The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 1 to 2.
CIS Submission to TRAI Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks
https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi
<b>This submission presents responses by the CIS on the Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks published by the TRAI on November 15, 2016. Our analysis of the solution proposed in the Note, in brief, is that there is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector, and does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</b>
<p> </p>
<p>The comments were authored by Japreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia Andersdotter.</p>
<hr />
<h2>1. Preliminary</h2>
<p><strong>1.1.</strong> This submission presents responses by the Centre for Internet and Society (“CIS”) <strong>[1]</strong> on the <em>Consultation Note on Model for Nation-wide Interoperable and Scalable Public Wi-Fi Networks</em> (“the Note”) published by the Telecom Regulatory Authority of India (“TRAI”) on November 15, 2016 <strong>[2]</strong>.</p>
<p><strong>1.2.</strong> The CIS welcomes the effort undertaken by TRAI to map regulatory and other barriers to deployment of public Wi-Fi in India. We especially appreciate that TRAI has recognised <strong>[3]</strong> two key barriers to provision of public Wi-Fi networks identified and highlighted in our earlier response to the <em>Consultation Paper on Proliferation of Broadband through Public WiFi</em> <strong>[4]</strong>: 1) over regulation (including, licensing requirements, data retention, and Know Your Customer policy), and 2) paucity of spectrum <strong>[5]</strong>.</p>
<h2>2. General Responses</h2>
<p><strong>2.1.</strong> Before responding to the specific questions posed by the Note, we would like to make the following observations.</p>
<p><strong>2.2.</strong> There is no need of a solution for non-existing interoperability problem for authentication and payment services for accessing public Wi-Fi networks. The proposed solution in this Note only adds to over-regulation in this sector. The proposed solution does not incentivise new investment in the sector, but only establishes UIDAI and NPCI as the monopoly service providers for authentication and payment services.</p>
<p><strong>2.3.</strong> As the TRAI has consulted widely with industry and other stakeholders before it settled on the list of priority issues contained in Section C.6 of the Note, we are surprised to find that this Note aims to address only the problem of lack of “seamless interoperable payment system for Wi-Fi networks” (Section C.6.d. Of the Note), and does not discuss and propose solutions for any other key barriers identified by the Note.</p>
<p><strong>2.4.</strong> The Note fails to clarify the “interoperability” problem in the payment system for usage of public Wi-Fi networks that it is attempting to solve. The Note identifies that lack of “single standard” for “authentication and payment mechanisms” for accessing public Wi-Fi networks as a key impediment to provide scalable and interoperable public Wi-Fi networks across the country <strong>[6]</strong>. By conceptualising the problem in this manner, TRAI has bundled together two completely different concerns - authentication and payment - into one and this is at the root of the problems emanating from the proposed solution in this Note.</p>
<p><strong>2.5.</strong> Lack of standard process for authentication is created by over-regulation via Know Your Customer (“KYC”) policies, and selection of eKYC service provided by UIDAI as the only acceptable authentication mechanism for all users of public Wi-Fi networks across India, creating further economic and legal challenges for smaller would-be providers of public Wi-Fi networks as they assess their liabilities and start-up costs. Additionally, since this would amount to making UID/Aadhaar enrolment mandatory for any user of public wi-fi networks, it seems to create a contradiction with previously communicated policy from the UIDAI and the Government that no such obligation should arise. Supreme Court has also mandated over successive Orders that enrolment for UID/Aadhaar number should remain optional for the citizens and residents.</p>
<p><strong>2.6.</strong> As was observed by the respondents to the TRAI Consultation concluded earlier this year, there is no interoperability problem that needs to be solved regarding payments for accessing public Wi-Fi networks. Payment services continue to be evolved and payment aggregator services provided by existing companies may be expected to resolve many of the outstanding issues of service proliferation in the upcoming years, at least in the absence of additional mandatory technical measures imposed by the government. Bundling of payment with authentication will only undermine the already existing independent market for payment aggregators, and further enforce mandatoriness of UID/Aadhaar number.</p>
<p><strong>2.7.</strong> Further, the payment mechanism proposed would seem to worsen difficulties for tourists and foreigners in accessing public Wi-Fi in India, as well adds an additional layer of authentication in a system already identified (even in the Note itself) to be overburdened by regulations regarding KYC and data retention. Section C.6.b of the Note highlights the problems faced by foreigners and tourists when the authentication mechanism is premised upon use of One Time Password (OTP) that requires a functioning local mobile phone number. It contradicts itself later by proposing an authentication method that requires the user to not only download an application onto their mobile/desktop device, but also to enrol for UID/Aadhaar number and/or to use their existing UID/Aadhaar number. Instead of reducing the existing barriers to provision of and access to public Wi-Fi, which the Note is supposed to achieve, it creates significant new barriers.</p>
<p><strong>2.8.</strong> The technological architecture advanced by the Note upholds support of governance and surveillance projects that, in addition to being costly in their implementation and thereby slowing down the objective of getting India connected, are also of questionable value to the security of the Indian polity. UID, UPI, and related projects risk undermining cyber-security through their reliance on centralised architectures and interfere with healthy competitive market dynamics between commercial and non-commercial actors.</p>
<p><strong>2.9.</strong> The Note continues to only consider and enable commercial models for the provision of public Wi-Fi networks. We have identified this as a problematic assumption in our last submission <strong>[7]</strong>. It is most crucial that TRAI does not ignore and fail to promote and facilitate the possibility of not-for-profit models that involve grassroot communities, academia, and civil society.</p>
<p><strong>2.10.</strong> Last but not the least, the term “Wi-Fi” refers to a particular technology for establishing wireless local area networks. Further, the term is a trademark of the Wi-Fi Alliance <strong>[8]</strong>. It is this not a neutral term, and it must not be used as a general and universal synonym for wireless local area networks. We recommend that TRAI may consider using a technology-neutral term, say “public wireless services” or “public networking services”, to describe the sector. Following the terminology used in the Note, we have decided to continue using the term “Wi-Fi” in this response. This does not reflect our agreement about the appropriateness of this term. Important: The recommendation for technology-neutral regulation also comes with the qualification that safeguards like regulations on Listen Before Talk and Cycle Time are required to prevent technologies like LTE-U from squatting on spectrum and interfering with connections based on other standards.</p>
<h2>3. Specific Responses</h2>
<h4>Q1. Is the architecture suggested in the consultation note for creating unified authentication and payment infrastructure will enable nationwide standard for authentication and payment interoperability?</h4>
<p><strong>3.1.</strong> No. The proposed infrastructure is likely to be costly for a large number of actors to implement and undermine some of the ongoing innovation in the Indian digital payment services industry. Rather than being helpful, it risks introducing additional requirements on an industry that TRAI has already identified as facing a number of large challenges.</p>
<p><strong>3.2.</strong> There is no need for a unified architecture that provides nationwide standard for authentication and payment interoperability. It does not offer any incentive towards provision of public Wi-Fi networks. Neither is there an interoperability problem at the physical or data link layers that has been pointed out, nor is government mandated interoperability required at the payment or ID layer since there are private entities that provide such interoperability (like, payment aggregators). Additionally, we believe it is inappropriate that the TRAI is trying to predict the most suitable business/technological model for digital payments to be used for accessing commercial Wi-Fi networks. India has a booming online payments industry, and it must be allowed to evolve in an enabling regulatory environment that allow for competition and ensures responsible practices.</p>
<p><strong>3.3.</strong> The Note identifies several structural impediments to expansion of public Wi-Fi networks in India, namely paucity of backhaul connectivity infrastructure (Section C.6.a), Inadequate associated infrastructure to offer carrier grade Wi-Fi network (Section C.6.c), dependency of authentication mechanism on pre-existing (Indian) mobile phone connection (Section C.6.b), and limited availability of spectrum to be used for public Wi-Fi networks (Section C.6.e). All these are crucial concerns and none of them have been addressed by the architecture suggested in the Note.</p>
<h4>Q2. Would you like to suggest any alternate model?</h4>
<p><strong>3.4.</strong> Yes. The model proposed in the Note is likely to exclude several types of potential users (say, foreigners and tourists), and impose a single authentication and payment service provider for accessing public Wi-Fi networks, which may undermine both competition and security in the market for these services.</p>
<p><strong>3.5.</strong> Internationally, there are cities and regions (say, the city of Barcelona and the Catalonia region in Spain) where public Wi-Fi networks have been provided in a pervasive and efficient manner by taking a light regulatory approach that enables opportunities for potential providers to set up their own infrastructures and additionally have access to backhaul. Further, reducing legal requirements on authentication should be considered in place of government mandated technical architectures for authentication and payment. In particular, allowing for anonymous access to Public Wi-Fi or wireless connectivity would reduce both the administrative and the technical burden on potential providers at the hyper-local level, especially for providers whose main activity it is not, and cannot be, to provide internet services (say, event venues, malls, and shops).</p>
