Centre for Internet and Society

Big Brother is Watching You

sunil — 2012-03-21T09:32:28Z

The government is massively expanding its surveillance power over law-abiding citizens and businesses, says Sunil Abraham in this article published by the Deccan Herald on June 1, 2011.

Imagine: An HIV positive woman calls a help-line from an ISD/STD booth. The booth operator can get to know who she called, when and for how long. But he would not have any idea on who she is or where she lives.

Now, instead of a phone call, imagine that she uses a cyber café to seek help on a website for HIV positive people. The cyber-cafe operator would have a copy of her ID – remember that many ID documents have phone numbers and addresses. He may then take her photograph using his own camera. One can only hope that he will take only a mug-shot without using the zoom lens inappropriately. He would also use a software – to log her Internet activities and make a reasonable guess on her HIV status.

The average Facebook page may have 50 different URLs to display the various images, animations and videos that are linked to that page. Each of those URLs would be stored, regardless of whether she scrolls down to see any of them.

The cyber-cafe operator is obliged under the Cyber Cafe rules to store this information for a period of one year. But there are no clear guidelines on when and how he should dispose of these logs. An unethical operator could leak the logs to a marketeer, a spammer, a neighbourhood Romeo or the local moral police. A careless operator maybe vulnerable to digital or physical theft and before you know it, such logs could end up on the Internet.

Ever since 26/11, cyber-cafes in metros have been photocopying ID documents – but so far not a single terrorist attack has been foiled or a crime solved thanks to this highly intrusive measure. But despite the lack of evidence to prove the efficacy of the current levels of surveillance, the government has decided to expand them exponentially.

Imagine again: A media organisation such as Deccan Herald is investigating a public interest issue with the help of a whistle-blower or an anonymous informant. Deccan Herald reporters may think that by turning the encryption on when using Gmail or Hotmail they are protecting their source.

But the ISP serving Deccan Herald is obliged by the license terms to log all traffic be it broadband, dial-up or mobile users passing through it. Again, there are no clear guidelines on when to delete these logs and none of the Indian ISPs publicly publish a data retention policy. Besides retaining data, the ISPs have to install real-time surveillance equipment within their network infrastructure and make them available for government officials. If a government official wants to track who is talking to Deccan Herald reporters, he just has to ask.

With ISPs and online service providers – all the police have to do is send an information request under Section 92 of the Code of Criminal Procedure. In other words, they don't even have to bother about a court order. Between January 2010 to June 2010 Google received 1,430 information requests from India. Many other companies, for example, Microsoft, are not as transparent as Google about the state surveillance. So we will never know what they are subjected to.

If the whistle-blower was using Blackberry, all traffic would be transferred from the device to the RIM's Network Operation Centre situated outside India in an encrypted tunnel before it travels onto the Internet. This prevents the government from learning which mail server is being used from the logs and surveillance equipment at the ISP premises. And that is why the government has been engaged in a five-year long public fight with RIM over access to Blackberry traffic.

Now, thanks to the IT Act, the government can demand the service providers, including RIM, to hand over the decryption keys by accusing any individual of a variety of vague offenses -- for example engaging in communication that is ‘grossly harmful’ or ‘harms minors in any way’ – under the IT Act. Refusal to hand over the keys is punishable with a jail term of three years.

Finally, imagine that an Indian enterprise is developing trade-secrets or handling trade-secrets on behalf of their international partners. This enterprise is using a VPN or virtual private network for confidential digital communication. As per the ISP license all encryption above 40-bit is only permitted with written permission from DoT along with mandatory deposit of the decryption key.

In the age of wire-tap leaks, only a miniscule minority of international business partners would trust the government of India not to leak or misuse the keys that have been deposited with them. Most individuals, SMEs and large enterprises routinely use encryption higher than 40 bit strength. For example, Gmail uses128 bit and Skype uses 256 bit encryption. Many services use dynamic encryption, that is generate different keys for each session.

So far I have not heard of anyone who has actually secured permission or deposited the keys. In other words, the Indian enterprise has two choices – either break the law to protect business confidentiality or obey it and lose clients.

The IT Act (Amendment 2008) and its associated Rules, notified in April this year are a massive expansion of blanket surveillance on ordinary, law-abiding Indians. They represent a paradigm shift in surveillance and a significant dilution in privacy protections afforded to citizens under the Telegraph Act.

This has terrifying consequences for our plural society, free media and businesses. Department of Information Technology in particular Dr. Gulshan Rai's office has so far only brushed aside these concerns and denied receiving feedback from the industry and civil society. If our media continues to ignore this clamp down on our civil liberties, we will soon have to furnish ID documents before purchasing thumb drives. After all, Bin Laden was found using them in his Abbottabad home.

Read the original here

For more details visit http://editors.cis-india.org/internet-governance/blog/big-brother-watching-you

We are anonymous, we are legion

sunil — 2012-03-21T09:38:56Z

Online anonymity is vital for creativity and entrepreneurship on the Web, writes Sunil Abraham. The article was published in the Hindu on April 18, 2011.

During his keynote at the International World Wide Web Conference recently, Sir Tim Berners-Lee argued for the preservation of online anonymity as a safeguard against oppression. This resonated with his audience in Hyderabad, given the recent uproar in the Indian blogosphere and twitterverse around the IT Act (Amendment 2008) and the recently published associated rules for intermediaries and cyber cafes.

Over time, there has been a dilution of standards for blanket surveillance. The Telegraph Act allowed for blanket surveillance of phone traffic only as the rarest of exceptions. The IT Act and the ISP licence on the other hand, authorise and require ISPs and cyber cafes to undertake blanket surveillance as the norm in the form of data retention. The transaction database of the UID (Unique Identification Number) project will log of all our interactions with the government, private sector and other citizens; all these are frightening developments for freedom of expression in general and anonymous speech in particular.

Anonymous speech is a necessary pre-condition for democratic and open governance, free media, protection of whistle-blowers and artistic freedom. On many controversial areas of policy formulation, it is usually anonymous officials from various ministries making statements to the press. Would mapping UIDs to IP address compromise the very business of government? A traditional newspaper may solicit anonymous tips regarding an ongoing investigative journalism campaign through their website.

