Centre for Internet and Society

2012 in Review: Biometric ID Systems Grew Internationally...and So Did Concerns about Privacy

praskrishna — 2013-01-17T04:40:00Z

As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2012 and discussing where we are in the fight for free expression, innovation, fair use, and privacy.

The blog entry was published in Right Side News on January 1, 2013

Around the world, systems of identification that employ automatic recognition of individuals’ faces, fingerprints, or irises are gaining ground. Biometric ID systems are increasingly being deployed at international border checkpoints, by governments seeking to implement national ID schemes, and by private-sector actors. Yet as biometric data is collected from more and more individuals, privacy concerns about the use of this technology are also attracting attention. Below are several examples of the year’s most prominent debates around biometrics.

FRANCE: In early March, the French National Assembly (Assemblée Nationale) passed a law proposing the creation of a new biometric ID card for French citizens, saying the measure would combat “identity fraud.” Embedded in the cards would be a compulsory chip containing personal information such as fingerprints, a photograph, home addresses, height, and eye color. All of this information would be stored in a central database. French Senator François Pillet called the initiative a time bomb for civil liberties. Near the end of March, however, the French Constitutional Council ruled that the new law proposing the introduction of a new biometric ID for French citizens was unconstitutional.

MEXICO: Documents obtained by EFF under Mexico’s Transparency and Access to Information Act show that as of May, nearly 4 million minors had been enrolled into registries associated with a new Mexican ID card for youths. Billed as a document that can help streamline registration in schools and health facilities, Mexico’s Personal ID Card for minors comes embedded with digital records of iris images, fingerprints, a photograph, and a signature. Despite concerns about privacy implications raised by organizations such as the Federal Institute for Access to Public Information, the Mexican government is now poised to launch the next step of the project - extending the ID cards to adults.
EUROPEAN UNION: The issue of privacy concerns surrounding biometric passports in Europe made its way to the European Court of Justice (ECJ), the highest court in the European Union. In September, the Dutch Council of State (Raad van State, the highest Dutch administrative court) asked the ECJ to decide if the regulation requiring fingerprints in passports and travel documents violates citizens’ right to privacy. The case entered a Dutch court after three Dutch citizens were denied passports, and another citizen was denied an ID card, for refusing to provide their fingerprints. The ECJ ruling will play an important role in determining the legality of including biometrics in passports and travel documents in the European Union.
INDIA: The Unique Identity Authority of India (UIDAI) continued collecting fingerprints, facial photographs, and iris scans from Indian residents for its massive unique ID endeavor, known as Aadhaar, which will result in the world’s largest biometric database and will compile 10 times as much data as all of Facebook.

The program is moving forward at a rapid clip despite privacy concerns raised by advocates such as the Centre for Internet and Society in India, and the Indian Parliament. In addition, a slew of other government agencies have moved ahead with biometric collection programs of their own. And just this past week, Visa and a group of Indian banks unveiled the “Saral Money” account, which links individuals’ Aadhaar numbers with credit card transactions and introduces a further complication into the privacy concerns inherent in this massive e-government endeavor.

Source: EFF

For more details visit http://editors.cis-india.org/news/rightsidenews-rebecca-bowe-january-1-2013

2012 Global Congress on Intellectual Property and the Public Interest: Call for Participation and Save the Date

praskrishna — 2012-05-02T05:05:57Z

The Second Global Congress on Intellectual Property and the Public Interest will take place in FGV Law School, Rio De Janeiro, Brazil from December 15 to 17, 2012. The theme for this year’s Congress will be “Setting the positive agenda in motion.” We invite applications to attend the Congress, including proposals to chair workshops or deliver a paper or presentation related to the Congress’s theme.

Application and Cost

The application form is available online . Due to generous support from our sponsors, the Congress will cover the registration fees and all on-site costs for all attendees, including lunches and dinner receptions. Limited travel grants to cover accommodation and/or travel to the Congress will be available, with priorities for those from developing countries.

Deadlines

Priority applications for travel assistance and to present or chair a workshop at the Congress will be due by August 1, 2012.
Final applications for travel grants, subject to funding availability, as well as applications to present at the Congress, will be due by September 1, 2012.
Applicants not seeking travel assistance or presentation opportunities may apply to attend the Congress by November 1, 2012.

Background and Explanation of the Theme

The first Global Congress on Intellectual Property and the Public Interest was convened in 2011 to define a positive agenda for policy reform, build a global network of scholars and advocates to promote the agenda and provide opportunities for the sharing of research and strategies. The nearly 200 inaugural participants from over 30 countries and 6 continents deliberated over three days through in-person meetings and web-based collaboration to produce the Washington Declaration on Intellectual Property and the Public Interest (http://infojustice.org/washington-declaration) -- an action agenda for promoting the public interest in intellectual property and information law reform around the world.

Sixteen months later, we come together to measure our progress and expand the positive agenda. To this end, we invite applications to attend the Congress and contribute to its deliberations identifying forums where policy is being developed, proposing policies or actions that promote public interest goals and principles, and identifying and planning to respond to research and analysis needs.