<p><strong>3.6.</strong> The CIS suggests the following steps towards conceptualising an “alternative model”:</p>
<ol><li>remove existing regulatory disincentives,<br /><br /></li>
<li>urgently explore policies to promote deployment of wired infrastructures in general, and to enable a larger range of actors, including local authorities, to invest in and deploy local infrastructures by reducing licensing requirements in particular,<br /><br /></li>
<li>examine spectrum requirements for provision of public Wi-Fi, and<br /><br /></li>
<li>provide incentives, such as allowing telecom service providers to share backhaul traffic over public Wi-Fi, and ways for telecom service providers to lower their costs if they also make Internet access available for free.</li></ol>
<h4>Q3. Can Public Wi-Fi access providers resell capacity and bandwidth to retail users? Is “light touch regulation” using methods such as “registration” instead of “licensing” preferred for them?</h4>
<p><strong>3.7.</strong> CIS holds that capacity and bandwidth are neither comparable to tangible goods nor to digital currency. They are a utility, and the provider of the utility has to accept that their customers use the utility in the way they see fit, even if that use entails sharing said capacity and bandwidth with downstream private persons or customers. Wi-Fi capabilities are currently a built-in standardised feature of all consumer routers. Any individual, community, or store with access to an internet connection and a consumer router could become a public Wi-Fi access provider at no additional cost to themselves, furthering the goals of the Indian government in its Digital India strategy to ensure public and universal access to the internet.</p>
<p><strong>3.8.</strong> In order to exploit the opportunities awarded by a large amount of entities in the Indian society potentially becoming Public Wi-Fi providers, TRAI should require neither registration nor licensing of these actors. Imposing administrative burdens on potential public Wi-Fi access providers creates legal uncertainty and will cause a lot of actors, who may otherwise contribute to the goals of Digital India, not to do so. This is particularly true for community organisers and citizens, who may not have access to legal assistance and therefore may avoid contributing to the goals of the government.</p>
<p><strong>3.9.</strong> Light touch regulation when it comes to both granting license to public Wi-Fi access providers as well as authentication of retail users, however, are needed not only as an exceptional practice for such instances but as a general practice in case of entities offering public Wi-Fi services, either commercially or otherwise. Further, additional laxity in administrative responsibilities is needed to incentivise provision of free, that is non-commercial, public Wi-Fi networks.</p>
<h4>Q4. What should be the regulatory guidelines on “unbundling” Wi-Fi at access and backhaul level?</h4>
<p><strong>3.10.</strong> The Note refers to unbundling of activities related to provision of Wi-Fi but it does not define the term. It is neither explained which specific activities at access and backhaul levels must be considered for unbundling.</p>
<p><strong>3.11.</strong> While unbundling should clearly be allowed and any regulatory hurdles to unbundling should be removed, any such decision must be taken with a focus on urgently addressing the stagnated growth in landline and backhaul, as identified in Section C.6.a of the Note. Relying only on spectrum intensive infrastructures, such as mobile base stations, for providing connectivity, creates a heavy regulatory burden for the TRAI, while simultaneously not ensuring optimal connectivity for business and private users. The CIS is concerned that the focus of the Note on standardising a government-mediated authentication and payment mechanism detracts attention from this urgent obstacle to the fulfillment of the Digital India plans of accelerated provision of broadband highways, universal access, and public, especially free, access to internet services.</p>
<p><strong>3.12.</strong> From the example of European telecommunications legislations, implementation of policy measures to ensure that vertical integration between infrastructure (say, cables, switches, and hubs) providers and service (say, providing a subscriber with a household modem or a SIM card) providers in the telecommunications sector does not become a barrier to new market entrants has yielded much success in countries that have pursued it, like Sweden and Great Britain.</p>
<p><strong>3.13.</strong> Further, there should be no default assumption of bundling by the TRAI. In particular, the TRAI should consider reviewing all regulations that may cause bundling to occur when this is not necessary, and put in place in a monitoring mechanism for ensuring that bundled practises (especially in electronic networks, base station infrastructures, backhaul and similar) do not cause competitive problems or raise market entry barriers <strong>[9]</strong>. In most EU countries, especially where the corporate structure of incumbent(s) is not highly vertically integrated, interconnection requirements for electronic network providers of wired networks in the backhaul or backbone (effectively price regulated interconnection), and a conscious effort to ensure that new market players can enter the field, have ensured a competitive telecommunications environment. TRAI may consider reviewing the European regulation on local loop unbundling (1999) and discussions on functional separation (especially by the British regulatory authority Ofcom), within an Indian context.</p>
<h4>Q5. Whether reselling of bandwidth should be allowed to venue owners such as shop keepers through Wi-Fi at premise? In such a scenario please suggest the mechanism for security compliance.</h4>
<p><strong>3.14.</strong> Yes. Venue owners should be allowed to provide public Wi-Fi service both on a commercial and non-commercial basis.</p>
<p><strong>3.15.</strong> It is not clear from the Note and the question what type of security concerns the TRAI is seeking to address. In terms of payment security, the payment industry already has a large range of verification and testing mechanisms. The CIS objects to the mandatory introduction of the proposed payment system so as to ensure greater security for Wi-Fi access providers and the users.</p>
<p><strong>3.16.</strong> As far as hardware-related security issues are concerned, it is again unclear why consumer equipment compliant with existing Wi-Fi standards would not be sufficiently secure in the Indian context. Wi-Fi has proven to be a sturdy technical standard, its adoption is high in multiple jurisdictions around the world, and it also enjoys great technical stability. Similar security assessments could easily be made for alternative wireless technologies, such as WiMaX.</p>
<p><strong>3.17.</strong> The CIS foresees problems is in the allocation of risk and liability by law. The already existing legal obligation to verify the identity of each user, for instance, is likely to introduce a large administrative burden on potential Public Wi-Fi providers, which may lead to such potential providers abstaining from entering the market. Should the identification requirement be removed, however, other concerns pertaining to legal obligations may arise. These include liability for user activities on the web or on the internet (cf. copyright infringement, libel, hate speech). We propose a “safe harbour” mechanism in these cases, limiting the liability of the potential public Wi-Fi provider.</p>
<h4>Q6. What should be the guidelines regarding sharing of costs and revenue across all entities in the public Wi-Fi value chain? Is regulatory intervention required or it should be left to forbearance and individual contracting?</h4>
<p><strong>3.18.</strong> The market segments identified by the TRAI in Section F.18 of the Note should normally all be competitive markets themselves, and so do not require regulatory assistance in sharing of costs and revenues. The more elaborate the requirements imposed on each actor of each market segment identified by the TRAI in Section F.18, the more costly the roll-out of public Wi-Fi is going to be for the market actors. Such a cost is not avoided by price regulation.</p>
<p><strong>3.19.</strong> The TRAI may instead consider introducing public funding for backhaul roll-out in remote areas, where the market is unlikely to engage in such roll-out on its own. Presently, some Indian states (such as Karnataka) are committing to public funding for wireless access in remote areas. The Union Government can assist such endeavours.</p>
<h2>Endnotes</h2>
<p><strong>[1]</strong> See: <a href="http://cis-india.org/">http://cis-india.org/</a>.</p>
<p><strong>[2]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20801_0.aspx">http://trai.gov.in/Content/ConDis/20801_0.aspx</a>.</p>
<p><strong>[3]</strong> See Section C.6 of the Note.</p>
<p><strong>[4]</strong> See: <a href="http://trai.gov.in/Content/ConDis/20782_0.aspx">http://trai.gov.in/Content/ConDis/20782_0.aspx</a>.</p>
<p><strong>[5]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[6]</strong> See Section E.11. of the Note.</p>
<p><strong>[7]</strong> See: <a href="http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks">http://cis-india.org/telecom/blog/cis-submission-to-trai-consultation-on-proliferation-of-broadband-through-public-wifi-networks</a>.</p>
<p><strong>[8]</strong> See: <a href="https://www.wi-fi.org/">https://www.wi-fi.org/</a>.</p>
<p><strong>[9]</strong> See: Monitoring bundled products in the telecommunications sector is also recommended by the OECD: <a href="http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/">http://oecdinsights.org/2015/06/22/triple-and-quadruple-play-bundles-of-communication-services-towards-all-in-one-packages/</a>.</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi'>https://cis-india.org/telecom/blog/cis-submission-trai-note-on-interoperable-scalable-public-wifi</a>
</p>
No publisherJapreet Grewal, Pranesh Prakash, Sharath Chandra, Sumandro Chattapadhyay, Sunil Abraham, and Udbhav Tiwari, with expert comments from Amelia AndersdotterDigital PaymentPublic Wireless NetworkTRAIInternet GovernanceTelecomFeaturedAadhaarHomepageUID2016-12-12T13:59:00ZBlog EntryPrivacy and Security Implications of Public Wi-Fi - A Case Study
https://cis-india.org/internet-governance/blog/privacy-and-security-implications-of-public-wi-fi-a-case-study
<b>Today internet is an essential necessity in everyday work and recognizing its vital role, governments across the world including the Indian government, are giving access to public Wi-Fi. However, use of public Wi-Fi brings along with it certain privacy and security risks. This research paper analyses some of these concerns, along with the privacy policies of key ISPs in India providing public Wi-Fi service in Bangalore-namely D-VoIS and Tata Docomo, as a case study to provide suitable recommendations.
