We are anonymous, we are legion

July 2015 Bulletin

praskrishna — 2015-11-21T16:23:52Z

Our newsletter for the month of July is below:

We are happy to share with you the seventh issue of the Centre for Internet and Society (CIS) newsletter (July 2015). The past editions of the newsletter can be accessed at http://cis-india.org/about/newsletters.

Highlights

NVDA team conducted a training at SIES College, Sion, Mumbai. Thirty-four delegates attended the training programme. A training workshop was held at Anne Jane Askwith Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli by NVDA team. Sixteen delegates participated in this. Konkani Wikipedia is the second Wikimedia project after Odia Wikisource that has gone live out of incubation. The project stayed in the incubation for nine long years and the community has gone through a long debate to have a Wikipedia of their own. Subhashish Panigrahi has blogged on this highlighting the three Konkani Wikimedians. The 30^th Session of the WIPO Standing Committee on Copyrights and Related Rights was held in Geneva from June 29 to July 3. Nehaa Chaudhari prepared a statement about the negotiations on the Proposed Treaty for Broadcasting Organisations. Sumandro Chattapadhyay wrote an article in the Hindustan Times about India’s “Digital India” initiative to develop communication infrastructure, government information systems, and general capacity to digitise public life in India. CIS published the first draft of its analysis on technology business incubators ("TBI") in India. The report prepared by Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak looks at operating procedures, success stories and lessons that can be learnt from TBIs in India. Pranesh Prakash did a brief analysis about the Department of Telecommunications Panel Report on Net Neutrality. CIS has participated in the Expert Committee for DNA Profiling constituted by the Department of Biotechnology in 2012 for the purpose of deliberating on and finalizing the draft Human DNA Profiling Bill and appreciates this opportunity. CIS has prepared a dissent note to the Expert Committee on DNA Profiling. In the last few decades, all major common law jurisdictions have decriminalised non-procreative sex – oral and anal sex (sodomy) – to allow private, consensual, and non-commercial homosexual intercourse. Bhairav Acharya brought out the developments from across the world in a blog entry. As part of its project on mapping cyber security actors in South Asia and South East Asia, CIS conducted interviews with a Tibetan security researcher and information activist and Shantanu Ghosh, Managing Director, Symantec Product Operations, India. CIS, the Observer Research Foundation, the Internet Policy Observatory, the Centre for Global Communication Studies and the Annenberg School for Communication, University of Pennsylvania had organized a conference in April in New Delhi. The findings have been condensed in a report titled “Effective research, policy formulation, and the development of regulatory frameworks in South Asia”. Pranesh Prakash in a research paper titled Regulatory Perspectives on Net Neutrality gives an overview on why India needs to put in place net neutrality regulations, and the form that those regulations must take to avoid being over-regulation. Rakshanda Deka undertook an analysis on the anti-spam laws in different jurisdictions. This analysis is a part of a larger attempt at formulating a model anti-spam law for India by analysing the existing spam laws across the world. As part of the 'Studying Internets in India' series, RAW has published blog entries on WhatsApp and the Creation of a Transnational Sociality; Users and the Internet; Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi; Studying the Internet Discourse in India through the Prism of Human Rights; and 'Originality,' 'Authenticity,' and 'Experimentation': Understanding Tagore’s Music on YouTube. The National Optic Fibre Network, a part of the Government's Digital India Initiative, has been in the news since the recent Expert Committee Report. Aditya Garg in a blog entry examined the accountability of the funding of the project.

Accessibility and Inclusion

Under a grant from the Hans Foundation we are doing two projects. The first project is on creating a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India. CIS in partnership with CLPR (Centre for Law and Policy Research) compiled the National Compendium of Policies, Programmes and Schemes for Persons with Disabilities (29 states and 6 union territories). The publication has been finalised and is being printed. The draft chapters and the quarterly reports can be accessed on the project page. The second project is on developing text-to-speech software for 15 Indian languages. The progress made so far in the project can be accessed here.

NVDA and eSpeak

Monthly Updates

July 2015 Report (Suman Dogra; July 31, 2015).

Event Reports

The training programmes were held in June and the reports were published in July:

Tamil Computing with NVDA Training Workshop (Organized by NVDA team: Anne Jane Ask with Higher Secondary School for the Visually Impaired, Palayamkottai, Tirunelveli; June 3 – 7, 2015).
Training in eSpeak Marathi (Organized by NVDA team; SIES College, Sion, Mumbai; June 28, 2015).

Access to Knowledge

As part of the Access to Knowledge programme we are doing two projects. The first one (Pervasive Technologies) under a grant from the International Development Research Centre (IDRC) is for research on the complex interplay between pervasive technologies and intellectual property to support intellectual property norms that encourage the proliferation and development of such technologies as a social good. The second one (Wikipedia) under a grant from the Wikimedia Foundation is for the growth of Indic language communities and projects by designing community collaborations and partnerships that recruit and cultivate new editors and explore innovative approaches to building projects.

Submission / Comment

Statement by the Centre for Internet and Society on the Broadcast Treaty at SCCR 30 (Nehaa Chaudhari; July 2, 2015).

Wikipedia

As part of the project grant from the Wikimedia Foundation we have reached out to more than 3500 people across India by organizing more than 100 outreach events and catalysed the release of encyclopaedic and other content under the Creative Commons (CC-BY-3.0) license in four Indian languages (21 books in Telugu, 13 in Odia, 4 volumes of encyclopaedia in Konkani and 6 volumes in Kannada, and 1 book on Odia language history in English).

Blog Entries

Reading Devanagari Script based sites like Konkani Wikipedia in Kannada Script (Dr. U.B. Pavanaja; July 13, 2015).
Konkani Wikipedia Goes Live After 'Nine Years' of Incubation (Subhashish Panigrahi; July 18, 2015).

Events Co-organized

Christ University Undergraduate Programme (Organized by CIS-A2K; Bangalore; July 1 - 8, 2015). Students were initiated into the Wikimedia activities with hands on sessions of typing on Wikisource. Faculty of the Christ University helped the A2K team in deciding on the texts that were to be typed. These texts will provide much needed impetus for Wikisource related activities in Indian Languages. Wikipedia Education Programme at Christ University received support from Ravishankar.A of the Tamil Wikimedia community and Sayant Mahato from Sanskrit Wikimedia community.
Aloysius College (Organized by CIS-A2K; Mangalore; July 1 – 4, 2015). Tulu and Kannada Wikipedia workshops were conducted in St. Aloysis College, Mangalore. Tulu Wikipedia is in Incubator and a small community is growing in Mangalore. Pavanaja U.B. and Rahmanuddin Shaik participated in this events.
Media Wiki Train the Trainer Program (Organized by CIS-A2K; Bangalore; June 24 – 27, 2015): A four-day long train-the-trainer program aimed at building leadership among technical contributors to Indic language Wikimedians in the areas of bugs, bots--Pywikipedia and Auto Wiki Browser, various MediaWiki tools, and translations. Ravishankar A. from Wikimedia India, MediaWiki developers Pavithra H., Yogesh Omshivaprakash H.L. and Harsh Kothari, and Tamil Wikimedian Dineshkumar Ponnusamy provided support for the event.

Participation in Events

Wikimania 2015 (Organized by Wikimedia Foundation; Mexico City; July 15 - 19, 2015): A whole day was dedicated for evaluation of strategies and activities by various major stakeholders of the Wikimedia movement. Community members who lead major activities, Wikimedia chapters, affiliate organizations and Wikimedia Foundation itself took part in the discussions. There were several group activities, exchange of ideas focused on project and community level outreach and other activities, tools and techniques, and best practices. Subhashish Panigrahi participated in this event and gave a talk on How to do Guerrilla GLAM. Subhashish Panigrahi was a panelist along with Rohini Lakshané in the session “Edit-a-thons for Bridging the Gender Gap on Wikimedia: A Panel Discussion”. An Indic Meet-up was also organized. Wikimedians from India, Bangladesh and Nepal representing various language communities, Wikimedia India, Wikimedia Bangladesh, Wikimedia Nepal, and Access to Knowledge (CIS-A2K) gathered to discuss about various challenges, cross-community collaborative projects, organizing larger events, and strategies to grow the Wikimedia movement in South Asia.
Classical Languages in the Digital Era Conference (Organized by Central Institute of Indian Languages, Mysore; July 17, 2015) Tanveer Hasan participated in this conference aimed at discussing about the future of Indian classical languages in the digital era.

Media Coverage

Not many contributors for Kannada-centric Wiki page (The Times of India, July 5, 2015)
Upload More Kannada Articles on Wikipedia (Indian Express, July 5, 2015)
Kannada Wikipedia Workshop in Mangaluru (Udayavani; July 5, 2015)
Kannada Wikipedia Workshop in Mangaluru (Prajavani; July 5, 2015)

Staff Movement

Tito Dutta, Luis Gomes and Abhinav Garule have joined the CIS-A2K team as Programme Associates from March this year. Tito is working for internal documentation and resource building, and Luis and Abhinav are implementing the Konkani and Marathi work plan respectively along with community liaison.

Internet Governance

As part of its research on privacy and free speech, CIS is engaged with two different projects. The first one (under a grant from Privacy International and International Development Research Centre (IDRC)) is on surveillance and freedom of expression (SAFEGUARDS). The second one (under a grant from MacArthur Foundation) is on studying the restrictions placed on freedom of expression online by the Indian government.

Free Speech and Expression

Blog Entries

Regulatory Perspectives on Net Neutrality (Pranesh Prakash; July 8, 2015). Vidushi Marda and Tarun Krishnakumar assisted Pranesh Prakash in this.
Free Speech Policy in India: Community, Custom, Censorship, and the Future of Internet Regulation (Bhairav Acharya; July 13, 2015).
Net Neutrality and the Law of Common Carriage (Bhairav Acharya; July 14, 2015).
Freedom of Expression in a Digital Age (Geetha Hariharan and Jyoti Panday; July 14, 2015). CIS, the Observer Research Foundation, the Internet Policy Observatory, the Centre for Global Communication Studies and the Annenberg School for Communication, University of Pennsylvania organized this conference on April 21, 2015 in New Delhi. Elonnai Hickok edited the report.
Clearing Misconceptions: What the DoT Panel Report on Net Neutrality Says (and Doesn't) (Pranesh Prakash; July 21, 2015).
Role of Intermediaries in Countering Online Abuse (Jyoti Panday; July 31, 2015). This got published as two blog entries in the NALSAR Law Tech Blog. Part 1 can be accessed here and Part 2 here.

Event Co-organized

A Public Discussion on Criminal Defamation in India (Organized by CIS, the Network of Women in Media, India; and Media Watch; Bangalore; July 29, 2015). The event was a public discussion about the continued criminalisation of defamation in India.

Participation in Event

Roundtable discussion on WHOIS (Organized by Department of Electronics & Information Technology (DeitY), Govt. of India; July 28, 2015; New Delhi). Sunil Abraham and Vidushi Marda participated in the discussion remotely. Aditya Garg attended in person.

Privacy

Blog Entries

Anti-Spam Laws in Different Jurisdictions: A Comparative Analysis (Rakshanda Deka; July 2, 2015).
A Dissent Note to the Expert Committee for DNA Profiling (Elonnai Hickok; July 17, 2015). Click for DNA Bill Functions, DNA List of Offences, and CIS Note on DNA Bill. A modified version was published by Citizen Matters Bangalore on July 28.
Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality (Bhairav Acharya; July 18, 2015).
Aadhaar Number vs the Social Security Number (Elonnai Hickok; July 21, 2015).

Participation in Event

7th Best Practices Meet 2015 (Organized by Data Security Council of India; Bangalore; July 9 – 10, 2015). Sunil Abraham was a panelist in the session "Architecting Security for transformation to Digital India". Elonnai Hickok was a panelist in the session "Steering privacy in the age of extreme innovation technology & business models."

Cyber Security

Videos

Cyber Security Series Part 23 (Purba Sarkar; July 13, 2015). CIS interviews a Tibetan security researcher and information activist.
Cyber Security Series Part 24 (Purba Sarkar; July 15, 2015). CIS interviews Shantanu Ghosh, Managing Director, Symantec Product Operations, India, as part of the Cybersecurity Series.

Miscellaneous

Article

Iron out contradictions in the Digital India programme (Sumandro Chattapadhyay; Hindustan Times; July 28, 2015).

Research Paper

First draft of Technology Business Incubators: An Indian Perspective and Implementation Guidance Report (Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak; July 25, 2015).

Telecom

CIS is involved in promoting access and accessibility to telecommunications services and resources and has provided inputs to ongoing policy discussions and consultation papers published by TRAI. It has prepared reports on unlicensed spectrum and accessibility of mobile phones for persons with disabilities and also works with the USOF to include funding projects for persons with disabilities in its mandate:

Op-ed

The Centrality of Cash Flows (Shyam Ponappa; Business Standard; July 1, 2015 and Organizing India Blogspot; July 2, 2015).

Blog Entry

Funding of National Optic Fibre Network (NOFN) - Who's Accountable? (Aditya Garg; July 17, 2015).