Presentation Opportunities

Because the primary purpose of the Congress is to promote deliberation and action planning, the opportunities for formal presentation will be somewhat limited. We will, however, have spaces for keynote presentations or panel discussions for each session (see below). In addition, as in the inaugural year, the Congress will host small works-in-progress workshops to allow participants to share their own work and solicit feedback from peers.

Draft Workshop Sessions

Six main tracks will include a half day workshop introduced by a lecture or panel discussion on one or more of the themes noted below. The keynote introduction will be followed by deliberation in which participants will, first, review progress and opportunity in existing or potential policy forums and, second, review the current state of research and identify policy and empirical research needs and resources. Tracks will also have opportunities to draft statements or action plans for adoption at the closing plenary of the Congress or for discussion and online after the Congress ends.

We encourage applicants to identify specific sessions in which they would like to contribute.

Regulating Intellectual Property: This session will survey recent developments and proposals to regulate uses of intellectual property through other legal doctrines that express and safeguard human values, including human rights, consumer protection, competition and privacy laws.

Valuing Openness and the Public Domain: This session will survey recent developments and proposals to ensure that creative and innovative works ultimately become free for all to use as part of the public domain, including through open licensing, open access, open educational resources, open data, open standards, open government, and related open information policies.

Strengthening Limitations and Exceptions as Enabling Tools for Innovation and Expression: This session will survey recent developments and proposals to use limitations and exceptions as positive enabling doctrines to ensure that intellectual property law fulfills its ultimate purpose of promoting essential aspects of the public interest.

Setting Public Interest Priorities for Patent and Research and Development Reform: This session will survey recent developments and proposals to ensure that patent and other research and development policies serve all segments of society, and particularly the most disadvantaged, and accommodate the diverse needs of a complex world with a more diverse structure of incentives for innovation.

Supporting Cultural Creativity: This session will survey recent developments and proposals to maximize opportunities for creativity while increasing access to creative works and helping to end disputes over practices like non-commercial file-sharing.

Checking Enforcement Excesses: This session will survey recent developments and proposals to ensure that intellectual property enforcement policies and practices respect the human rights principle of proportionality and are not used as a diversion from the difficult task of tailoring intellectual property norms to their social contexts.

Implementing Development Agendas: This session will survey recent developments and proposals to fully integrate the development dimension into intellectual property policy and norm-setting at all levels of international and national intellectual policy making. The session will have a special focus on developments in the BRICS group of emerging economies.

Targeted Research: Given the spectrum of issues described above, what are the key research needs? Given academic incentive structures, what kinds of research fall through the cracks? Given the funding crisis in this field, how can we meet research needs on the cheap? Given the international scope of many policy issues, how can we work collaboratively and comparatively? Given the Internet, how can we develop and leverage new software tools for data collection?

In addition to the above sessions, we invite presentations on other topics relevant to the positive agenda the Washington Declaration promotes, including:

the role of mobilisation and activism.
collaboration between ISPs and governments in enforcement
the ecology of access to educational materials
designing copyright from scratch
updates and lessons from specific forms, e.g. WIPO, national legislatures, trade negotiations, etc.

The application form is available here . Please forward this invitation to interested lists and individuals. For more information or questions, you may contact globalcongress2012@gmail.com.

Global Congress Planning Committee

Centro de Tecnologia e Sociedade – CTS | FGV DIREITO RIO, 2012 Chair
American Assembly, Columbia University, New York
International Centre for Trade and Sustainable Development, Geneva
Centre for Internet and Society, India
Open African Innovation Research and Training (Open AIR) initiative
Program on Information Justice and Intellectual Property, American University, Wash. D.C.

Click to read the original published in infojustice.org

For more details visit http://editors.cis-india.org/a2k/global-congress-on-ip-call-for-participation

2012 Global Congress on Intellectual Property and the Public Interest

praskrishna — 2012-05-02T05:04:57Z

We are pleased to announce the Second Global Congress on Intellectual Property and the Public Interest. The theme for this year’s Congress will be “Setting the positive agenda in motion,” and will have a special focus on developments and opportunities in the so-called “BRICS” group of emerging economies. This note invites applications to attend the Congress, including proposals to chair workshops or deliver a paper or presentation related to the Congress’s theme.

Application and Cost Information

The application form is available now at http://infojustice.org/globalcongress2012/registration. Due to generous support from our sponsors, the Congress will cover the registration fees and all on-site costs for all attendees, including lunches and dinner receptions. Limited travel grants to cover accommodation and/or travel to the Congress will be available, with priorities for those from developing countries.

Deadline

Priority applications for travel assistance and to present or chair a workshop at the Congress will be due by August 1, 2012.
Final applications for travel grants, subject to funding availability, as well as applications to present at the Congress, will be due by September 1, 2012.
Applicants not seeking travel assistance or presentation opportunities may apply to attend the Congress by November 1, 2012.