</b>
<p> </p>
<h4><a class="external-link" href="http://cis-india.org/internet-governance/files/privacy-and-security-implications-of-public-wi-fi-a-case-study/at_download/file">Download</a> (PDF)</h4>
<hr />
<h4>Contents</h4>
<p>1. <a href="#1">Introduction</a></p>
<p>2. <a href="#2">Global Scenario</a></p>
<p>3. <a href="#3">Overview of Public Wi-Fi in India</a></p>
<p>4. <a href="#4">Indian Policy and Legal Conundrum</a></p>
<p>5. <a href="#5">Public Wi-Fi and Privacy Concerns</a></p>
<p>5.1. <a href="#51">Data Theft</a></p>
<p>5.2. <a href="#52">Tracking an Individual</a></p>
<p>5.3. <a href="#53">Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks</a></p>
<p>5.4. <a href="#54">Illegal Use of Data</a></p>
<p>6. <a href="#6">Ranking Digital Rights Project</a></p>
<p>6.1. <a href="#61">D-VoIS, Bangalore</a></p>
<p>6.2. <a href="#62">Tata Docomo, Bangalore</a></p>
<p>7. <a href="#7">Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</a></p>
<p>8. <a href="#8">Conclusion and Recommendations</a></p>
<p>8.1. <a href="#81">Commitment</a></p>
<p>8.2. <a href="#82">Freedom of Expression</a></p>
<p>8.3. <a href="#83">Privacy</a></p>
<hr />
<h2 id="1">1. Introduction</h2>
<p style="text-align: justify;">Recognizing internet as a critical tool for day-to-day work and facilitating increased access to it in the past few years,<a name="_ftnref1" href="#_ftn1"><sup>[1]</sup></a> the Indian Government as well as Governments across the world have rolled out plans for offering public Wi-Fi. However, privacy risks of using public Wi-Fi have also been flagged across jurisdictions, which will be discussed in this paper. Apart from highlighting key privacy concerns associated with the use of free public Wi-Fi, this case study aims to analyse the privacy policies of two of the Internet Service Providers in India-namely Tata Docomo<a name="_ftnref2" href="#_ftn2"><sup>[2]</sup></a> and D-VoiS<a name="_ftnref3" href="#_ftn3"><sup>[3]</sup></a>, which offer public Wi-Fi services in Bangalore city against the indicators listed under the Ranking Digital Rights project<a name="_ftnref4" href="#_ftn4"><sup>[4]</sup></a>, as well as the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011<a name="_ftnref5" href="#_ftn5"><sup>[5]</sup></a>. Based on this analysis, this paper shall list key recommendations to these ISPs to ensure sound privacy policies and practices with a view to have a balanced framework and ecosystem in light of key privacy considerations, especially in light of public Wi-Fi.</p>
<h2 id="2">2. Global Scenario</h2>
<p style="text-align: justify;">Security and privacy concerns around the use of free and public Wi-Fi have been raised in India<a name="_ftnref6" href="#_ftn6"><sup>[6]</sup></a> as well as across the globe. In various cities like Bangalore, Delhi, Hyderabad, New York, London, Paris, etc., privacy experts have raised concerns over the public Wi-Fi systems at metro stations, malls, payphones and other such public places.<a name="_ftnref7" href="#_ftn7"><sup>[7]</sup></a></p>
<p style="text-align: justify;">For many years, New York City has been in the process of developing a “free” public Wi-Fi project called LinkNYC<a name="_ftnref8" href="#_ftn8"><sup>[8]</sup></a> to bring wireless Internet access to the residents of the city. However, privacy concerns have been raised by the users and privacy advocates like the New York Civil Liberties Union, where the latter also issued a letter to the Mayor's office regarding this<a name="_ftnref9" href="#_ftn9"><sup>[9]</sup></a> as the collection of potentially sensitive personal, locational and behavioral data, without adequate safeguards could result in sharing of such data without the data subject’s consent or knowledge. For example, one of the concerns raised has been regarding retention of user's data by CityBridge, the company behind the LinkNYC kiosks, often indefinitely, for building a massive database which carries a risk of security breaches and unwarranted surveillance by the police. <a name="_ftnref10" href="#_ftn10"><sup>[10]</sup></a> Also, users are concerned that their internet browsing history may reveal sensitive information about their political views, religious affiliations or medical issues<a name="_ftnref11" href="#_ftn11"><sup>[11]</sup></a>, since registration is required to use LinkNYC by submitting their email addresses and by agreeing to allow CityBridge to collect information about the websites they visit, the duration for which they linger on certain information on a webpage and the links they click on. On the contrary, the privacy policy of CityBridge states that this massive amount of personally identifiable user information would be cleared only if there have been 12 months of user inactivity, raising an alarm in light of privacy concerns.<a name="_ftnref12" href="#_ftn12"><sup>[12]</sup></a></p>
<p style="text-align: justify;">In the year 2015, the Information Commissioner’s Office (ICO) conducted a review of public Wi-Fi services on a UK high street, where it was found that the Wi-Fi networks requested for varying levels of personal data, which was also processed for marketing purposes. The results highlighted that while some networks did not request any personal data, others asked for varying amounts, including information regarding name, postal and email address, mobile number, gender, as well as asking for a date of birth as a mandatory requirement (except for gender). During the sign-up process, though some Wi-Fi networks provided users with the choice to opt-in or opt-out for receiving electronic newsletters and updates, others offered no choice at all.<a name="_ftnref13" href="#_ftn13"><sup>[13]</sup></a> As a result of the review process, the ICO notified Wi-Fi network providers that it had reviewed and advised them of improvements that they could make to their service and issued guidance<a name="_ftnref14" href="#_ftn14"><sup>[14]</sup></a> regarding the dangers of using public Wi-Fi<a name="_ftnref15" href="#_ftn15"><sup>[15]</sup></a>. ICO also recommended users to take time to read all the information given by providers of Wi-Fi services before connecting.</p>
<p style="text-align: justify;">In 2006, the European Data Retention Directive 2006/24/EC<a name="_ftnref16" href="#_ftn16"><sup>[16]</sup></a> was introduced for the retention of communications data by providers of public electronic communications services for national security. The Directive provides an obligation for providers of publicly available electronic communications services and public communications networks to retain traffic and location data for the purpose of the investigation, detection, and prosecution of serious crime.<a name="_ftnref17" href="#_ftn17"><sup>[17]</sup></a> Also, the Data Retention (EC Directive) Regulations 2009<a name="_ftnref18" href="#_ftn18"><sup>[18]</sup></a> were introduced to implement the Directive in the UK. However, this was challenged on grounds of insufficient safeguards for the privacy rights of individuals, given the substantial interference which it facilitated with those rights.<a name="_ftnref19" href="#_ftn19"><sup>[19]</sup></a></p>
<p style="text-align: justify;">To ensure protection of user’s data and information, the Data Protection Act 1998<a name="_ftnref20" href="#_ftn20"><sup>[20]</sup></a> in UK obliges businesses retaining people’s data to comply with the law, which involves informing people about what data is being collected and ensure that the data is stored securely.<a name="_ftnref21" href="#_ftn21"><sup>[21]</sup></a> . Therefore, in case of ISP’s providing public Wi-Fi service, this would relate to the information people provide when they log on, such as their email address. Under the Act, the data protection principles must be complied with by the data controllers and it needs to be ensured that the information is used fairly and lawfully, for limited and stated purposes, used in a way that is adequate, relevant and not excessive, kept for no longer than is absolutely necessary, handled according to people’s data protection rights, kept safe and secure and not transferred outside the European Economic Area without adequate protection.<a name="_ftnref22" href="#_ftn22"><sup>[22]</sup></a> This would soon be updated and synced with the European Union’s General Data Protection Directive (GDPR).</p>
<h2 id="3">3. Overview of Public Wi-Fi in India</h2>
<p style="text-align: justify;">In India, the public Wi-Fi in some cases has been offered free for a limited duration, in several cities across the country. For example, in 2014, Bangalore became the first city in the country to establish free public Wi-Fi- Namma Wi-Fi (802.11N) to make Bangalore a smart and connected city. The service is offered at MG Road, Brigade Road and four other locations in Bangalore including Traffic and Transit Management Centres (TTMCs) at Shanthinagar, Yeshwanthpur, Koramangala and CMH Road in Indiranagar.<a name="_ftnref23" href="#_ftn23"><sup>[23]</sup></a> The internet and Wi-Fi service provider for Namma Wi-Fi is D-VoiS Broadband Ltd,a city-based firm.<a name="_ftnref24" href="#_ftn24"><sup>[24]</sup></a> However, it seems the State Government plans to pull the plug on the project, funds, lack of awareness and difficulty in access as key constraints.<a name="_ftnref25" href="#_ftn25"><sup>[25]</sup></a> Tata Docomo has inked an agreement with GMR Airports to offer Wi-Fi services at several International Airports in the country, including the Bangalore International Airport. It offers access to access free Wi-Fi service for 45 minutes, following which they users are required to pay for the service online, to continue using the Wi-Fi service.<a name="_ftnref26" href="#_ftn26"><sup>[26]</sup></a></p>
<p style="text-align: justify;">Delhi has also introduced free Wi-Fi at its premier shopping hubs of Connaught Place and Khan Market in the year 2014, and BSNL launched a free WiFi service at Karnataka’s Malpe beach in the year 2016 making it the first WiFi beach in the three coastal districts of the state.<a name="_ftnref27" href="#_ftn27"><sup>[27]</sup></a> The State Governments of Mumbai, Kolkata, Patna and Ahmedabad also offer free Wi-Fi services in limited areas.<a name="_ftnref28" href="#_ftn28"><sup>[28]</sup></a> As part of the flagship programme by Indian Government, Digital India, the Government announced the rollout of Wi-Fi services by June 2015 at select public places in 25 Indian cities with population of over 10 lakh and tourist destinations by December 2015.<a name="_ftnref29" href="#_ftn29"><sup>[29]</sup></a> Also, the Government has plans to digitise India by rolling out free Wi-Fi in 2500 towns and cities over a span of 3 years.<a name="_ftnref30" href="#_ftn30"><sup>[30]</sup></a> Google plans to deploy WiFi at 100 railway stations in partnership with Railtel. Under this scheme, Mumbai Central was the first station to get free Wi-Fi in the year 2016.<a name="_ftnref31" href="#_ftn31"><sup>[31]</sup></a> Also, Google's Project Loon aims to provide internet connectivity in remote and rural areas in India, which is currently being tested in other countries.<a name="_ftnref32" href="#_ftn32"><sup>[32]</sup></a>.</p>
