Access To Knowledge (A2K)

Cyber Appellate Tribunal in Bengaluru

praskrishna — 2012-05-30T05:47:48Z

Bengaluru will be home to the southern chapter of the Cyber Appellate Tribunal (CAT), which will reach out to victims of cyber crime, the state government announced at the Cyber Security Summit here on Tuesday.

Pranesh Prakash is quoted in this article published in the Deccan Herald on May 9, 2012.

But on the other hand, the IT Secretary, who is the state adjudicator, has held in all the cases that he has no jurisdiction to pass orders against the banks and that no complaint can be admitted under Section 43 of the IT Act against any corporate entity.

"The state IT secretary has passed more than 80 orders. They include both cases of phishing and orders against cyber cafes for not adhering to rules under the IT Act. The Adjudicator has held that ‘section 43 of IT Act is not applicable to a body or Corporate’, after the amended IT Act came into force in 2008," said Pranesh Prakash of the Centre for Internet Society "I feel Section 43 has been mis used . The definition given in this section cannot be understood either by lawyers or technical people. If there is a genuine case of phishing and a user has suffered losses over the internet then there should be no ambiguity in passing the order," he said.

For more details visit https://cis-india.org/news/cyber-appellate-tribunal-bengaluru

Cyber 360

praskrishna — 2015-10-14T02:22:27Z

Synergy Foundation organized the Cyber 360 conference in Bangalore on September 29 and 30, 2015. Sunil Abraham participated in the event.

As part of Cyber 360 Degree, a two-day conference on cyber security continuing Wednesday in Bangalore, experts from around the world gathered to discuss global threats to information security, particularly focusing on open wifi, which poses a huge threat to information security. The conference aimed to bring together strategic security practitioners, policymakers, media and business enterprises on a single platform to obtain a 360o perspective on cybersecurity. It was an endeavour to create a holistic security strategy that will help to achieve resilience against modern cyber-threats. A range of keynote presentations and panel discussions will give participants a rare chance to interact and learn from leading cyber security experts and solution providers from around the world.

The Participants

 CEOs, Members of Board and CIOs of more than 60 companies
 Security practitioners
 Policy-makers
 Leading Academia
 International think tanks & media

Download the agenda

For more details visit https://cis-india.org/internet-governance/news/cyber-360

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

Cultivating India’s Cyber Defense Strategy

Admin — 2019-11-13T14:39:19Z

For more details visit https://cis-india.org/internet-governance/files/cultivating-india2019s-cyber-defense-strategy

Cryptocurrency Regulation in India – A brief history

vipul — 2020-03-05T18:36:09Z

In March 2020, the Supreme Court of India quashed the RBI order passed in 2018 that banned financial services firms from trading in virtual currency or cryptocurrency. Keeping this policy window in mind, the Centre for Internet & Society will be releasing a series of blog posts and policy briefs on cryptocurrency regulation in India

The story of cryptocurrencies started in 2008 when a paper titled “Bitcoin: A Peer to Peer Electronic Cash System” was published by a single or group of pseudonymous developer(s) by the name of Satoshi Nakamoto. The actual network took some time to start with the first transactions taking place only in January 2009. The first actual sale of an item using Bitcoin took place a year later with a user swapping 10,000 Bitcoin for two pizzas in 2010, which attached a cash value to the cryptocurrency for the first time. By 2011 other cryptocurrencies began to emerge, with Litecoin, Namecoin and Swiftcoin all making their debut. Meanwhile, Bitcoin the cryptocurrency that started it all started getting criticised after claims emerged that it was being used on the so-called “dark web”, particularly on sites such as Silk Road as a means of payment for illegal transactions. Over the next five years cryptocurrencies steadily gained traction with increased number of transactions and the price of Bitcoin, the most popular cryptocurrency shot up from around 5 Dollars in the beginning of 2012 to almost 1000 Dollars at the end of 2017.

Riding on the back of this wave of popularity, a number of cryptocurrency exchanges started operating in India between 2012 and 2017 providing much needed depth and volume to the Indian cryptocurrency market. These included popular exchanges such as Zebpay, Coinsecure, Unocoin, Koinex, Pocket Bits and Bitxoxo. With the price of cryptocurrencies shooting up and because of its increased popularity and adoption by users outside of its traditional cult following, regulators worldwide began to take notice of this new technology; in India the RBI issued a Press Release cautioning the public against dealing in virtual currencies including Bitcoin way back in 2013. However, the transaction volumes and adoption of cryptocurrencies in India really picked up in earnest only after the demonetisation of high value currency notes in November of 2016, with the government’s emphasis on digital payments leading to alternatives to traditional online banking such as cryptocurrencies forcing their way into the public consciousness. Indian cryptocurrency exchanges started acquiring users at a much higher pace which drove up volume for cryptocurrency transactions on all Indian exchanges. The growing popularity of cryptocurrencies and its adoption by large numbers of Indian users forced the RBI to issue another Press Release in February 2017 reiterating its concerns regarding cryptocurrencies raised in its earlier Press Release of 2013.

In October and November, 2017 two Public Interest Petitions were filed in the Supreme Court of India, one by Siddharth Dalmia and another by Dwaipayan Bhowmick, the former asking the Supreme Court to restrict the sale and purchase of cryptocurrencies in India, and the latter asking for cryptocurrencies in India to be regulated. Both the petitions are currently pending in the Supreme Court.

In November, 2017 the Government of India constituted a high level Inter-ministerial Committee under the chairmanship of Shri Subhash Chandra Garg, Secretary, Department of Economic Affairs, Ministry of Finance and comprising of Shri Ajay Prakash Sawhney (Secretary, Ministry of Electronics and Information Technology), Shri Ajay Tyagi (Chairman, Securities and Exchange Board of India) and Shri B.P. Kanungo (Deputy Governor, Reserve Bank of India). The mandate of the Committee was to study various issues pertaining to Virtual Currencies and to propose specific actions that may be taken in relation thereto. This Committee submitted its report in July of 2019 recommending a ban on private cryptocurrencies in India.

In December 2017 both the RBI as well as the Ministry of Finance issued Press releases cautioning the general public about the dangers and risks associated with cryptocurrencies, with the Ministry of Finance Press Release saying that cryptocurrencies are like ponzi schemes and also declaring that they are not currencies or coins. It should be mentioned here that till the end of March 2018, the RBI and the Finance Ministry had issued various Press Releases on cryptocurrencies cautioning people against their risks, however none of them ever took any legal action or gave any enforceable directions against cryptocurrencies. All of this changed with the RBI circular dated April 6, 2018 whereby the RBI prevented Commercial and Co-operative Banks, Payments Banks, Small Finance Banks, NBFCs, and Payment System Providers not only from dealing in virtual currencies themselves but also directing them to stop providing services to all entities which deal with virtual currencies.

The effect of the circular was that cryptocurrency exchanges, which relied on normal banking channels for sending and receiving money to and from their users, could not access any banking services within India. This essentially crippled their business operations since converting cash to cryptocurrencies and vice versa was an essential part of their operations. Even pure cryptocurrency exchanges which did not deal in fiat currency, were unable to carry out their regular operations such as paying for office space, staff salaries, server space, vendor payments, etc. without access to banking services.

