The Bill, in its current form, more or less tries to hand the government a blank cheque when it comes to accessing citizens’ data.The Ministry of Electronics and Information Technology (MEITY) is set to brief the Joint Parliamentary Committee on the Data Protection Bill on January 14. As MEITY itself has drafted the Bill, it is unlikely that it will suggest major changes. But the hearing is crucial because it has the potential to alter the course of India’s privacy framework.The Bill heavily favours the state. It allows the government to staff the Data Protection Authority (DPA) to be set up under the law; enables the Centre to demand non-personal data and allows for processing of personal data, while also giving the Government the power to exempt any of its agencies from the legislation.There is a lot to discuss but a few issues stand out in relation to the DPA, and the right of the state to access a citizen’s data.Let us begin with the DPA. The Bill has a broad scope and mandate, and once the Parliament passes the bill into law, the DPA’s work will begin. The Bill outlines the DPA’s duty as protection of the interests of data principals (people whose data is in question), prevention of any misuse of personal data, ensuring compliance (with the Act), and promoting awareness about data protection. The first of these duties is interesting as it gives the DPA a broad mandate to act as a representative on behalf of the people and their data.The body will be expected to meet global standards or even better it. It is important that those standards exist and be maintained. India is in a unique position to draft a law on data protection in which it can learn from the experiences of other countries. It is only fair that India adopts a similar or even higher standard for the law.The thing to notice here would be how the DPA is staffed, particularly who the chairperson and six members will be, and how they will be appointed. In its current form, the Bill states that one of the six members should have ‘qualification and experience in law’. However, the need of the hour is to not have senior or retired bureaucrats in the DPA but experts who are acquainted with technology, law, and privacy.The Bill had broadly three trade-offs to manage: Define the powers of the state when it comes to data, set privacy standards around the personal (characteristic, trait, attribute orany other feature used for profiling) and personal-sensitive (financial data, health data, sex life, genetic data) data of citizens and outline the roles and responsibilities of data fiduciaries.The big-ticket item here is that the Bill has heavily favoured the government when it comes to access to data and processing it. There are two reasons why I say that. Firstly, Chapter 3 of the Bill lays out the grounds that allow the government to process personal data for a certain amount of functions. The text of the clauses is fairly broad. For instance, the first clause allows for the processing of personal data for the provision of any service or benefit to a data principal from the state. Although as a proponent of privacy, I am thankful it does not apply to sensitive or critical data and wish it stays that way.Secondly, Chapter 14 gives the state, in consultation with the DPA, the power to demand non-personal or anonymised data from fiduciaries to enable better targeting of services or form evidence-based policy-making. Given the prevailing environment, one could fit a lot of ground under the umbrella of evidence-based policy-making and abuse that provision if it’s not defined well.In all fairness to the Bill, it has tried to formulate checks and balances when granting the executive these powers. Two instances come to mind here. Firstly, in granting powers to demand non-personal or anonymised data, it requires the government to consult with the DPA. But given that the DPA will be structured by people recommended and appointed by the central government, the process may end up being redundant. Secondly, the Bill also puts a check on the DPA when it asks the Authority to “specify the manner in which the data fiduciary or data processor shall provide the information sought, including the designations of the officer or employee of the Authority who may seek such information, the period within which such information is to be furnished and the form in which such information may be provided”. (Chapter 9)In spite of all this, I still think that the Bill more or less tries to hand the government a blank cheque when it comes to access to data. As we head into deliberations around this issue, I would argue that there is a chance that this cheque will get blanker. For people who highly value privacy, the good news is that we still have the landmark Puttaswamy judgement that establishes the fundamental right to privacy under the right to life and personal liberty. Moreover, the regulatory climate is shaping into one where judgement will be needed more than ever. Especially with the government giving itself the powers to access data through the Bill, through recommending and appointing members in the DPA, through allowing agencies to intercept and access data, and through pushing for allowing traceability in communications through amendments to the IT act.The personal data protection Bill is an essential step towards regulating a new space. However, given the draft version available, it also seems to be the beginning of a new tug of war for access to data. Through the bill, the government has the power to push to erode privacy. The Puttaswamy Judgement allows for privacy to be encroached upon if the encroachment has a basis in law, corresponds to a legitimate aim of the state and is proportionate to the objective it seeks to achieve. We are looking at the state’s actions being assessed through these three criteria for months and years to come.(Rohan Seth is a technology policy analyst at The Takshashila Institution)This article was first published in Deccan Herald.

