We are anonymous, we are legion

No more blocking of entire websites?

praskrishna — 2012-06-26T09:47:02Z

The Madras HC has taken one step to ensure that entire websites are no longer blocked, but it doesn't mean that arbitrary takedowns will cease.

CIS research is quoted in this article by Danish Sheikh published in the Business Standard on June 24, 2012

Vimeo’s back. As is Pastebin, and Pirate Bay and IsoHunt. For your, you know, legitimate file-sharing practices.

Having been approached by a consortium of Internet Service Providers, the Madras High Court has issued a welcome clarification of its “John Doe order” issued in favour of RK Productions for the films 3 and Dammu. Designed to protect against potential offences by yet-unidentified persons, the sweeping scope of the order left a very wide, undefined scope to ISPs dealing with potentially infringing material. The ISPs over-complied, a host of file-sharing websites were barred from Indian servers overnight — oh, and “Anonymous” got more annoyed. Note here that the vagueness of the order extended to not specifying any infringing websites in particular.

Following the representation from the ISPs, the Court has provided them a specific directive. The new order states that the interim injunction was granted only with respect to the particular URL which featured the infringing movie, and not the entire website. No more blocking entire websites — the ISPs are now required to be informed about the particulars of where the infringing movie is kept within 48 hours.

The clarification couldn’t have come at a more vital time, and will hopefully serve as a precedent to curb an alarming practice that can be traced back to 2002. Back then, the Delhi High Court was approached in a matter concerning the unauthorised transmission of Ten Sports by unlicensed cable operators. The result was the Court’s first John Doe order with respect to media transmission: a commissioner was appointed to search premises of unnamed cable operators and seize evidence by taking photographs and video films. This particular order was then relied on by the Court almost a decade later in pre-emptively injuncting piracy of UTV Software Communication’s Saat Khoon Maaf and Thank You. The trend escalated from there, with similar orders being obtained for a number of films including Don 2, Bodyguard, Kahaani and Department, to name a few.

Where the last few years have seen a steadily rising output of orders largely from the Delhi and Madras High Court, just last week it was the Bombay High Court that joined the fray. Approached by Viacom 18 Motion Pictures, it passed a John Doe pre-emptively banning the piracy of Viacom’s Gangs of Wasseypur prior to its June 22 release. Considering the Bombay High Court’s noted apprehension in granting ex-parte orders, this decision looked set to add further momentum to the John Doe juggernaut.

Instead, we get the Madras High Court’s welcome restraint. That vague injunctions are an abuse of process is a principle that has been noted time and again, with the Delhi High Court even noting that “vague and general injunction of anticipatory nature can never be granted”. This is coupled with the larger access to information and free speech issue that has been raised more vocally following the ire with the mass block of file-sharing websites. The antecedents to this scenario may well be the media infrastructure cases of the ‘50s and ‘60s, where newspaper content was indirectly being regulated by way of regulation of newsprint, advertisement space, etc. Recognising these indirect control mechanisms in their ultimate speech-restricting form, the Supreme Court struck them down as unreasonable restrictions to the right to free expression under Article 19(1)(a) of the Constitution.

Prevention isn’t always better than cure. The Madras High Court has thankfully taken one step in the direction. What is left dangling is the other big question — that of the intermediary rules. There may now be a barrier to blocking of entire websites in this manner, but as so many internet users have found, one doesn’t have to necessarily approach the Courts if they want internet service providers to take down content: the ISPs are happy to do that for free. As a Centre for Internet and Society study found, takedown requests sent to ISPs, no matter how trivial or flimsy, will for the most part be met by acquiescence of the order. Without appropriate checks and balances, the intermediary will over-comply.

While the ISPs’ intervention before the Madras High Court is an encouraging sign, it doesn’t mean that the arbitrary takedowns under the intermediary rules will cease to happen. The digital media site Medianama quotes an ISP representative citing concern that ISPs were being wrongfully vilified on the Internet — and (significantly) that it would adversely impact their business if video streaming was disabled for users. The same commercial considerations wouldn’t likely stand when it comes to the bit-by-bit requests that come forward under the IT rules. Along with focusing attention on the High Court’s clarification, we need to sustain the movement to strike down the intermediary rules and push for a more transparent and fair mechanism.

For more details visit https://cis-india.org/news/no-more-blocking-of-websites

UID: Are your biometric I-cards stacked against you?

praskrishna — 2012-06-26T09:33:51Z

Imagine a rural family of five. Mom. Dad. Two kids. And Grandma. Assume too that they are below the poverty line. The day is coming when this family will have to give its biometrics out to myriad agencies.

This article by M Rajshekhar was published in the Economic Times on June 24, 2012

You know that Nandan Nilekani's Unique Identification Authority of India (UIDAI) or the Registrar General's National Population Register (NPR) has been collecting biometrics for a while now.

But a set of other departments have entered the fray. This ranges from the PDS department, ministry of rural development (MoRD), states' education departments, the Rashtriya Swasthya Bima Yojana (RSBY), banks, the department of social welfare, the post office...they are all collecting biometrics (see Agencies Collecting Biometrics Right Now).

This is the latest iteration in India's tryst with biometrics. From a beginning where only the NPR — and, a little later, the UIDAI — were to capture biometrics, we have now reached a point where myriad departments and ministries are camping in India's villages and towns, capturing fingerprints and iris images.

Identity Thieves

There was to be one large database. Now, we are moving to a system where multiple agencies capture and store biometrics data in myriad servers. This is amplifying the risk of biometric theft.

As Sunil Abraham, the head of Bangalore-based Centre for Internet and Society says, "If biometrics is used as authentication factor then it would be possible for a criminal to harvest your biometrics — such as using a glass to collect fingerprints — without your conscious cooperation. Or the registrar can cache your biometrics and duplicate transactions."

As the number of databases containing biometrics rises, the risk of this information leaking out increases. There have been complaints against an UIDAI enrolment agency called Madras Security Printers that it had sold data to private companies. There were also charges that enrolment agencies had outsourced the enrolment work to other companies, which they are not allowed to do.

What complicates matters further is there are not many safeguards. The country doesn't have a policy on how biometrics can be captured, used, stored and destroyed. But before we get deeper into that story, it is useful to understand why multiple departments have begun collecting biometrics.