Would data retention by ISPs expose their anonymous sources? Whistle-blowers usually use public Wi-Fi or cyber cafes because they don't want their communications traced back to residential or official IP addresses. Won't the ban on open public Wi-Fi networks and the mandatory requirement for ID documents at cyber cafes jeopardise their safety significantly? Throughout history, great art has been produced anonymously or under a nom de plume. Will the draft Intermediary Due Diligence Rules, which prohibits impersonation even if it is without any criminal intent, result in artists sanitising their art into banality?

Anonymous speech online is facilitated by three forms of sharing — shared standards, shared software and shared identities. Shared or open standards such as asymmetric encryption and digital signatures allow for anonymous, private and yet authenticated communications. Shared software or Free/Open Source Software reassures all parties involved that there is no spy-ware or back door built into tools and technologies built around these standards.

Shared identities, unlike shared software and standards, is a cultural hack and, therefore, almost impossible to protect against. V for Vendetta, the graphic novel by Alan Moore gives us an insight into how this is could be done. The hero, V, hides his identity behind a Guy Fawkes mask. Towards the end of the novel, he couriers thousands of similar masks to the homes of ordinary citizens.

In the final showdown between V and the oppressive regime, these citizens use these masks to form an anonymous mob that confuses the security forces into paralysis. Shared identities online therefore, is the perfect counterfoil to digital surveillance.

As Dr. Berners-Lee spoke in Hyderabad, the Internet Rights and Principles Dynamic Coalition of the Internet Governance Forum released a list of 10 principles for online governance at the meeting convened by the UN Special Rapporteur on Freedom of Expression in Stockholm.

The fifth principle includes “freedom from surveillance, the right to use encryption, and the right to online anonymity”. One hopes that Gulshan Rai of CERT-IN will heed the advice provided by his international peers and amend the IT Act rules before they have a chilling effect on online creativity and entrepreneurship.

Read the article originally published in the Hindu, here

For more details visit http://editors.cis-india.org/internet-governance/blog/online-anonymity

Wherever you are, whatever you do

sunil — 2012-03-21T10:12:05Z

Facebook recently launched a location-based service called Places. Privacy advocates are resenting to this new development. Sunil Abraham identifies the three prime reasons for this outcry against Facebook. The article was published in the Indian Express on 23 August, 2010.

Privacy activists are up in arms again, at Facebook’s recent launch of a new location-based service called Places. But what’s the new issue here? For years, telecom operators have been able to roughly locate you by triangulating the signal strength between the three nearest cell towers. In India, geo-location is part of the call logs maintained by the operator. That is how the police was able to determine that Bangalore resident Sathish Gupta killed his wife Priyanka. He took her mobile with him during a jog with his friend and then faked a phone call as an alibi. He knew that the time-stamps on the call logs would corroborate his lies. But the location-data nailed him. So, in short, the state and telecom operators know where you are even if you don’t have a smartphone with GPS support.

For those who can afford it? GPS support provides greater accuracy and reliability, independent of telecom signal strength. The immediate and future benefits are huge. For parents, MyKidIsSafe.com, allows them to create a geo-fence and receive automatic notification when the child leaves the safety zone. In combination with RFID, businesses are able to provide their customers with accurate updates regarding status of deliveries. The Karnataka police is able to verify that the police inspector issuing the challan using a Blackberry for a traffic violation is not doing it from home. Seven hundred and fifty thousand gay men from 162 countries use a geo-social network called Grindr to find love. In the future, most car-pooling services will be GPS-enabled. Geo-location-based crowd-sourcing will be used to predict and avoid traffic jams by measuring the density and velocity of mobile phones on various routes.

Privacy advocates worry that after helping the police solve crimes and fight terrrorism, telecom companies retain the logs instead of deleting, anonymising or obfuscating them. Especially so in India, given the lack of privacy laws, telecom operators, web and mobile service providers could retain the logs for customer profiling or worse still, sell the raw data or analysis to third parties. Cyber-stalkers, child molesters and rapists benefit. Cat burglars will know when you are away and be able to clean out your house in a more relaxed fashion. Geo-surveillance by a state, obsessed with terrorism, will have negligible benefits while extracting a huge social cost and significantly undermining national security.

So why this particular outcry against the world’s most successful social networking website? There are three reasons that come immediately to mind. First, Facebook has a terrible record with privacy. In the last five years, the default settings have moved from one where no personal data was available for anonymous access to one with anonymous access to everything except birthday and contact information. And these are settings that affect the majority of the half a billion people who don’t bother changing default settings. So there is no guarantee that Facebook will not get more intrusive with its default geo-location privacy settings.

Second, a friend can geo-tag you without requiring you to approve or confirm this. Once you are geo-tagged, all your common friends will be notified through the friend-feed system. This is similar to the current system of photo sharing. A friend can upload a inappropriate photograph and tag you almost instantly all your work-mates who also happen to be your Facebook friends get a notification via the feed. Of course, you can always untag the photo, change the settings and defriend the culprit but by then the damage is usually done.

Third, the Facebook user-interface for privacy settings is notoriously complex and cumbersome. Many users will think that they have managed to bolt down the security settings when in fact their personal data will remain all up for grabs. The half a million third-party products available today on the Facebook platform only compounds this problem.

Read the original in the Indian Express

For more details visit http://editors.cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do

Does the Government want to enter our homes?

sunil — 2012-03-21T10:12:40Z

When rogue politicians and bureaucrats are granted unrestricted access to information then the very future of democracy and free media will be in jeopardy. In an article published in the Pune Mirror on 10 August, 2010, Sunil Abraham examines this in light of the BlackBerry-to-BlackBerry messenger service that the Government of India plans to block if its makers do not allow the monitoring of messages. He says that civil society should rather resist and insist on suitable checks and balances like governmental transparency and a fair judicial oversight instead of allowing the government to intrude into the privacy and civil liberties of its citizens.

What? Me worry about the blackberry imbroglio?
If Pierre Trudeau were alive today, he would feel similarly about the Canadian innovation that is making news these days. But, given the Indian media's objective take on the ongoing BlackBerry tussle, one would assume that the media is unaffected.

Many internet observers say that the very future of democracy and free media is at stake. If rogue politicians and bureaucrats are able to eavesdrop on the communications of media houses, wouldn't that sound the death knell for sting operations, anonymous informants and whistle-blowers?

