Janta Parliament – Technology and Surveillance

Article 21 and Rethink Aadhar organised Janta Parliament on Technology and Surveillance ,On 18 August 2020. Chinmayi SK was invited to participate and put forward policy suggestions on Technology and Surveillance.

Chinmayi spoke about the issues of access to the Internet and contributed the following policy suggestions.

  1. Ensure free and equitable access to telecommunications, Internet and other modes of communication services across the length and breadth of the country though suitable policy and budgetary allocations
  2. Ensure that any restriction in access to telecommunication, internet and communication services be made in a transparent manner, only for a limited period of time, complying with principles of compelling necessity and proportionality, periodically tested for review and in the least rights restrictive manner

 

The video of the full discussion can be found here  https://www.youtube.com/watch?v=1bszYmUyY0M&t=9104s

Online talk on “Usability and privacy issues in government-issued Covid-19 apps in India”

Poster of Rohini's talk on Covid-19

Rohini Lakshané delivered a talk on “Usability and privacy issues in government-issued Covid-19 apps in India” on June 22, 2020. The talk was organised by Thus Critique and Hasgeek and moderated by Nishthaa Manchanda.

Event details: https://hasgeek.com/thus/usability-and-privacy-issues-in-government-issued-covid-19-apps-in-india2/#about

Video recording of the talk: https://www.pscp.tv/w/1mrxmEVawgZxy (Periscope)

About the talk: A slew of mobile apps were released by different government bodies in India as a response to the Covid-19 outbreak. State and Union Territory (UT) governments released apps for the purposes of quarantine management, ensuring compliance to quarantine rules, providing healthcare information and updates, and so on. Public health being a subject on the State List, the federal governments were the first to respond to the outbreak with technical interventions, much before the Aarogya Setu app was released. While Aarogya Setu has received much attention, the apps issued by state and UT governments in India have posed their own technical, privacy and usability issues. In this talk, Rohini Lakshané will speak about her findings from a preliminary analysis of approximately twenty government-issued Covid-19 apps from the perspective of privacy and usability of the end-user and will take the audience through a brief timeline of their deployment and subsequent events.

Suggested reading: Tracking quarantine, tracing cases, sharing info: Can these govt-issued apps help fight Covid-19

Spreadsheet with information about 50 government-issued Covid-19 apps in India: https://bit.ly/2BB3R32

The talk was also streamed live on Instagram, Twitter and Facebook.

An article on the talk was published in Herald Goa: https://bit.ly/389Z3Oj

“Public Safety Tech, Women’s Agency, and Privacy”: Session at GDDF 20

A breakout session entitled “No Woman, No Panic: Public Safety Tech, Women’s Agency, and Privacy” was held at the Global Digital Development Forum (GDDF), a virtual conference held on May 6, 2020. The speakers were Rohini Lakshané (The Bachchao Project), Chinmayi S K (The Bachchao Project) and Kate Sim (PhD Researcher, Oxford Internet Institute). The session was moderated by Dr Becky Faith, Research Fellow & Digital Cluster Lead, Institute of Development Studies, University of Sussex, UK.

The session elucidated on the efficacy, evaluation, and audit of technological interventions such as mobile apps and panic buttons for public safety and their impact on women’s agency and privacy.

GDDF Agenda: https://digitaldevforum.com/agenda

Video of the session: https://www.youtube.com/watch?v=wgJGLJMCwfo

The Bachchao Project and the Centre for Internet and Society had jointly conducted a preliminary study in late 2016 on “Evaluating Safety Buttons on Mobile Devices“.

Holistic security strategies and measures to address non-consensual intimate images

This article was jointly authored by Peace Oliver Amuge, Sandra Aceng and Patricia Nyasuna of the Women of Uganda Network (WOUGNET) and Rohini Lakshané of The Bachchao Project. It is based on a breakout session organised at the Global Digital Development Forum (GDDF), a virtual conference held on May 6, 2020.