Biometric Rush

According to a senior bureaucrat who recently retired from the ministry of planning, the answer lies in the 2014 elections. "For the government, cash transfers are the large reforms that they think UPA 2 can point towards in the next elections. For this reason, they need all this up and running before 2014."

However, over the past few months, parts of the government are increasingly unsure if UIDAI and NPR will meet their targets. "I do not think the 2014 target can be met at all," says a senior official in the National Informatics Centre (NIC). "We have to enroll another 800 million people. Then, we have to deduplicate them. Then, we have to make the cards and distribute them."

This is one reason why a set of government departments are configuring their own alternatives. Take the Department of Financial Services (DFS). It has been testing an online, biometric system for cash payments in Haryana's Mewat district for months now. Here, each bank will store its customers' biometric information in its own servers.

If a customer of bank A goes to a banking correspondent (BC) agent of bank B, his biometrics would be forwarded by bank B to bank A for authentication. Once authenticated, the transaction will be completed. "We should be rolling the new system out nationally from July or August," says the bureaucrat.

The rural development ministry is also testing its payment system. Once the local administration tells the ministry about who worked how many days, the ministry will be able to put money into their accounts automatically via a payment gateway. Right now, this is done manually with the block development officer and sarpanch making out the cheques.

This pilot, says DK Jain, joint secretary, MoRD, started 3-4 months ago in parts of Gujarat, Karnataka, Odisha and Rajasthan. In another six months, it will be available across the country. And then, there is the PDS.

Here, different states are putting different systems in place. Andhra, says a senior mandarin in the food ministry, is going with UID, Haryana is looking at smart cards, Jharkhand is going with Aadhaar, MP and Gujarat are testing food coupons, while Chhattisgarh has decided to use RSBY and Orissa has chosen NPR.

Apart from this, data is also being collected by the RSBY and BC companies on behalf of the banks handling welfare payments, or scrambling to meet their financial inclusion targets.

Sunil Abraham is quoted in this article.

For more details visit https://cis-india.org/news/are-your-biometric-i-cards-stacked-against-you

Securing e-Governance

natasha — 2012-06-26T06:45:26Z

On June 16, 2012, Privacy India in partnership with the Centre for Internet & Society, Bangalore, International Development Research Centre, Canada, Privacy International, UK and the Society in Action Group, Gurgaon organised a public discussion on “Securing e-Governance: Ensuring Data Protection and Privacy”, at the Ahmedabad Management Association.

The conversation brought together a cross section of citizens, lawyers, activists, researchers, academia and students.

	Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012. He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1] He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012.

He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1]

He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

	Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers. E-governance applications of various departments ensure security of data and privacy protection through the following measures: Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.) Data security (robust SAN environment with high raid levels to prevent any data loss) Application security (audited by empanelled TPA) DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations) When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers.

E-governance applications of various departments ensure security of data and privacy protection through the following measures:

Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.)
Data security (robust SAN environment with high raid levels to prevent any data loss)
Application security (audited by empanelled TPA)
DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations)

When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through: Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal) Mirrored data storage with proper security Indelible audit trail using encrypted flat file Prevent server intrusion and data theft upfront rather than do post-mortem analysis Information on data accessed can be communicated on real time basis using ICT tools Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through:

Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal)
Mirrored data storage with proper security
Indelible audit trail using encrypted flat file
Prevent server intrusion and data theft upfront rather than do post-mortem analysis
Information on data accessed can be communicated on real time basis using ICT tools

Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

	Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Dr. Mrinalini Shah, Professor of Operations Management at Institute of Management Technology, Ghaziabad identified the slow legal system and multiple jurisdiction system as a challenge for privacy and security of data and implementations of suitable access controls and authorization as a helping factor.

Utkarsh Jani, Advocate, Jani Advocates, described the relevant section of the Information Technology Act (ITA) relating to privacy and the political and social challenges surrounding the right to privacy. He discussed the right to privacy vis-à-vis data protection. Though the ITA does enforce a level of data protection, it is far from flawless.

The ITA lacks the following:

The definition and classification of data types.

The nature and protection of the categories of data.

Data controllers and data processors have distinct
Clear restrictions on the manner of data collection.
Clear guidelines on the purposes for which the data can be put and to whom it can be sent.

Standards and technical measures governing the collection, storage, access to, protection, retention and destruction of data.
It does not provide strong safeguard and penalties against the aforesaid breaches.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised. He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable. He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server. Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised.

He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable.

He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server.

Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

	Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe. Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects. Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe.

Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects.

Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

About Privacy India

Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, policymakers, legislators and the legal and academic community.

[1] Nagesh Prabhu, A way to check bogus ration cards, THE HINDU, September 18, 2010, http://www.thehindu.com/todays-paper/tp-national/tp-karnataka/article696087.ece (last visited Oct 23, 2011).

Click below to download the following resources:

E-Governance, Identity and Privacy [PDF, 253 Kb]
Event Brochure [PDF, 1618 Kb]

For more details visit https://cis-india.org/internet-governance/securing-e-governance-event-report

Privacy Matters — Consumer Privacy

praskrishna — 2012-07-31T10:55:30Z

Privacy India, in partnership with the Centre for Internet & Society, International Development Research Centre, Society in Action Group and Privacy International, invites you to a public conference focused on discussing the challenges and concerns to consumer privacy in India. The event will be held at the Indian International Centre, New Delhi on Saturday, July 7, 2012, from 9 a.m. to 5 p.m.

According to the Consumer Protection Act, 1986, a consumer is a broad label for any person who buys any goods or services for consideration with the intent of using them for a non-commercial purpose. Certain services that consumers use may, by their very nature, put an extraordinary amount of sensitive personal information into the hands of vendors.

Consumer privacy is concerned with accuracy of how a consumers information is collected and used. Because a consumers relationship with another entity is based on an exchange along consented terms, a breach in consumer privacy can be constituted as an action that was not agreed to. In the age of data collection – a breach in privacy occurs when information is used in different ways than was intended. Consumer privacy in India is determined at the sectoral level, and differs depending on the services that is provided for.

