We are anonymous, we are legion

The Mirror in the Enigma: How Germany lost World War II to a Mathematical Theorem

elonnai hickok — 2011-09-22T07:53:25Z

Today we use encryption in pretty much everything — cellphones, Internet, banking, satellites, and spaceships. How far have we come since the days of the Enigma and how does it affect our daily lives? CIS invites you to attend a short lecture by Rohit Gupta on August 12, 2011.

About the Lecture

During World War II, the Germans began communicating their military information using the famous Enigma encryption machine. Subsequently, we see how three Polish mathematicians led by Marian Rejewski broke the code using a fundamental theorem in 'group theory'. It has been suggested by certain generals that this breach directly led to the collapse of the Axis powers.

In his talk Rohit will begin with the simplest ways to secure privacy in communication throughout human history, and build up to the rise of the Enigma.

About Rohit

Rohit Gupta is a mathematician who thinks the universe is a giant hologram generated by a microscopic black hole which behaves like a rapidly blinking disco ball. He's finding ways to prove this beyond doubt.

VIDEO

For more details visit https://cis-india.org/internet-governance/events/mirror-in-the-enigma

Internet Governance Blog

kaeru — 2011-10-18T06:40:43Z

For more details visit https://cis-india.org/internet-governance/blog/internet-governance-blog-old

July 2011 Bulletin

praskrishna — 2012-07-30T07:00:26Z

Greetings from the Centre for Internet and Society! In this issue we are pleased to present you the latest updates about our research, upcoming events, and news and media coverage:

Researchers@Work

RAW is a multidisciplinary research initiative. To build original research knowledge base, the RAW programme has been collaborating with different organisations and individuals to focus on its three year thematic of Histories of the Internets in India. Five monographs: Re: Wiring Bodies by Asha Achuthan, Archive and Access by Aparna Balachandran and Rochelle Pinto, Pornography and the Law by Namita Malhotra, The Leap of Rhodes or, How India Dealt with the Last Mile Problem – An Inquiry into Technology and Governance by Ashish Rajadhyaksha and Internet, Society and Space in Indian Cities by Pratyush Shankar were sent for peer review.

Upcoming Event in CEPT, Ahmedabad

Locating Internets: Histories of the Internet(s) in India — Research Training and Curriculum Workshop: Call for Participation [Deadline for submission – 26 July 2011; Participants to be selected by 30 July 2011; Workshop from 19 to 22 August 2011]

Digital Natives with a Cause?

Digital Natives with a Cause? is a knowledge programme initiated by CIS and Hivos, Netherlands. It is a research inquiry that seeks to look at the changing landscape of social change and political participation and the role that young people play through digital and Internet technologies, in emerging information societies. Consolidating knowledge from Asia, Africa and Latin America, it builds a global network of knowledge partners who want to critically engage with the dominant discourse on youth, technology and social change, in order to look at the alternative practices and ideas in the Global South. It also aims at building new ecologies that amplify and augment the interventions and actions of the digitally young as they shape our futures.

The Digital Natives Newsletter

"Links in the Chain" is a bi-monthly publication which highlights the projects, ideas and news of the "Digital Natives with a Cause?" community members. It includes opinion posts by participants from the three workshops — Talking Back (Taipei, 15 – 18 August 2010), My Bubble, My Space, My Voice (Johannesburg, 6 – 9 November 2010) and From Face to the Interface (Santiago, 8 – 10 February 2011) as well as the facilitators, interviews with them, comics and cartoons highlighting current issues affecting the community, as well as current news and discussions happening at the project website, www.digitalnatives.in.

The Digital Dinosaurs [Links in the Chain, Volume 7]
Special Mid Year Edition [Links in the Chain, Volume 8]

Accessibility

Estimates of the percentage of the world's population that is disabled vary considerably. But what is certain is that if we count functional disability, then a large proportion of the world's population is disabled in one way or another. At CIS we work to ensure that the digital technologies, which empower disabled people and provide them with independence, are allowed to do so in practice and by the law. To this end, we support web accessibility guidelines, and change in copyright laws that currently disempower the persons with disabilities.

Featured Research

Accessibility Policy Making: An International Perspective (Revised Edition 2011) [A G3ict White Paper researched and edited by the Center for Internet and Society, Bangalore, India. Editor: Nirmita Narasimhan, Revised edition: May 2011]

Access to Knowledge (previously IPR Reform)

CIS believes that access to knowledge and culture is essential as it promotes creativity and innovation and bridges the gaps between the developed and developing world positively. Hence, the campaigns for an international treaty on copyright exceptions for print-impaired, advocating against PUPFIP Bill, calls for the WIPO Broadcast Treaty to be restricted to broadcast, questioning the demonization of 'pirates', and supporting endeavours that explore and question the current copyright regime.

Featured

Don't Shoot the Messenger: Speech on Intermediary Liability at 22nd SCCR of WIPO (speech by Pranesh Prakash at a side-event co-organized from 15 to 24 June 2011, by WIPO and the Internet Society on intermediary liability).

Openness

CIS believes that innovation and creativity should be fostered through openness and collaboration and is committed towards promotion of open standards, open access, and free/libre/open source software.

Documentary

People are Knowledge – Experimenting with Oral Citations on Wikipedia (co-produced by CIS in association with the Wikimedia Foundation, on Oral Citations in India and South Africa)

Featured

Opening Government: A Guide to Best Practice in Transparency, Accountability and Civic Engagement across the Public Sector (published by Transparency & Accountability Initiative, CIS contributed the section on Open Government Data).

Internet Governance

Although there may not be one centralized authority that rules the Internet, the Internet does not just run by its own volition: for it to operate in a stable and reliable manner, there needs to be in place infrastructure, a functional domain name system, ways to curtail cyber crime across borders, etc. The Tunis Agenda of the second World Summit on the Information Society (WSIS), paragraph 34 defined Internet governance as “the development and application by governments, the private sector and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet.” Its latest endeavour has resulted into these:

New Blog Post

RTI and Third Party Information: What Constitutes the Private and Public? [by Noopur Raval]

Events Organised

Socio-financial Online Networks: Globalizing Micro-Credit through Micro-transactional Networked Platforms – A Public Lecture by Radhika Gajalla [at CIS, Bangalore on 8 July 2011]
Internet Surveillance Policy: “…the second time as farce?” – A Public Lecture by Caspar Bowden [at TERI, Bangalore on 27 June 2011]

CIS is doing a project, ‘Privacy in Asia’. It is funded by Privacy International (PI), UK and the International Development Research Centre, Canada and is being administered in collaboration with the Society and Action Group, Gurgaon. The two-year project commenced on 24 March 2010 and will be completed as agreed to by the stakeholders. It was set up with the objective of raising awareness, sparking civil action and promoting democratic dialogue around challenges and violations of privacy in India. In furtherance of these goals it aims to draft and promote over-arching privacy legislation in India by drawing upon legal and academic resources and consultations with the public.

Featured

Privacy & Media Law (by Sonal Makhija). The research examines the existing media norms governed by Press Council of India, the Cable Television Networks (Regulation) Act, 1995 and the Code of Ethics drafted by the News Broadcasting Standard Authority, the constitutional protection guaranteed to an individual’s right to privacy upheld by the courts, and the reasons the State employs to justify the invasion of privacy.

Comments

Right to Privacy Bill 2010 — A Few Comments (by Elonnai Hickok). CIS has given specific recommendations and specific comments on the Right to Privacy Bill, 2010, which was introduced in the Rajya Sabha by Rajeev Chandrashekhar.

Event Report

Privacy Matters, Guwahati – the event was organised by IDRC, Society in Action Group, IDEA Chirang, an NGO initiative working with grassroots initiatives in Assam, Privacy India and CIS on 23 June 2011.

New Blog Entries

My Experiment with Scam Baiting (by Sahana Sarkar)
When Data Means Privacy, What Traces Are You Leaving Behind? (by Noopur Raval)
Video Surveillance and Its Impact on the Right to Privacy (by Elonnai Hickok)
Consumer Privacy in e-Commerce (by Sahana Sarkar)
An Overview of DNA Labs in India (by Shilpa Narani)
UID: Nothing to Hide, Nothing to Fear? (by Shilpa Narani)

News & Media Coverage

Indian SMEs still fail to harness the power of Net [Sunday Guardian, 19 June 2011]

Sorry Wrong Number [Telegraph, 3 July 2011]

Aadhaar’s moment of truth [Deccan Herald, 5 July 2011]
The Walls Have Ears [Outlook, issue, 11 July 2011]
Transparent Government, via Webcams in India [New York Times, 17 July 2011]; news also published in other languages in wprost (Polish), ictnews (Vietnamese) and @rret sur images(French)
NYT lauds Oommen Chandy’s 24/7 office webcast [Deccan Chronicle, 19 July 2011]
UID: The World’s Largest Biometric Database [International School on Digital Transformation, 21 July 2011]. Sunil Abraham made a presentation.
Facebook, my boyfriend is lousy [Bangalore Mirror, 24 July 2011]

Portal augurs well for transparency [The Hindu, 25 July 2011]

Follow us elsewhere

Get short, timely messages from us on Twitter

Follow CIS on identi.ca

Join the CIS group on Facebook

Visit us at www.cis-india.org

CIS is grateful to Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/july-2011-bulletin

Portal augurs well for transparency

praskrishna — 2011-07-26T15:16:47Z

Data.gov.in will have meta-data, which will facilitate discovery of data and access from portals of ministries, says T Ramachandra. The article was published in the Hindu on 25 July 2011.

The unveiling of an official data access and sharing policy and the commissioning of a data portal (data.gov.in), which is on the anvil, will pave the way for digitally opening up the Central government data to the public.

"The data portal will be having meta-data [data about data], which will facilitate the discovery of the data and access from the portals of respective government departments/ministries. At present, the data policy is likely to cover the Central government and all activities funded by the Government of India," said R. Siva Kumar, CEO of National Spatial Data Infrastructure, and head of Natural Resources Data Management System, Department of Science and Technology.

Governmental data-holding organisations will prepare a negative list of non-shareable sensitive data, weighing the need to restrict public access given such considerations as security and privacy, against the obligation to share it with civil society and the scientific community. Apart from this, access to certain categories of data will be restricted.

The broad guidelines spelt out in the Right to Information Act will be followed and the list will be periodically reviewed. "All data outside the negative list will be proactively disseminated, and an oversight committee will facilitate policy implementation," said Dr. Kumar.

But does this mean that the public have to make specific requests for the unlocking of data-sets? “Data will be available through the data portal, and there will be no specific unlocking required. However, access to certain data may be through registration/authorisation,” he responded.

The sharing of such data might be tied to a pricing policy. "Pricing will be decided by the respective department/ministry. However, standardised parameters will be made available as guidelines for fixing the price," he said.

The draft of the proposed National Data Sharing and Accessibility Policy the government published some time ago indicates that the departments themselves can decide whether the data belongs to the ‘open access', ‘registered access,' or ‘restricted access' categories, with the policy neither mandating nor coming up with guidelines on how to do so, said Pranesh Prakash, programme manager, Centre for Internet and Society (CIS), a Bangalore-based NGO.

The CIS has recommended that the policy have the same scope as the RTI Act, and that all ‘public authorities,' as defined under the Act, be covered by it. Only the restricted categories (laid down in Sections 8 and 9 of the RTI Act) should be allowable for ‘restricted access.'

In a study on open government data in the Indian context, the CIS suggested that any policy be oriented towards meeting the requirements of a broad spectrum of citizenry. Specifically, sections that do not get to immediately benefit from advances in information technology. “Data mashing and private sector information products are important goals,” but the government itself should be proactive in creating the applications that show potential uses for the data.

The World Wide Web Consortium (W3C), the global body that sets web standards, has said governments, by putting their data on the Internet, facilitate greater transparency, deliver more efficient public services and encourage greater public and commercial use and re-use of government information.

Anil Bairwal, National Coordinator of the Association for Democratic Reforms, which is involved in disseminating election-related data through its website Electionwatch, says there is “huge public interest” in data, and that accessibility was of prime importance. For instance, election-related data was made available by the authorities in the PDF/image file formats. “This forces us to do a manual interpretation of every affidavit, which consumes a lot of time and energy. It would be helpful if this data was available in a portable open format via an online tool.”

Other countries have already made strides in furthering open data. Prominent examples are the U.K. government website, data.gov.uk, and the U.S. government's www.data.gov website, which is key to President Barack Obama's Open Government Initiative.

Read the original article published in the Hindu here

For more details visit https://cis-india.org/news/portal-augurs-well-for-transparency

UID: Nothing to Hide, Nothing to Fear?

shilpa — 2011-09-28T11:44:21Z

Isn’t it interesting that authorities ask you about your identity and you end up showing your proof of existence! Isn’t this breaching into one’s personal life? Why so much transparency only from the public side? Why can’t the government be equally transparent to the public?, asks Shilpa Narani.

Before I get into an argument, I would like to share with you that my research is based on a comparative study of articles published on UID in leading newspapers like the Times of India, the Indian Express, the Hindustan Times, and its supplement LiveMint, Business Standard, Asian Age, DNA India, Bangalore Mirror, Deccan Chronicle and Deccan Herald. My research shows that the government officials and the individuals working for the UIDAI, who are involved in proposing identity system, are in fact hide their own identity from the public.

Background

A pan-India project to “identify” each resident was formally inaugurated in 2009, with the establishment of the Unique Identification Authority of India (UIDAI) as an office attached to the Planning Commission.[1] The goal of the Unique ID project is to issue a unique identity number to every resident in the country. The Unique Identification number (UID) will be linked to every resident’s basic demographic and biometric details, and stored in the UIDAI central database.[2] Now a 12 digit number will henceforth decide whether you exist or not? It will decide whether you remain a known or an unknown person? With this blog I would like to highlight the irony in the UIDAI's attempt to establish if a person is known or is unknown with a 12 digit number.

An identity card virus seems to be spreading across India. Everyone is praising the UID and the social, economic, and political improvements it will bring. “The aim of the UID scheme is to bring transparency in the system,'' says Sonia Gandhi.[3] One has to wonder though — if the aim of the UID is to bring transparency, why it is that government and UIDAI officials are not transparent themselves?

Findings

According to my research, in 55 news articles taken from different newspapers mentioned above, there are 66 persons who shared their views on UID only on the condition of anonymity. Most of these individuals were public servants who themselves did not wish to be identified. For instance, one individual was from the department of information technology, who is working on the UID project and with the UIDAI itself.

Total Anonymous

As one can see from the graph above, the total number of anonymous people sharing their perspectives on the UID are more than the total number of identified people sharing their perspective on the UID. Below is a detailed review of UID articles from each newspaper:

Times of India: Out of 13 articles, Times of India quoted nine anonymous sources in which there were HRD officials, civic sources, sources from census operation department, collectorate sources, senior postal officials, UIDAI officials, and unclassified individuals. Times of India only quoted four identified sources.

