We are anonymous, we are legion

Surveillance and the Indian Constitution - Part 3: The Public/Private Distinction and the Supreme Court’s Wrong Turn

pranesh — 2014-03-06T23:02:45Z

After its decision in Gobind, the Supreme Court's privacy floodgates opened; a series of claims involving private parties came before its docket, and the resulting jurisprudence ended up creating confusion between state-individual surveillance, and individual-individual surveillance.

Gautam Bhatia's blog post was originally published on Indian Constitutional Law and Philosophy Blog

We have seen that Gobind essentially crystallized a constitutional right to privacy as an aspect of personal liberty, to be infringed only by a narrowly-tailored law that served a compelling state interest. After the landmark decision in Gobind, Malak Singh v State of P&H was the next targeted-surveillance history-sheeter case to come before the Supreme Court. In that case, Rule 23 of the Punjab Police Rules was at issue. Its vires was not disputed, so the question was a direct matter of constitutionality. An order of surveillance was challenged by two individuals, on the ground that there were no reasonable bases for suspecting them of being repeat criminals, and that their inclusion in the surveillance register was politically motivated. After holding that entry into a surveillance sheet was a purely administrative measure, and thus required no prior hearing (audi alteram partem), the Court then embarked upon a lengthy disquisition about the scope and limitations of surveillance, which deserves to be reproduced in full:

“But all this does not mean that the police have a licence to enter the names of whoever they like (dislike?) in the surveillance register; nor can the surveillance be such as to squeeze the fundamental freedoms guaranteed to all citizens or to obstruct the free exercise and enjoyment of those freedoms; nor can the surveillance so intrude as to offend the dignity of the individual. Surveillance of persons who do not fall within the categories mentioned in Rule 23.4 or for reasons unconnected with the prevention of crime, or excessive surveillance falling beyond the limits prescribed by the rules, will entitle a citizen to the Court’s protection which the court will not hesitate to give. The very rules which prescribe the conditions for making entries in the surveillance register and the mode of surveillance appear to recognise the caution and care with which the police officers are required to proceed. The note following R. 23.4 is instructive. It enjoins a duty upon the police officer to construe the rule strictly and confine the entries in the surveillance register to the class of persons mentioned in the rule. Similarly R.23.7 demands that there should be no illegal interference in the guise of surveillance. Surveillance, therefore, has to be unobstrusive and within bounds. Ordinarily the names of persons with previous criminal record alone are entered in the surveillance register. They must be proclaimed offenders, previous convicts, or persons who have already been placed on security for good behaviour. In addition, names of persons who are reasonably believed to be habitual offenders or receivers of stolen property whether they have been convicted or not may be entered. It is only in the case of this category of persons that there may be occasion for abuse of the power of the police officer to make entries in the surveillance register. But, here, the entry can only be made by the order of the Superintendent of Police who is prohibited from delegating his authority under Rule 23.5. Further it is necessary that the Superintendent of Police must entertain a reasonable belief that persons whose names are to be entered in Part II are habitual offenders or receivers of stolen property. While it may not be necessary to supply the grounds of belief to the persons whose names are entered in the surveillance register it may become necessary in some cases to satisfy the Court when an entry is challenged that there are grounds to entertain such reasonable belief. In fact in the present case we sent for the relevant records and we have satisfied ourselves that there were sufficient grounds for the Superintendent of Police to entertain a reasonable belief. In the result we reject both the appeals subject to our observations regarding the mode of surveillance. There is no order as to costs.”

Three things emerge from this holding: first, the Court follows Gobind in locating the right to privacy within the philosophical concept of individual dignity, found in Article 21’s guarantee of personal liberty. Secondly, it follows Kharak Singh, Malkani and Gobind in insisting that the surveillance be targeted, limited to fulfilling the government’s crime-prevention objectives, and be limited – not even to suspected criminals, but – repeat offenders or serious criminals. And thirdly, it leaves open a role for the Court – that is, judicial review – in examining the grounds of surveillance, if challenged in a particular case.

After Malak Singh, there is another period of quiet. LIC v Manubhai D Shah, in 1993, attributed – wrongly – to Indian Express Newspapers the proposition that Article 19(1)(a)’s free expression right included privacy of communications (Indian Express itself had cited a UN Report without incorporating it into its holding).

Soon afterwards, R. Rajagopal v State of TN involved the question of the publication of a convicted criminal’s autobiography by a publishing house; Auto Shankar, the convict in question, had supposedly withdrawn his consent after agreeing to the book’s publication, but the publishing house was determined to go ahead with it. Technically, this wasn’t an Article 21 case: so much is made clear by the very manner in which the Court frames its issues: the question is whether a citizen of the country can prevent another person from writing his biography, or life story. (Paragraph 8) The Court itself made things clear when it held that the right of privacy has two aspects: the tortious aspect, which provides damages for a breach of individual privacy; and the constitutional aspect, which protects privacy against unlawful governmental intrusion. (Paragraph 9) Having made this distinction, the Court went on to cite a number of American cases that were precisely about the right to privacy against governmental intrusion, and therefore – ideally – irrelevant to the present case (Paras 13 – 16); and then, without quite explaining how it was using these cases – or whether they were relevant at all, it switched to examining the law of defamation (Para 17 onwards). It would be safe to conclude, therefore, in light of the clear distinctions that it made, the Court was concerned in R. Rajagopal about an action between private parties, and therefore, privacy in the context of tort law. It’s confusing observations, however, were to have rather unfortunate effects, as we shall see.

We now come to a series of curious cases involving privacy and medical law. In Mr X v Hospital Z, the question arose whether a Hospital that – in the context of a planned marriage – had disclosed the appellant’s HIV+ status, leading to his social ostracism – was in breach of his right to privacy. The Court cited Rajagopal, but unfortunately failed to understand it, and turned the question into one of the constitutional right to privacy, and not the private right. Why the Court turned an issue between two private parties – adequately covered by the tort of breach of confidentiality – into an Article 21 issue is anybody’s guess. Surely Article 21 – the right to life and personal liberty – is not horizontally applicable, because if it was, we might as well scrap the entire Indian Penal Code, which deals with exactly these kinds of issues – individuals violating each others’ rights to life and personal liberty. Nonetheless, the Court cited Kharak Singh, Gobind and Article 8 of the European Convention of Human Rights, further muddying the waters, because Article 8 – in contrast to American law – embodies a proportionality test for determining whether there has been an impermissible infringement of privacy. The Court then came up with the following observation:

“Where there is a clash of two Fundamental Rights, as in the instant case, namely, the appellant’s right to privacy as part of right to life and Ms. Akali’s right to lead a healthy life which is her Fundamental Right under Article 21, the RIGHT which would advance the public morality or public interest, would alone be enforced through the process of Court, for the reason that moral considerations cannot be kept at bay.”

With respect, this is utterly bizarre. If there is a clash of two rights, then that clash must be resolved by referring to the Constitution, and not to the Court’s opinion of what an amorphous, elastic, malleable, many-sizes-fit “public morality” says. The mischief caused by this decision, however, was replicated in Sharda v Dharmpal, decided by the Court in 2003. In that case, the question was whether the Court could require a party who had been accused of unsoundness of mind (as a ground for divorce under the wonderfully progressive Hindu Marriage Act) to undergo a medical examination – and draw an adverse inference if she refused. Again, whether this was a case in which Article 21 ought to be invoked is doubtful; at least, it is arguable, since it was the Court making the order. Predictably, the Court cited from Mr X v Hospital Z extensively. It cited Gobind (compelling State interest) and the ECHR (proportionality). It cited a series of cases involving custody of children, where various Courts had used a “balancing test” to determine whether the best interests of the child overrode the privacy interest exemplified by the client-patient privilege. It applied this balancing test to the case at hand by balancing the “right” of the petitioner to obtain a divorce for the spouse’s unsoundness of mind under the HMA, vis-à-vis the Respondent’s right to privacy.

In light of the above analysis, it is submitted that although the outcome in Mr X v Hospital Z and Sharda v Dharmpal might well be correct, the Supreme Court has misread what R. Rajagopal actually held, and its reasoning is deeply flawed. Neither of these cases are Article 21 cases: they are private tort cases between private parties, and ought to be analysed under private law, as Rajagopal itself was careful to point out. In private law, also, the balancing test makes perfect sense: there are a series of interests at stake, as the Court rightly understood, such as certain rights arising out of marriage, all of a private nature. In any event, whatever one might make of these judgments, one thing is clear: they are both logically and legally irrelevant to the Kharak Singh line of cases that we have been discussing, which are to do with the Article 21 right to privacy against the State.

For more details visit https://cis-india.org/internet-governance/blog/surveillance-and-the-indian-consitution-part-3

UIDAI Practices and the Information Technology Act, Section 43A and Subsequent Rules

elonnai — 2014-03-06T07:00:21Z

UIDAI practices and section 43A of the IT Act are analyzed in this post.

In the 52^nd Report on Cyber Crime, Cyber Security, and the Right to Privacy – in evidence provided, the Department of Electronics and Information Technology stated “...Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...” (pg.46) [1]

This blog post explains the requirements found under Section 43A of the Information Technology Act 2000 and the subsequent Information Technology “ Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011[2] and analyses publicly available documents from the UIDAI website[3] as well as the UIDAI enrolment form[4] to demonstrate the ways in which:

UIDAI practices are in line with section 43A and the Rules,
UIDAI practices are not in line with section 43A and the Rules,
UIDAI practices are partially in with section 43A and the Rules
Where more information is needed to draw a conclusion.