As corporations sell data banks, ISP's expose consumer habits, or ones personal information falls in the wrong hands – the consequences are far reaching, and can result in spamming, unwanted marketing, theft, or the violation can impact an individual's ability to buy a home, potential employment opportunities, or gain access to credit.

In India, the right to privacy has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. - people who most need to know that sensitive information is protected.

Since June 2010, Privacy India in collaboration with Privacy International, based in London, has been conducting workshops and engaging in public awareness. Participants include policy makers, researchers, sectoral experts, NGOs, and the public to discuss and deliberate different questions of privacy, its intersections and its implications with our everyday life. The discussions have ranged from topics of online privacy to minority rights and privacy and e-Governance initiatives privacy. The workshops have been organized in different cities - Bangalore, Guwahati, Mumbai, Delhi, Kolkata, Ahmedabad, Chennai, Goa, etc.

Click here for the agenda

Please confirm your participation with natasha@cis-india.org

Download the invite here [PDF, 160 Kb]

Download our research here [PDF, 178 Kb]

For more details visit https://cis-india.org/internet-governance/consumer-privacy-delhi

NET LOSS

praskrishna — 2012-06-25T06:15:06Z

Unless the IT Act is amended and the definition of ‘offensive’ online content clearly set out, attempts to gag the Internet will continue in our country, argues Abimanyu Nagarajan

The article was published in the Telegraph on June 20, 2012

Lately, the Indian government seems to be trying its best to control the Internet. In the past few weeks, dozens of file hosting or sharing sites have been blocked by court order. Earlier this year Union human resource development minister, Kapil Sibal, came down heavily on social networking sites and the Internet and waxed eloquent on the need to weed out “offensive” content there.

In fact, this week Google said that there was a 49 per cent increase in requests for content removal from India in the second half of 2011 compared to the first half. Of the 101 requests to take down 255 items, only five were made by the courts. The rest were by politicians and policemen.

In the now infamous cartoon case, a professor of Calcutta’s Jadavpur University was arrested for circulating a cartoon relating to chief minister Mamata Banerjee via email. One of the charges levelled against him was that he was culpable under Section 66A of the Information Technology Act, 2000.

Indeed, experts feel that the IT Act and its vague and loose definition of what constitutes “offensive” content on the Net or on a social networking site can easily be abused by those who wish to control online content.

Everything related to the Internet comes under the purview of the IT Act. As cyber law expert Pavan Duggal says, “The IT Act, 2000, covers all aspects pertaining to the use of computers, computer systems, computer networks, computer resources, communication devices as also data and information in the electronic format.”

Social networking sites and what gets posted there also come under the act. Section 2(1)(w) of the act uses the term “intermediary” to mean any legal entity that receives, stores or transmits a message, or provides any service with respect to that message on behalf of another person. By this definition social networking sites are “intermediaries” and there are strict sets of rules and guidelines listed under Section 43(a) of the act that they have to follow if they want to operate in India.

But what infuriates IT experts most is Section 66A of the IT Act, which leaves the term “offensive” utterly vague and fluid. It states: “Any person who sends, by means of a computer resource or a communication device (a) any information that is grossly offensive or has menacing character; (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device; (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.”

In addition, Rule 3 of the IT Intermediaries Guidelines, 2011, lays down that all Internet service providers, telecom companies, email and blogging services must take down content that is “harmful, harassing, blasphemous, defamatory…”. In fact, this provision allows you to send a takedown notice for any content that may have offended you and the item has to be deleted within 36 hours.

This is draconian, say IT experts. As Prashant Mali, a cyber law expert and president of Cyber Law Consulting, puts it, “The problem is that the offences listed under Section 66A are non-bailable, cognisable offenses. Technically speaking, since nothing is specific, you can always be arrested.”

Adds advocate Apar Gupta, a partner at law firm Advani and Company, “Section 66A is vague and stringent at the same time.”

The extent to which these provisions in the IT Act can be abused was recently demonstrated by the Bangalore-based Centre for Internet Society (CIS). Sunil Abraham, executive director of CIS, talks about how the group flagged content as being offensive on a variety of sites, even though they weren’t so.

“We sent takedown notices to e-commerce, content hosting, and news media sites,” recalls Abraham. “And in most cases, we found the intermediaries were very risk averse. For example, there was one site that was talking about game theory — a mathematics model on decision making. As part of the article, they had linked out to a few gambling sites to support their research. We sent notices saying that the site promoted gambling and was therefore offensive. They didn’t just remove the links, they took the whole site down.”

Mahesh Murthy, CEO of Pinstorm, a digital advertising firm, points out that this means individuals are being allowed to do what should ideally be done by a court of law. “People who are not part of the judiciary, who are not elected officials, are taking decisions on censorship.”

Gupta reveals that the sites are not even required to inform a user that their content is being taken down. “The content vanishes into a black hole. All they have to do is remove the flagged content within 36 hours of it being reported,” he says.

IT experts have been crying themselves hoarse demanding that the government amends the IT Act and clearly sets out definitions for what constitutes “offensive” content. As Duggal says, “It will do immense service to the nation if the IT Act, 2000, is amended so as to provide more definitions, illustrations and parameters of what constitutes offensive content. Since the act is silent on what constitutes offensive material, the scope for abuse of Section 66A remains wide open.”

So will the government heed the demand of cyber law professionals and other experts and amend the IT Act? That remains to be seen. But unless the government changes its posture vis-à-vis the Internet, and shifts from its position that it’s something that needs to be controlled, few believe that an amendment in this regard will be forthcoming any time soon.

For more details visit https://cis-india.org/news/net-loss

CENSORSHIP 2020: The Future of Free Speech Online

praskrishna — 2012-06-28T10:01:00Z

The DC Chapter of the Internet Society, in conjunction with the U.S. Department of State, invite you to an informal discussion on CENSORSHIP 2020: The Future of Free Speech Online on Monday, June 25, 2012.

Published in Communication, Culture & Technology. For more info, visit here.