Please forward this invitation to interested lists and individuals. For more information or questions, you may contact globalcongress2012@gmail.com

Global Congress Planning Committee

Centro de Tecnologia e Sociedade – CTS | FGV DIREITO RIO, 2012 Chair
American Assembly, Columbia University, New York
International Centre for Trade and Sustainable Development, Geneva
Centre for Internet and Society, India
Open African Innovation Research and Training (Open AIR) initiative
Program on Information Justice and Intellectual Property, American University, Wash. D.C.

Read the original published on infojustice.org

For more details visit http://editors.cis-india.org/a2k/global-congress-on-ip

2011: The year India began to harness social media

praskrishna — 2012-01-04T07:19:07Z

About half a decade ago, netizens began to expand their online presence by forging new relationships, rediscovering old ones and sharing information and content on what came to be collectively termed as social media. The year gone by marked a new milestone for this social media phenomenon, which saw a paradigm shift from merely being a networking platform to becoming a political tool, writes Satarupa Paul in the Sunday Guardian on 1 January 2012.

2011 was a year of diametrically contradictory events, however, what joined these diverse proceedings together was their concurrent presence in social media, which attracted users to its growing landscape, changing forever the ways in which we connect and interact online.

An infographic by Search Media Journal showed that registered users on social networking premier Facebook grew more than 80% in the past year, taking the count to 640 million people. It said that if Facebook were a country, it would be the world's third largest, after China and India. Interestingly, microblogging site Twitter saw a whopping growth of more than 250% in the number of tweets per day. Social media penetration increased by 3% in India to more than 38 million users. Social media agency We Are Social says that India now has the second-highest number of LinkedIn users and the fourth-highest number of Facebook users in the world. However, a fascinating aspect of the growth in India's social media landscape is that most of it has been achieved by mobile subscription, which jumped by 71% in 2011.

Nishant Shah, Director of Research at the Centre for Internet and Society, Bangalore, identifies three important social media trends for India in 2011, which can be extended to the rest of the world. "Firstly, we saw an increased sharing of digital content whether photos, videos, songs, news or blogs," he says, pointing to the Why This Kolaveri Di video, which went viral on YouTube with over 1.3 million views within a week of its release. "The second and most prominent trend was the mobilisation of masses towards particular causes," Shah says. Twitter and Facebook helped gather mass support for the Anna Hazare movement in India. Even the Arab Spring uprisings, notably in Tunisia, Egypt and elsewhere in the Middle East, relied heavily on social media, as did the Occupy Wall Street protests, where Twitter established itself as a communicator of the movement.

"The third aspect is the draconian censorship measures that followed as governments realised the threats they faced from social media platforms.The mobilisation on social media that ultimately translated into protests saw a critical mass being achieved, which made governments take notice and impose the draconian rules."

"The third aspect is the draconian censorship measures that followed as governments realised the threats they faced from social media platforms," says Shah. Anja Kovacs of The Internet Democracy Project explains, "To understand what led to the censorship rules being enforced in the last one year, one has to understand the concept of critical mass." She says that for a medium to become effective, it has to reach a threshold of people active on it. "The mobilisation on social media that ultimately translated into protests saw a critical mass being achieved, which made governments take notice and impose the draconian rules," she said. In Egypt, President Hosni Mubarak attempted to cut off the Internewwt, betraying his fear of this arsenal of social networking, while in India, the Minister for Communications and Information Technology, Kapil Sibal, demanded that Internet firms should self-censor users' content. Kovacs says, "This was an extension of the Information Technology Rules introduced in April 2011, which requires intermediaries like Facebook, Google, etc., to remove any content if an individual complains against it on flimsy grounds like 'disparaging' or 'harmful for children'."

Most of these censorship attempts have only backfired, with social media users vehemently opposing and criticising them. But with pressure mounting from governments to curtail content, social media experts hope that 2012 will be a better year for one's freedom on the web. "I hope that social media remains as open as it is now and doesn't fall victim to the draconian measures," Shah says. Kovacs agrees, "Instead of censorships on weak arguments, we should try and have wider debates in society about what should be allowed and what not. Hope we will be able to achieve broader agreements in the coming year."

The original article was published in the Sunday Guardian

For more details visit http://editors.cis-india.org/news/2011-the-year-india-began-to-harness-social-media

350% surge in Cyber crimes in last 3 years

praskrishna — 2015-02-07T16:13:59Z

India’s registered cyber crimes leapt 350% in three years but the legal system is struggling to cope with more and more lawbreakers exploiting the anonymity of the internet.

The article was published in the Hindustan Times on January 20, 2015. Sunil Abraham was quoted.

National Crime Records Bureau statistics show number of recorded cases of cyber crime jumped to 4,356 from 966 in the three years up to 2013, with India being more susceptible to digital attacks because of the increasing number of net users in the fast-growing economy.

“Illegal gains” and “harassment” are the top cyber crime motives, the data reveal, though the majority of the crimes were registered under the “others” category — 2,144 cases in 2013. Analysts say such a high number of cases being pigeonholed in this section implies current laws and regulations aren’t detailed enough to tackle cyber crime. The challenge is daunting for India — estimated to have 302 million internet users by the end-2014 and set to have the second largest number of netizens in the world after China this year.

