Access To Knowledge (A2K)

Two women arrested over Facebook gripe on Mumbai shutdown

praskrishna — 2013-01-15T09:26:33Z

A woman who complained about the Indian city of Mumbai shutting down for the funeral of divisive Hindu nationalist politician Balasaheb Thackeray was arrested for "hurting religious sentiments," local police told reporters amid public anger over the case.

This article by Emily Alpert appeared in Los Angeles Times on November 19, 2012. Pranesh Prakash is quoted.

Indian media identified the woman as Shaheen Dhada, 21, who reportedly wrote, "People like Thackeray are born and die daily and one should not observe a bandh [shutdown] for that.”

Police also arrested a friend of hers who "liked" the comment.

The Facebook remark spurred angry backers of Thackeray, a controversial figure who once openly called for attacks on Muslims, to assault a clinic owned by Dhada' uncle. Analysts told the Associated Press that the arrests appeared to be a move by police to head off any further violence from Thackeray supporters.

Free-speech groups were outraged by the ransacking and arrests. In a blistering letter to the chief minister of Maharashtra state, a former Supreme Court justice who now heads the Press Council of India called the charges absurd and unlawful and demanded that the police officers involved be prosecuted.

"We are living in a democracy, not a fascist dictatorship," Markandey Katju wrote.

The Maharashtra director-general of police ordered a probe into the arrests Monday, Indian television station IBN reported. The two women were reportedly released on bail during the day.

The Shiv Sena political party that Thackeray founded has polarized Mumbai over the years with campaigns against Muslims and migrants. His death put the city on high alert over the weekend amid fears of violence. As shops were shuttered and taxis sat idle, some Mumbai residents grew frustrated.

"When tens of thousands were making similar comments ... how did the police single out Shaheen Dhada and her friend for arrest?” wrote Pranesh Prakash of the Center for Internet and Society. He added, "This should not be written off as a harmless case of the police goofing up."

For more details visit https://cis-india.org/news/la-times-nov-19-2012-emily-alpert-two-women-arrested-over-facebook-gripe-on-mumbai-shutdown

India ranks second globally in accessing private details of users

praskrishna — 2012-11-19T04:49:23Z

According to the latest transparency report released by Google, India ranks second in the world for accessing private details of its citizens, only after the U.S. The Google report lists out requests it received from governments across the world to access details of users of its various services.

Kul Bhushan's blog post was published in thinkdigit on November 15, 2012. Pranesh Prakash is quoted.

Google's data reveals India had made 2,319 requests involving 3,467 users in the first six months. The U.S. made 7,969 requests, while Brazil, which ranks third, made 1,566 requests during the same period. Worldwide 20,938 requests were made during the January-June period. The report says the information shared included complete Gmail account, chat logs, Orkut profile and search terms among others.

The requests for accessing user data from India had grown two-fold from 1,061 in July-December 2009 to 2,207 in July-December 2011, the report points out.

According to the report, India has been consistently sending requests to remove content which it brands as defamatory and against national security. The court orders, however, to take down content has remained almost stagnant over the years; though requests from the executive and police have grown.

In the first six months this year, there were 20 court orders and 64 requests from executive/police that resulted in 596 items being taken down from the web. During the January-June 2010 period, there were only eight court orders and 22 executive/police requests, resulting in 125 items being taken down. Read about Google's previous transparency report here.

"Though India is a large country with a significant number of internet users, this data is nonetheless an indicator of growing surveillance," Times of India quotes Pranesh Prakash, policy director at Centre for Internet and Society ( CIS), a Bangalore-based organization looking at issues of public accountability, internet freedom and openness, as saying.

"India lacks a general privacy law that helps set guidelines for such user requests, despite privacy being a constitutional right as part of the right to life," added Prakash.

For more details visit https://cis-india.org/news/thinkdigit-internet-kul-bhushan-nov-15-2012-india-ranks-second-globally-in-accessing-private-details-of-users

Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009

smita — 2012-11-21T09:32:36Z

G.S.R.781 (E).-- In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, read with sub-section (2) of section 69A of the Information Technology Act 2000, (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.--
(1) These rules may be called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.
(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.--
In these rules, unless the context otherwise requires,-
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "computer resource" means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(c) "Designated Officer" means an officer designated as Designated Officer under rule 3;
(d) "Form" means a form appended to these rules;
(e) "intermediary" means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(f) "nodal officer" means the nodal officer designated as such under rule 4;
(g) "organisation" means -
(i) Ministries or Departments of the Government of ;
(ii) state Governments and Union territories;
(iii) any agency of the Central Government, as may be notified in the Official Gazette, by the Central Government;
(h) "request" means the request for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource;
(i) "Review Committee" means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Designated Officer.--
The Central Government shall designate by notification in Official Gazette, an officer of the Central Government not below the rank of a Joint Secretary, as the "Designated Officer", for the purpose of issuing direction for blocking for access by the public any information generated, transmitted, received, stored or hosted in any computer resource under sub-section (2) of section 69A of the Act.

4. Nodal officer of organisation.--
Every organisation for the purpose of these rules, shall designate one of its officer as the Nodal Officer and shall intimate the same to the Central Government in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India and also publish the name of the said Nodal Officer on their website.

5. Direction by Designated Officer.--
The Designated Officer may, on receipt of any request from the Nodal Officer of an organisation or a competent court, by order direct any Agency of the Government or intermediary to block for access by the public any information or part thereof generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in sub-section (1) of section 69A of the Act.

6. Forwarding of request by organisation.--
(1) Any person may send their complaint to the Nodal Officer of the concerned organisation for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource:
Provided that any request, other than the one from the Nodal Officer of the organisation, shall be sent with the approval of the Chief Secretary of the concerned State or territory to the Designated Officer:
Provided further that in case a Union territory has no Chief Secretary, then, such request may be approved by the Adviser to the Administrator of that Union territory.
(2) The organisation shall examine the complaint received under sub-rule (1) to satisfy themselves about the need for taking of action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act and after being satisfied, it shall send the request through its Nodal Officer to the Designated Officer in the format specified in the Form appended to these rules.
(3) The Designated Officer shall not entertain any complaint or request for blocking of information directly from any person.
(4) The request shall be in writing on the letter head of the respective organisation, complete in all respects and may be sent either by mail or by fax or by e-mail signed with electronic signature of the Nodal Officer:
Provided that in case the request is sent by fax or by e-mail which is not signed with electronic signature, the Nodal Officer shall provide a signed copy of the request so as to reach the Designated Officer within a period of three days of receipt of the request by such fax or e-mail.
(5) On receipt, each request shall be assigned a number alongwith the date and time of its receipt by the Designated Officer and he shall acknowledge the receipt thereof to the Nodal Officer within a period of twenty four hours of its receipt.

7. Committee for examination of request.--
The request alongwith the printed sample content of the alleged offending information or part thereof shall be examined by a committee consisting of the Designated Officer as its chairperson and representatives, not below the rank of Joint Secretary in Ministries of Law and Justice, Home Affairs, Information and Broadcasting and the Indian Computer Emergency Response Team appointed under sub-section (1) of section 70B of the Act.

