We are anonymous, we are legion

Intermediary Liability in India: Chilling Effects on Free Expression on the Internet

Rishabh Dara — 2012-12-14T10:22:24Z

The Centre for Internet & Society in partnership with Google India conducted the Google Policy Fellowship 2011. This was offered for the first time in Asia Pacific as well as in India. Rishabh Dara was selected as a Fellow and researched upon issues relating to freedom of expression. The results of the paper demonstrate that the ‘Information Technology (Intermediaries Guidelines) Rules 2011’ notified by the Government of India on April 11, 2011 have a chilling effect on free expression.

Intermediaries are widely recognised as essential cogs in the wheel of exercising the right to freedom of expression on the Internet. Most major jurisdictions around the world have introduced legislations for limiting intermediary liability in order to ensure that this wheel does not stop spinning. With the 2008 amendment of the Information Technology Act 2000, India joined the bandwagon and established a ‘notice and takedown’ regime for limiting intermediary liability.

On the 11th of April 2011, the Government of India notified the ‘Information Technology (Intermediaries Guidelines) Rules 2011’ that prescribe, amongst other things, guidelines for administration of takedowns by intermediaries. The Rules have been criticised extensively by both the national and the international media. The media has projected that the Rules, contrary to the objective of promoting free expression, seem to encourage privately administered injunctions to censor and chill free expression. On the other hand, the Government has responded through press releases and assured that the Rules in their current form do not violate the principle of freedom of expression or allow the government to regulate content.

This study has been conducted with the objective of determining whether the criteria, procedure and safeguards for administration of the takedowns as prescribed by the Rules lead to a chilling effect on online free expression. In the course of the study, takedown notices were sent to a sample comprising of 7 prominent intermediaries and their response to the notices was documented. Different policy factors were permuted in the takedown notices in order to understand at what points in the process of takedown, free expression is being chilled.

The results of the paper clearly demonstrate that the Rules indeed have a chilling effect on free expression. Specifically, the Rules create uncertainty in the criteria and procedure for administering the takedown thereby inducing the intermediaries to err on the side of caution and over-comply with takedown notices in order to limit their liability; and as a result suppress legitimate expressions. Additionally, the Rules do not establish sufficient safeguards to prevent misuse and abuse of the takedown process to suppress legitimate expressions.

Of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them. From the responses to the takedown notices, it can be reasonably presumed that not all intermediaries have sufficient legal competence or resources to deliberate on the legality of an expression. Even if such intermediary has sufficient legal competence, it has a tendency to prioritize the allocation of its legal resources according to the commercial importance of impugned expressions. Further, if such subjective determination is required to be done in a limited timeframe and in the absence of adequate facts and circumstances, the intermediary mechanically (without application of mind or proper judgement) complies with the takedown notice.

The results also demonstrate that the Rules are procedurally flawed as they ignore all elements of natural justice. The third party provider of information whose expression is censored is not informed about the takedown, let alone given an opportunity to be heard before or after the takedown. There is also no recourse to have the removed information put-back or restored. The intermediary is under no obligation to provide a reasoned decision for rejecting or accepting a takedown notice.

The Rules in their current form clearly tilt the takedown mechanism in favour of the complainant and adversely against the creator of expression.

The research highlights the need to:

increase the safeguards against misuse of the privately administered takedown regime

reduce the uncertainty in the criteria for administering the takedown

reduce the uncertainty in the procedure for administering the takedown

include various elements of natural justice in the procedure for administering the takedown

replace the requirement for subjective legal determination by intermediaries with an objective test

Click to download the report [PDF, 406 Kb]

Appendix 2

The above documents have been sent to:

Shri Kapil Sibal, Minister of Human Resource Development and Minister of Communications and Information Technology
Shri Milind Murli Deora, Minister of State of Communications and Information Technology
Shri Sachin Pilot, Minister of State, Ministry of Communications and Information Technology
Dr. Anita Bhatnagar, Joint Secretary, Department of Electronics & Information Technology, Ministry of Communications & Information Technology
Dr. Ajay Kumar, Joint Secretary, Department of Electronics & Information Technology, Ministry of Communications & Information Technology
Dr. Gulshan Rai, Scientist G & Group Coordinator, Director General, ICERT, Controller Of Certifying, Authorities and Head of Division, Cyber Appellate Tribunal