As a the operations of cryptocurrency exchanges took a severe hit and the number of transactions on these exchanges reduced substantially. People who had bought cryptocurrencies on these exchanges as an investment were forced to sell their crypto assets and cash out before they lost access to banking facilities. The cryptocurrency exchanges themselves found it hard to sustain operations in the face of the dual hit of reduced transaction volumes and loss of access banking services. Faced with such an existential threat, a number of exchanges who were members of the Internet and Mobile Association of India (IMAI), filed a writ petition in the Supreme Court on May 15, 2018 titled Internet and Mobile Association of India v. Reserve Bank of India, the final arguments in which were heard by the Supreme Court of India in January, 2020 and the judgment is awaited. If the Supreme Court agrees with the arguments of the petitioners, then cryptocurrency exchanges would be able to restart operations in India; as a result the cryptocurrency ecosystem in India may be revived and cryptocurrencies may become a viable investment alternative again.

For more details visit https://cis-india.org/internet-governance/blog/cryptocurrency-regulation-in-india-2013-a-brief-history

Crypto Night

praskrishna — 2013-08-06T06:04:05Z

Challenging government snooping at an all-night cryptography party.

This article by Rahul M was published in the Caravan on August 1, 2013. Pranesh Prakash and Bernadette Langle are quoted.

Satyakam Goswami sat in a conference hall in the Institute of Informatics & Communication in Delhi University's South Campus, furiously typing code into his laptop. He typed the string “/var/log/tor#”, into a Linux terminal, then turned to me and said, “I am one step away, man.” It was around midnight on a muggy July Saturday, and Goswami had been here for six hours. He resumed typing—and cursing under his breath in Telugu as he realised that the online instructions he was following weren’t helping.

Around him, the room bustled with the activity of around 25 other people, all participants at a Cryptoparty, a cryptography event at which programmers and non-programmers meet to share information and expertise on tools that can help thwart government spying.

Goswami was one of the organisers of the event, which was led by Bernadette Längle, a German ‘hacktivist’ who is a member of the Chaos Computer Club (CCC), Europe’s largest association of hackers. Längle was one of the organisers of the CCC’s Chaos Communication Congress in 2012, an international hackers’ meet held in Hamburg that year. While processing participant applications for the Congress, she came across a group that wanted to organise what they called a “Cryptoparty” at the meet. “I thought Cryptoparty would be a bunch of guys coming together, learning crypto and having a party,” she told me. Only at the event did she realise that Cryptoparties are rather more political affairs, at which participants experiment with ways of combating governmental intrusions into privacy and freedom.

After she graduated, Längle decided she wanted to travel. “I hadn’t been to America or Asia, and I don’t think I want to enter America,” she said. “I thought India might be a good point to start.” While she was exploring her options, she met Goswami online. “I first met Bernadette on an IRC channel, ‘hasgeek’, where she expressed her interest to come to India,” Goswami said. “I suggested that she write a proposal to CIS [the Centre for Internet and Society, in Bangalore].” Längle applied, and was accepted to work with the organisation for six months.

When Längle was teaching a one-week course on email cryptography at a CIS event, a participant suggested to her that she organise a Cryptoparty in the city. “I thought I was travelling anyway, and I can make a Cryptoparty everywhere I go,” Längle said. This led to the Bangalore Cryptoparty on 30 June, followed by the Delhi edition on 6 July. Längle then held a Cryptoparty in Dharamsala in the second week of July, and plans to hold another in Mumbai in October. At each of these, she gave tutorials on specific aspects of cryptography, such as the Pretty Good Privacy (PGP) encryption and decryption program, which Edward Snowden used to communicate with The Guardian’s Glenn Greenwald during their now-famous collaboration. Participants would then experiment with these tools, sending emails and messages to each other using secure channels. The Delhi edition, which saw around 70 participants, continued late into the night, with the last exhausted stragglers shutting off their gadgets and heading home at 4 am.

I met Längle again the day after the Delhi event; with her was Pranesh Prakash, policy director at CIS, who is a commentator on issues related to surveillance and privacy. Both agreed that the Indian government’s Central Monitoring System programme, as well as Edward Snowden’s recent leaks, had resulted in a greater interest in cryptography in the country in recent months. “Without the PRISM stuff, there wouldn’t have been so many people attending,” Längle said. “People are concerned about that.” Prakash believes that the NSA leaks have served as a loud wake-up call about a longstanding state of affairs. “It’s this I-told-you-so moment for lots of people right now,” he said. “This isn’t the first time there have been revelations about the NSA spying beyond their authority. These revelations have been happening at least since 2006.”

For more details visit https://cis-india.org/news/caravan-magazine-august-1-2013-rahul-m-crypto-night

Cry, you nasty trolls

praskrishna — 2015-05-09T15:05:23Z

Micro-blogging site Twitter has introduced a tool that identifies abusive tweets and hides them from their targets. Will it stem the tide of viciousness online, asks Prasun Chaudhuri.

The article by Prasun Chaudhuri was published in the Telegraph on April 26, 2015. Rohini was quoted.

When India's star batsman Virat Kohli failed to perform at the India vs Australia semi-final match at the World Cup, a section of Indian fans started venting their fury on his girlfriend Anushka Sharma on Twitter. The actress, who had flown to Sydney to watch the match, was blamed for India's loss and her Twitter account was flooded with abusive posts. One Atul Khatri tweeted: Hey Anushka, can you please distract the Aussie fielders on the boundary by showing them your lip job? Plleeeaasee. One anonymous tweet requested the "public to boycott Anushka Sharma's films (sic)" while another by Bollywood producer Kamal R. Khan incited his followers to "stone Anushka's house".

The star couple are not alone. Media persons, scholars and celebrities - especially if they are women - often face such vicious attacks on Twitter. Ask Chinmayi Sripada, the Chennai-based singer, or Sagarika Ghose, a prime time TV anchor, or scholar and columnist Ramachandra Guha who have endured worse forms of assaults - ranging from threats of gang rape, torture and murder. Many Twitter users across the world have gone silent and even deactivated their Twitter accounts after being harassed on the platform.

With more and more people around the world facing such vitriolic attacks, Twitter - the San Francisco-based online social networking service - recently decided to protect its users from abusive tweets. It switched on an anti-abuse tool that automatically identifies abusive tweets and hides them from their intended target. According to Twitter, the tool will search for patterns of misuse and identify repeat offenders so as to enable the social media platform to impose account suspension on them. "Users must feel safe on Twitter in order to fully express themselves and we need to ensure that voices are not silenced because people are afraid to speak up," wrote Shreyas Doshi, director of product management at Twitter, in a blog post.

Dick Costolo, Twitter's CEO, admitted two months ago at an internal forum that his company "sucked" at dealing with bullies and abusers. He said he would "start kicking these [abusive] people off... and making sure that when they issue their ridiculous attacks, nobody hears them."

Hemanshu Nigam, former chief security officer of social media platform MySpace and software giant Microsoft in the US, hails Twitter's new move. "The new tools are meant to honour human dignity and safety. Now that online and offline persona of many social media users have converged, it's become essential for tech companies to take steps to protect people from assaults in the cyber world." Nigam, a founder of SSP Blue, a leading online security firm, had sifted through thousands of offensive comments and abusive images during his earlier avatar in social media companies. "People with such evil intentions are minuscule but their twisted expressions can have a profound impact not only on the victims but thousands of impressionable minds of young users," he says.