Data show that the age group of 18-30 accounts for the highest percentage of cyber crime with 1,638 persons arrested out of 3,301 in 2013. The surge in cyber crime may also have been brought on by inefficiencies in the legal system with activists challenging some cyber laws considered too draconian for a modern, democratic society.

Various sections of the IT Act were deeply flawed as they were “copy-paste jobs” from British and American laws, said Sunil Abraham, founder-director of Bengaluru-based Centre for Internet & Society. To prevent such abuses, the Supreme Court ruled in 2013 that arrests could only be made after clearance from an inspector general of police in a city and a superintendent of police in a district.

(Devanik Saha is Data Editor at The Political Indian; Indiaspend.org is a data-driven, public-interest journalism non-profit)

For more details visit http://editors.cis-india.org/internet-governance/news/hindustan-times-january-20-2015-devanik-saha-indiaspend-350-per-cent-surge-in-cyber-crimes-in-last-3-years

“The Internet and Controls: A Disturbing Scenario”

praskrishna — 2014-03-05T12:09:11Z

Prof. Mohan SundaraRajan, a renowned science writer will give a talk at the Bangalore International Centre in TERI on March 7, 2014 at 6.30 p.m. Sunil Abraham will chair and moderate the session.

See the invite below. Event details are also posted on the website of Citizen Matters.

For more details visit http://editors.cis-india.org/news/the-internet-and-controls-a-disturbing-scenario

“Made in India” Innovation Policy

praskrishna — 2016-09-22T01:15:40Z

In this post they emphasize upon the need for data-driven IP policy making in India.

This blog post written by Prof Collen Chien and Prof Contreras, and published this week (September 19, 2016) on SpicyIP mentions CIS' patent landscaping study.

A few weeks ago we were honored to participate in Jindal Global Law School’s Conference on “Innovation for Shared Prosperity”. Much of the conversation was centered on the important topic of how intellectual property (IP) policy can best support manufacturing and entrepreneurship initiatives like the “Startup India” and “Make in India”. In turn, we believe it’s also important to think about how best to foster IP policies that are truly “made in India”. In light of India’s history of implementing certain IP policies because it had to, not because it wanted to, for example recent homegrown commitments to strengthen the patent system by reducing the time to patent are notable.

The record is already replete with examples of indigenous innovation by Indian policymakers. Whether section 3(d), Form 27 patent working disclosures, or the “Middle Path” approach to requiring deposits in standards essential patent disputes – agree or disagree with them, these Indian approaches to innovation policy are themselves innovative.

But one problem that we have observed is that the data available to develop and evaluate Indian IP policies tends to be thin. With respect to patents, for example, it is hard to access patent records, as there are often long delays before patent applications, patent working disclosures and other documents are uploaded to the Indian Patent Office (IPO) web site, notwithstanding statutory requirements and IPO policies. While there have been some published reports of cases and published decisions (Mathur 2007, Ghosh 2012), it is generally hard, as it is in other jurisdictions, to match patent filings to them to court filings, assignment records, citations, prior art and other metrics of interest. This isn’t true just of India but many other countries. But to support world class, data-driven policy making, support for analytical work, combined with data access, is needed. This is particularly important given the demonstrated gap between rules on the books, which may appear harmonized, and rules in practice, which are not.

In developing policy, it is often useful to start with the ultimate policy goal – whether it be further improving the country’s ranking on the Innovation Index or taking a place at the international standard setting table – and then developing data-based metrics to demonstrate progress toward that goal. The assumptions behind conflicting policy positions can then be tested and vetted against actual experience within the Indian setting. It is through these processes that a “made in India” innovation policy will be truly indigenous, reflecting not only political mandates and theories, but the demonstrated experience of India’s technical, business, and legal communities.

Historically, there have been relatively few empirical studies to support data-based policy making. In the non-exhaustive list below, we highlight several studies and reports (some our own) that demonstrate the usefulness and power of empirical data:

One topic about which there have been an exceptional number of empirical studies is the Indian pharmaceutical sector. Duggan and collaborators (2012, 2014) studied the relationship between drug prices and pharmaceutical patent issuances in India, and Lanjouw and Cockburn (2000) and Nandkumar and Srikanth (2011) explored the relationship between Indian patent issuance and strength and R&D spending. Recently Sampat and Shadlen have found that policies to discourage so-called “secondary” drug patents in India and Brazil have had little direct effect.

With the initiation by foreign patent holders a few years ago of infringement suits against a variety of domestic Indian and Chinese smartphone manufacturers, many wondered how much of the Indian mobile device patent landscape was already in the hands of foreign companies. Contreras, together with Rohini Lakshané of the Centre for Internet and Society, conducted a study to find out. Their results were telling: of approximately 23,500 total Indian patents and published patent applications in the mobile device sector, only 50, about 0.00% were owned by Indian companies. It is hoped that this eye-opening result will help mobilize Indian firms and policy makers to address the lack of Indian participation in international technology standardization efforts.