Researchers at Work

The Researchers at Work (RAW) programme is an interdisciplinary research initiative driven by contemporary concerns to understand the reconfigurations of social practices and structures through the Internet and digital media technologies, and vice versa. It is interested in producing local and contextual accounts of interactions, negotiations, and resolutions between the Internet, and socio-material and geo-political processes:

Blog Entries

WhatsApp and the Creation of a Transnational Sociality (Maitrayee Deka; July 1, 2015).
Users and the Internet (Purbasha Auddy; July 10, 2015).
Effective Activism: The Internet, Social Media, and Hierarchical Activism in New Delhi (Sarah McKeever; July 16, 2015).
Studying the Internet Discourse in India through the Prism of Human Rights (Deva Prasad M.; July 22, 2015).
'Originality,' 'Authenticity,' and 'Experimentation': Understanding Tagore’s Music on YouTube) (Ipsita Sengupta; July 27, 2015).

News & Media Coverage

CIS gave its inputs to the following media coverage:

'IRCTC’s Aadhaar play can violate SC order and derail National Security' (Shubhra Rishi; CIO.IN; July 1, 2015).
The Digital Divide: pros and cons of Modi's latest big initiative (Suhas Munshi; July 2, 2015).
Corporate push to Modi’s Rs.4.5-billion digital dream (Rakesh Kumar; The Statesman; July 13, 2015).
Criminal Defamation: The Urgent Cause That has United Rahul Gandhi, Arvind Kejriwal and Subramanian Swamy (Betwa Sharma; Huffington Post; July 15, 2015).
Five Nations, One Future? (Bjorn Ludtke, Ellen Lee, Jaideep Sen, Gwendolyn Ledger, David Nicholson, and Jesko Johannsen; Voestalpine; July 18, 2015).
The scariest bill in Parliament is getting no attention – here’s what you need to know about it (Nayantara Narayanan; Scroll.in; July 24, 2015)
Regulation, misuse concerns still dog DNA profiling bill (Nikita Mehta; Livemint; July 29, 2015)

About CIS

The Centre for Internet and Society (CIS) is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, open access, open educational resources, and open video), internet governance, telecommunication reform, digital privacy, and cyber-security. The academic research at CIS seeks to understand the mediation and reconfiguration of social and cultural processes and structures by the internet and digital media technologies.

► Follow us elsewhere

CIS - Twitter: http://twitter.com/cis_india
Access to Knowledge - Twitter: https://twitter.com/CISA2K
Access to Knowledge - Facebook: https://www.facebook.com/cisa2k
Access to Knowledge - E-Mail: a2k@cis-india.org
Researchers at Work - E-Mail: raw@cis-india.org
Researchers at Work - Mailing List: https://lists.ghserv.net/mailman/listinfo/researchers

► Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

► Request for Collaboration

We invite researchers, practitioners, artists, and theoreticians, both organisationally and as individuals, to engage with us on topics related internet and society, and improve our collective understanding of this field. To discuss such possibilities, please write to Sunil Abraham, Executive Director, at sunil@cis-india.org (for policy research), or Sumandro Chattapadhyay, Research Director, at sumandro@cis-india.org (for academic research), with an indication of the form and the content of the collaboration you might be interested in. To discuss collaborations on Indic language Wikipedia projects, write to Tanveer Hasan, Programme Officer, Access to Knowledge, at tanveer@cis-india.org.

CIS is grateful to its primary donor the Kusuma Trust founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin for its core funding and support for most of its projects. CIS is also grateful to its other donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation, MacArthur Foundation, and IDRC for funding its various projects.

For more details visit https://cis-india.org/about/newsletters/july-2015-bulletin

Multi-stakeholder Advisory Group Analysis

jyoti — 2016-04-12T10:02:31Z

This analysis has been done to see the trend in the selection and rotation of the members of the Multistakeholder advisory group (MAG) in the Internet Governance Forum (IGF). The MAG has been functional for nine years from 2006-2015. The analysis is based on data procured, collated and organised by Pranesh Prakash and Jyoti Panday. Shambhavi Singh, Law Student, NLU Delhi who was interning with CIS at the time also assisted with the organisation and analysis of the data.

The researcher has collected the data from the lists of members available in the public domain from 2010-2015. The lists prior to 2010 have been procured by the Centre for Internet and society from the UN Secretariat of the Internet Governance Forum (IGF).

This research is based solely upon the members and the nature of their stake holding has been analysed in the light of MAG terms of reference. No data has been made available regarding the nomination process and the criteria on which a particular member has been re-elected to the MAG (The IGF Secretariat does not share this data).

According to the analysis, in these six years, the MAG has had around 182 members from various stakeholder groups.

We have divided it into five stakeholder groups, Government, Civil Society, Industry, Technical Community and Academia. Any overlap between two or more of these groups has also been taken into account, for example- A member of the Internet Society (ISOC) being both in the Civil Society and Technical Community.

According to the MAG Terms of Reference[1], it is the prerogative of the UN Secretary General to select MAG Members. The general policy is that the MAG members are appointed for a period of one year, which is automatically renewed for 2 more years consecutively depending on their engagement in MAG activities.

There is also a policy of rotating off 1/3^rd members of MAG every year for diversity and taking new viewpoints in consideration. There is also an exceptional circumstance where a person might continue beyond three years in case there is a lack of candidates fitting the desired area.

However, it seems like the exception has become the norm as a whopping number of members have continued beyond 3 years, ranging from 4 years up to as long as 8 years, this figure rounds up to around 49. No doubt some of them are exceptional talents and difficult to replace. However, the lack of transparency in the nomination system makes it difficult to determine the basis on which these people continued beyond the usual term.

S. No.	Stakeholder	Number of years	Total Members continuing beyond 3 years
1	Civil Society	8, 6, 6, 4, 4,	5
2	Government/Industry	4, 5	2
3	Technical community/ Civil society	8, 8, 8, 6, 6, 4, 4, 4, 4,4	10
4	Industry/ Civil society	8, 6,	2
5	Industry	8, 7, 7, 6, 6, 4,	6
6	Industry/Tech Community/ Civil Society	8,	1
7	Government	7, 7, 7, 6, 6, 6, 6, 5, 5, 5, 5, 5, 5, 4, 4, 4, 4, 4, 4,	19
8	Academia	6, 6, 5,	3
9	Industry/ Tech community	6,	1

The stakeholders that have continued beyond 8 years have around 39% members from Government and related agencies. The next being Technical Community/Civil Society with around 20% representation, followed by Industry at 12%, 10% from the Civil Society, 6% from Academia, 4% from Government/Industry, 4% from Industry/Civil Society and 2% each from Industry/Technical Community and Industry/Technical Community/Civil Society respectively.

Table with overlapping interests merged

S. No.	Stakeholder	Total Members continuing beyond 3 years
1	Civil Society	7 + 9 + 1+1 = 18
2	Government	19
3	Tech Community	9 + 1 + 1+1 = 12
4	Industry	6 + 2 + 1 + 1+2 = 13
5	Academia	3

When the overlap is grouped separately, as in if a Technical Community/Civil Society person is placed both in Technical Community and Civil Society groups individually, then the representation of stakeholder representation is as follows(approximate values)-

Government- 29%

Civil Society- 28%

Industry- 20%

Technical Community-17%

Academia-5%

This clearly shows us that stakeholders from academia generally did not stay on MAG beyond 3 years. Even when all members that have ever been on MAG are taken into consideration, only around 8% representation has been from the academic community. This needs to be taken into account when new MAG members are selected in 2016.

The researcher has also looked at the MAG Representation based on gender and UN Regional Groups. The results of the analysis were as follows-

The ratio of male members is to female members is approximately 16:9 in the MAG and the approximate value in percentage being 64% and 36% respectively.

Now coming to the UN Regional Groups, the results that the analysis yielded were as follows-

The Western European and Others Group (WEOG) has the highest representation in MAG, a large number of members being from Switzerland, USA and UK. This is followed by the Asia Pacific Group which has 20% representation. The third largest is the African group with 19% representation followed by Latin American and Caribbean Group (GRULAC) and Eastern European Group with 13% and 12% representation respectively.

The representation of developed, developing and Least Developed Countries is as follows-

Developed countries have approximately 42% representation, developing countries having 53% and LDCs having a mere 5% representation. There should be some effort to strive for better LDC representation as they are the most backward when it comes to Global ICT Penetration. [2]

[1] Intgovforum.org, 'MAG Terms Of Reference' (2015) <http://www.intgovforum.org/cms/175-igf-2015/2041-mag-terms-of-reference> accessed 13 July 2015.

[2] ICT Facts And Figures (1st edn, International Telecommunication Union 2015) <http://www.itu.int/en/ITU-D/Statistics/Documents/facts/ICTFactsFigures2015.pdf> accessed 11 July 2015.

For more details visit https://cis-india.org/internet-governance/blog/mag-analysis

Role of Intermediaries in Countering Online Abuse

jyoti — 2015-08-02T16:38:36Z

The Internet can be a hostile space and protecting users from abuse without curtailing freedom of expression requires a balancing act on the part of online intermediaries.

This got published as two blog entries in the NALSAR Law Tech Blog. Part 1 can be accessed here and Part 2 here.

As platforms and services coalesce around user-generated content (UGC) and entrench themselves in the digital publishing universe, they are increasingly taking on the duties and responsibilities of protecting rights including taking reasonable measures to restrict unlawful speech. Arguments around the role of intermediaries tackling unlawful content usually center around the issue of regulation—when is it feasible to regulate speech and how best should this regulation be enforced?

Recently, Twitter found itself at the periphery of such questions when an anonymous user of the platform, @LutyensInsider, began posting slanderous and sexually explicit comments about Swati Chaturvedi, a Delhi-based journalist. The online spat which began in February last year, culminated into Swati filing an FIR against the anonymous user, last week. Within hours of the FIR, the anonymous user deleted the tweets and went silent. Predictably, Twitter users hailed this as a much needed deterrence to online harassment. Swati’s personal victory is worth celebrating, it is an encouragement for the many women bullied daily on the Internet, where harassment is rampant. However, while Swati might be well within her legal rights to counter slander, the rights and liabilities of private companies in such circumstances are often not as clear cut.

Should platforms like Twitter take on the mantle of deciding what speech is permissible or not? When and how should the limits on speech be drawn? Does this amount to private censorship?The answers are not easy and as the recent Grand Chamber of the European Court of Human Rights (ECtHR) judgment in the case of Delfi AS v. Estonia confirms, the role of UGC platforms in balancing the user rights, is an issue far from being settled. In its ruling, the ECtHR reasoned that because of their role in facilitating expression, online platforms have a requirement “to take effective measures to limit the dissemination of hate speech and speech inciting violence was not ‘private censorship”.

This is problematic because the decision moves the regime away from a framework that grants immunity from liability, as long as platforms meet certain criteria and procedures. In other words the ruling establishes strict liability for intermediaries in relation to manifestly illegal content, even if they may have no knowledge. The 'obligation' placed on the intermediary does not grant them safe harbour and is not proportionate to the monitoring and blocking capacity thus necessitated. Consequently, platforms might be incentivized to err on the side of caution and restrict comments or confine speech resulting in censorship. The ruling is especially worrying, as the standard of care placed on the intermediary does not recognize the different role played by intermediaries in detection and removal of unlawful content. Further, intermediary liability is its own legal regime and is at the same time, a subset of various legal issues that need an understanding of variation in scenarios, mediums and technology both globally and in India.

Law and Short of IT

Earlier this year, in a leaked memo, the Twitter CEO Dick Costolo took personal responsibility for his platform's chronic problem and failure to deal with harassment and abuse. In Swati's case, Twitter did not intervene or take steps to address harrassment. If it had to, Twitter (India), as all online intermediaries would be bound by the provisions established under Section 79 and accompanying Rules of the Information Technology Act. These legislations outline the obligations and conditions that intermediaries must fulfill to claim immunity from liability for third party content. Under the regime, upon receiving actual knowledge of unlawful information on their platform, the intermediary must comply with the notice and takedown (NTD) procedure for blocking and removal of content.

Private complainants could invoke the NTD procedure forcing intermediaries to act as adjudicators of an unlawful act—a role they are clearly ill-equipped to perform, especially when the content relates to political speech or alleged defamation or obscenity. The SC judgment in Shreya Singhal addressing this issue, read down the provision (Section 79 by holding that a takedown notice can only be effected if the complainant secures a court order to support her allegation. Further, it was held that the scope of restrictions under the mechanism is restricted to the specific categories identified under Article 19(2). Effectively, this means Twitter need not take down content in the absence of a court order.

Content Policy as Due Diligence

Another provision, Rule 3(2) prescribes a content policy which, prior to the Shreya Singhal judgment was a criteria for administering takedown. This content policy includes an exhaustive list of types of restricted expressions, though worryingly, the terms included in it are not clearly defined and go beyond the reasonable restrictions envisioned under Article 19(2). Terms such as “grossly harmful”, “objectionable”, “harassing”, “disparaging” and “hateful” are not defined anywhere in the Rules, are subjective and contestable as alternate interpretation and standard could be offered for the same term. Further, this content policy is not applicable to content created by the intermediary.