<h2 id="4">4. Indian Policy and Legal Conundrum</h2>
<p style="text-align: justify;">In light of national security concerns around the misuse of public Wi-Fi, the Department of Telecommunication, GoI, published a regulation<a name="_ftnref33" href="#_ftn33"><sup>[33]</sup></a> dated February 2009, defining procedures for the establishment and use of public Wi-Fi to prevent misuse of public Wi-Fi and to be able to track the perpetrator in case of abuse. Indeed, the DOT has stated that “Insecure Wi-Fi networks are capable of being misused without any trail of user at later date”.<a name="_ftnref34" href="#_ftn34"><sup>[34]</sup></a></p>
<p style="text-align: justify;">As per the 2009 Regulations, DoT has instructed ISPs to enforce centralized authentication using Login ID and Password for each user to ensure that the identity of the user can be traced.<a name="_ftnref35" href="#_ftn35"><sup>[35]</sup></a> Regarding Wi-Fi services provided at public places, the Regulations state that bulk login IDs shall be created for controlled distribution, with authentication done at a centralized server. The subscribers are required to use public Wi-Fi by registering with temporary user ID and password, in the following methods:</p>
<ul style="text-align: justify;">
<li>Obtaining copy of photo identity of the subscriber, to be maintained by Licensee for one year; or</li>
<li>Providing details of user ID and password via SMS on subscriber's mobile phone , to be used as his/her identity by keeping the mobile number for one year.</li></ul>
<p style="text-align: justify;">Additionally, the data protection regime in India is governed by section 43A of the Information Technology Act, 2000 and the Rules<a name="_ftnref36" href="#_ftn36"><sup>[36]</sup></a> notified under it. It obliges corporate bodies which possess, deal or handle any sensitive personal data to implement and maintain reasonable security practices, failing which they would be held liable to compensate those affected by any negligence attributable to this failure. The said Rules also define requirements and safeguards that every Body Corporate is legally required to incorporate into the company's privacy policy. The Rules put restrictions on body corporates on collecting sensitive personal information, and also states that it must obtain prior consent from the “provider of information” regarding “purpose, means and modes of use of the information, along with limiting disclosure of such information.<a name="_ftnref37" href="#_ftn37"><sup>[37]</sup></a> Most of the ISPs in India being a private company, like D-VoiS and Tata Docomo, are obliged to comply with these provisions. Also, under the model License Agreement for Unified License<a name="_ftnref38" href="#_ftn38"><sup>[38]</sup></a> by Ministry of Communication & IT, Department of Telecommunications, Government of India, where the Unified Access License Framework allows for a single license for multiple services such as telecom, the internet and television and provides certain security guidelines, privacy of communications is to be maintained by the Licensee (the ISPs in this case) and network security practices and audits are mandated along with penalties for contravention in addition to what is prescribed under the Information Technology Act,2000. It also provides for ensuring unauthorized interception of messages does not take place. Therefore, the ISPs providing public Wi-Fi services in various cities across India would be governed by the data protection regime and could be held liable under these provisions in case of non-compliance with the security measures so stated.</p>
<p style="text-align: justify;">In July 2016, the Telecom Regulatory Authority of India (hereinafter referred as “TRAI”) floated a Consultation paper on Proliferation of Broadband through Public Wi-Fi Networks<a name="_ftnref39" href="#_ftn39"><sup>[39]</sup></a> with an objective to examine the need of encouraging public Wi-Fi networks in the country from a public policy point of view and discuss the issues as well as solutions in its proliferation. The paper recognises the fact that India is still in a green field deployment phase in terms of adoption of public Wi-Fi services and requires solutions for resolving the challenges and risks being faced in the process and lay a strong foundation to evolve towards a meaningful position in the advancement of initiatives related to Internet of Things, Smart Cities, etc.<a name="_ftnref40" href="#_ftn40"><sup>[40]</sup></a> This is an important step towards fulfilment of the Digital India scheme of the Indian Government to ensure better connectivity. In the paper, TRAI has advocated development of a payment platform which allows easy access to Wi-Fi services across internet service providers (ISPs) and through any payment instrument.<a name="_ftnref41" href="#_ftn41"><sup>[41]</sup></a> Besides that, the paper raises issues of various regulatory, licensing or policy measures required to encourage ubiquitous city-wide Wi-Fi networks as well as expansion of Wi-Fi networks in remote or rural areas, along with the issue of encouraging interoperability between the Wi-Fi networks of different service providers, both within the country and internationally, as well as between cellular and Wi-Fi networks.<a name="_ftnref42" href="#_ftn42"><sup>[42]</sup></a></p>
<h2 id="5">5. Public Wi-Fi and Privacy Concerns</h2>
<p style="text-align: justify;">Since proliferation of public Wi-Fi in India is happening at a moderate pace, the paper discusses key issues towards this, one of them being the logistics of deploying this service. This section briefly states and acknowledges privacy and security concerns as an important factor that may be posing issues in the adoption of public Wi-Fi services in the country. Since there have been numerous cases of security vulnerabilities in public Wi-Fi networks worldwide, security of networks and cyber crimes is a key issue for consideration.<a name="_ftnref43" href="#_ftn43"><sup>[43]</sup></a></p>
<p style="text-align: justify;">Deployment of public wireless access points has made it more convenient for people to access the Internet outside of their offices or homes. Despite advantages like ease of accessibility, connectivity and convenience, public Wi-Fi connection pose serious concerns as well. “The proliferation of public Wi-Fi is one of the biggest threats to consumer data”, says David Kennedy, founder of TrustedSec, a specialised information security consulting company based in the United States of America.<a name="_ftnref44" href="#_ftn44"><sup>[44]</sup></a> Also, the networks become an easier target with little public awareness about the existence of such threats wherein users expose valuable personal data over Wi-Fi hotspots. The recently released Norton Cyber Security Report 2016<a name="_ftnref45" href="#_ftn45"><sup>[45]</sup></a> shows how the benefit of constant connectivity is often outweighed by consumer complacency, leaving consumers and their Wi-Fi networks at risk. For the purpose of this report, Norton surveyed 20,000 people (over a 1,000 from India ) which reflects that though users in India may be increasingly becoming aware of the cyber threats they face due to use of public Wi-Fi, they don’t fully understand the accompanying risks and their online behaviour is often contradictory.<a name="_ftnref46" href="#_ftn46"><sup>[46]</sup></a> Also, it is important to consider that the services which claim to be free, actually generate revenue by advertisements, where the model works by providing free access to internet in exchange for user's’ personal and behavioral data, which is subsequently used to target ads to them.<a name="_ftnref47" href="#_ftn47"><sup>[47]</sup></a></p>
<p style="text-align: justify;">Some of the privacy harms stemming from use of public Wi-Fi are listed below.</p>
<h3 id="51"><strong>5.1. Data Theft</strong></h3>
<p style="text-align: justify;">With hackers finding it easy to access personal information of the data subjects, data can be hijacked by unauthorized internet access by spoofing the MAC and IP addresses of the authenticated user’s device or by use of default settings (saved passwords or IPs).<a name="_ftnref48" href="#_ftn48"><sup>[48]</sup></a> The following kinds of data is at a risk of being stolen and further misused:</p>
<ul style="text-align: justify;">
<li>demographic and locational data<a name="_ftnref49" href="#_ftn49"><sup>[49]</sup></a></li>
<li>forms of personal information acting as identifiers like financial information, social and personal information<a name="_ftnref50" href="#_ftn50"><sup>[50]</sup></a></li>
<li>private information like passwords to social networking sites, email accounts and banking websites<a name="_ftnref51" href="#_ftn51"><sup>[51]</sup></a></li>
<li>historical data from the devices<a name="_ftnref52" href="#_ftn52"><sup>[52]</sup></a></li></ul>
<ol style="text-align: justify;"></ol>
<h3 id="52"><strong>5.2. Tracking an Individual</strong></h3>
<p style="text-align: justify;">Like cell phones, Wi-Fi devices have unique identifiers that can be used for tracking purposes which can cause potential security issues. Tracking by using a Wi-Fi hotspot can also lead to third party harms like stalking.<a name="_ftnref53" href="#_ftn53"><sup>[53]</sup></a> To receive or use a service, often websites require the user to share their personal information such as name, age, ZIP code, or personal preferences, which is many times shared with advertisers and other third parties, without the knowledge or consent of the users.<a name="_ftnref54" href="#_ftn54"><sup>[54]</sup></a></p>
<h3 id="53"><strong>5.3. Makes the Electronic Devices Prone to Hacking and Setting up Fake Networks</strong></h3>