And, consequently, free press and democracy? How can the media keep its calm when one of the last bastions of electronic privacy in India is being stormed?

Isn’t this a lost cause already?
Perhaps, our reporters and editors have remained complacent, because they do not want to swim against the tide. After all, governments across the world have used excuses like cyber-terrorism, organised crime, pornography, piracy etc. to justify censorship and surveillance regimes.

The priveleged access that the governments of India, Saudi Arabia and UAE are demanding has already been provided to the governments of USA, Canada and Russia, for example.

We don't know how much they know about us!
The average reader might not be aware of the access that the Indian government has to his/her personal information.

To be clear, the Indian government, like most other governments, is able to intercept, decrypt, monitor and record sms and voice call traffic by working in partnership with ISP and Telecom operators.

This is legalised through ISP licence agreements, which requires ISPs to provide monitoring equipment that can be used to by various law enforcement and intelligence agencies. There is no clear policy on data-retention policies.

Industry insiders say that SMS messages, telephone call logs, email headers, and web requests are archived from anywhere between three months and a year.

Do these ISPs and telecom operators then delete, anonymise or obfuscate this data? Or do they they retain it for posterity for market research?

In the absence of a privacy law — the Indian citizen can only make intelligent guesses.

Encryption is our friend
As a student, when I passed a love note to my lady-love in class, I would use a symmetric key encryption scheme.

She would use the same key as I did to unencrypt the machine, ie, substituting the alphabet with the next/previous one.

If someone was able to intercept the key, then all communication between us in both directions would be compromised.

Asymmetric key encryption solves this problem by giving both parties two keys — a public key and a private key. I would use my lady-love’s public key to encrypt a message meant for her.

Only she would be able to unencrypt the message by using her private key. The size of the key — 40bit, 128bit, 256bit etc. determines the strength of the encryption.

The more bits you have, the longer it will take for someone to break through using a brute force method. The brute force method or dictionary method is when you try every single combination —just as you would with an old suitcase.

The time taken also depends on computing resources — whether you are a jealous boyfriend, or the FBI, or a corporation like Google. These days, governments depend on corporations for hardware and network muscle.

How does Blackberry encrypt differently?
Other smart phone providers like IPhone and Nokia make email and Internet traffic transparent to the ISP and telecom operator, making it easy for governments are able to keep track of Internet users on mobile phones just as they monitor dial-up or broadband users.

Most mobile services come with a basic encryption. Blackberry is different because it introduces an additional level of encryption, and then routes traffic either through corporate servers or through its own servers in Canada and other parts of the world.

The fact that information is routed thus can pose a threat to the Indian government, if officials are using Blackberries to exchange highly classified information.

Then, GoI could be worried if western intelligence agencies are eavesdropping.

How will this end? Will Blackberry leave?
Blackberry has never exited a country, because in the end it has prioritised consumer privacy over commercial compulsions. For example Blackberry has now ‘resolved’ security probwith Saudi Arabia.

I don’t think we should worry about deals or compromises. However, this is not to say that Blackberry should not be applauded.

They have taken a public stand against unrestricted governmental access to their clients’ information; one should always applaud corporates who fight hard for privacy and civil liberties.

What the Blackberry dilemma is showing us is the social cost of the electronic Big Brother will be steep, as it should be.

To protect citizens’ rights, civil society must resist and insist on suitable checks and balances like governmental transparency and fair judicial oversight.

Read the article in Pune Mirror

For more details visit http://editors.cis-india.org/internet-governance/blog/government-enter-homes

Facebook, privacy and India

sunil — 2013-09-26T11:40:00Z

Does Facebook's decision to open out user information and data to third party websites amount to an invasion of privacy and should users' seriously consider getting out of the site? Sunil Abraham doesn't think so.

Even if you aren’t a Facebook user (and most likely than not you are), chances are that you’ve at least heard that there are problems related to privacy settings on the site. The net has been abuzz with indignation over a decision by Facebook to open out user information and data to third party websites. A number of high profile Facebook users (and many more low profile ones) completely deactivated their accounts after the changes were announced by Founder and Chief executive Mark Zuckerberg and critics immediately pointed out that users were losing control of their personal information.

There have been a slew of articles condemning the move, and highlighting “dramatic” changes to the sites privacy policy. Most alarming perhaps being this slideshow compiled by Matt McKeon.

All these are legitimate concerns, but how worried should we be really? Should you be seriously considering getting off the site? “As long as you are a little smart about what you upload on Facebook, there is no need to do anything as drastic as deleting your account”, says Sunil Abraham the executive director of the Centre for Internet & society, based out of Bangalore. Abraham said that the issue has shown people the risk of uploading certain types of photographs and content on to the net, but most importantly highlights the need for a privacy commission in India.

“The EU has a commission which makes certain directives to sites like Facebook from time to time, which are then adhered to. India should also seriously consider setting up a similar commission, he said.

Facebook has mantained that its privacy settings are prominently displayed and can be easily accessed by users. But critics say that it is much too long and convoluted. The BBC reports that the policy in its current form has 50 different settings, 170 options and runs to 5,830 words, making it longer than the US Constitution. And the sheer volume of outrage has prompted a rethink of the privacy policy by Facebook, which since held an internal meeting to discuss the affair.

Abraham agrees that the issue of privacy is a complex one, but noted that the definition of what constituted “privacy” varied from culture to culture. “In India, it is perfectly normal for someone to ask someone else how much they earn, while such a question would be completely outside the boundaries of propriety in most Western countries”, he said. The issue with Facebook, he says, is that its desicion to change its privacy settings was tantamount to a breach of contract. “People who joined Facebook did so because they were comfortable with the settings and regulations available on the site. For Facebook to suddenly change that violates the spirit of that contract”, he said.

Meanwhile the founder and chief executive of Facebook Mark Zuckerberg has written an article in the Washington Post today directly addressing issues relating to privacy controls on the popular social networking site.

“The biggest message we have heard recently is that people want easier control over their information. Simply put, many of you thought our controls were too complex. Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark,”said Zuckerberg.