Prior to the SC verdict in Shreya Singhal, actual knowledge could have been interpreted to mean the intermediary is called upon its own judgement under sub-rule (4) to restrict impugned content in order to seek exemption from liability. While liability accrued from not complying with takedown requests under the content policy was clear, this is not the case anymore. By reading down of S. 79 (3) (b) the court has addressed the issue of intermediaries complying with places limits on the private censorship of intermediaries and the invisible censorship of opaque government takedown requests as they must and should adhere, to the boundaries set by Article 19(2). Following the SC judgment intermediaries do not have to administer takedowns without a court order thereby rendering this content policy redundant. As it stands, the content policy is an obligation that intermediaries must fulfill in order to be exempted from liability for UGC and this due diligence is limited to publishing rules and regulations, terms and conditions or user agreement informing users of the restrictions on content. The penalties for not publishing this content policy should be clarified.

Further, having been informed of what is permissible users are agreeing to comply with the policy outlined, by signing up to and using these platforms and services. The requirement of publishing content policy as due diligence is unnecessary given that mandating such ‘standard’ terms of use negates the difference between different types of intermediaries which accrue different kinds of liability. This also places an extraordinary power of censorship in the hands of the intermediary, which could easily stifle freedom of speech online. Such heavy handed regulation could make it impossible to publish critical views about anything without the risk of being summarily censored.

Twitter may have complied with its duties by publishing the content policy, though the obligation does not seem to be an effective deterrence. Strong safe harbour provisions for intermediaries are a crucial element in the promotion and protection of the right to freedom of expression online. By absolving platforms of responsibility for UGC as long as they publish a content policy that is vague and subjective is the very reason why India’s IT Rules are in fact, in urgent need of improvement.

Size Matters

The standards for blocking, reporting and responding to abuse vary across different categories of platforms. For example, it may be easier to counter trolls and abuse on blogs or forums where the owner or an administrator is monitoring comments and UGC. Usually platforms outline monitoring and reporting policies and procedures including recourse available to victims and action to be taken against violators. However, these measures are not always effective in curbing abuse as it is possible for users to create new accounts under different usernames. For example, in Swati’s case the anonymous user behind @LutyensInsider account changed their handle to @gregoryzackim and @gzackim before deleting all tweets. In this case, perhaps the fear of criminal charges ahead was enough to silence the anonymous user, which may not always be the case.

Tackling the Trolls

Most large intermediaries have privacy settings which restrict the audience for user posts as well as prevent strangers from contacting them as a general measure against online harassment. Platforms also publish monitoring policy outlining the procedure and mechanisms for users to register their complaint or report abuse. Often reporting and blocking mechanisms rely on community standards and users reporting unlawful content. Last week Twitter announced a new feature allowing lists of blocked users to be shared between users. An improvement on existing mechanism for blocking, the feature is aimed at making the service safer for people facing similar issues and while an improvement on standard policies defining permissible limits on content, such efforts may have their limitations.

The mechanisms follow a one-size-fits-all policy. First, such community driven efforts do not address concerns of differences in opinion and subjectivity. Swati in defending her actions stressed the “coarse discourse” prevalent on social media, though as this article points out she might be assumed guilty of using offensive and abusive language. Subjectivity and many interpretations of the same opinion can pave the way for many taking offense online. Earlier this month, Nikhil Wagle’s tweets criticising Prime Minister Narendra Modi as a “pervert” was interpreted as “abusive”, “offensive” and “spreading religious disharmony”. While platforms are within their rights to establish policies for dealing with issues faced by users, there is a real danger of them doing so for “political reasons” and based on “popularity” measures which may chill free speech. When many get behind a particular interpretation of an opinion, lawful speech may also be stifled as Sreemoyee Kundu found out. A victim of online abuse her account was blocked by Facebook owing to multiple reports from a “faceless fanatical mob”. Allowing the users to set standards of permissible speech is an improvement, though it runs the risk of mob justice and platforms need to be vigilant in applying such standards.

While it may be in the interest of platforms to keep a hands off approach to community policies, certain kind of content may necessiate intervention by the intermediary. There has been an increase in private companies modifying their content policy to place reasonable restriction on certain hateful behaviour in order to protect vulnerable or marginalised voices. Twitter and Reddit's policy change in addressing revenge porn are reflective of a growing understanding amongst stakeholders that in order to promote free expression of ideas, recognition and protection of certain rights on the Internet may be necessary. However, any approach to regulate user content must assess the effect of policy decisions on user rights. Google's stand on tackling revenge porn may be laudable, though the decision to push down 'piracy' sites in its search results could be seen to adversely impact the choice that users have. Terms of service implemented with subjectivity and lack of transparency can and does lead to private censorship.

The Way Forward

Harassment is damaging, because of the feeling of powerlessness that it invokes in the victims and online intermediaries represent new forms of power through which users' negotiate and manage their online identity. Content restriction policies and practices must address this power imbalance by adopting baseline safeguards and best practices. It is only fair that based on principles of equality and justice, intermediaries be held responsible for the damage caused to users due to wrongdoings of other users or when they fail to carry out their operations and services as prescribed by the law. However, in its present state, the intermediary liability regime in India is not sufficient to deal with online harassment and needs to evolve into a more nuanced form of governance.

Any liability framework must evolve bearing in mind the slippery slope of overbroad regulation and differing standards of community responsibility. Therefore, a balanced framework would need to include elements of both targeted regulation and soft forms of governance as liability regimes need to balance fundamental human rights and the interests of private companies. Often, achieving this balance is problematic given that these companies are expected to be adjudicators and may also be the target of the breach of rights, as is the case in Delfi v Estonia. Global frameworks such as the Manila Principles can be a way forward in developing effective mechanisms. The determination of content restriction practices should always adopt the least restrictive means of doing so, distinguishing between the classes of intermediary. They must evolve considering the proportionality of the harm, the nature of the content and the impact on affected users including the proximity of affected party to content uploader.

Further, intermediaries and governments should communicate a clear mechanism for review and appeal of restriction decisions. Content restriction policies should incorporate an effective right to be heard. In exceptional circumstances when this is not possible, a post facto review of the restricton order and its implementation must take place as soon as practicable. Further, unlawful content restricted for a limited duration or within a specific geography, must not extend beyond these limits and a periodic review should take place to ensure the validity of the restriction. Regular, systematic review of rules and guidelines guiding intermediary liability will go a long way in ensuring that such frameworks are not overly burdensome and remain effective.

For more details visit https://cis-india.org/internet-governance/blog/role-of-intermediaries-in-counting-online-abuse

Regulation, misuse concerns still dog DNA profiling bill

praskrishna — 2015-09-13T08:32:48Z

Experts fear such data could be used for non-forensic purposes and are concerned about the vast powers to be vested in proposed DNA profiling board.

The article by Nikita Mehta was published in Livemint on July 29, 2015. Sunil Abraham gave his inputs.

A bill aimed at creating a DNA database of offenders, slated for introduction in the monsoon session of Parliament, has been criticized by experts who fear that such information could be used for non-forensic purposes and are concerned about the vast powers sought to vested in a proposed DNA profiling board.

Despite changes made by the Department of Biotechnology, the final draft of the Human DNA Profiling Bill 2015 has drawn flak from the Centre for Internet and Society (CIS), a non-profit group that works on policy issues.

The bill seeks Parliament’s approval for plans to create a DNA bank of various offenders in order to prevent repeat offences and to regulate the process by defining infrastructure, training, qualifications, facilities and legalities.

The government says that conducting DNA analysis involves working with sensitive information which, if misused, can cause harm to a person or to society. There is, thus, a need to restrict the use of DNA profiles through an Act of Parliament only for lawful purposes of establishing someone’s identity in a criminal or civil case and for other specified purposes.

The bill seeks to establish standards for laboratories, staff qualifications, training, proficiency testing, collection of body substances, custody trail from collection to reporting and a data bank with policies of use and access to information, its retention and deletion.

The offences for which the database can be maintained range from criminal and civil offences to paternity disputes.

“We need this bill because there are so many unresolved cases. A judge can use this data as material evidence and speedy justice can be served,” said M.K. Bhan, former secretary of the department of biotechnology. “Tremendous amount of effort has been taken to consult all possible parties and the bill has been drafted and redrafted over the years,” Bhan added.

In its note of dissent, CIS raised objections about DNA profiling and DNA samples being used for identifying victims of accidents or disasters, for missing persons and in civil disputes. It also objected to the creation and maintenance of a population statistics databank that is to be used, as prescribed, for the purposes of identification.

“One problem is accuracy. Unlike comparisons between digital signatures which can either have matches or no matches, biometric signatures will have a level of accuracy, so there can be a few false matches. Hence unnecessary widening of the data will reduce the accuracy of this system,” said Sunil Abraham, executive director at CIS.

CIS further noted that a DNA Profiling Board proposed by the bill will have vast powers, including those of authorizing procedures for DNA profiling for civil and criminal investigation, drawing up a list of instances for the application of human DNA profiling and undertaking any other activity which in the opinion of the Board advances the purposes of the Act. The DNA Profiling Board will consist of eminent scientists, administrators and law enforcement officers who will administer and carry out other functions assigned to it under the Act.

“Usually when regulators are created, the mandate is extremely clear. In this bill it is quite vague and there should not be so many things left to the discretionary powers of the board,” said Abraham who was part of the consultation process for the bill. He added that a number of changes have been introduced to the bill, including reduction of powers of the board, tighter definitions and more privacy safeguards.

“Any regulatory system requires external auditing, that should be taken into view. Another issue that was being looked at was that the forensic system should be outside police jurisdiction as they may have vested interests,” Bhan said.

The CIS note pointed out that although the bill refers to security and privacy procedures that labs are to follow, these have been left to be drawn up and implemented by the proposed DNA Board.

“This proposal has been doing the rounds for years and I can vouch for the scientific infallibility of using DNA profiling for carrying out justice. That being said, the bill does not provide verifiable or implementable safeguards for misuse of this data and lack of accountability of public servants can cause serious jeopardy to the privacy of citizens,” said K.P.C. Gandhi, a forensic scientist and founder chairman at Truth Labs, an independent forensic science laboratory.

For more details visit https://cis-india.org/internet-governance/news/livemint-nikita-mehta-july-29-2015-regulation-misuse-concerns-still-dog-dna-profiling-bill

Roundtable discussion on WHOIS

vidushi — 2015-08-24T14:16:12Z

Sunil Abraham and Vidushi Marda participated remotely in a round-table discussion organized by the Department of Electronics & Information Technology (DeitY), Govt. of India on July 28, 2015. Aditya Garg, an intern at the Centre for Internet & Society also participated (in person) from New Delhi and made an intervention.

Dr. Ajay Kumar, Joint Secretary, DeitY chaired the round-table to seek expert input from all stakeholders at the national level, on various issues related to WHOIS (domain name) which are currently being discussed at the Public Safety Working Group (PSWG), an internal working group of Governmental Advisory Committee (GAC) of ICANN.

The PSWG will be focusing on ICANN’s policies and procedures that raise questions or have implications for the safety of the public, in connection with their use of the Internet. Current major areas of interest for PSWG are:

WHOIS
Enforcing Contractual Compliance with Registries and Registrars
Implementation of new gTLDs
Internationalized Domain Names (IDNs)

WHOIS is a long-term strategic priority for ICANN. ICANN’s Security and Stability Advisory Committee (SSAC) has issued 12 reports/advisories with reference to WHOIS.

The roundtable will served as a platform to discuss WHOIS policy / implementation issues for .IN <http://for .IN> registry.

For more details visit https://cis-india.org/internet-governance/news/round-table-discussion-on-whois

Iron out contradictions in the Digital India programme

sumandro — 2015-07-28T01:04:28Z

The Digital India initiative takes an ambitious 'Phir Bhi Dil Hai Hindustani' approach to develop communication infrastructure, government information systems, and general capacity to digitise public life in India. I of course use 'public life' in the sense of the wide sphere of interactions between people and public institutions.

The article was published in the Hindustan Times on July 15, 2015.

The 'Phir Bhi Dil Hai Hindustani' approach involves putting together Japanese shoes, British trousers, and a Russian cap to make an entertainer with a pure Indian heart. In this case, the analogy must not be understood as different components of the initiative coming from different countries, but as coming from different efforts to use digital technologies for governance in India.

It is deploying the Public Information Infrastructure vision, inclusive of the National Optical Fibre Network (now renamed as BharatNet) and the national cloud computing platform titled Meghraj, so passionately conceptualised and pursued by Sam Pitroda. It has chosen the Aadhaar ID and the authentication-as-a-service infrastructure built by Nandan Nilekani, Ram Sewak Sharma, and the team, as the identity platform for all governmental processes across Digital India projects. It has closely embraced the mandate proposed by Jaswant Singh led National Task Force on Information Technology and Software Development for completely electronic interface for paper-free citizen-government interactions.

The digital literacy and online education aspects of the initiative build upon the National Mission on Education through ICT driven by Kapil Sibal. Two of the three vision areas of the Digital India initiative, namely 'Digital infrastructure as a utility to every citizen' and 'governance and service on demand,' are directly drawn from the two core emphasis clusters of the National e-Governance Plan designed by R. Chandrashekhar and team, namely the creation of the national and state-level network and data infrastructures, and the National Mission Mode projects to enable electronic delivery of services across ministries.