Indian Express: Out of 10 articles, the Indian Express quoted twelve anonymous sources including sources from senior officials of the AADHAR office, senior Delhi government officials and some unclassified sources. Again only four identified sources were quoted.

LiveMint: Out of 7 articles, the Live Mint quoted 15 anonymous sources including sources from the Information Regulatory and Development Authority (IRDA), UIDAI, Bank of India, a senior SEBI official, sources from ministry, etc. Only 11 sources revealed their identity.

Hindustan Times: Out of 3 articles, there were 6 anonymous sources, and 5 sources that were identified. Anonymous sources were from UIDAI, finance ministry, and other government officials.

Deccan Herald: Out of 11 articles, there were 14 anonymous sources and only 6 were identified. Anonymous sources included UIDAI officials, banks, senior officials from government, and unclassified sources as well.

Asian Age: Out of 4 articles, there were 5 anonymous sources. Anonymous sources included government officials and some unclassified officials.

Power of Identity: Why is anonymity important?

UID has the potential to threaten an individual’s ability to be anonymous in society. Anonymity results when the personal identity or personally identifiable information of a person is not known. As demonstrated above, a certain amount of anonymity already exists in India today, but with the coming of the UID there is the potential that this will be changed.

Conclusion

As Sonia Gandhi herself said, the UID's aim is to bring transparency in the system. Though the government is eager to make the Indian public transparent in their everyday lives, clearly from the analysis above, individuals working for the government and UIDAI are not comfortable being transparent to the public. It is ironic that the individuals developing and working for this scheme are not willing to voice their opinion and be identified, but private individuals are. Though the UID scheme is being promoted as a way to make the people accountable and visible in the eyes of the government, from the very start of the project the UIDAI and government have kept themselves under a cloud of secrecy. The government’s non-transparent attitude towards this project and the unawareness of its use on the people makes the whole scheme shady and unnecessary.

Notes

[1]http://uidai.gov.in/UID_PDF/Front_Page_Articles/Documents/Strategy_Overveiw-001.pdf

[2]http://uidai.gov.in/UID_PDF/Working_Papers/UID_and_iris_paper_final.pdf

[3]http://articles.timesofindia.indiatimes.com/2010-09-30/india/28243557_1_uid-number-unique-id-numbers-tembhli

Download the UID Summary Grid here [Excel, 19kb]

For the summary of articles in newspapers, click here

For more details visit https://cis-india.org/internet-governance/blog/privacy/uid-nothing-to-hide-fear

An Overview of DNA Labs in India

shilpa — 2016-02-02T13:11:31Z

DNA fingerprinting has become the most precise and technologically advanced method for identifying crimes such as murder, kidnapping, robbery and rape. Police and judicial authorities and in some cases even private parties retain this in their records, writes Shilpa in this blog post.

At present, India does not have a national law that empowers the government to collect and store DNA profiles of convicts but if the Parliament of India passes the DNA Profiling Bill,[1] 2007, India will soon join countries such as the US and UK in creating a national DNA database.[2] Government, CBI and organizations connected with the investigation process argue that data retention is necessary to combat terrorism and crime. According to Google Transparency Report [3] for the first half of 2010, India had 1,430 data requests, which made it one of the top nations in generating government inquiries for information.

In this blog I am citing my interviews with DNA labs, Issues regarding lab samples and data, and DNA Profiling Bill 2007 on lab practices. I am thankful to Anthony Jackson and Dr. Helen Wallace, Executive Director from Gene watch UK who helped me with the questionnaire for survey interview.

Interviews with DNA labs

I interviewed few government as well as private labs to find out how DNA practices are being carried out. This was to highlight ways in which DNA testing raises privacy concerns.

In public labs, DNA testing is used for the forensic purposes only. These labs are funded by the government whereas private labs deal with legal as well as private purposes. DNA Labs India (DLI), Truth Labs and Bio-Axis DNA Research Centre (P) Limited are some leading private firms involved in DNA testing.

Dr. Madhusudan Reddy Nandineni, who is the Scientist and In-charge of the Centre for DNA Fingerprinting and Diagnostics (CDFD) talked about the working of DNA practise and services provided by their laboratory. “CDFD located in Hyderabad is an autonomous institution supported by the Department of Biotechnology and Ministry of Science. CDFD provides services for DNA testing for establishment of parentage, identification of mutilated remains, establishment of biological relationships for immigration, organ transplantation, property inheritance cases, identification of missing children and child swapping in hospitals, identification of rapists in rape cases, and murderers in murder cases. CDFD assists police personnel, forensic scientists, lawyers and the judiciary”, says Dr. Madhusudan Nandineni over a telephonic interview.

The ND Tiwari Case (Published in the Deccan Herald, 24 July 2011)
Eighty-five-year-old leader ND Tiwari was asked to undergo a DNA test in the paternity suit filed by Rohit Shekhar who claims to be his biological son. The high court asked the Centre for DNA Fingerprinting and Diagontics (CDFD) at Hyderabad to conduct a DNA test on Tiwari.[4] Also refusing to grant any relief to Tiwari, the court said that considering the age of the leader, it is necessary to have a DNA test so that the Rohit Shekhar is not left without any remedy if something happens to Tiwari. The court said that it is the right of a child to know his or her biological father.[5]

Dr. BK Mahapatra, Assistant Director, Biology & DNA Finger printing Unit at Central Forensic Science Laboratory, Delhi says “CFSL undertakes cases referred by CBI, Delhi police, judiciary, vigilance department of ministries, public undertakings and state/central government departments. We don’t contract with private laboratory to do a DNA testing. We accept all type of DNA cases submissions like criminal, known, unknown, etc. CFSL saves DNA samples for re-testing, however, for this we do have a privacy policy followed by National Accreditation Board for Testing and Calibration Laboratories (NABL). It is an autonomous body under the aegis of the Department of Science and Technology, Government of India and is registered under the Societies Act”, he clarified.

In a telephonic interview with Ravi Kiran Reddy, DNA expert, DLI a, tells us about the services provided and security supervise by the laboratory. “DLI provides services for paternity testing, forensic testing, prenatal testing, and genetic testing. DLI contracted with a private laboratory to do DNA testing. We accept all DNA cases like suicide attempts, cases from Indian Army, etc. DLI saves DNA samples for re-testing for six months and if necessary for life time and a database is also maintained. He further said that to protect and secure database, bar coding is being prepared and therefore, no identity is revealed.

Some of the labs refused to participate in the research exercise like the truth labs. Truth Labs is a private lab that provides legal services directly, without a court or police order.[6] Another private laboratory which provides DNA testing is Bio-Axis DNA Research Centre. It also provide various DNA Identification services for private purposes, legal purposes, peace of mind, confidential purposes, immigration purposes, crime investigation and human identification purposes.[7]

Issues Regarding Lab Samples and Data

Readers may have heard of rapists being caught because of a match between a suspect's DNA and sperm left behind in a victim. Or, as often the case, an innocent person may be released because the DNA of that person does not match that found in a crime scene.[8]

Possibility of Framing Innocents: Kshitij Urs, an Action Aid said, “There can be some problems if one were to rely too much on DNA databases in the criminal justice system as DNA evidence can be planted in a crime scene intentionally”, in an event organised by CIS.
Insecurity of Centralised Storage: With DNA tests, a patient's medical file will contain information they would prefer to be confidential. But the whole idea of general DNA testing will only be effective if the data is stored in a single electronic database, which makes the confidentiality problem extremely pressing. For example, the results of DNA testing might reveal that a person who is legally a child's father isn't really his biological father.[9]
Other Privacy Concerns: DNA contains information that raises a much broader privacy and other civil liberties concerns. It can tell investigators about ourselves, our family members, diseases we may have inherited our physical attributes and broad ancestry. Genetic information can be used in all sorts of discriminatory ways.[10]

What can be done?
There should be a DNA retention policy to protect an individual. It will identify personal data which has to be maintained and contain guidelines for how long certain documents should be kept and how they should be destroyed.[11] In the situation of DNA collection and testing privacy cannot be protected simply through consent from an individual. Instead the law must permit specific thresholds to be established in order to cover the privacy needs of different situations. DNA profiling Bill 2007 will regulate the use of DNA profiles which is pending in the Parliament.

DNA Profiling Bill 2007 on Lab Practices

According to the DNA Profiling Bill there are certain rules for the DNA laboratories which are followed by these labs.

Prohibition for undertaking DNA procedures: It states that DNA laboratories have to take prior permission from the DNA Profiling Board to undertake any DNA procedures.
Security and minimize contamination: There should be proper facility of security and minimize contamination of DNA samples.
Confidentiality, Access to DNA Profiles, Samples and Records: DNA Profiling Bill states that all DNA profiles, samples and records forwarded to the DNA laboratory or any authority of the lab has to be kept confidential.
Use of DNA profiles, samples and records: All DNA profiles, samples and records should be used only for facilitating identification of the perpetrator(s) of a specified offence and also to identify victims of accidents, disasters or missing persons or for such other purposes.
Authorised Access: It also says that information stored on the DNA database system may be accessed by the authorized persons for the purposes of forensic comparison permitted under this Act, administering the DNA database system, accessing any information contained in it by law enforcement officers or any other persons, as may be prescribed, in accordance with provisions of any law for the time being in force, inquest or inquiry.
Restrictions on use of information on DNA profiles, samples and data identification records: Laboratory cannot use the information for any purpose other than the purpose for which the communication or access is permitted.
Destruction, alterations, contamination, tampering with biological evidence: The Bill states that whoever knowingly or intentionally destroys alters, contaminates or tampers with biological evidence will be punishable with imprisonment for a term which may extend to five years, or with fine not exceeding twenty thousand rupees, or with both.[12]

Conclusion

Currently the Bill allows for the complete storage of DNA of criminals, suspects, victims, offenders and volunteers.
There are no standard practices for data retention across lab. Thereby there is an increased risk that data might fall in wrong hands and information may also be misused. Therefore, DNA databases should be restricted to be stored for not more than a limited time period. Such indefinite retention of the DNA profiles of innocent individuals is a disproportionate and unnecessary interference with an individual’s right to privacy.
DNA labs in India have numerous constraints and operating in different level. Therefore, India has to be having even more carefully designed laws.

List of Laboratories

Central Forensic Science Laboratory, Delhi
Dr. BK Mahapatra
Associate Biology Division
Ph: 9312523536, 24360095
Mail: ssofs_dfs@dfs.gov.in

Centre For Fingerprinting and Diagnostics (CDFD), Hyderabad
Dr. Madhusudan Nandineni
Scientist and In-charge
Ph: 24749331, 24749330
Mail: dsp@cdfd.org.in

DNA Labs India, Hyderabad
Ravi Kiran Reddy
Ph: 9395142800
Mail: info@dnalabsindia.org

Bio-Axis DNA Research Centre
Ph: 9246338983
Mail: drc@dnares.in

Truth Labs, Hyderabad
Ph: 9490690222, 04023390999
Mail: gandhi@truthlabs.org

Notes

[1]http://timesofindia.indiatimes.com/topic/DNA-Profiling-Bill

[2]http://www.gene-watch.org/blog/post/India-May-Soon-Have-a-National-DNA-Database.aspx

[3]Amy Miller, “Google’s new tool shows which countries are censoring the internet” http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202472346375

[4]Paternity case: No relief for N D Tiwari as Supreme Court allows DNA test http://www.indianexpress.com/news/paternity-case-no-relief-for-n-d-tiwari-as/762146/

[5]Paternity case: ND Tiwari to provide blood sample for DNA test http://www.deccanherald.com/content/165408/paternity-case-nd-tiwari-provide.html

[6]http://www.truthlabs.org/

[7]Bio-Axis Research Centre, http://www.dnatestinginindia.ewebsite.com

[8]Sujatha Byravan , A public, private database http://www.indiatogether.org/2009/sep/hrt-dnadb.htm

[9]Vibhor Verdhan, Data Retention Policies- An Emerging Requirement & Various Compliances http://www.legalserviceindia.com/article/l428-Data-Retention-Policies.html

[10]Andrei Kislyakov , DNA testing: pros & cons http://en.rian.ru/analysis/20090104/119294260.html

[11]Vibhor Verdhan, Data Retention Policies- An Emerging Requirement & Various Compliances

[12]DNA Profiling Bill http://dbtindia.nic.in/DNA_Bill.pdf

Click here for the Survey Questions

Deoxyribonucleic acid (DNA) is the main constituent of the chromosomes of all organisms, and is found in the form of a double helix within the nucleus of every somatic cell. Consequently, a small sample of human body cells can be decoded to reveal a pattern that is shared only by a genetically identical twin. The DNA of each individual does not change during his lifetime. This technique is commonly used in police investigations and is termed ‘DNA fingerprinting. For more see the Wikipedia definition of DNA.

For more details visit https://cis-india.org/internet-governance/blog/privacy/dna-overview

Facebook, my boyfriend is lousy

praskrishna — 2011-07-25T10:07:37Z

While a sizeable chunk of users do not mind living their life in public, oversharing can have nasty repercussions in real life. This article by Sahana Saran was published in the Bangalore Mirror on 24 July 2011.

A wife wrote a bitchy remark about her mother-in-law on Facebook when her husband was out of town. A happy homecoming turned sour when the husband saw the comment. There was a huge showdown which finally led to divorce.

On the flip side, when Savita and Vinay’s (name changed) baby was about to be born a couple of years ago, the couple’s friend live-tweeted the whole childbirth process and the proud parents didn’t mind.

Oversharing on social networks by young people can have damaging results, say internet experts. Why does it happen?

"These days youngsters hook on to social networking sites, and you cannot blame them for seeking each other’s company because that is how they are at that age. There are more restrictions on children these days because of security and abuse issues which the earlier generation may not have encountered. For example, sleepovers which were much common earlier may now not be readily allowed. Their time outside their house is also monitored. Many schools these days have surveillance cameras or some form of curbs that might restrict students from having a private interaction. That is why they seek such interactions through the internet and social networks. Still in India, there is not really a need to press the panic button saying that they are becoming Facebook addicts," says Sunil Abraham, executive director of the Centre for Internet and Society, who is an internet behaviour expert.

Sunil quotes an analysis done in Poland to show how much social networking has become a part of young people’s lives. It showed that teenage girls who meet every day in school, go back home and immediately switch on their PCs and start interacting with each other again. And all through the day, they are on Skype and can see every single thing that each one of them are doing in their rooms in their respective homes. Studies done in the Philipines demonstrate how personal life is becoming public. A study by the Institute of Philippine Culture showed that many of those assessed were on Friendster and allow full access to information on their accounts and readily share details of activities, interests and contacts.

Is the situation different in India? Bhavana, a business management graduate in her 20s, says that what she puts up on her social networking account depends solely on her state of mind. But she ensures that messages are not too personal because earlier she had put up posts which backfired.