WIPO publishes statistics yearly about India’s relative rank with respect to a number of innovation metrics. While many are aware that India ranked 66th in this year’s Global Innovation Index, up 15 places from 2015 (Switzerland ranked 1st), WIPO’s 2015 IP indicators report contains other findings: that India ranks in the top 15 globally in terms of patent filing activity, that non-residents are using the Indian Patent Office more heavily than are residents (Fig. 2, p. 23) and that recent filings have been dominated by computer technology, organic fine chemistry and pharmaceuticals. Others have relied on WIPO statistics to compare India’s performance with that of China and other BRIC countries.

India is by nature an innovative nation. Its innovative spirit manifests itself both in terms of technology creation as well as policy development. Nevertheless, without robust, reproducible and broadly accessible data, policy decisions will continue to be based on intuition, guesswork and partisan advocacy by those having the most to gain from the system. We encourage the Indian government and academy to continue to devote resources to develop a robust data culture within the Indian intellectual property community and to make the underlying data as widely available as quickly as possible.

For more details visit http://editors.cis-india.org/a2k/news/spicy-ip-september-19-2016-prof-colleen-v-chien-and-prof-jorge-l-contreras-made-in-india-innovation-policy

150 Rare Books Get New Lease of Life Online, Courtesy Students

praskrishna — 2014-07-18T06:12:31Z

You might have heard about Samkshepa Vedartham by Clement Pianius, the first book printed in Malayalam but might not have got a chance to read it.

The article by Anila Backer was published in the New Indian Express on July 15, 2014. The Access to Knowledge team at the Centre for Internet and Society (CIS-A2K) supported this Malayalam community event.

Now, you can read the book published in 1772 online through the Malayalam Wiki library (Wiki grandhasala). More than 150 such rare books have been digitised and uploaded by the school students across the state and a few members of the public as part of the digitisation contest jointly hosted by Malayalam Wikipedia community, IT@School, Kerala Sahitya Akademi , Centre for Internet and Society and Swathanthra Malayalam computing.

More than 1,000 students from 137 schools and 234 participants from the public uploaded more than 13,000 pages of rare books such as Hasthalakshana Deepika (1892) by Kadathanattu Udayavarma Thampuran, Madamahee Shashathakam Manipravalam (1908) by Kottaratil Shankunni, Malayazhmayude Vyakaranam (1863) by Rev George Mathan and Divan Shankunni Menon (1922) by C Achutha Menon as part of the competition held during January and February.

Besides, you can also acquire information on the social scenario during different time periods, like the matrilineal system of inheritance, ‘Marumakkathayam’ through the various volumes of old magazines digitised by the students. Magazines such as Mangalodayam and Rasikaranjini are also available in the wiki library. “Books that were not available in Malayalam and those existed only in the German and French libraries were digitised with the contest. The contest was organised to provide the public access to these rare collections,” says IT@School Wayanad district coordinator V J Thomas.

“It also allows one to search for a particular word or topic as well as to copy the content of the book for a research work or other purposes that cannot be done with a scanned copy of a book,” he adds.

“Moreover, it also aims at developing an interest among the students towards Malayalam computing and to make them effectively utilise the scope of Internet, besides improving their reading habit,” he added.

“It has also improved the typing speed of the students and they get familiar with the old fonts in the language also,” he added.

For more details visit http://editors.cis-india.org/news/new-indian-express-july-15-2014-anila-backer-150-rare-books-get-new-lease-of-life-online-courtesy-students

135 million aadhaar details, 100 million bank accounts "leaked" from government websites: Researchers

praskrishna — 2017-05-20T06:19:12Z

This was published by Counterview on May 5, 2017.

A top study by the Centre for Internet and Society (CIS) has estimated that “estimated number of aadhaar numbers leaked” through top portals which handle aadhaar “could be around 130-135 million”. Worse, it says, the number of bank accounts numbers leaked would be “around 100 million”.

The study, carried out by researchers Amber Sinha and Srinivas Kodali, adds, “While these numbers are only from two major government programmes of pensions and rural employment schemes, other major schemes, who have also used aadhaar for direct bank transfer (DBT) could have leaked personally identifiable information (PII) similarly due to lack of information security practices.”

Pointing out that “over 23 crore beneficiaries have been brought under aadhaar programme for DBT”, the study, titled “Information Security Practices of Aadhaar (Or Lack Thereof)”, says, “Government schemes dashboard and portals demonstrate … dangers of ill-conceived data driven policies and transparency measures without proper consideration to data security measures.”

Claiming to have a closer look at the databases publicly available portals, the researchers identify four of them a pool of other government websites for examination:

A welfare programme by the Ministry of Rural Development, the National Social Assistance Programme (NSAP) portal, even as seeking to provide public assistance to its citizens in case of unemployment, old age, sickness and disablement, offers information about “job card number, bank account number, name, aadhaar number, account frozen status”, the researchers say.