Abuse on social media platforms can be extremely brutal and traumatising. According to Debarati Halder, a lawyer and cyber victim counsellor based in Tirunelveli, Tamil Nadu, a large proportion of these attacks - especially those where explicit pictures and videos of sexual acts are sent - are perpetrated on women by their former boyfriends or husbands to seek revenge on their ex-partners.

She feels that social media giants have failed to protect their users and that these so-called "new tools" and automated systems fail to screen most cases of abuse. "They (social media platforms) also don't react to reports of abusive behaviour unless they are lodged by celebrities or other influential people," she adds.

While announcing the new policy, Twitter's general counsel Vijaya Gadde wrote in The Washington Post, "At times, this (tweet) takes the form of hateful speech directed at women or minority groups; at others, it takes the form of threats aimed to intimidate those who take a stand on issues. These users often hide behind the veil of anonymity on Twitter and create multiple accounts expressly for the purpose of intimidating and silencing people." She also wrote how technicians at Twitter are going to erect a "better framework to protect vulnerable users, such as banning the posting of non-consensual intimate images."

Rohini Lakshane, programme officer at the Bangalore-based Centre for Internet and Society, says that Twitter had simplified and enhanced its system of reporting abuse in December last year. "Measures such as muting and blocking users and manual review of reports were already in place. The changes included mechanisms for Twitter's review teams to expedite responses from dire forms of abuse," she says.

Evidently, these measures have not been too effective. Says Lakshane, "Women are still disproportionately targeted on Twitter and several users simply choose to leave rather than face the strain of dealing with abuse, rape and death threats, and insults."

Singer Sripada, however, is one of those few Twitter users who stood up against her abusers. When she tweeted in support of Tamil fishermen who were attacked by the Sri Lankan Navy, she was flooded with abusive tweets that were tantamount to sexual harassment. She says, "I took on the abusers - one of them a professor at a top fashion institute. I filed a case under Section 66A of the IT Act (which is now defunct) and they were jailed for two weeks. That was when I saw the worst face of online abuse."

Advocate Halder rues the recent scrapping of Section 66A of the IT Act to protect freedom of speech. "The act could have have been modified to protect victims of abuse." She believes the new Twitter policy to check abuse may not be able to check the spread of the meta data of a post as it is replicated across thousands of sites.

"If the visuals or texts depict explicit sex, these spread like wildfire in voyeuristic websites, mirror sites and caches before any law enforcer anywhere in the world can react," says Siddhartha Chakraborty, a cyber expert based in Calcutta. A single tweet, a Facebook comment or a YouTube video "gone viral" often causes significant damage to an individual or a company before they can even report the abuse, says Rajiv Pratap, a data analyst based in Calcutta and California.

The problem also lies with over 20 million robot users - or automated accounts, not actively operated by humans but remotely controlled by groups of anonymous people - who are difficult to track. "These bots generate a lot of spam and even abusive comments," says Harsh Ajmera, a social media expert based in New Delhi. "Twitter is not striking at all the nasty content, but putting various checks like limiting the reach, asking you to get rid of those tweets which can protect genuine users."

On the other hand, stresses Lakshane, using parameters such as the number of flags (reports of abuse) a tweet receives can have implications for free speech - an unpopular but non-abusive view could also be targeted. Moreover, it's essential for reviewers to understand cultural and linguistic connotations to be able to effectively address abuse.

Still, Nigam is hopeful. He says, "Social media companies are going through a learning curve. As they evolve they will learn how to rein in abusers."

Twitter's 288 million users worldwide are waiting for that to happen.

For more details visit https://cis-india.org/internet-governance/news/the-telegraph-april-26-2015-prasun-chaudhuri-cry-you-nasty-trolls

Crowdsourced innovation for government projects and services is easier said than done

praskrishna — 2017-02-07T15:36:38Z

Late January. The buzz was palpable at the MLR Convention Centre in South Bengaluru. Developers were streaming into 50p, a conference organised by HasGeek, which has curated technology forums since 2011. But this wasn't just one of the six HasGeek communions that the programmers attend annually. 50p put the spotlight on digital payments, which meant the gathering would be more diverse than anything before.

The article by Kunal Talgeri was published in the Times of India on February 3, 2017. Sunil Abraham was quoted.

Of the 250-plus attendees in two days, only 40% were developers. There were around 10 lawyers, an activist here, a social-impact investor there, product managers, and a 20-strong team from online payment systems company PayPal. There were managers from traditional banks too. "We realised early on that one thing the developer community really needs to know is how various payment-systems work, like who makes what percentage (in the value chain)?," said Zainab Bawa, cofounder of HasGeek. "It is a big mystery to them."

Kiran Jonnalagadda, co-founder of HasGeek and Bawa's husband, concurred: "A payment conference cannot primarily be centred on technology. Regulations make a bulk of the difference." So the interdisciplinary forum traversed areas as diverse as customer data and privacy, payment-systems unique to India, regulations, and the Watal Committee report apart from technology.

HasGeek got folks from the payments industry to converse with developers. At the outset, Bawa spelt out to the audience something about technology's role in society. "While we (coders) are here to bridge gaps, we also need to understand that technology is not necessarily the solution. Developers must have their ears to the ground." She had touched upon the divide between the coder community and the government.

Globally, governments are only just beginning to be exposed to the geeks. "The broader theme of digitisation and opening up of APIs (application programming interface) is happening across the world," said Sanjay Swamy, managing partner at Prime Venture Partners, and an Aadhaar volunteer with the Unique Identity Authority of India (UIDAI) until early 2011. APIs empower developers to build applications that access the features or data of an operating system or service. This requires developers to come together with, in this case, the government.

The digital dream has never showed more promise in India—the chance for a few developers to build a platform that can digitise government services for millions of users. "The government wants to use hackathons for digital disruption—leverage hackers to build solutions for them," says Subhendu Panigrahi, co-founder of Venturesity that helps companies find developers.

This is easier said than done. But how did India even get to this point?

CODE NAME: GENESIS
On 10 June 2016, the Indian Software Product Industry Round Table (iSPIRT) think-tank released a paper that took note of the country moving from "data poor to data rich."

This was a few weeks after the UIDAI platform Aadhaar crossed 1 billion enrolments. "The Aadhaar system can authenticate 100 million transactions per day in real time," iSPIRT stated. The paper also pointed to three national platforms - essentially services that would in time digitise government services on a national scale.

These were the Goods and Services Tax (GST) Network, the Bharat Bill Payment System which would cover utility services (electricity, water, gas, and so on), and the electronic toll collection system.

All three platforms come under the National Payments Corporation of India (NPCI), an umbrella organisation for retail payment systems in India. iSPIRT had helped NPCI organise a hackathon in Mumbai in February 2016 to build prototypes for harnessing the Unified Payment Interface (UPI) platform's application programming interface to digitise bank transfers in real time. Similarly, steps were being taken to open up APIs to large companies for the other NPCI platforms.

On its part, iSPIRT was drawing the attention of a breed of software developers to the national-scale opportunities ahead. It unequivocally stated: "Data flows benefit public services and governments." But even as India moves to being data rich, the outreach to developers - estimated to be more than 5 million in India - could be futile for two reasons.