8. Examination of request.--
(1) On receipt of request under rule 6, the Designated Officer shall make all reasonable efforts to identify the person or intermediary who has hosted the information or part thereof as well as the computer resource on which such information or part thereof is being hosted and where he is able to identify such person or intermediary and the computer resource hosting the information or part thereof which have been requested to be blocked for public access, he shall issue a notice by way of letters or fax or e-mail signed with electronic signatures to such person or intermediary in control of such computer resource to appear and submit their reply and clarifications, if any, before the committee referred to in rule 7, at a specified date and time, which shall not be less than forty-eight hours from the time of receipt of such notice by such person or intermediary.
(2) In case of non-appearance of such person or intermediary, who has been served with the notice under sub-rule (1), before the committee on such specified date and time, the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(3) In case, such a person or intermediary, who has been served with the notice under sub-rule (1), is a foreign entity or body corporate as identified by the Designated Officer, notice shall be sent by way of letters or fax or e-mail signed with electronic signatures to such foreign entity or body corporate and any such foreign entity or body corporate shall respond to such a notice within the time specified therein, failing which the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(4) The committee referred to in rule 7 shall examine the request and printed sample information and consider whether the request is covered within the scope of sub-section (1) of section 69A of the Act and that it is justifiable to block such information or part thereof and shall give specific recommendation in writing with respect to the request received from the Nodal Officer.
(5) The designated Officer shall submit the recommendation of the committee, in respect of the request for blocking of information alongwith the details sent by the Nodal Officer, to the Secretary in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India (hereinafter referred to as the "Secretary, Department of Information Technology").
(6) The Designated Officer, on approval of the request by the Secretary, Department of Information Technology, shall direct any agency of the Government or the intermediary to block the offending information generated, transmitted, received, stored or hosted in their computer resource for public access within the time limit specified in the direction:
Provided that in case the request of the Nodal Officer is not approved by the Secretary, Department of Information Technology, the Designated Officer shall convey the same to such Nodal Officer.

9. Blocking of information in cases of emergency.--
(1) Notwithstanding anything contained in rules 7 and 8, the Designated Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the request and printed sample information and consider whether the request is within the scope of sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit the request with specific recommendations in writing to Secretary, Department of Information Technology.
(2) In a case of emergency nature, the Secretary, Department of Information Technology may, if he is satisfied that it is necessary or expedient and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing, as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.
(3) The Designated Officer, at the earliest but not later than forty-eight hours of issue of direction under sub-rule (2), shall bring the request before the committee referred to in rule 7 for its consideration and recommendation.
(4) On receipt of recommendations of committee, Secretary, Department of Information Technology, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary, Department of Information Technology in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person or intermediary in control of such information shall be accordingly directed to unblock the information for public access.

10. Process of order of court for blocking of information.--
In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed by the court.

11. Expeditious disposal of request.--
The request received from the Nodal Officer shall be decided expeditiously which in no case shall be more than seven working days from the date of receipt of the request.

12. Action for non-compliance of direction by intermediary.--
In case the intermediary fails to comply with the direction issued to him under rule 9, the Designated Officer shall, with the prior approval of the Secretary, Department of Information Technology, initiate appropriate action as may be required to comply with the provisions of sub-section (3) of section 69A of the Act.

13. Intermediary to designate one person to receive and handle directions.--
(1) Every intermediary shall designate at feast one person to receive and handle the directions for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource under these rules.
(2) The designated person of the Intermediary shall acknowledge receipt of the directions to the Designated Officer within two hours on receipt of the direction through acknowledgement letter or fax or e-mail signed with electronic signature.

14. Meeting of Review Committee.--
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under these rules are in accordance with the provisions of sub-section (1) of section 69A of the Act and if is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

15. Maintenance of records by Designated Officer.--
The Designated Officer shall maintain complete record of the request received and action taken thereof, in electronic database and also in register of the cases of blocking for public access of the information generated, transmitted, received, stored or hosted in a computer resource.

16. Requests and complaints to be confidential.--
Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof.

FORM
[See rule 6(2)]
A. Complaint
1. Name of the complainant: --___________________________________________
(Person who has sent the complaint to the Govt./Nodal Officer)
2. Address :________________________________________________________
________________________________________________________________
City :______________________ Pin Code:______________
3. Telephone :______________ (prefix STD code) 4. Fax (if any):__________
5. (if any):_____________________________
6. Email (if any):_____________________________________________
B : Details of website/ computer resource/intermediary/ offending Information hosted on the website
(Please give details wherever known)
7. URL / web address :________________________________
8. IP Address :___________________________
9. Hyperlink:____________________________
10. Server/Proxy Server address :__________________________________
11. Name of the Intermediary :___________________________________
12. URL of the Intermediary :____________________________________
(Please attach screenshot/printout of the offending information)
13. Address or location of intermediary in case the intermediary is telecom service provider, network service provider, internet service provider, web-hosting service provider and cyber cafe or other form of intermediary for which information under points (7), (8), (9), (10), (11) and (12) are not available.
_______________________________________________________
_______________________________________________________
_______________________________________________________
C. Details of Request for blocking
14. Recommendation/Comments of the Ministry/State Govt :______________________
________________________________________________________________________
________________________________________________________________________
15. The level at which the comments/ recommendation have been approved
(Please specify designation):__________________________________________
16. Have the complaint been examined in Ministry/State Government: Y/N
17. If yes, under which of the following reasons it falls (please tick):
(i) Interest of sovereignty or integrity of
(ii) Defence of
(iii) Security of the State
(iv) Friendly relations with foreign States
(v) Public order
(vi) For preventing incitement to the commission of any cognisable offence relating to above
D. Details of the Nodal Officer forwarding the complaint alongwith recommendation of the Ministry/State Govt. and related enclosures
18. Name of the Nodal Officer:_____________________________________________
19. Designation :___________________________________________________
20. organisation :________________________________________________________
21. Address : ______________________________________________________
City :______________________ Pin Code:______________
22. Telephone:________________(prefix STD code) 23. Fax (if any):____________
24. (if any):_____________________________
25. Email (if any):_____________________________________________
E. Any other information :
F. Enclosures :

1.
2.
3
Date: Place: Signature

For more details visit https://cis-india.org/internet-governance/resources/information-technology-procedure-and-safeguards-for-blocking-for-access-of-information-by-public-rules-2009

Post and be Damned

praskrishna — 2012-11-19T03:40:46Z

Your careless comments online could put you in jail, thanks to Section 66A of the Information Technology Act. Kavitha Shanmugam examines a law that some critics say is vague and unconstitutional

Kavita Shanmugham's column was published in the Telegraph on November 14, 2012. Pranesh Prakash is quoted.

Two weeks ago, S. Ravi, owner of a small plastic packaging unit in Puducherry, was rudely woken up by the police at 5am, manhandled and arrested. Reason: Ravi had posted a couple of unflattering comments about Karti Chidambaram, son of finance minister P. Chidambaram, on Twitter. He had tweeted that Chidambaram Junior "had amassed more wealth than Robert Vadra".

Ravi was arrested under Section 66A of the Information Technology (IT) Act, 2008, and hauled up before a judicial magistrate who remanded him to nine days in custody. "It was then that I became really scared," says Ravi, who is out on bail.

A casual tweeter with just 16 followers, Ravi believes he did nothing wrong. “I was using a statement that was already there on the Internet. They could have sent me a lawyer’s notice or investigated the complaint before taking action,” argues Ravi, whose Twitter following has now jumped to 2,518.

"My tweet was retweeted by 20,000 people, who dared the authorities to arrest them too," he adds indignantly, terming Section 66A a “draconian law" with "wide scope for misuse".

Ravi is not alone in denouncing Section 66A of the IT Act. Indeed, there is now a huge outcry against the law, with a section of legal and cyber experts saying that it is nothing but a useful tool in the hands of the powers that be to curb freedom of speech and expression online.

At the same time, there are those who believe that online abuse or defamation cannot masquerade as freedom of speech and that the law is necessary to move against those who commit this offence.