The Arab Spring demonstrated how Internet technologies such as Twitter, blogs, and Facebook could be used to mobilize protesters, publicize corruption and human rights violations, and connect activists and emigres. But in Iran , Syria , and elsewhere, we have seen repressive governments use the Internet to identify and track dissidents, to spread disinformation, and defame political opponents. Will the technologies of anonymization win out over new digital monitoring tools? Will new wireless data technologies foster democracy--or lead to more effective tracking and surveillance? Join us for an informal discussion with six people fighting for free speech on the Internet in their country--and around the world:

Dlshad Othman (Syria), an activist and IT engineer providing Syrians with digital security tools
Pranesh Prakash (India), a blogger and cyberlaw expert who is promoting a free Internet and online freedom of speech.
Koundjoro Gabriel Kambou (Burkina Faso), a journalist at Lefaso.net, is promoting human rights, democracy particularly among young people.
Sopheap Chak (Cambodia), the Deputy Director of the Cambodian Center for Human Rights (CCHR) and one of Cambodia ’s leading bloggers.
Andres Azpurua (Venezuela) has trained 300 youth on using Web 2.0 tools to publicize human rights violations.
Emin Milli (Azerbaijan), a writer who is using YouTube, Facebook and Twitter to spread information about human rights violations.

Moderator: Ambassador (ret.) Richard Kauzarlich, Deputy Director, Terrorism, Transnational Crime and Corruption Center (TraCCC), George Mason University, http://traccc.gmu.edu/

Hosted by the Communication, Culture and Technology Program of Georgetown University 2nd Floor, Car Barn, 3520 Prospect St., N.W. , Washington , DC (enter from Prospect St.)

For more details visit https://cis-india.org/news/censorship-2020

Google Hangout with Ashoka Fellow Sunil Abraham

praskrishna — 2012-06-20T09:16:33Z

Sunil Abraham, an Ashoka Fellow from India, visited the DC Office and shared his work on public accountability, access, and learning at the intersection of internet and society.

Watch the video below

Click to see the original from YouTube.

For more details visit https://cis-india.org/news/google-hangout-with-sunil

Global Networks, Individual Freedoms: A Peer Forum on Internet Freedom and Human Rights

praskrishna — 2012-06-28T09:12:28Z

In Connection with the 2012 Internet Freedom Fellows Program, the United States Mission to the United Nations in Geneva is pleased to invite Pranesh Prakash to a peer forum at the United States Mission to the United Nations on Thursday, June 21, 2012, from 9 a.m. to 3 p.m.

Join the Internet Freedom Fellows, diplomats, UN representatives, civil society, technologists and social media experts, Geneva media and other professionals engaged in the intersection of human rights, internet freedom and technology.

This peer forum is part of the Internet Freedom Fellows program, which brings human rights activists from across the globe to Geneva, Washington, and Silicon Valley to meet with fellow activists, U.S. and international government leaders, and members of civil society and the private sector engaged in technology and human rights.

This year’s Internet Freedom Fellows, all human rights activists and active practitioners of digital media, are from Syria, India, Burkina Faso, Cambodia, Venezuela and Azerbaijan.

For additional information on the program, please visit Internet Freedom Fellows.

Program

9:00 a.m.	Welcome and introduction David Kennedy / John Horniblow
9:15 - 10:15	Freedom to Connect and Freedom from Fear: The problem of surveillance in a networked world. Rebecca MacKinnon – Co Founder Global Voices Online, Author “Consent of the Networked”, Boards of Directors of the Committee to Protect Journalists and the Global Network Initiative
10:15 - 10:45	Developing Networked Voices and Promoting the protection of Human Rights Andreas Harsono, blogger and human rights activist (Indonesia), and Rosebell Kagumire, multimedia journalist working on peace and conflict issues in the Eastern Africa region (Uganda) 2011 Internet Freedom Fellows and journalists (via Skype)
10:45 - 11:00	Coffee break
11:00 - 12:00	Moderated Panel Discussion – How Do we Protect Human Rights in a world of global networks? How do the needs of the grassroots, civil society and business inform the process of upholding the UDHR and IHL in networks and technologies? Dr. Robert Whelan (ICRC), Pranesh Prakash, Salil Trepathi (IHRB), Nicolas Seidler (ISOC), Emin Milli Moderated Panel Discussion followed by Q &A
12:00 - 13:00	Buffet Luncheon
13:00 - 13:30	The Open Internet - Empowering Digital Humanitarianism Paul Conneally - Head of Communications for ITU and a former Red Cross delegate (in various positions, locations and with IFRC plus ICRC and the Irish Red Cross).
13:40 - 14:10	Global Network Initiative and the multistakeholder approach ensuring an Open Internet David Sullivan -Policy and Communications Director Global Network Initiative
14.15 - 14.40	The Silicon Valley Standard and implications for technology companies in the protection of Human Rights and other freedoms Brett Solomon -Exec Director Access Now (via Skype)
15:00	Twiplomacy Matthias Luefkins Managing Director, Digital, EMEA– Burson Marstellar

Participation is limited. Please RSVP by noon on Friday, June 15 to iff@usmission.ch. When responding, please indicate whether you will also join us for the luncheon buffet.

For more details visit https://cis-india.org/news/peer-forum-on-internet-freedom-and-human-rights

Cos spying on competitors, staff: Study

praskrishna — 2012-06-20T08:46:38Z

Most companies are spying on their competitors and their own employees, according to a recent survey conducted by the Associated Chambers of Commerce and Industry of India (Assocham).

The Statesman published this article on June 19, 2012. Sunil Abraham is quoted in it.

The survey's results raise questions about whether employees have enough privacy in the workplace. Rubbishing the survey's findings, head of the Indian Council of Corporate Investigators, Mr Kunwar Vikram Singh, said businesses are not spying but verifying facts.

The Assocham survey said almost 1,200 of 1,500 executives surveyed admitted to hiring people to spy on their employees and monitor their lifestyles. They said they watch former employees, too, especially those who had been laid off or kicked out for fraud.

In the survey, which was done between January and May this year in Ahmedabad, Bangalore, Chennai, the Delhi-National Capital Region and Mumbai, about 900 top industry officials said they carry out corporate espionage, bug the offices of their rivals and plant moles in other companies. About a quarter of respondents said they have hired computer experts to hack networks and track e-mails of their rivals.

Many more respondents — 1,110 of those questioned — said they use social media sites to track their rival companies and employees. “Most of the companies have mentioned their sensitive details including their data, plans, clients’ details, products and other confidential and trade-related secrets on their page and unknowingly share the same in the social media circuit,” said Mr DS Rawat, national secretary-general of Assocham, “which is why it is the most favoured spying activity being carried out by the companies.”