Pointing out that “one of the url query parameters of website showing the masked personal details was modified from nologin to login”, they say, the “control access to login based pages were allowed providing unmasked details without the need for a password.”

In fact, they say, the Data Download Option feature “allows download of beneficiary details mentioned above such as Beneficiary No, Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state.”
They add, “The NSAP portal lists 94,32,605 banks accounts linked with aadhaar numbers, and 14,98,919 post office accounts linked with aadhaar numbers. While the portal has 1,59,42,083 aadhaar numbers in total, not all of whom are linked to bank accounts.”

Also giving the example of the national rural job guarantee scheme, popularly called NREGA, the researchers say, its portal provides DBT reports containing “various sub-sections including one called ‘Dynamic Report on Worker Account Detail’,” with details like “Job card number, aadhaar number, bank/postal account number, number of days worked”, and so on.

“As per the NREGA portal, there were 78,74,315 post office accounts of individual workers seeded with aadhaar numbers, and 8,24,22,161 bank accounts of individual workers with aadhaar numbers. The total number of Aadhaar numbers stored by portal are at 10,96,41,502”, they add.

Providig similar instances form two other sources, the researchers insist, “The availability of large datasets of aadhaar numbers along with bank account numbers, phone numbers on the internet increases the risk of financial fraud.”

Underlining that “aadhaar data makes this process much easier for fraud and increases the risk around transactions”, they say, “In the US, the ease of getting Social Security Numbers from public databases has resulted in numerous cases of identity theft. These risks increase multifold in India due the proliferation of aadhaar numbers and other related data available.”

Click to read the original published by Counterview on May 5, 2017.

For more details visit http://editors.cis-india.org/internet-governance/news/counterview-may-5-2017-135-million-aadhaar-details-100-million

135 MEELLION Indian government payment card details leaked

praskrishna — 2017-05-20T11:51:14Z

Legislation coming to beef up Aadhaar card privacy, security.

The article by Richard Chirgwin was published in the Register on May 3, 2017.

If you're enthused about governments operating large-scale online identity projects, here's a cautionary tale: the Indian government's eight-year-old Aadhaar payment card project has leaked a stunning 130 million records.

Aadhaar's role in authenticating and authorising transactions, and as the basis of the country's UID (unique identification database) makes any breach a privacy nightmare.

India's Centre for Internet and Society (CIS) made their estimate public in a report published on Monday.

It's not that there was a breach related to Aahdaar itself: rather, other government agencies were leaking Aadhaar and related data they'd collected for their own purposes.

The research paper drilled down on four government-operated projects: Andhra Pradesh's Mahatma Gandhi National Rural Employment Scheme; the same state's workers' compensation scheme known as Chandranna Bima; the National Social Assistance Program; and an Andhra Pradesh portal of Daily “Online Payment Reports under NREGA” maintained by the National Informatics Centre.

In total, the CIS says, the portals leaked 135 million Aadhaar card records linked to around 100 million bank account numbers.

Given India's enthusiasm to try and eliminate cash, it's a big deal: the Aadhaar card funnels benefits to recipients' linked bank accounts. As the report states: “To allow banking and payments using Aadhaar, banks and government departments are seeding Aadhaar numbers along with bank account details”.

The centre says the leaks represent significant and “potentially irreversible privacy harm”, but worse they also open up a fraud-ready source of personal information.

Online databases examined by the CIS included “numerous instances” of Aadhaar Numbers, associated with personal information.

The Indian government responded through Aruna Sundararajan, secretary at the Union Electronics and Information Technology Ministry, who announced amendments to the country's IT legislation to beef up the system's privacy and security.

“Aadhaar has very strong privacy regulation built into it”, she told the Hindu, but it needs better enforcement.

Sundararajan said those issues will be addressed in the legislative amendments.

For more details visit http://editors.cis-india.org/internet-governance/news/the-register-richard-chirgwin-may-3-2017-135-million-indian-government-payment-card-details-leaked

130 Million at Risk of Fraud After Massive Leak of Indian Biometric System Data

praskrishna — 2017-05-20T12:36:06Z

A series of potentially calamitous leaks in India leave as many as 130 million people at risk of fraud or worse after caches of biometric and other personal data became accessible online.

The article by Dell Cameron was published by Gizmodo on May 3, 2017.

That’s according to a new report from the Bangalore-based Centre for Internet and Society (CIS), which details breaches at four national- and state-run databases, all of which are said to contain purportedly “uniquely-identifying” Aadhaar numbers.

Launched in 2009, the Aadhaar system is an ambitious, albeit flawed program aimed at assigning unique identity numbers, not only to Indian citizens, but everyone who resides and works in the country. It is the largest program of its kind in the world. The 12-digit Aadhaar codes are assigned and maintained in a central database by the Unique Identification Authority of India (UIDAI) and link to biometric data of fingerprint and iris scans combined.

For security purposes, since 2002, all U.S. passports issued to international travelers at embassies and consulates around the world have contained biometric data, including a ten fingerprint scan, contained in a microchip embedded in the back cover. In 2007, the law was extended to cover U.S. citizens, and since at least 2013, so-called “e-passports” have been the standard.