Karti Chidambaram, for one, believes that Ravi’s tweet was motivated and defamatory. "The tweeter made one tweet in 78 days. It was about me. It clearly implied that I am corrupt. That is malicious. So I preferred a complaint to the police. The law exists. I didn’t frame the law," he says.

Section 66A of the IT Act lays down that a person can be punished with up to three years’ imprisonment if he or she sends offensive information or messages through a computer resource or communication device. The problem arises because it fails to clarify what can be termed "offensive". For example, information that is "grossly offensive" or has "menacing character” or information disseminated for the “purpose of causing annoyance and inconvenience" are all brought under the ambit of "offensive". This leaves the law wide open for various interpretations and abuse. "It’s too vaguely worded," insists M. Lenin, a lawyer advising volunteers of India Against Corruption in Chennai. “Any online statement can be declared 'offensive' and any tweet may be deemed ‘inconvenient’. The section has become a convenient tool for the police to harass people."

Section 66A of the IT Act lays down that a person can be punished with up to three years’ imprisonment if he or she sends offensive information or messages through a computer resource or communication device. The problem arises because it fails to clarify what can be termed "offensive". For example, information that is "grossly offensive" or has "menacing character” or information disseminated for the “purpose of causing annoyance and inconvenience" are all brought under the ambit of "offensive". This leaves the law wide open for various interpretations and abuse.

"It’s too vaguely worded," insists M. Lenin, a lawyer advising volunteers of India Against Corruption in Chennai. “Any online statement can be declared 'offensive' and any tweet may be deemed ‘inconvenient’. The section has become a convenient tool for the police to harass people."

Earlier this year, Section 66A was also invoked, among other laws, to arrest Jadavpur University professor Ambikesh Mahapatra for forwarding an email cartoon of West Bengal chief minister Mamata Banerjee.

Indeed, some experts go a step further and call Section 66A patently unconstitutional. Says Pranesh Prakash, policy director, Centre for Internet and Society, Bangalore, "It’s clearly in violation of Article 19(1)(a) of our Constitution that guarantees freedom of speech. The fact that some information is ‘grossly offensive’ (Section 66A) or that it causes ‘annoyance’ or ‘inconvenience’ while being known to be false (Section 66A(c)) cannot be a reason for curbing freedom of speech unless it is directly related to violating decency, morality or public order, or amounts to defamation."

However, apologists for Section 66A argue that the law has its merits too in that it can be used to move against genuine incidents of harassment or defamation online. Take the case of Chinmayee Sripada, a popular Chennai-based playback singer. Chinmayee, who has one lakh followers on Twitter, was targeted by a group of six men who sent her lewd and threatening tweets for a period of time. Apparently, they were upset with her remarks on reservation and for not joining them in a Twitter campaign against the killing of Tamil Nadu fishermen by the Sri Lankan navy.

Recently, Chinmayee complained to the police with “thousands of pages of ugliness and vulgarity” and the trolls, including a professor at the National Institute of Fashion Technology, Chennai, were identified and arrested under Section 66A.

The offending tweeters apologised to her and closed their accounts after the arrest. "I believe Section 66A belled the cat. The arrest made people realise that Twitter also demands self-regulation. In the name of freedom of speech there is zero control on platforms like Twitter. There should be some boundaries," says Chinmayee’s mother T. Padmahasini.

Ramachandra Murthy, Ravi’s lawyer, too believes that Section 66A is a "good tool" for genuine cases of harassment. "Unfortunately, it is being misused by influential people. Still, if you are innocent the case can never hold up in court," he reasons.

Others question the need for a separate law to deal with cases of online defamation or harassment when the Indian Penal Code already has provisions to tackle them. New Delhi-based lawyer Apar Gupta cites the examples of Section 500, 499 and 294 of the IPC which deal with defamation or committing obscene acts in public. "Section 66A only makes the burden on the accused harsher," he adds.

While some IT experts want Section 66A scrapped, others say that it should at least be amended. “Even if the section is not struck off the statute books, the provisions in it may be read down by the courts and safeguards may be prescribed in its application,” says Gupta.

Until that happens, mistaking social media platforms for online drawing rooms where you can indulge in all kinds of freewheeling chat could be fraught with danger.

Justice A.P. Shah, a former chief justice of the Delhi High Court, echoes that view. "Section 66A is very broad and loosely worded. The scope of such a law has to be restricted. Instead, it is vague and clearly violative of Article 19(1)(a) of the Constitution that guarantees freedom of speech and expression," he says.

For more details visit https://cis-india.org/news/telegraphindia-opinion-story-kavitha-shanmugham-nov-14-2012-post-and-be-damned

Will The International Telecommunication Regulations (ITRs) Impact Internet Governance? A Multistakeholder Perspective

pranesh — 2012-12-10T04:40:11Z

Pranesh Prakash made a presentation at the India Internet Governance Conference (IIGC) held at the FICCI, Federation House, Tansen Marg, New Delhi on October 4 and 5, 2012. The event was organised by the Ministry of Communications & Information Technology, FICCI and Internet Society. CIS was one of the supporting organisations.

Principles

I'll outline some broad principles that should be kept in mind while deciding on proposals for the International Telecommunications Regulations (ITR).

Any proposal should be considered for the ITR if an only if it satisfies all the below criteria:

Only if international regulation is needed

If only national regulation is sufficient, then ITR is not the right place for it.
International roaming price transparency, for instance, is an issue where international cooperation is required.

Only if it is a technical issue limited to telecommunications networks and interoperability

On the issues of 'security', if it is strictly about network security, then it is fine.

ITU already does some standard setting work around this.

If it about security of root server operations, or DNS, etc., that's not around telecommunications, despite being a technical issue.
If it is about criminal activities on telecommunications networks, that is not a technical issue.

Only if it is something that can be decided at the level of states.

Multistakeholder issues should not end up at the ITU, since the ITU is not a multistakeholder body.
This principle has been accepted by the ITU itself in the Geneva Declaration as well as the Tunis Agenda.

Only if it proposes to address a proven harm

The ETNO proposal, for instance, does not make it very clear why they think current interconnection system is a problem.

Though the ETNO proposal says that it is required to enable "fair compensation", "sustainable development of telecom", it does so without showing why the current payment mechanisms are unsustainable, or how telecom industry has changed lately, or even how moving from voice to data (even for voice) is going to affect "sustainable development of telecom".
Geoff Huston provides the wonderful example of how ten years ago, content providers were asking for fair compensation from telecom providers ("content is being provided free, while ISPs charge customers; ISPs are worthless without content, hence ISPs need to share revenue with content providers"). Now the opposite argument is being made by telecom operators.

Airtel in India has publicly asked Google and Facebook for revenue sharing.

Rohan Samarajiva of LIRNEasia

He believes ETNO proposal is bad for developing countries.

Adverse unintended effect of ETNO proposal ("sending-party network pays") is that less traffic will be directed towards poorer regions without the ability (whether through ad sales, or otherwise) to justify that expenditure by the sender.

ISOC paper is one of the most in-depth analysis so far.

They strongly believe it is going to be bad for Internet

Truth is that there has been no clear economic study so far of the potential impact. Hence counting benefits without proper analysis is risky.

Only if there's no better place than ITU

If another existing organization like ICANN or IETF can look at it, then ITU should not take over.

If all the above principles are satisfied, then the question becomes:

Does the proposal further substantive principles, such as:
Development
Competition and prevention of monopolies
Etc.

If the proposal does advance such substantive principles, then we should ask what kind of regulation is needed: Whether mandatory or not whether it is the minimal amount required to achieve the policy objectives.

Conclusion

Indian government's positions on the specific proposals to the ITR haven't yet been made public.

