the mistakes to an ‘outside agency’ appears to be the norm.

In the case of the twitter goof-up involving Startup India, Commerce and Industry minister Nirmala Sitharaman blamed a private agency that was managing the account of Startup India. “The retweets were done by an employee of the agency hired by the department of industrial policy and promotion. The person assigned by the agency for this particular job is not decided by the department and is the sole prerogative of the agency,” she said.

S Radha Chauhan, CEO of National e-Governance Division, attributed the controversial post from Digital India’s twitter handle to an agency called Trivone. “The person responsible had mistakenly tweeted from the official handle what he wanted to tweet from his personal account,” said Chauhan.

Those familiar with the functioning of the government’s social media verticals say that agencies are mentioned to cover up for mistakes often committed by someone from the government staff. “When in crisis, blame the agency, is the thumbrule the government follows. The fact is that each twitter post is approved by the client before it is posted,” said a senior executive with a digital marketing firm attached to a ministry which has recently earned lot of praise for its social media initiatives.

Nishtha Arora, social media and digital consultant in a reputed ad agency, was handling a political account till very recently. She said that the client required her to just randomly tweet or RT to be heard by the followers of a tech-savvy minister and be his digital mouthpiece. “I often had to draft tweets which looked like press releases,” she said.

“Digital faux pas is blamed on to someone who might be an expert in the field but yet has to bow down to the client pressure so that their agenda for the day is met and the said government body or ministry remains in the news,” she added.

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-danish-raza-october-15-2016-here-is-why-government-twitter-handles-have-been-posting-offensive-and-partisan-messages

OpenData Week in Madrid - OD4D Summit, Open Data Charter Meetings, and IODC16

praskrishna — 2016-10-16T03:11:54Z

Sumandro Chattopadhyay took part in three open data events in Madrid in the first week of October 2016.

OD4D Summit

Sumandro Chattopadhyay has been a member of the Open Data Research Network (funded by IDRC), which is now part of the Open Data for Development (OD4D) Network. The Network completed 2 years and held its first summit on October 3, 2016. The event was organized by IDRC. Participants discussed the way forward for the Network. Among other things the need for regional cooperation in open data policies and practices in the South, South East, and East Asia was noted.

Open Data Charter Meeting

Sumandro represented CIS in the Open Data Charter Lead Stewards' meeting held on October 5, 2016. The meeting was focused on finalising the business plan of the Charter for 2017-2020, including setting up a secretariat for coordinating and leading the work. The document was thoroughly discussed and will be revised further by the Lead Stewards during the next month, before sharing the draft version with the General Stewards in mid-November.

A meeting was held with the General Stewards and other participants on the evening of the same day. For more info, click here.

IODC 16

The 4th International Open Data Conference (IODC 16) organized by red.es, IDRC, the World Bank and Open Data in Madrid on October 6 and 7, 2016 brought out a lot of real concerns, sometimes even slightly bitter and worried, about the actual state of open data across the world and the relevance/implications of open data for various stakeholders. More info on IODC here.

Sumandro spoke at the Regional Talk session focusing on Asia. He spoke on Opening Data for innovation: from supply-driven to demand-driven Open Data strategies and moderated the session on demand-driven open data strategies.

Collected tweets from IODC can be accessed here.

For more details visit http://editors.cis-india.org/openness/news/opendata-week-in-madrid-od4d-summit-open-data-charter-meetings-and-iodc16

Hakon 2016

praskrishna — 2016-10-15T10:04:41Z

Udbhav Tiwari attended attended Hakon 2016, a conference held between September 30 and October 2, 2016 at Indore, Madhya Pradesh, India,on behalf of CIS under the Hewlett Cyber Security Project.

Hakon 2016 was the third edition of the conference which has been organised by Ninja Information Security Systems, an ISO 27001:2013 & 9001:2008 certified training organisation and the primary sponsor of the conference from Indore. The conference was efficiently organised, had about 150 to 200 people attending overall and provided an unique window into the non-tech hub/big city ethical hacker ecosystem and their place within the cyber security setup in India. The agenda of this year's conference was the Underground Digital Black Market & Digital Terrorism, with a fair mix of participants from the industry, academia and the government. The conference website can be looked up at http://www.hakonindia.org/ for further details, including a look at past editions of the conference.