And this is not a bad thing at all. In fact, the need for this programmatic and strategic convergence has been felt for quite some time now, and it is wonderful to see the Prime Minister directly addressing this need. Although, while drawing benefits from the existing programmes, the DI initiative must also deal with the challenges inherited in the process.

Recently circulated documents describes that the institutional framework for Digital India will be headed by a Monitoring Committee overseeing two main drivers of the initiative: the Digital India Advisory Group led by the minister of communication and information technology, and the Apex Committee chaired by the cabinet secretary. While the former will function primarily through guiding the implementation works by the Department of Electronics and Information Technology (DeitY), the latter will lead the activities of both the DeitY and the various sectoral ministries.

Here lies one possible institutional bottleneck that the Digital India architecture inherits from the National e-Governance Plan. Putting the DeitY in the driving seat of the digital transformation agenda in parallel with all other central government departments indicate an understanding that the transformation is fundamentally a technical issue. However, most often what is needed is administrative reform at a larger scale, and re-engineering of processes at a smaller scale.

Government agencies that have addressed such challenges in the past, such as the department of administrative reforms and public grievances, is not mentioned explicitly within the institutional framework, and instead DeitY has been trusted with a range of tasks that may be beyond its scope and core skills.

The danger of this is that the Digital India initiative will end up initiating more infrastructural and software projects, without transforming the underlying governmental processes. For example, the recently launched eBasta website creates a centralised online shop for publishers of educational materials to make books available for teachers to browse and select for their classes, and for the students to directly download, against payment or otherwise. The website has been developed by the Centre for Development of Advanced Computing and DeitY. At the same time, the ministry of human resource development, which is responsible for matters related to public education, has already collaborated with the Central Institute of Educational Technology and the Homi Bhabha Centre for Science Education in TIFR to build a comprehensive platform for multi-media resources for education – the National Repository of Open Educational Resources. The initial plans of the DI initiative are yet to explicitly recognise that the key challenge is not in building new applications and websites, but aligning existing efforts.

This mismatch, between what the Digital India initiative proposes to achieve and how it plans to achieve it, is further demonstrated in the 'e-Governance Policy Initiatives under Digital India' document. The compilation lists the key policies to govern designing and implementation of the Digital India programmes, but surprisingly fails to mention any policies, acts, and pending bills approved or initiated by any previous government. This is remarkably counter-productive as the existing policy frameworks, such as the Framework for Mobile Governance, the National Data Sharing and Accessibility Policy, and the Interoperability Framework for e-Governance, are suitably placed to complement the new policies around use of free of open source softwares for e-governance systems, so as to ensure their transparency, interoperability, and inclusive outreach. Several pending bills like The National Identification Authority of India Bill, 2010, The Electronic Delivery of Services Bill, 2011, and The Privacy (Protection) Bill, 2013, are absolutely fundamental for comprehensive and secure implementation of the various programmes under the Digital India initiative.

The next year will complete a decade of development of national e-governance systems in India, since the launch of National e-Governance Plan in 2006. Given this history of information systems sometimes partially implemented and sometimes working in isolation, a 'Phir Bhi Dil Hai Hindustani' approach to digitise India is a very pragmatic one. What we surely do not need is increased contradiction among e-governance systems. Simultaneously, we neither need digital systems that centralise governmental power within one ministry on technical grounds, or expose citizens to abuse of their digital identity and assets due to lack of sufficient legal frameworks.

(Sumandro Chattapadhyay is research director, The Centre for Internet and Society. The views expressed are personal.)

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-july-15-2015-sumandro-chattapadhyay-iron-out-contradictions-in-the-digital-india-programme

A Public Discussion on Criminal Defamation in India

bhairav — 2015-07-27T14:44:15Z

The Centre for Internet and Society (CIS); the Network of Women in Media, India; and Media Watch, Bengaluru, are hosting a public discussion on criminal defamation in India. The discussion will start at 5.30 pm on Wednesday, 29 July 2015, at the CIS office in Domlur, Bengaluru.


Pictured above: A poster of the event.

Decriminalising Defamation in India: A Brief Statement of Issues

Subramanian Swamy’s petition to decriminalise defamation has been joined in the Supreme Court by concurring petitions from Rahul Gandhi and Arvind Kejriwal. Defamation is criminalised by sections 499 and 500 of the Indian Penal Code, 1860 (IPC). Swamy and his unlikely cohorts want the Supreme Court to declare that these criminal defamation provisions interfere with the right to free speech and strike them down.

Although news coverage of the case has focused on the motivations and arguments of the three politicians, defamation should not be the sole province of celebrities and the powerful. Unfortunately, criminal defamation has emerged as a new system of censorship to silence journalists, writers, and activists. SLAPP suits (Strategic Lawsuits against Public Participation) are being increasingly used by large corporations to frighten and overwhelm critics and opponents. SLAPP suits are not designed to succeed – although they often do, they are intended to intimidate, harass, and outspend journalists and activists into submission.

The law of defamation rests on uncertain foundations. In medieval Europe defamation was dually prosecuted by the Church as a sin equal to sexual immorality, and by secular courts for the threat of violence that accompanied defamatory speech. These distinct concerns yielded a peculiar defence which fused two elements: truth, which shielded the speaker from the sin of lying; and, the public good, which protected the speaker from the charge of disrupting the public peace. This dual formulation – truth and the public good – remains the primary defence to defamation today.

India does not have a strong ‘fair comment’ defence to protect speech that is neither true nor intrinsically socially useful. This bolsters the law’s reflexive censorship of speech that falls outside the bounds of social utility and morality such as parody, caricature, outrageous opinion, sensationalism, and rumour. This failure affects cartoonists and tabloid sensationalism alike.

Defamation law is also open to procedural misuse to maximise its harrassive effect. Since speech that is published on the Internet or mass-printed and distributed can be read almost anywhere, the venue of criminal defamation proceedings can be chosen to inconvenience and exhaust a speaker into surrender. This motivation explains the peculiarly remote location of several defamation proceedings in India against journalists and magazine editors.

The offence of defamation commoditises reputation. While defamation remains a crime, the state must prosecute it as it does other crimes such as murder and rape. This merits the question: should the state expend public resources to defend the individual reputations of its citizens? Such a system notionally guarantees parity because if the state were to retreat from this role leaving private persons to fight for their own reputations, the market would favour the reputations of the rich and powerful at the expense of others.

These and other issues demand an informed and rigorous public discussion about the continued criminalisation of defamation in India.

Download the concept note prepared by Bhairav Acharya

For more details visit https://cis-india.org/internet-governance/events/a-public-discussion-on-criminal-defamation-in-india

Will Indians have to pay for WhatsApp?

pranesh — 2015-08-24T02:00:56Z

India's Department of Telecommunications (DoT) formed a panel in January 2015 to look into net neutrality in the country.

This was originally published by BBC on July 25. Pranesh Prakash has been quoted.

Net neutrality means service providers should treat all traffic equally. Users should be able to access all websites at the same speed and cost.

A battle to decide the future of the internet in India is being fought online, between telecom users and operators.

The panel has now released its report to the public and invited comments. Pranesh Prakash from the Centre for Internet Studies decodes the report and what it means for Indians.

What does the panel say?

Internet-based Over-the-top (OTT) communication services like WhatsApp, Viber, and the like are currently taking advantage of "regulatory arbitrage", meaning that the regulations that apply to non-Internet based communications services (telephone calls) are different from OTT communications services.

Under current rules, the OTT services don't have to get a licence from the government, don't have to abide by anti-spam, do-not-disturb regulations, share any revenue with the government or abide by national security conditions. The panel wants to bring these services under a licensing regime.

The report distinguishes between Internet-based voice calls (voice over IP, or VoIP) and messaging services and doesn't wish to interfere with the latter. This means it could regulate services like Skype, Viber and WhatsApp calls but not WhatsApp or Viber messages. It also distinguishes between domestic and international VoIP calls, and believes only the former need regulation. It is unclear on what basis these distinctions are made.

The core principles of net neutrality - which are undefined in the report, though definitions proposed in submissions they've received are quoted - should be adhered to. In the long-run, these should find place in a new law, but for the time being they can be enforced through the licence agreement between the government and telecom providers.

Where does the panel report go wrong?

The proposal by the panel to regulate VoIP services like Skype or Viber is a terrible idea.

Many important terms are left undefined, and many distinctions that the report draws are left unexplained. For instance, it is unclear on what regulatory basis the report distinguishes between domestic and international VoIP calls or between regulation of messaging services and VoIP services.

Will it increase cost of access to WhatsApp and Viber?

"Zero-rating" is a policy whereby telecoms providers agree not to pass on the costs of handling the data traffic so that consumers can receive services for free.

On the one hand, this could decrease the cost of access to WhatsApp and Viber. But that might not be allowed because free services could harm competition and distort markets.

Whether this will lead to consumers paying for WhatsApp and similar services depends on what kinds of regulations are placed on them, and if any costs are imposed on them.

Does the report uphold net neutrality?

The report is clear that it strongly endorses the "core principles of net neutrality".

On the issue of "zero-rating" the panel proposes some sound measures, saying that there should be a two-part mechanism for ensuring that "harmful" zero-rating doesn't go through.

First, telecom services need to submit "zero-rating" tariff proposals to an expert body constituted by telecoms department.

Second, consumers will be able to complain about the harmful usage of "zero-rating" by any service provider, which may result in a fine.

Where have people got the report wrong?

There have been reports saying that the panel has recommended increased charges for domestic VoIP calls. This is untrue.

There are reports saying the panel has given the go-ahead for all forms of zero-rating. Once again, this is untrue. The panel cites instances of zero-rating that aren't discriminatory, violative of net neutrality and don't harm competition or distort consumer markets (such as zero-rating of all Internet traffic for a limited time period). Then it goes on to state that the regulator should not allow zero-rating that violates the core principles of net neutrality.

Pranesh Prakash is policy director at the Centre for Internet and Society. A longer article he wrote on the panel report can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/bbc-july-25-2015-will-indians-have-to-pay-for-whatsapp

First draft of Technology Business Incubators: An Indian Perspective and Implementation Guidance Report

vidushi — 2015-07-25T16:14:44Z

The Centre for Internet and Society presents the first draft of its analysis on technology business incubators("TBI") in India. The report prepared by Sunil Abraham, Vidushi Marda, Udbhav Tiwari and Anumeha Karnatak looks at operating procedures, success stories and lessons that can be learnt from TBIs in India.

A technology business incubator (TBI) is an organisational setup that nurtures technology based and knowledge driven companies by helping them survive during the startup period in the company’s history, which lasts around the initial two to three years. Incubators do this by providing an integrated package of work space, shared office services, access to specialized equipment along with value added services like fund raising, legal services, business planning, technical assistance and networking support. The main objective of the technology business incubators is to produce successful business ventures that create jobs and wealth in the region, along with encouraging an attitude of innovation in the country as a whole.

The primary aspects that this report shall go into are the stages of a startup, the motivational factors behind establishing incubators by governments & private players, the process followed by them in selecting, nurturing talent as well as providing post incubation support. The report will also look at the role that incubators play in the general economy apart from their function of incubating companies, such as educational or public research roles. A series of case analysis of seven well established incubators from India shall follow which will look into their nurturing processes, success stories as well as lessons that can be learnt from their establishment. The final section shall look into challenges faced by incubators in developing economies and the measures taken by them to overcome these challenges.

Download the full paper

For more details visit https://cis-india.org/internet-governance/blog/technology-business-incubators

The scariest bill in Parliament is getting no attention – here’s what you need to know about it

sunil — 2015-09-13T07:56:42Z

A bill proposes creation of a national DNA data bank, without requisite safeguards for privacy, and opens the information to everything from civic disputes to compilation of statistics.

The blog post by Nayantara Narayanan was published in Scroll.in on July 24, 2015.

On Wednesday, the Narendra Modi government told the Supreme Court that India's citizens have no fundamental right to privacy. Attorney General Mukul Rohatgi referred to a 1950 court verdict which held that the right to privacy was not a fundamental right while defending the constitutional validity of the Aadhar scheme, a massive database of information of individual citizens including biometrics and bank accounts. At the same time, the government is planning another big database.

In the ongoing stormy monsoon session of Parliament, where the government and opposition have locked horns over several proposed legislation, Human DNA Profiling Bill 2015 has been making little noise but can have widespread impact on India’s criminal justice system and the privacy of citizens. The bill aims to regulate the collection and use of genetic material from crime scenes, and also proposes the creation of a national DNA databank that might be used for non-forensic purposes.

DNA is a mighty tool, especially in criminal forensics, but access to a person’s genetic information can be highly intrusive and dangerous. DNA contains information about health and genetic relationships that can influence employment, insurance. It can be tampered with and planted at crime scenes.

Law and poverty expert Usha Ramanathan and Centre for Internet and Society executive director Sunil Abraham, who are members of an expert committee on DNA profiling constituted by the government, have written dissent notes against the final draft of the Human DNA Profiling Bill. Ramanathan and Abraham are of the opinion that there aren’t adequate safeguards to privacy and too much power rests with the proposed DNA Profiling Board.

Ramanathan notes that one of the biggest challenges of a DNA database is function creep – the gradual widening of the use of a technology beyond the purpose for which it was originally intended. As this DNA profiling bill enters Parliament, here are some questions we should be asking.