But the India government has taken a public position on the larger issue before: the IBSA statement on Enhanced Cooperation from December 2010. the IBSA reaffirms its commitment to the stability and security of the Internet as a global facility based on the full participation of all stakeholders, from both developed and developing countries, within their respective roles and responsibilities in line with paragraph 35 of the Tunis Agenda.

"The management of the Internet encompasses both technical and public policy issues and should involve all stakeholders and relevant intergovernmental and international organizations."

Demonization of the ITU is not good, though some in civil society have engaged in it, and is not the issue here. * After all, ITU was a core part of the WSIS process that led to the multistakeholder system. * ITU does have its own role to play in Internet governance.

Importantly, transparency and public participation is required. * We have signed an international civil society letter asking ITU to be more transparent. This has had a little impact; more documents are now out in the public. And there's now WCITLeaks.org * The Indian government must hold inclusive meetings with all relevant experts and stakeholders, including civil society organizations and academics.

For more details visit https://cis-india.org/internet-governance/blog/will-the-international-telecommunication-regulations-itrs-impact-internet-governance-a-multistakeholder-perspective

Privacy in the Social Networked World

praskrishna — 2012-12-04T16:19:51Z

The Asian Privacy Scholars Network 2nd International Conference was hosted by the Centre for Business Information Ethics, Meiji University, Tokyo, Japan, on behalf of the Asian Privacy Scholars Network, November 19 - 20, 2012. Elonnai Hickok is speaking at the event.

Monday, November 19, 2012

09:00—09:30	Registration and Welcome
09:30—10:30	Keynote Speaker: Pirongrong Ramasoota (Chulalongkorn University, Thailand) The Future of Privacy in the World's Largest Democracy
10:30—11:00	Break
11:00—12:30	Whon-Il Park (Kyung Hee University, Korea) How to Protect, or Utilize, Personal Visual Information in Korea Sinta Dewi Rosadi (University Padjadjaran, Indonesia) Constitutional Privacy Protection: The Indonesian Experience Takato Natsui (Meiji University, Japan) Censorship, Burying and Mental Health in Business Office
12:30—14:00	Lunch
14:00—15:00	Lilian Edwards (Strathclyde University, UK) International Implications of the Proposed Revision of the EU Data Protection Directive Graham Greenleaf (UNSW, Australia and Meiji University, Japan) 100 Data Privacy Laws: Their Significance and Origins
15:00—15:30	Break
15:30—16:30	Kiyoshi Murata/Yohko Orito (Meiji University/Ehime University, Japan) Japanese Youngsters' Social Attitude towards Privacy Ryoko Asai/Iordanis Kavathatzopoulos (Meiji University, Japan/Uppsala University, Sweden) The Paradoxical Nature of Privacy
18:00—20:00	Conference Banquet (Salon San, 23rd Floor, Liberty Tower, Meiji University)

Tuesday, November 20, 2012

09:00—09:45	Keynote Speaker: Roger Clarke (Xamax Consultancy, UNSW and ANU, Australia) Consumer-Oriented Social Media as Market Opportunity
09:45—10:00	Video Presentation from David Lyon (Queens University, Canada)
10:00—10:30	Break
10:30—12:00	Daniel Trottier (Uppsala University, Sweden) Social Networking Sites and Crowd-sourced Surveillance Colin Bennett (University of Victoria, Canada) Social Networking and Privacy Jurisdiction Andrew Adams (Meiji University, Japan) Facebook Code: SNS Platform Affordances and Privacy
12:00—13:00	Lunch
13:00—14:30	Elonnai Hickok (Centre for Internet and Society, India) Transparency and Privacy in India Fumio Shimpo (Keio University, Japan) Current Developments in Japanese Data Protection Policy Panel: Chen, Greenleaf, Hickok, Shimpo
14:30—15:00	Break
15:00—17:00	Ian Brown (University of Oxford, UK) Data Protection and Social Networking Services Shirley Williams (University of Reading, UK) Do Computer Science Scholars Consider Issues of Privacy when Studying Large Twitter Data Sets? Final Panel: Adams, Bennett, Brown, Clarke, Williams

Organisers

Prof Andrew A. Adams, Meiji University, Tokyo, Japan
Prof Kiyoshi Murata, Meiji University, Tokyo, Japan
Prof Graham Greenleaf, UNSW, Sydney, Australia
(JSPS Visiting Fellow, Meiji University Sep-Dec 2012)

Read the original here

For more details visit https://cis-india.org/news/privacy-in-social-networked-world

Statement of Civil Society Members and Groups Participating in the "Best Bits" pre-IGF meeting at Baku in 2012

pranesh — 2012-12-07T08:06:25Z

The Centre for Internet & Society was one of the signatories for this submission made to the ITU on November 16, 2012.

Read the statement of civil society members and groups participating in the “Best Bits” pre-IGF meeting at Baku in 2012

We thank the Secretariat of the ITU for making the opportunity to submit our views.

Nevertheless, the process of the revision of the International Telecommunication Regulations (ITRs) has not been sufficiently inclusive and transparent, despite some recent efforts to facilitate public participation. Fundamental to the framing of public policy must be the pursuit of the public interest and fundamental human rights, and we urge Member States to uphold and protect these values.

We as civil society organizations wish to engage with the World Conference on International Telecommunication (WCIT) process in this spirit. Member States, in most cases, have not held open, broad-based, public consultations in the lead up to the WCIT, nor have they indicated such a process for the WCIT itself.

In order to address this deficiency, and at a minimum, we would urge:

All Member States and regional groups to make their proposals available to the public in sufficient time to allow for meaningfulpublic participation;
All delegates to support proposals to open sessions of the WCIT meeting to the public;
The ITU Secretariat to increase transparency of the WCIT including live webcast with the video, audio, and text transcripts, as far as possible, to enable participation by all, including persons with disabilities;
The ITU Secretariat, Member States, and regional groups to make as much documentation publicly available as possible on the ITU's website, so that civil society can provide substantive input on proposals as they are made available;
Member States to encourage and facilitate civil society participation in their national delegations;
The ITU to create spaces during the WCIT for civil society to express their views, as was done during the WSIS process.

Given the uncertainty about the nature of final proposals that will be presented, we urge delegates that the following criteria be applied to any proposed revisions of the ITRs.

That any proposed revisions are confined to the traditional scope of the ITRs, where international regulation is required around technical issues is limited to telecommunications networks and interoperability standards.
There should be no revisions to the ITRs that involve regulation of the Internet Protocol and the layers above.
There should be no revisions that could have a negative impact on affordable access to the Internet or the public's rights to privacy and freedom of expression.

More generally we call upon the ITU to promote principles of net neutrality, open standards, affordable access and universal service, and effective competition.

Signatories:

Access (Global)
Association for Progressive Communications (Global)
Bangladesh NGOs Network for Radio and Communication (Bangladesh)
Bytes for All (Pakistan)
Center for Democracy and Technology (United States of America)
Centre for Community Informatics Research (Canada)
Centre for Internet and Society (India)
Collaboration on International ICT Policy for East and Southern Africa (Eastern and Southern Africa)
Consumer Council of Fiji (Fiji)
Consumers International (Global)
Dynamic Coalition on Internet Rights and Principles (IRP) (Global)
Electronic Frontier Finland (Finland)
Imagining the Internet Center (United States of America)
Instituto Nupef (Brazil)
Internet Democracy Project (India)
Internet Research Project (Pakistan)
Global Partners and Associates (United Kingdom)
GobernanzadeInternet.co (Colombia)
ICT Watch Indonesia (Indonesia)
Instituto Brasileiro de Defesa do Consumidor / Brazilian Institute for
Consumer Defense (Brazil)
InternetNZ (New Zealand)
IT for Change (India)
Media Education Center (Armenia)
ONG Derechos Digitales (Chile)
OpenMedia (Canada)
Public Knowledge (United States of America)
Thai Netizen Network (Thailand)
Ginger Paque (Venezuala)
Nnenna Nwakanma (Côte d'Ivoire)
Sonigitu Ekpe (Nigeria)
Wolfgang Kleinwächter (Denmark)

For more details visit https://cis-india.org/internet-governance/blog/statement-of-civil-society-members-and-groups-at-best-bits-pre-igf-meeting

India second in requesting user info: Google

praskrishna — 2012-11-15T09:40:10Z

India is at second place after the US in terms of the government requests for user data from Google

Karthik Subramanian's article was published in the Hindu on November 14, 2012. Pranesh Prakash is quoted.

