Centre for Internet and Society

Essay Competition

sunil — 2009-09-23T10:02:28Z

In partnership with Free Software User Group - Bangalore, the Centre for Internet and Society is organising a essay competition for school and college students from Bangalore. The last date for submitting entries is 8th November 2008. Three prizes of Rs. 3,000/- each are available for college students, and three 3 prizes of Rs. 1,000/- each are available for school students.

Poster and Cover Letter

Download an electronic copy of the poster and covering letter that has been sent to around 350 school and colleges in Bangalore city.

Process of Judging

Volunteers from the Free Software User Group will together constitute a committee that will anonymously and individual score all entries. The score will be consolidated across judges to determine the final winners.

Terms and Conditions

Copyright: The copyright of the essay will remain with the participant.
License: All submissions will automatically be considered licensed under Creative Commons Attribution 2.5 India License.
The collective decision of the judges will be considered final.

Rules

Participants must be bona fide students of a school or college in Bangalore.
The word limit for essays is 1200 words.
Essays can be submitted either in English or in Kannada.
Electronic submission should be in an Open Format [Text - .txt, Rich Text Format - .rtf, Open Document Format - .odt, Portable Document Format - .pdf]

Thanks

Free Software Users Group, Bangalore, for acting as co-organiser for the competition.
Renuka Prasad, Professor, R.V.College of Engineering for the concept, providing leadership and organising the databases of schools and colleges.
Anivar Aravind for providing advice and support.
Hiran Venugopalan, Engineering Student, for designing the poster.

For more details visit http://editors.cis-india.org/openness/blog-old/uploads/essay-competition

Dr. Zakir Thomas

sunil — 2008-10-31T09:33:44Z

For more details visit http://editors.cis-india.org/openness/blog-old/uploads/dsc_0388.jpg

Dr. Anshu Bharadwaj

sunil — 2008-10-31T09:38:40Z

Dr. Anshu Bharadwaj

For more details visit http://editors.cis-india.org/openness/blog-old/uploads/dsc_0393.jpg

Dr. Andrew Lynn

sunil — 2008-10-31T09:36:55Z

Dr. Andrew Lynn

For more details visit http://editors.cis-india.org/openness/blog-old/uploads/dsc_0384.jpg

Don’t SLAPP free speech

sunil — 2013-02-28T11:22:09Z

IIPM is proving adept at the tactical use of lawsuits to stifle criticism, despite safeguards. THE DEPARTMENT of Telecommunications, on 14 February, issued orders to block certain web pages critical of the Indian Institute of Planning and Management (IIPM).

Sunil Abraham's column with inputs from Snehashish Ghosh was published in Tehelka on February 3, 2013 (Issue 9 Volume 10)

Despite our best efforts, we have not managed to get a copy of the court order. Meanwhile, there has been a lot of speculation among Internet policy experts on Twitter. What is the title of the case? Which judge issued the order? Who is the affected party? Why have mainstream media houses like Outlook not been served notice by the court? Is the infamous Section 66A of the IT Act to be blamed? That is highly unlikely. News reports suggest that a lower court in Gwalior has issued an ad interim injunction in a defamation suit. Most experts agree that this is a SLAPP (Strategic Litigation Against Public Participation) suit, where a company uses the cost of mounting a legal defence to silence critics.

Bullies with deep pockets use the law in very creative ways, such as forum shopping, forum shifting and the use of proxies. Forum shopping can be best understood through the example of mining giant Fomento suing Goan blogger Sebastian Rodrigues for $1 billion at the Kolkata High Court, even though Goa would have been a more logical location. Though IIPM lost an earlier case against Careers360 before the Uttaranchal High Court, the offending URLs from that case are included in the latest block order, exemplifying successful forum shifting. The doctrine of ‘res subjudice’ does not permit courts to proceed in a matter which is “directly and substantially” similar to a previous suit between the same parties. Proxies are usually employed to circumvent this procedural doctrine.

Article 19(2) of our Constitution empowers the State to create laws that place eight types (depending on how you count) of reasonable restrictions on the freedom of speech and expression. One of these reasonable restrictions is defamation. Tort law on defamation in India has been mostly borrowed from common law principles developed in the UK, which include a series of exceptions where the law cannot be used. In the present context, the exceptions important for the IIPM case include: fair and bona fide comment and matter of public interest. In addition, Section 499 of the Indian Penal Code provides for 10 exceptions to defamation. The exceptions relevant to this case are: “first: imputation of truth which public good requires to be made or published”, “ninth: imputation made in good faith by person for protection of his or other’s interests” and “tenth: caution intended for good of person to whom conveyed or for public good”. The criminal law on defamation in India is based on robust legal principles, but for the sake of public interest it’d be best to do away with such a law as it has far-reaching, chilling effects on free speech.

On interim injunctions in defamation suits, the Delhi High Court set an important precedent protecting free speech in 2011. While applying the English principle — the Bonnard Rule — the court in Tata Sons Pvt Ltd versus Greenpeace International held that a higher standard should be adhered to while granting an interim injunction in a defamation suit, because such an injunction might impinge upon freedom of expression and thus potentially be in violation of the Indian Constitution. This century-old rule states that “until it is clear that an alleged libel is untrue… the importance of leaving free speech unfetter – ed is a strong reason in cases of libel for dealing most cautiously and warily with the granting of interim injunctions…”

In the same case, the Court rejected the argument that since it was published online and thus had wider reach and greater permanence, an injunction should be granted. It observed that “publication is a comprehensive term, embracing all forms and mediums — including the Internet”, thus ruling out special treatment for the Inter net in cases of defamation. That is good news for free speech online in India. Now let’s stick to it.

For more details visit http://editors.cis-india.org/internet-governance/blog/tehelka-sunil-abraham-feb-3-2013-dont-slap-free-speech

Does the Government want to enter our homes?

sunil — 2012-03-21T10:12:40Z

When rogue politicians and bureaucrats are granted unrestricted access to information then the very future of democracy and free media will be in jeopardy. In an article published in the Pune Mirror on 10 August, 2010, Sunil Abraham examines this in light of the BlackBerry-to-BlackBerry messenger service that the Government of India plans to block if its makers do not allow the monitoring of messages. He says that civil society should rather resist and insist on suitable checks and balances like governmental transparency and a fair judicial oversight instead of allowing the government to intrude into the privacy and civil liberties of its citizens.

What? Me worry about the blackberry imbroglio?
If Pierre Trudeau were alive today, he would feel similarly about the Canadian innovation that is making news these days. But, given the Indian media's objective take on the ongoing BlackBerry tussle, one would assume that the media is unaffected.

Many internet observers say that the very future of democracy and free media is at stake. If rogue politicians and bureaucrats are able to eavesdrop on the communications of media houses, wouldn't that sound the death knell for sting operations, anonymous informants and whistle-blowers?

And, consequently, free press and democracy? How can the media keep its calm when one of the last bastions of electronic privacy in India is being stormed?

Isn’t this a lost cause already?
Perhaps, our reporters and editors have remained complacent, because they do not want to swim against the tide. After all, governments across the world have used excuses like cyber-terrorism, organised crime, pornography, piracy etc. to justify censorship and surveillance regimes.

The priveleged access that the governments of India, Saudi Arabia and UAE are demanding has already been provided to the governments of USA, Canada and Russia, for example.