Is DNA evidence infallible?

The short answer is “no”. Despite all the crime shows and murder movies we have seen where DNA evidence nails the perpetrator to the crime, DNA evidence is far from absolute. Genetic material recovered from a crime scene is likely to be only a partial strand of DNA. Analysing this partial strand can lead to a match with the person that left the DNA behind but can also lead to a coincidental match with people who happen to have a similar gene sequence in their DNA. False incriminations can happen when more than one person’s DNA get mixed at the crime scene, from DNA contamination, mislabelling and even degradation over time.

In the Aarushi Talwar murder case, for instance, the Hyderabad-based Centre for DNA Fingerprinting and Diagnostics altered its 2008 report in 2013 and admitted to typographical errors in the description of its DNA samples. The evidence could have changed the course of the investigation.

What will the national DNA database look like?

The bill proposes to set up a national DNA data bank and a number of state or regional data banks that will feed into the national data pool. Every data bank will have six categories under which DNA profiles will be filed – crime scene index, suspects’ index, offenders’ index, missing persons’ index, unknown deceased persons’ index, and volunteers’ index. The DNA profiling board will have the power to include more categories. In the offenders’ index, the DNA information will be linked to the name of the person from whom it was collected. All others will be linked to a case reference number.

What happens when my genetic material is on the database?

The bill gives sanction for broad use of DNA profiles and samples – to identify victims of accidents or disasters, to identify missing persons, for civil disputes and other offences. It also allows the information to be used to create population statistics, identification research, parental disputes, issues relating to reproductive technologies and migration. In his dissent note, Abraham argues that all non-forensic use should be rejected.

Cases like whether paternity should be determined, unwed mothers leaving their children and adopted children looking for their natural parents are hugely contestable things, said Ramanathan. “You are changing multiple structures and not recognising any of them,” she added.

Even though the bill allows for DNA information of offenders to be expunged once a court acquits them or sets aside a conviction, it makes no provision for removing other kinds of profiles.

The CDFD, which will be instrumental in building and processing DNA profiles, is using the CODIS software bought from the US's Federal Bureau of Investigation an compatible with their systems. The FBI used CODIS to identify victims of the terrorist attacks on the World Trade Center in 2001. More recently, the CDFD used CODIS to identify some who died in the Uttarakhand floods of 2013 after asking for 5,000 people who were possibly relatives of the deceased to undertake DNA testing.

Can the DNA profiling board protect our genetic information?

The bill grants the board vast powers to allow the use of DNA profiles in any civil and criminal proceedings that it deems necessary. “Ideally these powers would lie with the legislative or judicial branch,” Abraham said, in his dissent note. “Furthermore, the Bill establishes no mechanism for accountability or oversight over the functioning of the Board.”

Ramanathan questions the constitution of the board itself, her worry being that the board is not a body of disinterested officials. The secretary of the board is supposed to be from the Centre for DNA Fingerprinting and Diagnostics, an autonomous institute that will get a lot of work from the creation of the national DNA data bank.

Why does a DNA fingerprinting consent form ask for caste?

One of the most troubling features of the creation of a databank is the consent form to be signed by a person donating blood for DNA analysis. Along with name, gender and address, the form also asks for caste to be listed.

India has a history of unwarrantedly linking caste and community with criminality. Members of decriminalised tribes regularly report being harassed by the police and even having false cases foisted on them simply because they are linked to a certain community. Tagging caste onto genetic data can result in unfair profiling and identification errors.

The United Kingdom set up its national criminal DNA database in 1995. The database expanded over a decade by including genetic information of anyone who was arrested till more than one million innocent people were on it – including a grandmother who didn’t return a football to children who kicked it into her garden. The dangers of a genetic database are too much state oversight, false implication in crimes and a loss of privacy – none of which should come to pass without at least a debate.

For more details visit https://cis-india.org/internet-governance/news/the-scariest-bill-in-parliament-is-getting-no-attention-2013-here2019s-what-you-need-to-know-about-it

Clearing Misconceptions: What the DoT Panel Report on Net Neutrality Says (and Doesn't)

pranesh — 2015-07-21T12:36:26Z

There have been many misconceptions about what the DoT Panel Report on Net Neutrality says: the most popular ones being that they have recommended higher charges for services like WhatsApp and Viber, and that the report is an anti-Net neutrality report masquerading as a pro-Net neutrality report. Pranesh Prakash clears up these and other incorrect notions about the report in this brief analysis.

Background of the DoT panel

In January 2015, the Department of Telecommunication (DoT) formed a panel to look into "net neutrality from public policy objective, its advantages and limitations," as well the impact of a "regulated telecom services sector and unregulated content and applications sector". After spending a few months collecting both oral and written testimony from a number of players in this debate, and analysing it, on July 16 that panel submitted its report to the DoT and released it to the public for comments (till August 15, 2015). At the same time, independently, the Telecom Regulatory Authority of India (TRAI) is also considering the same set of issues. TRAI received more than a million responses in response to its consultation paper — the most TRAI has ever received on any topic — the vast majority of of them thanks in part to the great work of the Save the Internet campaign. TRAI is yet to submit its recommendations to the DoT. Once those recommendations are in, the DoT will have to take its call on how to go ahead with these two sets of issues: regulation of certain Internet-based communications services, and net neutrality.

Summary of the DoT panel report

The DoT panel had the tough job of synthesising the feedback from dozens of people and organizations. In this, they have done an acceptable job. Although, in multiple places, the panel has wrongly summarised the opinions of the "civil society" deponents: I was one of the deponents on the day that civil society actors presented their oral submissions, so I know. For instance, the panel report notes in 4.2.9.c that "According to civil society, competing applications like voice OTT services were eroding revenues of the government and the TSPs, creating security and privacy concerns, causing direct as well as indirect losses." I do not recall that being the main thrust of any civil society participant's submission before the panel. That having been said, one might still legitimately claim that none of these or other mistakes (which include errors like "emergency" instead of "emergence", "Tim Burners Lee" instead of "Tim Berners-Lee", etc.) are such that they have radically altered the report's analysis or recommendations.

The report makes some very important points that are worth noting, which can be broken into two broad headings:

On governmental regulation of OTTs

Internet-based (i.e., over-the-top, or "OTT") communications services (like WhatsApp, Viber, and the like) are currently taking advantage of "regulatory arbitrage": meaning that the regulations that apply to non-IP communications services and IP communications services are different. Under the current "unified licence" regime, WhatsApp, Viber, and other such services don't have to get a licence from the government, don't have to abide by anti-spam Do-Not-Disturb regulations, do not have to share any part of their revenue with the government, do not have to abide by national security terms in the licence, and in general are treated differently from other telecom services. The report wishes to bring these within a licensing regime.
The report distinguishes between Internet-based voice calls (voice over IP, or VoIP) and messaging services, and doesn't wish to interfere with the latter. It also distinguishes between domestic and international VoIP calls, and believes only the former need regulation. It is unclear on what bases these distinctions are made.
OTT "application services" do not need special telecom-oriented regulation.
There should a separation in regulatory terms between the network layer and the service layer. While this doesn't mean much in the short-term for Net neutrality, it will be very important in the long-term for ICT regulation, and is very welcome.

On Net neutrality

The core principles of Net neutrality — which are undefined in the report, though definitions proposed in submissions they've received are quoted — should be adhered to. In the long-run, these should find place in a new law, but for the time being they can be enforced through the licence agreement between the DoT and telecom providers.
On the contentious issue of zero-rating, a process that involves both ex-ante and ex-post regulation is envisaged to prevent harmful zero-rating, while allowing beneficial zero-rating. Further, the report notes that the supposed altruistic or "public interest" motives of the zero-rating scheme do not matter if they result in harm to competition, distort consumer markets, violate the core tenets of Net neutrality, or unduly benefit an Internet "gatekeeper".

Where does the DoT panel report go wrong?

The proposal by the DoT panel of a licensing regime for VoIP services is a terrible idea. It would presumptively hold all licence non-holders to be unlawful, and that should not be the case. While it is in India's national interest to want to hold VoIP services to account if they do not follow legitimate regulations, it is far better to do this through ex-post regulations rather than an ex-ante licensing scheme. A licensing scheme would benefit Indian VoIP companies (including services like Hike, which Airtel has invested in) over foreign companies like Viber. The report also doesn't say how one would distinguish between OTT communication services and OTT application services, when many apps such as food ordering apps, including text chat facilities. Further, VoIP need not be provided by a company: I run my own XMPP servers, which is a protocol used for both text and video/voice. Will a licensing regime force me to become a licence-holder or will it set a high bar? The DoT panel report doesn't say. Will there be a revenue-sharing mechanism, as is currently the case under the Unified Licence? If so, how will it be calculated in case of services like WhatsApp? These questions too find no answer in the report. All in all, this part of the report's analysis is found to be sadly wanting.
Many important terms are left undefined, and many distinctions that the report draws are left unexplained. For instance, it is unclear on what regulatory basis the report distinguishes between domestic and international VoIP calls — which is an unenforceable (not to mention regulatorily unimportant) distinction — or between regulation of messaging services and VoIP services, or what precisely they mean by "application-agnostic" and "application-specific" network management (since different scholars on this issue mean different things when they say "application").

What does the DoT panel report mean for consumers?

Not too much currently, since the DoT panel report is still just a set of recommendations by an expert body based on (invited) public consultations.
Does it uphold Net neutrality? The DoT panel report is clear that they strongly endorse the "core principles of Net neutrality". On the issue of "zero-rating", the panel proposes some sound measures, saying that there should be a two-part mechanism for ensuring that harmful zero-rating doesn't go through: First, telecom services need to submit zero-rating tariff proposals to an expert body constituted by DoT; and second consumers will be able to complain about the harmful usage of zero-rating by any service provider, which may result in a fine. What constitutes harm / violation of Net neutrality? The panel suggests that any tariff scheme that may harm competition, distorts the consumer market, or violates the core principles of Net neutrality is harmful. This makes sense.
Will it increase cost of access to WhatsApp and Viber? Well, one the one hand, zero-rating of those services could decrease the cost of access to WhatsApp and Viber, but that might not be allowed if the DoT panel recommendations are accepted, since that would possibly be judged to harm competition and distort the consumer markets. The DoT panel has also recommended bringing such services within a licensing framework to bridge the "regulatory arbitrage" that they are able benefit from (meaning that these services don't have to abide by many regulations that a telecom provider has to follow). Whether this will lead to WhatsApp and similar services charging depends on what kinds of regulations are placed on them, and if any costs are imposed on them. If the government decides to take the approach they took to ISPs in the late 90s (essentially, charging them Re. 1 as the licence fee), doesn't impose any revenue sharing (as they currently require of all telecom services), etc., then there needn't be any overly burdensome costs that WhatsApp-like services will need to pass on to consumers.

What misunderstandings do people have?

There are multiple news reports that the DoT panel has recommended increased charges for domestic VoIP calls, or that ISPs will now be able to double-charge. Both of these are untrue. The DoT panel's recommendations are about "regulatory arbitrage" and licensing, which need not be related to cost.
There is a fear that the exception from net neutrality of "managed services and enterprise services" is a "loophole", or that exceptions for "emergency services" and "desirable public or government services" are too vague and carry the potential of misuse. If one goes by the examples that the panel cites of managed services (e.g., services an ISP provides for a private company separately from the rest of the Internet, etc.), these fear seems largely misplaced. We must also realize the the panel report is a report, and not legislation, and the rationale for wanting exemptions from Net neutrality are clear.
The DoT panel has given the go-ahead for zero-rating. Once again, this is untrue. The panel cites instances of zero-rating that aren't discriminatory, violative of Net neutrality and don't harm competition or distort consumer markets (such as zero-rating of all Internet traffic for a limited time period). Then it goes on to state that the regulator should not allow zero-rating that violates the core principles of Net neutrality.

What's missing in the Net neutrality debate is nuance. It's become a debate in which you are either for Net neutrality or against it. However, none of the underlying components of Net neutrality — a complex mix of competition policy, innovation policy, the right to freedom of expression, etc. — are absolutes; therefore, it is clear that Net neutrality cannot be an absolute either.

For more details visit https://cis-india.org/internet-governance/blog/clearing-misconceptions-dot-panel-net-neutrality

Aadhaar Number vs the Social Security Number

elonnai — 2015-07-24T01:24:00Z

This blog calls out the differences between the Aadhaar Number and the Social Security Number

In response to news items that reported the Government of India running pilot projects to enroll children at the time of birth for Aadhaar numbers - an idea that government officials in the news items claimed was along the lines of the social security number - this note seeks to point out the ways in which the Aadhaar number and the social security number are different.[1]

Governance

SSN is governed by Federal legislation: The issuance, collection, and use of the SSN is governed by a number of Federal and State legislation with the most pertinent being the Social Security Act 1935[2] - which provides legal backing for the number, and the Privacy Act 1974 which regulates the collection, access, and sharing of the SSN by Federal Executive agencies.[3]

Aadhaar was constituted under the Planning Commission: The UIDAI was constituted as an attached office under the Planning Commission in 2009.[4] A Unique Identification Authority Bill has been drafted, but has not been enacted.[5] Though portions of the Information Technology Act 2008 apply to the UID scheme, section 43A and associated Rules (India's data protection standards) do not clearly apply to the UIDAI as the provision has jurisdiction only over body corporate.