First, government departments and traditional systems of, say, nationalised banks have a technology procurement culture that is at odds with how developers build digital solutions. While government is the largest technology procurer, procurement contracts typically have clauses that encourage lowest (cost) bidders, which rarely spawns innovation.

"Government needs to adopt and evangelise pro-challenger tools and policies that reduce barriers to experimentation, level-playing field and encourage innovating around national issues," wrote Swati T Satpathy for iSPIRT in a November 2015 paper titled 'Igniting Hundreds of Experiments'.

Second, independent developers still have to come out in larger numbers for the best solutions to shine. Sachin Gupta, CEO of HackerEarth, another developer platform, agrees: "Governments may still go ahead and give projects to a TCS and Wipro, but they want to crowdsource the innovation, prototype and the whole concept. They want to build an active relationship with the tech community."

These can be government bodies at the state level, too, like the Department of Urban Land Transport in Karnataka, for whom Venturesity helped with a 'transit hack' to solve traffic in Bangalore with submissions like how to enable carpooling or track public transport.

"The government is really interested in the final product or an app they can use," Panigrahi said. For this, governments are willing to distribute their APIs to eventually own the app. "Developers participate in such hackathons to make it part of their portfolios or resumes, or because they love building products, or for the prize-money."

This is crowd sourced innovation. Yet, culturally, it is hard for developers and governments' interests to be aligned.

INSIDE THE DICHOTOMY
The API-driven approach is based on a philosophy in the United States that dates back to the 1960s. It a culture of giving powerful building blocks, as opposed to just building an actual solution, said Jonnalagadda. A 'solution' evolves into a platform if it can serve as 'building blocks' for the next set of developers to build on.

"A good product is also one on top of which something more can be built. That has been the principle on which the developer community has thrived," he said. This approach works well in technology. "It means you are slow, but also that you are a lot more mature and innovative."

The government has got this aspect right, by opening up secure APIs to nationalscale projects and systems. But while they have provided such building blocks, they have already decided the path to meet goals like financial inclusion. Mobile apps like BHIM (Bharat Interface for Money) are becoming the default mode of reaching the masses. Many observers agree with the smartphone as a medium for India, but developers feel web browsers are more secure than apps.

Jonnalagadda cites a 50p session, 'Everyone can see your credit card details. Seriously,' where the speaker Arnav Gupta described the flow of the web as independent websites that can't actually communicate with each other. As against this, every function of a mobile app is a subset of the parent app. "So whatever password you type for one 'function' can be visible to the parent, which never happens on the web," Jonnalagadda said. "If security is defined by the fact that it is tested against being broken, a mobile app is trusted on the basis of goodwill. For developers, this is a shitty way to do technology. It bothers the heck out of him when a security model assumes goodwill because government wants an app."

Also, solutions need a decentralised approach from governing bodies like local municipalities. Independent budgets and decision-making can lead to stronger links between government and local service providers. There are exceptions to this, like Singapore, a city nation. But in larger developed countries like the United States, local government bodies are stronger than in India. "Here, we are getting even more centralised over time," Jonnalagadda said. It makes the government look like a monolith in the eyes of developers. How can the two be compatible? "We haven't found a solution yet."

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-february-3-2017-kunal-talegri-crowdsourced-innovation-for-government-projects-and-services-is-easier-said-than-done

Cross-Border Data Sharing and India: A study in Processes, Content and Capacity

Amber Sinha, Elonnai Hickok, Udbhav Tiwari and Arindrajit Basu — 2018-09-29T00:37:39Z

A majority of criminal investigations in the modern era necessitate law enforcement access to electronic evidence stored extra-territorially. The conventional methods of compelling the presentation of evidence available for investigative agencies often fail when the evidence is not present within the territorial boundaries of the state.

The crux of the issue lies in the age old international law tenet of territorial sovereignty.Investigating crimes is a sovereign act and it cannot be exercised in the territory of another country without that country’s consent or through a permissive principle of extra-territorial jurisdiction. Certain countries have explicit statutory provisions which disallow companies incorporated in their territory from disclosing data to foreign jurisdictions. The United States of America, which houses most of the leading technological firms like Google, Apple, Microsoft, Facebook, and Whatsapp, has this requirement.

This necessitates a consent based international model for cross border data sharing as a completely ad-hoc system of requests for each investigation would be ineffective. Towards this, Mutual Legal Assistance Treaties (MLATs) are the most widely used method for cross border data sharing, with letters rogatory, emergency requests and informal requests being other methods available to most investigators. While recent gambits towards ring-fencing the data within Indian shores might alter the contours of the debate, a sustainable long-term strategy requires a coherent negotiation strategy that enables co-operation with a range of international partners.

This negotiation strategy needs to be underscored by domestic safeguards that ensure human rights guarantees in compliance with international standards, robust identification and augmentation of capacity and clear articulation of how India’s strategy lines up with the existing tenets of International law. This report studies the workings of the Mutual Legal Assistance Treaty (MLAT) between the USA and India and identifies hurdles in its existing form, culls out suggestions for improvement and explores how recent legislative developments, such as the CLOUD Act might alter the landscape.

The path forward lies in undertaking process based reforms within India with an eye on leveraging these developments to articulate a strategically beneficial when negotiating with external partners.As the nature of policing changes to a model that increasingly relies on electronic evidence, India needs to ensure that it’s technical strides made in accessing this evidence is not held back by the lack of an enabling policy environment. While the data localisation provisions introduced in the draft Personal Data Protection Bill may alter the landscape once it becomes law, this paper retains its relevance in terms of guiding the processes, content and capacity to adequately manoeuvre the present conflict of laws situation and accessing data not belonging to Indians that may be needed for criminal investigations.As a disclaimer,the report and graphics contained within it have been drafted using publicly available information and may not reflect real world practices.

Click here to download the report With research assistance from Sarath Mathew and Navya Alam and visualisation by Saumyaa Naidu

For more details visit https://cis-india.org/internet-governance/blog/cross-border-data-sharing-and-india-a-study-in-processes-content-and-capacity

Cross Border Sharing of Data: Challenges and Solutions

Admin — 2017-11-20T15:20:18Z

Centre for Internet & Society (CIS) has been following the debates around MLAT process taking place globally and researching potential areas of tension in the tools that India uses to access data across borders. As part of this research, CIS is hosting a workshop on cross border sharing of data on December 8, 2017 at India Islamic Centre from 10.30 a.m. to 5.00 p.m.

For more details visit https://cis-india.org/internet-governance/events/cross-border-sharing-of-data-challenges-and-solutions

Critics of India's ID card project say they have been harassed, put under surveillance

Admin — 2018-02-24T07:50:55Z

Researchers and journalists who have identified loopholes in India’s massive national identity card project have said they have been slapped with criminal cases or harassed by government agencies because of their work.

This was published by Reuters on February 13, 2018. Reporting by Rahul Bhatia; Editing by Raju Gopalakrishnan

Last month, the Unique Identification Authority of India (UIDAI), the semi-government body responsible for the national identity project, called Aadhaar, or “Basis”, filed a criminal case against the Tribune newspaper for publishing a story that said access to the card’s database could be bought for 500 rupees ($7.82).