Read the article in Livemint

For more details visit http://editors.cis-india.org/news/facebook-privacy-india

Sense and censorship

sunil — 2012-03-21T10:15:15Z

Sunil Abraham examines Google's crusade against censorship in China in wake of the attacks on its servers in this article published in the Indian Express.

Some believe that Google’s co-founder Sergey Brin’s memories as a six-year-old in the former Soviet Union has inspired Google’s crusade against censorship in China. However, as Siva Vaidhyanathan, author of upcoming book The Googlisation of Everything, notes in a recent blog post — this “isn’t a case of Google standing up for free speech....but about Google standing up against the attacks.”

He was referring to the attacks on Google’s servers that originated from China mid-December last year. Anyone running a multi-billion dollar enterprise online would be well attuned to the security threats posed by anarchists, crackers, spammers and phishers on a daily basis. So what made the recent Google attacks so special? According to Google, intellectual property was stolen and two human-right activists accounts were compromised during the attack. So which was the straw that broke the camel’s back — intellectual property or human rights? Google could have spoken out against censorship years ago — after all it still censors search results in more than 20 countries, including India. Although there is no official channel or protocol guiding censorship practices in India, Google is regularly contacted by government officials and continues to delete web content deemed sensitive according to various ethnic, political and religious groups. Human rights activists note that Google offers some token resistance and then usually complies with the state’s demands. Google’s deputy general counsel, Nicole Wong, justifies her cooperation with the authorities citing the Indian way of torching buses during riots. Therefore it is odd that the US government endorses Google’s selective idealism in China. One week after the attacks, Hillary Clinton decided to lecture the world on Internet freedom. Then, Google and the National Security Agency announced a collaboration to deal with future cyber-attacks. This was followed by Google honouring female bloggers in Iran, forcing cyber-ethnographer, Maximilian Forte to wonder on Twitter, “Is it just me, or is Google consistently joining the causes of the US State Department?” How is Google’s move, and recent White House support for a “free web”, to be understood? How is Google’s move consistent with the Obama administration’s goal of protecting US business interests across the globe? Such questions may tell us why Google is picking a fight with China rather than Saudi Arabia or Burma. The recent privacy disaster incited by the release of Google’s new social networking application Buzz became yet another occasion when many began to doubt Google’s high rhetoric about freedom of expression. When Buzz first made the social connections of Gmail users public without their consent, blogger Evgeny Morozov questioned the company’s logic in protecting the email accounts of Chinese human rights activists (ie, when they are happy to tell the rest of the world who those activists are talking to). According to Morozov, Google has only managed to capture 30 per cent of the Chinese search market, and he believes that Google was willing to sacrifice this market for some much need needed positive PR given after a storm of bad press after projects like Buzz and Wave.

It is clear that Google will have to fight such pressures towards greater control of the internet across the globe, China being no great exception. This week, Google and Yahoo have come out strongly in opposition to Australia’s plan to implement a mandatory ISP filter. Sometimes, a particular form of censorship serves a useful and necessary purpose — for example, Google and Microsoft were forced by the Indian Supreme Court in September 2008 to stop serving advertisements for do-it-yourself foetus sex determination kits. Given our daughter deficit, I would not have it any other way. However, in Thailand, such filtering takes the form of overly expansive lèse majesté laws which force ISPs to reveal details of individuals posting content deemed insulting to the monarch, Bhumibol Adulyadej — this practice leading to self-censorship and over-moderation on forums and mailing lists in Thailand.

Also, soon as traffic was redirected from Google.cn to Google.com.hk, Google advised its enterprise customers in China to use VPN (virtual private networking), SSH (secure shell) tunneling, or a proxy server to access Google Apps. These are circumvention technologies of choice for many Chinese cyber-activists, says Rebecca McKinnion, founder of Global Voices Online. In her recent congressional submission, she also points out that in China, online defiance has a very different history, perhaps best illustrated by the Mud Grass Horse Internet meme which was an obscene pun on a government media campaign aimed at national unity and harmony. In China, aesthetics rather than technology is the primary tool for subversive political speech. Also like in Burma and Saudi Arabia, offline piracy and pirated satellite television ensures that most citizens are able to access censored content. And the average Chinese netizen cannot tell the difference between Google censoring its own results and the Great Firewall censoring Google. Google’s recent actions has very little real impact on the state of censorship in China.

For original article in the Indian Express

For more details visit http://editors.cis-india.org/internet-governance/blog/sense-and-censorship

Wiki's worth, on a different turf

sunil — 2012-10-23T08:33:56Z

An Indian duo–a programmer and a mathematician–have developed a tool to expose anonymous writers and cleanse Wikipedia of rogue editors

Bangalore-based Kiran Jonnalagadda, a Web programming guru, and Hans Varghese Mathews, a mathematician, are the new entrants to the emerging field of Wikipedia research. The duo is credited with building Wiki Analysis, a tool that helps researchers understand the growing phenomenon of astroturfing, the practice of faking grass-roots support on Wikipedia and other websites. Wikipedia is the first Google result for most searches and this has made it a popular destination for those trying to manipulate public opinion on the Internet. Corporations, governments and even pop artists have been caught astroturfing in the past.

Jonnalagadda and Mathews are among 34 researchers from 17 countries attending a two-day conference in Bangalore, WikiWars, which is concluding today. WikiWars is taking a fresh look at many different aspects of the world’s biggest encyclopaedia, the sixth most popular website on the Internet.

The first generation of astroturfing on Wikipedia has been, thus far, largely unsophisticated, with little attention paid to covering up digital evidence. Remember the campaign Avril Lavigne’s fans launched last year that turned her music video Girlfriend into the most viewed clip on YouTube? Wal-Mart Stores Inc. contracted its public relations firm Edelman to maintain a fake website called “Working Families for Wal-Mart”. They pretended to be ordinary citizens who opposed the views of the firm’s labour union.

It is well known that platforms such as Twitter and Facebook, with opaque management procedures, are susceptible to astroturf campaigns. Supporters of open licensing and peer production have always held that Wikipedia and other community-managed platforms are protected thanks to their transparency in policies and practices. But as far as Wikipedia researchers are concerned, the jury is still out.