Purpose

SSN was created as a number record keeping scheme for government services: The Social Security Act provides for the creation of a record keeping scheme - the SSN. Originally, the SSN was used as a means to track an individuals earnings in the Social Security system.[6] In 1943 via an executive order, the number was adopted across Federal agencies. Eventually the number has evolved from being a record keeping scheme into a means of identity. In 1977 it was clarified by the Carter administration that the number could act as a means to validate the status of an individual (for example if he or she could legally work in the country) but that it was not to serve as a national identity document.[7] Today the SSN serves as a number for tracking individuals in the social security system and as one (among other) form of identification for different services and businesses. Alone, the SSN card does not serve proof of identity, citizenship, and it cannot be used to transact with and does not have the ability to store information. [8]

Aadhaar was created as a biometric based authenticator and a single unique proof of identity: The Aadhaar number was established as a single proof of identity and address for any resident in India that can be used to authenticate the identity of an individual in transactions with organizations that have adopted the number. The scheme as been promoted as a tool for reducing fraud in the public distribution system and enabling the government to better deliver public benefits.[9]

Applicability

SSN is for citizens and non-citizens authorized to work: The social security number is primarily for citizens of the United States of America. In certain cases, non citizens who have been authorized by the Department of Homeland Security to work in the US may obtain a Social Security number.[10]

Aadhaar is for residents: The aadhaar number is available to any resident of India.[11]

Storage, Access, and Disclosure

SSN and applications are stored in the Numident: The numident is a centralized database containing the individuals original SNN and application and any re-application for the same. All information stored in the Numident is protected under the Privacy Act. Individuals may request records of their own personal information stored in the Numident. With the exception of the Department of Homeland Security and U.S Citizenship and Immigration Services, third parties may only request access to Numident records with the consent of the concerned individual.[12] Federal agencies and private entities that collect the SSN for a specific service store the number at the organizational level. The Privacy Act and various state level legislation regulates the disclosure, access, and sharing of the SSN number collected by agencies and organizations.

Aadhaar and data generated at multiple sources is stored in the CIDR and processed in the data warehouse: According to the report "Analytics, Empowering Operations", "At UIDAI, data generated at multiple sources would typically come to the CIDR (Central ID Repository), UIDAIs Data centre, through an online mechanism. There could be certain exceptional sources, like Contact centre or Resident consumer surveys, that will not feed into the Data center directly. Data is then processed in the Data Warehouse using Business Intelligence tools and converted into forms that can be accessed and shared easily." Examples of data that is stored in the CIDR include enrollments, letter delivery, authentication, processing, resident survey, training, and data from contact centres.[13] It is unclear if organizations that authenticate individuals via the Adhaar number store the number at the organizational level. Biometrics are listed as a form of sensitive personal information in the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) 2011, thus if any body corporate collects biometrics with the Aadhaar number - the storage, access, and disclosure of this information would be protected as per the Rules, but the Aadhaar number is not explicitly protected. [14]

Use by public and private entities

Public and private entities can request SSN: Public and private entities can request the SSN to track individuals in a system or as a form of identifying an individual. Any private business is allowed to request and use the SSN as long as the use does not violate federal or state law. Legally, an individual is only required to provide their SSN to a business if they are engaging in a transaction that requires notification to the Internal Revenue Service or the individual is initiating a transaction that is subject to federal Customer Identification Program rules.[15] Thus, an individual can refuse to provide their SSN, but a private business can also refuse to provide a service.[16]

Any public authority requesting the SSN must provide a disclosure notice to the individual explaining if the provision of SSN is required or optional. According to the Privacy Act of 1974, no individual can be denied a government service or benefit for not providing the SSN unless Federal law specifically requires the number for a particular service.[17] Thus, there are a number of Federal legislation in the U.S that specifically require the SSN. For example, the Social Security Independence and Program Improvements Act 1994 allows for the use of the SSN for jury selection and allows for cross matching of SSNs and Employer Identification Numbers for investigation into violation of Federal Laws. [18]

Public and private entities can request Aadhaar: The Aadhaar number can be adopted by any public or private entity as a single means of identifying an individual. The UIDAI has stated that the Aadhaar number is not mandatory,[19] and the Supreme Court of India has clarified that services cannot be denied on the grounds that an individual does not have an Aadhaar number.[20]

Verification

The SSN can be verified only in certain circumstances: The SSA will only respond to requests for SSN verification in certain circumstances:

Before issuing a replacement SSN, posting a wage item to the Master Earnings File, or establishing a claims record - the SSA will verify that the name and the number match as per their records.
When legally permitted, the SSA verification system will verify SSNs for government agencies.
When legally permitted the SSA verification system will verify a workers SSN for pre-registered and approved private employers.
If an individual has provided his/her consent, the SSA will verify a SSN request from a third party.

For verification the SSN number must be submitted with an accompanying name to be matched to and additional information such as date of birth, fathers name, mothers name etc. When verifying submitted SSN's, the system will respond with either confirmation that the information matches or that it does not match. It is important to note that because SSN is verified only in certain circumstances, it is not guaranteed that the person providing an SSN number is the person whom the number was assigned.[21]

The Aadhaar number can be verified in any transaction: If an organization, department, or platform has adopted the Aadhaar number as a form of authentication, they can send requests for verification to the UIDAI. The UIDAI will respond with a yes or no answer. When using their Aadhaar number as a form of authentication individuals can submit their number and demographic information or their number and biometrics for verification.[22]

Lost or stolen

SSN can be replaced: If an individual loses his/her SSN card lost or their number is fraudulently used, they can apply for a replacement SSN card or a new SNN number. [23]

Aadhaar number can be replaced: If an individual has lost their Aadhaar number, there is a process that they can follow to have their number re-sent to them. If the number cannot be located by the UIDAI , the individual has the option of re-enrolling for a new Aadhaar number.[24] The UIDAI has built the scheme with the understanding the biometrics are a unique identifier that cannot be lost or stolen, and thus have not created a system to address the possibility of stolen or fraudulent use of biometrics.

Implementation

Legislation and formal roll out: The SSN program was brought into existence via the Social Security Act and officially rolled out while eventually being adopted across Federal Departments.

Bill and pilot studies: The UID scheme has been envisioned as being brought into existence via the Unique Identification Authority Bill 2010 which has not been passed. Thus far, the project has been implemented in pilot phases across States and platforms.

Enrollment

Social Security Administration: The Social Security Agency is the soul body in the US that receives and processes applications for SSN and issues SSN numbers. [25]

UIDAI, registrars, and enrolling agencies: The UIDAI is the soul body that issues Aadhaar numbers. Registrars (contracted bodies under the UIDAI_ - and enrolling agencies (contracted bodies under Registrars) are responsible for receiving and processing enrollments into the UID scheme.

Required supporting documents

SSN requires proof of age, identity, and citizenship: To obtain a SSN you must be able to provide proof of your age, your identity, and US citizenship. The application form requires the following information:

Name to be shown on the card
Full name at birth, if different
Other names used
Mailing address
Citizenship or alien status
Sex
Race/ethnic description (SSA does not receive this information under EAB)
Date of birth
Place of birth
Mother's name at birth
Mother's SSN (SSA collects this information for the Internal Revenue Service (IRS) on an original application for a child under age 18. SSA does not retain these data.)
Fathers' name
Father's SSN (SSA collects this information for IRS on an original application for a child under age 18. SSA does not retain these data).
Whether applicant ever filed for an SSN before
Prior SSNs assigned
Name on most recent Social Security card
Different date of birth if used on an earlier SSN application.
Date application completed
Phone number
Signature
Applicant's relationship to the number holder.[26]

Aadhaar requires proof of age, address, birth, and residence and biometric information: The application form requires the following information:

Name
Date of birth
Gender
Address
Parent/guardian details
Email
Mobile number
Indication of consenting or not consenting to the sharing of information provided to the UIDAI with Public services including welfare services
Indication of if the individual wants the UIDAI to facilitate the opening of a bank account linked to the Aadhaar number and permits the sharing of information for this purpose
If the individual has no objection to linking their present bank account to the Aadhaar number and the relevant bank details
Signature[27]

[1] Sahil Makkar, "PM's idea to track kids from birth hits practical hurdles", Business Standard. April 11^th 2015. Available at: http://www.business-standard.com/article/current-affairs/pm-s-idea-to-track-kids-from-birth-hits-practical-hurdles-115041100828_1.html

[2] The Social Security Act of 1935. Available at: http://www.ssa.gov/history/35act.html

[3] The United States Department of Justice, "Overview of the Privacy Act of 1974". Available at: http://www.justice.gov/opcl/social-security-number-usage

[4] Government of India Planning Commission "Notification". Available at: https://uidai.gov.in/images/notification_28_jan_2009.pdf

[5] The National Identification Authority of India Bill 2010. Available at: http://www.prsindia.org/uploads/media/UID/The%20National%20Identification%20Authority%20of%20India%20Bill,%202010.pdf

[6] History of SSA 1993 - 2000. Chapter 6: Program Integrity. Available at: http://www.ssa.gov/history/ssa/ssa2000chapter6.html

[7] Social Security Number Chronology. Available at: http://www.ssa.gov/history/ssn/ssnchron.html

[8] History of SSA 1993 - 2000, Chapter 6: Program Integrity. Available at: http://www.ssa.gov/history/ssa/ssa2000chapter6.html

[9] UID FAQ: Aadhaar Features, Eligibility. Available at: https://resident.uidai.net.in/faqs

[10] Social Security Numbers for Noncitizens. Available at: http://www.ssa.gov/pubs/EN-05-10096.pdf

[11] Aapka Aadhaar. Available at: https://uidai.gov.in/aapka-aadhaar.html

[12] Program Operations Manual System. Available at: https://secure.ssa.gov/poms.nsf/lnx/0203325025

[13] UIDAI Analytics -Empowering Operations - the UIDAI Experience. Available at: https://uidai.gov.in/images/commdoc/other_doc/uid_doc_30012012.pdf

[14] Information Technology (Reasonable security practices and procedures and sensitive personal data or information rules 2011) available at: http://deity.gov.in/sites/upload_files/dit/files/GSR313E_10511(1).pdf

[15] IdentityHawk, "Who can lawfully request my social security number?" Available at: http://www.identityhawk.com/Who-Can-Lawfully-Request-My-Social-Security-Number

[16] SSA FAQ " Can I refuse to give my social security number to a private business?" Available at: https://faq.ssa.gov/link/portal/34011/34019/Article/3791/Can-I-refuse-to-give-my-Social-Security-number-to-a-private-business

[17] The United States Department of Justice, "Overview of the Privacy Act of 1974". Available at: http://www.justice.gov/opcl/social-security-number-usage

[18] Social Security Number Chronology. Available at: http://www.ssa.gov/history/ssn/ssnchron.html

[19] Aapka Aadhaar. Available at: https://uidai.gov.in/what-is-aadhaar.html

[20] Business Standard, "Aadhaar not mandatory to claim any state benefit, says Supreme Court" March 17^th, 2015. Available at: http://www.business-standard.com/article/current-affairs/aadhaar-not-mandatory-to-claim-any-state-benefit-says-supreme-court-115031600698_1.html

[21] Social Security History 1993 - 2000, Chapter 6: Program Integrity. Available at: http://www.ssa.gov/history/ssa/ssa2000chapter6.html

[22] Aapka Aadhaar. Available at: https://uidai.gov.in/auth.html

[23] SSA. New or Replacement Social Security Number Card. Available at: http://www.ssa.gov/ssnumber/

[24] UIDAI, Lost EID/UID Process. Available at: https://uidai.gov.in/images/mou/eiduid_process_ver5_2_27052013.pdf

[25] Social Security. Availabl at: http://www.ssa.gov/

[26] Social Security Administration, Application for a Social Security. Available at: http://www.ssa.gov/forms/ss-5.pdf

[27] Aadhaar enrollment/correction form. Available at: http://hstes.in/pdf/2013_pdf/Genral%20Notification/Aadhaar-Enrolment-Form_English.pdf

For more details visit https://cis-india.org/internet-governance/blog/aadhaar-vs-social-security-number

Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality

bhairav — 2015-08-23T12:20:52Z

In the last few decades, all major common law jurisdictions have decriminalised non-procreative sex – oral and anal sex (sodomy) – to allow private, consensual, and non-commercial homosexual intercourse.

Download PDF

Anti-sodomy statutes across the world, often drafted in the same anachronistic vein as section 377 of the Indian Penal Code, 1860 (“IPC”), have either been repealed or struck down on the grounds that they invade individual privacy and are detrimentally discriminative against homosexual people.

This is not an examination of India’s laws against homosexuality, it does not review the Supreme Court of India’s judgment in Suresh Koushal v. Naz Foundation (2014) 1 SCC 1 nor the Delhi High Court’s judgment in Naz Foundation v. Government of NCT Delhi 2009 (160) DLT 277, which the former overturned – in my view, wrongly. This note simply provides a legal history of the decriminalisation of non-procreative sexual activity in the United Kingdom and the United States. Same-sex marriage is also not examined.