Applicability and Scope

Section 43A of the Information Technology Act 2008 and subsequent Rules apply only to Body Corporate and to digital information.

Body Corporate under the Information Technology Act 2008 is defined as:

“Any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities”

UIDAI Practices - not in line: The UIDAI is not a body corporate. The UIDAI is an attached office under the aegis of the Planning Commission that was set up by an executive order.[5]

The UIDAI collects, processes, stores, and shares both digital and non-digital information. As section 43A and subsequent Rules apply only to digital information, there is not sufficient protection provided over all the information collected, processed, stored, and used by the UIDAI.

Privacy Policy on Website

Rule 4 requires body corporate to provide a privacy policy on their website. The privacy policy must include:

Clear and easily accessible statements of its practices and policies
Type of personal or sensitive personal data or information collected
Purpose of collection and usage of such information
Disclosure of information including sensitive personal information
Reasonable security practices and procedures as provided under rule 8

UIDAI Practices - Partially in Line

Though the UIDAI has placed a privacy policy[6] on their website, the privacy policy only addresses the use of website and does not comprehensively provide clear and accessible statements about all of the UIDAI’s practices and policies.
The UIDAI privacy policy does not state the specific types of personal or sensitive data that could be collected, but instead states “As a general rule, this website does not collect Personal Information about you when you visit the site. You can generally visit the site without revealing Personal Information, unless you choose to provide such information.”

Features on the UIDAI website that require individuals to provide personal information and sensitive personal information include: Booking an appointment, checking aadhaar status, enrolling for e-aadhaar, enrolling for aadhaar, updating aadhaar data. Types of information required for these services include: mobile number, name, address, gender, date of birth, and enrolment ID.[7]

The privacy policy goes on to state: “If you are asked for any other Personal Information you will be informed how it will be used if you choose to give it. If at any time you believe the principles referred to in this privacy statement have not been followed, or have any other comments on these principles, please notify the webmaster through the Contact Us page. Note: The use of the term "Personal Information" in this privacy statement refers to any information from which your identity is apparent or can be reasonably ascertained.”
The UIDAI privacy policy does explain the purpose for collection of information on the website and the use of collected information.
The UIDAI privacy policy does not address the possibility of disclosure of information collected by the UIDAI from the use of its website, except in the case of when an individual provides his/her email at which point the privacy policy states “Your e-mail address will not be used for any other purpose, and will not be disclosed without your consent.”
The UIDAI privacy policy does not provide information about the security practices adopted by the UIDAI.

Consent

Rule 5 requires that prior to the collection of sensitive personal data, the body corporate must obtain consent, either in writing or through fax regarding the purpose of usage before collection of such information.

UIDAI Practices - in Line
The UIDAI collects written consent from individuals through the enrolment form for the issuance of an Aadhaar number.

Collection Limitation

Rule 5 (2) requires that body corporate only collect sensitive personal data if it is connected to a lawful purpose and if it is considered necessary for that purpose.

UIDAI Practices - in Line
The Aadhaar enrolment form requires only the necessary sensitive personal data for the issuance of an Aadhaar number. Individuals are given the option to provide banking and financial information.

Notice During Direct Collection

Rule 5(3) requires that while collecting information directly from an individual the body corporate must provide the following information:

The fact that the information is being collected
The purpose for which the information is being collected
The intended recipients of the information
The name and address of the agency that is collecting the information
The name and address of the agency that will retain the information

UIDAI Practices - Partially in Line
The Aadhaar enrolment form does not provide the following information:

The intended recipients of the information
The name and address of the agency collecting the information
The name and address of the agency that will retain the information

Retention Limitation

Rule 5(4) requires that body corporate must retain sensitive personal data only for as long as it takes to fulfil the stated purpose or otherwise required under law.

UIDAI Practices - Unclear
It is unclear from publicly available information what the UIDAI retention practices are.

Use Limitation

Rule 5(5) requires that information must be used for the purpose that it was collected for.

UIDAI Practices - Unclear
It is unclear from publicly available information if the UIDAI is using collected information only for the purpose for which it was collected for.

Right to Access and Correct

Rule 5(6) requires body corporate to provide individuals with the ability to review the information they have provided and access and correct personal or sensitive personal information.

UIDAI Practices - Partially in Line
Though the UIDAI provides individuals with the ability to access and correct personal information, as stated on the enrolment form, correction is free only if changed within 96 hours of enrolment. Additionally, as stated on the enrolment form, if an individual chooses to allow for the UIDAI to facilitate the opening of a bank account and link present bank accounts to the UID number, this information, after being provided, cannot be corrected. The UIDAI website has a portal for updating information, but only name, address, gender, data of birth, and mobile number can be updated through this method. [9]

Right to ‘Opt Out’ and Withdraw Consent

Rule 5(7) requires that body corporate must provide individuals with the option of 'opting out' of providing data or information sought. Individuals also have the right to withdraw consent at any point of time. Body corporate has the right to withdraw services if consent is withdrawn.

UIDAI Practices - Partially in Line
The UID enrolment form provides individuals with one ‘optional’ field - the option of having the UIDAI open a bank account and link it to the individuals UID number or having the UIDAI link present bank accounts to individuals UID number. No other option to ‘opt out’ or withdraw consent is present on the enrolment form or the UIDAI privacy policy, terms of use, or website.

Security of Information

Rule 8 requires that body corporate must secure information in accordance with the ISO 27001 standard. These practices must be audited on an annual basis or when the body corporate undertakes a significant up gradation of its process and computer resource.

UIDAI Practices - Unclear
The security practices adopted by the UIDAI are not mentioned in the website privacy policy, on the website, or on the enrolment form, thus it is unclear from publicly available information if the UID is compliant with ISO 27001 standards. Though the UIDAI has been functioning since 2010, and it is unclear from publicly available information if annual audits of the UIDAI security practices have been undertaken.

Disclosure with Consent

Rule 6 requires that body corporate must have consent before disclosing sensitive personal data to any third person or party, except in the case with Government agencies for the purpose of verification of identity, prevention, detection, investigation, including cyber incidents and prosecution and punishment of offenses, on receipt of a written request.

UIDAI Practices - Partially in Line
In the enrolment form, consent for disclosure is stated as ‘‘I have no objection to the UIDAI sharing information provided by me to the UIDAI with agencies engaged in delivery of welfare services.” This is a blanket statement and allows for all future possibilities of sharing and disclosure of information provided with any organization that the UIDAI deems as ‘engaged in the delivery of welfare services’.

The UIDAI privacy policy only addresses the disclosure of an individual’s email address with consent. Though not directly addressing disclosure, the UIDAI privacy policy also states “ We will not identify users or their browsing activities, except when a law enforcement agency may exercise a warrant to inspect the service provider's logs.”

Prohibition on Publishing and Further Disclosure

Rule 6(3) and 6(4) prohibit the body corporate from publishing sensitive personal data or information. Similarly, organizations receiving sensitive personal data are not allowed to disclose it further.

UIDAI Practices - in Line
The UDAI does not publish sensitive personal data. It is unclear what practices and standards registrars and enrolment agencies are functioning under.

Requirements for Transfer of Sensitive Personal Data

Rule 7 requires that body corporate may transfer sensitive personal data into another jurisdiction only if the country ensures the same level of protection.

UIDAI Practices - Unclear
It is unclear from publicly available information if information collected by the UIDAI is transferred outside of India.

Establishment of Grievance Officer

Rule 5(9) requires that body corporate must establish a grievance officer and the details must be posted on the body corporates website and grievances must be addressed within a month of receipt.

UIDAI Practices - in Line
The website of the UIDAI provides details of a grievance officer that individuals can contact.[10] It is unclear from publicly available information if grievances are addressed within a month.

[1]. http://164.100.47.134/lsscommittee/Information%20Technology/15_Information_Technology_52.pdf

[2]. http://dispur.nic.in/itact/it-procedures-sensitive-personal-data-rules-2011.pdf

[3]. http://uidai.gov.in/

[4]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[5]. http://uidai.gov.in/organization-details.html

[6]. http://uidai.gov.in/privacy-policy.html

[7]. http://resident.uidai.net.in/home

[8]. http://www.jharkhand.gov.in/marpdf/Aadhar-enrolmentform.pdf

[9]. https://ssup.uidai.gov.in/web/guest/ssup-home

[10]. http://uidai.gov.in/contactus.html

For more details visit https://cis-india.org/internet-governance/blog/uid-practices-and-it-act-sec-43-a-and-subsequent-rules

Open Call for Comments: The Privacy Protection Bill 2013 drafted by the Centre for Internet and Society

bhairav — 2014-02-25T05:38:27Z

The Centre for Internet and Society is announcing an Open Call for Comments to the CIS Privacy Protection Bill 2013.