We don't know how much they know about us!
The average reader might not be aware of the access that the Indian government has to his/her personal information.

To be clear, the Indian government, like most other governments, is able to intercept, decrypt, monitor and record sms and voice call traffic by working in partnership with ISP and Telecom operators.

This is legalised through ISP licence agreements, which requires ISPs to provide monitoring equipment that can be used to by various law enforcement and intelligence agencies. There is no clear policy on data-retention policies.

Industry insiders say that SMS messages, telephone call logs, email headers, and web requests are archived from anywhere between three months and a year.

Do these ISPs and telecom operators then delete, anonymise or obfuscate this data? Or do they they retain it for posterity for market research?

In the absence of a privacy law — the Indian citizen can only make intelligent guesses.

Encryption is our friend
As a student, when I passed a love note to my lady-love in class, I would use a symmetric key encryption scheme.

She would use the same key as I did to unencrypt the machine, ie, substituting the alphabet with the next/previous one.

If someone was able to intercept the key, then all communication between us in both directions would be compromised.

Asymmetric key encryption solves this problem by giving both parties two keys — a public key and a private key. I would use my lady-love’s public key to encrypt a message meant for her.

Only she would be able to unencrypt the message by using her private key. The size of the key — 40bit, 128bit, 256bit etc. determines the strength of the encryption.

The more bits you have, the longer it will take for someone to break through using a brute force method. The brute force method or dictionary method is when you try every single combination —just as you would with an old suitcase.

The time taken also depends on computing resources — whether you are a jealous boyfriend, or the FBI, or a corporation like Google. These days, governments depend on corporations for hardware and network muscle.

How does Blackberry encrypt differently?
Other smart phone providers like IPhone and Nokia make email and Internet traffic transparent to the ISP and telecom operator, making it easy for governments are able to keep track of Internet users on mobile phones just as they monitor dial-up or broadband users.

Most mobile services come with a basic encryption. Blackberry is different because it introduces an additional level of encryption, and then routes traffic either through corporate servers or through its own servers in Canada and other parts of the world.

The fact that information is routed thus can pose a threat to the Indian government, if officials are using Blackberries to exchange highly classified information.

Then, GoI could be worried if western intelligence agencies are eavesdropping.

How will this end? Will Blackberry leave?
Blackberry has never exited a country, because in the end it has prioritised consumer privacy over commercial compulsions. For example Blackberry has now ‘resolved’ security probwith Saudi Arabia.

I don’t think we should worry about deals or compromises. However, this is not to say that Blackberry should not be applauded.

They have taken a public stand against unrestricted governmental access to their clients’ information; one should always applaud corporates who fight hard for privacy and civil liberties.

What the Blackberry dilemma is showing us is the social cost of the electronic Big Brother will be steep, as it should be.

To protect citizens’ rights, civil society must resist and insist on suitable checks and balances like governmental transparency and fair judicial oversight.

Read the article in Pune Mirror

For more details visit http://editors.cis-india.org/internet-governance/blog/government-enter-homes

Do You Want to be Watched?

sunil — 2012-03-21T09:11:45Z

The new rules under the IT Act are an assault on our freedom, says Sunil Abraham in this article published in Pragati on June 8, 2011.

Privacy is a necessary but not sufficient condition for security. A bank safe is safe only because the keys are held by a trusted few. No one else can access these keys or has the ability to duplicate them. The 2008 Amendment of the Information Technology (IT) Act and their associated rules notified April 2011 proposes to eliminate whatever little privacy Indian netizens have had so far. Already as per the internet service provider (ISP) license, citizens using encryption above 40-bit were expected to deposit the complete decryption key with the Ministry of Communications and Information Technology. This is as intelligent as citizens of a neighbourhood making duplicates of the keys to their homes and handing them over at the local police station. With the IT Act’s latest rules things get from bad to worse. (For an analysis of the new rules under the IT Act, see the In Parliament section of this issue).

Now imagine my daughter visits the neighborhood cybercafe, the manager would now be entitled to scan her ID document and take a photograph of her using his own camera. He would also be authorised to capture her browser history including unencrypted credentials and authentication factors. He would then store this information for a period of one year and provide them to any government entity that sends him a letter. He could continue to hold on to the files as there would be no clear guidelines or penalties around deletion. The ISP that provides connectivity to the cybercafe would store a copy of my daughter’s Internet activities for two years. None of our ISPs publish or provide on request a copy of their data retention policies.

Now suppose my daughter used an online peer-production like Wikipedia or social-media platform like MySpace to commit an act of blasphemy by drawing fan-art for her favorite Swedish symphonic black metal band. A neo-Pentecostal Church sends a takedown notice to the website hosting the artwork. Unfortunately, this is a fringe Web 2.0 platform run by Indian entrepreneur who happens to be a friend of yours. When the notice arrived, our entrepreneur was in the middle of a three-week trek in the Himalayas. Even though he had disabled anonymous contributions and started comprehensive data retention of user activity on the site, unfortunately he was not able to delete the offending piece of content within 36 hours. If the honourable judge is convinced, both your friend and my daughter would be sitting in jail for a maximum of three years for the newly christened offence of blasphemous online speech.

You might dismiss my misgivings by saying “after all we are not China, Saudi Arabia or Myanmar”, and that no matter what the law says we are always weak on implementation. But that is completely missing the point. The IT Act appears to be based on the idea that the the Indian public can be bullied into self-censorship via systemic surveillance. Employ tough language in the law and occasionally make public examples of certain minor infringers. There have been news reports of young men being jailed for using expletives against Indian politicians or referring to a head of state as a “rubber stamp.” The message is clear—you are being watched so watch your tongue.

Surveillance capabilities are not a necessary feature of information systems. They have to be engineered into these systems. Once these features exists, they could potentially serve both the legally authorised official and other undesirable elements. Terrorists, cyber-warriors and criminals will all find systems with surveillance capabilities easier to compromise. In other words, surveillance compromises security at the level of system design. There were no internet connections or phone lines in the bin Laden compound—he was depending on store and forward arrangement based on USB drives. Do we really think that registration of all USB drives, monitoring of their usage and the provision of back doors to these USBs via master key would have lead the investigators to him earlier? Has the ban on public wi-fi and the current ID requirements at cyber-cafes led to the arrest of any terrorists or criminals in India? Where is the evidence that resource hungry blanket surveillance is providing return on investment? Intelligence work cannot be replaced with resource-hungry blanket surveillance. Unnecessary surveillance distracts the security with irrelevance.

Increase in security levels is not directly proportional to increase in levels of surveillance. A certain amount of surveillance is unavoidable and essential. But after the optimum amount of surveillance has been reached, additional surveillance only undermines security. The multiple levels of data retention at the cybercafe, by the ISP and also by the application service provider does not necessarily make Indian cyberspace more secure. On the contrary, redundant storage of personal sensitive information only acts as multiple points of failure and leaks—in the age of Niira Radia and Amar Singh one does not have be reminded of authorised and unauthorised surveillance and their associated leaks.