Reuters spoke to eight additional researchers, activists and journalists who have complained of being harassed after writing about Aadhaar. They said UIDAI and other government agencies were extremely sensitive to criticism of the Aadhaar programme.

Aadhaar is a biometric identification card that is becoming integral to the digitisation of India’s economy, with over 1.1 billion users and the world’s biggest database.

Indians have been asked to furnish their Aadhaar numbers for a host of transactions including accessing bank accounts, paying taxes, receiving subsidies, acquiring a mobile number, settling a property deal and registering a marriage.

The Tribune said one of its reporters purchased access to a portal that could provide data linked to any Aadhaar cardholder.

The UIDAI complaint, filed with the police cyber cell in the capital, New Delhi, accused the newspaper, the reporter, and others of cheating by impersonation, forgery and unauthorised access to a computer network.

Media associations sharply criticised the action - the Editors Guild of India said UIDAI’s move was “clearly meant to browbeat a journalist whose story was of great public interest. It is unfair, unjustified and a direct attack on the freedom of the press.”

In response, the agency said “an impression was being created in media that UIDAI is targeting the media or whistleblowers or shooting the messenger.”

“That is not at all true. It is for the act of unauthorised access, criminal proceedings have been launched,” it said in a statement.

Osama Manzar, the director of the Digital Empowerment Foundation, a New Delhi-based NGO, called the government’s prickliness “a clear sign that rather than it wanting to learn how to make Aadhaar a tool of empowerment, it actually wants to use it as a coercive tool of disempowerment”.

Data Leakage

Last May, the Centre for Internet and Society (CIS), an independent Indian advocacy group, published a report that government websites had inadvertently leaked several million identification numbers from the project.

UIDAI sent the CIS a legal notice within days, said Srinivas Kodali, one of the authors of the report.

The notice alleged that some of the data cited in the report would only be available if the site had been accessed illegally. The UIDAI wrote that the people involved had to be “brought to justice.”

According to Kodali, two more notices followed, addressed to the group’s directors and two researchers, containing more accusations. “They said it was a criminal conspiracy, and demanded that we send individual responses,” he said.

CIS then received questions about its funding from the home ministry section that grants NGOs permission to receive foreign funding, said a source in the group who saw the letter. CIS viewed this as a threat to its funding, the source said. CIS declined to comment on the notices or on the questions about funding.

UIDAI did not reply to multiple e-mails seeking comment on the accusations about CIS and similar complaints by other activists and journalists, and officials could not be reached by phone. Officials at the Ministry of Information Technology that supervises UIDAI were unreachable by phone.
In a column in the Economic Times newspaper in January, Ajay Pandey, the head of the UIDAI, wrote: “The data of all Aadhaar holders is safe and secure. One should not believe rumours or claims made on its so-called ‘breach’.”

R.S. Sharma, the head of India’s telecom regulatory body, said there was an “orchestrated campaign” against Aadhaar as it was against the interests of those who operated in the shadow economy with fictitious names, or were skimming off subsidies.

“It is going to clean up many systems,” Sharma told a television channel last month. “That’s probably one of the reasons why people realise that this is now becoming too difficult or too dangerous for them.”

That trip to Turkey

A Bangalore researcher who contributed to the CIS report said scrutiny by police and government officials was a common occurrence, but harassment was stepped up after it was published.

“Sometimes people from the police station visit you. Other times from the Home Ministry. It was intimidating,” the researcher said.

The person, who asked not to be named for fear of reprisal, said police officers asked questions like “How was that trip to Turkey?',” to make it clear the subjects were under surveillance.

When Sameer Kochhar, a social scientist and author of books on Aadhaar, demonstrated how the system’s biometrics safeguards could be bypassed last year, UIDAI filed a police report in New Delhi, a person familiar with the matter said.

Subsequently, Kochhar received at least three notices from the Delhi Police alleging that he had violated 14 sections under three separate laws, the person said.

Kochhar’s lawyer declined comment. Delhi Police officials declined comment.

Critics have warned Aadhaar could be used as an instrument of state surveillance while data security and privacy regulations are still to be framed.

Former central bank governor Raghuram Rajan said last month that the government needed to prove it would protect the privacy of Aadhaar.

“I do think that we have to assure the public that their data is safe,” Rajan said. “All these reports about easy availability of data are worrying and we have to ensure security. We cannot just say trust us, trust us, it’s all secure.”

For more details visit https://cis-india.org/internet-governance/news/reuters-february-13-2018-rahul-bhatia-critics-of-indias-id-card-project-say-they-have-been-harassed-put-under-surveillance

Criticism mounts over India censorship

praskrishna — 2012-08-27T06:38:51Z

India’s government is facing fierce criticism from privacy groups, political opponents and irate internet users accusing it of an excessive and poorly targeted censorship drive as it seeks to contain social alarm triggered by communal unrest.

This article written by James Crabtree in Mumbai and Tim Bradshaw in San Francisco was published in Financial Times on August 24, 2012. Pranesh Prakash is quoted.

Following panicked scenes among groups from the nation’s troubled north-east and fearing an escalation of urban violence between Muslim and Hindu groups, the administration this week instructed internet companies, including Facebook and Google, to block more than 300 web pages and more than a dozen Twitter accounts it claimed were inflaming communal tensions.

But by Friday the order was being assailed as an example of administrative incompetence, as internet analysts revealed that many of the pages contained seemingly harmless material from foreign media organisations, political columnists and critics of India’s government.

Pranesh Prakash, a legal expert at the Bangalore-based Centre for Internet and Society, said: “I am not questioning their original motives, but I do think this is excessive and incompetent censorship.”

Political opponents also accused the government of over-reach, including Narendra Modi, the controversial chief minister of the state Gujarat and a member of the Hindu nationalist BJP party, who on Friday used a Twitter post to call the moves a “crackdown on freedom of speech”.

The government denies it is being heavy handed. “We are only taking strict action against those accounts or people which are causing damage or spreading rumours,” said Kuldeep Dhatwalia, an Indian home ministry spokesman. “We are not taking action against other accounts, be it on Facebook, Twitter or even SMSes.”

Twitter found itself at the centre of the growing controversy, as government spokespeople accused the US-based social networking site of failing to respond to requests to block users, some of which involved accounts appearing to impersonate Manmohan Singh, the prime minister.

Twitter responded by suspending a number of impersonator accounts and is now in discussions with the prime minister’s office in an attempt to defuse the row, according to people familiar with the matter. A spokesperson for Twitter declined to comment.

Angry users also used the site to attack the restrictions using the hashtags #GOIblocks and #Emergency2012, the latter a highly charged reference to prime minister Indira Gandhi’s two-year period of rule by decree in the late 1970s.

India has a long history of censorship measures designed to prevent communal violence, ranging from restrictions introduced under the British Raj in the early 20th century to more recent edicts banning Salman Rushdie’s novel The Satanic Verses and restricting derogatory portrayals of religious figures in Bollywood movies.

“Blocking content to help mitigate a volatile situation involving civilian security could be justified,” says Meenakshi Ganguly, South Asia director at Human Rights Watch. “But when the government expresses equal concern about fake Twitter handles or criticism of political leaders, it begins to look like censorship.”

The online restrictions followed related measures restricting to five the number of text messages that could be sent from most Indian mobile phones, although this was lifted to 20 on Thursday.