States around the world are divided along the lines of how they should view the internet. On one end of the spectrum, there are calls to treat the internet somewhat as a fundamental right. For instance, the UN subscribes to this view and is publicly advocating for internet freedom and protection of rights online. On the other end of the spectrum, there is India, where after over a hundred shutdowns in 2019 alone, you could arguably define access to the internet as a luxury.

In my personal opinion, shutting down the internet for a certain area is an objectively horrible thing to do. It’s no wonder that states tend to not take this lightly. Even in Hong Kong, after months of protests, the government felt it okay to issue a ban on face masks in public gatherings. However, when it came to the internet, the government looked at censoring the internet, not shutting it down. The difference is that under censorship, access to certain websites or apps is restricted, but there is reasonable scope for the protesters to contact their families and loved ones. The chronology will tell you that even internet censorship as a measure was considered after weeks of protests.

In the case of India, that is among one of the first things the government does. So when India revoked Kashmir’s autonomy on August 5, 2019, the government shut down the internet the same day. It has been almost 150 days at the time of writing with no news of access to the internet being restored in Kashmir valley. Naturally, people are now getting on trains to go to nearby towns with internet access to renew official documents, fill out admission forms, check emails, or register for exams.

There are multiple good arguments as to why the internet should not be shut down for regions. They cost countries a lot of money once implemented.

According to a report by Indian Council for Research on International Economic Relations, During 2012-17,

16,315 hours of Internet shutdown cost India’s economy around $3 billion, the 12,600 hours of mobile Internet shutdown about $2.37 billion, and the 3,700 hours of mobile and fixed-line Internet shutdowns nearly $678.4 million.

Telecom operators have also suffered because of the Article

370 and the CAA bi-products of the internet shutdown with The Cellular Operators Association of India (COAI) estimating the cost of internet shutdowns being close to `24.5 million for every hour of internet shutdown. Then consider the impact shutting down the internet has on the fundamental right to the freedom of speech and expression and the impact it has on the democratic fabric of our country.

In the case of India, internet shutdowns are also a bad idea because they reinforce the duration of shutdowns and also make themselves more frequent.

Let me explain the duration argument first. Shutdowns tend to happen in regions that are already unstable or maybe about to become so. For better or for worse, the violence and brutality resulting from the instability are captured and shared through smartphones. While those videos/photos may not be as effective as independent news stories, when put on social media they combine to build a narrative. And soon enough the whole is greater than the sum of its parts, creating awareness among people who had little or none before. The problem is that the longer the instability and the internet shutdown lasts, the more ‘content’ there is to build a narrative. In the case of Assam and even more so in Kashmir, this is exactly what has happened. At this point, if the government rescinds the shutdown in either of those places, it faces the inevitable floodgates opening on social media. And the longer this lasts, the more content is going to be floated around.

Secondly, internet shutdowns make internet shutdowns more frequent. After revoking access to the internet a certain number of times, the current administration seems to have developed a model/doctrine for curbing dissent.

Step 1 in that model is shutting down the internet. This has led to shutdowns being normalized as a measure within the government. So it’s no longer a calculated response but a knee-jerk reaction that seems to kick the freedom of expression in the teeth every time it is activated.

The broader point here is that taking away the internet is an act of running away from backlash and discourse.

To carry it out as an immediate response to protests is in principle, turning away from the democratic value of free speech. It’s hard to believe that it may be time for the world’s largest democracy to learn from Hong Kong (a state which uses tear gas against its people and then tries to ban face masks) when it comes to dealing with protesters.

(The writer is a technology policy analyst at the Takshashila Institution.)

This article was first published in Deccan Chronicle.