<p style="text-align: justify;">A recent experiment conducted by the chief scientist at mobile security firm Appknox at the Bengaluru International Airport, India, found that the wireless devices could be easily hacked over the airport’s free Wi-Fi network due to the easily exploitable security holes in the software made by Apple, Google, and Microsoft.<a name="_ftnref55" href="#_ftn55"><sup>[55]</sup></a> A similar experiment was backed by the European law enforcement agency, Europol, where a mobile hotspot was created in central London<a name="_ftnref56" href="#_ftn56"><sup>[56]</sup></a> and the hacker was able to gain access to passwords, apps, and even credit card and banking information with ease.<a name="_ftnref57" href="#_ftn57"><sup>[57]</sup></a> Lack of secure softwares and prevalence of open, unprotected Wi-Fi has made it fairly easy for hackers to set up fake twin access points that give them access to data histories and personal information.<a name="_ftnref58" href="#_ftn58"><sup>[58]</sup></a> This makes is easy to track data histories of users. Even if certain softwares use encryption codes, a simple decryption software can be used to obtain the information.<a name="_ftnref59" href="#_ftn59"><sup>[59]</sup></a></p>
<h3 id="54"><strong>5.4. Illegal Use of Data</strong></h3>
<ul style="text-align: justify;">
<li><strong>By authorities:</strong> the authorities have easier access to people’s browsing details and habits, and with justification in the name of national security, could be used to monitor the people without their consent.<a name="_ftnref60" href="#_ftn60"><sup>[60]</sup></a></li><br />
<li><strong>Wi-Fi provider:</strong> can sell the user’s demographic and location information. <a name="_ftnref61" href="#_ftn61"><sup>[61]</sup></a> Also, it was revealed in a study that the personal information of users is often transmitted by service providers without encryption. Anyone along the path between the user and the service’s data center can then intercept this information, opening users to grave privacy and security risks.<a name="_ftnref62" href="#_ftn62"><sup>[62]</sup></a></li><br />
<li><strong>By hackers:</strong> steal information and hack into unsuspecting victim’s bank accounts and misuse corporate financial information and secrets<a name="_ftnref63" href="#_ftn63"><sup>[63]</sup></a></li></ul>
<h2 id="6">6. Ranking Digital Rights Project</h2>
<p style="text-align: justify;">The "Ranking Digital Rights" project, an ongoing international non-profit research initiative, aims to promote greater respect for freedom of expression and privacy by focusing on the policies and practices of companies in the information communications technology (ICT) sector<a name="_ftnref64" href="#_ftn64"><sup>[64]</sup></a>, rank such companies in this light, and undertake research to develop the ranking methodology.<a name="_ftnref65" href="#_ftn65"><sup>[65]</sup></a></p>
<p style="text-align: justify;">In November 2015, the Ranking Digital Rights project launched the Corporate Accountability Index. Since several actors like the Internet and telecommunications companies, software producers, and device and networking equipment manufacturers exert growing influence over the political and civil lives of people all over the world, it is important to state that these organisations share a responsibility to respect human rights. For this purpose, 16 Internet and telecommunications companies were evaluated according to 31 indicators, which focused on corporate disclosure of policies and practices that affect users’ freedom of expression and privacy.<a name="_ftnref66" href="#_ftn66"><sup>[66]</sup></a></p>
<p style="text-align: justify;">The data produced by the index can help companies improve their policies, practices and help them identify challenges faced by companies in meeting their corporate obligations to respect human rights like Freedom of Expression and Privacy in the digital space.<a name="_ftnref67" href="#_ftn67"><sup>[67]</sup></a> Some of the key corporate practices which affect these rights are :</p>
<ul style="text-align: justify;">
<li>How companies handle government requests to hand over user data or restrict content;</li>
<li>How companies enforce their own terms of service;</li>
<li>What information companies collect about users and how long they retain it; and</li>
<li>To whom they share or sell user information.<a name="_ftnref68" href="#_ftn68"><sup>[68]</sup></a></li></ul>
<p style="text-align: justify;">The 2015 Corporate Accountability Index assesses transparency levels of the World’s most powerful Internet and telecommunications companies regarding their commitments, policies and practices that affect users’ freedom of expression and privacy and evaluates what companies share about these practices and offers recommendations for improvement. The methodology adopted relies on publicly available information so that advocates, researchers, journalists, policy makers, investors, and users can understand the extent to which different companies respect freedom of expression and privacy, and make appropriate policy, investment, and advocacy decisions. Also, public disclosures would enable researchers and journalists to investigate and verify the accuracy of company statements.<a name="_ftnref69" href="#_ftn69"><sup>[69]</sup></a></p>
<p style="text-align: justify;">For the purpose of this research, we would apply this index and the indicators to the internet service provider of public Wi-Fi in Bangalore-D-VoiS Ltd. and Tata Docomo to understand how comprehensive their privacy policies are when compared to global standards and make informed recommendations. Analysing policies against the index can help these companies identify best practices, as well as the obstacles they face in meeting their corporate obligations to respect human rights in the very digital spheres they helped to create.<a name="_ftnref70" href="#_ftn70"><sup>[70]</sup></a> The information has been gathered and analysed on the basis of publicly available information, and this can help companies empower users to make informed decisions about how they use technology, which would help build trust between users and companies in the long run.<a name="_ftnref71" href="#_ftn71"><sup>[71]</sup></a></p>
<h3 id="61"><strong>6.1. D-VoIS<a name="_ftnref72" href="#_ftn72"><sup>[72]</sup></a>, Bangalore</strong></h3>
<p style="text-align: justify;">For the purpose of this case study, the Privacy Policies of D-VoIS have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in <a class="external-link" href="http://cis-india.org/internet-governance/files/ranking-digital-rights-2015-annexure-1.pdf">Annex 1</a>.</p>
<h4>Summary</h4>
<p style="text-align: justify;">On the basis of the indicators and the information available, it can be ascertained that:</p>
<ul style="text-align: justify;">
<li>The Company has a freely available and understandable Privacy Policy and Terms of Use, though only in the English language.</li><br />
<li>The company does not commit to notify users in case of changes in the privacy policy of the company.</li><br />
<li>The company states circumstances in which it would restrict use of its services, along with reasons for content restriction.</li><br />
<li>The Company commits to the principle of data minimization, discloses circumstances when it shares information with third parties, and provides users with options to control the company’s collection and sharing of their information</li><br />
<li>Deploys industry standards for security of products and services.</li></ul>
<h4>Analysis</h4>
<ul style="text-align: justify;">
<li><strong>Commitment:</strong> D-VoIS fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. The Company lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lacks stakeholder engagement and a grievance mechanism.</li><br />
<li><strong>Freedom of Expression:</strong> The Company also fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.<br /><br />
Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal<a name="_ftnref73" href="#_ftn73"><sup>[73]</sup></a>, but it does not prevent the company from publishing more information about private requests for content restriction. D-VoIS does not provide any information with respect to this.</li><br />
<li><strong>Privacy:</strong> D-VoIS is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. Also, D-VoIS does not disclose what user information is collected, how and why, nor does it offer users meaningful access to their information. D-VoIS does not disclose any information regarding retention of user information, and the company could improve its disclosures about what user information it collects and how long it is retained.<br /><br />
Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.</li></ul>
<h3 id="62"><strong>6.2. Tata Docomo<a name="_ftnref74" href="#_ftn74"><sup>[74]</sup></a>, Bangalore</strong></h3>
<p style="text-align: justify;">The Privacy Policy and Terms & Conditions of Tata Docomo have been analysed on the basis of the Corporate Accountability index, and the answers can be accessed in <a class="external-link" href="http://cis-india.org/internet-governance/files/ranking-digital-rights-2015-annexure-2.pdf">Annex 2</a>.</p>
<h4>Summary</h4>
<p style="text-align: justify;">On the basis of the indicators and the information available, it can be ascertained that:</p>
<ul style="text-align: justify;">
<li>The Company has a freely available and understandable Data Privacy Policy and Terms of Use, though only in English language.</li><br />
<li>The Company has established electronic and administrative safeguards designed to secure the information collected to prevent unauthorized access to or disclosure of that information and to ensure it is used appropriately.</li><br />
<li>The company states circumstances in which it would restrict use of its services, along with reasons for content restriction. The company’s disclosed policies and practices demonstrate how it works to avoid contributing to actions that may interfere with the right to freedom of expression, except where such actions are lawful, proportionate and for a justifiable purpose.</li><br />
<li>The Company clearly states the kind of information collected, ways of collection and the reasons for collection as well as sharing.</li><br />
<li>Deploys industry standards for security of products and services</li></ul>
<h4>Analysis</h4>
<ul style="text-align: justify;">