"Sometime ago we were celebrating my brother’s birthday and some misunderstanding happened during the celebrations and I was heaped with blame by friends and relatives on FB when I tried to justify myself. I was taken aback. Now, I am more careful about posting messages about sensitive topics," she says.

And when you let people know where you are through Google Latitude, you need to watch against saying offensive things.

"There have been instances of people gate-crashing parties following a Twitter or FB post; in China, mobs of people have attacked those whose views they oppose," adds Sunil.

What makes some people, who would never dream of whipping up controversies in the real world, so reckless when they are online?

"Most often, it is a way of being noticed, of getting attention. Everyone wants to have a popular public profile and telling the world about your opinions and your activities is a way of gaining attention. But new forms of communication are being invented every other day and each has an etiquette of its own," says Sunil.

According to Dr Thomas M J, there are two kinds of people who are the net — attention-seeking and anonymous. The anonymous generally never put personal details about themselves on social networks. "But the other group consists of those who are externally controlled. For such people any open media acts as a place to talk about themselves and they love being in that public space. Moreover, social networks give internet users the courage to say whatever they want because they can avoid face-to-face contact. Even if there is a response, it is muted because because it is not direct and they can escape confrontation," says Thomas.

Read the original article published in Bangalore Mirror here

For more details visit https://cis-india.org/news/facebook-my-lousy-boyfriend

Consumer Privacy in e-Commerce

sahana — 2012-03-28T04:53:17Z

Looking at the larger picture of national security versus consumer privacy, Sahana Sarkar says that though consumer privacy is important in the world of digital technology, individuals must put aside some of their civil liberties when it comes to the question of national security, as it is necessary to prevent societal damage.

What is Consumer Privacy?

In today’s digital economy generating consumer information is inevitable. Though some companies use the personal information they obtain to improve and provide more services to consumers, many companies use the information in an irresponsible manner.

In countries that do provide legal protection for consumer privacy, it is never protected as an absolute right. Consumer privacy is not considered an absolute right for three reasons:

What constitutes consumer privacy is culturally, contextually, individually defined
Consumer privacy often conflicts with other market rights
The ownership of a consumer's private information is debated — as consumer's believe they own the information and businesses believe they own the information.

In order to understand consumer privacy it is useful to outline the privacy expectations and strategies of both consumers and businesses, and to also examine the protection measures taken by firms to safeguard consumer information. The major privacy concerns held by consumer's can be broken down into three main domains:

Consumers want to be informed about the type of information that is being collected from them.
Consumers need to know that they a certain degree of control over the personal information that is being collected.
Consumers need to be assured that their personal information will be secure and will not be abused or stolen.

Though privacy has been defined by many as the "right to be let alone", its application in today’s modern world is not that straightforward. We live in a world where our purchasing behavior, both online and offline, is shared and used invisibly. For instance, if an individual uses a social networking site, it is possible for a third party application to access personal information that is shared. Similarly, if an individual uses a warranty card or loyalty card during a purchase, it is possible for third parties, like data brokers, to collect and use the individuals' personal information.

For instance,15 consumer privacy groups have filed a complaint against Facebook for limiting user's ability to browse anonymously. The complaint was regarding the fact that users only had the choice to designate personal information as publicly linkable, or to not provide information at all. Though Facebook claims to ensure users control over their personal data by allowing users to choose their privacy settings, it does not clarify that these setting can change at any given point. Moreover, the latest privacy embarrassment that hit Facebook proves again that Facebook does not protect users’ privacy. A few weeks ago Facebook admitted to passing personal information of its users onto different gaming applications. These gaming applications have in turn passed the information on to advertisers who otherwise could not have accessed the information.[1]

Breach of Privacy in Information Collection

Internet users often fear the loss of personal privacy, because of the ability businesses and their websites have to collect, store, and process personal data. For example, sites extract information from consumers through a form, and then record data about their user’s browsing habit. After collecting user information, the sites match the data with their personal and demographic information to create a profile of the user’s preferences, which is then used to promote targeted advertisements or provide customized services. The sites might also engage in web lining through which they price a consumer according to their profiles.

Online there are two main ways in which sites collect user information:

Sites collect information directly through a server software. Sites often use automatic software logs to do this.
A third party extracts information from the site without the consumer’s knowledge. Sites often place cookies on websites to extract user information.

Automatic software logs and third party cookie placement are two overlooked aspect of information collection. Cookies work by collecting personal information while a user surfs the net, and then feeds the information back to a Web server. Cookies are either used to remember the user, or are used by network advertising agencies to target product advertisements based on long term profiles of user’s buying and surfing habits. An example of a website that uses cookies is 'double click'. Web bugs are used by advertising networks to add information to the personal profiles stored in cookies. Web bugs are also used in junk email campaigns to see how many visits the site gets. Cookies and web bugs are just two out of hundreds of technologies used to collect personal information. [2]

Challenges Posed by Protection of Consumer Privacy

In conclusion, I would like to talk about the difficulty in maintaining a balance between the legal collections of information and protecting privacy of consumers. Above I demonstrated how this conflict arises between businesses and consumers — and is rooted in businesses wanting personal information for commercial reasons, and a user wanting protection and control over their own information. This conflict can also arise between consumers, businesses, and political bodies. An example that demonstrates this is the ongoing conflict between RIM (Research in Motion) and the Government of India. The Government of India has issued a warning against RIM saying that it would suspend its blackberry operations if they do not adhere to the Indian laws and regulations.

The Ministry of Home Affairs is demanding that RIM allow access to encrypted content that flows in and out of India. In other words the Government of India wants RIM to allow the security forces to have access to data sent using Blackberries by reducing encryption levels, or by providing the government with the decryption keys. The demand by the government is somewhat ironic as Blackberry manufacturers have developed the Blackberry encryption key to protect the consumers’ privacy during any business deal, so that information is not compromised. On the other side of the debate, the government is demanding access to Blackberry communications, because their inability to decrypt the codes makes countering the threats to national security difficult. This is especially true for a country like India, which is constantly facing threats from Maoists, and extremist Islamic groups.

This example highlights an important question: what is more important — national security or consumer privacy? In 2010, RIM agreed to negotiate access to consumer messages only where access requests are within local laws. Blackberry also agreed to not make any specific deals with consumers, and to make its enterprise systems security and confidentiality non-negotiable.

Conclusion

Though, consumer privacy is very important especially in a world of digital technology, however, when we speak of national security, I feel that individuals must set aside some of their civil liberties — at least to the extent that it is necessary to prevent societal damage. For a clearer understanding of national security vs consumer privacy look at the case of RIM Vs Indian Government in the following sites:

[1]http://www.ft.com/cms/s/0/198599e6-dc5f-11df-a0b9-00144feabdc0.html#axzz1O00LowtN

[2]http://cyber.law.harvard.edu/olds/ecommerce/privacytext.htmlFor an overview of some of these new data-collection technologies, along with some information on privacy-enhancing technologies such as P3P, see Developing Technologies.

For more details visit https://cis-india.org/internet-governance/blog/privacy/consumer-privacy-e-commerce

Video Surveillance and Its Impact on the Right to Privacy

Vaishnavi Chillakuru — 2011-09-29T05:35:56Z

The need for video surveillance has grown in this technologically driven era as a mode of law enforcement. Video Surveillance is very useful to governments and law enforcement to maintain social control, recognize and monitor threats, and prevent/investigate criminal activity. In this regard it is pertinent to highlight that not only are governments using this system, but residential communities in certain areas are also using this system to create a safer environment.

However, this move is fundamentally opposed by many civil rights and privacy groups across different jurisdictions and have expressed concern that by allowing continual increases in government surveillance of citizens that we will end up in a mass surveillance society, with extremely limited, or non-existent political and/or personal freedoms.

European Union

The Data Protection Directive [1]of 1995, a Directive was issued by the European Union (EU) to regulate the processing and free movement of personal data. In pursuance with this Directive, every country of the EU passed a legislation to govern the protection of personal data. In this regard, the United Kingdom (UK) enacted the Data Protection Act (DPA) in 1998 and the same was brought into force in the year 2001.

The DPA sets forth eight, Data Protection Principles (DPP)[2] to protect personal data in the public sphere. Although video surveillance has not been explicitly referred to in the legislation, the definition given by the DPA is broad enough to encompass it. The application of these principles to video surveillance has been made explicit through the publication of the CCTV Code of Practice (CoP) by the information commissioner. The CoP does not apply to surveillance cameras used for household purposes. Images captured for recreational purposes with a camera, video recorder, etc., are also exempt. The main features of the CoP have been summarized below:

It is important to ascertain who has the responsibility for the control of the images i.e., deciding what is to be recorded, how the images should be used and to whom they may be disclosed. The body which makes these decisions is called the data controller and is responsible for the compliance with the DPA. The body has to notify the information commissioner as to who the data controller is.
An impact assessment should be done to evaluate the scheme’s impact on the privacy rights of the public. While conducting such an assessment, the data controller should take into account what benefits can be gained, whether better solutions exist, and what effect it may have on individuals. The results of the assessment should be used to determine whether video surveillance is justified and if so, how it should be operated.
The camera equipment should be chosen so as to fulfill the purposes for which the surveillance is being carried out. They should have the necessary technical specification so that the images are of appropriate quality. The camera should be positioned in such a way that only those areas which are intended to be the subject of surveillance are covered.
Viewing of live feed must be restricted to authorized personnel only. The data controller should try and protect the images from public view. Disclosure of recorded images should also be controlled and limited to the purpose for which the surveillance was set up. All other requests for viewing images should be considered carefully and balanced against the privacy rights of other individuals who may be affected by the disclosure of the images.
The DPA does not prescribe any minimum or maximum period of retention. It should be ascertained keeping in mind the purpose for which the surveillance system was set up. However, the images should not be kept for longer than is strictly necessary.
There should be prominently placed signs to let people know that they are in an area which is under video surveillance. This can be supplemented by an audio announcement in places where public announcements are already being used, such as in stations. Systems in public spaces and shopping centres should have signs giving the name and contact details of the company, organisation or authority responsible.
Staff operating the system needs to be aware of the rights of the individual under the DPA.

Canada

Canada has two federal laws which deal with privacy — the Privacy Act, 1985 and the Personal Information Protection and Electronic Documents Act, 2000 (PIPEDA). The former protects privacy rights by limiting the collection, use and disclosure of personal information by the federal government departments and agencies whereas the latter deals with the collection, use and disclosure of personal information by private sector organizations. In addition to these two legislations, every province or territory has their own privacy legislations.

A privacy commissioner is appointed to receive and investigate complaints filed by Canadian citizens pertaining to allegations of violation of the Acts. They also conduct research into privacy issues and promote awareness. The privacy commissioner reports directly to the House of Commons and the Senate. Every province or territory may also have its own commissioner or ombudsman authorized to investigate complaints. The Office of the Privacy Commissioner of Canada (OPC) published two sets of guidelines in order to define and circumscribe the use of video surveillance and ensure that the impact on privacy is minimized.

The first set of guidelines is meant to guide the regulation of video surveillance (by law enforcement agencies) in public spaces i.e., in places where there is free and unrestricted access to everyone. These guidelines were drawn up after extensive discussions between the OPC and the Royal Canadian Mount Police (RCMP). However, these guidelines are to be considered merely as an aid and notwithstanding anything stated in the guidelines, the RCMP has the right to carry out its functions as it deems fit. Some of the important pointers are[3]

Video surveillance should only be used to address a "real and pressing problem" which is of sufficient in magnitude so as to warrant the overriding of the privacy rights of citizens. Hence, there should be "real and verifiable" instances of crime or concern for public safety.
Video surveillance should be conducted only as a last resort i.e., in circumstances where there in no other less privacy-intrusive alternative.
A "privacy impact assessment" should be conducted beforehand to assess the degree of interference that will result due to the video surveillance.
Relevant stakeholders (for example, members of the communities that will be affected by the surveillance systems) should be considered before arriving at a decision.
Video surveillance must comply with all applicable laws including over arching laws such as the Canadian Charter of Rights and Freedoms.
The video surveillance should be conducted in such a way that impact on the privacy rights of citizens is minimized. For example, limited use of video surveillance (e.g., for limited periods of day, public festivals, peak periods) should be preferred to be always on surveillance if it will achieve substantially the same result.
The public should be informed that they are under surveillance. Clear signs should be put up mentioning the perimeter of the surveillance areas, the person responsible for surveillance and his contact details in case of any queries.
Security of the equipment and images should be assured.
People whose images are recorded should be able to request access to their recorded personal information.

The second set of guidelines is with respect to video surveillance in private sector organizations. These guidelines apply to overt video surveillance of the public by private sector organizations in publicly accessible areas. They do not apply to covert video surveillance nor do they apply to the surveillance of employees.

"Determine whether a less privacy-invasive alternative to video surveillance would meet your needs.
Establish the business reason for conducting video surveillance and use video surveillance only for that reason.
Develop a policy on the use of video surveillance.
Limit the use and viewing range of cameras as much as possible.
Inform the public that video surveillance is taking place.
Store any recorded images in a secure location, with limited access, and destroy them when they are no longer required for business purposes.
Be ready to answer questions from the public. Individuals have the right to know who is watching them and why, what information is being captured, and what is being done with recorded images.
Give individuals access to information about themselves. This includes video images.
Educate camera operators on the obligation to protect the privacy of individuals.
Periodically evaluate the need for video surveillance."

United States of America

Statutory laws governing the regulation of video surveillance in America are scarce. While there are some state laws which regulate aspects of public video surveillance, there are virtually no federal laws which directly deal with it. However, video surveillance implicates certain constitutional doctrines — especially the first and the fourth amendments. Although it cannot be denied that the liberties enshrined by these amendments can be severely affected by continuous surveillance, so far, the American courts and jurisprudence on the subject have been very permissive.

Another important directive is the "Fair Information Practices" (FIP) originating from the recommendations written by the United States Government which provide certain rights to individuals with respect to the use and dissemination of personal information. Although these guidelines do not have the force of law, they can prove to be a valuable guide for the treatment of any government-held record containing personally identifiable information. The rights of individuals listed by the FIP, in their most basic form, have been given below:[4]

"Notice and awareness of the purpose of data collection, and how such information is used;
Consent to the collection of personal information, and choice concerning how it is used;
Access to and participation in the process of data collection and use, including the right to correct errors;
Integrity and security adequate to protect the information against loss or misuse; and
Redress and accountability for injury resulting from loss or misuse of personal information."