The practice of companies pilfering trade secrets and ideas may be bad for the country's business environment, said Mr Rawat. It “might dampen the spirit of innovation in the long-run,” he said.

The Indian Council of Corporate Investigators’ Mr Singh, however, disputed Assocham's picture of rampant corporate espionage. “I totally deny that corporates are spying on their employees,” he said. “It is not spying. It is verification of facts.”

Mr Singh said that when companies look into their employees or other companies, for example, before they enter into joint ventures, they are just carrying out “due diligence”. He said they legally gather information needed for companies to survive. He also denied there were any privacy issues.

Mr Sunil Abraham, executive director of the Centre for Internet and Society, though, said there are growing concerns about privacy in the workplace, including about intense video surveillance. “Managers started to object to this,” he said. “What they started saying was it really undermines the morale of these locations ... friends and relatives would ask, 'In spite of you being so educated, it's funny your companies don't trust you at all.'”

Companies need to develop more nuanced ways to deal with these problems — perhaps something more similar to the military's multiple levels of clearance — and different ways for people to acquire and lose trust, Mr Abraham said.

Whether or not surveillance is legal, depends on the type, Mr Abraham said. There is some private information a person will expect to remain private, and some information that is expected to be public — like Twitter feeds.

There is no law against monitoring this second type, known as “clear view surveillance”, he said, and blanket legislation could clash with freedom of expression. He said an ideal law for this should include a “proportional relation to power” clause, which would limit the legal ability of the powerful to monitor, but allow individual citizens more leeway.

For more details visit https://cis-india.org/news/co-spying-on-competitors-staff

Internet At Liberty 2012

praskrishna — 2012-07-05T05:24:33Z

Activists and experts from all over the world came together for this event organised by Google on May 23 and 24, 2012 to explore free expression in the digital age.

Sunil Abraham was a speaker in Plenary IV Debate 3: In a world where nearly nine out of ten Internet users are not American, what is the responsibility of United States institutions in promoting internet freedom? Cynthia Wong, Mohamed El Dahshan, Dunja Mijatović and Judy Woodruff were the other speakers in this panel. See the video below:

Video

Internet at Liberty 2012: Plenary IV - Sunil Abraham, Cynthia Wong, Mohamed El Dahshan and Dunja Mijatović

View the video on YouTube

For more details visit https://cis-india.org/news/internet-liberty-2012

HasGeek presents The Fifth Elephant

praskrishna — 2012-06-19T06:38:13Z

HasGeek and the Centre for Internet & Society invite you the Fifth Elephant at the NIMHANS Convention Centre, Bangalore on July 27 and 28, 2012.

Why The Fifth Elephant?

Modern technology with ubiquitous connectivity and cloud-hosted computing power is increasingly becoming important for making sense of data. The infrastructure, tools, processes and algorithms for storage, analytics and visualization shape the meanings and value that can be derived from the data. At the same time, these technologies are strongly intertwined i.e., the database infrastructure shapes how data is accessed for processing, as well as the tools you can (or cannot) use to represent the data in certain ways on the frontend. Similarly, the paradigms used for simplifying and storing data — MapReduce, NoSQL, RDBMS — variously enable the morphing of complex data into meaningful formats. Working with each one of them involves limitations and possibilities.

The Fifth Elephant is the first of its kind of events where you will meet different people working with different kinds of data. It is an opportunity for learning about new tools, technologies, platforms, processes and best practices, and engaging with business leaders, IT decision-makers, journalists, analysts and developers. It is also an opportunity to showcase data products, APIs, services and platforms.

A Conference? An Event?

The Fifth Elephant is not simply a series of lectures. It is a space for interactions with a diverse audience to serendipitously explore insights and solutions for your data problems, to understand how hidden meanings in data can be made manifest, and to learn how others are working with data. The event is open to data analysts and scientists, statisticians, geeks, enthusiasts, data-driven product managers and designers, enterprise architects, journalists, researchers, developers and database professionals.

The Agenda

The Fifth Elephant will be held on July 27 and 28, 2012 at the NIMHANS Convention Centre, Bangalore. Day 1 covers the technology track — big data infrastructure, analytics and visualization. Day 2 invites talks from business and industry — finance, retail, health, media, telecom — to showcase the nature of data in each of these sectors and how they are working (and not working) with the data.

Apart from demos, lectures and tutorials, there will be opportunities for open house discussions and presentations on Hadoop, NoSQL versus RDBMS paradigms, and legal and licensing frameworks for data sharing, among others. Hacker corners, a dedicated participant lounge and interactive sponsor booths will further the learning, showcasing and engagement at the event.

For submitting talks and speaking proposals, visit funnel.hasgeek.com/5el.
Corporate tickets available for company delegates and employees. For more information write to info@hasgeek.com
For sponsorship queries, write to zainab@hasgeek.com

For more details visit https://cis-india.org/internet-governance/has-geek-presents-the-fifth-elephant

Recruitment Tracker: 21 students placed out of the 49 who sat for recruitment in Christ University’s School of Law, Class of 2012

praskrishna — 2012-06-18T08:45:53Z

The Class of 2012 at the School of Law, Christ University saw 21 students placed out of the 49 who sat for recruitment. The graduating class has a batch strength of 77 students. The batch saw 8 pre-placement offers, 4 students being accepted for LLM’s abroad and 3 students opting for litigation while 1 student opted to appear for the civil services examination.

Published by the Bar & Bench News Network on June 11, 2012

Pangea 3 was the biggest recruiter, bagging four students while Nishith Desai Associates, Murli & Co., Clutch Group and Prudent Insurance Brokers Private Limited hiring two students each. J. Sagar Associates, Linklegal, PXV Law Partners, BMR Advisors and Bajaj Allianz General Insurance Corporation picked up one student each.

The Centre for Internet and Society, human-rights organisation Justice and Care, Teach for India and the Freeland Wildlife Trust hired one student each. Out of the four students who have opted for a Masters programme, two will be going to the National University of Singapore and one each to Cornell University and George Washington University.

At the time of publication, the recruitment process for one student was currently under progress at J. Sagar Associates.