Finally, there is the question of perception management. Perceptions of security does not only depend on reality but on personal and popular sentiment. There are two possible configurations for information systems—one, where the fundamental organising principle is trust or second, where the principle is suspicion. Systems based on suspicion usually gives rise to criminal and corrupt behavior. If the state were to repeatedly accuse its law-abiding citizens of being terrorists and criminals, it might end up provoking them into living up to these unfortunate expectations. If citizens realise that every moment of their digital lives is being monitored by multiple private and government bodies—they will begin to use anonymisation and encryption technology round the clock even when it is not really necessary. Ordinary citizens will be forced to visit the darker and nastier corners of the internet just to download encryption tools and other privacy enabling software. Like the prohibition, this will only result in further insecurity and break-down in the rule of law.

Read the original here

For more details visit http://editors.cis-india.org/internet-governance/blog/want-to-be-watched

Do we need the Aadhar scheme?

sunil — 2012-02-03T10:11:24Z

"Decentralisation and privacy are preconditions for security. Digital signatures don’t require centralised storage and are much more resilient in terms of security", Sunil Abraham in the Business Standard on 1 February 2012.

We don’t need Aadhar because we already have a much more robust identity management and authentication system based on digital signatures that has a proven track record of working at a “billions-of-users” scale on the internet with reasonable security. The Unique Identification (UID) project based on the so-called “infallibility of biometrics” is deeply flawed in design. These design disasters waiting to happen cannot be permanently thwarted by band-aid policies.

Biometrics are poor authentication factors because once they are compromised they cannot be re-secured unlike digital signatures. Additionally, an individual’s biometrics can be harvested remotely without his or her conscious cooperation. The iris can be captured remotely without a person’s knowledge using a high-res digital camera.

Biometrics are poor identification factors in a country where the registrars have commercial motivation to create ghost identities. For example, bank managers trying to achieve targets for deposits by opening benami accounts. Biometrics for these ghost identities can be imported from other countries or generated endlessly using image processing software. The de-duplication engine at the Unique Identification Authority of India (UIDAI) will be fooled into thinking that these are unique residents.

An authentication system does not require a centralised database of authentication factors and transaction details. This is like arguing that the global system of e-commerce needs a centralised database of passwords and logs or, to use an example from the real world, to secure New Delhi, all citizens must deposit duplicate keys to their private property with the police.

Decentralisation and privacy are preconditions for security. The “end-to-end principle” used to design internet security is also in compliance with Gandhian principles of Panchayat Raj. Digital signatures don’t require centralised storage of private keys and are, therefore, much more resilient in terms of security.

Biometrics as authentication factors require the government to store biometrics of all citizens but citizens are not allowed to store biometrics of politicians and bureaucrats. The state authenticates the citizen but the citizen cannot conversely authenticate the state. Digital signatures as an authentication factor, on the other hand, does not require this asymmetry since citizens can store public keys of state actors and authenticate them. The equitable power relationship thus established allows both parties to store a legally non-repudiable audit trail for critical transactions like delivery of welfare services. Biometrics exacerbates the exiting power asymmetry between citizens and state unlike digital signatures, which is peer authentication technology.

Privacy protections should be inversely proportional to power. The transparency demanded of politicians, bureaucrats and large corporations cannot be made mandatory for ordinary citizens. Surveillance must be directed at big-ticket corruption, at the top of the pyramid and not retail fraud at the bottom. Even for retail fraud, the power asymmetry will result in corruption innovating to circumvent technical safeguards. Government officials should be required by law to digitally sign the movement of resources each step of the way till it reaches a citizen. Open data initiatives should make such records available for public scrutiny. With support from civil society and the media, citizens will themselves address retail fraud. To solve corruption, the state should become more transparent to the citizen and not vice versa.

UIDAI’s latest 23-page biometrics report is supposed to dispel the home ministry’s security anxieties. It says “biometric data is collected by software provided by the UIDAI, which immediately encrypts and applies a digital signature.” Surely, what works for UIDAI, that is digital signatures, should work for citizens too. The report does not cover even the most basic attack — for example, the registrar could pretend that UIDAI software is faulty and harvest biometrics again using a parallel set-up. If biometrics are infallible, as the report proclaims, then sections in the draft UID Bill that criminalise attempts to defraud the system should be deleted.

The compromise between UIDAI and the home ministry appears to be a turf battle for states where security concerns trump developmental aspirations. This compromise does nothing to address the issues raised by the Parliamentary Standing Committee on Finance, headed by the Bharatiya Janata Party’s Yashwant Sinha.

Read the original published in the Business Standard on 1 February 2012

For more details visit http://editors.cis-india.org/internet-governance/do-we-need-the-aadhar-scheme

Distinguished Fellows

sunil — 2020-07-27T12:50:59Z

Prof. Subbiah Arunachalam is based in Chennai. Rishab Aiyer Ghosh is based at UNU-MERIT at Maastricht. Hans Varghese Mathews is based in Bangalore. Shyam Ponappa is based in New Delhi. Prof. Tejaswini Niranjana is based in Bangalore and Mumbai.

Hans Varghese Mathews

Prof. Subbiah Arunachalam (known to friends as Arun) started his career as a research chemist, but found his calling in information science. In the past four decades, he has been a student of chemistry, a laboratory researcher (at the Central Electrochemical Research Institute and the Indian Institute of Science), an editor of scientific journals (at the Publications and Information Directorate of the Council for Scientific and Industrial Research and the Indian Academy of Sciences), the secretary of a scholarly academy of sciences (IASc), a teacher of information science (at the Indian National Scientific Documentation Centre), and a development researcher (at the M.S. Swaminathan Research Foundation and the Indian Institute of Technology Madras). While working with M.S. Swaminathan Research Foundation, he initiated the South-South Exchange Traveling Workshop to facilitate hands on cross-cultural learning for knowledge workers from Africa, Asia and Latin America engaged in ICT-enabled development.

Arun is on the editorial boards of six international refereed journals including Journal of Information Science, Scientometrics, and Journal of Community Informatics; a member of the international advisory board of IICD, The Hague, a trustee of the Electronic Publishing Trust for Development, and a Trustee of the Voicing the Voiceless Foundation. Improving information access both for scientists and for the rural poor; scientometrics, ICT-enabled development and open access are among his current research interests.

Rishab Aiyer Ghosh is a researcher based in Maastricht. He is an Open Source Initiative board member, the founding international and managing editor of the peer-reviewed journal First Monday, and the Programme Leader of FLOSS at UNU-MERIT. He has undertaken several global, high-profile studies on Free Software. He is a jury member for Global Bangemann Challenge (now Stockholm Challenge Award), a prestigious prize awarded to IT projects with socio-economic impact by the mayor of Stockholm and founder member of the GII Internet Commerce Brain Trust. From 1995–1999, Rishab has worked as an editor at The Indian Techonomist, an analytical newsletter on Indian media and communications targeted at a global audience, an analyst and newsletter contributor for US-based Paul Kagan Associates, and a weekly columnist on Internet society (Electric Dreams). He still writes regularly, with over half a million words published in journals, newspapers and magazines worldwide, from PC Quest India to Wired Magazine, USA. From 2008, he heads the Collaborative Creativity Group at UNU-MERIT.

Shyam Ponappa is a Distinguished Fellow whose work is in the areas of broadband, telecommunications, and spectrum policy, from management, systems, and technology perspectives.