With a very different intention in mind, the Aadhaar system was created to employ biometrics as a means to ensure that Indian residents have access to the social safety net, including programs for welfare, health, and education. But due to the sheer scale—again, the largest biometric project in history—the program has been fraught with controversy since day one. Since inception, more than 1.13 billion Aadhaar numbers have since been assigned, according to UIDAI data. (India has a population of roughly 1.32 billion.)

Former World Bank economist Salman Anees , a member of the Indian National Congress (INC), points to migrant laborers as an example of those the program is intended to help. The often carry no identification, he said, and therefore can rarely prove who they are when traveling from state to state. The purpose of the Aadhaar system, he said, is to provide every Indian with a “digital identity.”

“At least, that was the original idea,” adds Soz.

After the INC was battered in the 2014 general election, plans were put forth to expand the scope of the Aadhaar program, inflaming public concern over security and privacy. “Basically, you take this Aadhaar number and you start seeding different [government] databases,” Soz says. “And that, in effect, creates this huge data structure that people are very uncomfortable with.”

“In some ways,” he continued, “what you have is this amazingly modern system with huge data collection potential—and of course, many positives can come from this, but in the wrong hands it can become a huge problem for India. At the same time, your legal framework, your regulatory framework, your policies and procedures are not there. People aren’t aware of what their rights are. They have no idea what this thing can do.”

One problem, Soz says, is that Aadhaar numbers are not always checked against a cardholder’s fingerprints or iris scans in all cases, defeating its purpose entirely. When someone provides an Aadhaar number to prove their identity online or by phone, for example, their identities cannot adequately verified. In this way, Aadhaar numbers are not wholly unlike Social Security numbers in the United States. Were 130 million Social Security numbers to be leaked online, confidence in the ability to use that number to confirm an Americans’ identities would be shaken, if not destroyed.

Last month, a central government database containing thousands of Aadhaar numbers—as well as dates of birth, addresses, and tax IDs (PAN)—reportedly leaked, exposing thousands of Indian residents to potential abuse. According to The Wire, the information, which was contained in Microsoft Excel spreadsheets, could be easily located on Google.

According to CIS, roughly 130-135 million Aadhaar numbers have now been exposed in this most recent leak. With the growing use of the numbers in areas such as insurance and banking, and without proper mechanisms in place to biometrically confirm the identities of cardholders in every case, the threat of financial fraud is pervasive. “All of these leaks are symptomatic of a significant and potentially irreversible privacy harm,” the report says, noting that such incidents “create a ripe opportunity for financial fraud.”

While Aadhaar is not mandatory everywhere, CIS says, the Indian government continues collecting information about the participants under various social programs. Inevitably, that information is combined with other databases containing even more sensitive data. As that happens, there’s a heightened risk to those whose Aadhaar numbers have been compromised. How the Indian government will address its apparently inadequate security controls before fraud overwhelms the system remains unknown.

Read the full report: Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information

For more details visit http://editors.cis-india.org/internet-governance/news/gizmodo-may-3-2017-130-million-at-risk-of-fraud-after-massive-leak-of-indian-biometric-system-data

130 Million Aadhaar Numbers Were Made Public, Says New Report

praskrishna — 2017-05-20T06:32:32Z

The research report looks at four major government portals whose poor information security practices have exposed personal data including bank account details.

The article was published in the Wire on May 1, 2017. This was also mirrored on MensXP.com on May 5, 2017.

Irresponsible information security practices by a major central government ministry and a state government may have exposed up to 135 million Aadhaar numbers, according to a new research report released on Monday.

The last two months have seen a wave of data leaks, mostly due improper information security practices, from various central government and state government departments.

This new report, released by the Centre for Internet and Society, studied four government databases. The first two belong to the rural development ministry: the National Social Assistance Programme (NSAP)’s dashboard and the National Rural Employment Guarantee Act (NREGA)’s portal.

The second two databases deal with the state of Andhra Pradesh: namely, the state government’s own NREGA portal and the online dashboard of a state government scheme called “Chandranna Bima”.

“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” the report’s authors, Amber Sinha and Srinivas Kodali, state.

The data leaks come, in part, from the government’s decision to provide online dashboards that were likely meant for general transparency and easy administration. However, as the report notes, while open data portals are a laudable goal, if there aren’t any proper safeguards, the results can be downright disastrous.

“While availability of aggregate information on the dashboard may play a role in making government functioning more transparent, the fact that granular details about individuals including sensitive PII such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away suggest how poorly conceived these initiatives are,” the report says.

Consider the NSAP portal for instance. The dashboard allows users to explore a list of pensioners, whose personally identifiable information include bank account number, name and Aadhaar number. While these details are “masked for public view”, the CIS report points out that if “one of the URL query parameters of the website… was modified from ‘nologin’ to ‘login'”, it became easy to gain access to the unmasked details without a password.