The Indian government made the second largest demand for Web user information — next only to the United States government — to Google in the six-month period from January to June this year, according to the ‘Transparency Report’ published by the Web services major on Tuesday.

During the six-month period, the Indian government — both by way of court orders and by way of requests from police— requested Google to disclose user information 2,319 times over 3,467 users/accounts. Google fully or partially complied with the request to the tune of 64 per cent. Only the U.S. government requested more data during the period — 7,969 requests over 16,281 accounts, compliance rate: 90 per cent.

It is the sixth time Google has brought out the bi-annual report detailing its interactions with the world government agencies. It details two categories of interactions : requests to divulge user data; and requests to pull down content. India ranked seventh in the list of requests to pull down data; experts say that the possible reason could be the government not having such powers under the Constitution.

Pranesh Prakash, policy director with Bangalore-based Centre for Internet and Society, said that the Google report was a damning indictment of the country’s government exceeding its constitutional bounds by demanding removal of material for defamation, government criticism, etc., without a valid court order. "There are no laws in our country that allows the executive or the police to remove such material without a court order."

Substantial spike

In all, 33 countries figure in the report. There was a substantial spike when compared to previous reports with respect to the number of requests from various governments to pull down content.

"In the first half of 2012, there were 20,938 inquiries from government entities around the world. Those requests were for information about 36,614 accounts,” wrote Dorothy Chou, Google’s senior policy analyst, on the Official Google Blog while presenting the report. “The number of government requests to remove content from our services was largely flat from 2009 to 2011. But it’s spiked in this reporting period. In the first half of 2012, there were 1,791 requests from government officials around the world to remove 17,746 pieces of content."

Google is leading the cause for voluntary disclosure of the interactions it has with the governments. Other web services that put out similar transparency reports include micro-blogging site Twitter; cloud storage service Dropbox; and social networking site Linkedin.

Mr. Prakash said it was not enough if just the web services put out such reports. "The telecom service providers must voluntarily come out with such information," he added.

"There is a dearth of public information about the amount of legal interception and surveillance. This does not bode well in a democratic polity."

For more details visit https://cis-india.org/news/the-hindu-sci-tech-internet-karthik-subramanian-nov-14-2012-india-second-in-requesting-user-info-google

India second in keeping tabs on netizens

praskrishna — 2012-11-15T09:04:01Z

India ranks second globally in accessing private details of its citizens, next only to the US, if the latest data from Google is to be believed.

The article by Ishan Srivastava was published in the Times of India on November 15, 2012, Pranesh Prakash is quoted.

The transparency report by the internet search giant lists out requests it received from governments across the world to access information on the users of its various services.

In the first six months of 2012, India made 2,319 requests involving 3,467 users. In comparison, the US made 7,969 requests in the same period and Brazil, which comes third, sent 1,566 requests. Globally, there were 20,938 requests for user data during the January-June period. The data can include your complete Gmail account, chat logs, Orkut profile and search terms among others. These reports are prepared by Google every six months, and were started in July-December 2009.

The requests for user data from India doubled from 1,061 in July-December 2009 to 2,207 in July-December 2011.

"Though India is a large country with a significant number of internet users, this data is nonetheless an indicator of growing surveillance," said Pranesh Prakash, policy director at Centre for Internet and Society (CIS), a Bangalore-based organization looking at issues of public accountability, internet freedom and openness.

"India lacks a general privacy law that helps set guidelines for such user requests, despite privacy being a constitutional right as part of the right to life," said Prakash.

India also actively sends requests to take down content which it deems defamatory and against national security. While the number of court orders for taking down web content has remained almost stagnant over the years, there has been a rise in the number of requests by the executive and police. Between January and June this year, there were 20 court orders and 64 requests from executive/police that resulted in 596 items being taken down from the web. In comparison, there were only eight court orders and 22 executive/police requests in January-June 2010, resulting in 125 items being taken down.

"The government does not always specify the reason for which they want access. They just want access, what they do with the information is not known to us," said a legal adviser to an MNC. "These requests come with a threat to our continued operation in India."

Falsified court orders are also being employed to seek removal of content. Three such court orders were sent to Google "that demanded the removal of blog posts and entire blogs for alleged defamation." One order was said have been issued by a local court in Andheri, Mumbai while the other two by the Delhi high court. But all the three were found to be fake.

Google says a single court order was responsible for removal of 360 items this year as they "contained adult videos that allegedly violated an individual's personal privacy." While such orders have a positive impact like curbing pornography and violent content, governments at every level have also tried to use these requests to take down unfavourable content or criticism.

In January-June 2011 period, Google received "requests from state and local law enforcement agencies to remove YouTube videos that displayed protests against social leaders or used offensive language in reference to religious leaders". Google rejected a majority of these requests. It also received a request from a law enforcement agency to remove 236 communities and profiles from Orkut that were critical of a local politician. Google did not remove them either.

"Prior to 2009, government had limited powers of interception. However, after 26/11 they gave themselves huge powers to block and monitor content," said Supreme Court lawyer Pavan Duggal. "Data privacy is non-existent in India." He said that the A P Shah Committee, which was formed to recommend principles for a privacy law, has submitted its report to the Planning Commission and now it is up to the government to take it to the next stage.

Both Prakash and Duggal said that technology companies in India, including telecom players, should come out with similar transparency reports as Google. A report by international watchdog Privacy International says that Bharti Airtel, in its 2010-2011 annual report, said it had received 422 appreciation letters from law enforcement agencies for assistance in lawful interceptions. "The Indian IT Act requires electronic audit by firms but the law is silent on how this audit is filed," said Duggal.

Globally, Dropbox, LinkedIn, Sonic.net and Twitter release transparency reports apart from Google.

For more details visit https://cis-india.org/news/times-of-india-india-times-tech-tech-news-internet-ishan-srivastava-nov-15-2012-india-second-in-keeping-tabs-on-netizens

Steady Steps.....FOSS and the MDG's

praskrishna — 2012-12-09T01:11:31Z

Pranesh Prakash was a panelist at this IGF workshop held on November 9, 2012. It was organised by International Center For Free and Open Source Software and Free Software and OpenSource Foundation For Africa.

IG4D Thematic Cluster 2 "Enabling Environment" Question 1: What does it take to attract investment in infrastructure and enc

Concise Description of Workshop:

This workshop will address some key areas, where Free and open source software has made a milestone, in the last few years to fulfill the Millennium development goal, across the globe. Many a times whenever FOSS is mentioned, , thoughts quickly run to ‘techies’ . In this session , the Panelists will give practical presentations/projects on Free and Open Source Software, outside the technical arena and show how it has changed the face of : 1) Governments:- We will look at, Policy in the area of Open Data, 2) In Academia:- We will look at, Open Education Resources (OER) , FOSS in schools etc, both in Africa and India. 3) In Private Sector- we will look at , Wealth creation, innovation and job creation, just to mention but a few. 1) Secondly we will look at how FOSS is bridging the digital divide, existing between the different age groups more especially the Youth, Women, between the different social circles/media , inclusion of person's with disabilities.etc, through partnerships and rural deployment of FOSS. We will have the privilege to look at initiative(s), in Brazil. 1) Last but not least, It will address, the key policies, that governments should embrace, that would continue to enhance FOSS in the Internet development goal at national level , regional level and at the global level. A rich discussion will be encouraged, from the participants to ensure that the FOSS community understands its strength and role in the internet governance realm, in policy making process and in the privacy, security and openness arena.