Non-consensual intimate images (NCII), commonly known by the misnomer “revenge porn” are on the rise in Uganda and Sub-Saharan African countries like Zimbabwe. Patriarchal norms and attitudes in society paired with increasing Internet access — over 42% of Uganda’s population is now online — have spurred this new form of gender-based violence, commonly referred to as “technology-assisted violence against women and girls”. More violations and threats are now happening towards women in cyberspace. However, most cases go unreported on the extent to violence against women online and they are quite often overlooked or excluded from discussions about violence against women and girls (VAWG).

What is NCII?

NCII is defined as the distribution or circulation of sexually explicit images or videos that were initially shared with the expectation that they would remain private. NCII is a form of intimate private violence (IPV), breach of privacy, and a violation of freedom of sexual expression. It causes women to self-censor, which is an attempt to silence women and other groups from participating in the public spaces such as the internet. Images or videos are distributed in most cases by the former partner(s) as an act of revenge or a response to rejection. These photos or videos are in many cases stolen from the victim’s phone or laptop. Sometimes, these images are captured secretly in bathrooms, hotels, swimming pools, clothing stores, changing rooms, and public restrooms. These images or videos are then shared widely over social media platforms, pornographic websites, and instant messengers such as WhatsApp. Images/ videos are later used to stalk, threaten, blackmail, publicly shame, or extort money from victims or their families.

Read the rest of the article at: https://wougnet.org/news/holistic-security-strategies-and-measures-to-address-non-consensual-intimate-images-ncii

Archived at: http://web.archive.org/web/20200603124941/https://wougnet.org/news/holistic-security-strategies-and-measures-to-address-non-consensual-intimate-images-ncii

Slide deck:
Slides_Holistic_security_strategies_to_address_non-consensual_intimate_images_GDDF_2020

“Holistic security strategies to address non-consensual intimate images”: Session at GDDF 20

Rohini Lakshané moderated a breakout session entitled “Holistic security strategies to address non-consensual intimate images” at the Global Digital Development Forum (GDDF), a virtual conference held on May 6, 2020. The speakers at this session were Peace Oliver Amuge, Sandra Aceng and Patricia Nyasuna of the Women of Uganda Network (WOUGNET).

This session elucidated on some of the recommended strategies and measures for holistic security (digital, physical, and psychosocial) that women and no-binary persons may adopt in order to recognise and prevent incidents of non-consensual intimate images (NCII), commonly known by the misnomer “revenge porn”.

GDDF Agenda: https://digitaldevforum.com/agenda

An article based on the talks made in the session was authored by the speakers and moderator: Holistic security strategies and measures to address non-consensual intimate images (NCII)

Slide deck:
Slides_Holistic_security_strategies_to_address_non-consensual_intimate_images_GDDF_2020

Tweetchat: Love in the time of lockdown

Love, intimacy and sexual experiences may be hard to navigate even in times when there are no constraints. They are especially difficult when there is a pandemic and one is confined to one’s place of living. Fortunately, for some of us there are digital platforms to help us navigate these experiences.

Hidden Pockets and The Bachchao Project hosted a tweetchat on April 17, 2020, where we attempted to answer some questions asked around these interactions online. Here is a collection of our tweets in conversation:

@Hidden_Pockets

Do you feel safe knowing your dating life might not be secure after all?

Yes

19%

No

81%

21 votes · Final results

@imacat_tw

Feeling safe by not feeling secure?

See new Tweets

@aldebaran14

Something I wrote about it a few years ago:

Sex, Lies and the Perils of Facebook Dating – EroTICs India Short of digital abstinence, is there a way to use the Internet’s liberating power to circumvent sexual and social taboos and still stay safe?

“The most difficult aspect to control, however, is the kind and volume of information shared. Would someone in the throes of passion, love or infatuation pause to think that the headers in her emails and the EXIF data from her selfies contain enough data that could be mined to get her location and personal details? The online medium often takes away inhibitions

“Finding love and sex on the Internet has always meant walking the razor’s edge between the joy of intimacy and running into harm. Short of digital abstinence, is there a way to use the Internet’s liberating power to circumvent sexual and social taboos and still stay safe?”

 

How important is consent when it comes to conversations on online dating and what does consent look like in online dating ?