In early 2013 the Centre for Internet and Society drafted the Privacy (Protection) Bill 2013 as a citizen’s version of privacy legislation for India. The Privacy (Protection) Bill, 2013 seeks to protect privacy by regulating (i) the manner in which personal data is collected, processed, stored, transferred and destroyed — both by private persons for commercial gain and by the state for the purpose of governance; (ii) the conditions upon which, and procedure for, interceptions of communications — both voice and data communications, including both data-in-motion and data-at-rest — may be conducted and the authorities permitted to exercise those powers; and, (iii) the manner in which forms of surveillance not amounting to interceptions of communications — including the collection of intelligence from humans, signals, geospatial sources, measurements and signatures, and financial sources — may be conducted.

The Centre for Internet and Society has been collecting comments to the Privacy Protection Bill since April 2013 with the intention of submitting the Bill to the Department of Personnel and Training as a citizen’s version of a privacy legislation for India. If you would like to submit comments on the Privacy Protection Bill to be included as part of the Centre for Internet and Society’s submission to the Department of Personnel and Training, please email comments to bhairav@cis-india.org.

Download the latest version of the Privacy Protection Bill (February 2014)

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-open-call-for-comments

CIS Welcomes 52nd Report on Cyber Crime, Cyber Security, and Right to Privacy

elonnai — 2014-02-24T10:49:46Z

The “Fifty Second Report on Cyber Crime, Cyber Security, and Right to Privacy” issued by the 2013 -2014 Standing Committee on Information Technology on February 12th 2014, highlights the urgent need for reform in India’s cyber security framework and the need for the much awaited privacy legislation to be finalized and made into a law.

Read the Fifty-Second Report on Cyber Crime, Cyber Security and Right to Privacy released by the Department of Electronics and Information Technology

The Report consists of questions on the state of cyber security, cyber crime, and privacy posed by the Standing Committee and briefings and evidence provided by the Department of Electronics and Information Technology (DEITY ) in reply. The Report concludes with recommendations from the Standing Committee on the way forward.

The Report represents an important step forward in the realm of privacy and cyber security in India as the evidence provided by DEITY clarifies a number of aspects of India’s present and upcoming cyber security policies and practices. Furthermore, the recommendations by the Standing Committee highlight present gaps and inadequacies in India’s policies and practices and needed steps forward– particularly the need for a privacy legislation in India in the context of cyber security, increased transactions of sensitive data, and governmental projects like the Unique Identification Project.

Broadly, the Standing Committee sought input from DEITY on eight different aspects of cyber crime, cyber security, and privacy in India - namely: the growing incidents of cyber crime and resulting financial loss, the challenges and constraints of cyber crime, the role of relevant governmental organizations in India with respect to cyber security, preparedness and policy initiatives, cyber security and the right to privacy, monitoring and grievance redressal mechanism, and education and awareness initiatives. The evidence provided by DEITY sheds light on the present mindset of the Government at this time, upcoming policies, and capacity and infrastructure gaps in India’s cyber security framework.

The Centre for Internet and Society appreciates the Report and we would like to highlight and emphasize the following aspects:

Need for a privacy legislation and inadequacy of privacy provisions in Information Technology Act: When asked by the Standing Committee about the right to privacy and cyber security, DEITY highlighted the fact that the Information Technology Act contains sufficient safeguards for privacy, and added that the Department of Personnel and Training (DoPT) is in the process of developing a privacy legislation that will address the general concerns of privacy in the country, and thus the two together will be sufficient. DEITY also noted that no study on the extent of privacy breach due to cyber crime in India has been conducted. In their recommendations, the Standing Committee noted that it was unhappy that the Government has yet to institute a legal framework on privacy, as the increased transfer of sensitive data and projects like the UID leave citizens vulnerable to privacy violations . Significantly, the Standing Committee recommended that though the DoPT is currently responsible for drafting the Privacy Bill, DEITY should coordinate with the DoPT and become involved in the process.

As recognized by the Standing Committee, the Centre for Internet and Society would like to further emphasize the inadequacy of the provisions relating to privacy in the Information Technology Act, and the need for a privacy legislation in India. Inadequate aspects of the provisions have been pointed out by a number of sources. For example:

The Report of the Group of Experts on Privacy: Prepared by the committee chaired by Justice AP Shah
First Analysis of the Personal Data Protection Law in India: Prepared by the University of Namur for the Commission of the European Communities Directorate General for Justice, Freedom, and Security
Comments on the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011: Prepared by the Centre for Internet and Society and submitted to the Committee on Subordinate Legislation of the 15th Lok Sabha
India’s U-Turns on Data Privacy: Prepared by Graham Greenleaf for the Privacy Laws & Business International Report, Issues 110 -114, 2011

Unclear Enforcement of 43A and associated rules: In evidence provided, DEITY, while discussing section 43A and the associated Rules, noted that the Data Security Council of India and empanelled security auditors through CERT-in are responsible for the ‘auditing of best practice’s (pg 24). The Standing Committee did not directly respond to this comment.

The Centre for Internet and Society would like to point out that DEITY did not clearly state that DSCI and the auditors through CERT-in were responsible for auditing organizational security practices for compliance with 43A. Furthermore, there is no publicly available information regarding audits ensuring compliance with 43A or information about the number of companies that have been found to be compliant. The Centre for Internet and Society would like to encourage that this information be made public, and compliance with 43A be enforced at the organizational level.

UIDAI not in compliance with 43A and associated Rules: In evidence provided, DEITY noted that “..Section 43A and the rules published under that Section cover the entire privacy in case of digital data. These are being followed by UIDAI also and other organisations...” (pg.46) In their recommendations the Standing Committee did not directly address this comment, but did emphasize the need for a privacy legislation in light of the UID scheme.

The Centre for Internet and Society appreciates that the Standing Committee raised concern about the privacy implications of the UID project. We would like to highlight that the UIDAI is not a Body Corporate, and is not in compliance with 43A or the subsequent Rules in the Information Technology Act. Furthermore, the UID project involves the handling and processing of data in analogue and digital formats, and thus the privacy protections found under 43A are not sufficient.

The potential harms of metadata: In evidence provided, the Department noted “...we have been assured that whatever data has been gathered by them for surveillance relates only to the metadata..but we expressed that any incursion into the content will not be tolerated and is not tolerable from the Indian stand and point of view.” (pg.47) The Standing Committee did not respond directly to this comment.

The Centre for Internet and Society would like to thank the Standing Committee for noting that the Government should have taken prior steps to preventing such an interception from taking place and for recommending the Department to take develop a policy to prevent future instances of interception from taking place. The Centre for Internet and Society would like to emphasize the importance and potential sensitive nature of metadata. Metadata can, and often does, disclose more about an individual or an activity than the actual content. For example, metadata can reveal identity, behaviour patterns, associations, and can enable the mapping of location and individual movement. As such, the Centre for Internet and Society would recommend that the Government of India treat access to all information generated by individual and governmental communications as sensitive and confidential.

Inadequacy of the Information Technology Act: When asked by the Standing Committee if the Information Technology Act provided sufficient legal safeguards for cyber security and cyber crime, DEITY highlighted the fact that the Information Technology Act 2000 addresses all aspects of cyber crime in a comprehensive manner. DEITY also pointed out that the National Cyber Security Policy 2013 has provisions to enable the development of a legal framework, and the Department of Personnel and Training is in the process of drafting a privacy legislation for India that will fill any gaps that exist. In their recommendations, the Standing Committee recognized that the Information Technology Act does contain provisions that address cyber security and cyber crime, but, especially in the recent controversy over section 66A of the Act, Standing Committee emphasized the need for periodical reviews of the IT Act.

The Centre for Internet and Society appreciates the fact that the Committee recognized the need for periodical review of the Information Technology Act, particularly in light of the controversy over 66 A. The Centre for Internet and Society would like to underscore the problems associated with 66A and would like to highlight that with regards to privacy and cyber security, the IT Act is not adequate and falls short in a number of areas. Research that the Centre for Internet and Society has conducted explaining these weaknesses can be found through the below links:

Breaking Down Section 66A of the IT Act
Short note on IT Amendment Act, 2008

Implications of domestic servers: In response to questions posed by the Standing Committee about security risks associated with the importation of electronics and IT products, as well as the hosting of servers outside the country, DEITY noted the security risk of using foreign infrastructure and pointed to the hosting of servers in India as a solution to protecting the security and privacy of Indian data. The Standing Committee supported this initiative, and encouraged DEITY to take further steps towards securing and protecting the privacy of Indian data through the hosting of servers for critical sectors within India.

The Centre for Internet and Society appreciates the fact that the Standing Committee carefully limited the recommendation of locating servers in India to those in critical sectors, but would caution the Government of potential implications on users ability to freely access content and services, and highlight the fact that localization of servers is not a security solution in itself as a comprehensive solution and hardening of critical assets against cyber attacks is essential.

Incorporation of safeguards into MOU’s for international cooperation: When asked about MOU’s for international cooperation that DEITY has engaged in with other countries, DEITY reported that currently CERT-in is entering into a number of MOU’s with other countries to facilitate cooperation for cyber security purposes. Presently there are MOUs with the US, Japan, South Korea, Mauritius, Kasakhstan, Finland, and the Canada Electronics and ICT sector. DEITY is also seeking MOUs with Malaysia, Israel, Egypt, Canada, and Brazil. The Standing Committee supported India entering into MOU’s for purposes of international cooperation, and encouraged DEITY to continue entering into MOU’s to mitigate jurisdictional complications when seeking to address issues related to cyber security.