Also, the American Bar Association, in 1999, published standards for technologically-assisted physical surveillance, including video surveillance. Some of the key points of these guidelines are given below:

While regulating the use of video surveillance for law enforcement purposes, certain factors should be kept in mind. For example, the nature of the law enforcement objective or objectives sought to be achieved, the extent to which the surveillance will achieve the law enforcement objectives, the nature and extent of the crime involved, etc.
The extent to which the surveillance invades privacy should be assessed. While conducting such an assessment, care should be taken to enhance the privacy of the location under surveillance by taking into consideration the nature of the place, activity, condition, or location.
Alternate measures should be preferred over video surveillance in order to maintain a balance between the right to privacy and the need for surveillance.
Notice of the surveillance should be given when appropriate.
The scope of the surveillance should be limited to its authorized objectives and be terminated when those objectives are achieved.

Australia

Neither the Australian Federal Constitution nor the Constitutions of the six states and two territories contain any express provisions relating to privacy. However, there are several state and federal privacy laws governing specific sectors and aspects. The primary federal statute is the Privacy Act of 1988 (PA). This statute was enacted in a bid to give effect to Australia's commitment to the International Covenant on Civil and Political Rights and the Organization for Economic Cooperation and Development (OECD). There are four key areas of application of the Act out of which only two are relevant in the context of video surveillance. The first is the eleven Information Privacy Principles (IPPs), based on the OECD Guidelines. These principles are applicable to federal government agencies. The second is the National Privacy Principles (NPP) which regulates private sector organizations. However, private organizations can set forth their own "code of practice" and get it approved by the privacy commissioner as long as it does not go against the broad framework laid down by the NPPs.

Apart from the PA, each state or territory may have its own laws or practices regarding video surveillance. For instance, covert video surveillance in New South Wales is governed by the Workplace Video Surveillance Act, 1998. The Government of New South Wales also published a report on CCTV in public places. Similarly, Victoria is governed by the Surveillance Devices Act, 1999 and Western Australia by the Surveillance Devices Act, 1998. However, South Australia, Tasmania, Northern Territory and Australian Capital Region have no legislation dealing with the use of video surveillance.

Japan

The Constitution of Japan does not contain any express provisions guaranteeing the right to privacy. Till 2003, even statutory law in the field of data protection was non-existent and the government followed a policy of self regulation. It was only in 2003 that the Japanese Parliament enacted the Protection of Personal Information Act. The law underlying privacy in Japan[6] protects only personal information that is obtained and held by administrative agencies, private agencies. It seeks to set forth penal provisions in order to curb leakage of personal information by the government. The subsequent amendments to this Act have widened its scope to cover data that is paper based as well as computerized. Therefore, it can be said that the instant legislation is broad enough to encompass video surveillance data as well.

In this regard it is set forth that there exists no consolidated law to govern video-surveillance systems. Nevertheless, Japan uses video surveillance systems in order to assist the law enforcement agencies. The National Police Agency uses a video surveillance system called the "N system"[7] in order to record license plate numbers of vehicles on roads, highways, etc. This facilitates effective and efficacious law enforcement in Japan. Furthermore, Tokyo police have been operating surveillance cameras on utility poles and buildings to monitor pedestrians in the several densely populated districts of the city.[8] However, this mechanism has been challenged severely by litigants and many privacy groups in the court of law.

Conclusion

We have now moved into an age where security seems to be the primary issue for most countries and their citizens. Video surveillance is increasingly being used to assuage the fears of the citizens and bring perpetrators to justice. In such a scenario, the issue of privacy rights of individuals seems to have taken a backseat. While some countries such as Canada and Britain have attempted to strike a balance between the need for surveillance and the privacy rights of the people, other countries such as the United States of America and Japan do not seem to have made much progress in terms of creating video surveillance norms or regulations to protect the privacy rights of citizens.

Considering the pressing need for video surveillance to address national security issues, India surprisingly has no laws on the same. In this regard, India needs to draw from the experience of the United Kingdom and Canada. The first step is to enact laws permitting video surveillance.

These laws should be tightly worded and strictly connoted, considering the encroachment on civil liberties. Further, in order to balance security with privacy, the next step is to create an office for the information commissioner. It should be created and powers should be conferred to ensure that the privacy related disputes are handled efficiently and expeditiously. Furthermore, the misuse of the powers conferred upon surveillance authorities should be deterred by giving further powers to the commissioner to impose pecuniary liability.

Bibliography

European Union

Canada

United States of America:

Australia:

Japan

https://www.privacyinternational.org/article/phr2006-japan#[45]

Notes

[1]Directive 95/46/EC.

[2]See http://www.ico.gov.uk/for_organisations/data_protection/the_guide/the_principles.aspx (eight data protection principles)

[3]Full guidelines: http://www.priv.gc.ca/information/guide/vs_060301_e.cfm.

[4]Full guidelines: http://www.americanbar.org/publications/criminal_justice_section_archive/crimjust_standards_taps_blk.html#9.

[5]http://www.proactivestrategies.com.au/library/Loss%20Prevention/Video%20Surveillance%20National%20article.PDF.

[6]This law extends to private businesses, government organizations and independent administrative agencies.

[7]540 locations on expressways and major highways throughout the country; it automatically records the license plate number of every passing car.

[8]This regime has also been litigated upon thoroughly with lawyers claiming the same to be unconstitutional.

For more details visit https://cis-india.org/internet-governance/blog/privacy/video-surveillance-privacy

UID: The World’s Largest Biometric Database

praskrishna — 2011-07-23T02:04:45Z

At the start of his presentation, Sunil Abraham pointed to two aerial drawings of cybercafes: one where each computer was part of a private booth, and one where the computers were in the open so the screens would be visible to any one. Which layout would be more friendly to women, and why, Abraham wanted to know. Some participants selected the first option, liking the idea of the privacy, while others liked the second option so that the cybercafe owner would be able to monitor users’ activities.

Abraham said he was surprised no one said option one looked like masturbation booths, adding that in May, India passed rules prohibiting the first design option to avoid just such an issue. This is despite a survey conducted of female college students, who liked the idea of privacy in cybercafés that typically are male-dominated.

Cybercafes are just one of the areas impacted by India’s plan for collecting and using biometrics to create unique individual identification cards.

Abraham focused his presentation on activists’ efforts to counter the government’s myths about a unique identification (UID) program.

One campaign image showed two soldiers on the border asking for an east-Asian looking person’s identification. The way to balance, or rectify, the drawing, Abraham said, would be to allow citizens to be able to ask the soldiers for the identification information.

The campaign, “Rethink UID Project,” included several images illustrating various problems with the plan. For example, one said: “Central storage of keys is a bad idea, so is central storage of our biometrics.” As Abraham explained, if storing a copy of your housekey at the police station does not make us feel more secure, then why wouldn’t storing our biometrics with the government also make us a little more scared?

In the Indian scheme, Abraham said, the government says biometrics will be used as an authentication factor in order to prove your identity, but from a computer science perspective, it’s a bad idea because it is so easy to steal biometrics. And, as Abraham pointed out, if your biometrics are stolen, it’s not possible for you to re-secure it—it’s not like getting a new ATM card and password, he said.

If this system of national UID was designed using digital keys instead of biometrics, then we would have a completely different configuration, Abraham said.

Centralized storage is nonnegotiable, and therefore the process of authentification is done through a centralized database, but with digital keys or digital signatures, authentification could be done on a peer basis, so citizen could authenticate border guards and vice versa.

Another image from the “Rethink UID Project” campaign pointed out that “Technology cannot solve corruption.” As Abraham said, problems of corruption in the subsidy system (food, loans, education, employment guarantee act in rural India, etc) won’t be fixed with biometrics. For example, if biometric equipment is installed at fair-price shops, before the shop owner gives the grain, the citizen would have to present biometrics, which would go through a centralized server and be authenticated, then the citizen would get the grain, and ultimately there would be a record saying this particular citizen collected this amount of subsidized grain at this particular time.

But there are a whole range of ways shop owners can compromise the system, Abraham said.

The first way: 30-50 percent of India is illiterate, so shop owner can say the biometrics were rejected by the server and the citizen would not know better. Or, the owner can say there was no connectivity so authentification didn’t go through, or the owner could say there was no electricity so the system won’t work, or the shop owner could give just part of the grain that the citizen is due.

Corruption innovates and terrorism innovates—if technology innovates, so does corruption, as it is not a static phenomenon, Abraham said. You can’t wish away human beings from technological configurations.

One village will have multiple biometric readers.

Abraham said they have proposed an alternative schema: remove readers from the shop, school, hospital, bank, etc., and have only one scanner at the local governance hall. Instead of the citizen becoming transparent to the government, the government should become transparent to the citizen. The shop owners should make transparent which IDs they have given how much grain to, and only if they are going to dispute the ID of a citizen, can they go to the local government administrative office to prove the ID.

Another image from the “Rethink UID Project” campaign said, “The poor and the rich: who do we track first?”

Abraham explained that one problem in India is “black money,” or money for which you don’t pay taxes because the accounts are in fake names in order to store money. Like creating fake bank accounts, he said it also would be easy to create fake biometrics by combining the handprints and eyes of multiple people to get a second fake ID. Also the system could be hacked into and iris images Photoshopped. Ghost ideas also could be created and then sold off. Because the rich will get their IDs behind closed doors, Abraham said, it will be easy for them to get multiple IDs, but the poor will not be able to.

Referring to “tailgating,” or when one ID is card swiped to gain entrance for multiple people, such as swiping one metro card and then two people walking through, Abraham noted that the problem is that the tailgating only is seen as a problem when it’s at the bottom of the pyramid, such as one woman goes to the fair-price shop to collect grain for five or six families so only one person has to lose a day’s wage instead of all five or six losing a day’s wages. Tailgating at the bottom if the pyramid is usually a question of survival, he said.

Thus, another image from the campaign showed a pyramid and said, “Transparency at the top first…before transparency at the bottom.”

The first principle is that expectations of privacy should be inversely proportional to power, so people who are really powerful, like NGOs, politicians, or heads of corporations, should have less privacy, and people who have very little power should have more privacy, Abraham said.

Also, from a business perspective, the nation gets greater return on its investment if surveillance equipment is trained on people at the top of the pyramid to catch big-time corruption, he said.

Most of the panic around the UID is over the transaction database. Beyond a databse storing everyone’s biometrics, another database will track transactions: every time you buy a mobile phone or purchase a ticket or access a cyber cafe or subsidies, thanks to UID, there will a record made in the transaction database, Abraham said.

Abraham said it is important to note that surveillance is not an intrinsic part of information systems, but once surveillance is engineered into information systems, both those with good intentions or bad intentions can take advantage of that surveillance capability.

The UID means there will be 22 databases available to 12 intelligence agencies, he said.

So when a girl enters into a cybercafé, first she will have to provide her UID, and then the café owner will photocopy the card, then the owner has the right to take a photo of the girl using his own camera, then the owner is supposed to maintain browser logs of her computer for a period of one year.

So the question then is how to assure accountability without surveillance?

The first possibility, Abraham said, is partial storage. The transaction database could store half the data, and the central database could store the other half, so the full 360-view of the data would not be available without a court order.

The second solution is a transaction escrow, where every time a record is put into the main database, it will be encrypted using 2-3 keys, and only if 3 agencies cooperate with keys, can the information be decrypted. Thus, it is targeted surveillance, not blanket surveillance.

To conclude his presentation, Abraham divided participants into four groups in order to design surveillance systems for internet surveillance, mobile technologies, CCTVs, and border control.

Sharon Strover spoke on behalf of the CCTV group, saying they ended up with more questions than anything else. They agreed there should be notices when cameras are in use, there should be public knowledge of who is doing surveillance and who has access to the footage, and the data shouldn’t be sold. But the group couldn’t decide which spaces warranted CCTVs and which not.

Abraham then pointed out that the next generation of CCTVs can read everybody’s irises as they pass the cameras—it’s in the lab now, and 2-3 years from the market, he said.

Next, Andy Carvin spoke on behalf of the mobile technologies surveillance group. Whether or not capturing metadata or content as well, the mobile phone company can collect it, but it shouldn’t be able to keep any identifiable information for the person – it should only be able to look at information in the aggregate. The rest of the information should be shipped to a non-governmental organization or government agency specialized in privacy, and 2 keys would be required: one from the judiciary and one from the NGO or governmental agency.

Smári McCarthy reported back for the Internet surveillance group, pointing out that data retention has been useful in criminal cases less than 0.2 percent of the time in one study, and another showed there has been no statistically significant increase in the number of criminal cases solved because of data retention. So, he said, the group concluded there should be no blanket surveillance, only court orders in certain criminal cases that define who will be under surveillance and for how long. Also, they wanted to see a transparency register available so the public could be informed about how many people are under surveillance currently and throughout year and other general information, such as the success rate—how many of these surveillances have led to criminal convictions or similar.

Finally, Summer Harlow spoke on behalf of the border control group, which said scanning of checked- and carry-on luggage is acceptable, but there should be no luggage searches without specific probable cause from intelligence agencies or if the scans pick up weapons or other contraband. Similarly, people could be subject to spectrum scans and drug/bomb sniffing dogs for weapons and contraband, but again they would not be physically searched by border agents without probable cause. Also, people and luggage could not randomly be searched based on the country of their passport or their flight destination or origin.

In summary, Abraham said, surveillance is like salt in food: it is essential in small amounts, but completely counter-productive if even slightly excessive.

Download Sunil's presentation here [PDF, 1389 kb]
Sunil Abraham made the presentation at the Gary Chapman International School on Digital Transformation on 21 July 2011. The original news published by International School on Digital Transformation can be read here
Read the schedule here

For more details visit https://cis-india.org/news/uid-worlds-largest-database

Privacy Matters, Guwahati — Event Report

praskrishna — 2011-08-26T10:31:08Z

On June 23, a public seminar on “Privacy Matters” was held at the Don Bosco Institute in Karhulli, Guwahati. It was organised by IDRC, Society in Action Group, IDEA Chirang, an NGO initiative working with grassroots initiatives in Assam, Privacy India and CIS and was attended by RTI activists and grass roots NGO representatives from across the North Eastern region: Manipur, Arunachal Pradesh, Tripura, Nagaland, Assam and Sikkim. The event focused on the challenges and concerns of privacy in India.

Unfortunately many of the scheduled invitees had to drop out owing to developments on the Lokpal issue at the Centre, and simultaneously Guwahati was witnessing unrest following an agitation over land rights that left three persons dead.

Welcoming the participants, Prashant Iyengar, lead researcher for Privacy India, gave an introduction to the objectives of Privacy India, and briefed the gathering about the thematic “Privacy Matters” consultations previously held across the country in Kolkata, Bangalore and Ahmedabad. Mr. Iyengar also gave a background to issues that India is facing in concern with privacy, explaining the many contexts that privacy can be found in, and raising questions such as: Why is privacy important? How can it be maintained with the way technology is encroaching upon our lives? And how can we make privacy laws functional?

"Privacy objectives are to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. One of Privacy India’s goals is to build consensus towards the promulgation of a comprehensive privacy legislation in India through consultation with the public, legislators and the legal and academic community."

Prashant Iyengar, Privacy India.