There are some keynotes in the tech world that serve as highlights of the year. There is Apple’s iPhone event and WWDC where Apple traditionally deals with software developments. Then there is Google’s IO, and also the Mobile World Congress. Virtually all of these are guaranteed to make the news. Earlier last year, it was an Amazon event that captured the news (outshining Facebook’s Oculus event that was held on the same day in the process).During the event, Amazon launched 14 new products. By any standards, that is a lot of announcements, products, and things to cover in a single event. And so it can be a bit much to keep up with and make sense of what’s happening at Amazon. The short version of the developments is that Amazon is trying to put Alexa everywhere it possibly can. It’s competing with Google Assistant and Siri, as well as your daily phone usage. It wants you to check your phone less and talk to Alexa more.It would explain why Amazon has launched ‘echo buds’. They have Bose’s ‘Noise Reduction Technology’ and are significantly cheaper than Apple’s Air Pods. There is also an Amazon microwave (also cheaper than its competition), as well as Echo Frames, and an “Alexa ring”, called Loop. The Echo speaker line has also been diversified to suit different pockets (and has also included a deepfake of Samuel Jackson’s voice, which is amusing and incentive enough to prefer Alexa over other voice assistants unless competition upstages them). Amazon launched a plug-in device called Echo Flex (which seems to be ideally suited for hallways, in case you want access to Alexa while going from one room to another and are not wearing your glasses, earphones, or ring). Aside from a huge number of available form factors in which they can put Alexa in, the other thing about these products is how they are priced. You could make the argument that the margins are so little that the pricing is predatory (a testament to what can be accomplished when one sacrifices profit for market share). Combine that with how they will be featured on Amazon’s website and you can foresee decent adoption rates, not just in the US, but also globally should those products be available.In the lead-up to the event, Amazon also launched a Voice Interoperability Initiative. The idea is that you can access multiple voice assistants from a device. Notably, Google Assistant and Siri are not part of the alliance, but Cortana is. You can check out a full list here. The alliance is essentially a combination of the best of the rest. It aims to compensate for the deep system integration that Alexa lacks but Google Assistant and Siri have on Android and iOS devices.Besides making Alexa more competitive, the broader aim for the event is to make Amazon a leader in ambient computing. Amazon knows that it is going to be challenging to have people switch from their phones to Alexa and so likely wants marginal wins (a practice perfected in-house). That’s why so many of their announced products are concepts, or ‘day 1’ products available on an invite-only basis. The goal is to launch a bunch of things and see what sticks and feels the most natural to fit Alexa in so that they can capitalize on it later.It is Amazon’s job to make a pitch for an Alexa-driven world and try to drive us there through its products and services, but not enough has been said about what it might look like once we are in it. An educated guess is that user convenience will eventually win in such a reality. As will AI, with more data points coming in for training. This is likely to come at a cost of privacy depending on Amazon’s compliance with data protection laws (should they become a global norm).To be fair to Amazon, the event had some initial focus on privacy which then shifted to products. However, the context matters. For better or worse, these new form factors are a step ahead in collecting user data. Also, the voice interoperability project might also mean that devices will have multiple trigger words and thus, more accidental data collection. To keep up with that, Amazon will need to improve its practices on who listens to recordings and how.Amazon’s event has given us all things Alexa at very competitive rates, which sounds great. If you are going to take away one thing from the event, let it be that Amazon wants to naturalise you talking to Alexa. Its current strategy is to surround you with the voice assistant wrapped in different products. If it can make you switch to talking to Alexa instead of checking your phone, or using Google Assistant or Siri even 4 times a day, that is a win they can build on.

Cross-strait ties are likely to get far more frosty, with serious implications for the security dynamic in East Asia, after Tsai Ing-wen’s victory in Taiwan’s presidential election.In many ways, Saturday’s was a historic election. Nearly 75 percent of the 19.31 million eligible voters cast their ballot, with Tsai bagging over 57 percent of the vote. Her nearest rival, the Kuomintang’s (KMT) Han Kuo-yu, could only manage 38.6 percent of the vote. Also elected were 113 new members to Taiwan’s legislature, the Legislative Yuan. Tsai’s pro-independence leaning Democratic Progressive Party (DPP) lost seven seats in the legislature but managed to retain its majority, winning 61. The KMT, on the other hand, gained three seats, increasing its 2016 tally to 38.Read the full article in The Indian Express.

Faiz? Faiz who? What has he got to do with improving the grade point average, landing a job at Google, securing funding for a startup, or getting a full scholarship for grad school at a top US university? Since no professor, interviewer, or grad school selection committee member cares much about Faiz (even on the off chance that they know about him), the relevance of Faiz to an engineering student is zero. Since some of these students go on to become faculty, teaching the next generation of students who have the same objective functions, few professors know about Faiz either. Why are we surprised that our engineering colleges are unFaized?

It’s not just the Indian Institutes of Technology (IITs). It’s not only our engineering colleges. Medical, science, business, and commerce colleges likely suffer from the same Faiz ignorance. Sure there might be the odd physiotherapist here or an unnecessarily better-read physics student there, but, by and large, we should not be surprised if students and faculties at our top colleges do not know about Faiz. To be fair, students at professional colleges are not totally disinterested in arts and culture. Many watch Bollywood and Netflix shows. They follow cricket and football. They also read, as the sales figures of books of Chetan Bhagat and Amish Tripathi attest.Read more

After Russia tested RuNet, what are the chances that India will try its hand at NayaBharatNet?

In the final weeks of the last year, there were reports that Russia successfully tested RuNet, its ‘domestic internet’ that would be cut off from the global internet. Specifics of the exercise are not known – whether for example, it was really successful and what challenges it faced – but it made for an ominous end to a decade that has been marked by a growing disillusionment with the concept of the internet as a liberating force.