Workshop Agenda:
1. What Milestone has FOSS made in:
i) Academia
ii) Government
iii) Private Sector
2. Is FOSS factor to consider in bridging the digital divide?
3. Regarding the Milestone that FOSS has achieved, should there be national, regional, global.etc policies to ensure a fair palying field it?
- Closing remarks, What actions to be taken, conclusion.

Submitted Workshop Panelists:

1. Mr. Satish Babu - ICFOSS, India (Government)- Moderator- Confirmed
2. Mr. Fernando Botelho- F123.org, Brazil (Remote Participation)- Confirmed
3. Ms. Anne Rachel Inne, ICANN- Confirmed
4. Mr. Pranesh Prakash, CIS Bangalore, India- Confirmed
5. Ms. Mishi Choudhary, Executive Director of International programs at Software Freedom Law Center (SFLC), India- Confirmed
6. Mr. Yves Miezan Ezo, FOSSFA , CHALA, France- Confirmed
7.Ms. Nnenna Nwakanma, CEO, Nnenna.org, Cote d' Ivoire- Confirmed

Name of Remote Moderator(s):

Ms. Judy Okite, FOSSFA

Assigned Panellists:

For more details visit https://cis-india.org/news/steady-steps-foss-and-mdgs

Q&A to the Report of the Group of Experts on Privacy

elonnai — 2012-11-09T10:20:48Z

In January 2012 Justice A.P. Shah formed a committee consisting of a group of experts to contribute to and create a report of recommendations for a privacy legislation in India. The committee met a total of seven times from January to September 2012. The Centre for Internet and Society (CIS) was a member of the committee creating the report. This blog post is CIS’s attempt to answer questions that have arisen from media coverage on the report, based on our understanding.

Executive Summary

The executive summary explains how the need for a horizontal privacy legislation that recognizes the right to privacy has come about in India in light of projects and practices such as the UID, NATGRID, and the changing nature of business and technology. The executive summary highlights the committee’s recommendations of what should be considered by legislatures while enacting a privacy legislation in India.

Q: What are the salient features of the committee’s recommendations?

A: In its report the committee recommended that any privacy legislation passed should:

Be technologically neutral and interoperable with international standards to ensure that the regulation can adapt to changing technology, and that business will be promoted.
Recognize the multiple dimensions of privacy including physical and informational privacy.
Apply to all data controllers both in the private sector and the public sector to ensure that businesses and governments are held accountable to protecting privacy.
Establish a set of privacy principles that can be applicable to different practices, policies, projects, departments, and businesses to create a uniform level of privacy protection across all sectors.
Create an enforcement regime of co-regulation, where industry has the choice of developing privacy principles and ensuring compliance at the sectoral level with regular oversight by the Privacy Commissioners.

Chapter 1: Constitutional Basis for Privacy

This chapter summarizes a number of decisions from the Indian Judiciary that demonstrate how the right to privacy in India has been defined on a case to case basis and has been defined as either a fundamental right or a common law right.

Q: What are the contexts of the cases covered?

A: This chapter covers cases that speak to the:

Right to privacy in the context of surveillance by the State
Balancing the ‘right to privacy’ against the ‘right to free speech’
The ‘right to privacy’ of HIV patients
Prior judicial sanctions for tapping telephones
The ‘search and seizure’ powers of revenue authorities

Chapter 2: International Privacy Principles

This chapter summarizes recent developments in privacy laws, international privacy principles, and privacy principles developed by specific countries. This review aided the Committee in forming its recommendations for the report.

Q: Privacy principles from which countries were reviewed by the Committee?

A: The Committee reviewed privacy principles from the following countries and international organizations.

EU Regulations of January 2012
US Consumer Privacy Bill of Rights
OECD Privacy Principles
APEC Privacy Framework
Australia
Canada

Chapter 3: National Privacy Principles, Rationales, and Emerging Issues

This chapter lays out the nine national privacy principles and describes the rationale for each principle along with emerging issues around each principle.

Q: What could the principles apply to?

A: The principles apply to the collection, processing, storage, retention, access, disclosure, destruction, sharing, transfer, and anonymization of sensitive personal information, personal identifiable information, and identifiable information by data controllers. The national privacy principles can also be applied to legislation, projects, practices, and policies to ensure that provisions and requirements are in compliance with the national privacy principles.

Q: Who could be brought under the scope of the principles?

A: The principles are applicable to every data controller in the private sector and the public sector. For example organizations and government departments that determine the purposes and means of processing personal information will be brought under the scope of the principles and will be responsible for carrying out the processing of data in accordance with sectoral privacy standards or the national privacy principles.

Q: How could the National Privacy Principles impact individuals?

A: The principles provide individuals with the right to 1. Receive notice before giving consent stating what personal information is being collected, the purposes for which personal information is being collected, the uses of collected personal information, whether or not personal information will be disclosed to third persons, security safeguards established by the data controller, processes available to data subjects to access and correct personal information, and contact details of privacy officers. 2. Opt in and out of providing personal information 3. Withdraw given consent at any point of time. 4. Access and correct any personal information held by data controllers 5. Allow individuals to issue a complaint with the respective ombudsman, privacy commissioner, or court.

Q: Would the National Privacy Principles be binding for every data controller?

A: Yes, but Self Regulating Organizations at the industry level have the option of developing principles for that specific sector. These principles must be approved by the privacy commissioner and be in compliance with the National Privacy Principles.

Chapter 4: Analysis of Relevant Legislation, Bills, and Interests from a Privacy Perspective

This chapter examines relevant legislation, bills, and interests from a privacy perspective. In doing so the chapter clarifies how the right to privacy should intersect with the right to information and the freedom of expression, and anaylzes current and upcoming legislation to demonstrate what existing provisions in the legislation uphold the privacy principles, what existing provisions are in conflict with the principles, and what provisions are missing to ensure that the legislation is compliant to the extent possible with the principles.

Q: How does the report understand the relationship between the Right to Information and the Right to Privacy?

A: When applied the Privacy Act should not circumscribe the Right to Information Act. Furthermore, RTI recipients should not be considered data controllers and thus should not be brought under the ambit of the privacy principles.

Q: How does the report understand the relationship between the freedom of expression and privacy?

A: Questions about how to balance the right to privacy with the freedom of expression can arise in many circumstances including: the right to be forgotten and data portability, journalistic expression, state secrecy and whistle blowers, and national security. Most often, public interest is the test used to determine if the right to privacy should supersede the freedom of expression or vice versa.

Chapter 5: The Regulatory Framework

This chapter outlines the committee’s recommendations for a regulatory framework for the Privacy Act.

Q: Who are the main actors in the regulatory framework?

A: The report recommends that a regulatory framework be comprised of one privacy commissioner at the central level and four commissioners at the regional level, self regulating organizations (SRO’s) at the industry level, data controllers and privacy officers at the organization level, and courts.

Q: What are the salient features of the regulatory framework?

A: The salient features of the regulatory framework include 1. A framework of co-regulation 2. Complaints 3. Exceptions to the Privacy Act 4. Offenses under the Act

Q: What are exceptions to the right to privacy? Are these blanket exceptions?