Event Sessions

The structure of the event was one of open discussion, with presentations made by those who wanted to share. Throughout the day, the conversation fell into three main topics including: privacy and the RTI, privacy and the UID, and privacy and surveillance in the context of North East India.

Privacy and the RTI

Prashant Iyengar opened the discussion on privacy and the RTI by highlighting the tension between the need for transparency of the State, and the need to protect the privacy of public figures. For many participants privacy and transparency was a new concept that they had just started thinking about. Participant Rakesh (HRLN, Manipur) spoke on the shortcomings that he saw in the RTI Act noting that though the RTI brings some transparency to society, many citizens still do not understand the extent of their Right to Information as it is protected under the Act. Furthermore, the RTI Act is still not applied equally across the country, and the transparency that the RTI tries to achieve is still in very nascent stages. Lowang, a participant from Aru nachal Pradesh, shared the importance of drawing a line between privacy and transparency when it comes to information related to education and health. Anjuman Azra Begum, a research scholar working on indigenous people rights, noted the irony of the RTI as it is meant to bring transparency to the state, yet all ministers and MLA’s take an oath of secrecy, not transparency. Anjuman also spoke on the fact that the RTI often fails to protect the privacy of sensitive issues, such as sexual balance. She echoed Rakesh’s comment on the inaccessibility of the RTI, sharing that for a common person to exercise his/her rights is a very daunting task. Anthony Debbarmun, a human rights activist from Tripura noted that he felt that the North Eastern states are by and large seen as resource (land) by the centre and has shown no concern for citizens and their well-being. Government is seen as a dictator in this region, hence the question — Transparency for whom?, Privacy for Whom? The distinction between the transparency brought about by the RTI and individual privacy was also made. It was pointed out that the RTI is concerned with transparency of the State, but individual privacy is separate from this concept.

Personal Experiences Shared

Anjuman Azra Begum shared her sister’s experience with the RTI. Her sister had applied for a job in 2008. Their family filed an RTI for details of the procedure, but was denied details by the RTI officer, who said that furnishing details would violate the privacy of other candidates. This example raises questions about when it is appropriate for RTI officers to withhold information in the name of privacy, and what mechanisms can be put in place to ensure that the RTI does not use privacy as a way to deny information. Lowang also shared his experience with the RTI. He had filed an RTI asking for answer sheets because he doubted the appointment of police personnel. He was told that the cost in total would be Rs.2000, when in reality each sheet costs Rs.2 — the misconstruing of facts was another example of how RTI officials restrict access information indirectly. From these examples the concern about RTI officials using privacy as an excuse to deny information was brought to the surface. To highlight the problems with the current implementation of the RTI and the lack of basic knowledge of how to use the RTI Mhao Lotha from the DICE Foundation shared a personal experience of his friend who had filed an RTI against the fishery department, and the RTI official simply shouted at her. L. Rima told a similar story as Mhao Lotha. In her experience the RTI is good in theory, but in practice it has become a commercial platform, where officers pay money to applicants for RTI cases to be taken off.

From the discussion and the shared experiences it was clear that the RTI, although a strong law on paper, still faces many challenges in implementation that a privacy law could also face, and that the fact that if more privacy is brought into the RTI, it will become yet another way for the State to avoid disclosing information.

Questions to Consider

Can a privacy law be made to be functional in the same way that the RTI is functional?
In terms of the RTI who should have more privacy? Who should be more transparent? Can NGOs be held accountable under the RTI?
What mechanism should be established to enforce the balance between privacy and transparency?

Privacy and Security/Law Enforcement in the North East of India

Another important discussion held during the conference was the practices of law enforcement in the North East, security, and privacy. Because the North East is in a state of armed conflict several laws such as the Armed Forces Special Powers Act, Sedition Act and provisions in the IPC give immunity to security forces. This has led to gross violation of citizens’ privacy by law enforcement agencies — as the acts give large amounts

of power to law enforcement agencies with little or no accountability, and the acts are often misused. Furthermore, the security laws that exist in the North East explicitly prohibit access to individual personal information. For example, in the Assam Police Manual, which is followed by police in the North East — no papers can be given out to the public except to the investigation officer — this includes personal information such as medical records and post-mortem reports. Anjuman shared an example of how this rule violates individual privacy. In her example, a victim was not allowed access her own medical report, but her medical records were being circulated among police, doctors, and media. This example highlights how privacy and the right to information can go hand in hand as it was the victim’s right to access her own medical file, and at the same time getting access to her own medical file is an act of personal privacy protection.

Personal Experiences Shared

Participants shared how individual privacy is often violated by the army, as it is allowed to enter and search any space without warrant, if there is any type of “suspicion”. They also shared how phone tapping and random monitoring is a common practice by both the army and civil police. For example, one day the police recorded a conversation by Director of the Police, Wireless who was giving a lecture on how to lead an effective agitation. The transcript was handed to the high court and the director punished. Other examples include policemen frisking women in public, newspapers publishing police frisking women in public, and law enforcement agencies compelling pregnant women to give birth in open in front of people. The discussion surrounding privacy and security/law enforcement highlighted an important way in which privacy is violated in the North East. The unregulated action of law enforcement acts as a very real and dangerous way in which individual privacy is violated on a daily basis.

Questions to Consider

Can privacy legislation regulate the acts of law enforcement agencies?
Will privacy legislation be implemented differently in the North East because of the armed conflict?
Will a privacy law supersede other laws such as the AFSPA?

Privacy and the UID

During the conference the discussion also briefly focused on the UID and privacy. It was shared that there had yet to be UID consultations in the North East of India. The only information individuals had about the UID was that it was going to allow individuals to access BPL benefits more easily.

Questions around the UID included: why is the UID needed for citizens living within their own country? How will the UID impact and help families who send their children to gather rations from the ration shops? What is the connection between the UID and the expected privacy law? What is the connection between the UID and intelligence agencies? What would UID mean to people living in border areas?

Conclusion

Privacy as a Fundamental Right

In the closing discussion Prashant Iyengar shared different examples of privacy in Indian case law, and the various ways in which the Supreme Court has defined privacy as a right that is implicit in the right to life. The participants discussed what privacy means to them, and what they thought a right to privacy should entail. Among the points raised, it was brought up that privacy should be a right that is legally protected for sovereign individuals. The law should also include parameters and limitations in order to protect an individual’s autonomy. Furthermore, privacy should be understood and linked to the concept of human rights and individual rights. From the closing session, and the above sessions many themes and questions pertaining to privacy came out that will need to be addressed when considering the way forward for a privacy legislation including:

Property rights and privacy
Privacy rights of minorities
Privacy and the UID
Privacy and law enforcement agencies
Privacy as a fundamental right
The interplay of privacy law and traditional law

Download the Event Report here [PDF, 178 kb]

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-guwahati-report

NYT lauds Oommen Chandy’s 24/7 office webcast

praskrishna — 2011-07-20T07:06:21Z

The Kerala chief minister Mr Oommen Chandy’s much hyped 24/7 webcast of his office has received global attention with the New York Times coming out with an article on the initiative.

The paper has termed the web-streaming of the chief minister’s office as an anti corruption experiment.

"In an India beset by kickbacks scandals at the highest reaches of the government, and where petty bribes at police stations and motor vehicles departments are often considered as a matter of course, Oommen Chandy is making an online stand," the article points out.

But the paper also quotes Mr Sunil Abraham, the executive director of Bengaluru based Centre for Internet and Society, who finds the effort no more than tokenism.

However, Mr Abraham says, "This type of tokenism is also quite useful as it might check the behaviour of not only the chief minister but also his underlings and the powerful executives and politicians who come to visit him."

Mr Abraham says webcams might be far more powerful tool if installed in police stations, drivers licenses offices, welfare agencies and other places where people interact with officials who sometimes demand bribe to do routine work.

However, he adds that the people who intent to pay bribe could probably still do it outside the offices.

This news was published in the Deccan Chronicle on 19 July 2011. It can be read here

For more details visit https://cis-india.org/news/nyt-lauds-oommen-chandy

Right to Privacy Bill 2010 — A Few Comments

elonnai — 2012-03-22T06:26:14Z

Earlier this year, in February 2011, Rajeev Chandrasekhar introduced the Right to Privacy Bill, 2010 in the Rajya Sabha. The Bill is meant to “provide protection to the privacy of persons including those who are in public life”. Though the Bill states that its objective is to protect individuals’ fundamental right to privacy, the focus of the Bill is on the protection against the use of electronic/digital recording devices in public spaces without consent and for the purpose of blackmail or commercial use.

Specific Recommendations

The use of electronic recording devices in public is an important and expansive aspect of privacy, which is yet to be directly covered by Indian law. Though the Bill addresses the basic usage of electronic devices with built-in cameras, it frames the violation as a personal violation. In doing so, the Bill has taken a punitive approach, making it criminal to take photographs in situations outside of the laid-out regulations, rather than protective in nature, i.e., working to protect individuals from harassment and blackmail, and offer forms of redress to those damaged.

The Bill fails to address scenarios such as Google street view, satellite photographs, news channels, and live feeds at events and conferences. In these situations live data is being transmitted and posted on the Web for public to view by the media. When looking at the dilemma of photographs being taken in public by the media, the privacy interests are different to those that are based on control of personal information alone. They are substantive, as opposed to informational, and engage directly with individual dignity, autonomy, and the freedom of expression. For example, the interest in freedom of expression encompasses both those of the photographers and journalists producing material for his/her journal. Can a journalist print a photograph taken in a public space — of a public figure, which the public figure did not consent to, and which that person considers defamatory?

Interestingly, Europe has strong laws regulating the taking of photographs in public spaces, but these rules are covered by the Protection from Harassment Act, 1997 (UK), which speaks specifically to the media’s behaviour towards public figures — or they fall under a tort of misuse. In the US taking photographs only becomes an issue in the use of the photograph. Essentially anyone can be photographed without consent except when they have secluded themselves in places where they have a reasonable expectation of privacy such as dressing rooms, restrooms, medical facilities, or inside a private residence. This legal standard applies regardless of the age, sex, or other attributes of the individual. Once a photograph is taken, and if that photograph is used for commercial gain without consent or publicizes an otherwise private person inappropriately, then that person can be held liable under the tort of misappropriation.

Specific Comments to the Bill

Misguiding Title

The title of the Bill is, the Personal Data Protection Bill, 2006," but the scope of the Bill is focused on regulating the use of electronic recording devices, and it does not include many aspects of privacy. So we recommend that the title of the Bill be modified to "The Electronic Recording Devices Bill, 2010".

Inappropriate Blanket Use of Privacy

The introduction to the Bill states that its purpose is "for the protection of the right to privacy of persons including those who are in public life so as to protect them from being blackmailed or harassed or their image and reputation being tarnished in order to spoil their public life and for the prevention of misuse of digital technology for such purposes and for matters connected therewith and incidental thereto."

Comment: Notwithstanding the fact that violations of privacy extend beyond blackmail, harassment, and defamation, and that digital technologies are not the only vehicles for privacy violations, it is important to qualify that privacy is not a blanket right, and that for public persons, the privacy that they are afforded is determined by balancing their interest against the public interest.

Narrow Definition of Public Figures

Section 2 (b) of the Bill states: "persons in public life" includes the representatives of the people in Parliament, state legislatures, local self government bodies, and office bearers of recognized political parties

Comment: Persons in public life include persons beyond the political sphere, specifically those in higher positions that influence the behaviour, lifestyles, and culture of the general population. Thus, we recommend that this definition be extended to include actors, actresses, athletes, artists, and musicians, CEOs, and authors.

Insufficient Limits to the Right to Privacy

Section 3 (1) states: “Notwithstanding anything contained in any other law for the time being in force every person, including persons in public life, shall have the right to privacy which shall be exclusive, unhindered and there shall be no unwarranted infringement thereof by any other person, agency, media or anyone:

Provided that sub-section (1) of section 3 shall not apply in cases of corruption, and misuse of official positions by persons in public life.

Comment: We recommend that the right to privacy, as any right, need not be identified as exclusive or unhindered. The right to privacy must be determined on a case by case basis relative to the public interest, and, while cases of corruption and misuse of official position by persons in public life certainly qualify, they do not encompass the wider variety of situations in which an individual’s right to privacy should be limited. For instance, if a public figure speaks out on an issue in a way that contradicts an earlier position that was captured on video, shouldn’t that be allowed to be made public? If a public figure is photographed in a morally questionable position, shouldn’t that be allowed to be made public? Indeed, even for private individuals, privacy is a matter of context. In airports and other sensitive public places it is commonly accepted that an individual’s right to privacy can be limited. If an individual has a disease such as HIV, under what circumstances should some or all of the greater public should be informed and their right to privacy may be limited?

Limited Scope of Technology

Section 4 of the Bill states: "No person shall use a cellular phone with an inbuilt camera, if it does not produce a sound of at least 65 decibels and flash a light when used to take a picture of any object or person, as the case may be.

Comment: We recommend that this clause clarifies if only cellular phones, and not cameras, computers, or other devices with built-in cameras are required to produce the sound of at least 65 decibels.

Overly Complicated Clauses

Section 5 of the Bill states: Notwithstanding anything contained in any other law for the time being in force, no person shall make digital recording or take photographs or make videography in any manner whatsoever of:

Section 5(a): any part or whole of a human body which is unclothed or partially clothed without the consent of the person concerned.

Section 5 (b): any part or whole of a human body at any public place without the consent of the person concerned and

Section 5 (c): the personal and intimate relationship of any couple in a home, hotel, resort, or any place within the four walls by hidden digital or other cameras and such other instruments, or any place within the four walls by hidden digital cameras and such other instruments…with the intent of blackmail or of making commercial gains from it or otherwise.

Comment: Section 5 currently lists certain circumstances in which photographs are not allowed to be taken of individuals in public without consent if they are to be used for the purpose of commercial gain or blackmail. Blackmail or commercial gains are not the only ways in which digital recordings of people can be misused. Certainly, taking such pictures to post for purposes of hurting one’s reputation or causing humiliation is as reprehensible as taking pictures for commercial gain, so the provision is too narrow. It may also be overboard, because a person may be captured in an artistic or political photograph but have, for example, bare arms or legs. That would be a picture of a part of a human body at a public place. We recommend that the list of offences include misappropriation and false light, and that the manner of the picture-taking not be limited to clauses (a) to (c) above.

Section 5 is the first instance in which the use of digital recordings for commercial gain has been mentioned as a violation in the Bill. We recommend that commercial gain as a violation should be added to the introduction of the Bill.

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-bill-2010

Transparent Government, via Webcams in India

praskrishna — 2011-07-21T05:41:53Z

THIRUVANANTHAPURAM, India — Little Brother is watching you. That is the premise for the webcam that a top government official here has installed in his office, as an anticorruption experiment. Goings-on in his chamber are viewable to the public, 24/7.

The chief minister of Kerala state in India has installed a webcam in his office and puts the feed online as an anticorruption measure.