In the United Kingdom

The Wolfenden Report

In England, following a campaign of arrests of non-heterosexual persons and subsequent protests in the 1950s, the government responded to public dissatisfaction by appointing the Departmental Committee on Homosexual Offences and Prostitution chaired by John Frederick Wolfenden. The report of this committee (“Wolfenden Report”) was published in 1957 and recommended that:

“…homosexual behaviour between consenting adults in private should no longer be a criminal offence.”

The Report further observed that it was not the function of a State to punitively scrutinise the private lives of its citizens:

“(T)he law’s function is to preserve public order and decency, to protect the citizen from what is offensive or injurious, and to provide sufficient safeguards against exploitation and corruption of others… It is not, in our view, the function of the law to intervene in the private life of citizens, or to seek to enforce any particular pattern of behaviour.”

The Sexual Offences Act, 1967

The Wolfenden Report was accepted and, in its pursuance, the Sexual Offences Act, 1967 was enacted to, for the first time in common law jurisdictions, partially decriminalise homosexual activity – described in English law as ‘buggery’ or anal sex between males.
Section 1(1) of the original Sexual Offences Act, as notified on 27 July 1967 stated –
"Notwithstanding any statutory or common law provision, but subject to the provisions of the next following section, a homosexual act in private shall not be an offence provided that the parties consent thereto and have attained the age of twenty one years."
A ‘homosexual act’ was defined in section 1(7) as –
“For the purposes of this section a man shall be treated as doing a homosexual act if, and only if, he commits buggery with another man or commits an act of gross indecency with another man or is a party to the commission by a man of such an act.”
The meaning of ‘private’ was also set forth rather strictly in section 1(2) –
“An act which would otherwise be treated for the purposes of this Act as being done in private shall not be so treated if done –
(a) when more than two persons take part or are present; or
(b) in a lavatory to which the public have or are permitted to have access, whether on
payment or otherwise.”
Hence, by 1967, English law permitted:

as between two men,
both twenty-one years or older,
anal sex (buggery),
and other sexual activity (“gross indecency”)
if, and only if, a strict prescription of privacy was maintained,
that excluded even a non-participating third party from being present,
and restricted the traditional conception of public space to exclude even lavatories.

However, the benefit of Section 1 of the Sexual Offences Act, 1967 did not extend beyond England and Wales; to mentally unsound persons; members of the armed forces; merchant ships; and, members of merchant ships whether on land or otherwise.

Developments in Scotland and Northern Ireland

Over the years, the restrictions in the original Sexual Offences Act, 1967 were lifted. In 1980, the Criminal Justice (Scotland) Act, 1980 partially decriminalised homosexual activity in Scotland on the same lines that the Act of 1967 did for England and Wales. One year later, in 1981, an Irishman Jeffrey Dudgeon successfully challenged the continued criminalisation of homosexuality in Northern Ireland before the European Court of Human Rights (“ECHR”) in the case of Dudgeon v. United Kingdom (1981) 4 EHRR 149. Interestingly, Dudgeon was not decided on the basis of detrimental discrimination or inequality, but on the ground that the continued illegality of homosexuality violated the petitioner’s right to privacy guaranteed by Article 8 of the 1950 European Convention on Human Rights (“European Convention”). In a 15-4 majority judgement, the ECHR found that “…moral attitudes towards male homosexuality…cannot…warrant interfering with the applicant’s private life…” Following Dudgeon, the Homosexual Offences (Northern Ireland) Order, 1982 came into effect; and with it, brought some semblance of uniformity in the sodomy laws of the United Kingdom.

Equalising the age of consent

However, protests continued against the unequal age of consent required for consensual homosexual sex (21 years) as opposed to that for heterosexual sex (16 years). In 1979, a government policy advisory recommended that the age of consent for homosexual sex be reduced to 18 years – two years older than that for heterosexual sex, but was never acted upon. In 1994, an attempt to statutorily equalise the age of consent at 16 years was defeated in the largely conservative House of Commons although a separate legislative proposal to reduce it to 18 years was carried and enacted under the Criminal Justice and Public Order Act, 1994. Following this, the unequal ages of consent forced a challenge against UK law in the ECHR in 1994; four years later, in Sutherland v. United Kingdom [1998] EHRLR 117, the ECHR found that the unequal age of consent violated Articles 8 and 14 of the European Convention – relating to privacy and discrimination. Sutherland was significant in two ways – it forced the British government to once again introduce legislation to equalise the ages of consent; and, significantly, it affirmed a homosexual human right on the ground of anti-discrimination (as opposed to privacy).

To meet its European Convention commitments, the House of Commons passed, in June 1998, a bill for an equal age of sexual consent but it was rejected by the more conservative House of Lords. In December 1998, the government reintroduced the equal age of consent legislation which again passed the House of Commons and was defeated in the House of Lords. Finally, in 1999, the government invoked the statutory superiority of the House of Commons, reintroduced for the third time the legislation, passed it unilaterally to result in the enactment of the Sexual Offences (Amendment) Act, 2000 that equalised the age of sexual consent for both heterosexuals and homosexuals at 16 years of age.

Uniformity of equality

However, by this time, different UK jurisdictions observed separate legislations regarding homosexual activity. The privacy conditions stipulated in the original Sexual Offences Act, 1967 remained, although they had been subject to varied interpretation by English courts. To resolve this, the UK Parliament enacted the Sexual Offences Act, 2003 which repealed all earlier conflicting legislation, removed the strict privacy conditions attached to homosexual activity and re-drafted sexual offences in a gender neutral manner. A year later, the Civil Partnership Act, 2004 gave same-sex couples the same rights and responsibilities as a civil marriage. And, in 2007, the Equality Act (Sexual Orientation) Regulations came into force to prohibit general discrimination against homosexual persons in the same manner as such prohibition exists in respect of grounds of race, religion, disability, sex and so on.

In the United States

Diversity of state laws

Sodomy laws in the United States of America have followed a different trajectory. A different political and legal system leaves individual US States with wide powers to draft and follow their own constitutions and laws. Accordingly, by 1961 all US States had their own individual anti-sodomy laws, with different definitions of sodomy and homosexuality. In 1962, Illinois became the first US State to repeal its anti-sodomy law. Many States followed suit over the next decades including Connecticut (1971); Colorado and Oregon (1972); Delaware, Hawaii and North Dakota (1973); Ohio (1974); New Hampshire and New Mexico (1975); California, Maine, Washington and West Virginia (1976); Indiana, South Dakota, Wyoming and Vermont (1977); Iowa and Nebraska (1978); New Jersey (1979); Alaska (1980); and, Wisconsin (1983).

Bowers v. Hardwick

However, not all States repealed their anti-sodomy laws. Georgia was one such State that retained a statutory bar to any oral or anal sex between any persons of any sex contained in Georgia Code Annotated §16-6-2 (1984) (“Georgia statute”) which provided, in pertinent part, as follows:

“(a) A person commits the offense of sodomy when he performs or submits to any sexual act involving the sex organs of one person and the mouth or anus of another… (b) A person convicted of the offense of sodomy shall be punished by imprisonment for not less than one nor more than 20 years”

In 1982, a police officer arrested Michael Hardwick in his bedroom for sodomy, an offence which carried a prison sentence of up to twenty years. His case went all the way up to the US Supreme Court which, in 1986, pronounced its judgement in Bowers v. Hardwick 478 US 186 (1986). Although the Georgia statute was framed broadly to include even heterosexual sodomy (anal or oral sex between a man and a woman or two women) within its ambit of prohibited activity, the Court chose to frame the issue at hand rather narrowly. Justice Byron White, speaking for the majority, observed at the outset –

“This case does not require a judgment on whether laws against sodomy between consenting adults in general, or between homosexuals in particular, are wise or
desirable. It raises no question about the right or propriety of state legislative decisions to repeal their laws that criminalize homosexual sodomy, or of state-court decisions invalidating those laws on state constitutional grounds. The issue presented is whether the Federal Constitution confers a fundamental right upon homosexuals to engage in sodomy…”

Privacy and autonomy

Interestingly, Hardwick’s case against the Georgia statute was not grounded on an equality-discrimination argument (since the Georgia statute prohibited even heterosexual sodomy but was only enforced against homosexuals) but on a privacy argument that sought to privilege and immunise private consensual non-commercial sexual conduct from intrusive State intervention. To support this privacy claim, a long line of cases was relied upon that restricted the State’s ability to intervene in, and so upheld the sanctity of, the home, marriage, procreation, contraception, child rearing and so on [See, Carey v. Population Services 431 US 678 (1977), Pierce v. Society of Sisters 268 US 510 (1925) and Meyer v. Nebraska 262 US 390 (1923) on child rearing and education; Prince v. Massachusetts 321 US 158 (1944) on family relationships; Skinner v. Oklahoma ex rel. Williamson 316 US 535 (1942) on procreation; Loving v. Virginia 388 US 1 (1967) on marriage; Griswold v. Connecticut 381 US 479 (1965) and Eisenstadt v. Baird 405 US 438 (1972) on contraception; and Roe v. Wade 410 US 113 (1973) on abortion]. Further, the Court was pressed to declare a fundamental right to consensual homosexual sodomy by reading it into the Due Process clause of the Fourteenth Amendment to the US Constitution.

The 9-judges Court split 5-4 down the middle to rule against all of Hardwick’s propositions and uphold the constitutionality of the Georgia statute. The Court’s majority agreed that cases cited by Hardwick had indeed evolved a right to privacy, but disagreed that this privacy extended to homosexual persons since “(n)o connection between family, marriage, or procreation on the one hand and homosexual activity on the other has been demonstrated…”. In essence, the Court’s majority held that homosexuality was distinct from procreative human sexual behaviour; that homosexual sex could, by virtue of this distinction, be separately categorised and discriminated against; and, hence, homosexual sex did not qualify for the benefit of intimate privacy protection that was available to heterosexuals. What reason did the Court give to support this discrimination? Justice White speaking for the majority gives us a clue: “Proscriptions against that (homosexual) conduct have ancient roots.” Justice White was joined in his majority judgement by Chief Justice Burger, Justice Powell, Justice Rehnquist and Justice O’Connor. His rationale was underscored by Chief Justice Burger who also wrote a short concurring opinion wherein he claimed:

“Decisions of individuals relating to homosexual conduct have been subject to state intervention throughout the history of Western civilization. Condemnation of those practices is firmly rooted in Judeo-Christian moral and ethical standards. Blackstone described “the infamous crime against nature” as an offense of “deeper malignity” than rape, a heinous act “the very mention of which is a disgrace to human nature,” and “a crime not fit to be named.” … To hold that the act of homosexual sodomy is somehow protected as a fundamental right would be to cast aside millennia of moral teaching.”

The majority’s “wilful blindness”: Blackmun’s dissent

The Court’s dissenting opinion was delivered by Justice Blackmun, in which Justice Brennan, Justice Marshall and Justice Stevens joined. At the outset, the Justice Blackmun disagreed with the issue that was framed by the majority led by Justice White: “This case is (not) about “a fundamental right to engage in homosexual sodomy,” as the Court purports to declare…” and further pointed out that the Georgia statute proscribed not just homosexual sodomy, but oral or anal sex committed by any two persons: “…the Court’s almost obsessive focus on homosexual activity is particularly hard to justify in light of the broad language Georgia has used.”. When considering the issue of privacy for intimate sexual conduct, Justice Blackmun criticised the findings of the majority: “Only the most wilful blindness could obscure the fact that sexual intimacy is a sensitive, key relationship of human existence, central to family life, community welfare, and the development of human personality…” And when dealing with the ‘historical morality’ argument that was advanced by Chief Justice Burger, the minority observed:

“The assertion that “traditional Judeo-Christian values proscribe” the conduct involved cannot provide an adequate justification for (§)16-6-2 (of the Georgia Statute). That certain, but by no means all, religious groups condemn the behavior at issue gives the State no license to impose their judgments on the entire citizenry. The legitimacy of secular legislation depends instead on whether the State can advance some justification for its law beyond its conformity to religious doctrine.”

The states respond, privacy is upheld

Bowers was argued and decided over five years in the 1980s. At the time, the USA was witnessing a neo-conservative wave in its society and government, which was headed by a republican conservative. The HIV/AIDS issue had achieved neither the domestic nor international proportions it now occupies and the linkages between HIV/AIDS, homosexuality and the right to health were still unclear. In the years after Bowers, several more US States repealed their sodomy laws.