Name of the Company / Firm	Number of Students Recruited
Pangea3	4
Nishith Desai & Associates	2
Murli & Co.	2
Prudent Insurance Brokers	2
Clutch Group	2
BMR Advisors	1
J Sagar Associates	1
Bajaj Allianz General Insurance Corporation	1
PXV Law Partners	1
Link Legal	1
Freeland Wildlife Trust	1
Centre for Internet & Society	1
Justice and Care	1
Teach for India	1
TOTAL	21

For more details visit https://cis-india.org/news/recruitment-tracker-21-students-placed

PPOs save placement-record as Christ Law’s 2nd graduating batch hosts fewer law firms

praskrishna — 2012-06-18T08:33:02Z

The number of recruiting law firms visiting Christ College of Law Bangalore slumped to two this year, but the second batch graduating from the college made it up in terms of pre placement offers (PPOs) to secure 21 total jobs, one short of the college’s debut recruitment record.

This blog post by Prachi Shrivastava was published in Legally India on June 10, 2012

Out of the 14 organisations hiring from a pool of 49 students registered with the recruitment coordination committee of 2012, J Sagar Associates (JSA) and Nishith Desai Associates (NDA) were the only law firms interviewing on campus. JSA hired one and NDA hired two students.

[Correction: The information supplied by the RCC previously, was partially incorrect. It has now clarified that JSA and NDA did not visit campus, but conducted off-campus interviews]

PXV Law Partners, BMR Advisors and Link Legal Advocates, each extending one PPO, and Murli Associates with two PPOs, were the only other law firms figuring in the RCC’s recruitment table this year.

Legal process outsourcing unit (LPO) Pangea3 was the biggest recruiter at the law school, hiring three students through campus and one through PPO. Clutch Group was the other LPO that visited campus and engaged two students.

Insurance companies also paid a visit: Prudent Insurance Brokers hired two students while Bajaj Allianz General Insurance Corporation made one hire.

Three non government organisations (NGOs) and a think tank each recruited the remaining four students. International human rights NGO Justice and Care, and domestic free school-teaching movement Teach for India picked one student each on campus, and wildlife-law enforcement NGO Freeland Wildlife Trust hired one student through PPO.

Bangalore-based think tank Centre for Internet and Society (CIS) engaged a student.

Four more RCC participants in the batch of 77, will pursue an LLM. The University of Singapore accepted two students, while Cornell University and George Washington University accepted one each.

Three students are known to have opted for court practice while one gears up to take the civil services examination.

Previously, at Christ

The first ever class graduating from the Bangalore law school last year, smaller in size by two students, saw 22 jobs for a pool of 52 students registered with the inaugural recruitment coordination committee.

Trilegal and Lakshmikumaran & Sridharan (LKS) were the biggest of the five law firms visiting campus last year, while GMR, Infosys and Roamware were the three local companies interviewing students on campus.

An LPO was the keenest recruiter at Christ last time as well, though CPA Global took the place of Pangea 3 which did not figure in last year’s recruitment table.

HNLU Raipur was the other law school where LPO Pangea3 was the heaviest recruiter this year, being the only one to visit the Abhanpur campus. The LPO hired three student’s from HNLU’s class of 2012.

For more details visit https://cis-india.org/news/ppos-save-placement-record-as-christ-laws-2nd-graduating-batch-hosts-fewer-law-firms

India: The New Front Line in the Global Struggle for Internet Freedom

praskrishna — 2012-06-18T07:10:21Z

The government tussles with Internet freedom activists in the world's largest democracy.

This article was published in the Atlantic on June 7, 2012

This Saturday, Indian Internet freedom advocates are planning to stage a nation-wide protest against what they see as their government's increasingly restrictive regulation of the Internet. An amorphous alliance of concerned citizens and activist hackers intend to use the streets and the Internet itself to make their opposition felt.

Over the last year, as Americans were focused on the domestic debates surrounding the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA), or on the more brazen displays of online censorship by mainstays of Internet restriction like China, Iran and Pakistan, India was rapidly emerging as a key battleground in the worldwide struggle for Internet freedom.

The confrontation escalated in April 2011, when the Ministry of Communications and Information Technology introduced sweeping new rules regulating the nature of material that Internet companies could host online. In response, civil liberties groups, Internet freedom supporters, and a growing assembly of online activist hackers have been fighting back, initiating street protests, organizing online petitions, and launching -- under the banner of the "Anonymous" hacker group -- a torrent of distributed denial of service (DDoS) attacks against Indian government and industry web sites.

The April 2011 rules, an update to India's Information Technology Act (IT Act) of 2000 (amended in 2008), popularly known as the "intermediary guidelines," instruct online "intermediaries" -- companies that provide Internet access, host online content, websites, or search services -- to remove, within 36 hours, any material deemed to be "grossly harmful, harassing, blasphemous," "ethnically objectionable," or "disparaging" by any Internet user who submits a formal objection letter to that intermediary. Under the guidelines, any resident of India can compel Google, at the risk of criminal and/or civil liability, to remove content from its site that the resident finds politically, religiously, or otherwise "objectionable."

Information Technology Minister Kapil Sibal -- the intermediary guidelines' most important government evangelist, and the head of the agency responsible for administering the guidelines -- even instructed Internet companies to go one step further and start pre-screening content for removal before it was flagged by concerned users. This requires companies like Facebook, in effect, to determine what material might offend its users and thus violate Indian law, and then remove it from the website. With over 100 million Internet users in India, no company could possibly monitor all its content through human intervention alone; web companies would have to set up filters and other mechanisms to take down potentially objectionable content more or less automatically.

India's constitution, in large part crafted in response to the modern country's harrowing history of religious and communal violence, allows for "reasonable restrictions" on free speech. Indian officials have at times banned certain books, movies, or other materials touching on such sensitive subjects as religion and caste.

Left with little choice but to comply or risk legal action, Google, Yahoo!, and other Internet companies acquiesced and began pulling down webpages after receiving requests to do so. Yet many companies refused to remove all the content requested, prompting Mufti Aijaz Arshad Qasm, an Islamic scholar, and journalist Vinay Rai, respectively, to file civil and criminal suits against 22 of the largest Internet companies operating in India. The targets, including Google, Yahoo!, Facebook, and Microsoft, were accused of failing to remove material deemed to be offensive to the Prophet Mohammed, Jesus, several Hindu gods and goddesses, and various political leaders.