The Centre for Internet and Society recognizes the importance of international cooperation when handling issues related to cyber security and cyber crime. To ensure that this process is in line with human rights, the Centre for Internet and Society would encourage DEITY to ensure that all MOU’s and/or Mutual Legal Assistance Agreements:

Uphold the principle of dual criminality
Apply the highest level of protection for individuals in the case where the laws of more than one state could apply to communications surveillance
Are not used by any party involved to circumvent domestic legal restrictions on communications surveillance.
Are clearly documented and publicly available
Contain provisions guaranteeing procedural fairness.[1]

Hactivism as a benefit to society: In evidence provided on page 14, DEITY, among other elements, referred to Hactivism as a societal challenge to securing cyber security and tackling cyber crime. The Standing Committee did not directly address this comment.

The Centre for Internet and Society would like to point out that hacktivism is a complex topic and consists of methods. Though some methods used by hacktivists are illegal, and some use hacktivism for censorship purposes and to target certain groups, other forms of hacktivism can benefit society and strengthen cyber security by finding and revealing vulnerabilities in a system, and bringing attention to illegal or violative practices.

This works towards ensuring that a system is adequately secure. Because of the dynamic nature of hacktivism, the Centre for Internet and Society believes that hacktivism needs to be evaluated on a case by case basis and the Government should not broadly label hacktivism as a challenge to cyber security and cyber crime.[2]

Importance of the anonymous speech: In evidence provided, DEITY noted the threat to cyber security that the anonymous nature of the internet posed. This was reiterated by the Standing Committee in their recommendations.

While recognizing the potential threat to cyber security that the anonymous nature of the internet can pose, the Centre for Internet and Society would like to highlight the importance of anonymous speech online to an individual’s right to free expression.

Conclusion

Recognizing the direct connection between a strong privacy framework and a strong cyber security framework, as security cannot be achieved without privacy, and recognizing the need for a privacy legislation in light of governmental projects like the UID, the Centre for Internet and Society welcomes the Fifty Second Report on Cyber Crime, Cyber Security, and the Right to Privacy and echoes the Standing Committees recommendation and emphasis on the need for a comprehensive privacy legislation to be passed in India.

[1]. These safeguards are reflected in the principle of “safeguards for International Cooperation” found in the International Principles on the Application of Human Rights to Communications Surveillance” https://en.necessaryandproportionate.org/text

[2]. For more information about hacktivism see: Activism, Hacktivism, and Cyberterrorism. The Internet as a Tool for Influencing Foreign Policy. By Dorothy E. Denning. Georgetown University. Available at: http://www.iwar.org.uk/cyberterror/resources/denning.htm

For more details visit https://cis-india.org/internet-governance/blog/cis-welcomes-fifty-second-report-on-cyber-crime-cyber-security-right-to-privacy

Calcutta High Court Strengthens Whistle Blower Protection

divij — 2014-02-24T06:38:44Z

Calcutta High Court has ordered for protection of whistle blower's privacy in its November 20, 2013 order. The court has directed the government to accept RTI applications without the applicant's personal details.

In the absence of any law for the protection of whistle-blowers in the country, exposing the rampant corruption in our public institutions has become a hazardous occupation, with reports of threat and intimidation and even incidents of murder of whistle-blowers commonplace.[1] With the Whistle blower’s Protection Bill in abeyance and without any strict laws protecting the identities of the whistle-blowers who challenge such a corrupt system, even the mechanisms like the Right to Information Act which are meant to safeguard against systemic abuse and ensure transparency are being severely undermined.

For this reason, the Calcutta High Court’s affirmation of whistle-blowers’ privacy and identity protection is an important development. Through its order on the 20th of November, 2013, the Calcutta High Court held that for the purposes of section 6(2), which requires an application to the Public Information Officer to provide contact details of the applicant, it is sufficient in such application to disclose only the post-box number of the applicant. The court directed the Government to accept RTI applications without personal details or detailed whereabouts, when a post-box number or sufficient detail has been provided to establish contact between the whistle-blower and the authority. However if a public authority has any difficulty contacting the applicant through the Post Box No. the applicant may be asked to provide other contact details. The court further directed that personal details of applicants are not to be posted on the authorities’ websites.

The order, which was notified by the Government last week, ensures to some extent the protection of a whistle-blowers identity, and reduces the chances of the RTI being undermined by threats or acts of violence by those who are a part of the corrupt system, against persons exercising their right to information. However, its implementation is liable to be contingent on the authorities’ interpretation of when it would be “difficult” to establish contact between the authority and the applicant. Certain practical difficulties could also undermine the actual impact of the order, such as the fact that many applications are sent through registered or speed post, which cannot be mailed to a post-box number, especially since ordinary post cannot be tracked online like speed or registered post.[2]

Developing a system in which ordinary citizens do not have to fear retaliation for exposing corruption requires a comprehensive legislation protecting whistle-blowers identities and ensuring data security. However, the important message this judgement sends out is that the judiciary is still committed to protecting whistle-blowers, in lieu of the government’s actions. This is a particularly important stance taken by the Court, considering the Supreme Court in the past has refused to frame guidelines for whistle-blower protection, citing the imperative in enacting a whistle-blower legislation to be the Parliament’s.[3]

A full text of the judgement is available here.

[1].Whistleblower shot dead in Bihar, THE HINDU, available at http://www.thehindu.com/news/national/whistleblower-shot-dead-in-bihar/article4542293.ece; Tamil Nadu Whistleblower alleges death threats; Silence from Government, NDTV, available at http://www.ndtv.com/article/india/tamil-nadu-whistleblower-alleges-death-threats-silence-from-govt-410450.

[2]. Indian Postal Tracking Portal, http://www.indiapost.gov.in/tracking.aspx.

[3]. Supreme Court refuses to frame guidelines for protection of whistleblowers, Daily News and Analysis, available at http://www.dnaindia.com/india/report-supreme-court-refuses-to-frame-guideline-for-protection-of-whistleblowers-1525622.

For more details visit https://cis-india.org/internet-governance/blog/calcutta-hc-strengthens-whistle-blower-protection

Counter Surveillance Panel: DiscoTech & Hackathon

praskrishna — 2014-02-28T05:36:15Z

We invite you to a Counter Surveillance DiscoTech and Hackathon at the Centre for Internet and Society in Bangalore on Saturday, March 1, 2014 (9.00 a.m. to 5.00 p.m.). The event is being co-organized by the Centre for Internet and Society in tandem with the MIT Centre for Civic Media Co-Design Lab, with support from members of Tactical Technology Collective, Hackteria.org and Srishti School of Art Design and Technology. Registrations begin at 9.00 a.m. The event shall close with a featured talk by renown information activist and maker lab innovator Smari McCarthy, titled "Privacy for Humanity" at 5.00 p.m.

Overview

Mirroring the call by MIT Civic Media Lab Co-Design Studio, this event brings together students, technologists, designers and citizens to explore counter-surveillance strategies. The event will be held simultaneously across various locations including Boston, Palestine, Lisbon and Buenos Aires. Click here for the definition of DiscoTech.(Discovering Technology)

Agenda

We shall begin with brief contextualized introductions catalyzed by researchers in the field of privacy & surveillance, followed by workshops and hackathons led by expert practitioners. Participants are welcome from diverse backgrounds looking to be involved in designing engaging and creative ways to counter surveillance. The event shall close with a featured talk by renown information activist and maker lab innovator Smari McCarthy , titled "Privacy for Humanity" at 5.00 p.m.

Introductory Catalyst Sessions

Malavika Jayaram: Fellow at Berkman Center for Internet and Society at Harvard University and the Centre for Internet and Society, Bangalore
Laird Brown: DesiSec Project at the Centre for Internet and Society, Bangalore and University of Toronto
Kaustubh Srikant: Head of Technology, Tactical Technology Collective and Maya Indira Ganesh (Program Director)
Abhay Raj Naik: Assistant Professor, Azim Premji University

Design and Hackathon Lead Catalysts

Yashas Shetty:Faculty@ www.srishti.ac.in and Co-Founder Hackteria.org (DNA Spoofing, Surveillance Camera: Avoidance, Microscopic Re-Appropriation & Bacterial Discotheque)

Hari Dilip Kumar: Co, Founder, FluxGen: (Introducing data transmission protocols, Software Defined Radio (SDR) design and surveillance detection )

Sharath Chandra Ram: Researcher @ CIS Open Lab and Faculty@Srishti (Civic Media solutions using open citizen networks and the web, spectrum scanning, visual communication design strategies, finger print mash-up publishing)

Featured Talk and Interactive Closing Session by Smari McCarthy

(Executive Director, International Modern Media Institute and Founder, Icelandic Pirate Party & Icelandic Digital Freedom Society)

Title of Talk: PRIVACY for HUMANITY - 5.00 p.m.

Click to download the flyer invite
Date: Saturday, March 1, 2014
Time: 9.00 a.m. to 5.00 p.m. (Registration 9.00 a.m. sharp)
Venue: Centre for Internet and Society, Bangalore
Map : http://bit.ly /1fcDDLG

Please RSVP due to limited space and logistics for lunch and refreshments

For more details visit https://cis-india.org/events/counter-surveillance-panel-disco-tech-hackathon

The Forbes India 30 Under 30 List

praskrishna — 2014-02-21T07:59:41Z

Showcasing an enterprising new generation that dreams big and refuses to say die.