This was always on the cards when Russia and China started working together in the lead-up to the former’s Yarovaya law, which imposed geographical restrictions on the transfer of Russian users’ data. In December 2019, Russia had also passed a law making it mandatory for devices sold in the country to be embedded with Russian apps from July 2020. While it does not specify which devices and apps are covered, critics of the law are concerned that its vague nature opens the door for it to be misused to force the installation of spyware.

Russia is not alone in this quest though, China is the pioneer, and others like North Korea and Iran are along for the ride as well. After a week-long nationwide internet shutdown in response to protests and an exercise by government officials to collate critical ‘foreign’ websites sparking speculation about the creation of a ‘whitelist’ of allowed sites, Iran’s National Intranet Network (NIN) is once again in the spotlight. This was followed by a statement from President Rouhani that the network was being strengthened so that people will not need foreign networks to meet their needs. North Korea too has a tightly controlled domestic internet, Kwangmyong, whose content is largely controlled by the state.

China’s great firewall (GFW) has been around for over a decade and is not a unitary system as it is often made out to be. It uses a combination of manual and automated techniques to block global content but largely works on the principle of blacklisting unwanted websites/content. Many international websites do work but are extremely slow because of the scanning and filtering that inbound internet traffic to the country is put through. For a website to operate from inside Mainland China, a number of local permits are required depending on the industry. Much of the internet backbone is state-controlled. It has continued to tighten the noose through a combination of restrictive regulation and stricter interpretation of existing rules.

A highly restrictive Cybersecurity law passed in 2015 called for mandatory source code disclosures. In 2016, working with ISPs it set out specifications for an Information Security Management System that aimed to automate the ability of provincial authorities to monitor/filter internet traffic. In 2017, it tweaked licensing rules to ensure that permits would only be issued to domains that are registered to a Mainland China-based company. The extent to which these rules are enforced may vary, but it leaves a ‘Sword of Damocles’ in the state’s toolkit that it can drop whenever it chooses to do so. By constantly increasing the costs of doing business for non-Chinese companies, it has achieved ‘chinternet’ without explicitly cutting the cord – yet.

Fears of a ‘splinternet’ along national boundaries or ‘balkanisation’ of the internet are not new. But the likelihood is now higher than ever before as governments try to take control over cyberspace after ceding space in its early years. Research by the Oxford Internet Institute and Freedom House which have revealed the use of disinformation campaigns and the co-option of social media for manipulation and surveillance by various governments. The United Nations General Assembly passed a resolution in support of a Russia-backed Open-Ended Working Group (OEWG) which has drawn criticism from others on the ground that it prioritises cyber sovereignty and domestic control of the internet over human rights. Countries that advocate a free-and-open internet are in a bind over whether to participate in the group or cede control in the global norm-setting process. Continued passage of regulation by various countries that have extraterritorial application will fragment the internet and strengthen the constituency favouring cyber sovereignty.

‘NayaBharatNet’ a possibility?

India has yet to articulate its position on some of the divisive issues concerning global norms in cyberspace, yet it has repeatedly stressed the principle of cyber sovereignty positioning it alongside the Sino-Russian camp. While it seems to have softened its position on data localisation, for now, similar rhetoric about national sovereignty and security has been used by Russia and China in the past.

Authoritarianism by the Indian state is also surely on the rise – events that unfolded in 2019 provide ample empirical evidence for this. The fact that various police departments are proactively taking to social media channels to threaten/deter posts that run contrary to the state’s narrative (Is this confirmed about police depts?) and the frequent use of internet shutdowns show that the desire to control the internet is extremely strong. International criticism has repeatedly been portrayed as mischief by a ‘foreign hand’. The creation of a strictly regulated domestic digital echo chamber is not unimaginable in this context. In fact, it is a logical next step as the current tactics are bound to have diminishing returns over time.

Today, the economy (political or otherwise) for such a move does not exist. The IT Industry

would obviously vigorously oppose it. And unlike China, the telecommunication backbone infrastructure is not state-owned, but the sector as a whole is probably the weakest it has ever been and tending towards a monopoly/duopoly. It also has a history of being regulated with a heavy hand.

Until now, India has followed a policy of denying cyber intrusions or claiming that no significant harm was done. However, in the aftermath of ‘undeniable’ real-world harm inflicted by a cyber attack, the Overton window could move towards supporting such an initiative for national security and could very well be exploited. Sometime in the not-so-distant future, we could all be communicating using Kimbho on NayaBharatNet.

(Prateek Waghre is a research analyst at The Takshashila Institution)

This article was originally published in Deccan Herald.