In an India beset by kickback scandals at the highest reaches of government, and where petty bribes at police stations and motor vehicle departments are often considered a matter of course, Oommen Chandy is making an online stand.

"Instead of taking action against corruption, I believe that we have to create an atmosphere where everything should be in a transparent way," Mr. Chandy, who recently became chief minister of Kerala state after his coalition won a close election, said in an interview in his office. "The people must know everything."

About 100,000 visitors logged in to the video feed on the day it began, July 1. And through last Friday afternoon, it had been visited by 293,586 users.

The chief minister — equivalent to an American governor — gave the interview during a break in negotiations with leaders of the state’s private colleges over the fees they can charge students.

Although the proceedings were being streamed on his office’s Web site, as with everything captured by the webcam there was no audio. (The minister says he wants visitors and aides to speak freely when they meet him.)

Sunil Abraham, the executive director of the Center for Internet and Society in Bangalore, said he applauded Mr. Chandy’s webcams, even if the effort amounted to no more than tokenism.

"This type of tokenism is also quite useful," said Mr. Abraham, predicting it might check the behavior of not only the chief minister, but also his underlings and the powerful executives and politicians who come to visit him.

Of course, he noted, if people are intent on paying bribes, they could probably still do it outside the office.

Mr. Abraham said webcams might be a far more powerful tool if installed in police stations, drivers’ licenses offices, welfare agencies and other places where Indians interact with officials who sometimes demand bribes to do routine work. A few agencies around the country have started such surveillance, he said, but most have not.

Mr. Chandy’s effort comes as India has been racked by one corruption scandal after another. A former federal telecommunications minister is sitting in jail on charges that he gave cellphone licenses to favored companies, costing the government as much as $40 billion. Several corporate executives, an official involved in planning the Commonwealth Games and the scion of a political family are also behind bars while being tried on various corruption charges.

But transparency is tedious. For most of the day, as the videos stream from the Chandy chambers, the chief minister is either out of the office or sitting with aides and other politicians. The video from a second camera, trained on the outside chamber, shows aides at their desks answering phones or staring into their computer screens.

A career politician and a member of the ruling Congress party, Mr. Chandy, 67, had a webcam in his office when he was chief minister for two years from 2004 to 2006. But his successor, the leader of a communist coalition government, removed the device when he took over. Now in the opposition, the communists deride the webcams as a publicity stunt.

But others see virtue in such efforts, even if the details are still being refined.

In Bangalore, the top executive of a government-owned electricity utility has been using a webcam in his office. The official, P. Manivannan, said he was now installing a "hemispheric" camera that would capture the goings-on in his entire office rather than just show his visitors.

But he said he would no longer broadcast the video stream to the Web site of the Bangalore Electricity Supply Company.

"I have been getting a lot of brickbats because of the cameras,” Mr. Manivannan said in a telephone interview. "My colleagues were telling me, 'What are you trying to prove — that you are the only honest one?' "

Once the new camera is installed, Mr. Manivannan said it would record everything. But anyone interested in viewing segments of the video would have to request the clips, at no cost. That should ease tension in the office, he said, while still keeping things on the up and up.

He said he had success with a similar camera when he was in the city government and some politicians threatened to call a strike unless he reinstated a fired employee. The politicians backed off, Mr. Manivannan said, when he threatened to give a recording of their meeting to local television stations.

"I definitely believe that putting a camera helps you prove that you are accountable," he said. "I would be very happy if tomorrow the government of India decided you must have a camera."

A version of this article appeared in print on July 18, 2011, on page B3 of the New York edition with the headline: Transparent Government, Via Webcams in India.

This news by Vikas Bajaj was published in the New York Times on 17 July 2011. It can be read here. (Photo of Oommen Chandy, the Chief Minister of Kerala taken by Sanjit Das for the New York Times)

The above news was published in other languages as well:

Read the news in wprost here [Polish]
Read the news in ictnews here [Vietnamese]
Read the news in@rret sur images here [French]

For more details visit https://cis-india.org/news/transparent-government-india

Privacy & Media Law

Sonal Makhija — 2012-12-14T10:26:51Z

In her research, Sonal Makhija, a Bangalore-based lawyer, tries to delineate the emerging privacy concerns in India and the existing media norms and guidelines on the right to privacy. The research examines the existing media norms (governed by Press Council of India, the Cable Television Networks (Regulation) Act, 1995 and the Code of Ethics drafted by the News Broadcasting Standard Authority), the constitutional protection guaranteed to an individual’s right to privacy upheld by the courts, and the reasons the State employs to justify the invasion of privacy. The paper further records, both domestic and international, inclusions and exceptions with respect to the infringement of privacy.

Introduction

Last year’s satirical release, Peepli [Live], accurately captured what takes place in media news rooms. The film revolves around a debt-ridden farmer whose announcement to commit suicide ensue a media circus. Ironically, in the case of the Radia tapes, the same journalists found themselves in the centre of the media’s frenzy-hungry, often intrusive and unverified style of reporting.[1] Exposés, such as, the Radia tapes and Wikileaks have thrown open the conflict between the right to information, or what has come to be called ‘informational activism’, and the right to privacy. Right to information and the right to communicate the information via media is guaranteed under Article 19(1) (a) of the Constitution of India. In State of Uttar Pradesh v Raj Narain,[2] the Supreme Court of India held that Article 19(1) (a), in addition, to guaranteeing freedom of speech and expression, guarantees the right to receive information on matters concerning public interest. However, more recently concerns over balancing the right to information with the right to privacy have been raised, especially, by controversies like the Radia-tapes.

For instance, last year Ratan Tata filed a writ petition before the Supreme Court of India alleging that the unauthorised publication of his private conversations with Nira Radia was in violation of his right to privacy. The writ, filed by the industrialist, did not challenge the action of the Directorate-General of Income Tax to record the private conversations for the purpose of investigations. Instead, it was challenging the publication of the private conversations that took place between the industrialist and Nira Radia by the media. Whether the publication of those private conversations was in the interest of the public has been widely debated. What the Tata episode brought into focus was the need for a law protecting the right to privacy in India.

India, at present, does not have an independent statute protecting privacy; the right to privacy is a deemed right under the Constitution. The right to privacy has to be understood in the context of two fundamental rights: the right to freedom under Article 19 and the right to life under Article 21 of the Constitution.

The higher judiciary of the country has recognised the right to privacy as a right “implicit in the right to life and liberty guaranteed to the citizens of this country by Article 21”. The Indian law has made some exceptions to the rule of privacy in the interest of the public, especially, subsequent to the enactment of the Right to Information Act, 2005 (RTI). The RTI Act, makes an exception under section 8 (1) (j), which exempts disclosure of any personal information which is not connected to any public activity or of public interest or which would cause an unwarranted invasion of privacy of an individual. What constitutes an unwarranted invasion of privacy is not defined. However, courts have taken a positive stand on what constitutes privacy in different circumstances.

The purpose of this paper is to delineate the emerging privacy concerns in India and the existing media norms and guidelines on the right to privacy. At present, the media is governed by disparate norms outlined by self-governing media bodies, like the Press Council of India, the Cable Television Networks (Regulation) Act, 1995 and the Code of Ethics drafted by the News Broadcasting Standard Authority (NBSA). The paper examines the existing media norms, constitutional protection guaranteed to an individual’s right to privacy and upheld by courts, and the reasons the State employs to justify the invasion of privacy. The paper records, both domestic and international, inclusions and exceptions with respect to the infringement of privacy.

The paper traces the implementation of media guidelines and the meanings accorded to commonly used exceptions in reporting by the media, like, ‘public interest’ and ‘public person’. This paper is not an exhaustive attempt to capture all privacy and media related debates. It does, however, capture debates within the media when incursion on the right to privacy is considered justifiable. The questions that the paper seeks to respond to are: When is the invasion on the right to privacy defensible? How the media balances the right to privacy with the right to information? How is ‘public interest’ construed in day-to-day reporting? The questions raised are seen in the light of case studies on the invasion of privacy in the media, the interviews conducted with print journalists, the definition of the right to privacy under the Constitution of India and media’s code of ethics.

Constitutional Framework of Privacy

The right to privacy is recognised as a fundamental right under the Constitution of India. It is guaranteed under the right to freedom (Article 19) and the right to life (Article 21) of the Constitution. Article 19(1) (a) guarantees all citizens the right to freedom of speech and expression. It is the right to freedom of speech and expression that gives the media the right to publish any information. Reasonable restrictions on the exercise of the right can be imposed by the State in the interests of sovereignty and integrity of the State, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence. Article 21 of the Constitution provides, "No person shall be deprived of his life or personal liberty except according to procedure established by law." Courts have interpreted the right to privacy as implicit in the right to life. In R.Rajagopal v. State of T.N.[3]; and PUCL v. UOI[4], the courts observed that the right to privacy is an essential ingredient of the right to life.

For instance, in R. Rajagopal v State of Tamil Nadu, Auto Shankar — who was sentenced to death for committing six murders — in his autobiography divulged his relations with a few police officials. The Supreme Court in dealing with the question on the right to privacy, observed, that the right to privacy is implicit in the right to life and liberty guaranteed to the citizens of the country by Article 21. It is a ‘right to be left alone.’ "A citizen has a right to safeguard the privacy of his own, his family, marriage, procreation, motherhood, child-bearing and education among other matters.” The publication of any of the aforesaid personal information without the consent of the person, whether accurate or inaccurate and ‘whether laudatory or critical’ would be in violation of the right to privacy of the person and liable for damages. The exception being, when a person voluntarily invites controversy or such publication is based on public records, then there is no violation of privacy.

In PUCL v. UOI,[5]which is popularly known as the wire-tapping case, the question before the court was whether wire-tapping was an infringement of a citizen’s right to privacy. The court held that an infringement on the right to privacy would depend on the facts and circumstances of a case. It observed that, "telephone conversation is an important facet of a man's private life. Right to privacy would certainly include telephone-conversation in the privacy of one's home or office. Telephone-tapping would, thus, infract Article 21 of the Constitution of India unless it is permitted under the procedure established by law." It further observed that the right to privacy also derives from Article 19 for "when a person is talking on telephone, he is exercising his right to freedom of speech and expression."

In Kharak Singh v. State of U.P,[6] where police surveillance was being challenged on account of violation of the right to privacy, the Supreme Court held that domiciliary night visits were violative of Article 21 of the Constitution and the personal liberty of an individual.

The court, therefore, has interpreted the right to privacy not as an absolute right, but as a limited right to be considered on a case to case basis. It is the exceptions to the right to privacy, like ‘public interest’, that are of particular interest to this paper.

International Conventions

Internationally the right to privacy has been protected in a number of conventions. For instance, the Universal Declaration of Human Rights, 1948 (UDHR) under Article 12 provides that:

"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, or to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

The UDHR protects any arbitrary interference from the State to a person’s right to privacy. Similarly, International Covenant on Civil and Political Rights, 1976 (ICCPR) under Article 17 imposes the State to ensure that individuals are protected by law against “arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. [7]

Thus, ensuring that States enact laws to protect individual’s right to privacy. India has ratified the above conventions. The ratification of the Conventions mandates the State to take steps to enact laws to protect its citizens. Although, human right activists have periodically demanded that the State take adequate measures to protect human rights of the vulnerable in society, the right to privacy has received little attention.

Similarly, Article 16 of the Convention on the Rights of the Child (CRC) provides protection to a minor from any unlawful interference to his/her right to privacy and imposes a positive obligation on States who have ratified the convention to enact a law protecting the same. India does have safeguards in place to protect identity of minors, especially, juveniles and victims of abuse. However, there are exceptions when the law on privacy does not apply even in case of a minor.

The right to privacy, therefore, is not an absolute right and does not apply uniformly to all situations and all class of persons. For instance, privacy with respect to a certain class of persons, like a person in public authority, affords different protection as opposed to private individuals.

Public Person

In case of a representative of the public, such as a public person, the right to privacy afforded to them is not of the same degree as that to a private person. The Press Council of India (PCI) has laid down Norms of Journalistic Conduct, which address the issue of privacy. The PCI Norms of Journalistic Conduct, recognises privacy as an inviolable human right, but adds a caveat; that the degree of privacy depends on circumstances and the person concerned.

In the landmark judge’s asset case, CPIO, Supreme Court of India vs Subhash Chandra Agarwal,[8] the court recognised the tension between the right to information and the right to privacy, especially, with respect to public persons. The case arose from an application filed by a citizen who was seeking information under the RTI Act on whether judges of high courts and Supreme Court were filing asset declarations in accordance with full resolution of the Supreme Court. The court held that information concerning private individuals held by public authority falls within the ambit of the RTI Act. It remarked that whereas public persons are entitled to privacy like private persons, the privacy afforded to private individuals is greater than that afforded to those in public authority, especially in certain circumstances.

The court commented:

"A private citizen's privacy right is undoubtedly of the same nature and character as that of a public servant. Therefore, it would be wrong to assume that the substantive rights of the two differ. Yet, inherent in the situation of the latter is the premise that he acts for the public good, in the discharge of his duties, and is accountable for them. The character of protection, therefore, afforded to the two classes — public servants and private individuals, is to be viewed from this perspective. The nature of restriction on the right to privacy is therefore, of a different order; in the case of private individuals, the degree of protection afforded is greater; in the case of public servants, the degree of protection can be lower, depending on what is at stake."

In testing whether certain information falls within the purview of the RTI Act, the court said one should consider the following three tests:

whether the disclosure of the personal information is with the aim of providing knowledge of the proper performance of the duties and tasks assigned to the public servant in any specific case;
whether the information is deemed to comprise the individual's private details, unrelated to his position in the organization, and,
whether the disclosure will furnish any information required to establish accountability or transparency in the use of public resources.

Would this rule hold true for information on relatives/ friends of public persons? The rule is that, unless, private information on relatives/friends of public person’s impacts public interest and accountability, the information should not be revealed.

In 2010, the media reported that Sunanda Pushkar, a close friend of the Minister of State for External Affairs, Shashi Tharoor, holds a significant holding in the IPL Kochi team. The media exposure led to the exit of Shashi Tharoor from the government. While the media’s questioning of Pushkar’s holdings was legitimate, the media’s reporting on her past relationships and how she dressed had no bearing on public interest or accountability.[9] The media accused Pushkar of playing proxy for Tharoor in the Rs. 70 crore sweat equity deal. Much of the media attention focussed on her personal life, as opposed to, how she attained such a large stake in the IPL Kochi team. It minutely analysed her successes and failures, questioned her ability and accused her of having unbridled ambition and greed for money and power.[10]

If one was to consider the rules of privacy set by the court in the judges assets’ case much of the personal information published by the media on Tharoor and Pushkar, failed to shed light on the IPL holdings or the establishment of the nexus between the IPL holdings and the government involvement.