In some US States, sodomy laws that were not legislatively repealed were judicially struck down. In 1998, the Georgia State Supreme Court, in Powell v. State of Georgia S98A0755, 270 Ga. 327, 510 S.E. 2d 18 (1998), heard a challenge to the same sodomy provision of the Georgia statute that was upheld in by the US Supreme Court in Bowers. In a complete departure from the US Supreme Court’s findings, the Georgia Supreme Court first considered whether the Georgia statute violated individual privacy: “It is clear from the right of privacy appellate jurisprudence…that the “right to be let alone” guaranteed by the Georgia Constitution is far more extensive that the right of privacy protected by the U.S. Constitution…”

Having established that an individual right to privacy existed to protect private consensual sodomy, the Georgia Court then considered whether there was a ‘legitimate State interest’ that justified the State’s restriction of this right. The justifications that were offered by the State included the possibility of child sexual abuse, prostitution and moral degradation of society. The Court found that there already were a number of legal provisions to deter and punish rape, child abuse, trafficking, prostitution and public indecency. Hence: “In light of the existence of these statutes, the sodomy statute’s raison d’ etre can only be to regulate the private sexual conduct of consenting adults, something which Georgians’ right of privacy puts beyond the bounds of government regulation.” By a 2-1 decision, Chief Justice Benham leading the majority, the Georgia Supreme Court struck down the Georgia statute for arbitrarily violating the privacy of individuals. Interestingly, the subjects of the dispute were not homosexual, but two heterosexual adults – a man and a woman. Similar cases where a US State’s sodomy laws were judicially struck down include:

Campbell v. Sundquist 926 S.W.2d 250 (1996) – [Tennessee – by the Tennessee Court of Appeals on privacy violation; appeal to the State Supreme Court expressly denied].
Commonwealth v. Bonadio 415 A.2d 47 (1980) – [Pennsylvania – by the Pennsylvania Supreme Court on both equality and privacy violations];
Doe v. Ventura MC 01-489, 2001 WL 543734 (2001) – [Minnesota – by the Hennepin County District Judge on privacy violation; no appellate challenge];
Gryczan v. Montana 942 P.2d 112 (1997) – [Montana – by the Montana Supreme Court on privacy violation];
Jegley v. Picado 80 S.W.3d 332 (2001) – [Arkansas – by the Arkansas Supreme Court, on privacy violation];
Kentucky v. Wasson 842 S.W.2d 487 (1992) [Kentucky – by the Kentucky Supreme Court on both equality and privacy violations];
Massachusetts v. Balthazar 366 Mass. 298, 318 NE2d 478 (1974) and GLAD v. Attorney General 436 Mass. 132, 763 NE2d 38 (2002) – [Massachusetts – by the Superior Judicial Court on privacy violation];
People v. Onofre 51 NY 2d 476 (1980) [New York – by the New York Court of Appeals on privacy violation]; and,
Williams v. Glendenning No. 98036031/CL-1059 (1999) – [Maryland – by the Baltimore City Circuit Court on both privacy and equality violations; no appellate challenge].

Lawrence v. Texas

These developments made for an uneven field in the matter of legality of homosexual sex with the sodomy laws of most States being repealed by their State legislatures or subject to State judicial invalidation, while the sodomy laws of the remaining States were retained under the shade of constitutional protection afforded by Bowers. Texas was one such State which maintained an anti-sodomy law contained in Texas Penal Code Annotated § 21.06(a) (2003) (“Texas statute”) which criminalised sexual intercourse between two people of the same sex. In 1998, the Texas statute was invoked to arrest two men engaged in private, consensual, non-commercial sodomy. They subsequently challenged the constitutionality of the Texas statute, their case reaching the US Supreme Court. In 2003, the US Supreme Court, in Lawrence v. Texas 539 US 558 (2003) pronounced on the validity of the Texas statute. Interestingly, while the issue under consideration was identical to that decided in Bowers, the Court this time around was presented with detailed arguments on the equality-discrimination aspect of same-sex sodomy laws – which the Bowers Court majority did not consider. The Court split 6-3; the majority struck down the Texas statute. Justice Kennedy, speaking for himself and 4 other judges of the majority, found instant fault with the Bowers Court for framing the issue in question before it as simply whether homosexuals had a fundamental right to engage in sodomy.

Privacy, intimacy, home

This mistake, Justice Kennedy claimed, “…discloses the Court’s own failure… To say that the issue in Bowers was simply the right to engage in certain sexual conduct demeans…the individual…just as it would demean a married couple were it to be said marriage is simply about the right to have sexual intercourse. Their penalties and purposes (of the laws involved)…have more far-reaching consequences, touching upon the most private human conduct, sexual behavior, and in the most private of places, the home.” Justice Kennedy, joined by Justice Stevens, Justice Souter, Justice Ginsburg and Justice Breyer, found that the Texas statute violated the right to privacy granted by the Due Process clause of the US Constitution:

“The petitioners are entitled to respect for their private lives. The State cannot demean their existence or control their destiny by making their private sexual conduct a crime. “It is a promise of the Constitution that there is a realm of personal liberty which the government may not enter.”” [The quote is c.f. Planned Parenthood of Southeastern Pa. v. Casey 505 US 833 (1992)]

Imposed morality is defeated

With the privacy argument established as controlling, Justice Kennedy went to some length to refute the ‘historical morality’ argument that was put forward in Bowers by then Chief Justice Burger: “At the outset it should be noted that there is no longstanding history in this country of laws directed at homosexual conduct as a distinct matter… The sweeping references by Chief Justice Burger to the history of Western civilization and to Judeo-Christian moral and ethical standards did not take account of other authorities pointing in an opposite direction.” To illustrate these other authorities, Justice Kennedy references the ECHR’s decision in Dudgeon supra which was reached five years before Bowers: “Authoritative in all countries that are members of the Council of Europe (21 nations then, 45 nations now), the decision (Dudgeon) is at odds with the premise in Bowers that the claim put forward was insubstantial in our Western civilization.”.

The Court then affirmed that morality could not be a compelling ground to infringe upon a fundamental right: “Our obligation is to define the liberty of all, not to mandate our own moral code”. The lone remaining judge of the majority, Justice O’Connor, based her decision not on the right to privacy but on equality-discrimination considerations. Interestingly, Justice O’Connor sat on the Bowers Court and ruled with the majority in that case. Basing her decision on equal protection grounds allowed her to concur with the majority in Lawrence but not overturn her earlier position in Bowers which had rejected a right to privacy claim. It also enabled her to strike down the Texas statute while not conceding homosexuality as a constitutionally guaranteed private liberty. There were three dissenters: The chief dissent was delivered by Justice Scalia, in which he was joined by Chief Justice Rehnquist and Justice Thomas. Bowers was not merely distinguished by the majority, it was overruled:

“Bowers was not correct when it was decided, and it is not correct today. It ought not to remain binding precedent. Bowers v. Hardwick should be and now is overruled.”

For more details visit https://cis-india.org/internet-governance/blog/privacy-autonomy-sexual-choice-common-law-recognition-of-homosexuality

7th Best Practices Meet 2015

praskrishna — 2015-07-17T13:11:20Z

Data Security Council of India (DSCI) organized the 7th edition of its Best Practices Meet (BPM) from July 9 - 10, 2015 at Hotel ITC Gardenia in Bengaluru. BPM2015 had “Architecting Security for Digital Transformation” as its theme. Sunil Abraham and Elonnai Hickok were speakers at this event.

The two-day deliberations, reflected on policy, endeavours at national and industry levels, proposed industry steps, market response, best practices, industry standards and technology designs and see how they play their roles in architecting of information systems and enterprise security within organizations. Sunil Abraham was a panelist in the session "Architecting Security for transformation to Digital India". Elonnai Hickok was a panelist in the session "Steering privacy in the age of extreme innovation technology & business models."

See the Agenda

For more details visit https://cis-india.org/internet-governance/news/best-practices-meet-2015

A Dissent Note to the Expert Committee for DNA Profiling

elonnai — 2016-07-21T11:01:44Z

The Centre for Internet and Society has participated in the Expert Committee for DNA Profiling constituted by the Department of Biotechnology in 2012 for the purpose of deliberating on and finalizing the draft Human DNA Profiling Bill and appreciates this opportunity. CIS respectively dissents from the January 2015 draft of the Bill.

Click for DNA Bill Functions, DNA List of Offences, and CIS Note on DNA Bill. A modified version was published by Citizen Matters Bangalore on July 28.

Based on the final draft of the Human DNA Profiling Bill that was circulated on the 13th of January 2015 by the committee, the Centre for Internet and Society is issuing this note of dissent on the following grounds:

The Centre for Internet and Society has made a number of submissions to the committee regarding different aspects of the Bill including recommendations for the functions of the board, offences for which DNA can be collected, and a general note on the Bill. Though the Centre for Internet and Society recognizes that the present form of the Bill contains stronger language regarding human rights and privacy, we do not find these to be adequate and believe that the core concerns or recommendations submitted to the committee by CIS have not been incorporated into the Bill.

The Centre for Internet and Society has foundational objections to the collection of DNA profiles for non-forensic purposes. In the current form the DNA Bill provides for collection of DNA for the following non forensic purposes:

Section 31(4) provides for the maintenance of indices in the DNA Bank and includes a missing person’s index, an unknown deceased person’s index, a volunteers’ index, and such other DNA indices as may be specified by regulation.
Section 38 defines the permitted uses of DNA profiles and DNA samples including: identifying victims of accidents or disasters or missing persons or for purposes related to civil disputes and other civil matters and other offences or cases listed in Part I of the Schedule or for other purposes as may be specified by regulation.
Section 39 defines the permitted instances of when DNA profiles or DNA samples may be made available and include: for the creation and maintenance of a population statistics Data Bank that is to be used, as prescribed, for the purposes of identification research, protocol development or quality control provided that it does not contain any personally identifiable information and does not violate ethical norms.
Part I of the schedule lists laws, disputes, and offences for which DNA profiles and DNA samples can be used. These include, among others, the Motor Vehicles Act, 1988, parental disputes, issues relating to pedigree, issues relating to assisted reproductive technologies, issues relating to transplantation of human organs, issues relating to immigration and emigration, issues relating to establishment of individual identity, any other civil matter as may be specified by the regulations, medical negligence, unidentified human remains, identification of abandoned or disputed children.

While rejecting non-forensic use entirely, we have specific substantive and procedural objections to the provisions relating to forensic profiling in the present version of the Bill. These include:

Over delegation of powers to the board: The DNA Board currently has vast powers as delegated by Section 12 including:
“authorizing procedures for communication of DNA profiles for civil proceedings and for crime investigation by law enforcement and other agencies, establishing procedure for cooperation in criminal investigation between various investigation agencies within the country and with international agencies, specifying by regulations the list of applicable instances of human DNA profiling and the sources and manner of collection of samples in addition to the lists contained in the Schedule, undertaking any other activity which in the opinion of the Board advances the purposes of this Act.”

Section 65 gives the Board the power to make regulations for a number purposes including: “other purposes in addition to identification of victims of accidents, disasters or missing persons or for purposes related to civil disputes and other civil matters and other offences or cases lists in Part I of the Schedule for which records or samples may be used under section 38, other laws, if any, to be included under item (viii) of para B of Part I of the Schedule, other civil matters, if any, to be included under item (vii) of para C of Part I of the Schedule, and authorization of other persons, if any, for collection of non intimate body samples and for performance of non-intimate forensic procedures, under Part III of the Schedule.

Ideally these powers would lie with the legislative or judicial branch. Furthermore, the Bill establishes no mechanism for accountability or oversight over the functioning of the Board and section 68 specifically states that “no civil court shall have jurisdiction to entertain any suit or proceeding in respect to any matter which the Board is empowered by or under this Act to determine.”

The above represents only a few instances of the overly broad powers that have been given to the Board. Indeed, the Bill gives the Board the power to make regulations for 37 different aspects relating to the collection, storage, use, sharing, analysis, and deletion of DNA samples and DNA profiles. As a result, the Bill establishes a Board that controls the entire ecosystem of DNA collection, analysis, and use in India without strong external oversight or accountability.
Key terms undefined: Section 31 (5) states that the “indices maintained in every DNA Data Bank will include information of data based on DNA analysis prepared by a DNA laboratory duly approved by the Board under section 1 of the Act, and of records relating thereto, in accordance with the standards as may be specified by the regulations.”

The term’ DNA analysis’ is not defined in the Act, yet it is a critical term as any information based on such an analysis and associated records can be included in the DNA Database.
Low standards for sharing of information: Section 34 empowers the DNA Data Bank Manager to compare a received DNA profile with the profiles stored in the databank and for the purposes of any investigation or criminal prosecution, communicate the information regarding the received DNA profile to any court, tribunal, law enforcement agencies, or DNA laboratory which the DNA Data Bank Manager considers is concerned with it.

The decision to share compared profiles and with whom should be made by an independent third party authority, rather than the DNA Bank Manager. Furthermore, this provision isvague and although the intention seems to be that the DNA profiles should be matched and the results communicated only in certain cases, the generic wording could take into its ambit every instance of receipt of a DNA profile. For eg. the regulations envisaged under section 31(4)(g) may prescribe for a DNA Data Bank for medical purposes, but section 34 as it is currently worded may include DNA profiles of patients to be compared and their information released to various agencies by the Data Bank Manager as an unintentional consequence.
Missing privacy safeguards: Though the Bill refers to security and privacy procedures that labs are to follow, these have been left to be developed and implemented by the DNA Board. Thus, except for bare minimum standards and penalties addressing the access, sharing, and use of data – the Bill contains no privacy safeguards.

In our interactions with the committee we have asked that the Bill be brought in line with the nine national privacy principles established by the Report of the Group of Experts on Privacy submitted to the Planning Commission in 2012. This has not been done.

For more details visit https://cis-india.org/internet-governance/blog/dna-dissent