A: National security; public order; disclosure of information in public interest; prevention, detection, investigation and prosecution of criminal offences; and protection of the individual or of the rights and freedoms of others are suggested exceptions to the right to privacy. The committee has qualified these exceptions with the statement that before an exception can be made for the following circumstances, the proportionality, legality, and necessity in a democratic state should be used to measure if the exception applies and the extent of the exception. Thus, they are not blanket exceptions to the right to privacy

Historical and scientific research and journalistic purposes were also recommended as additional exceptions to the right to privacy that may be considered. These exceptions will not be subjected to the principles of proportionality, legality, and necessary in a democratic state.

Q: What are the powers and responsibilities of the privacy commissioners?

A: The powers and responsibilities of the Privacy Commissioners are the following:

Responsibilities:

Enforcement of the Act
Broadly oversee interception/access, audio & video recordings, the use of personal identifiers, and the use of bodily or genetic material.
Evaluate and approve privacy principles developed by SRO’s
Collaborate with stakeholders to endure effective regulation, promote awareness of the Act, and sensitize citizens to privacy considerations

Powers:

Order privacy impact assessments on organisations
Investigate complaints suomotu or based off of complaints from data subjects (summon documents, call and examine witnesses, and take a case to court if necessary )
Fine non-compliant data controllers

Q: How does Co-regulation work?

A: The purpose of establishing a regulatory framework of co-regulation is to ensure that appropriate policies and principles are articulated and enforced for all sectors. If a sector wishes to develop its own privacy standards, the industry level self regulating organization will submit to the privacy commissioner a sub set of self regulatory norms. If these norms are approved by the privacy commissioner the SRO will be responsible for enforcing those norms, but the privacy commissioner will have the power to sanction member data controllers for violating the norms. If a sector does not have an SRO or does not wish to develop its own set of standards, the National Privacy Principles will be binding.

Q: What are data controllers? What are privacy officers? What are ombudsmen?

A: A data controller is any entity that handles or process data. Privacy officers receive and handle complaints at the organizational level and may be appointed as part of a SRO’s privacy requirements for a sector. Ombudsmen are appointed at the SRO level and are also responsible for receiving and handling complaints. The objective of having ombudsman and privacy officers is to reduce the burden of handling complaints on the commissioner and the courts.

Q: When can an individual issue a complaint? Which body should individuals issue complaints to?

A: An individual can issue a complaint at any point of time when they feel that their personal information has not been handled by a data controller according to the principles, or that a data controller is not in compliance with the Act. When applicable complaints are encouraged to be issued first to the organization. If the complaint is not resolved, the individual can take the complaint to the SRO or privacy commissioner. The individual also has the option of taking a complaint straight to the courts. When a complaint is received by the commissioner, the commissioner may fine the data controller if it is found to be non-compliant. Data controllers cannot appeal fines issued by the commissioner, but they can appeal the initial decision of non-compliance.

Q: Can an individual receive compensation for a violation of privacy:

A: Yes. Individuals who suffer damages caused by non-compliance with the principles or any obligation under the Act can receive compensation, but the compensation must be issued by the courts and cannot be issued by a privacy commissioner. Actors that can be held liable by individuals include data controllers, organization directors, agency directors, and heads of Governmental departments.

Q: What offences does the report reccomend?

A: The following constitutes as an offence under the Act:

Non-compliance with the privacy principles
Unlawful collection, processing, sharing/disclosure, access, and use of personal data
Obstruction of commissioner
Failure to comply with notification issued by commissioner
- Processing data after receiving a notification
- Failure to appear before commissioner
- Failure to produce documents requested by commissioner
- Sending report to commissioner with false or misleading information

Chapter 6: The Multiple Dimensions of Privacy

This chapter gives examples of practices that impact privacy in India which the national privacy principles could be applied to. These include interception/access, the use of electronic recording devices, the use of personal identifiers, and the use of bodily and genetic material. The current state of each practice in India is described, and the inconsistencies and gaps in the regimes are highlighted. Each section also provides recommendations of which privacy principles need to be addressed and strengthened in each practice, and how the privacy principles would be affected by each practice.

Q: Does the report give specific recommendations as to how each practice should be amended to incorporate the National Privacy Principles?

A: No. Each section explains the current state of the practice in India, gaps and inconsistencies with the current practice, and recommends broadly what principles need to be addressed and strengthened in the regime, and how the National Privacy Principles may be affected by the practice.

Summary of Recommendations

This chapter consolidates and clarifies all of the Committee’s recommendations for a Privacy Act in India.

Q: Are the recommendations in this chapter different from chapters above?

A: No. The recommendations in this chapter reflect the recommendations made earlier. This chapter does clarify the recommended scope and objectives of the Privacy Act including:

The Act should define and harmonize with existing laws in force.
The Act should extend the right of privacy to all individuals in India and all data processed by any company or equipment locating in India, and all data that originated in India.
The Act should clarify that the publication of personal data for artistic and journalistic purposes in public interest, the use of personal information for household purposes, and the disclosure of information as required by the Right to Information Act should not constitute an infringement of privacy.
The Act should not require a ‘reasonable expectation’ of privacy to be present for the right to be evoked.
If any other legislation provides more extensive protections than those set out by the Privacy Act, than the more extensive protections should apply.

Report of the Group of Experts on Privacy [PDF, 1270 Kb]

For more details visit https://cis-india.org/internet-governance/blog/question-and-answer-to-report-of-group-of-experts-on-privacy

Law yet to catch up with tech-enabled peeping toms

praskrishna — 2012-11-08T08:06:07Z

Devices that give sharp images are the order of the day. But this clarity is lacking when it comes to regulating use of cameras and camera phones in public places, say policy makers.

The article by Sandhya Soman & Pratiksha Ramkumar was published in the Times of India on November 7, 2012.

If there is one thing that sends more clients harried by blackmailers to detectives like A M Malathy of Malathy Detective Agency, it is the pervasive presence of the camera, most often inside modest cell phones. "One girl had to leave a town as her ex-boyfriend uploaded her photo on the internet and referred to her as a call girl. We got the web page removed," says Malathy.

But tracing culprits is difficult if they are strangers on the road. Absence of a privacy law makes it difficult for police to book culprits. "If someone photographs a woman on a bus, we can ask the person to delete it. But we can't book the person s there is no law," says Jegabar Sali, assistant commissioner, cyber crime cell.

The Information Technology (IT) Act, 2000 talks of punishment only in cases where a person's private areas have been photographed. However, things are looking up with the government trying to draw up the Right to Privacy Bill.

"The problems posed by digital technology are complex and we need to define what these new crimes are," says Rajeev Chandrasekhar, independent Member of Parliament, who introduced the Right to Privacy Bill,2010 in Parliament. "I did it because I got representations from parents and women about how MMS clips were being used to blackmail them," says Chandrasekhar.

There have been attempts at legislation earlier. The Mobile Camera Phone Users (Code of Conduct) Bill, 2006 attempted to regulate the use of camera phones in public places. It proposed that manufactures build camera phones that flash a light or emit a 'click' sound, and that users should get consent of the person being photographed.

"The sound and light are for informing people that they are being filmed," says Sunil Abraham, executive director, Centre for Internet and Society, a Bangalore-based organisation that was part of the committee. These provisions are part of South Korea's privacy law, which sought to bring down cases of technology-enabled 'upskirt' photography, where photos of women were taken without their permission, he says.