<li><strong>Commitment:</strong> Tata Docomo fares low on Commitment since it has made no overarching public commitments to protect users’ freedom of expression or privacy in a manner that meets the Index’s criteria. Though the Company has established electronic and administrative safeguards designed to secure the information collected, it lacks adequate top-level policy commitments to users’ freedom of expression and privacy, establishing executive and management oversight over these issues, creating a process for human rights impact assessment, and lack of stakeholder engagement.</li><br />
<li><strong>Freedom of Expression:</strong> The Company fares low on Freedom of Expression as the terms of services, though easily available, are only in English language. Also, it does not commit to notify users about changes to the terms of service. While the company discloses what content and activities it prohibits , it provides no information about how the company notifies these restrictions to the users.<br /><br />
Regarding transparency about content restriction requests, since the Indian law prevents the company from disclosing government requests for content removal, it does not prevent the company from publishing more information about private requests for content restriction. Tata Docomo does not provide any information with respect to that.</li><br />
<li><strong>Privacy:</strong> Tata Docomo is required by law to have a privacy policy available on its website, this policy is available in English, but not in other languages spoken in India. No information is publically available regarding users option to control company's collection of information. Tata Docomo discloses that user information shall be retained as long as required and does not mention a specific duration for the same. Though the company discloses information about its security practices, it does not disclose any information regarding its efforts to educate users about security threats. It also does not disclose information regarding requests by non-governmental entities for user data.</li></ul>
<h2 id="7">7. Compliance of Privacy Policies with Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011</h2>
<p style="text-align: justify;">The Privacy Policy and Terms & Conditions of D-VoIS and Tata Docomo have been analysed on the basis of the security measures and procedures stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 to ascertain how sound and compliant the framework is with the existing data protection regime in India. The comparison can be accessed in <a class="external-link" href="http://cis-india.org/internet-governance/files/it-reasonable-security-practices-and-procedures-and-sensitive-personal-data-or-information-rules-2011.pdf">Annex 3</a>.</p>
<p style="text-align: justify;">Comparing the requirements listed under the Rules with the policies of both the companies, it can be said that though the websites of both companies provide privacy policies and are easily accessible, they lack crucial information regarding consent of the user before collection as well as sharing of information. Also, though the policies state the purpose of sharing such data with third parties, it does not state the purpose of collection of the information. The policies are also silent regarding the requirements to be complied with before transferring personal data into another jurisdiction . There is also no information about the companies having a grievance officer. Additionally, though the terms of services of D-VoIS state that the customer may choose to restrict the collection or use of their personal information, both companies do not specifically provide for an opt out mechanism to its users.</p>
<h2 id="8">8. Conclusion and Recommendations</h2>
<p style="text-align: justify;">To allay the numerous concerns regarding privacy and security with respect to public Wi-Fi’s, the ISPs must have a sound Privacy Policy in place. For this purpose, adherence to the indicators as listed under the Corporate Accountability Index, along with requirements for security of personal information stated under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and improving the policies accordingly shall greatly contribute to protection of Freedom of Expression and ensure Privacy of user information. Ensuring compliance with the existing data protection regime in the country becomes more important in light of the growing privacy and security concerns due to proliferation of free and public Wi-Fi service in India. Adequate measures like acquiring consent for collection and sharing of user data, commitment by company executives to ensure protection of rights of individuals, adoption of security standards, creating awareness about security concerns, etc. by such corporate must be considered to ensure protection of personal information and reduce the likelihood of a data breach. Both D-VoIS and Tata Docomo must consider the following recommendations in order to meet the criteria set by the Ranking Digital Rights project, ensuring commitment towards protection of right to freedom of expression and privacy of the users.</p>
<h3 id="81"><strong>8.1. Commitment</strong></h3>
<ul style="text-align: justify;">
<li>Set in place an oversight mechanism to monitor how the company’s policies and practices affect freedom of expression and privacy. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.</li>
<li>Also, they must conduct regular, comprehensive, and credible due diligence, such as human rights impact assessments, to identify how all aspects of their business impact freedom of expression and privacy.</li>
<li>In addition to that, they must Provide for a remedy or grievance mechanism. The Telecom Regulatory Authority of India also requires that all service providers have redress mechanisms. In case the Company already has that in place, information regarding the same must be made publically available for greater transparency.</li></ul>
<h3 id="82"><strong>8.2. Freedom of Expression</strong></h3>
<ul style="text-align: justify;">
<li>The Companies must make an effort to make the Terms of Service available in the most commonly spoken languages by its users, besides English.</li>
<li>Also, it is recommended that the Companies must ensure to provide meaningful notice to users regarding change in terms of service.</li>
<li>Besides disclosing what content and activities the companies prohibit, they must disclose information regarding how it enforces these prohibitions and should provide examples regarding the circumstances under which it may suspend service to individuals or areas to help users understand such policies.</li>
<li>The Companies must also disclose information regarding the process for evaluating and responding to requests from third parties to restrict content or service. Additionally, it must disclose how long it retains user information, publish process for evaluating and responding to requests from government and other third parties for stored user data and/or real-time communications.</li></ul>
<h3 id="83"><strong>8.3. Privacy</strong></h3>
<ul style="text-align: justify;">
<li>Though both the Companies disclose that the user information shall be shared with third parties, and Tata Docomo discloses what information is collected and how, yet there should be no legal impediment for the companies to improve its disclosures about what user information it collects, with whom it is shared, and how long it is retained to protect the privacy of the users.</li>
<li>Though Tata Docomo allows the users to review and correct their Personal Information collected by the Company, D-VoIS must release information regarding whether the users are able to view, download or otherwise obtain all of the information about them that the company holds. In case it does not allow, the Company must duly change its policy regarding the same.</li>
<li>The Companies must also publish information to help users defend against cyber threats.</li></ul>
<hr style="text-align: justify;" />
<p style="text-align: justify;"><a name="_ftn1" href="#_ftnref1"><sup>[1]</sup></a> The Financial Express, ‘Free wi-fi: Digital Dilemma’, February 22, 2015,</p>
<p style="text-align: justify;"><a href="http://www.financialexpress.com/article/economy/free-Wi-Fi-digital-dilemma/45804/">http://www.financialexpress.com/article/economy/free-Wi-Fi-digital-dilemma/45804/</a></p>
<p style="text-align: justify;"><a name="_ftn2" href="#_ftnref2"><sup>[2]</sup></a> Tata Docomo, http://www.tatadocomo.com/</p>
<p style="text-align: justify;"><a name="_ftn3" href="#_ftnref3"><sup>[3]</sup></a> D-VoIS Communication Pvt. Ltd. <a href="http://www.dvois.com/">http://www.dvois.com/</a></p>
<p style="text-align: justify;"><a name="_ftn4" href="#_ftnref4"><sup>[4]</sup></a> Ranking Digital Rights, https://rankingdigitalrights.org/</p>
<p style="text-align: justify;"><a name="_ftn5" href="#_ftnref5"><sup>[5]</sup></a> the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Available at : <a href="http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf">http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn6" href="#_ftnref6"><sup>[6]</sup></a> See : <a href="http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/">http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/</a>, <a href="http://www.aljazeera.com/indepth/features/2016/03/india-unlocking-public-wi-fi-hotspots-160308072320835.html">http://www.aljazeera.com/indepth/features/2016/03/india-unlocking-public-wi-fi-hotspots-160308072320835.html</a> , <a href="http://www.business-standard.com/article/technology/indians-most-willing-to-share-personal-data-over-public-wifi-116083000673_1.html">http://www.business-standard.com/article/technology/indians-most-willing-to-share-personal-data-over-public-wifi-116083000673_1.html</a> and <a href="http://articles.economictimes.indiatimes.com/2015-05-20/news/62413108_1_corporate-espionage-hotspots-bengaluru-airport">http://articles.economictimes.indiatimes.com/2015-05-20/news/62413108_1_corporate-espionage-hotspots-bengaluru-airport</a></p>
<p style="text-align: justify;"><a name="_ftn7" href="#_ftnref7"><sup>[7]</sup></a> Scroll, ‘Free wifi in Delhi is good news but here is the catch’, November 21, 2014, http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch</p>
<p style="text-align: justify;"><a name="_ftn8" href="#_ftnref8"><sup>[8]</sup></a> LinkNYC, https://www.link.nyc/</p>
<p style="text-align: justify;"><a name="_ftn9" href="#_ftnref9"><sup>[9]</sup></a> See : <a href="http://www.nyclu.org/files/releases/city%20wifi%20letter.pdf">http://www.nyclu.org/files/releases/city%20wifi%20letter.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn10" href="#_ftnref10"><sup>[10]</sup></a> The Huffingtonpost, ‘Maybe You Shouldn't Use Public Wi-Fi In New York City’, March 16, 2016, <a href="http://www.huffingtonpost.in/entry/public-wifi-nyc_us_56e96b1ce4b0b25c9183f74a">http://www.huffingtonpost.in/entry/public-wifi-nyc_us_56e96b1ce4b0b25c9183f74a</a></p>