The Modi government has perhaps calculated that its majority in Parliament, its dominance of public discourse, its control of the law-enforcement machinery, and the popularity of its agenda among large sections of the people will allow it to prevail over the protesting citizens. After all, how long can disparate, politically unorganised groups of students, young people, urban middle classes, and members of the Muslim community afford to protest? Yet, so far, attempts to deter protesters with prohibitory orders, detentions, and police actions have triggered more protests. As more news trickles out of Uttar Pradesh, the world would probably recoil in horror at the manner in which the BJP government there appears to have used disproportionate force in quelling protests by Muslims in the state. In the coming days and weeks, at least, more consciences are likely to be pricked. The protests will grow and spread.Read more

You may think that winning the streaming race depends on having the best content, but things have already begun to change. As of now, the company with the better bundle will win, and that’s why it makes sense for Disney to buy Spotify this year.To read the full article, visit OZY.Rohan is a technology policy analyst at The Takshashila Institution.  

First, it was payments and now it’s healthcare. Big Tech in the US and China is revolutionising the health sector, with hundreds of billions of dollars of market share at stake. There are multiple factors that are driving this movement. For starters, there’s the simple need to find new avenues for growth for both American and Chinese tech giants, and there are only so many trillion-dollar industries to disrupt to add shareholder value. China has more reasons and more at stake here. Both countries boast of high levels of internet penetration and smartphone use. Both the US and China are rapidly aging societies. This implies a growing geriatric healthcare burden and creates incentives for new alternatives to overcrowded hospitals. Both are home to a wealthy middle class, which is seeking better health solutions. According to Royal Philips’ Future Health Index 2019, both the US and China are global frontrunners in terms of adoption of digital health technology, with a large number of medical professionals and consumers relying on tools for self-monitoring and online consultations. This is a key contributor to their rise in demand for wearables. This is supported by and fuels their dynamic and thriving innovation ecosystems. This explains why American and Chinese companies are making moves in healthcare based on their core competencies. Recently, Amazon backed on its software to move into telemedicine and also invited healthcare companies to build tools on Alexa’s platform. Amazon’s core competence, however, is its efficiency in distribution networks. So the e-commerce giant acquired Pillpack, an online pharmacy. The Alibaba Group, on the other hand, entered the healthcare game early with its TMall Pharmacy in 2015. However, in 2018, Alibaba consolidated its healthcare assets, including medical devices, e-appointments, drug purchases, and delivery services under the banner of Alibaba Health, which leverages the group’s advantages in data processing and e-commerce. Another big Chinese player in the field is Tencent, which owns WeDoctor, one of the world’s biggest health tech start-ups. Google is great at data analytics and OS development. Keep that in mind and Project Nightingale begins to make sense. As does Google’s $2.1 billion acquisition of Fitbit. Google’s Chinese search counterpart Baidu has bounced back after a 2016 controversy over healthcare ads to explore the possibility of leveraging artificial intelligence and blockchain technology for its medical data sharing and distribution solution. Meanwhile, Apple excels in devices that track wellness. Think Apple Watch and the electrocardiogram that comes installed on it. Or the dedicated carekit and researchkit open-source frameworks that Apple has been pushing recently for developers. IDC data for 2018 show that while Apple is the market leader in the wearables segment, Chinese firms Xiaomi and Huawei take the second and third spots, respectively. Their global ranking is buttressed by their dominance in the Chinese and Indian markets. So what does the future of the health tech sector look like? We predict three scenarios that we believe will play out over the next five years: First, wearables will become the new OPDs: With Big Tech investing in healthcare across Silicon Valley, Zhongguancun, and Shenzhen wearables and telemedicine have a bright present and future in their diagnostic capabilities. Recording pulse or temperature, scanning bones or tissues, diagnosing based on those, and getting medicines have become or are becoming tasks that can be worked upon remotely or be delivered to you. Over the coming decade, wearables will reliably send accurate data in real-time to process for millions of people. This would give them a decisive advantage over the number of people physical OPDs can carter to, making the latter obsolete.  Second, tech giants will dominate health & life insurance: Wearables and smartphones are becoming increasingly sophisticated in diagnostic capabilities and tracking. As that continues to happen with every new iteration of FitBits and the Apple Watches, the OS becomes a platform for companies to sell services and gain revenue. WatchOS and WearOS (and/or what future FitBit OS is going to be called), are likely to go on to sell insurance through their devices. Whether Google/Apple curate a new insurance policy or end up acquiring an insurance company to do it for them is irrelevant. Considering that insurance is a lucrative market, and that data from the apps in the OS gives Google/Apple a comparative advantage means that it is the matter of when, not if, for both tech giants to start peddling their own insurance through the OS on smartphones or wearables. Third, Sino-US rivalry will stymie health tech’s future growth: The deepening strategic rivalry between the US and China has already shifted from competition over trade policies to a battle for technological supremacy. This is playing out in the form of expanding the definition of sensitive technologies that must be protected, tighter security reviews of Chinese tech investments, undoing of completed acquisitions, blacklisting of certain firms, export restrictions and a contest for foreign markets and data streams. Much of this is captured in the geopolitically charged discourse over Huawei and 5G. The health tech industry can expect a similarly rocky future. Collaboration between research communities and business entities across the Pacific will be difficult. Acquisitions in foreign markets are likely to become a politically polarising decision. Capital flows into each other’s health tech ecosystems will become increasingly constrained. Data will become the biggest sticking point, with most states preferring some form of localization.