For more details visit https://cis-india.org/news/times-of-india-sandhya-soman-and-pratiksha-ramkumar-nov-7-2012-law-yet-to-catch-up-with-tech-enabled-peeping-toms

Information security policy on govt agenda

praskrishna — 2012-11-08T06:18:28Z

As an increasing quantity of sensitive information is transmitted through electronic channels, the government is considering putting in place an internal information security policy to reduce the risk of leaks and counter possible cyber attacks, said three government officials involved in discussions on the proposal.

Surabhi Agarwal's article was published in LiveMint on November 6, 2012. Sunil Abraham is quoted.

The policy will include new guidelines on top of the standards set out by the Official Secrets Act, 1923, and mandate safeguards for each category of information on how it should be transmitted, stored and preserved. The categories are “top secret”, “secret”, “confidential”, “restricted” and “official use only”.

Experts argue that given the easy portability of such information and its vulnerability to hackers, the policy should have been in place much sooner.

The Official Secrets Act seeks to protect sensitive information including official communications, sketch plans, documents and other information pertaining to government functioning. Gaining wrongful access to information deemed to be an official secret or unauthorized use of such information are regarded as offences.

Given that the law was enacted almost a quarter century before independence, it had no provisions to deal with electronic transmission of such information made possible by technological advances in subsequent decades, said cyber expert Pawan Duggal.

One of the three government officials cited above said the aim of the proposed internal information security policy is to protect classified information that’s transmitted electronically much as it is done currently in the paper format.

"As more information is getting transmitted in the electronic format, we have to put in place procedures, guidelines, policies and standards for protecting that information in the electronic format," the official said.

From the newsroom: Securing government information	The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said. A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers. Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

From the newsroom: Securing government information

The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said.

A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers.

Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

A third government official, who also didn’t want to be identified, said that every government official would have to follow standard procedures in electronic transmission of information.

“The moment one’s computer is connected to the Internet, it is part of a global network, so attackers in the cyber space know which information can be stolen from where if the necessary deterrents are not in place,” the official said.

Sensitive information such as tax matters and intellectual property issues are part of the information that’s transmitted electronically by government offices, which if leaked can have market implications as well as an impact on governance, experts said.

“The government leaks like a sieve,” said B.G. Verghese, a visiting professor at New Delhi-based Centre for Policy Research.

“This is a step and they are trying to lay some ground rules to regulate a process that fits in with concepts of law, good governance, Constitution, privacy and prevents any wrongdoing,” Verghese said.

The proposed policy, when put in place, will be a step forward so long as it does not dilute the powers available to citizens under the Right to Information Act, said Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society.

Currently there are several concerns centred on electronic transmission, including questions about who is responsible for information, especially its unauthorized use. “This could help establish an audit trail,” Abraham said.

The first government official quoted above stressed that although cyber security and information security cut across each other, the two concepts are different.

“Cyber (security) is basically about devices and networks, whereas information security is very particularly about the information which travels on the net,” this official said. Reinforced cyber security will be an additional benefit once the information security policy comes into force, he said.

For more details visit https://cis-india.org/news/live-mint-politics-surabhi-agarwal-nov-6-2012-information-security-policy-on-govt-agenda

Who is Following Me: Tracking the Trackers (IGF2012)

praskrishna — 2012-12-07T17:17:32Z

The Internet Society and the Council of Europe are co-organising a workshop at the IGF (Baku - 8 November 2012 - 09:00 - 10:30) regarding online tracking. Malavika Jayaram is a speaker.

Interest in online tracking as a policy issue spiked with the release of the Preliminary Federal Trade Commission Staff Report in December 2010 entitled Protecting Consumer Privacy in an Era of Rapid Change – A Proposed Framework for Businesses and Policymakers calling for a “do not track” mechanism, the launch of the W3C Tracking Protection Workng Group and the recent entry into force of the so-called European “Cookie Directive” provisions. However, the actual and potential observation of individuals’ interactions online has long been a concern for privacy advocates and others.

Much of the policy attention is currently focused on cookies used to track users to build profiles for more targeted advertising, but some of the more difficult issues are:

How to deal with less-observable tracking (e.g. browser and/or device fingerprinting, monitoring of publicly disclosed information)
How to develop laws that accommodate different tracking scenarios – for example:
- different entities (law enforcement, companies, etc.);
- different and sometimes multiple purposes (security, personalising user experience, targeting advertising, malicious activity; etc.);
- first-party and third-party tracking o single site and multiple site tracking
Transparency (particularly on small mobile devices)
Whether a traditional consent model is sufficient and effective

The panel:

Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C)
Kimon Zorbas, Vice President, Interactive Advertising Bureau (IAB) Europe
Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA
Malavika Jayaram, partner at Jayaram & Jayaram, Bangalore
Shaundra Watson, Counsel for international consumer protection, USA Federal Trade Commission
Rob van Eijk, Council of Europe expert, Leiden University (PhD student)

The moderators:

Christine Runnegar, Internet Society
Sophie Kwasny, Council of Europe

The remote moderator:

James Lawson, Council of Europe

This workshop will explore:

Current and emerging trends in online tracking (and their related purposes)
How to give individuals full knowledge of the tracking that occurs when they go online
Mechanisms to give individuals greater control over tracking and data use
The respective roles of all actors (government, law enforcement, Internet intermediaries, businesses, browser vendors, application developers, advertisers, data brokers, users, Internet technical community, etc.)
Whether effective data protection online can be ensured solely by law.
Whether self-regulation and voluntary consensus standards offer better options for tuning privacy choice to the rapidly advancing technology environment.

Please read our background paper and update

For more details visit https://cis-india.org/news/who-is-following-me

Solutions for Enabling Cross-border Data Flows

praskrishna — 2012-12-07T22:42:35Z

ICC BASIS and the Internet Society are co-organising a workshop at the IGF (Baku - 7 November 2012 - 14:30 to 16:00) to explore solutions for enabling cross-border data flows. Malavika Jayaram is a panelist.

This was published by Internet Society. For details published on the IGF website, see here

BRIEF OVERVIEW

The Internet has revolutionised our ability to communicate and share data beyond national boundaries, thereby facilitating cross-border social and commercial interactions. Enabling cross-border data flows, however, raises a number of important Internet governance policy considerations for a broad range of stakeholders, such as business, intermediaries, users, law enforcement agencies, governments, policymakers and the wider Internet technical community. In this context, the workshop will explore policy issues, from various stakeholder perspectives.

The dynamic panel of experts will provide a wide range of perspectives for this discussion and explore concrete solutions and options for enabling cross-border data flows. This is an important opportunity to raise awareness about the practical and the policy realities raised by these issues. It will also be an opportunity to share concrete issues, experiences, possible approaches and solutions.

MODERATOR
Jeff Brueggeman, Vice President-Public Policy & Deputy Chief Privacy Officer, AT&T

PANELLISTS
Joseph Alhadeff, Chief Privacy Strategist, Vice President, Global Public Policy, Oracle
Maria Häll, Ministry of Enterprise, Energy and Communications, Sweden
Malavika Jayaram, Partner, Jayaram & Jayaram, Bangalore
Christine Runnegar, Senior Policy Advisor, Internet Society
Ivan Sanchez Medina, Member of the Columbian National Telecommunications Commission, CRC

LEAD DISCUSSANTS
Olga Cavalli, Advisor to the Ministry of Foreign Affairs, Argentina
Christoph Steck, Chief Regulatory Officer, Telefonica (TBC)
Kevin Bankston, Senior Counsel and Free Expression Director, Center for Democracy & Technology

REMOTE MODERATOR
Constance Weise, ICC BASIS

SUBSTANTIVE RAPPORTEUR
Karen Mulberry, Policy Advisor, Internet Society

For more details visit https://cis-india.org/news/solutions-for-cross-border-data-flows