@Hidden_Pockets

Digital Consent as a subject is something we are still struggling with. We still get confused about what exactly amounts to a Yes.

@aagrabakijasmin

Consent is still understood in black and white manner in the legal sense, but digital spaces makes it grey 🙂

@bachchaoproject

Consent is a basic right. Everyone needs to feel safe regardless of the nature and age of the relationship.

https://profeminist.tumblr.com/post/109808695357/lingerie-is-sexy-consent-is-a-basic-human-right

Resources : 

@bachchaoproject

Here is a short video by the Thames Valley Police on understanding consent:

https://www.youtube.com/watch?v=pZwvrxVavnQ

@aldebaran14

A friend and I wrote this bit about sexual consent as part of a learning module: 

https://training.wikiinclusivity.in/articles/making-events-safe-and-welcoming/romantic-or%20sexual-advances/

@Aadhi_02

Online platforms, be it dating app or a photo editing app, they #demand consent. If they ask consent to access my gallery, SMS, email ,etc and if I am not okay with just one of that, I will still be unable to use their service. So how is that even consent?

@nalin_goyal

Temporary app permissions can be granted in Android 10. Otherwise the bouncer can be used on earlier versions to grant temporary permissions. It is paid.

https://play.google.com/store/apps/details?id=com.samruston.permission

 

How does one choose a platform to have a conversation ? What are the checks one can make while shifting platforms? 

@bachchaoproject

Choosing a platform for secure messaing, video calls etc can be tough, especially during the lockdowns. Not all of us have have equal access: internet speeds, bandwidth, devices with hardware capabilities and necessary software.

However, some basic rules:

  1. The user interface of the app/ platform should be usable for you and the person(s) you’re texting/ calling.
  2. It should have adjustable privacy settings & preferably support the option to not leave a trail, set a timer on the messages etc.

This may be a bit daunting for the layperson: but try to read the privacy policy before downloading an app. If there is no privacy policy or no info about the app storing, retaining or deleting your data, or the definitions are overbroad, run away from it.

If you cannot make sense of the privacy policy or determine if it’s good for you, try to find out what trusted digital security and privacy experts have written or said about the app/ platform/ software.

Avoid using private messages on social media websites for the purpose of intimate conversations and sexting. Have a conversation about choosing a platform that you and your partner(s) find usable & are comfortable with.

If you are starting to sext someone new, it is better to choose a messaging app that allows the use of handles/ nicknames instead of being tied to phone numbers or other personally identifiable information.

@Hidden_Pockets

Why not choose sexy nicknames? #digitaltimes #Coronaindia #lockdown #privacy

@bachchaoproject

Telegram, Signal & Threema support timed messages. Some apps alert you if the recipient screencaps your messages. Signal allows for setting a “one-time viewing” option on images. (If you are old-school, go for Jabber.) Have a conversation with your partner(s) about not backing up or saving your messages, photos, nudes etc and deleting them.

@Hidden_Pockets

I guess one chooses for convenience. but can we think about security while thinking about love or lust. tough one! @digitaldutta what say?

Also I wish privacy was a given right, so that we could just focus on pleasure part! @thepleasureproj @iambesharm

@aagrabakijasmin

I always chose platforms for the fun aspect. I wanted more emojis, more interaction, but I am super scared of the fact that these conversations are getting recorded.

 

Do people find it easy to shift from one platform to another?  How can we negotiate the process of shifting platforms ? 

@bachchaoproject

Shifting away from an app or platform that one has got comfortable with can be a pain. It is yet another app to manage on the phone. It takes up memory, screen space etc. Sometimes, we need to swallow a bitter pill to make sweet memories.

Ask these important questions to yourself & your partner while considering a shift:

  • Would you choose to keep the texts & images or take them off the record?
  • What would you want to share? The Internet is forever, and it is hard to get permanently deleted from it.

Do you think data accessibility is an issue, especially in a country like India, where not all cities and towns are well connected? 

@bachchaoproject

It is. And it affects the choices people make while navigating digital communication. Mobile Internet tariffs in India are among the lowest in the world. And affordable smartphones (USD 150 or less) have been available in India for nearly a decade.