Apart from deciding on end-to-end encryption for chats, the amended IT Rules will also decide on what content belongs on the internet.

Should Facebook be liable for the content you post? Should Apple build a backdoor to allow access to iPhones? Should the government know who you are texting and should it have access to your messages? On 15 January 2020, the amendments to India’s IT Rules will answer these questions by finalising the intermediary guidelines.That is also one of the reasons why over the course of 2019, we have talked about whether the government of India should be allowed to break end-to-end encryption. Of course, the topic gained traction after the November Pegasus WhatsApp hack reports. And the Narendra Modi government said the law allows it to intercept and monitor digital content in the public interest.The problem with this whole encryption debate is that it takes up a disproportionate amount of mind space. Don’t get me wrong; encryption is a vitally important issue. However, it is not the only issue that will be covered by the IT amendments.The January amendments will also decide on these crucial issues.Also, we will use the words intermediary and platform interchangeably. But for context, a platform is an online service like Facebook or Twitter, while intermediary includes platforms, the servers they are hosted on, and even the cybercafé you might access the platform through.How many users before a company needs an office in India?According to the proposed amendments, any intermediary with over 50 lakh users will need to:

1. Have a permanent registered office in India
2. Appoint a nodal point of contact for the government
3. Be included in the Companies Act

This may read fine at first glance. But take another look. Users as a term is vague. Monthly active users? Daily active users? Registered users? You might have an account on Pocket, but never end up using it. Does that mean Pocket now needs to have an office in India and appoint a person in charge of talking to the government on the off chance that 50 lakh people one day decide to use the app?The other thing here is how does the government keep track of the number of intermediaries who have included a nodal point of contact? Apps do not notify the government before they are made available to the people. Instead, they show up on the App Store/Play Store, ready to be used. And how would the government even know when an intermediary has crossed 50 lakh users? Should all intermediaries make their user stats public or release a notification when they meet the threshold?Clearly, these guidelines were drafted just keeping in mind Facebook and WhatsApp. However, they will have anticipated but unintended consequences as far as smaller firms are concerned.

What content belongs on the internet?

The intermediary guidelines also talk at length about content takedowns and what should and should not be allowed to remain on the internet. You could say that the Modi government has written itself a blank cheque in being able to dictate this. Here are just some of the grounds on which companies may be asked to remove content:

• In violation of decency and morality
• Public order
• Impacts the sovereignty and integrity of India
• Security of state
• Friendly relations with the foreign states
• In relation to contempt of court
• Defamation or incitement to offence
• Defamatory
• Obscene
• Pornographic
• Paedophilic
• Hateful
• Harassing
• Blasphemous

A lot of these make sense. We as a society have a consensus that child porn, hate crimes, and videos against animal cruelty do not belong on the internet. The government also has every right to argue that content that impacts its security and relations with other states should be taken down. But look at some of the other grounds. Who decides what content is defamatory or blasphemous? For instance, comedy at the expense of someone or something can end up disparaging the subject. Does that mean comedy does not belong on the internet? You could argue a similar case for memes, documentaries, and blogs. Based on these grounds, anything that the government of the day doesn’t like can be taken down.Should we have a best-efforts approach to aiding law enforcement?Remember the anticipated but unintended consequences? Well, not all intermediaries have the same access to user data. A cloud service provider does not have the same power as a multi-million user platform. So, when law enforcement goes asking for information, they also take into account the asymmetries that exist within the ecosystem.A best-efforts approach will make sure that requests do not make cloud service providers or even cybercafés liable for sharing data they don’t have access to. Because, if at the end of the day, a request is not technically feasible, all it does is ensure that the matter will be taken to court to place undue stress on the intermediary.As for whether or not the government should break encryption, I’d strongly recommend against it. Internet shutdowns are bad enough. Imagine if we lived in a world where the government could learn about who you text and what you may be talking about. Recently, American WeChat users were banned for celebrating the Hong Kong election results. Similar instances could end up happening in India and at scale, that could end up being a threat to democracy unlike any we have seen before. To that end, watch out for the guidelines on 15 January, they could set the tone for the rest of the year.Rohan Seth is a Policy Analyst with the Technology and Policy Programme of The Takshashila Institution. Views are personal.This article was first published in The Print.