This article by Abhilasha Khaitan appeared in the Forbes India magazine of 21 February, 2014. Pranesh Prakash features in the list.

To borrow from Ayn Rand, ‘the question for this generation isn’t who is going to let them but who is going to stop them’. As a torchbearer of individualism, Rand would have approved of the first-ever Forbes India 30 Under 30 list. Sort of. The rider: This isn’t just a celebration of capitalism and profit; it is also in recognition of social value. Do-gooders, geeks, greens, musicians, sportspersons, creative-types and biz kids: The net was thrown wide to catch the best and the brightest.

As the names on the previous page will tell you, it was a worthwhile effort.

It was also an education. Generalisations, it appears, do not apply to the youth. Consider India’s reputation as nerd-land and a skew in favour of techpreneurs and IT geniuses would be expected. But while brilliant professionals dot the landscape, only a few seem to have translated an original thought into a viable, disruptive business proposition. Pallav Nadhani of FusionCharts, Rahul Yadav of Housing.com and Nischal Shetty of JustUnfollow , for instance, score high on both originality and utility.

If there is a slant, it is towards verticals that best suit the lone ranger: Sports, entertainment, the arts. Even there, though, we tried to separate the clichéd from the uncharted and zeroed in on Sushant Singh Rajput and Rajkummar Rao; and Suhail Yusuf Khan and Aathira Krishna; and Rahul Dravid’s purported successor Cheteshwar Pujara.

Plot this list on a heat map and the social entrepreneurship and policy dots would glow red too. Sectors with the potential for real change are drawing them in hordes. There is Rwitwika Bhattacharya who figured out the best way to get political leaders to perform is by helping them do it; Shashank Kumar who is committed to empowering farmers. Even those with different skill sets—design, in this case—are not oblivious: So a communication designer, Aditi Gupta, tries to create awareness about menstruation, a taboo subject.

Then some are in it for the happiness quotient: Pooja Dhingra for her macarons and Shivan and Narresh for their bikini sari.

This might be a good point to ask: Where is Virat Kohli? Deepika Padukone? Any sub-30 list should lead with those names. Here’s the thing: They don’t even make our consideration set. The reason is in the purpose behind this search: Forbes India was looking for a spark, for a story that is still waiting to be told and, for the most part, only starting to unfold.

To that end, individuals who are already forces in their fields—household names—will feature on another day, on another list.

As for those who are part of this list of possibility, it really is a question of who is going to stop them.

30 Under 30 list

Art & Culture
Suhail Yusuf Khan, 26
Sarangi Player / Vocalist

Aathira Krishna, 25
Carnatic Violinist

Design
Moneet Chitroda, 28
Sr Designer - Interiors, Renault Techno Centre

Aditi Gupta, 29
Co-Founder, Menstrupedia.com

Lokesh Karekar, 29
Visual Artist & Director, Locopopo

Alok Shetty, 27
Principal Architect & Founder, Bhumiputra Architecture

E-Commerce
Rahul Yadav, 24
Co-founder & CEO, Housing.com

Bhavish Aggarwal, 28
Co-Founder and CEO, Olacabs

Entertainment
Sushant Singh Rajput, 27
Actor

Rajkummar Rao, 29
Actor

Kishan SS, 18
Actor / Director

Fashion
Shivan Bhatiya & Narresh Kukreja, 29, 28
Swimwear Designers

Finance
Raghu Kumar, 28
Co-Founder, RKSV

Manju Bhatia, 27
Joint MD, Vasuli Recovery

Food & hospitality
Pooja Dhingra, 27
Founder-Chef, Le15 Patisserie

Greentech & sustainability
Abhishek Humbad, 27
Founder, NextGen PMS

Healthcare
Kabir Chadha, 27
Founder & CEO, Epoch Elder Care

Law, policy & Politics
Rwitwika Bhattacharya, 27
Founder, Swaniti Initiative

Pranesh Prakash, 28
Policy Director, Centre for Internet and Society

Apar Gupta, 29
Partner, Advani & Co.

NGOs & Social Entrepreneurship
Shashank Kumar, 28
Co-Founder, Farms n Farmers

Tarique Mohammad Quereshi, 29
Founder, Koshish

Anoj Viswanathan, 26
Co-Founder & President, Milaap

Kuldeep Dantewadia, 25
CEO & Co-Founder, Reap Benefit

Social Media / Mobile / Digital
Nischal Shetty, 28
Founder, JustUnfollow

Sports
Deepika Kumari, 19
Archer

Cheteshwar Pujara, 26
Cricketer

Gaganjeet Bhullar, 25
Golfer

Technology
Pallav Nadhani, 29
Co-Founder & CEO, FusionCharts

Paras Chopra, 26
Founder, Wingify

Methodology

Will we find 30 under-30s? That was the question that troubled when we started work on this project. The numbers are easy enough to add up but the list had to be representative, relevant and, well, not half-baked.

It was never going to be exhaustive. We knew that. The landscape was too vast, the information too sparse and spread out. But limited though it may be in geographical scope, the rigour in research—and the depth in young talent—has produced quality that satisfies the parameters we had set at the beginning. These are: Trigger: The extent of achievement and his/her impact in a short span of time and the level of disruption/innovation that has been shown; Scope: Scalability of his/her business or line of work; Sustainability: Signs of being a flash in the pan or is there enough indication of a long-run play?

The research took on two legs: One, interviews by Forbes India staffers with sources across relevant categories as well as through studies of databases and media coverage. Two, an online application on forbesindia.com inviting applications from entrepreneurs/professionals who felt they qualified. This helped us arrive at a long list which went up to over 300 names across the 14 categories. (Even this number went through an initial vetting.)

The next step was narrowing down to a ‘short long’ list—the names most likely to make it to the top 30. This pool of 75 names was decided in consultation with experts and observers—and this was the toughest leg. Consider that we had entered the ‘first among equals’ phase where separating the final 30 from the other contenders was, really, a judgment call.

But armed with expert views, the Forbes India editorial team debated, argued and vetoed for hours to finalise the 30 individuals you will read about here. There are those outside the list that couldn’t be left out. They find mention too.

For more details visit https://cis-india.org/news/forbes-india-abhilasha-khaitan-feb-7-2014-india-under-30-list

Will You be Paid to Post a Picture?

nishant — 2014-03-06T11:58:41Z

The wave of free information production on the web is on the wane.

The article was published in the Indian Express on February 18, 2014

The age of volunteerism is officially over. The last decade of the mass adoption of the internet has been fuelled by endless human hours being spent in producing information which is the new currency of our times. The big transition to Web 2.0 began when the individual “user” became more than either an individual or the user. The individual found herself as a part of a collective, finding a voice and a community of others to belong to. Simultaneously, instead of being a passive consumer of the web, the user started producing data — blogs, videos, tweets, content management systems, online discussion boards, massively multiple online role-playing platforms, social network transactions — all of which became a part of the new Web’s widespread popularity.

Almost everything that we understand as the social web today is contingent upon people producing data in their interactions with the world around them. From knowledge producing websites like Wikipedia to entertainment platforms like YouTube, visualisation and data gathering spaces like Pinterest to photographs of self, food and cute animals on Instagram, political and social commentaries on Tumblr to Listicles and memes on Buzzfeed, the internet is a veritable smorgasbord of new information forms, formats and functions that are generated by the users.

What is possibly the most exciting about this burgeoning information universe has been the amount of free labour that goes into it, and often remains invisible. As digital labour scholar Trebor Schulz points out, the internet has become both a factory and a playground, where our leisure time is capitalised into producing work that sustains the new attention and information economies. For instance, the world’s largest social networking site, Facebook, does not produce any of its contents. It is, in fact, a system of information mining and sorting, which works as long as a growing user base continues to produce information on it. Tomorrow, if all of us stop producing Facebook, and only lurk on it, the platform will collapse. Which is why, Facebook continues to acquire new platforms and applications to be integrated into its universe.

Similarly, the real effort that goes into the sustenance of sites like Wikipedia, which has become the de facto reference for global knowledge systems, is carried out by unsung and invisible editors who patiently, meticulously, and without almost any expectation, continue to add, verify, strengthen and curate reliable information that we can use. When the non-profit organisation WikiMedia Foundation prides itself in running one of the least expensive websites in the top 10 most visited sites in the world, it is signalling its deep appreciation for the countless human hours that have made Wikipedia possible.

But, in recent years, there is noticeable stagnation in the wave of free information production on the Web. Oh, don’t get me wrong. We are producing an unprecedented amount of data — we are constantly being watched by surveillance technologies that detect biometric and genetic make-up of all our transactions, or we are inviting people to watch us on social network sites where we reveal some of our deepest secrets and desires, or we are watching ourselves, quantifying everything from things we ate to the number of hours we sleep. And yet, as we live in a world of Big Data, there is a definite decrease in people contributing to production of free information.

As the digital natives move from the web to mobile phones, traditional websites are already facing a crisis. News and media agencies that have celebrated the global citizen media networks have started realising that the individual user is more interested in local networks and information ecologies which are independent of mainstream conglomerates. And people are realising that their time and effort is worth money. They can be easily compensated for their online activities and gain reputation and importance.