Microsoft tried to pay technology blogger Rick Jelliffe to work on Wikipedia connected to OOXML (Office Open XML) during the ISO (International Organization for Standardization) approval process in an attempt to influence the global vote. OOXML was the new file format for MS Office documents that urgently needed approval to check the growing popularity of Open Office. A user called “Ril_editor”, active between September 2007 and May 2008, who claimed to be working out of Reliance Industries Ltd’s chief Mukesh Ambani’s offices, tried to expunge pages connected to negative publicity about Reliance. Scientologists were blocked by Wikipedia’s arbitration committee when they were found trying to systematically undermine Wikipedia’s NPOV (neutral point of view) policy. NPOV is Wikipedia’s particular spin on non-partisanship, providing equal space to all opinions. However, some Wikipedia researchers such as Geert Lovink, head of the Institute of Network Cultures, Amsterdam, and co-organizer of the WikiWars conference, believes that the dominance of English and textual citation requirements has meant that NPOV is never translated into practice.

An American team based out of the Santa Fe Institute, US, has developed WikiScanner, a public database of IP addresses that helps reveal the organizations behind anonymous edits on Wikipedia. WikiScanner has been used to expose the US Central Intelligence Agency’s manipulation of pages. WikiScanner doesn’t yet work for edits by authenticated users. The WikiScanner team has also developed another tool called Potential Sock Puppetry, which exposes those who use multiple user accounts from the same IP address. However, both tools could be circumvented by purchasing multiple data cards or getting people to work from public access points such as coffee shops and cyber cafés.

It is this gap the Indian duo’s tool tries to plug. The first version of their Wiki Analysis tool clusters users into potential lobbies based on the pages they edit within a date range. The tool’s next version will cluster users into lobbies based on the words they consistently add and delete across pages. Says Jonnalagadda, “Wikipedia is now close to a decade old and has many articles that have existed since its earliest days and have been edited by thousands of individuals.” It is now the primary encyclopaedic destination for Internet users, and that makes it a ripe target for astroturfing. At no point in the history of human civilization have so many collaborated over so long to produce one canonical document on any article of human knowledge.

“Wikipedia users rarely bother to check how a page was edited, but that information is all there, available to anyone who cares to look. We’re building the tools to help make sense of it,” Jonnalagadda says. Once Wiki Analysis is ready, you will be able to check if, for example, the editors of the climate change page on Wikipedia are more interested in ecology or energy.

Original article on Livemint

For more details visit http://editors.cis-india.org/news/wiki-worth-different-turf

When Whistle Blowers Unite

sunil — 2012-03-21T10:17:48Z

Leaking corporate or government information in public interest through popular Web service providers is risky but Wikileaks.org is one option that you could try out.

Leaking corporate or government information in public interest in the age of Satyam has new challenges. You couldn't just upload it to a blog, social networking website or even a document management system like Google documents. Google, Yahoo and most other Web service providers nearly always comply with the national law and cooperate with enforcement agencies. In India there have been several arrests in connection with alleged illegal email messages and content on social networking websites. It did not take court order – just a request from the local police station. Furthermore, you would have to undertake additional risky activity online to draw media attention to your documents. Also those who stand to lose from the leak can send a couple of copyright take down notices which will lead to deletion. So your only real option is Wikileaks.org, where they boast: Every source protected. No documents censored. All legal attacks defeated.

Launched in December 2006, Wikileaks.org stands alone on the Internet as the last refuge for the truth. Even though the promoters are European and US academic organisations, journalists and NGOs – a near neutral point of view is realised by sparing no one across the political and ideological spectrum. It is the archive of the whistle-blowers of the world and it is ugly: login information and private emails of a holocaust denier, secret documents from the Church of Scientology, Internet block-lists from Thailand and standard operating procedures for US guards at Guantanamo Bay, et cetera. One could safely assume that these guys have very few friends. Unlike Wikipedia.org whose technology it employs, Wikileaks does not have an open and participatory editorial policy. It accepts documents through a trusted journalist–source system.

Leaking controversial documents can result in loss of job, limb and life, so extreme caution is always advised. Remember that India still does not have laws protecting whistle blowers, in spite of a bill being introduced in 2006. What follows is only a very rough guide to digital whistle blowing, so please get expert advice before you try these at home:

Download and install military grade encryption software like Pretty Good Privacy. Generate a pair of keys – a public and a private one. Use your private key in combination to a journalist's public key to send him or her, a 'for your eyes only message' email. Only the journalist will be able to decrypt the message using your public key and his private key. Note however, that an Indian court under the 2008 amendment of the IT Act can ask you to disclose your key-pair.
Step outside. Working from home is a bad idea since DOT mandates that all ISPs retain logs for all users and for all services utilized for an indeterminate time-period. Office is still worse as your network administrator might be also logging your activities.
Find an anonymous public access point. Cyber-cafes, especially in New Delhi, Maharashtra, Karnataka and Tamil Nadu are asking users to provide identity cards and record contact details and in some cases web-cam photographs as well. Using your laptop in a coffee shop may work but DOT is considering cracking down on open wifi networks.
Use an anonymizing service so that the chain of digital evidence leading up to Wikileaks is obliterated. TOR is the anonymizing solution of choice. Several TOR servers that provide private tunnels across the Internet work in unison, to form a cloud of anonymity.

If you were leaking large amounts of data, uploading it may be too risky. Burn the data on DVDs and mail them to Wikileaks. However, do ensure that all digital files have been purged of personal information. For word files this can be done by converting to PDF. Also you may not want to leave any finger-prints on the package. India will soon have a database of finger prints thanks to the National Unique Identity (NUID) project. We know this thanks to the leaked NUID project document on Wikileaks.org, days before the consultation.

For more details visit http://editors.cis-india.org/internet-governance/blog/whistle-blowers-unite

Open Standards

sunil — 2010-01-11T10:52:24Z

The Centre for Internet and Society promotes Open Standards, i.e., standards that are technically and legally free to study, free to use, developed and managed in an open manner, with a complete implementation available to all. Open standards help all -- government and citizens, industry and consumers -- by allowing greater interoperability and choice (since they are necessary for free and open source software), greater competition, reduction in costs, and greater long-term reliability. As part of our work on Open Standards, we have been providing the comments to the Indian government's Draft National Policy on Open Standards for e-Governance, and have been working as a member of the Dynamic Coalition on Open Standards at the UN-sponsored Internet Governance Forums.