People’s Liberation Army Strategic Support Force contingent made its debut appearance at China’s military day parade, earlier this year. Formed on this day in 2015, it is mandated to create synergies between China’s space, cyber and electronic warfare. The PLA considers these three domains critical for “commanding strategic heights.” The SSF was formed to optimise China’s dominance in these three domains and also contribute to enhancing the PLA’s broader goals of strategic deterrence and integration for information warfare. Read more...

This article originally appeared in The Diplomat

Take a look at these numbers – 3, 5, 6, 14, 31, 79, 134, 91. These are the numbers of documented instances of internet shutdowns in India between 2012 and 2019. The 2019 number will certainly rise during the final weeks of the year as anger against the Citizenship (Amendment) Act and the Bharatiya Janata Party rises.

And yet, as internet shutdowns are reported in Meerut, Aligarh, Malda, Howrah, Assam, Nagaland, one wonders if Narendra Modi government really thinks it can help assuage anger and old resentments.

World over, protesters have always found a way out of any clampdown. In Hong Kong, protesters are using Bridgefy, a service that relies on Bluetooth, to organise.And yet, all governments, irrespective of whether it is the Congress or the BJP or any other party, keep using internet shutdowns as a kill switch. But tech stops for no one. It’s time India thinks beyond shutdowns.

A new era

In almost all cases, mobile internet services were shutdown. For four of the last five years, more than half of these shutdowns have been ‘proactive’ in nature. They have been imposed based either on Section 144 of the CrPC or The Temporary Suspension of Telecom Rules issued by the Ministry of Communications under the NDA government in 2017. While an appeal against the use of the former was struck down by the Supreme Court in 2016, the latter suffers from a lack of transparency and was passed without any consultation with citizens, who are directly affected. Through RTI requests it has also been revealed that many instances of internet shutdowns go undocumented and due process is not always followed.

The willingness and urgency on display to snap communication lines is worrying, especially in ‘Digital India’. Considering that 97 per cent of the estimated 570 million internet users use at least a mobile device access to access the internet, and the growing reliance on connectivity for communication and commerce, this is a severely disproportionate measure. Various studies have pegged the cost of these disruptions from 0.4-2 per cent of a country’s daily GDP to $3 billion for India over a 5-year period ending in 2017.

Since 2017, India has witnessed nearly twice as many shutdowns. Even so, until mid-2019, internet shutdowns predominantly affected parts of Rajasthan and Jammu and Kashmir, both accounting for nearly 250 instances. More importantly, they were rarely imposed in urban centres. In August 2019, a new era began unfolding. First the ongoing internet shutdown in the region of Jammu and Kashmir is the widest sustained disruption ever documented. Second, on the day of the Supreme Court Ayodhya verdict, proactive internet shutdowns were in operation in Aligarh, Agra and Jaipur, signalling a shift in the willingness to deploy them in urban centres. And finally, with ongoing protests against the Citizenship (Amendment) Act, reports have been coming in about internet disruptions in Assam, Tripura, multiple districts in West Bengal, Aligarh and Meerut in Uttar Pradesh, cementing the use of internet shutdowns as the tool of choice.

Diminishing returns

The framework of Radically Networked Societies (RNS) can be used to understand the interplay between protesters and the state. An RNS is defined as a web of connected individuals possessing an identity (real or imagined) and having a common immediate cause. The internet as a medium provided them the ability to scale faster and wider than ever before.With measures like internet shutdowns and curfews, the state aims to increase the time it takes for them to mobilise by restricting information flows. However, such methods are bound to have diminishing returns over time.Snapping communication lines will do little to quell genuine resentment and may conversely encourage people to take to the streets and violate curfews, thereby increasing chances of escalation. Mesh networking apps that operate without internet connectivity will eventually make their way into the toolkit of Indian protesters, like they did in the Hong Kong protests, rendering the argument of shutdowns as an ‘online curfew’ moot.