The tests delineated by the court in considering what personal information regarding a public authority may be shared under the RTI Act, can be adopted by the media when reporting on public officials. If personal information divulged by the media does not shed light on the performance of a public official, which would be of public interest, then the information revealed violates the standards of privacy. Personal details which have no bearing on public resources or interests should not be published.

The media coverage of the Bombay terror attacks displayed the same lack of restraint, where the minutest details of a person’s last communication with his/her family were repeatedly printed in the media. None of the information presented by the media revealed anything new about the terror attack or emphasised the gravity of the attack.

A senior journalist, who talked off the record and reported on the Mumbai terror attacks, agreed that the media overstepped their limits in the Mumbai terror attacks. As per her, violation of privacy takes place at two stages: the first time, when you overstep your boundaries and ask a question you should not have, and the second, when you publish that information. Reflecting on her ten years of reporting experience, she said, “Often when you are covering a tragedy, there is little time to reflect on your reporting. Besides, if you, on account of violating someone’s privacy, choose not to report a story, some competing paper would surely carry that story. You would have to defend your decision to not report the story to your boss.” The competitiveness of reporting and getting a story before your competitor, she agreed makes even the most seasoned journalists ruthless sometimes. Besides, although PCI norms exist, not many read the PCI norms or recall the journalistic ethics when they are reporting on the field.[11]

The PCI Norms reiterate that the media should not intrude "the privacy of an individual, unless outweighed by genuine overriding public interest, not being a prurient or morbid curiosity."[12] The well accepted rule, however, is that once a matter or information comes in the public domain, it no longer falls within the sphere of the private. The media has failed to make the distinction between what is warranted invasion of privacy and what constitutes as an unwarranted invasion of privacy. For instance, identity of a rape or kidnap victim that would further cause discrimination is often revealed by the media.

Safeguarding Identity of Children

The Juvenile Justice (Care and Protection of Children) Act lays down that the media should not disclose the names, addresses or schools of juveniles in conflict with the law or that of a child in need of care and protection, which would lead to their identification. The exception, to identification of a juvenile or child in need of care and protection, is when it is in the interest of the child. The media is prohibited from disclosing the identity of the child in such situations.

Similarly, the Convention on the Rights of the Child (CRC) stipulates that:

Article 16

No child shall be subjected to arbitrary or unlawful interference with his or her privacy, family, or correspondence, nor to unlawful attacks on his or her honour and reputation.
The child has the right to the protection of the law against such interference or attacks.

Article 40 of the Convention, states that the privacy of a child accused of infringing penal law should be protected at all stages of the proceedings.

Almost all media, print and broadcast, fail to observe these guidelines. Prashant Kulkarni[13] (name changed), who was a photographer with Reuters a few years ago, said that in Reuters photographs taken by photojournalists could not be altered or edited, to ensure authenticity.

As far as taking photographs of certain vulnerable persons is concerned, he admitted to photographing street children who are drug addicts on the streets of Mumbai. The photographs were published by Reuters. However, when he was on an assignment for an NGO working with children, the NGO cautioned him about photographing children who are drug addicts, to protect their identity. Similarly, identity of HIV and AIDS patients, including children, should be protected and not revealed. Children affected with HIV and AIDS should not be identified by name or photograph, even if consent has been granted by the minor’s parents/guardian.

As a rule, Kulkarni said, he does not seek consent of individuals when he is taking their photographs, if they are in a public place. If they do not object, the assumption is that they are comfortable with being photographed. The PCI norms do not expressly provide that consent of a person should be sought. But, journalists are expected to exercise restraint in certain situations. Likewise, identifying juveniles in conflict with law is restricted. This includes taking photographs of juveniles that would lead to their identification.

Kulkarni, who extensively covered the Bombay train blasts in 2006, explains, "At the time of the Bombay train explosions, I avoided taking pictures that were gory or where dead people could be identified. However, I did take photographs of those injured in the blast and were getting treated in government hospitals. I did not expressly seek their consent. They were aware of being photographed. That is the rule I have applied, even when I was on an assignment in West Africa. I have never been on an assignment in Europe, so am not sure whether I would have applied the same rule of thumb. Nonetheless, now as a seasoned photographer, I would refrain from taking pictures of children who are drug addicts."

Safeguarding Identity of Rape Victims

Section 228A of the Indian Penal Code makes disclosure of the identity of a rape victim punishable. In the recent Aarushi Talwar murder case and the rape of an international student studying at the Tata Institute of Social Sciences (TISS) the media frenzy compromised the privacy of the TISS victim and besmirched the character of the dead person.[14] In the TISS case, the media did not reveal the name of the girl, but revealed the name of the university and the course she was pursuing, which is in violation of the PCI norms. In addition to revealing names of individuals, the PCI norms expressly states that visual representation in moments of personal grief should be avoided. In the Aarushi murder case, the media repeatedly violated this norm.

The media in both cases spent enough newsprint speculating about the crimes. Abhinav Pandey[15] (name changed), a senior journalist reporting on crime, agrees that the media crossed its boundaries in the TISS case by reporting sordid details of how the rape took place. "Names of victims of sexual crime cannot be reported. In fact, in many instances the place of stay and any college affiliation should also be avoided, as they could be easily identified. Explicit details of the offence drawn from the statement given by the victim to the police are irrelevant to the investigation or to the public at large. Similarly, names of minors and pictures, including those of juveniles, have to be safeguarded."

"Crime reporters receive most of their stories from the police. Therefore, one has to be careful before publishing the story. At times in the rigour of competitive journalism, if you decide to publish an unverified story, as a good journalist you should present a counter-point. As a seasoned journalist it is easy to sense when a story is being planted by the police. If you still want to carry the story, one has to be careful not to taint the character of a person," he adds.

"For instance, in my reporting if I find that the information will not add to the investigation, I will not include it in my copy. Last year, we had anonymous letters being circulated among crime reporters which alleged corruption among senior IPS officers. Instead of publishing the information contained in those letters with the names of the IPS officers, we published a story on corruption and cronyism on IPS officers. In the Faheem Ansari matter, who was an accused in the 26/11 trial, I had received his email account password. Accessing his account also amounts to violation of privacy. But, we only published the communication between him and some handlers in Pakistan, which we knew would have an impact on the investigation. Our job requires us to share information in the public domain, sometimes we would violate privacy. Nonetheless, one has to be cautious."

Trial by Media & Media Victimisation

The PCI norms lay down the guidelines for reporting cases and avoiding trial by media. The PCI warns journalists not to give excessive publicity to victims, witnesses, suspects and accused as that amounts to invasion of privacy. Similarly, the identification of witnesses may endanger the lives of witnesses and force them to turn hostile. Zaheera Sheikh, who was a key witness in the Gujarat Best Bakery case, was a victim of excessive media coverage and sympathy. Her turning hostile invited equal amount of media speculation and wrath. Her excessive media exposure possibly endangered her life. Instead, of focussing on the lack of a witness protection program in the country, the media focussed on the twists and turns of the case and the 19 year old’s conflicting statements. The right of the suspect or the accused to privacy is recognised by the PCI to guard against the trial by media.

Swati Deshpande,[16] a Senior Assistant Editor (Law) at the Times of India, Mumbai, observes that, “As a good journalist one will always have more information than required, but whether you publish that information or exercise restraint is up to you.” In a span of 11 years of court reporting, as per her, there have been instances when she has exercised the option of not reporting certain information that could be defamatory and cannot be attributed. If an allegation is made in a court room, but is not supported by evidence or facts, then it is advisable that it be dropped from the report.

"In the Bar Dancers’ case which was before the Bombay High Court, the petition made allegations of all kinds against certain ministers. I did not report that, although I could have justified it by saying it is part of the petition, and I was just doing my job. The allegation was neither backed by facts nor was it of public interest. As a rule one should report on undisputed facts. Then again, with court reporting one is treading on safer grounds, as opposed to other beats."

"In cases of rape when facts are part of the judgement, you report facts that are relevant to the judgement or give you an insight on why the court took a certain view and add value to the copy. One should avoid a situation where facts revealed are offensive or reveal the identity of the victim. The past history of both the victim and the accused should not be reported."

She admitted, that "Media reporting often gives the impression that the accused has committed the crime or the media through its independent investigation wing has found a particular fact. When in fact, it has relied entirely on the information given by the police and failed to question or verify the facts by an independent source. The result is that most crime reporting is one-sided, because the information received from the police is rarely questioned."

As per her, to a certain degree the publication of Tata–Radia conversations did violate Tata’s privacy. "Media needs to question itself prior to printing on how the information is of public interest. Of course, as a journalist you do not want to lose out on a good story, but there needs to be gate keeping, which is mostly absent in most of the media today."

In the Bofors pay-off case[17] the High Court of Delhi, observed that, “The fairness of trial is of paramount importance as without such protection there would be trial by media which no civilised society can and should tolerate. The functions of the court in the civilised society cannot be usurped by any other authority.”[18] It further criticised the trend of police or the CBI holding a press conference for the media when investigation of a crime is still ongoing. The court agreed that media awareness creates awareness of the crime, but the right to fair trial is as valuable as the right to information and freedom of communication.

The 200th report of the Law Commission dealt with the issue of Trial by media: Free Speech vs Fair Trial under Criminal Procedure. The report, focussed on the pre-judicial coverage of a crime, accused and suspects, and how it impacts the administration of justice. The Contempt of Courts Act, under section 2 defines criminal contempt as:

"…the publication, (whether by words, spoken or written or by signs, or by visible representations, or otherwise), of any matter or the doing of any other act whatsoever which
(i) … … … …
(ii) prejudices or interferes or tends to interfere with the due course
of any judicial proceedings; or
(iii) interferes or tends to interfere with or obstructs or tends to obstruct, the administration of justice in any manner."

Section 3(1) of the Act exempts any publication and distribution of publication, "if the publisher had no reasonable grounds for believing that the proceeding was pending”. In the event, the person is unaware of the pendency, any publication (whether by words spoken or written or signs or visible representations) interferes or tends to interfere with or obstructs “the course of justice in connection with any civil or criminal proceeding pending at the time of publication, if at that time he had no reasonable grounds for believing that the proceeding was pending." The report emphasizes that publications during the pre-trial stage by the media could affect the rights of the accused. An evaluation of the accused’s character is likely to affect or prejudice a fair trial.

If the suspect’s pictures are shown in the media, identification parades of the accused conducted under Code of Civil Procedure would be prejudiced. Under Contempt of Court Act, publications that interfere with the administration of justice amount to contempt. Further, the principles of natural justice emphasise fair trial and the presumption of innocence until proven guilty. The rights of an accused are protected under Article 21 of the Constitution, which guarantees the right to fair trial. This protects the accused from the over-zealous media glare which can prejudice the case. Although, in recent times the media has failed to observe restraint in covering high-profile murder cases, much of which has been hailed as media’s success in ensuring justice to the common man.

For instance, in the Jessica Lal murder case, the media took great pride in acting as a facilitator of justice. The media in the case whipped up public opinion against the accused and held him guilty even when the trial court had acquitted the accused. The media took on the responsibility of administering justice and ensuring the guilty are punished, candle light vigils and opinion polls on the case were organised by the media. Past history of the accused was raked up by the media, including photographs of the accused in affluent bars and pubs in the city were published after he was acquitted. The photographs of Manu Sharma in pubs insinuated how he was celebrating after his acquittal.

The Apex Court observed that the freedom of speech has to be carefully and cautiously used to avoid interference in the administration of justice. If trial by media hampers fair investigation and prejudices the right of defence of the accused it would amount to travesty of justice. The Court remarked that the media should not act as an agency of the court.[19]

The Court, commented, "Presumption of innocence of an accused is a legal presumption and should not be destroyed at the very threshold through the process of media trial and that too when the investigation is pending."[20]

Sting Operations

On 30 August, 2007 Live India, a news channel conducted a sting operation on a Delhi government school teacher forcing a girl student into prostitution. Subsequent to the media exposé, the teacher Uma Khurana[21] was attacked by a mob and was suspended by the Directorate of Education, Government of Delhi. Later investigation and reports by the media exposed that there was no truth to the sting operation. The girl student who was allegedly being forced into prostitution was a journalist. The sting operation was a stage managed operation. The police found no evidence against the teacher to support allegations made by the sting operation of child prostitution. In this case, the High Court of Delhi charged the journalist with impersonation, criminal conspiracy and creating false evidence. The Ministry of Information and Broadcasting sent a show cause notice to TV-Live India, alleging the telecast of the sting operation by channel was “defamatory, deliberate, containing false and suggestive innuendos and half truths."[22]

Section 5 of the Cable Television Networks (Regulation) Act, 1995 and the Cable Television Network Rules (hereafter the Cable Television Networks Act), stipulates that no programme can be transmitted or retransmitted on any cable service which contains anything obscene, defamatory, deliberate, false and suggestive innuendos and half truths. The Rules prescribes a programming code to be followed by channels responsible for transmission/re-transmission of any programme.

The programme code restricts airing of programmes that offend decency or good taste, incite violence, contains anything obscene, defamatory, deliberate, false and suggestive innuendos and half truths, criticises, maligns or slanders any individual in person or certain groups, segments of social, public and moral life of the country and affects the integrity of India, the President and the judiciary. The programme code provided by the Rules is exhaustive. The Act empowers the government to restrict operation of any cable network it thinks is necessary or expedient to do so in public interest.

The court observed that false and fabricated sting operations violate a person’s right to privacy. It further, observed, "Giving inducement to a person to commit an offence, which he is otherwise not likely and inclined to commit, so as to make the same part of the sting operation is deplorable and must be deprecated by all concerned including the media.” It commented that while “…sting operations showing acts and facts as they are truly and actually happening may be necessary in public interest and as a tool for justice, but a hidden camera cannot be allowed to depict something which is not true, correct and is not happening but has happened because of inducement by entrapping a person."[23]

The court criticised the role of the media in creating situations of entrapment and using the ‘inducement test’. It remarked that such inducement tests infringe upon the individual's right to privacy. It directed news channels to take steps to prohibit “reporters from producing or airing any programme which are based on entrapment and which are fabricated, intrusive and sensitive.[24]

The court proposed a set of guidelines to be followed by news channels and electronic media in carrying out sting operations. The guidelines direct a channel proposing to telecast a sting operation to obtain a certificate from the person who recorded or produced the same certifying that the operation is genuine to his knowledge. The guidelines propose that the Ministry of Information and Broadcasting should set up a committee which would have the powers to grant permission for telecasting sting operations. The permission to telecast a sting operation should be granted by the committee only if it is satisfied about the overriding public interest to telecast the sting operation. The guidelines mandate that, in addition, to ensuring accuracy, the operation should not violate a person’s right to privacy, "unless there is an identifiable large public interest” for broadcasting or publishing the material. However, the court failed to define what constitutes 'larger public interest'.