The tension only becomes more palpable when people start realising that there are others who are being paid to work on the platforms that they are contributing to. We all knew that this model of depending on free information was not a sustainable one. But it seems the day has arrived, especially with the recent drives on Wikipedia to build specialised knowledge editors. In the last few months, we have seen people in the FemTechNet project — an academic activist feminist project that seeks to remind us of the intersections of feminism and technology in network societies — carry out “Wikistorming”, where students are adding pages of women’s contribution to technologies on Wikipedia. More recently, medicine students at University of Chicago have taken to correcting and adding accurate information to Wikipedia, which is often a source of health information.

Both of these are fantastic efforts to add to the platform that was the underdog that overthrew the mammoth encyclopaedia like The Encyclopaedia Britannica. We hope more specialised users in different locations, fields, disciplines and languages continue to edit and contribute to Wikipedia. However, it is also a signal that the generalist information producer is on the decline. We are transitioning into a new age, where people are going to need rewards, incentives and benefits for performing information transactions on the web. The user is no longer going to be available for free labour, and it is time we started thinking of “paid usership”.

For more details visit https://cis-india.org/internet-governance/blog/indian-express-february-18-2014-nishant-shah-will-you-be-paid-to-post-a-picture

Dark days for the creative class in India: Siddiqui

praskrishna — 2014-02-17T09:14:43Z

As India’s literacy rate improves, governments, courts, media, publishers and big business are all stifling free speech.

Haroon Siddiqui's article was published in thestar.com on February 16, 2014. Pranesh Prakash is quoted.

In contrast to North America and Europe, India’s book publishers, newspapers and TV/radio stations are doing well, thanks to a rising literacy rate and a growing middle class. Authors, artists, journalists and filmmakers are enjoying big audiences and relatively good paycheques. Yet, paradoxically, free speech has never been so imperilled in the world’s largest democracy, for several reasons.

Governments are using colonial-era laws to stifle free speech. The lower courts and police are caving in to religious bigots who demand bans on what they don’t want to see and hear. Vigilante groups are using goon tactics to intimidate the creative class. Big business is slapping lawsuits and creating libel chill. Publishing houses are capitulating to legal, political and economic pressure. The media are too busy mollycoddling governments and advertisers to stand up for free speech.

Legal framework

The constitution guarantees free speech but, as in Canada and several European nations, it also imposes “reasonable restrictions” to maintain peace and public order. The Supreme Court has set a high bar for imposing any restrictions, yet both the federal and state governments routinely shut down anything that might flare communal riots, especially between Hindus and Muslims — a real and ever-present danger. Politicians don’t want blood on their hands to uphold the right of a preening writer to poke people in the eye. Critics counter that the political class doesn’t really care for intellectual freedom.

Libel and defamation laws criminalize speech and prescribe jail terms. This, again, is not much different than, say, the Canadian Criminal Code, under which those convicted of hate speech may be jailed for up to three years. (That’s what we are left with after the Stephen Harper Conservatives axed the civilian remedy that was available under the Human Rights Act.)

India’s Anti-Sedition Act prohibits words and actions that may cause “hatred or contempt or disaffection” toward government. This is used even against journalists, activists and those protesting government policies. As many as 6,000 farmers and fishermen were charged for opposing a nuclear plant along the southeast coast.

The Penal Code makes it an offence, punishable by up to three years in jail, to hurt anyone’s religious sensibilities; promote enmity between different religious groups; circulate “any statement or report containing rumour or alarming news with intent to create or promote, or which is likely to create or promote, on grounds of religion, race, place of birth, residence, language, caste or community feelings of enmity,” etc., etc.

Worse, the code allows anyone offended by anything to demand that the offensive material be removed.

Indians are easily offended, indeed are “desperate to be offended,” jokes novelist Manu Joseph. The milieu allows religious leaders and politicians to stoke real or imagined grievances and rush to the courts and the police, both of which usually cave in rather than risk the wrath of frenzied protesters.

“Instead of protecting the right of free expression, the state defends the offended,” writes Salil Tripathi on the website Index on Censorship.

Adds Kian Ganz, editor of the website Legally India: “Many of these British-colonial laws were written and enforced to ‘control’ a multi-ethnic and religious population. Yet they are still around and are regularly used to stifle free speech.”

Religious bigotry

While we hear mostly of angry Muslims taking offence to alleged insults to Islam — the 1988 ban on Salman Rushdie’s The Satanic Verses being the prime example — increasingly it is Hindu fundamentalists who have been agitating successfully against what they do not like.

“Hindu bigots have matched, or perhaps even outperformed, their Islamic counterparts,” writes Ramachandra Guha, India’s pre-eminent historian. He was condemning Penguin India’s decision last week to recall and pulp American academic Wendy Doniger’s The Hindus: an Alternative History, under pressure from a Hindu group that said the 2009 book contained “heresies” and was focused on “sex and eroticism.”

There has been no bigger victim of Hindu wrath than the late M.F. Hussain, the “Picasso of India.” His priceless work was vandalized, he was slapped with hundreds of lawsuits and threatened with death for painting Hindu deities in the nude. He went into exile in Doha, Qatar, where I spoke to him on the phone in 2011 and heard his pain at having been hounded out of his beloved India. We agreed to meet later but he died soon after, at age 95.

Last year, India’s leading intellectual Ashish Nandy was threatened with arrest for ostensibly offending Dalits (Hindus of a lower caste, formerly known as untouchables).

In 2012, Mumbai police arrested a young woman who complained on Facebook about the shutdown of the city of 18 million on the death of Bal Thackeray, leader of a chauvinist regional Hindu party. Another woman who “liked” the page was also detained,both for “hurting religious sentiments.”

In 2011, the western state of Gujarat stopped the sale of American journalist Joseph Lelyveld’s biography of Mahatma Gandhi, which suggested that the great leader may have had a sexual relationship with a male German architect. The chief minister (premier), Narendra Modi, is now the prime ministerial candidate of the Hindu nationalist Bharata Janata Party for federal elections in May, which he is favoured to win.

In 2010, Canadian author Rohinton Mistry’s 1995 book, A Fine Balance, was removed from the syllabus of Bombay University, his alma mater, following objections by a student, the grandson of Thackeray. The head of the university’s English Department had to go into hiding after receiving death threats.

In 2008, Delhi University expunged from its history course an essay by A.K. Ramanujam on Hinduism following complaints by a Hindu group, and Oxford University Press India temporarily stopped printing it.

Other examples:

In 2007, a court issued an arrest warrant for actor Richard Gere for kissing Bollywood actress Shilpa Shetty, following complaints by irate Hindus. An institute in the western city of Pune was vandalized because American academic James Laine had done part of his research there for his book, Shivaji: Hindu King in Islamic India. An art gallery in Bangalore hastily removed partially nude pictures of Hindu deities fearing retaliation by a Hindu moral squad.

Guha, the historian, once suggested that both Rushdie and Hussain, one pilloried by Muslims and the other by Hindus, be conferred India’s highest civilian honours. “That would have been a blow for artistic freedom. And it’d have equally offended Hindu and Islamic bigots.”

Libel chill

There has been a steady rise in what free speech advocates see as nuisance lawsuits by corporate houses, businessmen and political parties.

In December, Jitender Bhargava, executive director of Air India until 2010, saw his book on the national airline withdrawn by Bloomsbury India, allegedly under political pressure.

The same month, another book, Sahara: The Untold Story, on the controversial finance and real estate conglomerate, was held back under a court order.

In 2011, Penguin removed a chapter in The Beautiful and the Damned from its Indian edition after Arindam Chaudhuri, who runs business schools, sued about his profile in it. He also sued Caravan, a journal of politics and culture, for an article on how he had “made a fortune off the aspirations and insecurities of India’s middle class.” The Delhi-based businessman still has the Delhi-based magazine entangled in the case he filed in a jurisdiction 1,750 kilometres away — and 300 kilometres from the nearest airport.

Penguin also held back a biography of J. Jayalalithaa, chief minister of the southern state of Tamil Nadu, who had a stay order issued against it.

In 1998, a book about the head of a textile conglomerate, Dhirubhai Ambani, was not published in India after the publisher was threatened with lawsuits. A second edition of The Polyester Prince was issued in India but with the offending material cut out.

It is difficult for outsiders, especially without the benefit of reading the materials in dispute, to judge the timidity of the publishers. But there’s no questioning the creeping self-censorship.

Obeisant media

Vinod Jose, executive editor of Caravan, writes in its annual media issue:

“Media owners bargained with the government to secure lucrative licences to mine coal blocks in return for their power to influence the public. Editors got caught on tape striking deals with lobbyists but remained arrogantly unapologetic. Owners fired political editors who wrote about politics independently . . . Forbes India pulled a story because it irked the finance ministry.”

Jose said that in 2013, the year surveyed, “the dominant mood of the press was docility.” If in the 1950s and 1960s, the media served the state, now they serve big business. They have begun to expose government corruption but remain mostly mum on corporate malfeasance. The Times of India, the country’s largest English daily, takes equity in some companies it provides advertising space to.

State surveillance

India, like the United States and other democracies, is under heavy criticism for invasion of citizen privacy under sweeping state surveillance, especially by its eight intelligence agencies that operate under mostly secretive powers.