For more details visit https://cis-india.org/internet-governance/chilling-effects-on-free-expression-on-internet

Intermediary Liability in India: Chilling Effects on Free Expression on the Internet 2011

Rishabh Dara — 2012-04-21T18:05:58Z

On the 11th of April 2011, the Government of India notified the Information Technology (Intermediaries Guidelines) Rules 2011 that prescribe, amongst other things, guidelines for administration of takedowns by intermediaries. The Rules have been criticised extensively by both national and international media. The media has projected that the Rules, contrary to the objective of promoting free expression, seem to encourage privately administered injunctions to censor and chill free expression. On the other hand, the Government has responded through press releases and assured that the Rules in their current form do not violate the principle of freedom of expression or allow the government to regulate content.

This study has been conducted with the objective of determining whether the criteria, procedure and safeguards for administration of the takedowns as prescribed by the Rules lead to a chilling effect on online free expression. In the course of the study, takedown notices were sent to a sample comprising of 7 prominent intermediaries and their response to the notices was documented. Different policy factors were permuted in the takedown notices in order to understand at what points in the process of takedown, free expression is being chilled.

The results of the paper clearly demonstrate that the Rules indeed have a chilling effect on free expression. Specifically, the Rules create uncertainty in the criteria and procedure for administering the takedown thereby inducing the intermediaries to err on the side of caution and over-comply with takedown notices in order to limit their liability and as a result suppress legitimate expressions. Additionally, the Rules do not establish sufficient safeguards to prevent misuse and abuse of the takedown process to suppress legitimate expressions.

Of the 7 intermediaries to which takedown notices were sent, 6 intermediaries over-complied with the notices, despite the apparent flaws in them. From the responses to the takedown notices, it can be reasonably presumed that not all intermediaries have sufficient legal competence or resources to deliberate on the legality of an expression. Even if such intermediary has sufficient legal competence, it has a tendency to prioritise the allocation of its legal resources according to the commercial importance of impugned expressions. Further, if such subjective determination is required to be done in a limited timeframe and in the absence of adequate facts and circumstances, the intermediary mechanically (without application of mind or proper judgement) complies with the takedown notice.

The results also demonstrate that the Rules are procedurally flawed as they ignore all elements of natural justice. The third party provider of information whose expression is censored is not informed about the takedown, let alone given an opportunity to be heard before or after the takedown. There is also no recourse to have the removed information put-back or restored. The intermediary is under no obligation to provide a reasoned decision for rejecting or accepting a takedown notice. The Rules in their current form clearly tilt the takedown mechanism in favour of the complainant and adversely against the creator of expression.

The research highlights the need to:

increase the safeguards against misuse of the privately administered takedown regime;

reduce the uncertainty in the criteria for administering the takedown;

reduce the uncertainty in the procedure for administering the takedown;

include various elements of natural justice in the procedure for administering the takedown; and

replace the requirement for subjective legal determination by intermediaries with an objective test.

This executive summary is a research output of the Google Policy Fellowship 2011. The Centre for Internet & Society was the host organization. For the entire paper along with references, please write to rishabhdara@gmail.com or sunil@cis-india.org

For more details visit https://cis-india.org/internet-governance/intermediary-liability-in-india

Intermediary Liability & Freedom of Expression — Executive Summary

Rishabh Dara — 2016-04-24T11:54:22Z

This document provides a critique of “The Information Technology (Intermediaries Guidelines) Rules 2011 and proposes an alternate set of Rules.

For more details visit https://cis-india.org/internet-governance/intermediary-liability-and-foe-executive-summary.pdf

Inter Movements Open Forum: Trafficking Bill

Admin — 2018-08-18T09:21:02Z

On 18 May 2018 Gurshabad Grover on behalf of CIS presented comments on the Trafficking (Prevention, Protection and Rehabilitation) Bill 2018 at a meeting of the Inter Movements Open Forum jointly organised by Sangram, Naz Foundation, NNSW, Tarshi and VAMP. The meeting was held at India International Centre in New Delhi.

Gurshabad's presentation was based on Swaraj's blogpost and subsequent research by Kumarjeet that highlights certain problematic sections (36, 39, 41, 59) in the Bill which may have an adverse impact on freedom of expression, and may additionally change the landscape of intermediary liability rules in India.