However, affordable smartphones come with their own privacy issues.

https://privacyinternational.org/long-read/3226/buying-smart-phone-cheap-privacy-might-be-price-you-have-pay

Messaging apps such as WhatsApp are significantly faster on slower Internet connections than the privacy-centric apps, making people with connectivity issues and unreliable mobile networks gravitate towards the former.

@digitaldutta

with no one measuring access to internet across India, access to networks is a privilege

@praymurray

Also incredibly uneven when it comes to gender: we lag behind Pakistan and Bangladesh when it comes to women’s access to mobile phones.

https://lirneasia.net/2019/02/ict-access-and-use-by-women-in-the-global-south-presentation/

What are the best practices while sharing photos or videos ?  What are the tools one can use to share ? 

@bachchaoproject

“Sextortion” (blackmail over sexually explicit images typically obtained by stealing or shooting them without consent) & non-consensual pornography (commonly known by the misnomer revenge porn) are two of the biggest concerns when sharing intimate photos & videos.

While taking nudes, it is highly advisable to not photograph the face or identifying marks such as tattoos and scars. Even if one applies a filter to blur or pixellate these parts of the image, is it possible to reverse these filters.

Many of the phone camera apps also pick up metadata such as a timestamp & GPS coordinates and embed them the photos. Remove this metadata (EXIF data) before sending photos. Recommended Android app: ScrambledEXIF.

@sandraaceng

Also i-cloud when using iPhone because when you take a picture, it gets automatically uploaded on I cloud and maybe when someone hacked it when your nude pictures are in can access it

When using icloud, choose to only upload selected photos or videos to icloud Using external hard drive that can’t be hacked works too because it’s not connected to the #internet

@aagrabakijasmin

I guess not to show the face? #DigitalPrivacy

@bachchaoproject

One can obscure photos will applications like obscure cam

*ObscuraCam app by The Guardian Project. It allows for pixellating, redacting and cropping images easily. However, this app majorly affects image quality.

@sandraaceng

Also use email addresses created on proton mail to set up a messaging account because in case your nudes escape, they can’t be traced back to your name

@bachchaoproject

You could also create temporary mail id from platforms like http://mailinator.com

List of secure messaging apps to play around with:

Signal

Threema

Telegram (Secret chat feature)

Wire

Silence

Delta

Chat

Riot

@sandraaceng

Turn off location services when you take the photos and turn off automatic uploads. You photo vault app to help store nudes and removes automatically from your photos feed on your phone Use end to end encryption apps too

Add passcode to your phone and encourage your sexting friend to do the same

Don’t use Facebook messenger, use timed message services such as Snapchat, private messaging like Telegram, wire or signal because image isn’t sent as download and also notifies if someone takes a screenshot of your conversation or image/s

Don’t have your face in the picture and hide tattoos or any natural mark on your body that identifies you

Additional Resources : 

What video conferencing tools to use :

https://freedom.press/training/blog/videoconferencing-tools/

How to take private photos on signal :

https://freedom.press/training/taking-private-photos-signal/

When it comes to #digital privacy what are some of the resources that are helpful ?

Resources : 

@bachchaoproject

The Motherboard Guide to Sexting Securely

 https://vice.com/en_us/article/mb3nd4/how-to-sext-securely-safely-what-apps-to-use-sexting Hack Blossom

 https://hackblossom.org/domestic-violence/threats/sexual-content.html https://hackblossom.org/domestic-violence/defense/secret-accounts.html

Take back the tech

 https://takebackthetech.net/know-more/heyfriend

Safer Nudes

 https://codingrights.org/4

Safer Sisters Online Security Tips in GIFs

https://medium.com/codingrights/safersisters-online-security-tips-in-gifs-222589166ed8 For teens (by Planned Parenthood) https://plannedparenthood.org/learn/teens/bullying-safety-privacy/all-about-sexting https://plannedparenthood.org/learn/teens/bullying-safety-privacy/online-privacy-and-staying-safe

Dirty Code

 https://dirtycode.io

A personal story: Love in the time of cryptography

https://wired.com/2017/04/love-in-the-time-of-cryptography

@bachchaoproject

Safer nudes is available a printable zine: https://codingrights.org/send-nudes

From its official description: “…discussing post-porn aesthetics and strategies for combating gender inequalities in the web, it was thought to be more appealing to women and sexual minorities since they are more easily exposed to online haressment, by practices such as revenge “porn”, doxxing, cyberbulling, etc.”