“The real problem is that we don’t know what powers they do have — we only know bits and pieces about the Centralised Monitoring System (CMS), from some tender documents that indicate that the government intends to track web usage, phone calls, text messages and map location information, apparently without the knowledge of even telecom operators,” says Nikhil Pahwa of MediaNama (Media Journal), a website that provides news and analysis of digital media. “The issue is even less obvious here than that of the NSA,” the National Security Agency in the United States.

“The rules give the Indian government the ability to gag free speech, and block any website it deems fit, without publicly disclosing why or who blocked it — or providing adequate recourse for getting the block removed.”

“Intelligence agencies are not answerable to parliament, only to the Home ministry,” says Anja Kovacs of the Centre for Internet and Society. There are few checks and balances, little or no civilian oversight.

“The Indian government’s centralized monitoring is chilling, given its reckless and irresponsible use of the sedition and Internet laws,” says Human Rights Watch. “New surveillance capabilities have been used . . . to target critics, journalists and human rights activists.”

“Every month at the federal level, 7,000 to 9,000 phone taps are authorized or re-authorized,” writes Pranesh Prakash, policy director for the Centre for Internet and Society.

Conclusion

It is useful to remember that whatever is true of India, the exact opposite may also be true. So, while the situation is getting bleaker on the free speech front, in India the state is not the sole culprit, unlike in Russia, China or other authoritarian places. India also has a vibrant civil society that’s hammering away — is free to hammer away — at the need for a liberal polity to be liberal. The intellectuals, activists and NGOs I have quoted, testify to that. Here’s another:

The PEN All-India Centre in Mumbai and the newly formed Delhi Pen, both part of the global network of writers dedicated to free speech, said this last week:

“The removal of books from our bookshops, bookshelves and libraries, whether through state-sanctioned censorship, private vigilante action or publisher capitulation are all egregious violations of free speech that we shall oppose in all forms at all times.”

For more details visit https://cis-india.org/news/the-star-op-ed-february-16-2014-haroon-siddiqui-dark-days-for-creative-class-in-india

Workshop on Media Law & Policy Curriculum Development

praskrishna — 2014-02-17T10:25:54Z

Centre for Communication Governance, National Law University, Delhi and University of Oxford in support with the International Higher Education-Knowledge Economy Partnerships Programme of the British Council is organizing this workshop on February 16 at National Law University in Delhi.

Chinmayi Arun is a speaker and Bhairav Acharya will be speaking at this event.

Timing	Programme
10.00 10.10	Welcome Address Prof. (Dr.) Srikrishna Deva Rao, Registrar & Professor of Law, National Law University, Delhi
10.10 10.15	Introduction to the Project Chinmayi Arun, Research Director, Centre for Communication Governance at National Law University, Delhi
10.15 10.45	Session 1: Introductory Material The Media Landscape, Media & Democracy Lead discussants: Aloke Thakore, Kanamma Raman, Sukumar Muralidharan and Vibodh Parthasarathi Freedom of Expression & Freedom of Press Lead discussants: Arudra Burra, Bhairav Acharya, Manav Kapur and Sukumar Muralidharan
10.45 11.30	Session 2: Media Law The State and the Media (Sedition, Contempt of Court, Parliamentary Privilege and Reporting Court Proceedings) Geeta Seshu, Jawahar Raja, Manav Kapur, Praveen and Sukumar Muralidharan Citizen, Society and the Media (Defamation, Obscenity, Public Order & Communal Harmony and Privacy) Arudra Burra, Bhairav Acharya, Jawahar Raja, Praveen and Saurav Datta
11.30 11.45	Tea
11.45 12.15	Session 3: Media Content & Regulatory Mechanism and Public Service Broadcasting Media Carriage, Pluralism, Ownership & Cross Ownership Lead discussants: Aloke Thakore, Geeta Seshu, Saurav Datta and Vibodh Parthasarathi
12.15 12.45	Session 4: Converged Media, Globalised Media and the Internet Lead discussants: Aloke Thakore, Abhinav Srivastava, Geeta Seshu Kanamma Raman and Sukumar Muralidharan
12.45 13.30	General Feedback about accessibility, structure and other miscellaneous factors

For more details visit https://cis-india.org/news/workshop-media-law-and-policy-curriculum-development

The Internet Way

nishant — 2014-02-14T06:59:48Z

Dr. Nishant Shah's review of the book “The Everything Store: Jeff Bezos and the Age of Amazon” by Bantam Press/Random House Group, London was published in Biblio Vol. 19 No.8 (1&2), January – February 2014.

Click to download the file (PDF, 2436 Kb). Dr. Nishant Shah's review can be found on page 16.

The Age of Amazon’ is not just the title of a book, it is a retrospective on the history of e-commerce as well as a prophecy for the shape of things to come. In his meticulously reported book, Brad Stone takes us through the roller coaster ride of the ‘Everything Store’ that Amazon has become, building a gripping tale of an idea that has become synonymous to the world of online shopping in just over two decades.

The book reads well as a biopic on the visionary lunacy of Jeff Bezos, the founder of Amazon, as well as a gripping tale of how ideas grow and develop in the digital information age. Stone is an expert storyteller, not only because of his eye for the whimsical, the curious and the enchantment of the seemingly banal, but also because of his ability to question his own craft.

At the very outset, Stone warns us that the book has been compiled through workers at employee, but not Bezos himself. This helps Stone separate the maker from the brand — unlike Steve Jobs who became the cult icon for Apple, Bezos himself has never become the poster child of his brand, allowing

Amazon to become not only an everything store but everybody store. But it means that Stone’s task was to weave together the personal biography of Bezos, his dramatic journey through life with the tumultuous and adventurous inception and growth of Amazon, and his skill lies in the meeting of the twines, which he does with style, ease and charm.

One of the easiest accusations to throw at a book like this is to state that it reduces the murky, blurred, messy and incoherent set of events into a narrative that establishes causes and attributes design and intention where none existed. However, Stone was confronted with the idea of ‘Narrative Fallacy’ — a concept coined by Nassim Nicholas Taleb in his Black Swan, referring to the tendency of human beings to reduce complex phenomenon to “soothing but oversimplified stories”. In fact, the challenge to not reduce the book to a series of connected anecdotes was posed by Bezos when Stone pitched the book to him. And what has emerged is a book about accidents, serendipity, risk, redundancy, failure charting the ineffable, inscrutable and inexplicable ways in which digital technologies are shaping the worlds we live in.

With the rigour and journalistic inquiry that Stone has displayed in his regular writings in The Businessweek, The Everything Store has stories which are as memorable as they are unexpected. Stone does a fantastic job of charting Bezos’ life — from tracking down the lost father who had no idea what his son, who he had abandoned at age three, has become, to the chuckleworthy compilation of Bezos’ favourite quotes (Stone calls it his ‘greatest hits’), the book is filled with pointed and poignant observations and stories that give us an idea of the extraordinary life of Jeff Bezos. But unlike the expected character creation of a mad genius, what you get is the image of a man who lived in contradictions: wedded to his internal idea of truth but also ruthless in his business policies which were predatory and competitive to say the least; a businessman who once wrote a memo titled ‘Amazon.love’ about how he wanted a company to be “loved not feared” but also used the metaphor of a “cheetah preying on the gazelles” in its acquisition of smaller businesses; a man who thought of himself as a “missionary rather than a mercenary” and yet built a business empire that embodies some of the most discriminatory, exploitative and stark conditions of adjunct, adhoc, underpaid and contract-based labour of our precariously mobile worlds.

Stone is masterful as he segues from Bezos’ personal life and ambitions into the monomaniacal and turbulent trajectory of Amazon. Amazon is not a simple success story. It tried and failed at many things, but what remains important is how, it failed at the traditional way of doing things and succeeded at the internet way of thinking. So when Amazon failed, it was not a failure to succeed, but a failure that resulted because the infrastructure needed to make it succeed was not yet in place. Stone’s narrative that effortlessly takes us through the economics, trade, policies, regulation, administration and struggles of Amazon, shows how it was a company that had to invent the world it wanted to succeed in, in order to succeed. In many ways, the book becomes not only about Amazon and its ambitions to sell everything from A-Z, but about how it built prototypes for the rest of the world so that it could become relevant and rule.

But the book is not a Martin-Scorsese-type homage to the scoundrel or the villain. While it is imbued up and spit you out. And if you are good, he will jump on your back and ride you into the ground.” Or as Stone himself suggests, that is the way the company is going to grow “until either Jeff Bezos exits the scene or no one is left to stand in his way”. This policy of taking everything from its employees and channelling it to the relentless growth of the company accounts for not only the high attrition rate of top executives but also the growing controversies about work and labour conditions in Amazon warehouses and on-the-ground delivery services.

Stone’s book does not go into great detail about the new work force that companies like Amazon produce — a work force that is reduced to being a cog in a system, performing mechanical tasks, working at minimal wage, and without the protections that are offered to the white collar high-level technology executives that are the popup children of the digital trade. Stone reminds us that behind the incredible platform that Amazon is, is a massive physical infrastructure which almost reminds us of the early industrial days where the labourer was in a state of exploitation and precariousness. And even as we celebrate the rise of these global behemoths, we might forget that behind the seductive interfaces and big data applications, that under the excitement of drone-based delivery systems and artificial intelligence that will start delivering things even before you place the order, is a system that pushes more and more workers in unprotected and exploitative work conditions.