For more details visit http://editors.cis-india.org/openness/publications/standards

Software Patents

sunil — 2010-01-11T09:51:40Z

Software patents are a potent threat to both open standards as well as FOSS. While in India, pure software patents (i.e., a patent over a "computer programme per se") is not allowed, still software patents are to be reckoned with. The draft patent manual prepared by the Patent Office in 2008 seemingly goes against section 3(k) of the Patents Act, and allows partially for software patents. Further, the Patent Office sometimes incorrectly grants software patents, even though the same is prohibited by the law.

For more details visit http://editors.cis-india.org/openness/publications/software-patents

Newspapers should empower citizen journalism

sunil — 2012-10-23T08:47:50Z

A single content-management system can be used to publish highly-targeted and customised content. Sunil Abraham, director, Centre for Internet and Society (CIS India), believes traditional newspapers should expose their primary research databases such as photos, video and audio recordings, and documents to the public using web technologies.

With every generation of technology, businesses are affected and have to reinvent themselves along with their business models. Today, this is very true of traditional newspapers and the Internet. To begin with, there is the opportunity and threat presented for traditional media by the rise of citizen journalists. Given the penetration of mobile phones, and the emergence of micro-blogging services like Twitter, it is possible for ordinary citizen to create press-worthy reportage.
Some initial experiments like Scoopt.com, Spy Media and Cell Journalist, which allowed citizen journalists to sell content to traditional media, have, by and large, failed, but I am certain there will be many commercial and non-commercial services emerging in this area, like — Demotix.com.

Demotix currently has 8,300 reporters from 110 countries. The second opportunity is the plurality of delivery mechanisms available, thanks to digital technologies. A single content-management system can be used to publish highly targeted and customised content across several digital technologies such as SMS, GPRS, Twitter, RSS, Email, HTML, etc. Some of these formats like LATEX and PDF allow readers to print out personalised individual and institutional newspapers.

Most of these technology options are not exercised because of the conservatism of the marketing departments. Those responsible for collecting advertisement revenues and maintaining sales target keep asking 'how can we monetise that piece of content'. Their traditional business model only allows them to target subscribers and advertisers.

Once they account for their role in public attention aggregation and bandwidth consumption they could try and generate income from Internet service providers and telecom operators.

The third opportunity is interactivity. These days, a story no longer ends when the ink hits the paper. That is only considered the beginning, and there is sufficient discussion today about the transformative role played by citizens on mailing lists, discussion forums, blogs and wiki, ensuring that the story continues. I would like to focus on the process before the story hits the press or the content-management system, especially those stories that need sustained investigation or exhaustive time-consuming research. I believe traditional newspapers should expose their primary research databases such as photos, video and audio recordings, and documents to the public using web technologies.

If this is done in a truly open and transparent manner, online volunteer energy will lend a much-needed shoulder to traditional journalism. As a consequence, the reader will be engaged even before the story.

Link to the original article (Page 12)

For more details visit http://editors.cis-india.org/news/newspapers-should-empower-citizen-journalism

Financial Speculation as Urban Planning

sunil — 2011-04-05T04:36:21Z

Talk by Prof Michael Goldman

A talk by Michael Goldman followed by an open discussion organised by a group of concerned citizens and the Centre for Internet and Society, about the roots of the US financial crisis and related dynamics in "world city" planning, such as that here in Bangalore.

Speaker Bio

Michael Goldman
Associate Professor
Dept of Sociology
Univ of Minnesota, Minneapolis, MN
McKnight Presidential Fellow

Interest Areas: Transnational, political, environmental, and development sociology; Sociology of knowledge and power; Transnational institutions (international finance, expert networks).

Current Research: Neoliberalism and its discontents; the making of a world city: Bangalore, India; “Water for All”/ water privatization policies; development and environment in North-South relations.

Recent Publications

“How ‘Water for All!’ Became Hegemonic: The Power of the World Bank and its Transnational Policy Networks.” 2007. Geoforum special issue on global water policy, 38(5): 786-800.
“Under New Management: Historical Context and Current Challenges at the World Bank.” 2007. Brown Journal of World Affairs, special issue on Wolfowitz’s Bank, Vol. XIII: 2, Summer 2007.
“El neoliberalismo verde.” 2006. Chapter in Las Politicas de la Tierra, Alfonso Guerra and Jose Felix Tezanos, eds. Madrid: Editorial Sistema.
Imperial Nature: The World Bank and Struggles for Social Justice in the Age of Globalization. 2005. New Haven, CT and London: Yale University Press. Yale UP paperback edition, 2006; India edition, Orient Longman Press, 2006; Japanese edition, Kyoto University Press, 2008.
“World Bank.” 2005. Entry in Encyclopedia of International Development, Tim Forsyth, ed., London: Routledge.
“Tracing the Routes/Roots of World Bank Power.” 2005. International Journal of Sociology and Social Policy, special issue on global water policy, 25(1/2): 10-29.
“The Birth of a Discipline: Producing Authoritative Green Knowledge for the World (Bank).” 2005. Chapter in Earthly Politics: Local and Global in Environmental Governance, Sheila Jasanoff and Marybeth Long, eds. Cambridge, MA: MIT Press.
“La tragedia della recinzione dei beni comuni.” 2005. Beni Comuni: Fra Tradizione e Futuro, Giovanna Ricoveri, ed., Rome: Editrice Missionaria Italiana.
“Eco-governmentality and Other Transnational Practices of a ‘Green’ World Bank.” 2004. in Liberation Ecologies 2nd ed. Richard Peet and Michael Watts, eds. London: Routledge.

For more details visit http://editors.cis-india.org/internet-governance/events/financial-speculation-as-urban-planning

Open Access Day celebrated in India

sunil — 2011-08-18T05:06:01Z

The Centre for Internet and Society, Bangalore and the Centre for Culture, Media and Governance co-organised joint celebrations of Open Access Day in Jamia Millia Islamia campus on the 14th of October 2008. Around 50 people attended the event from different departments in Jamia there were also some participants from the Indian Linux Users Group. CIS also published an Open Access flyer on this day featuring quotations from Sam Pitroda, MS Swaminathan, Peter Suber, Alma Swan, Frederick Noronha, Barbara Kirsop and Samir Brahmachari.