<p style="text-align: justify;"><a name="_ftn11" href="#_ftnref11"><sup>[11]</sup></a> NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,</p>
<p style="text-align: justify;"><a href="http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns">http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns</a></p>
<p style="text-align: justify;"><a name="_ftn12" href="#_ftnref12"><sup>[12]</sup></a> NYCLU, ‘City’s Public Wi-Fi Raises Privacy Concerns’, March 16, 2016,</p>
<p style="text-align: justify;"><a href="http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns">http://www.nyclu.org/news/citys-public-wi-fi-raises-privacy-concerns</a></p>
<p style="text-align: justify;"><a name="_ftn13" href="#_ftnref13"><sup>[13]</sup></a>Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, <a href="https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/">https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/</a></p>
<p style="text-align: justify;"><a name="_ftn14" href="#_ftnref14"><sup>[14]</sup></a>Information Commissioner’s Office Blog, ‘Be wary of public Wi-Fi’September 25, 2015, <a href="https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/">https://iconewsblog.wordpress.com/2015/09/25/be-wary-of-public-Wi-Fi/</a></p>
<p style="text-align: justify;"><a name="_ftn15" href="#_ftnref15"><sup>[15]</sup></a>Marketing Law, ‘The ICO sounds a warning on public wi-fi and privacy’, November 24, 2015,</p>
<p style="text-align: justify;">http://marketinglaw.osborneclarke.com/data-and-privacy/the-ico-sounds-a-warning-on-public-Wi-Fi-and-privacy/</p>
<p style="text-align: justify;"><a name="_ftn16" href="#_ftnref16"><sup>[16]</sup></a>Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 <a href="http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32006L0024">http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32006L0024</a></p>
<p style="text-align: justify;"><a name="_ftn17" href="#_ftnref17"><sup>[17]</sup></a> Feiler, L., "The Legality of the Data Retention Directive in Light of the Fundamental Rights to Privacy and Data Protection", European Journal of Law and Technology, Vol. 1, Issue 3, 2010, <a href="http://ejlt.org/article/view/29/75">http://ejlt.org/article/view/29/75</a></p>
<p style="text-align: justify;"><a name="_ftn18" href="#_ftnref18"><sup>[18]</sup></a> The Data Retention (EC Directive) Regulations 2009 <a href="http://www.legislation.gov.uk/ukdsi/2009/9780111473894/pdfs/ukdsi_9780111473894_en.pdf">http://www.legislation.gov.uk/ukdsi/2009/9780111473894/pdfs/ukdsi_9780111473894_en.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn19" href="#_ftnref19"><sup>[19]</sup></a> Purple, ‘Update on the legal implications of offering public WiFi in the UK’, September 10, 2014, <a href="http://purple.ai/update-legal-implications-offering-public-wifi-uk/">http://purple.ai/update-legal-implications-offering-public-wifi-uk/</a></p>
<p style="text-align: justify;"><a name="_ftn20" href="#_ftnref20"><sup>[20]</sup></a> Data Protection Act 1998, <a href="http://www.legislation.gov.uk/ukpga/1998/29/contents">http://www.legislation.gov.uk/ukpga/1998/29/contents</a></p>
<p style="text-align: justify;"><a name="_ftn21" href="#_ftnref21"><sup>[21]</sup></a> Wireless Social, <a href="http://www.wireless-social.com/how-it-works/legal-compliance/">http://www.wireless-social.com/how-it-works/legal-compliance/</a></p>
<p style="text-align: justify;"><a name="_ftn22" href="#_ftnref22"><sup>[22]</sup></a> Data Protection Act 1998, <a href="https://www.gov.uk/data-protection/the-data-protection-act">https://www.gov.uk/data-protection/the-data-protection-act</a></p>
<p style="text-align: justify;"><a name="_ftn23" href="#_ftnref23"><sup>[23]</sup></a>The Hindu, ‘Free wifi on M.G. Road and Brigade Road from Friday’, January 23, 2014, <a href="http://www.thehindu.com/news/cities/bangalore/free-wifi-on-mg-road-and-brigade-road-from-friday/article5606757.ece">http://www.thehindu.com/news/cities/bangalore/free-wifi-on-mg-road-and-brigade-road-from-friday/article5606757.ece</a></p>
<p style="text-align: justify;"><a name="_ftn24" href="#_ftnref24"><sup>[24]</sup></a>The Telegraph, ‘Free Wi-fi on tech city streets- Bangalore offers five public hotspots’, January 25, 2014, <a href="http://www.telegraphindia.com/1140125/jsp/nation/story_17863705.jsp#.VwIv_Zx97IU">http://www.telegraphindia.com/1140125/jsp/nation/story_17863705.jsp#.VwIv_Zx97IU</a></p>
<p style="text-align: justify;"><a name="_ftn25" href="#_ftnref25"><sup>[25]</sup></a>Economic Times, ‘Karnataka Govt pulls the plug on public Wi-Fi spots in Bengaluru’, March 15, 2016, <a href="http://tech.economictimes.indiatimes.com/news/internet/karnataka-govt-pulls-the-plug-on-public-Wi-Fi-spots-in-bengaluru/51404414">http://tech.economictimes.indiatimes.com/news/internet/karnataka-govt-pulls-the-plug-on-public-Wi-Fi-spots-in-bengaluru/51404414</a></p>
<p style="text-align: justify;"><a name="_ftn26" href="#_ftnref26"><sup>[26]</sup></a> Medianama, ‘Why Don’t Indian Airports Offer Free WiFi To Passengers?’, May 22, 2013, <a href="http://www.medianama.com/2013/05/223-indian-airports-free-wifi/">http://www.medianama.com/2013/05/223-indian-airports-free-wifi/</a></p>
<p style="text-align: justify;"><a name="_ftn27" href="#_ftnref27"><sup>[27]</sup></a>Hindustan Times, ‘BSNL launches free public WiFi at Karnataka’s Malpe beach’, January 25, 2016, <a href="http://www.hindustantimes.com/tech/bsnl-launches-free-public-wifi-on-karnataka-s-malpe-beach/story-XVM06KQKIcoyqV8CLJoYzJ.html">http://www.hindustantimes.com/tech/bsnl-launches-free-public-wifi-on-karnataka-s-malpe-beach/story-XVM06KQKIcoyqV8CLJoYzJ.html</a></p>
<p style="text-align: justify;"><a name="_ftn28" href="#_ftnref28"><sup>[28]</sup></a>TechTree, ‘Problems With Free City-Wide Wi-Fi Hotspots In India’, September 28, 2015,</p>
<p style="text-align: justify;"><a href="http://www.techtree.com/content/features/9914/problems-free-city-wide-Wi-Fi-hotspots-india.html#sthash.2ZSf9kq7.dpuf">http://www.techtree.com/content/features/9914/problems-free-city-wide-Wi-Fi-hotspots-india.html#sthash.2ZSf9kq7.dpuf</a></p>
<p style="text-align: justify;"><a name="_ftn29" href="#_ftnref29"><sup>[29]</sup></a>India Today, ‘25 Indian cities to get free public Wi-Fi by June 2015’, December 17, 2014, <a href="http://indiatoday.intoday.in/technology/story/25-indian-cities-to-get-free-public-Wi-Fi-by-june-2015/1/407214.html">http://indiatoday.intoday.in/technology/story/25-indian-cities-to-get-free-public-Wi-Fi-by-june-2015/1/407214.html</a></p>
<p style="text-align: justify;"><a name="_ftn30" href="#_ftnref30"><sup>[30]</sup></a>Business Insider, ‘Modi Government To Roll Out Free Wi-Fi In 2,500 Towns And Cities To Make India Digital’, January 23, 2015, <a href="http://www.businessinsider.in/Modi-Government-To-Roll-Out-Free-Wi-Fi-In-2500-Towns-And-Cities-To-Make-India-Digital/articleshow/45989339.cms">http://www.businessinsider.in/Modi-Government-To-Roll-Out-Free-Wi-Fi-In-2500-Towns-And-Cities-To-Make-India-Digital/articleshow/45989339.cms</a></p>
<p style="text-align: justify;"><a name="_ftn31" href="#_ftnref31"><sup>[31]</sup></a>RailTel launches free high-speed public Wi-Fi service with Google at Mumbai Central, <a href="http://www.railtelindia.com/images/Mumbai.pdf">http://www.railtelindia.com/images/Mumbai.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn32" href="#_ftnref32"><sup>[32]</sup></a>Economic Times, ‘Google may get government nod to conduct pilot for Project Loon in India’, May 24, 2016,</p>
<p style="text-align: justify;"><a href="http://economictimes.indiatimes.com/tech/internet/google-may-get-government-nod-to-conduct-pilot-for-project-loon-in-india/articleshow/52408455.cms">http://economictimes.indiatimes.com/tech/internet/google-may-get-government-nod-to-conduct-pilot-for-project-loon-in-india/articleshow/52408455.cms</a></p>
<p style="text-align: justify;"><a name="_ftn33" href="#_ftnref33"><sup>[33]</sup></a>Department of Telecommunications, Ministry of Communications & IT, Government of India, February 23, 2009, <a href="http://www.dot.gov.in/sites/default/files/Wi-%20fi%20Direction%20to%20UASL-CMTS-BASIC%2023%20Feb%2009.pdf">http://www.dot.gov.in/sites/default/files/Wi-%20fi%20Direction%20to%20UASL-CMTS-BASIC%2023%20Feb%2009.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn34" href="#_ftnref34"><sup>[34]</sup></a> Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, <a href="http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch">http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch</a></p>
<p style="text-align: justify;"><a name="_ftn35" href="#_ftnref35"><sup>[35]</sup></a>MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, <a href="http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf">http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn36" href="#_ftnref36"><sup>[36]</sup></a> Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011</p>
<p style="text-align: justify;"><a name="_ftn37" href="#_ftnref37"><sup>[37]</sup></a>The Centre for Internet & Society, ‘Privacy and the Information Technology Act — Do we have the Safeguards for Electronic Privacy?’, April 7, 2011, <a href="http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy">http://cis-india.org/internet-governance/blog/privacy/safeguards-for-electronic-privacy</a></p>
<p style="text-align: justify;"><a name="_ftn38" href="#_ftnref38"><sup>[38]</sup></a>License Agreement for Unified License, <a href="http://www.dot.gov.in/sites/default/files/Unified%20Licence.pdf">http://www.dot.gov.in/sites/default/files/Unified%20Licence.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn39" href="#_ftnref39"><sup>[39]</sup></a> Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, <a href="https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf">https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn40" href="#_ftnref40"><sup>[40]</sup></a> Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, <a href="https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf">https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn41" href="#_ftnref41"><sup>[41]</sup></a> The Economic Times, ‘Trai floats consultation paper to boost broadband through Wi-Fi in public places’, July 14, 2016, <a href="http://economictimes.indiatimes.com/articleshow/53195586.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst">http://economictimes.indiatimes.com/articleshow/53195586.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst</a></p>