The PCI norms also lay down similar guidelines which require a newspaper reporting a sting operation to obtain a certificate from the person involved in the sting to certify that the operation is genuine and record in writing the various stages of the sting. The decision to report the sting vests with the editor who merely needs to satisfy himself that the sting operation is of public interest.

In addition, to the Cable Television Networks Act and the PCI norms, the News Broadcasting Standard Authority (NBSA) was set up in 2008 as a self-regulatory body by News Broadcasters Association.[25] The primary objective of the NBSA is to receive complaints on broadcasts. The NBSA has drafted a Code of Ethics and Broadcasting Standards governing broadcasters and television journalists. The Code of Ethics provides guiding principles relating to privacy and sting operations that broadcasters should follow.

With respect to privacy, the Code directs channels not to intrude into the private lives of individuals unless there is a “clearly established larger and identifiable public interest for such a broadcast.” Any information on private lives of persons should be “warranted in public interest.” Similarly, for sting operations, the Code directs that they should be used as “a last resort” by news channels and should be guided by larger public interest. They should be used to gather conclusive evidence of criminality and should not edit/alter visuals to misrepresent truth.

In a recent judgement on a supposed sting operation conducted by M/s. Associated Broadcasting Company Pvt. Limited[26] on TV9 on ‘Gay culture rampant in Hyderabad’, the NBA took suo motu notice of the violation of privacy of individuals with alternate sexual orientation and misuse of the tool of sting operation. NBA in its judgement held that the Broadcaster had violated clauses on privacy, sting operations and sex and nudity of the Code of Ethics. It further, observed, that the Broadcaster and the story did not reveal any justifiable public interest in using the sting operation and violating the privacy of individuals. In this particular case, the Broadcaster had revealed the personal information and faces of supposedly gay men in Hyderabad to report on the ‘underbelly’ of gay culture and life. However, the news report, as NBSA observed, did not prove any criminality and was merely a sensational report of gay culture allegedly prevalent in Hyderabad.

The PCI norms provide that the press should not tape-record conversations without the person’s express consent or knowledge, except where it is necessary to protect a journalist in a legal action or for “other compelling reason.” What constitutes a compelling reason is left to the discretion of the journalist.

It was in the 1980s, that the first sting operation on how women were being trafficked was carried out by the Indian Express reporter Ashwin Sarin. As part of the sting, the Express purchased a tribal girl called Kamla. Subsequently, in 2001, the sting operation conducted by Tehelka exposed corruption in defence contracts using spy cams and journalists posing as arms dealers. The exposé on defence contracts led to the resignation of the then defence minister George Fernandes. Sting operations gained legitimacy in India, especially in the aftermath of the Tehelka operation, exposing corruption within the government. The original purpose of a sting operation or an undercover operation was to expose corruption. Stings were justifiable only when it served a public interest. Subsequent to the Tehelka exposé, stings have assumed the status of investigative journalism, much of which has been questioned in recent times, especially, with respect to ethics involved in conducting sting operations and the methods of entrapment used by the media. Further, stings by Tehelka, where the newspaper used sex workers to entrap politicians have brought to question the manner in which stings are operated. Although, the overriding concern surrounding sting operations has been its authenticity, as opposed to, the issue of personal privacy.

For instance, in March 2005 a television news channel carried out a sting operation involving Bollywood actor Shakti Kapoor to expose the casting couch phenomenon in the movie industry. The video showing Shakti Kapoor asking for sexual favours from an aspiring actress, who was an undercover reporter, was received with public outrage. Nonetheless, prominent members of the media questioned the manner in which the sting was conducted. The sting was set up as an entrapment. The court has taken a strong view against the use of entrapment in sting operations. In the case of the Shakti Kapoor sting, privacy of the actor was clearly violated. The manner in which the sting was conducted casts serious doubt on who was the victim.[27]

Additionally, the sting violated the PCI norms. It failed to provide a record of the various stages of how the sting operation was conducted. In United Kingdom, the media when violating privacy of a person has to demonstrate that it is in the interest of the public.

International Law on Media & Privacy Ethics

United Kingdom

The Press Complaints Commission (PCC), UK is a self-regulatory body similar to NBA. The PCC has put down code of ethics to be followed by journalists. The PCC guidelines provide that everyone has the right to privacy and editors must provide reason for intrusions to a person’s privacy. This includes photographing individuals in private places without their consent. Interestingly, private places include public or private property "where there is a reasonable expectation of privacy." In India however, as Kulkarni pointed out, photographs are taken without the consent of an individual if he/she is in a public space.

Like the PCI norms, the PCC Code lays down guidelines to follow when reporting on minors (below 16 years of age) who have been victims of sexual assault. As per the guidelines, the identity of the children should be protected. Further, relatives or friends of persons convicted or accused of a crime should not be identified without their consent, unless the information is relevant to the story. References to a person’s race, colour, sexual orientation and gender should be avoided. For instance, the media reportage of the TISS rape case, which revealed the nationality and colour of the victim, would be in violation of the PCC Code. In the TISS rape case, the information on the nationality and colour of the victim was not only irrelevant to the story, but as amply demonstrated by the media it reinforced prejudices against white women as ‘loose or amoral’.[28]

As far as sting operations are concerned, the PCC lays down that the press must not publish material acquired by hidden camera or clandestine devices by intercepting private messages, emails or telephone calls without consent. However, revealing private information in cases of public interest is an exception to the general rule to be followed with respect to individual privacy. The PCC defines public interest to include, but it is not restricted to:

"i) Detecting or exposing crime or serious impropriety
ii) Protecting public health and safety
iii) Preventing the public from being misled by an action or statement of an individual or organisation"

It requires editors to amply demonstrate that a publication is of public interest. In case the material is already in public domain the same rules of privacy do not apply. However, in cases involving children below 16 years of age, editors must demonstrate exceptional public interest that overrides the interest of the child. Tellingly, the PCC recognises freedom of expression as public interest.

The PCC, to ensure that persons are not hounded by the media have started issuing desist orders. The PCC issues a desist notice to editors to prevent the media from contacting the person. Preventive pre-publication is when the PCC pre-empts a story that may be pursued or published and attempts to either influence the reporting of the story in a way that it is not in violation of a person’s privacy or persuades the media house not to publish the story. The PCC, however, does not have the powers to prevent publication.

Further, United Kingdom is a member of the European Convention on Human Rights (ECHR), which guarantees the right to privacy under Article 8 of the Convention: "Everyone has the right to respect for his private and family life, his home and his correspondence."

However, there is no independent law which recognises the right to privacy. The judiciary however has protected the right to privacy in several occasions, like in the famous J.K. Rowling case where the English Court held, that a minor’s photograph without the consent of the parent or guardian, though not offensive, violates the child’s right to privacy.[29]

France

The French legal system protects the right to privacy under: Article 9 of the Civil Code.

Article 9 of the Civil Code states:

Everyone has the right to respect for his private life. Without prejudice to compensation for injury suffered, the court may prescribe any measures, such as sequestration, seizure and others, appropriate to prevent or put an end to an invasion of personal privacy; in case of an emergency those measures may be provided for by an interim order. The right to privacy allows anyone to oppose dissemination of his or her picture without their express consent.

Article 9 covers both the public and private spheres, and includes not merely the publication of information but also the method of gathering information. Also, in France violation of one’s privacy is a criminal offence. This includes recording or transmitting private conversations or picture of a person in a private place without the person’s consent. This implies that privacy is not protected in a public place. Any picture taken of a person dead or alive, without their prior permission, is prohibited. Buying of such photographs where consent of a person also constitutes as an offence. Journalists, however, are not disqualified from the profession if they have committed such an offence.[30]

France has the Freedom of the Press of 29 July 1881 which protects minors from being identified and violent and licentious publication which targets minors. It punishes slander, publication of any information that would reveal the identity of a victim of a sexual offence, information on witnesses and information on court proceedings which include a person’s private life.[31]

Sweden

Privacy is protected in Sweden under its Constitution. All the four fundamental laws of the country: the Instrument of Government, the Act of Succession, the Freedom of the Press Act, and the Fundamental Law on Freedom of Expression protect privacy. The Instrument of Government Act of 1974 provides for the protection of individual privacy. It states that freedom of expression is limited under Article 13 of the Constitution:

"Freedom of expression and freedom of information may be restricted having regard to the security of the Realm, the national supply, public safety and order, the integrity of the individual, the sanctity of private life, or the prevention and prosecution of crime. Freedom of expression may also be restricted in economic activities. Freedom of expression and freedom of information may otherwise be restricted only where particularly important reasons so warrant."

Sweden has a Press Council which was established in 1916. The Council consists of the Swedish Newspaper Publishers' Association, the Magazine Publishers' Association, the Swedish Union of Journalists and the National Press Club. The Council consists of "a judge, one representative from each of the above-mentioned press organisations and three representatives of the general public who are not allowed to have any ties to the newspaper business or to the press organisations."

Additionally, there is an office of the Press Ombudsman which was established in 1969. Earlier the Swedish Press Council used to deal with complaints on violations of good journalistic practice. After the setting up of the Press Ombudsman, the complaints are first handled by the Press Ombudsman, who is empowered to take up matters suo motu. "Any interested members of the public can lodge a complaint with the PO against newspaper items that violate good journalistic practice. But, the person to whom the article relates to must provide a written consent, if the complaint is to result in a formal criticism of the newspaper."[33]

The Swedish Press Council reports that in the recent years, 350-400 complaints have been registered annually, of which most concern coverage of criminal matters and invasion of privacy.

Sweden, additionally, has a Code of Ethics which applies to press, radio and television. The Code of Ethics was adopted by the Swedish Co-operation Council of the Press in September 1995. The Code of Ethics for Press, Radio and Television in Sweden has been drawn up by the Swedish Newspaper Publishers' Association, the Magazine Publishers' Association, the Swedish Union of Journalists and the National Press Club.

The Code of Ethics lay down norms to be followed in respect of privacy. It states that caution should be exercised when publishing information that:

Infringes on a persons’ privacy, unless it is obviously in public interest,
Information on suicides or attempted suicides
Information on victims of crime and accidents. This includes publication of pictures or photographs[34]

Race, sex, nationality, occupation, political affiliation or religious persuasion in certain cases, especially when such information is of no importance, should not be published.

One should exercise care in use of pictures, especially, retouching a picture by an electronic method or formulating a caption to deceive the reader. In case a picture has been retouched, it should be indicated below the photograph.

Further, the Code asks journalists to consider “the harmful consequences that might follow for persons if their names are published” and names should be published only if it is in the public interest. Similarly, if a person’s name is not be revealed, the media should refrain from publishing a picture or any particulars with respect to occupation, title, age, nationality, sex of the person, which would enable identification of the person.

In case of court reporting or crime reporting, the Code states that the final judgement of the Court should be reported and given emphasis, as opposed to conducting a media trial. In addition, Sweden has incorporated the ECHR in 1994.

Japan

The Japan Newspaper Publishers & Editors Association or Nihon Shinbun Kyokai (NSK),[35] was established in 1946 as an independent and voluntary organisation to establish the standard of reporting, and protect and promote interests of the media. The organisation as part of its mandate has developed the Canon of Journalism, which provides for ethics and codes members of the body should follow. The Canon recognises that with the easy availability of information, the media constantly has to grapple with what information should be published and what should be held back. The Code provides that journalists have a sense of responsibility and should not hinder public interests. In addition, to ensuring accuracy and fairness, the Code states that respect of human rights, includes respect for human dignity, individual honour and right to privacy. Right to privacy is acknowledged as a human right.

Japan does not have an information ministry or organs like the PCC in the U.K. or the Press Ombudsman in Sweden. Apart from the Canon, the NSK has a code for marketing of newspapers, an advertising code and the Kisha club guidelines.[36]

Japan in 2003 formulated the Personal Information Protection Act, which regulates public and private sector. The Act, which came into effect in 2005, aims to ensure that all personal data collected by the public and private sector are handled with care. The Act requires that the purpose of collecting personal information and its use should be specified, information should be acquired by fair means, any information should not be supplied to third parties without prior consent of the individual concerned.

Netherlands

The right to privacy is protected under Article 10 of the Netherlands Constitution. Further, the Article also provides for the enactment of Rules for dissemination of personal data and the right of persons to be informed when personal data is being recorded.

Netherlands also has the Netherlands Press Council which keeps the media in check. The Code of the International Federation of Journalists and the Code of Conduct for Dutch Journalists was drafted by the Dutch Society of Editors-in-Chief to establish media reporting standards. These guidelines can be disregarded by the media only in cases involving social interest.

The Code recognises:

That a person’s privacy should not be violated when there is no overriding social interest;
In cases concerning public persons violation of privacy would take place, but they have the right to be protected, especially, if that information is not of public interest;
The media should refrain from publishing pictures and images of persons without prior permission of persons. Similarly, the media should not publish personal letters and notes without the prior permission of those involved;
The media should refrain from publishing pictures and information of suspects and accused; and
Details of criminal offence should be left out if they would add to the suffering of the victim or his/her immediate family and if they are not needed to demonstrate the nature and gravity of the offence or the consequences thereof.

Conclusion

The right to privacy in India has failed to acquire the status of an absolute right. The right in comparison to other competing rights, like, the right to freedom of speech & expression, the right of the State to impose restrictions on account of safety and security of the State, and the right to information, is easily relinquished. The exceptions to the right to privacy, such as, overriding public interest, safety and security of the State, apply in most countries. Nonetheless, as the paper demonstrates, unwarranted invasion of privacy by the media is widespread. For instance, in the UK, Sweden, France and Netherlands, the right to photograph a person or retouching of any picture is prohibited unlike, in India where press photographers do not expressly seek consent of the person being photographed, if he/she is in a public space. In France, not only is the publication of information is prohibited on account of the right to privacy, but the method in which the information is procured also falls within the purview of the right to privacy and could be violative. This includes information or photograph taken in both public and private spaces. Privacy within public spaces is recognised, especially, “where there is reasonable expectation of privacy.” The Indian norms or code of ethics in journalism fail to make such a distinction between public and private space. Nor do the guidelines impose any restrictions on photographing an individual without seeking express consent of the individual.

The Indian media violates privacy in day-to-day reporting, like overlooking the issue of privacy to satisfy morbid curiosity. The PCI norms prohibit such reporting, unless it is outweighed by ‘genuine overriding public interest’. Almost all the above countries prohibit publication of details that would hurt the feelings of the victim or his/her family. Unlike the UK, where the PCC can pass desist orders, in India the family and/or relatives of the victims are hounded by the media.

In India, the right to privacy is not a positive right. It comes into effect only in the event of a violation. The law on privacy in India has primarily evolved through judicial intervention. It has failed to keep pace with the technological advancement and the burgeoning of the 24/7 media news channels. The prevalent right to privacy is easily compromised for other competing rights of ‘public good’, ‘public interest’ and ‘State security’, much of what constitutes public interest or what is private is left to the discretion of the media.