Better than shutdowns

The Indian State must evolve beyond the use of internet shutdowns. Instead, it should look to address the causes and reduce the time it takes to counter mobilise. There have been some instances of state authorities trying different approaches.In September 2016, when there were protests in Bengaluru over the Cauvery water sharing judgment, instead of shutting down the internet the Bengaluru Police took to Twitter to dispel misinformation and rumours proactively. In the days leading up to the Ayodhya verdict, several police departments were proactively monitoring social media for objectionable messages. While this did not function smoothly on the day of the verdict since the police went on an excessive case registering spree, the Bengaluru example shows that it can work. Future capacity building and training cyber personnel to specifically counter flows of misinformation online must be a consideration going forward.The reaction to viral hoax messages circulating before the Ayodhya verdict warning of surveillance also produced some interesting insight. While more surveillance is never the answer, alternate ways of promoting responsible behaviour should be explored. This could range from encouraging fact-checking of information to political leaders leading by example and not encouraging abusive trolls, misinformation flows themselves. Conflict and polarisation as engagement must be actively discouraged.

Another important step is to counter dangerous speech in society. Research has shown that misinformation/disinformation does not only circulate during specific events. Conditions that exacerbate such flows already exist in society. While the state alone cannot do this, it must nudge the people towards countering it. Such measures must be articulated in the upcoming National Cybersecurity Policy.

Ultimately, that the world’s largest democracy is by far the world leader of such disproportionate tactics should be reason enough for the Indian state to rethink the use of internet shutdowns. But if that doesn’t suffice, the realisation that they come with an expiry date should spur it into fixing the underlying problems unless it wants to live with the diminishing returns that incentivise escalation.The author is a Research Analyst at The Takshashila Institution’s Technology and Policy Programme. Views are personal.This article originally appeared in ThePrint.in

Democratic governments must be accountable to the public and provide a rationale for disrupting Internet services in a timely manner. In the interest of transparency, all governments should document the reasons, time, alternatives considered, decision-making authorities and the rules under which the shutdowns were imposed and release the documents for public scrutiny. This is the way civil society can hold governments to the high standards of transparency and accountability that befits a democracy.Indiscriminate Internet blockades are not likely to safeguard public order in today’s time and age. Indiscriminate shutdowns have high social and economic costs and are often ineffective. A proportionality and necessity test and cost-benefit analysis to determine the right course of action are essential at this juncture. Indian civil society needs to push for a transparent and accountable system which ensures better Internet governance.Read the whole post here.

You read a brochure that promises to tell you what diseases you are likely to get in the next decade. Obviously you want to lead a longer, healthier life. So you send a cheek swab to the clinic and await test results. Thankfully, your reports are largely all-clear except a minor mutation which would likely pre-dispose you to diabetes in your 40s. Your doctor dutifully prescribes diet control, exercise and a pill.

A few months later, you hear that your cousin has got convicted in a hit-and-run case. Unwittingly, you played a role in the conviction because it was your DNA that led the police to identify him. Your chances of getting diabetes may be lower, but your cousin’s chances of proving himself innocent are nil. Sounds unbelievable? (Read more)

The Print’s daily roundtable TalkPoint posed a question connected to the foreign policy implications of the Citizenship Amendment Bill and the National Register of Indian Citizens: CAB, NRC, Kashmir: Is Modi govt damaging India’s diplomatic standing for domestic politics? ‘Neighbourhood first’ was supposed to be the guiding principle of Modi government’s foreign policy. But all three measures — the new citizenship law, NRC and Kashmir issue — are examples of policy actions that are likely to have adverse outcomes for India’s interests in the region.The amended citizenship law and the NRC issue will put strains on India’s relations with its most important neighbour in the Indian subcontinent — Bangladesh. In 2018, Bangladesh emerged as India’s largest export market for Indian-made two-wheelers. Bangladesh has also surpassed Pakistan in terms of GDP per capita. The 2011 census data shows that illegal migration from there is reducing — it a stock problem from the past and not a flow problem of the present. Most importantly, the Sheikh Hasina government is one of the few steadfast pro-India formations in the neighbourhood. Unfortunately, the signal being sent to other leaders in the region is that taking pro-India positions might turn out to be a loss-making proposition.In the case of Kashmir, Pakistan will try to use the Article 370 issue to drive a wedge between the US and India. From Pakistan’s standpoint, returning to the India-Pakistan hyphenation era in the eyes of the US is desirable. From India’s viewpoint, the more Pakistan features in India’s foreign policy outlook, the less energy it has for confronting the more significant global challenges.Read the entire discussion on ThePrint.in website here. 

Contrary to popular belief, Pakistan's military-jihadi complex (MJC) has not been brought to its knees by Balakot, Uri, or even FATF. India's actions in Kashmir, for example, have provided the MJC with the perfect excuse to interfere as it does best. The reason for its current quiet is internal political turmoil connected to COAS Bajwa. India can ill-afford to take it for granted.For more, read The Telegraph Online.