Read the agenda here

Clarification (18th August, 2018): A letter sent to the Ministry of Women and Child Development mentioned the Centre for Internet & Society as instituionally endorsing a critique of the The Trafficking of Persons (Prevention, Protection and Rehabilitation) Bill, 2018. We seek to clarify that the Centre for Internet & Society did not endorse the letter to the Ministry.

For more details visit https://cis-india.org/internet-governance/news/inter-movements-open-forum-trafficking-bill

Intelligence agencies will not have open access to Aadhaar data: UIDAI chief

praskrishna — 2016-10-21T01:32:56Z

Intelligence agencies will not have free access to Aadhaar data, a top government official said on Thursday, looking to assuage fears of abuse of personal information.

The article by Aloke Tikku was published in the Hindustan Times on October 20, 2016. Sunil Abraham was quoted.

The Unique Identification Authority of India (UIDAI), which issued identity cards to 1.07 billion Indians, last month decided to retain data related to the verification of Aadhaar-enabled transactions for seven years, leading to security concerns over data safety.

As reported by HT on Monday, privacy experts expressed concerns that transaction data retained for so long could be accessed by the security establishment for surveillance on individuals without sufficient grounds.

“This fear is completely misplaced,” ABP Pandey, UIDAI’s chief executive officer told HT in an interview.

Security agencies can access the data only in case of national security after they get the nod of an oversight committee headed by the cabinet secretary. This committee has to clear every order made by the designated joint secretary-level officer before the information is shared, he said.

“You cannot have any legal protection stronger than this,” Pandey added.

Aadhaar transaction data is not only protected by the most powerful, contemporary law to restrict access but also by strong cryptography.

“Even if someone attempts, the 2048-bit encryption is so strong that it will take them millions of computers and billions of years to decrypt the data,” he said.

A vocal critic of Aadhaar’s design, Sunil Abraham of the Centre for Internet and Society (CIS) suggested he wouldn’t rely too much on the legal framework. “You cannot put a legal band-aid on a broken technological solution. You need to get privacy and security right by design,” the director of the Bengaluru-based research body said.

Abraham said the problem could have been averted if the UIDAI did not store the data in a centralised form. Instead, it could have used its digital signature to sign proof of authentication that could be stored by the authenticating agency and the citizen on a smart card.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-aloke-tikku-october-20-2016-intelligence-agencies-will-not-have-open-access-to-aadhaar-data

Intel, Salesforce, eBay, Sony and others join the grand AI partnership club

praskrishna — 2017-05-19T06:25:24Z

Adding more ammunition to the grand AI alliance, Intel, Salesforce, eBay, Sony, SAP, McKinsey & Company, Zalando and Cogitai are joining the Partnership on AI, a collection of companies and non-profits that have committed to share best practices and communicating openly about the prospects and challenges of artificial intelligence research.

This was published by CIOL on May 17, 2017.

The group also announced a slew of non-profit partners including the Allen Institute for Artificial Intelligence, the AI Forum of New Zealand, the Centre for Democracy & Technology, the Centre for Internet and Society (India), Data & Society Research Institute among others.

The new members expand a group that already counts heavyweights like Facebook, Amazon, Google, IBM, Microsoft and Apple.

The platform will be hosting a series of AI Grand Challenges to encourage and incentivize researchers working on AI. It has also announced an award for best paper on the topic of “AI, People, and Society” to aid in addressing a similar goal.

The partnership group also said that it will create working groups to research and define best practices for specific topics and sectors within the field. It’s also creating a fellowship to assist nonprofits and nongovernmental organisations looking to participate in AI issues.

Interestingly, the group is still open which means the list will only get longer in the coming months.

For more details visit https://cis-india.org/internet-governance/news/ciol-may-17-2017-intel-salesforce-ebay-sony-and-others-join-the-grand-ai-partnership-club

Intel, eBay, SAP, Salesforce y Sony colaborarán en inteligencia artificial

praskrishna — 2017-05-19T06:50:06Z

Junto a otras empresas como Zalando, McKinsey & Company o Cogitai han decidido unirse a la asociación Partnership on AI impulsada por Amazon, Google, Facebook, IBM y Microsoft.

The blog post by Monica Tilves was published by Silicon on May 17, 2017.

El año pasado, Amazon, Google, Facebook, IBM y Microsoft dieron vida a Partnership on AI, una organización “para avanzar en la comprensión pública de las tecnologías de inteligencia artificial” y “formular las mejores prácticas sobre los desafíos y oportunidades en el campo”.