<p style="text-align: justify;"><a name="_ftn42" href="#_ftnref42"><sup>[42]</sup></a> Telecom Regulatory Authority of India, ‘Consultation Paper on Proliferation of Broadband through Public Wi-Fi Networks’ July 13, 2016, <a href="https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf">https://www.mygov.in/sites/default/files/mygov_1468492162190667.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn43" href="#_ftnref43"><sup>[43]</sup></a>Mint, ‘Trai issues paper on public Wi-Fi networks’ July 14, 2016, <a href="http://www.livemint.com/Industry/1jVgso2R2Lz4NR5IYFaCtN/Trai-issues-paper-on-public-WiFi-networks.html">http://www.livemint.com/Industry/1jVgso2R2Lz4NR5IYFaCtN/Trai-issues-paper-on-public-WiFi-networks.html</a></p>
<p style="text-align: justify;"><a name="_ftn44" href="#_ftnref44"><sup>[44]</sup></a>Forbes,’How To Avoid Data Theft When Using Public Wi-Fi’, March 4, 2014, <a href="http://www.forbes.com/sites/amadoudiallo/2014/03/04/hackers-love-public-wi-fi-but-you-can-make-it-safe/#373c75e32476">http://www.forbes.com/sites/amadoudiallo/2014/03/04/hackers-love-public-wi-fi-but-you-can-make-it-safe/#373c75e32476</a></p>
<p style="text-align: justify;"><a name="_ftn45" href="#_ftnref45"><sup>[45]</sup></a>Symantec, ‘Norton Cyber Security Insights Report’, 2016, <a href="https://www.symantec.com/content/dam/symantec/docs/reports/2016-norton-cyber-security-insights-report.pdf">https://www.symantec.com/content/dam/symantec/docs/reports/2016-norton-cyber-security-insights-report.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn46" href="#_ftnref46"><sup>[46]</sup></a>The Indian Express, ‘Indian cybercrime victims don’t learn from past experience: Norton Report’, November 18, 2016, <a href="http://indianexpress.com/article/technology/tech-news-technology/indian-users-complacent-when-it-comes-to-cyber-security-norton-report/">http://indianexpress.com/article/technology/tech-news-technology/indian-users-complacent-when-it-comes-to-cyber-security-norton-report/</a></p>
<p style="text-align: justify;"><a name="_ftn47" href="#_ftnref47"><sup>[47]</sup></a>Mashable, ‘This is the real price you pay for 'free' public Wi-Fi’, January 26, 2016, <a href="http://mashable.com/2016/01/25/actual-cost-free-Wi-Fi/?utm_cid=mash-com-Tw-main-link#WmAJGJ_COiq5">http://mashable.com/2016/01/25/actual-cost-free-Wi-Fi/?utm_cid=mash-com-Tw-main-link#WmAJGJ_COiq5</a></p>
<p style="text-align: justify;"><a name="_ftn48" href="#_ftnref48"><sup>[48]</sup></a>MojoNetworks, ‘Complying with DoT Regulation on Secure Use of WiFi: Less in Letter, More in Spirit’, <a href="http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf">http://www.mojonetworks.com/fileadmin/pdf/Implementing_DoT_Regulation_on_WiFi_Security.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn49" href="#_ftnref49"><sup>[49]</sup></a>Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, <a href="http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374">http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374</a></p>
<p style="text-align: justify;"><a name="_ftn50" href="#_ftnref50"><sup>[50]</sup></a>Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, <a href="http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374">http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374</a></p>
<p style="text-align: justify;"><a name="_ftn51" href="#_ftnref51"><sup>[51]</sup></a>The Indian Express, ‘Public Wifi can be used to steal private information: IT Security Expert’, May 19, 2015, <a href="http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/#sthash.xiuWtL6v.dpuf">http://indianexpress.com/article/technology/technology-others/public-wifi-can-be-used-to-steal-private-information-it-security-expert/#sthash.xiuWtL6v.dpuf</a></p>
<p style="text-align: justify;"><a name="_ftn52" href="#_ftnref52"><sup>[52]</sup></a>Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, <a href="https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv">https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv</a></p>
<p style="text-align: justify;"><a name="_ftn53" href="#_ftnref53"><sup>[53]</sup></a>Network Computing, ‘Public WiFi, Location Data & Privacy Anxiety’, July 4, 2015, <a href="http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374">http://www.networkcomputing.com/wireless/public-wifi-location-data-privacy-anxiety/1496375374</a></p>
<p style="text-align: justify;"><a name="_ftn54" href="#_ftnref54"><sup>[54]</sup></a>University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, <a href="https://djw.cs.washington.edu/papers/wifi-CHI09.pdf">https://djw.cs.washington.edu/papers/wifi-CHI09.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn55" href="#_ftnref55"><sup>[55]</sup></a>Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, <a href="http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/">http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/</a></p>
<p style="text-align: justify;"><a name="_ftn56" href="#_ftnref56"><sup>[56]</sup></a>The Guardian, ‘Londoners give up eldest children in public Wi-Fi security horror show’, September 29, 2014, <a href="https://www.theguardian.com/technology/2014/sep/29/londoners-Wi-Fi-security-herod-clause">https://www.theguardian.com/technology/2014/sep/29/londoners-Wi-Fi-security-herod-clause</a></p>
<p style="text-align: justify;"><a name="_ftn57" href="#_ftnref57"><sup>[57]</sup></a> Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, <a href="https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv">https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv</a></p>
<p style="text-align: justify;"><a name="_ftn58" href="#_ftnref58"><sup>[58]</sup></a>ABC13, ‘Hackers set up fake Wi-Fi hotspots to steal your information, July 10, 2015, <a href="http://abc13.com/technology/hackers-set-up-fake-Wi-Fi-hotspots-to-steal-your-information/835223/">http://abc13.com/technology/hackers-set-up-fake-Wi-Fi-hotspots-to-steal-your-information/835223/</a></p>
<p style="text-align: justify;"><a name="_ftn59" href="#_ftnref59"><sup>[59]</sup></a>Medium, ‘Maybe Better If You Don’t Read This Story on Public WiFi’, October 14, 2014, <a href="https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv">https://medium.com/matter/heres-why-public-wifi-is-a-public-health-hazard-dd5b8dcb55e6#.3061h6lsv</a></p>
<p style="text-align: justify;"><a name="_ftn60" href="#_ftnref60"><sup>[60]</sup></a> Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, <a href="http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch">http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch</a></p>
<p style="text-align: justify;"><a name="_ftn61" href="#_ftnref61"><sup>[61]</sup></a> Scroll, ‘Free wifi in Delhi is good news but here is the catch’ November 21, 2014, <a href="http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch">http://scroll.in/article/690755/free-wifi-in-delhi-is-good-news-but-here-is-the-catch</a></p>
<p style="text-align: justify;"><a name="_ftn62" href="#_ftnref62"><sup>[62]</sup></a>University of Washington, Computer Science and Engineering, ‘When I am on Wi-Fi, I am Fearless:” Privacy Concerns & Practices in Everyday Wi-Fi Use’, <a href="https://djw.cs.washington.edu/papers/wifi-CHI09.pdf">https://djw.cs.washington.edu/papers/wifi-CHI09.pdf</a></p>
<p style="text-align: justify;"><a name="_ftn63" href="#_ftnref63"><sup>[63]</sup></a> Breitbart, ‘Fre Public Wi-Fi poses security risks’, May 19, 2015, <a href="http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/">http://www.breitbart.com/big-government/2015/05/19/free-public-wifi-poses-security-risk/</a></p>
<p style="text-align: justify;"><a name="_ftn64" href="#_ftnref64"><sup>[64]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/who/frequently-asked-questions/">https://rankingdigitalrights.org/who/frequently-asked-questions/</a></p>
<p style="text-align: justify;"><a name="_ftn65" href="#_ftnref65"><sup>[65]</sup></a> Business & Human Rights Resource Centre, ‘Ranking Digital Rights Project’, <a href="http://business-humanrights.org/en/documents/ranking-digital-rights-project">http</a><a href="http://business-humanrights.org/en/documents/ranking-digital-rights-project">://business-humanrights.org/en/documents/ranking-digital-rights-project</a></p>
<p style="text-align: justify;"><a name="_ftn66" href="#_ftnref66"><sup>[66]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/about/">https://rankingdigitalrights.org/about/</a></p>
<p style="text-align: justify;"><a name="_ftn67" href="#_ftnref67"><sup>[67]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/about/">https://rankingdigitalrights.org/about/</a></p>
<p style="text-align: justify;"><a name="_ftn68" href="#_ftnref68"><sup>[68]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/who/frequently-asked-questions/">https://rankingdigitalrights.org/who/frequently-asked-questions/</a></p>
<p style="text-align: justify;"><a name="_ftn69" href="#_ftnref69"><sup>[69]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/who/frequently-asked-questions/">https://rankingdigitalrights.org/who/frequently-asked-questions/</a></p>
<p style="text-align: justify;"><a name="_ftn70" href="#_ftnref70"><sup>[70]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/about/">https://rankingdigitalrights.org/about/</a></p>
<p style="text-align: justify;"><a name="_ftn71" href="#_ftnref71"><sup>[71]</sup></a> Ranking Digital Rights, <a href="https://rankingdigitalrights.org/who/frequently-asked-questions/">https://rankingdigitalrights.org/who/frequently-asked-questions/</a></p>
<p style="text-align: justify;"><a name="_ftn72" href="#_ftnref72"><sup>[72]</sup></a> D-VoIS Communication Pvt. Ltd. <a href="http://www.dvois.com/">http://www.dvois.com/</a></p>
<p style="text-align: justify;"> </p>
<p style="text-align: justify;"><a name="_ftn73" href="#_ftnref73"><sup>[73]</sup></a>Section 16 of the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009 states that all request and complaints must be kept confidential.</p>
<p style="text-align: justify;"><a name="_ftn74" href="#_ftnref74"><sup>[74]</sup></a> Tata Docomo, http://www.tatadocomo.com/</p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/privacy-and-security-implications-of-public-wi-fi-a-case-study'>https://cis-india.org/internet-governance/blog/privacy-and-security-implications-of-public-wi-fi-a-case-study</a>
</p>
No publishervanyaPublic Wireless NetworkPrivacyInternet GovernanceDigital Rights2016-12-12T12:29:49ZBlog Entry