The companies have had some success in the litigation: Google India, Yahoo!, and Microsoft have all been dropped from the civil case after the court heard preliminary arguments; the Delhi High Court recently dismissed Microsoft from the criminal case. Otherwise, both cases are still ongoing.

India has taken its Internet regulation internationally, asking the United States government to ensure that India-specific objectionable content is removed from sites such as Facebook, Google, and YouTube, and suggesting that these companies should be asked to relocate their servers to India in to order better to regulate the content locally.

The Indian government's state-centric view of Internet regulation and governance is also clear in their approach to international governance. Citing the need for more governmental input in the Internet's development and what happens online, India formally proposed the creation of the Committee for Internet Related Policies (CIRP) at the 2011 United Nations General Assembly. The CIRP would be an entirely new multilateral UN body responsible for coordinating virtually all Internet governance functions, including multilateral treaties.

To be fair, some Indians see these as efforts not to impose censorship but to allow a greater degree of Indian and international control over a system considered by many in India and elsewhere to be under the thumb of the U.S. government.

Yet some Internet experts in both India and the West are criticizing the CIRP proposal as part of "thinly masked efforts to control or shape the Internet," as one Indian official put it. They warn that a state-centric system of Internet governance could lead to serious restrictions on the type of information available online, and damage the Internet's potential for innovation.

India's Internet freedom advocates are straining to keep up with the rapid pace of the last year. But, now, they're gathering some steam. Online petitions against the intermediary guidelines, the IT Act, and censorship in India in general have appeared on Change.org and Facebook; protest videos are popping up on Youtube. The Centre for Internet and Society, a web-focused think tank, released an extensive report highlighting the intermediary guidelines' effects on freedom online. The Internet Democracy Project organized a day-long training program on freedom of expression and censorship for bloggers entitled "Make Blog not War." FreeSoftware Movement Karnataka organized a protest of hundreds of students in Bangalore, India's IT hub. And Save Your Voice activists held a sit in outside Delhi's Jantar Mantar monument to pressure lawmakers.

Yet, not all the opposition has been so civil. Hackers, operating under the umbrella of the techno-libertarian hacker community, "Anonymous," are waging their own, less lawful fight against the government as well as the Internet companies that have, in their view, too readily complied with the government's censorship demands.

On May 17, Anonymous hackers attacked a number of Indian government websites, including the Indian Supreme Court, the Reserve Bank of India, the ruling Congress Party and its coalition partners, as well as the opposition Bhartiya Janata Party (BJP), making them all inaccessible for several hours.

Moreover, just this past week, Anonymous broke into the websites and servers of a number of Internet Service Providers, including Reliance Communications, seemingly to punish them for complying with government orders to block file-sharing hosts such as Pirate Bay and Vimeo. Once in the ISPs' servers, the hackers accessed their lists of blocked sites -- which they then distributed to media outlets. They also redirected people who tried to reach Reliance's site to an Anonymous protest page.

Building on the momentum of these attacks, and on the anti-censorship outrage growing across India, Anonymous has called for a national day of protest in 11 Indian cities this Saturday, and an additional series online attacks against government and industry websites. The occupy-style protests -- which Anonymous insists will be non-violent -- are to include awareness campaigns on Facebook and other social networking sites. Protesters are being asked to don the Guy Fawkes mask, a symbol now associated with Anonymous, among other protest movements, both in the streets and on their Facebook profiles.

It's unclear how much support the June 9 protest will receive, or how serious the planned Anonymous attacks with be, but given the attention that the announcement has attracted in the Indian media, it seems likely that people will at least be paying attention. And even if this weekend the protest fails to attract the type of large and vocal response protest organizers are hoping it will, that it's come so far is an indication that neither side looks ready to back down.

Still, the government has given some small signs recently that it is reconsidering its position on the "intermediary guidelines," if not on Internet regulation more generally. Information Technology Minister Sibal, under pressure from the political opposition and after Parliament Member P. Rajeeve tabled a motion to seek rescission of the new rules, indicated that he would reconsider his previous positions, and the government has agreed to reexamine the rules.

This is an encouraging sign, although it's unlikely that any government action will come in time to forestall this weekend's protests. But even if the intermediary guidelines are ultimately rescinded, India will likely continue its soul-searching on how it deals with the Internet.

As the world's largest democracy and a model for much of the developing world, and with an Internet population anticipated to surpass that of the United States in the next few years, India is an important, maybe the most important, test case for the future of Internet freedom globally. Should India continue down a course of restriction, other nations eager to restrict online speech could see precedent to impose their own technical and political barriers to free expression online. It would be a tragic irony if India, as one of the developing world's greatest beneficiaries of the information revolution, ended up curbing those same free flows of information and ideas.

For more details visit https://cis-india.org/news/india-the-new-front-line-in-the-global-struggle-for-internet-freedom

India's struggle for online freedom

praskrishna — 2012-06-18T06:39:32Z

"65 years since your independence," a new battle for freedom is under way in India — according to a YouTube video uploaded by an Indian member of Anonymous, the global "hacktivist" movement.

Rebecca MacKinnon's article was published in the Sydney Morning Herald on June 9, 2012

With popular websites like Vimeo.com blocked across India by court order, the video calls for action: "Fight for your rights. Fight for India." Over the past several weeks, the group has launched distributed denial-of-service attacks against websites belonging to internet service providers, government departments, India's Supreme Court, and two political parties.

Street protests are being planned for today in as many as 18 cities to protest laws and other government actions that a growing number of Indian internet users believe have violated their right to free expression and privacy online.

A lively national internet freedom movement has grown rapidly across India since the beginning of this year.

The most colourful highlight so far was a seven-day Gandhian hunger strike, otherwise known as a "freedom fast," held in early May on a New Delhi pavement by political cartoonist Aseem Trivedi and activist-journalist Alok Dixit. Trivedi's website was shut down this year in response to a police complaint by a Mumbai-based advocate who alleged that some of Trivedi's works "ridicule the Indian Parliament, the national emblem, and the national flag."