Speaking at Tagore Hall at Jamia Millia Islamia, Prof. Subbiah Arunachalam, pointed out that “there are over 25,000 scientific journals published in the world today but even the richest university in India cannot afford to subscribe to more than 1,200 journals. It is as though, Indian scientists and students are competing in a race with their legs bound.” Prof. Arunachalam called upon the student community to lobby for Open Access mandates for research outputs funded by tax-payers.Open Access is the principle that publicly funded research should be freely accessible online, immediately after publication. October 14, 2008 was the world’s first Open Access Day. The founding partners for this Day are SPARC (Scholarly Publishing and Academic Resources Coalition), Students for FreeCulture, and the Public Library of Science, USA. According to the Directory of Open Access Journals – India publishes 105 Open Access journals.

Speaking at the celebrations at Jamia, Dr. Zakir Thomas of Council for Scientific and Industrial Research (CSIR) traced the limited historical role that IPR has played in the development for drugs for Tuberculosis. Dr. Thomas is the project director of Open Source Drug Discovery (OSDD), a project of CSIR. The government of India has already committed Rs. 150 crores to the OSDD project which is targeting neglected diseases from developing countries. Dr. Thomas also introduced the OSDD project and spoke about alternative systems of incentives that are more appropriate in the academic community such as attribution, citation and collaboration – all closely linked career growth in an academic or university context.

Dr. Lynn, a professor at the Department of Bio-informatics at JNU and Dr. Bhardwaj Scientist CSIR introduced the OSDD web platform and pointed out to various improvements over existing methods of research. While in peer-reviewed papers readers are only provided with reference number when experiments are discussed – on the OSDD platform readers can access the complete experiment details, including data even for failed experiments. This is critical in reducing wastage of valuable resources and efforts in attempting to re-invent the wheel.

Dr. Bhardwaj pointed out that she was already collaborating with students from the Jamia Millia Islamia campus on her projects hosted on OSDD. She said that the open access and open source models gives rise to many new collaborations both at the local and international level. Dr. Bhardwaj also announced that two CSIR open access journals were being launched by Dr. Samir Brahmachari - Director General on the occasion of World Open Access day.

Prof. Arif Ali, Head Dept. of Bio-Technology, Jamia Milia Islamia who presided over the meeting spoke of the challenges faced by faculty and students in the Indian context. Some international journals demand Rs. 40,000 from the authors in spite of assigning copyright. He predicted that the open access movement will lead to more Indian authors being published and cited. He also hoped that open access would become a norm instead of a novelty.

Download Open Access Flyer

For more details visit http://editors.cis-india.org/openness/blog-old/open-access-day-celebrated-in-india

A2K3 Panel XI: Open Access to Science and Research

sunil — 2011-08-18T05:07:56Z

Prof. Subbiah Arunachalam participated in the third Access to Knowledge hosted by The Information Society Project (ISP) at Yale Law School between September 8-10, 2008, in Geneva, Switzerland. The conference held at the Geneva International Conference Centre brought together hundreds of decision-makers and experts on global knowledge to discuss the urgent need for policy reforms.

Original Article on A2K3 website

Download Subbiah Arunachalam's Paper

Audio file of Session on Open Access to Science and Research (Ogg, MP3)

Open access (OA) literature is digital, online, free of charge, and free of unnecessary copyright and licensing restrictions. Made possible by the internet and author consent, OA supports wider and faster access to knowledge. This panel featured Leslie Chan, of the University of Toronto; Subbiah Arunachalam of the M.S. Swaminathan Research Foundation and Global Knowledge Partnership; Eve Gray of the Centre for Educational Technology, UCT; and DK Sahu of Medknow Publications Pvt. Ltd. Peter Suber from the Yale Information Society Project and SPARC moderated this panel.

It’s a distant dream for most kinds of literature, where authors are unwilling to give up the revenue they currently earn from publishers. But it’s growing quickly for scholarly journal articles, where journals don’t pay for articles and authors write for impact, not for money. The result is a revolutionary opportunity to accelerate research and share knowledge. OA is especially important for researchers and medical practitioners in developing countries, where access to knowledge has been sharply reduced by four decades of fast-rising journal prices.

This panel will examine what universities and governments can do to promote OA, with a special focus on medical research and health information. Among the models discussed will be peer-reviewed OA journals, OA repositories, the WHO’s Health InterNetwork Access to Research Initiative (HINARI), and the new policy from the U.S. National Institutes of Health requiring NIH-funded researchers to deposit their peer-reviewed manuscripts in an OA repository.

The questions to be addressed will include:

How do access barriers slow research in developing countries? How does OA remove those barriers?
What can universities do to promote OA?
What can governments, and public funding agencies, do to promote OA?
What special challenges do developing countries face in providing OA?
What are some concrete examples of successful OA policies and projects in developing countries?
Why is OA a critical issue for policy-makers concerned with public health, scientific innovation, and higher education?
How does OA accelerate the advance and spread of knowledge in medicine as well as in other disciplines?
How can OA promote the work of researchers in developing and transitional countries, both as readers and as authors?

PETER SUBER

OA literature is digital, online, free of charge, free of needless copyright
OA is compatible with peer review, copyright, revenue and profit, print, preservation, prestige
3622 peer-reviewed OA journals, 1220 OA repositories, 22 university OA mandates (15 countries), 27 funding agencies OA mandates (14 countries)
Part of the problem: journal prices have risen 4 times faser than inflation since mid-1980s. Indian institute of science is the best funded research library in india providing access to 10600 serials.
Harvard has 98990
Yale has 73900
Average ARL library = 50,566
U of Witwatersrand = 29,309
U of Malawi = 17000 ejournals, 95 print
The case for OA is especially strong for publicly funded research, medical research, research from developing countries

SUBBIAH ARUNACHALAM

Why do we needopen access to science?
Science as Knowledge commons
Created by researchers, a communal activity, science is about sharing, internet has opened new opportunities
Primary goal of science is the creation of new knowledge for the benefit of humanity
Emergence of open access – seeks to restore knowledge commons to creators. Movement, like everything else, is uneven
Physicists vs. chemists
UK, Netherlands and USA – have had many more successes
Brazil – doing very well – but China and India are not doing so well with open access
Restore the knowledge commons is to the community
This movement is like any other movement which is uneven
Developments in India