They also came during a week of deepening political crisis in the world’s largest democracy, as opposition leaders repeatedly halted parliamentary proceedings and called for Mr Singh’s resignation in the aftermath of a critical report from India’s government auditor.

“These threats to social harmony are real, but like almost everything the Indian state is doing at present, the restrictions incompetently deal with a few symptoms rather than addressing causes,” says Pratap Bhanu Mehta of the Centre for Policy Research, a think tank in New Delhi. “They are simply exacerbating a crisis of trust, not solving it.”

For more details visit https://cis-india.org/news/www-ft-com-aug-24-2012-james-crabtree-tim-bradshaw-criticism-mounts-over-india-censorship

Crisis for identity or identity crisis?

praskrishna — 2011-04-02T08:16:30Z

The hurry with which the government is pushing its most ambitious project to assign a number (UID) to every citizen without any feasibility study or public debate has raised many questions.

“It will empower all”, declared Prime Minister Manmohan Singh when he issued the first UID card to a villager from Tembhli village in Maharashtra. But as days pass and relevant issues come for public discourse, many people have begun to doubt prime minister’s assurance.

Unique identification number (UID), named Aadhaar is a 12 digit identification number that the government plans to issue to all citizens that will not only be an identity card but will also serve multiple purposes for its holder.

Infosys co-founder Nandan Nilekani has been assigned the responsibility to execute this proposal as Chairman of the Unique Identification Authority of India (UIDAI). Mr Nilekani leads a team of 120 people having the task of assigning unique identities to 1.2 billion people. He plans to take Aadhaar beyond being just a 12-digit identification number for every Indian. This ambitious and mammoth project is pitched to handle projects as diverse as a national-highway toll-collection system, a technology backbone for the forthcoming Goods and Services Tax (GST) and reform of the vast public distribution system (PDS) for subsidized foodgrains.

Government plans to cover 60 per cent of the nation’s population under this project in the next three years starting October this year. This project is intended to collect identification data about all residents in the country. It is said that it will impact the PDS and NREGA programmes, and plug leakages and save the government large sums of money.

But the UID will not replace ration cards and passports, and is not mandatory as of now. No questions would be asked related to language, caste or religion of the person applying for UID.

The UID number is linked to the fingerprints and the pattern of the eyes of the person assigned that number. This inimitable biometric data ensures that any given number is linked to only one person. So there is hardly a chance of any misgiving or stealing of rations and wages from the holder. It is believed that soon banks, insurance companies, cell phone providers and hospitals will demand UID number before doing business with you.

In short, in the future our name, address, bank account numbers, personal information and identity as a whole will be solely linked and governed by those 12 digit number we hold.

Critics say that there has been no feasible study conducted about UID project, neither has there been a cost benefit analysis done. To add to it, there are serious concerns about data and identity theft.

But apart from the buzz about this new project, there is an air of suspicion surrounding it too.

The launch of the UID has led to a flurry of debate amongst policy-makers, legal experts and civil society at large. In response, Mr Nilekani claims the UID to be “a foolproof project implemented at a low cost”.

However, some critical issues remain unanswered.

One of the major objections about UID is that there has been no feasible study conducted, neither has there been a cost benefit analysis done. There is no project document as such.

To add to it, there are serious concerns about data and identity theft.

In a world where cyber terrorism is the new threat, and the countries are gearing themselves to protect against such a threat, projects like UID come as an open invitation to terrorist outfits to infiltrate their defences.

The UID number is linked to fingerprints and the patterns of the holder’s eye. But medical studies show that our eye's iris patterns can change due to aging, disease or malnourishment. More over the government has no alternative option for many millions who fall outside this pattern of identification owing to callused hands, corneal scars and cataract induced by malnourishment. Even as enrollment is poised to begin, authentication is still an unstudied field. Fake fingerprints can very easily be made. Hence, the unique element of these numbers can be tampered.

Recently, Sunil Abraham, Director, Centre for Internet and Society has remarked, “If I leave my fingerprints around, my identity can be stolen and transactions done on my behalf. They could use that number, to share information about anybody.”

A cyber-criminal having access to any person’s identification number can virtually control that person. Telephone numbers, addresses, family history can all be tracked down. Bank accounts can be manipulated and transactions done without the person knowing. Since these days, a lot of money transactions are done through internet, a cyber criminal can easily steal few UID numbers and impersonate those persons to manipulate the bank or credit card accounts.

In an even uglier scenario, where people might be tracked and judged by their numbers, a criminal’s fingerprints left behind on a scene of crime can be mixed with some one else through a slight manipulation and exchange of UID numbers, making an entirely innocent person a suspect in the eyes of law. Some incompetent or revengeful government officials can also frame innocents for a crime one never committed.

Human rights activists claim that a tech-savvy person can hack into the system and gain any person’s information from the servers unless the government tightens the defenses. A reminiscence of the Bruce Willis starrer Hollywood blockbuster Die Hard 4, a bunch of techno geeks operating from trailer truck hold the entire United States hostage as they hack into every main frame computing network from transportation, communication, power, defence and individual accounts.

The number can also be used for real time tracking, profiling, mounting surveillance and ‘convergence’ of information. Apart from the concerns about identity theft, the number can also invade our private space. If in the future insurance companies and hospitals merge their databases, the insurance companies can increase premium, or simply refuse insurance cover to a person who is not keeping well.

Poor labourers and immigrants who are on the move in search of work could also be the victims of the ‘Aadhaar’. In future, in case of card being lost or misplaced, poor labour would be threatened with financial and welfare exclusion. Where being a legal resident is to be closely tied in with having a UID number, it could render the poor vulnerable to exclusion and expulsion by exploitative employers and others.

Interestingly, few months back in June, UK government scrapped the plans for the controversial 5 billion pounds National Identity Card scheme. The UK government now plans to destroy all information held on the National Identity Register, effectively dismantling the whole system.

Though Mr Nilekani claims that UID would be a cost effective project, however deeper analysis throws a different story. It is reported that the UIDAI project will cost Rs 45,000 crores to the exchequer in the next 4 years. This does not seem to include the costs that will be incurred by Registrars, Enrollers, additional costs on the PDS system to connect it to the UID, the estimated cost to the end user and to the number holder.

Defending himself from the flurry of queries, Mr Nilekani has stressed that the identification number is not mandatory for everyone and only those interested can enroll. The project aims to first enroll the poor and uneducated masses promising them better wages and ration schemes. As was reported, the first villager to get the UID card was ‘happy but did not know its benefits’. Critics allege that the reason why Aadhaar is selling itself to millions of poor in the country is to create a foundation of legitimacy to deflect concerns over its possible misuse, unsafe technology and huge costs. Later, with a larger foundation, the UID can be enforced upon all citizens in the near future as the apex identity proof, making everyone vulnerable to several risks described above.

The UIDAI project has proceeded so far without any legal authorization. There has been no feasibility study or cost-benefit analysis preceding the setting up of such a pervasive project. All calculations are of the back-of-the envelope variety. Data theft is a very serious threat to every individual and the country as a whole. There are deeply disconcerting facts about the project that should make even a die-hard UID supporter worry about its long term implications.

This article has been written by Sushant Sharma. He is a college fresher and avid reader.