A esta iniciativa se han ido uniendo con el paso del tiempo compañías como Apple, que se sumó en enero a Partnership on AI. Ahora sus responsables han anunciado la incorporación de nada más y nada menos que veintidós nuevos nombres.

Por un lado trabajarán con esta asociación las firmas tecnológicas Cogitai, eBay, Intel, Salesforce, SAP y Sony. Además de McKinsey & Company y Zalando.

Cabe destacar que por parte de Intel, Salesforce, SAP y Sony participarán, respectivamente, el responsable del AI Products Group formado hace unos meses en la compañía de Santa Clara, Yinyin Liu; el vicepresidente de Machine Learning, Markus Noga, el científico jefe Richard Socher; y el director de Sony Computer Science Laboratories, Hiroaki Kitano.

En la lista de nuevos socios también aparecen los nombres de catorce entidades sin ánimo de lucro como UNICEF. El resto serían: Allen Institute for Artificial Intelligence, AI Forum of New Zealand, Center for Democracy & Technology, Centre for Internet and Society – India, Data & Society Research Institute, Digital Asia Hub, Electronic Frontier Foundation, Future of Humanity Institute, Future of Privacy Forum, Human Rights Watch, Leverhulme Centre for the Future of Intelligence, Upturn y XPRIZE Foundation.

Se espera que nuevas compañías se vayan uniendo a Partnership on AI en el futuro para ahondar en el pujante tema de la inteligencia artificial.

Partnership on AI se encuentra en estos momentos en plena búsqueda de un director ejecutivo que se encargue de supervisar las operaciones de la organización.

For more details visit https://cis-india.org/internet-governance/news/silicon-monica-tilves-may-17-2017-intel-ebay-sap-salesforce-sony-collaboration-aritificial-intelligence

Insult to Kannada shows Google AI in a poor light

Krupa Joseph — 2021-06-26T05:25:38Z

A Google search for ‘the ugliest language in India’ yielded ‘Kannada’ as the answer late last week, causing widespread outrage.

The article by Krupa Joseph was published in Deccan Herald on June 8, 2021. Pranesh Prakash and Shweta Mohandas have been quoted.

Google has since apologised, saying the answer does not reflect its views, but questions still remain about why this happened at all, and who drafted the answer.

“When artificial intelligence gets it wrong, things can go really wrong, says tech entrepreneur,”Hari Prasad Nadig, who has worked on Kannada in free and open source soft ware.“Usually, you would expect Google to give an answer based on citings from multiple sources,and at least one or two credible sources.

Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.

“Usually, you would expect Google to give an answer based on citings from multiple sources, and at least one or two credible sources. Google’s AI should be good enough not to draw answers from opinionated sources,” he says. Google shouldn’t even try to answer prejudiced questions like this in the first place, and the answer shows how flawed it is, he told Metrolife.

Fallible process

Pranesh Prakash, Centre for Internet and Society, Bengaluru, says the incident exposes the fallibility of the process by which Google selects its “featured snippets”.

“It is not an opinion that Google or its employees or its algorithms have come up with, but rather an existing opinion that Google wrongly amplified,” he says.It demonstrates that the snippets that Google features as ‘facts’ aren’t necessarily based on facts, he says.

Periodic checks

Shweta Mohandas, researcher with the Center for Internet and Society, says Google does not create content, but only provides content that is available on the Internet.

“Hence, the biases come from the tags, then used to train the AI. There should be periodic checks on the data fed into the system,” she says. Such blunders can be prevented if the tags and results are audited periodically, and a mechanism is put in place to enable people to report them, she says.

Who was upto mischief?

The answer was created on a financial services website whose owners aren’t revealing their names Pavanaja UB, CEO, Vishva Kannada Softech, says the answer was attributed to a website called debt consolidations questions.com — but he was unable to find this post anywhere on the site.“This is a website registered in Russia and it offers questions and answers on many topics. But this particular page could not be found. Maybe it was removed following the outrage,” he says. Pavanaja believes this was a deliberate attempt to upset people. “The website lists no information about the owner and gives no contact details. Even if such a question did exist on the page before, how did it get to the top of the Google search results?” he wonders.

He suggests that someone planted the answer and kept searching for it until it reached the top.“But who would take so much effort?” he says.