Beginning his career at the State Bank of India, he was a Senior Manager, Management Consulting Services, at Price Waterhouse in San Francisco, M&A Head for Citibank in India, and thereafter managed a partnership doing alliances, business strategy, and financial placements in New Delhi for major international and domestic clients. Subsequently, he was an independent consultant in India and abroad. His experience is in financial placements, M&A, and business strategy for clients in IT, telecommunications, power, oil/energy, airlines, biotechnology, banking/financial services, hotels, shipping, railroads, manufacturing, agri-business, law firms, and retail enterprises.

He has advised the government on public policy since 1990, primarily in telecommunications. As a columnist for the Business Standard, he writes on infrastructure and managing economic reforms (http://organizing-india.blogspot.com). He has an MBA from the University of California at Berkeley, an MA (History) and a BSc (Physics) from Madras Christian College."

Tejaswini Niranjana is presently a Senior Fellow at the Centre for the Study of Culture and Society (CSCS), Bangalore, and Visiting Professor at Tata Institute of Social Sciences (TISS), Mumbai.

At CSCS (www.cscs.res.in), Tejaswini helped set up in 2001 an inter-disciplinary doctoral programme in Cultural Studies, and many of her Ph.D. students have brought Indian language materials into their research and writing. At TISS (www.tiss.edu), Tejaswini is incubating the Centre for Indian languages in Higher Education, which will anchor a multi-institutional programme for Indian languages in higher education, including production of new resources, curriculum strengthening, research training, digitisation and archiving. On the anvil is the creation at TISS of a digital hub for Indian language resources for tertiary education.

She is also Lead Researcher of the Higher Education Innovation and Research Applications (HEIRA) Programme at CSCS (http://heira.in). HEIRA works towards sectoral transformation in higher education, working with private and public institutions to design and field-test new methods for curriculum development, teacher training and institutional change at the undergraduate and post-graduate levels. Tejaswini is co-author of a policy note on quality education in Indian languages, the recommendations of which are now part of the final 12^th Plan document (http://www.ugc.ac.in/ugcpdf/740315_12FYP.pdf).

Select publications are available from cscs.academia.edu. Her best-known book is Siting Translation: History, Post-structuralism and the Colonial Context (Berkeley: University of California Press, 1992). More recently, she published Mobilizing India: Women, Music and Migration across India and Trinidad (Durham: Duke University Press, 2006).

Tejaswini is the Adviser (since February 2013) to the 'Access to Knowledge' programme of CIS and will guide the A2K team in expanding the Indian language Wikipedias and in increasing the number of active editors through strategic partnerships with Higher Education institutions across India.

For more details visit http://editors.cis-india.org/about/people/distinguished-fellows

Data Protection: We can innovate, leapfrog

sunil — 2018-01-22T01:45:46Z

About 27% of India's population is still illiterate or barely literate. Most privacy policies and terms of services for web and mobile applications are in English and therefore it is only 10% of us who can actually read them before we provide our consent.

The article was published in the Deccan Herald on January 20, 2018.

Even if we can read them, we may not have the necessary legal training to understand them. According to a tweet thread by Pat Walshe (@privacymatters), the Tetris app, a popular video game, has a privacy policy that details the third-party advertising companies that they share data with. These third-parties include "123 Ad Networks; 13 Online Analytics companies; 62 Mobile Advertising Networks; 14 Mobile Analytics companies. The linked privacy policies for Tetris run to 407,000 words, compared to 450,000 words for the entire 'Lord of the Rings trilogy'." The child aged four and above that plays the game and her parents need an intermediary to deal with the corporations hiding behind Tetris.

Unlike the European Union, which has more than 37 years of history when it comes to data protection law, India is starting with a near blank slate after the Supreme Court confirmed that privacy is a constitutionally-guaranteed fundamental right in the Puttaswamy case judgement. While we would want to maintain adequacy and compatibility with the EU General Data Protection Regulation (GDPR) because it has become the global standard, we must realise that there is an opportunity for leapfrogging. This article attempts to introduce the reader to three different visions for intermediaries that have emerged within the Indian data protection debate around the accountability principle. I will also provide a brief sketch of an idea that we are developing at the Centre for Internet and Society. This is an incomplete list as there must be more proposals for regulatory innovation around the accountability principle that I am currently unaware of.

n Account Aggregators: The 'India Stack' ecosystem that has been built around the Aadhaar programme first proposed intermediaries called Account Aggregators. Account Aggregators manage consent artifacts. India Stack has traditionally been described as having four layers -- presenceless, paperless, cashless and consent. The consent layer is supposed to feature Account Aggregators. If, for example, a data subject wanting an insurance policy visits an insurance portal, the portal would collect personal information and a consent artifact from her and pass it on to multiple insurance companies. These insurance companies would send personalised bids to the portal, which would be displayed on a comparative grid to enable empowered selection.

The data structure consent artifact has been provided in the Master Direction from RBI titled "Non-Banking Financial Company Account Aggregator Directions," published in September 2016. How does this work? The fields includes (i) identity and optional contact information; (ii) nature of the financial information requested; (iii) purpose; (iv) the identity of the recipients, if any; (v) URL/address for notifications when the consent artifact is used; (vi) consent artifact creation date, expiry date, identity and signature/digital signature of the Account Aggregator; and (vii) any other attribute as may be prescribed by the RBI. While Account Aggregators make it frictionless for the grant of consent and also for the harvesting of consent by data controllers, it does not make it easy for you to manage and revoke your consent.

n Data Trusts: Most recently, Na.Vijayashankar, a Bengaluru-based cybersecurity and cyberlaw expert, has proposed intermediaries called 'Data Trusts' registered with the regulator and who (i) will work as escrow agents for the personal data (which would be classified by type for different degrees of protection); (ii) will make privacy notices accessible by translating them into accessible language and formats; (iii) disclose data minimally to different data controllers based on the purpose limitation; (iv) issue tokens or pseudonymous identifiers and monetise the data for the benefit of the data subject. To ensure that Data Trusts truly protect the interests of the data subject, Vijayashankar proposes three requirements: (a) public performance reviews (b) audits by the regulator and (c) "an arms-length relationship with the data collectors." In his proposal, Data Trusts are firms with "the ability to process a real-time request from the data subject to supply appropriate data to the data collector."

n Learned Intermediaries: The Takshashila Institution published a paper titled Beyond Consent: A New Paradigm for Data Protection, authored by Rahul Matthan, partner at the law firm Trilegal. Learned Intermediaries would perform mandatory audits on all data controllers above a particular threshold. Like Vijayashankar, Matthan also requires these intermediaries to be certified by an appropriate authority. The main harm that he focuses on is, bias or discrimination. He proposes three stages of audit which are designed for the age of Big Data and Artificial Intelligence: "(i) Database Query Review; (ii) Black Box Audits; and (iii) Algorithm Review". Matthan also tentatively considers a rating system. Learned Intermediaries are a means to address information asymmetry in the market by making data subjects more aware. The impact of churn on their bottom-lines, it is hoped, will force data controllers to behave in an accountable manner, protecting rights and mitigating harms.

n Consent Brokers: Finally, I have proposed the model of a 'Consent Broker' by modifying the concept of the Account Aggregator. Like the Account Aggregator proposal, we would want a competitive set of consent brokers who will manage consent artifacts for data subjects. However, I believe there should be a 1:1 relationship between data subjects and consent brokers so that the latter compete for the business of data subjects. Like Vijayashankar, I believe that the consent broker must have an "arms-length distance" from data controllers and must be prohibited from making any money from them. Consent brokers could also be trusted to take proactive actions for the data subjects, such as access and correction.