The technical workshops held during the first two days of the conference were well organised and networking with the teachers during and mostly at the end of the conference was very helpful in understanding a practitioners perspective on cutting edge aspects of cyber security. This was particularly true for Chuck Easttom Williams, an accomplished cyber security expert from the USA who regularly trains government agencies and in a fairly reputed industry veteran who has been an invited speaker at DEFCON and even has a couple of patents to his name.

For more details visit http://editors.cis-india.org/internet-governance/news/hakon-2016

Tech companies like Gmail, WhatsApp may be asked to store user information

praskrishna — 2016-10-14T01:12:14Z

The government is moving to formulate rules that will require technology ‘intermediaries’— including email services like Gmail, chat apps such as WhatsApp and Snapchat or even ecommerce firms like Amazon — to retain user information, a development that is expected to be met with determined opposition.

The article by Surabhi Agarwal was published in Economic Times on October 14, 2016. Pranesh Prakash was quoted.

What the government is looking to do now is draft rules for Section 67C of the Information Technology Act, and this will be done by a committee that has been set up for the purpose. The rules — whose drafting has been waiting since 2008 — will spell out what type of data has to be stored, in which format, and for how long, according to three members of the newly-formed committee. All this so that law-enforcement agencies can access the information if they need it.

Sharing of information between foreign firms and the Indian government has been a contentious issue, and experts said the mandate may be impossible to implement for firms such as WhatsApp that promise end-to-end encryption. Or for Snapchat – a chat app where messages disappear within seconds and are not even stored on the company’s servers.

Firms may also oppose the diktat, especially since most of them are not governed by Indian laws and also due to the high cost of data retention.

The committee is headed by additional secretary in the ministry of electronics and IT (MEITY), Ajay Kumar, and has one representative each from the ministry of home affairs, department of telecom, department of personnel and training, Nasscom, Internet Service Provider Association of India (ISPAI), along with an advocate specialising in cyber law and a few officers from MEITY. The first meeting of the committee took place in the last week of September.

“This is a fairly complex issue, compounded by the general lack of understanding of mobile apps and over the top service providers,” said a person on the committee who did not wish to be identified. This person said that most technology players are based in the United States and they have always been at loggerheads about sharing of information with the government. “Even if it is for national security reasons, how much are these companies answerable to the Indian security establishment? And we do know how Apple refused to unlock the phone even for FBI."

Google and Facebook did not respond to requests for comment.

‘Huge balancing act’

Supreme Court lawyer and cyber law expert Pavan Duggal said the section has been drafted in very “broad” terms and the move may be driven by the realisation that these companies are huge data repositories – some of which might be relevant to law enforcement investigations. “It will have to be a huge balancing act and will be interesting to see what this committee decides,” added Duggal.

While Section 67C refers to the obligation of the service providers to retain information, the nature of the data to be retained and the time period is not specified. Companies which do not comply with the law can be levied fine and its officers sent to jail.

Another member on the committee said the ambit of this task is huge. “In the last meeting we argued that the rules should be the same for everybody and there should be no differential treatment for foreign companies such as Google or Microsoft,” he said. This person said that ambiguity is rampant as various government arms have different sets of rules for data retention.

For instance, the Department of Telecommunications (DoT) asks for data to be stored for six months, while the Registrar of Companies mandates some information to be retained for one year while the income-tax rules mandate data storage for six-seven years. “There has only been one meeting so far. It is a long procedure and will require several rounds of consultation,” said a third person on the committee.

Privacy activists like Pranesh Prakash of the Centre for Internet and Society said that one of the principles that’s frequently cited while discussing international practices on surveillance is that data retention should not be required of service providers.

And internationally too, there is no standard on this issue. “There were norms at the European Union-level regarding data retention, but they were struck down in 2014 by the European Court of Justice as being violative of human rights,” he said.

For more details visit http://editors.cis-india.org/internet-governance/news/economic-times-october-14-2016-surabhi-agarwal-tech-companies-like-gmail-whatsapp-may-be-asked-to-store-user-information