All in all, The Everything Store is a little bit like Amazon itself. It is a love story of a man with his ideas, and how the rest of the world has shifted, tectonically, to accommodate these eruptions. In its historical retrospective, it shows us the full scope of the ideas and possibilities that inform Amazon, and thus the future that it is going to build for us. And with masterful craftsmanship, Brad Stone writes that it is as much about the one man and his company, as it is about the physical and affective infrastructure of our rapidly transforming digital worlds.

For more details visit https://cis-india.org/internet-governance/blog/biblio-january-february-volume-ix-8-nishant-shah-the-internet-way

February 11: The Day We Fight Back Against Mass Surveillance

divij — 2014-02-14T06:00:05Z

The expansive surveillance being perpetuated by governments and corporations is the single biggest threat to individual liberties in the digital age.

The expanding scope and extent of massive data collection and surveillance undertaken by bodies like the USA’s National Security Agency compromises our privacy and stifles our freedom of speech and expression in its most vital public spheres, affecting the civil liberties of citizens of countries all across the world.

The previous year has been a watershed year for reclaiming the internet as a free and open space, primarily through the exposure of the unwarranted systems of surveillance that threaten it, by whistle-blowers like Edward Snowden and WikiLeaks. Despite all these efforts, they have only managed a dent in the surveillance regimes, which continue unbridled, with the protection of the state and the surveillance industry. The future of a free internet depends upon the systematic challenge of these programs by the millions of internet users they affect.

February 11, 2014 is the day we fight back against mass surveillance. Organized by the Electronic Frontier Foundation, and supported by thousand of organizations like Mozilla and the Centre for Internet and Society, on this day of action, citizens around the world will demand an end to these programs that threaten the freedom of the internet. You can support this cause by signing and supporting the 13 Principles (International Principles on the Application of Human Rights to Communications Surveillance), and contacting your local media, petitioning your local legislators and telling your friends and colleagues about the topic. Publicizing the movement and creating a buzz around it will help spread the message to many others across the internet. Do anything that will make the fight more visible and viable, such as organizing or attending public lectures, or creating tools or memes or art to spread information. For more ways in which you can contribute, and more information on the event, visit the website.

The users of the internet deserve a free and open internet and deserve and end to mass surveillance. If we can make enough noise, make enough of an impact, we can greatly bolster the movement for reclaiming the internet.

For more details visit https://cis-india.org/internet-governance/blog/the-day-we-fight-back-against-mass-surveillance

Internet Intermediary Liability: Towards Evidence-based Policy and Regulatory Reform to Secure Human Rights on the internet

praskrishna — 2014-03-06T05:51:47Z

Elonnai Hickok participated as a speaker at this event organized by Association for Progressive Communications at the Wedgwood, 75A 2nd Ave. Melville, Johannesburg, February 10-11, 2014.

Click to download the full details in this event brochure.

For more details visit https://cis-india.org/news/apc-internet-intermediary-liability-towards-evidence-based-policy-and-regulatory-reform-to-secure-human-rights-on-the-internet

A tale of two Internet campaigns

praskrishna — 2014-03-07T00:19:26Z

Techies supported anti-surveillance campaign, companies backed internet safety.

Deepa Kurup's article was published in the Hindu on February 11, 2014. Sunil Abraham is quoted.

The Internet was the subject of two distinctly different global campaigns, both coinciding on Tuesday. While one is backed by rights groups, civil society organisations and advocates of software and Internet freedom in general, another is run and supported by major tech corporations with a view to creating awareness on being safe online.

Supported by over 5,000 websites globally, including biggies Reddit, Mozilla (makers of Firefox) and the Electronic Frontier Foundation, the ‘Day We Fight Back’ campaign aimed at raising a voice against mass dragnet surveillance by the U.S. government. Despite being a largely U.S.-centric mass campaign attacking the National Security Agency’s spying activities worldwide, groups such as the Free Software Movement of Karnataka (FSMK) and Bangalore-based NGO Centre for Internet and Society have supported it.

On Tuesday, GNU/Linux user groups (known as glugs) in several colleges — coordinated by the FSMK — did classroom-to-classroom campaigns talking to students and creating awareness about surveillance. In some engineering colleges, such as the SJBIT, these glugs are even screening documentaries related to online privacy and mass surveillance over the week. Explaining why the FSMK decided to hold a campaign here, Sarath M.S. of the FSMK said: “While the call for action is directed towards lawmakers in U.S., this affects all of us. It has undermined the sovereignty of nations and privacy of individuals. Given this, it is important to build public opinion among the youth against these surveillance systems, and make them understand the political issues underlying products and services that they use regularly.”

Sunil Abraham of the CIS, an organisation that is listed on the campaign website (www.thedaywefightback.org) as a supporter, says that the global support comes from the fact that people have realised that the idea that the Internet is a democratic medium is not true anymore. “The aftermath of Snowden’s revelations have signalled the end of the Internet as we knew it. This is an attempt by civil society organisations to make a case for the web we want.

Safe Internet Day

Meanwhile, two big companies announced activities as part of the Safe Internet Day, an annual global campaign that promotes safer use of online tech. To mark the occasion, Microsoft Corp released results of the third annual Microsoft Safe Computing Index that found that 20 per cent Indians have been victims of online phishing attacks and 12 per cent have suffered identity theft.

Google India too launched the ‘Good to Know’ campaign on online safety. It announced a partnership with Digital Empowerment Foundation (DEF) and the Voluntary Organisation in the Interest of Consumer Education (VOICE) on this campaign.

For more details visit https://cis-india.org/news/the-hindu-february-11-2014-deepa-kurup-a-tale-of-two-internet-campaigns

Towards an Equitable and Just Internet

praskrishna — 2014-02-17T11:20:19Z

IT for Change is organizing an international meeting to formulate a progressive response to issues of global governance of the Internet. Bhairav Acharya will be participating in this event to be held in New Delhi on February 14 and 15.

The Internet is emerging as a central feature of contemporary human life. We use it to access and disseminate information, to communicate and build community, to transact business and to practise democracy. Ever increasing dimensions of our social, economic, cultural and political life are tied to the Internet.

However, the benefits of the Internet - knowledge and power, wealth and influence, are distributed unevenly. A technology built on the egalitarian peer-to-peer principle, ironically, is emerging as a key axis of inequality, an instrument perpetuating and reinforcing longstanding social, economic, cultural and political injustices. Snowden's dramatic exposé of a deep nexus between the US government and a few global corporations to enable global surveillance, confirmed just one aspect of the problem. The truth about the Internet and how its socio-technical architecture is being shaped is considerably more complex and insidious. The rapid colonisation of the Internet by a few monopolizing global corporations, and its governance being subject, in a highly disproportionate manner, to the laws and policy priorities of one country, impacts not just privacy, but a huge range of very important social, economic, cultural and political issues. (To a lesser extent, policy frameworks developed by clubs of rich countries like the the OCED also impact the emerging shape of the Internet.)

Questions of democracy, social justice and equity need to become central to how the Internet, and how an Internet-mediated society, are evolving. The smokescreen of technical-neutrality has prevented for too long a critical, political examination of the social underpinnings of the Internet, its normative boundaries and legalinstitutional frames. In addition, self-serving formulations like 'Multistakeholderism' and 'Internet Freedom', are employed by the status quo to maintain a facade of legitimacy. Beyond the rhetoric, it is clear that the Internet – in its dominance by the powerful, is neither genuinely multi-stakeholder nor genuinely free.

There are foundational questions to be pursued, in this regard : How is the Internet redistributing power and resources? How does this impact those at the margins, those on the peripheries of an increasingly globalised world? How is such redistribution connected to the socio-technical architecture of the Internet? What kind of Internet would promote social justice and equity? What needs to be done to make it more just, more egalitarian? Who governs the Internet, and how can its governance be democratized? From the standpoint of global justice, two urgent priorities lie ahead of us.

A progressive conception and vision of the Internet, and
A common global ownership of the Internet that protects and promotes its public-ness, and its evolution as a 'global commons'. The Internet was envisaged as a decentralized network, with control from the peripheries. This characteristic of the network is rapidly eroding, What is urgently needed is a recasting of this technical principle into a socio-political framework for a truly people-owned and people-controlled Internet, and one that works for all. The global governance of the Internet requires a proper institutionalization and legal framework incorporating the true spirit of participatory democracy. It should inter alia serve to insulate the Internet both from corporatist and from statist dominations.

An international meeting, entitled 'Towards a Just and Equitable Internet', is envisaged to address the key issues identified above. It will be held in New Delhi, India, on February 14th and 15th, 2013. The meeting will bring together actors engaged in social justice movements and ICT, communication and media rights advocacy to dialogue with some of those already engaged with Internet governance issues, with a view to chart a progressive response to issues related to global governance of the Internet.

Potential outcomes from the meeting include:

A 'charter for Internet justice and equity';
Specific proposals for democratizing the global governance of the Internet as contributions to the 'Global Multistakeholder Meeting on the Future of Internet Governance' being hosted by Brazilian government in April, 2013, the UN Working Group on Enhanced Cooperation and the WSIS + 10 process.

For more details visit https://cis-india.org/news/towards-an-equitable-and-just-internet