The need of the hour is the production of regulatory innovations and robust discussions around them for all the nine privacy principles in the Justice AP Shah committee report -- notice, choice and consent, collection limitation, purpose limitation, access and correction, disclosure of information, security, openness and accountability.

For more details visit http://editors.cis-india.org/internet-governance/blog/deccan-herald-january-20-2018-sunil-abraham-data-protection-we-can-innovate-leapfrog

Copyright Amendment: Bad, but Could Have Been Much Worse

sunil — 2012-06-15T12:29:39Z

The changes to the Copyright Act protect the disabled - but are restrictive about cover versions and web freedom, writes Sunil Abraham in this article published in the Business Standard on June 10, 2012.

When the Copyright (Amendment) Act, 2012, was passed unanimously by the Lok Sabha on May 22, it meant that there was little reason for celebration, some not-so-great news, and a lot of pretty bad news.

The only real reason for unqualified celebration is the amendment’s introduction of a robust exception for the disabled. It is bleeding-edge policy formulation, as it is right up there alongside the Treaty for the Visually Impaired currently being negotiated at the World Intellectual Property Organisation (WIPO). The Indian exception is more robust: first, it is disability-neutral, unlike the treaty which only addresses the needs of the print-impaired; and second, it is works-neutral, unlike the treaty which only addresses books and printed works. In brief, given the very limited circulation of copyrighted works amongst the disabled, they now can convert inaccessible works to accessible formats and share them with each other on a non-profit basis. No royalty needs to be paid to the rights-holders for this conversion and the resultant access. Other reasons to celebrate include the newly introduced exception for non-commercial lending and the extension of fair dealing (or fair use) to all works.

Now for some middling news. The Digital Rights Management provision makes it an offence punishable with a fine and a two-year jail term to circumvent “effective technological measures” (also called Technological Protection Measures) and remove “rights management information” (RMI). The provision protects public interest since it does not allow rights-holders to claim rights unavailable under copyright law, and does not prevent consumers and citizens from benefiting from the various fair dealing (or fair use) exceptions and limitations.

Unfortunately, the provision mandates onerous record-keeping for those providing circumvention technologies, and also does not insist that the rights-holder provide the means for circumvent when the consumer or citizen legitimately needs to do so.

The first piece of bad news is that an inadequate “safe harbour” provision has been introduced for Internet intermediaries. Like the Information Technology Act, the Copyright Act has also gotten the configuration of the intermediary liability regime wrong. This was the opportunity to finally protect common carriers, platforms for social media and commons-based peer-production (such as free software and open content). In short, search engines are finally legal in India, and so are ISPs, virtual private network providers and content delivery networks.

But unfortunately, social media platforms such as Facebook and peer-production platforms like Wikipedia are not afforded sufficient immunity to thrive as real-time participatory platforms. The take-down procedure is designed to provide instant relief to rights-holders, as intermediaries are supposed to remove content immediately. They have the option of reinstating content if the take-down notice is not followed within three weeks by a court order. This mechanism will have a chilling effect on free speech — given that Indian internet service providers very obviously privilege the interests of intellectual property rights-holders over those of the ISPs’ customers — as most recently illustrated by their over-compliance with certain John Doe court orders emerging from the Madras High Court.

The second piece of bad news is the extension of the term of protection for photographs. It has gone from being “sixty years after publication” to “sixty years after the death of the photographer”. Sixty years from publication was already in excess of the Agreement on Trade-Related aspects of Intellectual Property Rights (the TRIPS Agreement). Now we are in excess of WIPO Copyright Treaty requirements, even though India is not a signatory. The possibility of grandchildren earning royalties does not serve as an incentive for shutterbugs to take more photos or better photos. It is not even clear if one can monetise the average photo after the first decade. Therefore, the global public domain has been substantially impoverished, without any evidence that this will make the photographers reciprocally wealthier.

It does not stop there. In the age of hip-hop, trance, jhankar beats and turntables, one would have hoped that our law-makers would at least get the provision for “cover versions” or “remixes” right. Cover versions in India are doubly useful both in terms of aesthetics and profits — and yet the relevant provision can only be described as mediaeval. Cover versions can be produced only after a gap of five years; they have to be restricted to the same medium as the original; payment from them must be made in advance for 5,000 copies (should all those who sang commercially viable cover violations of “Kolaveri Di” be considered lawbreakers?); and there are strict limits on what are acceptable alterations to the original. The “alterations” have to be “reasonable” and “technically necessary”. Today, affordable yet sophisticated multimedia technologies allow teenagers to build professional sound recording studios in their bedrooms — and our government is seeking to restrict them to boring word-for-word and note-for-note covers.

And it gets worse. Bowing to pressure from foreign publishers’ associations, the government deleted the “parallel importation” provision at the last minute. The inclusion of this provision would have made it clear that works reproduced with the rights-holders’ permission in other countries could be imported into India. Foreign publishers and their lobbyists went all-out with a propaganda campaign predicting a dystopia filled with pirated books, surplus books dumped from overseas and starving, uncompensated authors. Had our government not caved, this clarification in law would have gone a long way in dismantling distribution monopolies and made the market much more competitive. The resultant increase in choice and reduction in cost would have benefited everyone. Human Resources Development Minister Sibal promised both Houses during the passage of the amendment that he would revisit this, and let’s hope he does so — especially for our libraries and our second-hand book stores, and for the students and disabled amongst us.

The writer is at the Centre for Internet and Society, Bangalore. sunil@cis-india.org

Click to read the original published by Business Standard.

For more details visit http://editors.cis-india.org/a2k/copyright-amendment

Connected Trouble

sunil — 2015-10-28T16:47:58Z

The internet of things phenomenon is based on a paradigm shift from thinking of the internet merely as a means to connect individuals, corporations and other institutions to an internet where all devices in (insulin pumps and pacemakers), on (wearable technology) and around (domestic appliances and vehicles) humans beings are connected.

The guest column was published in the Week, issue dated November 1, 2015.

Proponents of IoT are clear that the network effects, efficiency gains, and scientific and technological progress unlocked would be unprecedented, much like the internet itself.

Privacy and security are two sides of the same coin―you cannot have one without the other. The age of IoT is going to be less secure thanks to big data. Globally accepted privacy principles articulated in privacy and data protection laws across the world are in conflict with the big data ideology. As a consequence, the age of internet of things is going to be less stable, secure and resilient. Three privacy principles are violated by most IoT products and services.

Data minimisation

According to this privacy principle, the less the personal information about the data subject that is collected and stored by the data controller, the more the data subject's right to privacy is protected. But, big data by definition requires more volume, more variety and more velocity and IoT products usually collect a lot of data, thereby multiplying risk.

Purpose limitation

This privacy principle is a consequence of the data minimisation principle. If only the bare minimum of personal information is collected, then it can only be put to a limited number of uses. But, going beyond that would harm the data subject. IoT innovators and entrepreneurs are trying to rapidly increase features, efficiency gains and convenience. Therefore, they don't know what future purposes their technology will be put to tomorrow and, again by definition, resist the principle of purpose limitation.