Dirty Code is an interesting approach to sexting. Instead of sending or receiving an actual nude photo, it enables sexters to send/ receive a drawing of it: https://dirtycode.io

(While we are at it, here is a friendly reminder to never send an unsolicited dick pic even if it is a drawing of a dick pic.) #consent

Instead of being literal or graphic all the time, you could use GIFs and NSFW sticker packs (Signal & Telegram) to convey your mood. You can also make your own sticker packs easily using freely available vector illustrations of whatever floats your & your partner’s boat.

@sandraaceng

Encryption, use of TOR, use secure connection like VPN, use personal cloud storage because they are less likely to be targeted by hackers

@bachchaoproject

VPNs are a double-edged sword, especially when sexting. Free VPNs are free of monetary cost for a reason. That’s not good for the users’ #privacy and digital #security.

@aagrabakijasmin

I wrote this article for @Hidden_Pockets

during the #Aadhaar crisis. It is still relevant during #lockdown and #corona crisis. Is your dating life safe with all these dating apps?

https://hidden-pockets.com/tinder-messages/

@aldebaran14

Sticker packs as promised  pastebin.com/yNnyAqsL

 

 

What are some of the laws that we should keep in mind that are helpful? 

@Hidden_Pockets

Do remember India has a legislation specific to Information Technology Act 2000, and we can reach various cyber cells across cities in times of crisis.

@apar1984

Any non-consensual sexual imagery is not porn. It is a crime. An awful one which results in lasting and damaging consequences.

@Hidden_Pockets

Some sections in IT Act, specifically deal with violating the modesty of women in online spaces, and it can be used for instances like revenge porn. 

@apar1984

Provisions exist both under the IT Act and the IPC to deal with them. However both substantively and procedurally more must be done to address it

@aldebaran14

There are provisions under the IT Act and the IPC as Apar mentioned. However, my work on online non-consensual imagery from many years ago largely indicates that is redressal and justice for victims are difficult, circuitous and protracted.

Social stigma, a lack of support from family and social circles, patriarchal attitudes towards sexual propriety and conduct, and the fear of harassment by the police prevent victims from doing so much as filing a basic police report:

https://t.co/6HSvFHzI5K?amp=1

http://www.eroticsindia.org/pornography/amateur-porn-privacy-censorship-consent/

https://www.researchgate.net/publication/322661093_Amateur_Pornography_and_Consent

Victims are often driven to suicide: (Unfortunate use of the term “revenge porn” here)

https://www.edexlive.com/live-story/2017/apr/13/the-dark-net-and-its-crimes-329.html

 

@trishapande

How can parents in India educate their children on online privacy given that 

 

  • Parents are not always the most aware about online privacy 
  • Children find it difficult to share their online experiences with parents ?

 

@Hidden_Pockets

exactly! more resource by @PPact:

https://www.plannedparenthood.org/learn/teens/bullying-safety-privacy/all-about-sexting

 

“Anatomy of Internet shutdowns”: Panel discussion at Nullcon 2020

Prateek Waghre, Research Analyst, The Takshashila Institution was a speaker in a panel discussion at Nullcon on March 8, 2020 about a study carried out jointly with Rohini Lakshané of The Bachchao Project. In the discussion entitled “Anatomy of Internet Shutdowns”, Waghre spoke about the study on usability testing of the whitelist issued for Internet access in Jammu and Kashmir.

Details about the study may be accessed here: http://thebachchaoproject.org/even-the-301-whitelisted-sites-in-jammu-and-kashmir-are-not-entirely-accessible-an-analysis

Details about the session here: https://nullcon.net/website/media-track.php. Nullcon is an annual conference held in India on the topic of cybersecurity.