Interestingly, few months back in June, UK government scrapped the plans for the controversial 5 billion pounds National Identity Card scheme. The decision came after about 15,000 citizens had already been enrolled and given their numbers. The UK government now plans to destroy all information held on the National Identity Register, effectively dismantling the whole system.

The UK system like the Indian UID had also started with much fanfare, claiming to save nearly 900 million pounds for the taxpayers. While the project was axed, UK’s Home Secretary Theresa May stated - “It (the identity card project) is intrusive and bullying, ineffective and expensive. It is an assault on individual liberty that does not promise a great good.”

The same logic implies to the India as well. But instead of scraping this over-hyped-failure-in-the-making project, our Prime Minister claims the UID project “will empower all”. But will it actually? That is for us to decide now.

Read the original article here.

For more details visit https://cis-india.org/news/identity-crisis

Criminal Defamation: The Urgent Cause That has United Rahul Gandhi, Arvind Kejriwal and Subramanian Swamy

praskrishna — 2015-07-16T13:45:04Z

Three years ago when the then Janata Party president Subramanian Swamy accused Congress vice president Rahul Gandhi and his mother of misappropriation of funds while trying to revive the National Herald newspaper, the Nehru-Gandhi scion threatened to sue him.

The article by Betwa Sharma was published in Huffington Post on July 15, 2015. Sunil Abraham gave his inputs.

Swamy's response was characteristic: "Grow up and file a defamation case".

In a strange turn of events, the matter of criminal defamation has brought together an unlikely cast of characters in an ongoing petition in the Supreme Court--Swamy, Gandhi and Delhi chief minister Arvind Kejriwal, who knows a thing or two about making allegations.

They are petitioning the Apex Court to strike down penal provisions criminalising defamation, which they argue, has a "chilling effect" on the fundamental right to free speech. Opinion is divided around the world on whether or not defamation ought to be a criminal offence. Because some jurisdictions have stricter defamation laws, some indulge in a practise known as 'forum shopping', or suing in jurisdictions with harsher views on libel and slander.

The three leaders have filed separate petitions that are now being jointly heard by the court. They are challenging the constitutional validity of Sections 499 and 500 of the Indian Penal Code which make defamation a criminal offence punishable with up to two years in prison.

A verdict striking down the colonial-era S. 499, used by the British to suppress those opposing their rule, could prove to be a huge victory for free speech in India. Earlier this year, the Supreme Court struck down the draconian Section 66A of the Information Technology Act as "unconstitutional and void".

There is cause for optimism. The Supreme Court has already said that the validity of criminal defamation laws must be tested against the free speech guarantees of the constitution. The bench comprising of Justices Dipak Misra and Prafulla C Pant have observed that political debates maybe excluded as a criminal defamation offence.

While Gandhi, Subramanian and Kejriwal have been slapped with defamation suits by political rivals, there have been long-standing concerns over the threat posed by these provisions to the media and those who use social media to express their opinions against the rich and the powerful.

The government of the day is keen to maintain the status quo. In a recent submission, it has argued that S.499 is now the only provision to deal with defamation on social media and the only protection for reputation of citizens. But free speech activists say there is no evidence to show that a defamation law deters a person who is out to spread lies.

The questionable utility of S.499, the scope for its abuse and the culture of self-censorship, they argue, removes it from the ambit of "reasonable restrictions" which the state can impose on free speech under article 19 (2) of the constitution.

"Hardly a day goes by in India without some rich and powerful person initiating or threatening to initiate defamation suits against rivals or traditional media or ordinary citizens on social media," said Sunil Abraham, executive director of the Bangalore-based Centre for Internet & Society. "It is unclear how much self-censorship is going on because Indians fearing jail terms avoid speaking truth to power.

On the issue of protecting people's dignity, Abraham said there is no prima facie evidence in India that criminalising defamation in India has resulted in the protection of the reputations of citizens from falsehoods.

"On the the other hand every other national media house and quite of few investigative journalists have been and continue to be harassed by criminal suits filed by the powerful," he told HuffPost India. "The chilling effect on speech is a disproportionate price for citizenry to pay for what is only a personal harm."

Under the leadership of Chief Minister J Jayalalithaa, the Tamil Nadu government filed 125 defamation cases against The Hindu and other publications between 2001 and 2004. On Tuesday, she filed a defamation suit against news portal Rediff.com for running two articles related to speculations about her health.

In the United States, defamation claims by public officials and public figures were severely curtailed after its Supreme Court ruled in 1964 that the complainant needs to prove actual malice with "clear and convincing" evidence. Further, truth is an absolute defence against defamation in the U.S.

On Tuesday, Swamy and Gandhi also argued that truth should be defence in defamation suits. “Truth is not a complete defence in criminal defamation. For a nation with a national motto of Satyameva Devata it is ironic," Swamy said.

BJP leader Swamy is of the view that defamation should only be subject to a civil suit which can be redressed by payment of monetary compensation. But the central government has argued that a defamer could be too poor to compensate the complainant.

"I am not saying there is no such thing as defamation. You can sue someone for defamation, but you cannot deprive someone of his liberty," he said in a recent interview with The Sunday Guardian.

Jayalalithaa filed a defamation suit against the senior BJP leader who alleged that most of the boats of Indian fishermen captured by Sri Lanka belong to the AIADMK chief, her close aide Sasikala and DMK leader TR Baalu.

The suit against the Congress Vice President was filed by the Rashtriya Swayamsevak Sangh for allegedly blaming the Hindu right-wing organisation for the assassination of Mahatma Gandhi.

BJP leader Nitin Gadkari sued Kejriwal after his name was included in AAP's list of "India's most corrupt."

"The accused is in the habit of making false and defamatory statements without any basis. The statements made by the accused and his party members have damaged and tarnished my image in the eyes of the people," Gadkari told the court, last year.

Legal analysts also find it hard to predict just how far the Supreme Court will go to protect free speech. Its judgment against S.66A of the IT Act is regarded as one of the biggest victories for free speech in India. Justice Misra was on the bench that struck down the provision for being “open-ended and unconstitutionally vague," and not fit to be covered under Article 19 (2).

But last month, in a judgment regarded as a blow to free speech, it was Justices Misra and Pant who ruled that freedom of speech is not an absolute right.

Senior Advocate Gopal Subramanium had argued, "Freedom to offend is also a part of freedom of speech.”

For more details visit https://cis-india.org/internet-governance/news/huffington-post-july-16-2015-betwa-sharma-criminal-defamation-the-urgent-cause-that-has-united-rahul-gandhi-arvind-kejriwal-and-subramanian-swamy

Criminal Defamation and the Supreme Court’s Loss of Reputation

bhairav — 2016-06-03T03:05:14Z

The Supreme Court’s refusal, in Subramanian Swamy v. Union of India, to strike down the anachronistic colonial offence of criminal defamation is wrong. Criminalising defamation serves no legitimate public purpose; the vehicle of criminalisation – sections 499 and 500 of the Indian Penal Code, 1860 (IPC) – is unconstitutional; and the court’s reasoning is woolly at best.

The article was published in the Wire on May 14, 2016.

Politics and censorship

Two kinds of defamation actions have emerged to capture popular attention. First, political interests have adopted defamation law to settle scores and engage in performative posturing for their constituents. And, second, powerful entities such as large corporations have exploited weaknesses in defamation law to threaten, harass, and intimidate journalists and critics.