Privacy by design

Data protection regulation required that products and services be secure and protect privacy by design and not as a superficial afterthought. IoT products are increasingly being built by startups that are disrupting markets and taking down large technology incumbents. The trouble, however, is that most of these startups do not have sufficient internal security expertise and in their tearing hurry to take products to the market, many IoT products may not be comprehensively tested or audited from a privacy perspective.

There are other cyber security principles and internet design principles that are disregarded by the IoT phenomenon, further compromising security and privacy of users.

Centralisation

Most of the network effects that IoT products contribute to require centralisation of data collected from users and their devices. For instance, if users of a wearable physical activity tracker would like to use gamification to keep each other motivated during exercise, the vendor of that device has to collect and store information about all its users. Since some users always wear them, they become highly granular stores of data that can also be used to inflict privacy harms.

Decentralisation was a key design principle when the internet was first built. The argument was that you can never take down a decentralised network by bombing any of the nodes. Unfortunately, because of the rise of internet monopolies like Google, the age of cloud computing, and the success of social media giants, the internet is increasingly becoming centralised and, therefore, is much more fragile than it used be. IoT is going to make this worse.

Complexity

The more complex a particular technology is, the more fragile and vulnerable it is. This is not necessarily true but is usually the case given that more complex technology needs more quality control, more testing and more fixes. IoT technology raises complexity exponentially because the devices that are being connected are complex themselves and were not originally engineered to be connected to the internet. The networks they constitute are nothing like the internet which till now consisted of clients, web servers, chat servers, file servers and database servers, usually quite removed from the physical world. Compromised IoT devices, on the other hand, could be used to inflict direct harm on life and property.

Death of the air gap

The things that will be connected to the internet were previously separated from the internet through the means of an air gap. This kept them secure but also less useful and usable. In other words, the very act of connecting devices that were previously unconnected will expose them to a range of attacks. Security and privacy related laws, standards, audits and enforcement measures are the best way to address these potential pitfalls. Governments, privacy commissioners and data protections authorities across the world need to act so that the privacy of people and the security of our information society are protected.

For more details visit http://editors.cis-india.org/internet-governance/blog/the-week-november-1-2015-sunil-abraham-connected-trouble

CIS's Position on Net Neutrality

sunil — 2015-12-09T13:06:06Z

As researchers committed to the principle of pluralism we rarely produce institutional positions. This is also because we tend to update our positions based on research outputs. But the lack of clarity around our position on network neutrality has led some stakeholders to believe that we are advocating for forbearance. Nothing can be farther from the truth. Please see below for the current articulation of our common institutional position.

Net Neutrality violations can potentially have multiple categories of harms — competition harms, free speech harms, privacy harms, innovation and ‘generativity’ harms, harms to consumer choice and user freedoms, and diversity harms thanks to unjust discrimination and gatekeeping by Internet service providers.
Net Neutrality violations (including some those forms of zero-rating that violate net neutrality) can also have different kinds benefits — enabling the right to freedom of expression, and the freedom of association, especially when access to communication and publishing technologies is increased; increased competition [by enabling product differentiation, can potentially allow small ISPs compete against market incumbents]; increased access [usually to a subset of the Internet] by those without any access because they cannot afford it, increased access [usually to a subset of the Internet] by those who don't see any value in the Internet, reduced payments by those who already have access to the Internet especially if their usage is dominated by certain services and destinations.
Given the magnitude and variety of potential harms, complete forbearance from all regulation is not an option for regulators nor is self-regulation sufficient to address all the harms emerging from Net Neutrality violations, since incumbent telecom companies cannot be trusted to effectively self-regulate. Therefore, CIS calls for the immediate formulation of Net Neutrality regulation by the telecom regulator [TRAI] and the notification thereof by the government [Department of Telecom of the Ministry of Information and Communication Technology]. CIS also calls for the eventual enactment of statutory law on Net Neutrality. All such policy must be developed in a transparent fashion after proper consultation with all relevant stakeholders, and after giving citizens an opportunity to comment on draft regulations.
Even though some of these harms may be large, CIS believes that a government cannot apply the precautionary principle in the case of Net Neutrality violations. Banning technical innovations and business model innovations is not an appropriate policy option. The regulation must toe a careful line to solve the optimization problem: refraining from over-regulation of ISPs and harming innovation at the carrier level (and benefits of net neutrality violations mentioned above) while preventing ISPs from harming innovation and user choice. ISPs must be regulated to limit harms from unjust discrimination towards consumers as well as to limit harms from unjust discrimination towards the services they carry on their networks.
Based on regulatory theory, we believe that a regulatory framework that is technologically neutral, that factors in differences in technological context, as well as market realities and existing regulation, and which is able to respond to new evidence is what is ideal.

This means that we need a framework that has some bright-line rules based, but which allows for flexibility in determining the scope of exceptions and in the application of the rules. Candidate principles to be embodied in the regulation include: transparency, non-exclusivity, limiting unjust discrimination.
The harms emerging from walled gardens can be mitigated in a number of ways. On zero-rating the form of regulation must depend on the specific model and the potential harms that result from that model. Zero-rating can be: paid for by the end consumer or subsidized by ISPs or subsidized by content providers or subsidized by government or a combination of these; deal-based or criteria-based or government-imposed; ISP-imposed or offered by the ISP and chosen by consumers; Transparent and understood by consumers vs. non-transparent; based on content-type or agnostic to content-type; service-specific or service-class/protocol-specific or service-agnostic; available on one ISP or on all ISPs. Zero-rating by a small ISP with 2% penetration will not have the same harms as zero-rating by the largest incumbent ISP. For service-agnostic / content-type agnostic zero-rating, which Mozilla terms ‘equal rating’, CIS advocates for no regulation.
CIS believes that Net Neutrality regulation for mobile and fixed-line access must be different recognizing the fundamental differences in technologies.
On specialized services CIS believes that there should be logical separation and that all details of such specialized services and their impact on the Internet must be made transparent to consumers both individual and institutional, the general public and to the regulator. Further, such services should be available to the user only upon request, and not without their active choice, with the requirement that the service cannot be reasonably provided with ‘best efforts’ delivery guarantee that is available over the Internet, and hence requires discriminatory treatment, or that the discriminatory treatment does not unduly harm the provision of the rest of the Internet to other customers.
On incentives for telecom operators, CIS believes that the government should consider different models such as waiving contribution to the Universal Service Obligation Fund for prepaid consumers, and freeing up additional spectrum for telecom use without royalty using a shared spectrum paradigm, as well as freeing up more spectrum for use without a licence.
On reasonable network management CIS still does not have a common institutional position.

For more details visit http://editors.cis-india.org/internet-governance/blog/cis-position-on-net-neutrality

CIS - A2K Work Plan: July 2016 - June 2017

sunil — 2016-04-29T09:36:45Z

One of the key mandates of the Access to Knowledge (A2K) program at the Centre for Internet and Society (CIS) is to work towards catalyzing the growth of the free and open knowledge movement in Indic languages. CIS has been a steward of the Wikimedia movement in India since December 2008. Since September 2012, we at CIS-A2K, have been actively involved in growing the movement in India through (i) a grant received from the Wikimedia Foundation (WMF) for the period September 2012 - June 2014, (ii) the FDC Grant received for the period July 2014 - June 2015 and (iii) the FDC Grant received for the period July 2015 - June 2016. Based on the productive experience of working with various Indic Wikimedia communities, CIS-A2K has developed this work plan for July 2016 to June 2017.