Escalating political and legal battles over internet regulation in India are the latest front in a global struggle for online freedom — not only in countries like China and Iran where the internet is heavily censored and monitored by autocratic regimes, but also in democracies where the political motivations for control are much more complicated.

Democratically elected governments all over the world are failing to find the right balance between demands from constituents to fight crime, control hate speech, keep children safe, and protect intellectual property, and their duty to ensure and respect all citizens' rights to free expression and privacy. Popular online movements — many of them globally interconnected — are arising in response to these failures.

Only about 10 per cent of India's population uses the web, making it unlikely that internet freedom will be a decisive ballot-box issue anytime soon. Yet activists are determined to punish New Delhi's "humourless babus," as one columnist recently called India's censorious politicians and bureaucrats, in the country's media. Grassroots organisers are bringing a new generation of white-collar protesters to the streets to defend the right to use a technology that remains alien to the majority of India's people.

The trouble started with the 2008 passage of the Information Technology (Amendment) Act, whose Section 69 empowers the government to direct any internet service to block, intercept, monitor, or decrypt any information through any computer resource.

Company officials who fail to comply with government requests can face fines and up to seven years in jail. Then, in April 2011, the Ministry of Communications and Information Technology issued new rules under which internet companies are expected to remove within 36 hours any content that regulators designate as "grossly harmful," "harassing," or "ethnically objectionable" — designations that are open to a wide variety of interpretations and that free speech advocates argue have opened the door to abuse.

It is thanks to these rules that the website of the hunger-striking cartoonist, Trivedi, was taken offline. Also thanks to the 2011 rules, Facebook and Google are facing trial for having failed to remove objectionable content. If found guilty, the companies could face fines, and executives could be sentenced to jail time.

Saturday's protesters are calling for annulment of the 2011 rules and the repeal of part of the 2008 act. They are also calling for internet service companies to reverse the wholesale blocking of hundreds of websites, including the file-sharing services isoHunt and The Pirate Bay, as well as the video-sharing site Vimeo and Pastebin, which is primarily used for the sharing of text and links.

Internet service providers were responding to a court order from the Madras High Court demanding the blockage, which is aimed at preventing the online distribution of pirated versions of one particular film. The internet companies, fearing that they would not be able to catch every individual instance on every possible site they host, instead chose to block entire services along with all of their content — which had nothing to do with the film in question.

Such "John Doe" orders, named because they are directed against unknown potential offenders in the present and future, are characterised "by their overly broad and sweeping nature," argue lawyer Lawrence Liang and researcher Achal Prabhala, which extends "to a range of non-infringing activities as well, thus catching a whole range of legal acts in their net."

More broadly, as Delhi-based journalist Shivam Vij wrote in a recent essay: "The current mechanisms of internet censorship in India — blocking, direct removal requests to websites, intermediary rules — are draconian and unconstitutional. They need to be replaced with a new set of rules that are fair, transparent and accessible for public scrutiny. They should not be amenable to misuse by the powers-that-be for their own private interests."

Not only are the rules abused, but researchers find that they are causing extralegal censorship by companies that overcompensate in order to err on the side of caution. Last year, the Bangalore-based Centre for Internet and Society performed an experiment in which it sent "legally flawed" takedown demands to seven companies that provide a range of online services, including search, online shopping, and news with user-generated comments.

The legal flaws in the notices were such that the companies could have rejected them without being in breach of the law. Yet "of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them," reads the Centre for Internet and Society report.

Despite the growing public opposition, a motion to annul the 2011 rules was defeated by voice vote in the upper house of Parliament last month. Yet the criticism was sufficiently sharp that Communications Minister Kapil Sibal announced that he will hold consultations with all members of Parliament, representatives of industry, and other "stakeholders" to discuss the law's problems and how it might be revised.

Many of the law's critics, however, are skeptical that this will eliminate the law's deep flaws and loopholes for abuse, especially given the government's failure to listen so far. Comments on the 2011 rules submitted last year by the Centre for Internet and Society were not even acknowledged as having been received by the Ministry of Communications and Information Technology. "Sibal uses the excuse of national security and hate speech," says the center's director, Sunil Abraham, "but that is not what is happening."

Abraham worries that what is really happening is a government effort at Internet "behavior modification" through a process akin to an experiment involving caged monkeys, bananas, and ice water. Put four monkeys in a cage and hang a bunch of bananas on the ceiling. Every time one of them climbs up to reach the bananas, you drench all of them with ice water.

Soon enough, the monkeys will start policing themselves — attacking anybody who tries to reach the bananas, making it unnecessary for their masters to deploy the ice water. "This is why the government is being so aggressive so early on, with only 10 percent of India's population online," says Abraham. "If you start the drenching early on, by the time you get to 50 per cent [internet penetration], every one will be well-behaved monkeys."

Companies will act as private internet police for fear of legal punishment before the government is called upon to step in and enforce the law. If it works, Indian politicians could have fewer reasons to worry about online critiques or mockery, because companies fearing prosecution will proactively delete speech that could potentially be designated "harassing" or "grossly harmful."

India is not China or Iran, however. Its politicians may be corrupt, and most of its voters may not understand why Internet freedom matters because they've never used the Internet. But it still has an independent press and boisterous civil society that are not going to give up their critiques and protests anytime soon. India also has a strong, independent judiciary, with a record of ruling against censorship and surveillance measures when a strong case can be made that they conflict with constitutional protections of individual rights. "On free speech I have high faith in the Indian judiciary," says Abraham. "There is a good chance to launch a constitutional challenge."

If Google and Facebook lose at their impending trial — now scheduled for July — they will most certainly appeal, which activists hope could provide just such an opportunity to prevent the sort of "behaviour modification" process that Abraham warns against.

Now India's burgeoning internet freedom movement needs its own reverse "behaviour modification" strategy — imposing consistent and regular doses of political and legal ice water upon India's bureaucrats, politicians, and companies whenever they do things that threaten to corrode the rights of India's internet users. Saturday's protest is just the beginning.

Sunil Abraham is quoted in the article. The report on Intermediary Guidelines co-produced by CIS and Google is also mentioned.

For more details visit https://cis-india.org/news/indias-struggle-for-online-freedom