Submission to MHA regarding whitelist for Internet access in Jammu and Kashmir

The Bachchao Project and The Takshashila Institution made a joint submission to India’s Ministry of Home Affairs (MHA) based on our findings of a usability testing exercise conducted on the whitelist issued for Internet access in Jammu and Kashmir in January 2020. A copy of the submission has been uploaded here along with a summary of the questions raised by our findings.

The findings are available on Zenodo: https://zenodo.org/record/3635885


To,
Shri Ajay Kumar Bhalla,
Home Secretary,
Ministry of Home Affairs,
Dated: February 19, 2020

Dear Sir,

Subject: Jammu and Kashmir Internet Whitelist

This communication is with reference to orders issued by the Home Department, Government of Jammu and Kashmir (dated January 14, 18, 24 and 31) regarding the Temporary Suspension of Telecom Services and enforcement of a whitelist of websites available for internet access in Jammu and Kashmir.

We have conducted a usability analysis of the 329 entries in the whitelist with the following results.

  • 20% of the entries were practically usable.
  • 23% of the entries were partially usable.
  • 47% of the entries were not usable in any meaningful way.
  • 10% of the entries could not be analysed as the information provided was inadequate/ incorrect.

The analysis demonstrated that this whitelisting approach is not technically feasible, especially for a large population, nor is it practically workable. It also simultaneously raised questions about the whitelisting exercise as a whole, which need to be urgently addressed by the Ministry of Home Affairs.

  1. What were the process and criteria applied to select these specific URLs/ services/ websites to be on the whitelist?
  2. What were the process and criteria applied to reject some services provided by the government from the whitelist?
  3. What were the process and criteria, if any, to reject websites and services that are similar to those whitelisted and those that provide the same or comparable services?
  4. How were the residents of Jammu and Kashmir informed about this whitelist, that these specific services/ websites had become accessible?
  5. Were recommendations sought from the Telecom Regulatory Authority of India (TRAI) with regard to the violation of Net Neutrality? If so, what recommendations did TRAI put forward?
  6. What were the criteria for blocking VPN services?
  7. What, if any, technical testing was conducted to ensure smooth operation of the whitelisted websites?
  8. What, if any, was the review process put in place for the list?
  9. In view of all the above questions, how will the authorised government officers “ensure implementation of these directions in letter and spirit,” as stated in paragraph 7 of the order dated January 14?

We have enclosed a document containing the following information for your perusal.

  • Executive summary
  • Background note
  • Summary of results
  • Questions with supporting information

The document also includes three addenda (in case further details are required).

  • Addendum 1: Detailed write-up about the method of testing, its limitations, our observations based on our findings, and questions and comments about the role of ISPs in implementing the whitelist.
  • Addendum 2: The test results and observations for each of the 301 entries in the whitelist contained in the order dated 24 January.
  • Addendum 3: The test results and observations for new entries made to the whitelist specified by the order dated January 31. The new entries had to be analysed separately since this order removed the ‘Field’ column resulting in a change in categorisation of the entries.

We seek your response(s) to the 9 questions listed in the submission.

Copies to:

  1. Shri Amit Shah, Minister for Home Affairs
  2. Shri Ravi Shankar Prasad, Minister for Communications, Minister for Electronics and Information Technology
  3. Shri Anshu Prakash, Secretary to the Department of Telecommunications
  4. Shri Ajay Sawhney, Secretary to the Ministry of Electronics and Information Technology
  5. Shri Shaleen Kabra, Principal Secretary to the Government, Home Department, Government of Jammu and Kashmir
  6. Shri R. S. Sharma, Chairman, Telecom Regulatory Authority of India (TRAI)
  7. Shri Sanjay Dhotre, Union Minister of State for Communication, and for Electronics and IT


Prateek Waghre
Research Analyst,
The Takshashila Institution

Rohini Lakshané
Director, Emerging Research,
The Bachchao Project

Questions about whitelist for Internet access in Jammu and Kashmir

Submissions citing analysis of whitelist for Internet access in Jammu and Kashmir