3.1% papers in chemical abstracts
30,000 papers a year indexed in SCI
Problems of Access and Visibility

New Developments:

Consortia – able to provide a lot of journals
open courseware
arXiv

Problems: papers that are published are put in inaccessible journals, and people in global South laboratories would be unable to access this knowledge. The Government gives the money but the research then ends up flying out
The policy front:

Individual efforts
National Knowledge Commission has recommended OA
Number of institutional repositories
Need advocacy and training programmes
Action missing from key players

Some individuals are doing a great job and putting all their materials online
Medical information and developing countries

No nation can afford to be without access to S&T research capacity
Neglected diseases are not a priority for pharmaceutical companies
HINARI – any country that has per capita less than $1000 is eligible

DK SAHU

Infectious diseases (chikungunya goes Italian)
Non-infectious diseases (india becoming global hub for diabetes)
Industry effects (how safe are clinical trials)
Several examples (such as MedKnow, Journal of Postgraduate Medicine) of free access to no-fee journals.
A journal from India has the most visits from London
A journal called International Journal of Shoulder Surgery but visitors are from Melbourne
More original research articles, 40+ articles in 2005 vs. 160+ articles in 2008 in IJU, more issues per year for journals, check on scientific misconduct, international recognition (11 journals in SCI in 2 years)
Going online increases citations – this is an open access advantage
Scientific output of new economies: medicine
Open access publishing is not alone sufficient – there are disappearing journals. Commercial publishers are taking over, there is a lack of continuity, non-interoperability/archiving
20-80 phenomenon (majority of journals are not OA)
Local journals are not preferred (high IF journals)

LESLIE CHAN

Role of Universities and Researchers
You need citations in order to advance in academia – if your papers get picked up and ripple throughout the research arena. What about policy impact?
“Impact factor” is evil. Open access was meant to counter the tyranny of impact factor, so OA journals should not try to battle it out in this arena.
Issues involve “big science” and “lost science”, research literature as infrastructure, integrating the gold and green roads to open access.
Institutional repositories and open access journals
There’s a lot of Big Science that costs a lot of money (like LHC)
But we have another big hole – the 10-90Gap. 10% of the global health research spending is allocated to diseases affecting 90% of the population
The G8 countries account for 85% of most cited articles indexed in ISI
The other 126 countries account for 2.5%
How much of these journals are relevant in terms of content?
We are operating with a dominant model of knowledge dissemination from the Center to the Periphery
We end up having “lost science” in the developing world because of that knowledge
Perpetuate the cycle of knowledge poverty in this way
African countries need to have in place appropriate mechanisms and infrastructure for training and exploitation of knowledge. This will enable them to make meaningful evidence based policy that pertains to local needs
Researchers in developing countries ranked access to subscription-based journals as one of their most pressing problems
HINARI: health sciences

108 countries, 1043 institutions, 5000 journals
Collaboration of >45 publishers: free or reduced-cost access to journals for developing countries
Others: eIFL.net, AGORA: agricultural sciences, OERE: environmental sciences, PERI
Dissemination through information philanthropy. http://libraryconnect.elsevier.com/lcp/1001/lcp100109.html

Open access: the solution to the “lost science”
Two routes to Open Access (OA) – open access journals and respositories
African health sciences: two years ago there was a n article published in this journal and authors found that over 50% of these drugs were substandard or fake. This got the local newspaper, and then BBC, and then other researchers started looking at it
Open Access repositories:
Institutionally-based (universities, etc) or subject-based (e.g. PubMet Central, arXiv.org)
Collect copies of articles published by the institutions researchers
Researchers themselves deposit knowledge
Benefits for authors (research output instantly accessible for all (higher impact)
Research output of international research community accessible to author
Partnerships/collaborative projects develop as a result
Career prospects advanced – publications noted by authorities
Opportunities for new research discoveries, data mining etc
Alternative impact assessment
Benefits for funding bodies: what has been discovered with our financial support? Was it a good investment?
Researchers have a moral and intellectual obligation to ensure that their research is accessible
Universities share a common goal and public mission advancement of knowledge for the betterment of human kind
Open access is key to the MDG

EVE GRAY

When we talk about open access, we talk about change and change delivery.
It’s not just intellectual property and copyright issues, but values, cultures, systems, practices, everything that underlie the process moving towards scientific research
We faced the biggest problem in facing change – we’ve seen a massive overhaul, of transformative reports, of leveraging the country into a different direction. Undoing the damage of apartheid and colonialism
What is meant by international? What is meant by local?
African knowledge for Africa: we need to rejuvenate, regenerate our own knowledge
SA: first heart transplant in the world. Have their own vaccines. Operate as a leading scientific country
Growing international competitiveness – publication is perceived as a matter of journal articles in international journals. Little or no support for publication in nationally-based publications
Much research output in grey literature, not easily findable or accessible
The Medicines and Related Substances Control Act, 2001
Research has to address the burning economic issues of a country
Things are changing…slowly
Support for open access publications
What needs to be done – open access journals are necessary.
Changing values and promotion systems – we have to somehow pick up on the vision of that vibrant African dance movement, translate this feeling
Providing support for publication efforts
Expand the range of publication outputs
Ensuring the social impact of research
There is a huge amount of research being pumped out and being printed out by NGOs
Great literature is almost inaccessible in universities
Could not access African journals – no access from their own countries or neighboring countries
Electric Book Works has manuals for health-care workers – manuals are very high-quality, out of University of Cape Town
Often forgotten that science information is necessary to trickle down, if everything is online, we can get things to trickle down
Harvard said: it is our duty to disseminate our research. Stanford: Caroline Handy – when you publish research, research for community use is part of the duty

For more details visit http://editors.cis-india.org/openness/blog-old/a2k3-panel-xi-open-access-to-science-and-research

Essay Competition for Software Freedom Day

sunil — 2011-08-18T05:02:02Z

The Free Software Users Group of Bangalore and the Centre for Internet and Society in collaboration organise an essay competition for schools and colleges in Bangalore on the topic of "Software Freedom"

For more details visit http://editors.cis-india.org/openness/blog-old/essay-competition-for-software-freedom-day