The former phenomenon is not new. Colonial India saw an explosion of litigation as traditional legal structures were swept away and native disputes successfully migrated to the colonial courts. These included politically-motivated defamation actions that had little to do with protecting reputations. In fact, defamation litigation has long become an extension of politics, in many cases a new front for political manoeuvring.

The latter type of defamation action is far more sinister. Powerful elites, both individuals and corporations, have cynically misused the law of defamation to silence criticism and chill the free press. By filing excessive and often unfounded complaints that are dispersed across the country, which threaten journalists with imprisonment, powerful elites frighten journalists into submission and vindictively hound those who refuse to back down. Such actions are called Strategic Lawsuits against Public Participation (SLAPPs) which Rajeev Dhavan warns have created a new system of censorship.

Petitions and politicians

Defamation originates from the concept of scandalum magnatum – the slander of great men – which protected the reputations of aristocrats. The crime was linked to sedition, so insulting a lord was akin to treason. In today’s neo-feudal India, political leaders are contemporary aristocrats. Investigating them can invite devastating consequences, even death. Most of the time, they retaliate through defamation law. Since the criminal justice system is most compromised at its base, where the police and magistrates directly interact with people, the misuse of criminal defamation law hurts ordinary citizens.

This is different from politicians prosecuting each other since they rarely, if ever, suffer punishment. Of all the petitions before the Supreme Court concerning the decriminalisation of defamation, the three that received the most news coverage were those of Subramanian Swamy, Rahul Gandhi, and Arvind Kejriwal. They are all politicians, their petitions were made in response to defamation complaints filed by rival politicians. On the other hand, there are numerous cases which politicians have filed against private members of civil society to silence them. When presented with these concerns, the Supreme Court simply failed to seriously engage with them.

The architecture of defamation

Defamation has many species, a convoluted history, and complex defences. Defamation can be committed by the spoken word, which is slander, or the written word, which is libel. The historical distinction between these two modes of defamation is based on the permanence of written words. Before the invention of the printing press, the law was chiefly concerned with slander. But as written ideas proliferated through mass publication technologies, libel came to be viewed as more malevolent and the law visited serious punishments on writers and publishers.

Such a distinction presumes a literate readership. In largely illiterate societies, the spoken word was more potent. This is why films and radio have long attracted censorship and state control in India. Before mass publishing forked defamation into libel and slander, there existed only the historical crime of libel. Historical libel had four species: seditious libel, blasphemous libel, obscene libel, and defamatory libel.

Seditious libel, which has been repealed in Britain, prospers in India as the offence of sedition which is criminalised by section 124A of the IPC. Blasphemous libel, repealed in Britain, fares well in India as the offence of blasphemy under section 295A of the IPC. Obscene libel, as the offence of obscenity, is criminalised by section 294 of the IPC. And defamatory libel, repealed in Britain, which is the offence of criminal defamation that the Subramanian Swamy case upheld, continues to exist under section 499 of the IPC.

Confusing harms

Of the many errors that litter the Supreme Court’s May 13, 2016 judgment in the Subramanian Swamy case, perhaps the most egregious is the failure to recognise the harm that criminal defamation poses to a healthy civil society in a free democracy. At the crux of this mistake is the Supreme Court’s failure to distinguish between private injury and social harm. Two people may, in their private capacities, litigate a civil suit to recover damages if one feels the other has injured her reputation. This private action of defamation was not in issue before the court.

On the other hand, by criminalising defamation, why should the state protect the reputations of individuals while expending public resources to do so? This goes to the concept of crime. When an action is serious enough to harm society it is criminalised. Rape strikes at the root of public safety, human dignity, equality, and peace, so it is a crime. A breach of contract only injures the party who was expecting the performance of contractual duties; it does not harm society, so it is not a crime. Similarly, a loss of reputation, which is by itself difficult to quantify, does no harm to society and so it should not be a crime.

Truth and the public good

It may be argued, and the Supreme Court hints, that at its fundament, society is premised on the need for truth; so lies should be penalised. This is where defamation law wanders into moral policing. In Indian and European philosophies, truth is consecrated as a moral good. The Supreme Court quotes from the Bhagavad Gita on the virtue of truth. But while quotes like these are undoubtedly meaningful, they have no utility in a constitutional challenge. In reality, society is composed of truth, lies, untruths, half-truths, rumour, satire, and a lot more. In fact, the more shades of opinion there are, the livelier that society is. So lies should not invite criminal liability.

If we concede the moral debate and arrive at a consensus that the law must privilege truth over lies, then truth alone should be a complete defence to defamation. If the law criminalises untruth, then it must sanctify truth. That means when tried for the crime of defamation, a journalist must be acquitted if her writing is true. But the law and the Supreme Court require more. In addition to proving the truth, the journalist must prove that her writing serves the public good. So speaking truth is illegal if it does not serve the public good.

In fact, truth has only recently been recognised as a defence to defamation, albeit not a complete defence. This belies the social foundations of criminal defamation law. The purpose of the offence is not to uphold truth, it is to protect the reputations of the powerful. But what is reputation? The Supreme Court spends 25 pages trying to answer this question with no success. Instead, the court declares that reputation is protected by the right to life guaranteed by Article 21 of the Indian Constitution but it offers no sound reasoning to support this claim. The court also fails to explain why the private civil action of defamation is insufficient to protect reputation.

The constitution and constitutionalism

There are two core constitutional questions posed by the Subramanian Swamy case. They are:

Does the crime of defamation fall within one of the nine grounds listed in Article 19(2) of the constitution; and
Are sections 499 and 500 of the IPC which criminalise and punish defamation reasonable restrictions on the right to free speech?

Article 19(2) contains nine grounds in the interests of which a law may reasonably restrict the right to free speech. Defamation is one of the nine grounds, but the provision is silent as to which type of defamation, civil or criminal, it considers. However, B.R. Ambedkar’s comments in the Constituent Assembly arguably indicate that criminal defamation was intended to be a ground to restrict free speech.

The answer to the second question lies in measuring the reasonableness of the restriction criminal defamation places on free speech. If the restriction is proportionate to the social harm caused by defamation, then it is reasonable. However, restating an earlier point, criminalising defamation serves no legitimate public purpose because society is unconcerned with the reputations of a few individuals. Even if society is concerned with private reputations, the private civil action of defamation is more than sufficient to protect private interests. Further, the danger that current criminal defamation law poses to India’s free speech environment is considerable. Dhavan says: “Defamation cases [are] a weapon by which the rich and powerful silence their critics and censor a democracy.”

The Subramanian Swamy case highlights several worrying trends in India’s constitutional jurisprudence. The judgment is delivered by one judge speaking for a bench of two. Such critically significant constitutional challenges cannot be left to the whims of two unelected and unaccountable men. Moreover, from its position as the guarantor of individual freedoms, the Supreme Court appears to be in retreat. This will have far-reaching and negative consequences for India’s citizenry. If the court fails to enhance individual freedoms, what is its constitutional role? The judiciary would do well to stay away from policy mundanities and focus on promoting India’s democratic project, lest it injure its own reputation.

For more details visit https://cis-india.org/internet-governance/blog/criminal-defamation-and-the-supreme-court2019s-loss-of-reputation