“It is entirely unclear to us what the the purpose behind making available a data download pption on the NSAP website is. This feature allows download of beneficiary details mentioned above such as Beneficiary No., Name, Father’s/Husband’s Name, Age, Gender, Bank or Post Office Account No. for beneficiaries receiving disbursement via bank transfer and Aadhaar Numbers for each area, district and state,” the report states.

UIDAI role?

Kodali and Sinha also prominently finger the role of the Unique Identification Authority of India (UIDAI), the government agency that manages the Aadhaar initiative, in the data leaks.

“While the UIDAI has been involved in proactively pushing for other databases to get seeded with Aadhaar numbers, they take little responsibility in ensuring the security and privacy of such data.With countless databases seeded with Aadhaar numbers, we would argue that it is extremely irresponsible on the part of the UIDAI, the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the report states.

Still public?

A crucial question that arises is whether these government databases are still leaking data. Over the last two months, some of information has been masked.

“It must be stated that since we began reviewing and documenting these portals, we have noticed that some of the pages with sensitive PII (personally identifiable information) have now been masked, presumably in response to growing reports about Aadhaar leaks,” the report notes.

For more details visit http://editors.cis-india.org/internet-governance/news/the-wire-may-1-2015-130-million-aadhaar-numbers-were-made-public-says-new-report

105 Kannada books released under Creative Commons

praskrishna — 2014-09-30T05:57:37Z

Contents will now be available in Wikisource for use by everyone.

The article was published in Bangalore Mirror on September 29, 2014.

Kannada book lovers will now be able to legally download more than 100 books that have been released by the state government under the Creative Commons licence. The treasure trove, which includes a good mix of classics and rhythmic writings, have been digitised by the Department of Kannada and Culture and some of them put up on Wikisource, the website from where details for Wikipedia pages are sourced.

The licence entitles anyone "to use the work in a commercial product or otherwise, and to modify it according to their needs." The licence is not limited to use in Wikipedia.

The initiative, which aims to enrich Kannada language and culture, is the brainchild of UB Pavanaja, a Bangalore-based writer. Pavanaja, along with some other Wikipedia contributors, approached the department to digitise and re-release Kannada classics. The department then decided to give CC licence to 105 books last month. With this licence, the source copy (soft copy) of the books will be made available.

The books released by the department include 35 volumes of the Samagra Dasa Sahitya (complete Dasa literature), 15 volumes of Samagra Vachana Samputa (complete Vachana literature), 36 volumes of Rigveda Samhita, Kumaravyasa Bharata, Jaimini Bharata, Nalacharitre and Mohana Tarangini. Soon, all these will be available for anyone who wants to read them online.

"According to India's copyright laws, any book will be out of copyright after 60 years. So technically, classics are out of copyright but this applies to the text only. But when someone publishes even a classic, they hold the copyright to the information they have keyed in and edited," said Pavanaja who is also a member of the advisory committee to the state government of Kannada software development. "What the department has given is rights to re-published versions of the classics and also the commentary, criticism, essays on these classics they have published. Any information that is out of copyright is uploaded to wikisource.org. They have given us soft copies of some of the books. The rest of the books for which CC licence is provided will have to be typed again and uploaded to Wikisource."

Pavanaja, who is also a popular contributor of Kannada information on Wikipedia, feels the 'free and open' knowledge movement in Kannada and especially Wikipedia is hampered by lack of contributors.

"Malayalam Wikipedia has nearly 1,000 editors. Kannada also has 600 registered editors, but only about 22 are active. So while the number of Wikipedia articles in other languages are increasing in leaps and bounds, there are only about 18,000 Kannada articles. This is a very small number considering there are around 18 lakh hits for Kannada every day."

Director of the Department Kannada and Culture KA Dayanand told Bangalore Mirror that they are currently only uploading books to which the department holds the copyright.

"I have also written to the writers who hold copyrights of books published by us. If they give permission, more books will be released. If more Kannada books are available online, it can only boost Kannada on the Internet."

In another related development, Mysore University has released six of the 14 volumes of its encyclopedia. Four of these will be available for anyone to read online, modify and use it. The Hampi Kannada University has a huge 29-volume encyclopedia. Sources say the university is in the initial stage making this available on Creative Commons.

For more details visit http://editors.cis-india.org/openness/news/bangalore-mirror-shyam-prasad-105-kannada-books-released-under-creative-commons

100 Konkani Articles Added to Wikipedia in One Day

praskrishna — 2016-02-12T15:17:02Z

This was published in the Times of India.

For more details visit http://editors.cis-india.org/a2k/news/100-konkani-articles-added-to-wikipedia-in-one-day

महाराष्ट्र ग्रंथोत्तेजक संस्थेमधील एक हजार ग्रंथ ऑनलाईन

praskrishna — 2015-12-15T07:57:00Z

Coverage of Marathi Wikipedia in Saamna.

A scanned version of the article published in Saamna on October 30 is below:

For more details visit http://editors.cis-india.org/openness/news/92e93993e93093e93794d91f94d930-91794d93090292594b92494d92494791c915-93890293894d92594792e927940932-90f915-93991c93e930-91794d930902925-91192893293e908928