This was originally published on Meta-wiki on April 2, 2016.

We have revised the work plan template taking into account the changed proposal plan sent out by WMF and in light of the feedback that we have received from FDC assessment during last proposal application. The FDC feedback is taken into account at the level of design, RoI and ensuring quality for all our activities.

CIS-A2K responses towards Indic communities concerns

During the last plan period CIS-A2K received the following complaints, suggestions, and feedback. We have attempted to address the concerns under redesigned CIS-A2K 2.0. This table was first prepared during our progress report for the current grant and A2K would like to acknowledge the learnings derived out of the suggestions and feedback it received during the last plan. Please see the table here.

Background to CIS-A2K Program

CIS-A2K is working with the Indic Wikimedia communities since December 2008, when Jimbo Wales came to India and visited Bangalore. In mid-2012 CIS-A2K received a financial grant from the Wikimedia Foundation (WMF) and since then it has been actively involved in growing the Wikimedia and free knowledge movement in India. Following a grant received from WMF for the period September 2012 to June 2014, CIS-A2K received FDC Grant for the periods July 2014 to June 2015 and July 2015 to June 2016. Based on the 41-month experience of working with various Indic Wikimedia communities, CIS-A2K has prepared this year's work plan for July 2016 to June 2017.

Objective

CIS-A2K is committed to improve Wikimedia movement in India by supporting Indic Wikimedia communities and working on Wikimedia projects and collaborating with FOSS and other like minded movement partners. It also strives to catalyse the growth of open and free knowledge movement in South Asia and especially in India. Our main objectives are:

Bringing content under Creative Commons and similar free licenses;
Supporting and empowering Indic Wikimedia communities;
Building and maintaining institutional partnerships in order to support the open knowledge movement and creation of open knowledge resources;
Planning and executing Wikimedia projects with wider community participations and effective consultation;
Fostering and enabling an appropriate legal and technological ecosystem;
Building sustainable communities and grooming potential leaders to represent the communities and projects globally.

Context

CIS-A2K has focussed on creating sustainable programmes and capacity development for communities in the last few years. CIS-A2K intends to continue its work during the proposed grant period and would continue to focus on the following Indian language Wikimedia projects: Kannada, Konkani, Marathi, Odia, Telugu (Focus Language Areas, FLA). In order to achieve higher RoI, A2K will be including Tulu in its language plan from this plan period.

CIS-A2K will continue to provide general support and service to all other Indian language Wikimedia communities for all Wikimedia projects as necessary and as requested by the communities or individuals from the community through its request page and needs assessment workshops.

Community strengthening initiatives will be prioritised in order to address the poor participation of Wikimedians from Indian sub continent in particular and global south in general. CIS-A2K has rolled out initiatives such as Train the Trainer and MediaWiki training, focused edit-a-thons and GLAM activities.

CIS-A2K and Indian language Wikimedia communities would greatly benefit from collaborating with these initiatives and CIS-A2K during this grant period would attempt to bring these communities closer with a series of interactions, hack-a-thons and training sessions.

Our institutional partnerships have played a very important role in content donation, generation of content, attracting new readers and editors and collaborating opportunities with existing community members. They have provided much needed press coverage towards Indian language Wikimedia projects. The institution partnerships and WEP have been redesigned as per community suggestions.

Methodology

This work plan has been prepared based on an extensive engagement with various Wikimedia movement participants and enthusiasts in India. These include:

Wikimedia community members across all Indic communities: We have talked to a large number of Indic Wikimedia community members and specially community members of our focused language areas;
Institutional Partners of CIS-A2K: We have taken feedback and suggestions from our institutional partners regarding the challenges of conducting WEP;
Like-minded advocates of free and open knowledge;
Surveys and Interviews.

Performance against plans and projected targets

Overall

Kannada

Konkani

Marathi

Odia

Telugu

Progress against goals set

Language Area Work Plans

CIS-A2K has put in significant efforts across four focus language areas Kannada, Konkani, Odia and Telugu during the previous work plans. CIS-A2K proposed and initiated Marathi as a focus language project during the last proposal plan. As A2K's strategy of working with FLA has resulted in community building and sustainable outreach efforts, we intend to work with the nascent Tulu community towards making Tulu Wikipedia live.

The Tulu Wikipedia plan is a 'minimal cost program' and is not budgeted same as the other FLA. A2K has been able to build a strong community in Mangalore for the Kannada and Konkani Wikimedia projects. Tulu community draws its editor base and institutional support from Mangalore, hence A2K's plans towards Kannada and Konkani Wikimedia projects can also have the added dimension of Tulu Wikipedia incubation activities.

Detailed work-plan for each of these language areas may be seen here (in alphabetical order):

Woman's day editathon at Christ University

Some of the key factors that determined the July 2016-June 2017 work plan:

Development of Focus Language Area Plan: A2K's strategy of building a plan along with the consultation of the community and further customised as per the feedback received by communities and FDC Staff have resulted well across five languages. CIS-A2K is pleased to inform that during July 2015-June 2016 it engaged with all the five focus language area plans as it has been able to recruit program officers and program associates for the vacant positions. It is important to note that while we are engaging with Tulu Wikipedia community with intentions of making Tulu Wikipedia live, it is also a 'minimal cost' program. It helps A2K in acheiving higher RoI for monetary resources and optimisation of staff and volunteer expertise.
A2K 2.0 as a response to FDC and Indic Wikimedians' Feedback: As a learning derived out of FDC, WMF Board and Indic Wikimedians suggestions, CIS-A2K has revised its program structure and composition of work. Please find details of revised divisional of responsibilities of A2K team.
Partnership and networking with institutions and groups: CIS-A2K has had the privilege of partnering with educational institutions and developmental organisations. These partnerships and collaborations not only resulted in significant quality-content contributions, but also lead to the diversification and expansion of that particular language Wikimedia community. In order to strengthen the communities, increase participation and conduct GLAM activities and attract content donation A2K would look out for possible institutional partnerships.
Providing sustainability and developing leadership skills: A2K has always worked towards enabling Indian Language Wikimedia communities to achieve sustainability and visibility amongst the global communities. We have been greatly privilege to work with the Focus Language Communities and would like to pass on our learning through collaborations with other language communities, while exiting few of our current FLA programs. Through our skill building initiatives such as Train-the-Trainer, Media Wiki Training and Train-a-Wikipedian A2K has also been able to support growth of a new community of volunteers to support the existing community.

Community Strengthening Initiatives

CIS-A2K started two community strengthening initiatives— Train-the-Trainer and MediaWiki Training to grow and strengthen the Indic Wikimedia projects and the associated communities, both qualitatively and quantitatively. The earlier iteration of these two programs played an important role in connecting the Indian language Wikimedia communities and fostering multi-lingual projects. This year also CIS-A2K proposes to undertake these two successful community strengthening initiatives. In mid-March 2016, CIS-A2K conducted a 2-day-long nationwide Wikipedia Education Program review workshop that brought students and faculty members from institutions that are running WEP in partnership with CIS-A2K and several important topics such as structural challenges such as academic schedule, institutional interest, faculty buy-in and more importantly response by the students were discussed. This year also CIS-A2K proposes to conduct such a workshop.

