If you stood up for students by demanding the postponement of CBSE exams, we appeal to you to also take a stand against CBSE's use of Facial Recognition on minors - a serious, co-occurring issue flying under the radar. Thread on what's going on. internetfreedom.in/cbses-response…
1/n
On October 22, 2020, we found that CBSE is using Facial Recognition to provide class 10 and 12 students access to their academic documents. A live image of them will be matched with the photo on their CBSE admit card, which is stored in a database. 2/n indianexpress.com/article/educat…
Why is this an issue?
a. These are photos of minors and we don't have a data protection law.
b. The tech will lead to exclusion of students due to inaccuracies, becoming a procedural hindrance.
c. Children's appearances change over time. The tech can fail to identify them.
3/n
CBSE told us it's not "facial recognition", and is instead "face matching". It failed to explain to us how "face matching" operates, or how it is distinct from facial recognition. This is a tactic to dilute the issue through confusing nomenclature. 4/n
We sent CBSE a representation highlighting privacy and exclusion related concerns of its new tech. This is to say that it has been made aware of the dangerous consequences for minors, and has yet not heeded our recommendation to stop using it.
Instead, on April 8, 2021, CBSE reiterated to us yet again that it is only employing a “face matching technique”, failing to convey any meaningful information about the same. But we believe it doesn't matter - face matching and facial recognition are the same.
6/n
The Supreme Court sets standards which have to be met to justify intrusion by the State into a person's fundamental right to privacy. CBSE acknowledged our analysis of how their program doesn't meet these standards, and gave its own justification which we find erroneous. 7/n
We need your help! If we don't collectively challenge this now, it's a matter of time before mass use of facial recognition is seen across schools. Join 500+ Indians calling for a complete ban on its use. Read and sign the petition. #ProjectPanoptic panoptic.in/petition
• • •
Missing some Tweet in this thread? You can try to
force a refresh
We have been seeking clarity around the undemocratic and unconstitutional IT Rules, 2021. As per our analysis they threaten social media interactions, online news portals and OTT streaming platforms. Fundamentally altering and vesting excessive government control. 1/n
In our most recent attempt at transparency is to examine how the IT Rules, 2021 came to be drafted we had filed a RTI request with MEITY on the legal advise, contractors and file nothings. As per their response, it was drafted by MEITY with advice from M/s Vidhi Legal. 2/n
Further legal opinion was sought from the Law Ministry. On our queries (such as inspecting the file), we appreciate MEITY extending us an opportunity to inspect them. After the present surge ceases, we will examine all methods & options how IFF staff can safely access copies. 3/n
Since May 2020, @OfficialSauravD has been denied critical information about the widely criticised privacy and security aspects of Aarogya Setu. IFF has been representing Mr. Das in court. Today, we are making known the details of this case. internetfreedom.in/how-we-are-hel…
1/n
@OfficialSauravD has already found via RTIs that Aarogya Setu does not comply with its own data sharing protocols. He sought a copy of its entire file which contained info about the proposal's origins, govt depts involved, correspondence between pvt sector and officials, etc.
2/n
After not responding for 3 months (the time limit for responding to RTI requests is 30 days!), Public Information Officers of the National Informatics Centre, e-Governance Division, and MeitY all claimed that the information was not held by their departments.
3/n
Are you confused about the Personal Data Protection Bill, and don't know where to start? We're on a mission to #StartFromScratch and break down components of the bill for your knowledge.
In part 1 we discussed the need for a data protection bill in today's digital world. We provided historical context and hinted at some of the concerns that have been raised about it. In part 2 below, we discuss the bill's basic elements and provisions. 2/n
Let's begin with the basics - the most important definitions. Given the example that you're a Facebook user, you are called a "data principal". Facebook is the "data fiduciary", and the entity that processes your data for, say, advertising purposes is a "data processor". 3/n
In 2018 @GoI_MeitY refused to provide us with public consultation comments on the Data Protection Bill in response to our RTI request.
After 3 years of pursuing this, the Central Information Commission has held that MeitY's denial is grossly improper. 1/n internetfreedom.in/persist-transp…
The RTI reply stated that the comments were confidential, but the CPIO did not cite any provision under section 8 of the RTI Act, 2005 to support this. Thus, the refusal was without basis and illegal. 2/n indiankanoon.org/doc/758550/
So we filed an appeal before the First Appellate Authority.
The FAA replied that the information can’t be shared under section 8(1)(i) of the RTI Act.
But this section provides exemptions for cabinet papers, and doesn’t apply to our request! 3/n indiankanoon.org/doc/93879/
Thread!
As election fever rises and #Kerala#TamilNadu and #WestBengal go to the polls, we're bringing you an analysis of manifestos of major parties on their commitments to tech innovation, digital rights, internet access, privacy and cybersecurity. 1/n internetfreedom.in/2021assemblyel…
Despite a rising number of young voters and Indian internet users, political parties have been slow to move on digital rights. Before the 2019 general election we drafted an agenda making an appeal across party lines to prioritize digital rights. docs.google.com/document/d/1AX…
2/n
Following are our key learnings surrounding the promises made by political parties. We follow a model in which a “+” indicates a positive move, “-” a negative one, and “?” indicates one which does not present a clear foreseeable consequence or is ambiguous.
3/n
#MobikwikDataLeak
We have written to @IndianCERT asking them to initiate an inquiry over the Mobikwik data breach under Sec. 70B(6) of the IT Act. We lay out 5 steps MobiKwik must take to alleviate the situation. Pls read and RT for public knowledge. 1/n internetfreedom.in/mobikwik-data-…
Over 8.2 TB of data of MobiKwik users has reportedly been put on sale over the dark web with an asking price of 1.5 Bitcoin (~ INR 65 Lakhs). The leak includes KYC, passport, address, email, phone number and aadhar card details of 10 Crore Indians. indianexpress.com/article/techno…
2/n
MobiKwik's denial has been countered by independent researchers who indicate that a breach has occurred. MobiKwik also reportedly sought help from Amazon last month after they discovered that someone outside the organisation downloaded their S3 data.