Creating Movement Resources

CIS-A2K has been creating resources to help Indic Wikimedia communities. All the resources are created after assessing the communities' need assessment and close interactions with many of the active community members.

CIS-A2K proposed to create the following resources (this also include printed resources):

Wikipedia editing tutorials
PEG and IEG application handbooks;
Handbook on how apply for various WMF scholarships;
Handbook on best practices for Wiki-events, workshops, meetup, outreach and other programs;
FAQ for content donors –give this job to a law school intern. No need of this handbook to be translated to Indian languages.
Bookmarks creation to increase awareness about Indian Wikimedia Projects;

General Support and Service to the Movement

CIS-A2K regularly supports Indic-language Wikimedia communities to conduct workshops, edit-a-thons and events to improve their projects. All these requests are placed at CIS-A2K request page and fulfilled after extensive community discussion and needs assessment.

Currently CIS-A2K is working on a program named Train-a-Wikipedian (TAW) to identify enthusiastic Indic Wikipedians and train and groom them to develop their editing skills. We'll continue empowering Indic Wikimedia community members through this program.

Learning and Evaluation

Following the Global metrics and discussions some members of the Wikimedia community, the A2K program had put together some evaluation tools to assess the impact of its work during the last year. We have included some more metrics for evaluation this year.

Evaluation tools

Participation

Number of active editors involved
Number of newly registered users
Number of individuals involved

Content

Number of new images/media added to Wikimedia article pages
Number of new images/media uploaded to Wikimedia Commons
Number of articles added or improved on Wikimedia projects
Number of bytes added to and/or deleted from Wikimedia projects

Reports

CIS-A2K will undertake monthly and annually review of our work using the above evaluation tools. CIS-A2K report activities and progress to Wikimedia foundation in monthly meetings.^[1] CIS-A2K team will also report the successes and learnings to the Wikimedia India & the Global Community. CIS-A2K team will actively review progress of each language area plan in collaboration with the respective Wikimedia community. Based on this feedback we will undertake mid-course corrections, should there be a need. To summarize following reports will be published in the year of 2016 - 2017:

Progress report (for the current grant)
Impact Report (July 2016 - June 2017)
Monthly report to Wikimedia foundation;
Monthly Newsletters
Annual report to CIS

Monthly Review and Learning Sessions

Last year we wrote about conducting monthly review and learning sessions. Currently CIS-A2K is conducting monthly learning sessions to critically reflect on the successes and failures of our work internally. The learnings are shared with Wikimedia Foundation for their feedback and suggestion. We'll continue conducting monthly reviews and learnings and progress will be shared with Wikimedia Foundation. We will try to share the same the Wikimedia India members.

Budget

Please find link to CIS-A2K program budget for proposed grant period July 2016-June 2017 here

Feedback

We appreciate your valuable feedback. However, for the sake of structured engagement by everyone, we request you to consider the following before you share your feedback.

For feedback on the overall A2K Work Plan you can write here.
For feedback on respective Language area plans, please write on the discussion page of the respective language plan.

Alternatively you could also share your feedback over e-mail at tanveer@cis-india.org. Please use the subject line Feedback on Work Plan.
Should you feel the need to discuss any aspect of the plan before sharing your feedback, please write to us and we can set up a telephone/Skype call.

For more details visit http://editors.cis-india.org/a2k/blogs/cis-a2k-work-plan-july-2016-june-2017

Censoring the Internet: A brief manual

sunil — 2012-08-24T09:39:03Z

Blocking websites on the Internet should be proportionate to harm they intend. However, the government of India's approach is against the principles of natural justice.

Published in Tehelka on August 23, 2012.

When: Speech should be regulated when there is harm, or when there is clear and imminent harm. The extent of regulation must be in proportion to the harm.

The mass exodus of people from the Northeast, from certain Indian-cities is clear indication of a ‘public order’ crisis. The government of India, for the very first time, has legitimate reasons for cracking down on intermediaries such as Google and Facebook and their users, unlike in the past when only the egos of politicians, bureaucrats and others in public office or public life were at stake. In most cases temporary restrictions on speech are sufficient to mitigate harm. When potential for harm has dissipated the restrictions should be lifted. Whilst videos and images related to the violations of the human-rights to the Rohingya community might be sensitive material today, there is no reason why such content should be blocked forever, unlike, for example, in the case of child pornography.

How: Does this mean that the Internet rules that were notified in April last year were future-looking policies justified in retrospect? No. When a block is implemented, or a takedown is complied with, three types of notices are required — either immediately or after the imminent harm has been prevented. First, the censored individuals/groups should be informed, so that they can seek redressal and reinstatement; second, those trying to consume the censored material must be warned; and third, the general public has a right to know either immediately or in due course.

Even in authoritarian states like Saudi Arabia, visitors to blocked websites are given clear reasons why the website was blocked along with contact details to seek redressal. There are, also, safe harbour provisions for intermediaries, meaning that they absolve themselves of liability in exchange for acting upon takedown orders sent by non-state actors. Suitable safeguards are required to prevent over-compliance by intermediaries, and the resulting chilling effect on free speech as demonstrated by CIS's research. The intermediary liability rules under the Indian IT Act 2008 have no such safeguards and therefore does not comply with principles of natural justice.

Who: Block and takedown orders need to be very specific. The advisory note issued to Internet intermediaries by the Department of Electronics and Information Technology, Ministry of Communications & Information Technology on the 17 August did not mention details such as URLs, user accounts, group names and content identifiers. Most of the censored material at first glance, appears to be communal in nature. Unfortunately, there are several URLs from mainstream media publications, a few Wikipedia pages and also at least two blog entries debunking rumours in the list, perhaps because of oversight. Images of unrelated human rights violations featuring people with similar racial features are being used to fuel the current rumours. However, blocking all websites featuring such images will not stop such rumour mongering. Censorship must be targeted and proportionate to the potential harm.

Why: Speaking aloud just once in the analog world could either result in harm or good. Imagine shouting “bomb” in a crowded airport. The network effect of technologies such as SMS, social media and micro-blogging amplifies the impact of speech. Article 19(2) of the Constitution of India lists eight reasons for which reasonable restrictions may be applied to the right to free speech. This applies to both analog and speech mediated via networked technologies. Some of these restrictions such as 'public order' and 'incitement to discrimination, hostility or violence' are part of international treaties such as the International Covenant on Civil and Political Rights. Fringe phenomenon and exceptional circumstances should not be the basis for formulating policy. For example — knives used as murder weapons does not necessitate regulations on cutlery. Similarly, criminalising rumour mongering will not prevent false information from going viral, online, and disrupting public order. Videos and photos are doctored and manipulated for a wide variety of legitimate reasons. The existing law regulating speech in the interests of public order are sufficient to deal with the circulation of falsehoods on social media.

Sunil Abraham is the Executive Director of Bangalore based research organisation, the Centre for Internet and Society.

For more details visit http://editors.cis-india.org/internet-governance/www-tehelka-com-sunil-abraham-august-23-2012-censoring-the-internet