Furore and after

‘Kannada’ came up as an answer to a query in Google about ‘the ugliest language in India’.

Aravind Limbavali, minister for Kannada and Culture, demanded an apology from Google, and threatened legal action against the company “for maligning the image of our beautiful language.”

Google removed the answer and issued a statement:

“We know this is not ideal, but we take swift corrective action when we are made aware of an issue and are continually working to improve our algorithms. Naturally, these are not reflective of the opinions of Google, and we apologise for the misunderstanding and hurting any sentiments."

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-june-8-2021-krupa-joseph-insult-to-kannada-shows-google-ai-in-a-poor-light

Institute for Internet & Society 2014, Pune

samantha — 2014-04-07T11:31:23Z

Last month, activists, journalists, researchers, and members of civil society came together at the 2014 Institute for Internet & Society in Pune, which was hosted by CIS and funded by the Ford Foundation. The Institute was a week long, in which participants heard from speakers from various backgrounds on issues arising out of the intersection of internet and society, such as intellectual property, freedom of expression, and accessibility, to name a few. Below is an official reporting summarizing sessions that took place.

Day One

February 11, 2014

Time	Detail
9.30 a.m. – 9.40 a.m.	Introduction: Sunil Abraham, Executive Director Centre for Internet and Society
10.00 a.m. – 10.15 a.m.	Introduction of Participants
10.15 a.m. – 12.00 p.m.	Internet Governance and Privacy: Sunil Abraham
12.00 p.m. – 12.30 p.m.	Tea-break
12.30 p.m. – 1.00 p.m.	Keynote: Bishakha Datta, Filmmaker and Activist, and Board Member, Wikimedia Foundation
1.00 p.m. – 2.00 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Participant Presentations
3.00 p.m. – 3.15 p.m.	Tea Break
3.15 p.m. – 4.45 p.m.	Histories, Bodies and Debates around the Internet: Nishant Shah, Director-Research, CIS

This year’s Internet Institute, hosted by the Centre for Internet & Society (CIS), kicked off in Pune to put a start to a week of learnings and discussions surrounding internet usage and its implications on individuals of society. Twenty two attendees from all over India attended this year, from backgrounds of activism, journalism, research and advocacy work.

Attendees were welcomed by Dr. Ravina Aggarwal, Program Officer for Media Rights & Access at the Ford Foundation, the event’s sponsor, who started off the day by introducing the Foundation’s initiatives in pursuit of bridging the digital divide by addressing issues of internet connectivity.

Internet Governance & Privacy, Sunil Abraham
The Institute’s first session was led by Sunil Abraham, Executive Director of CIS, and engaged with issues of internet governance and privacy with reference to four stories: 1) a dispute between tweeters from the US and those in South Africa over the use of hashtag #thingsdarkiesays, which is said not to be as racially derogatory as it is in the US; 2) Facebook’s contested policies on photos featuring users breastfeeding, 3) a lawsuit between Tata and Greenpeace over the organization’s use of Tata’s logo in a video game created for public criticism of their environmentally-degrading practices, and lastly, 4) the case of Savita Bhabhi, an Indian pornographic cartoon character which had been banned by India’s High Court and which had served as a landmark case in expanding the statutory laws for what is considered to be pornographic.

Each of these stories has one major thing in common: due to their nature of taking place over the internet, they are not confined to one geographic location and in turn, are addressed at the international level. The way by which an issue as such is to be addressed cuts across State policies and internet intermediary bodies to create quite a messy case in trying to determine who is at fault. Such complexity illustrates how challenging internet governance can be within today’s society that is no longer restricted to national or geographic boundaries.

Sunil also goes on in explaining the relationship between privacy, transparency, and power, summing it up in a simple formula; privacy protection should have a reverse relationship to power—the more the power, the less the privacy one should be entitled to. On the contrary, a direct correlation goes for power and transparency—the more the power, the more transparent a body should be. Instead of thinking about these concepts as a dichotomy, Sunil suggests to see them as absolute rights in themselves—instrumental in policies and necessary to address power imbalances.

The Web We Want, Bishakha Datta
The Institute’s kickoff was also joined by Indian filmmaker and activist, Bishakha Datta, who had delivered the keynote address. Bishakha bridged together notions of freedom of speech, surveillance, and accessibility, while introducing campaigns that work to create an open and universally accessible web, such as the Web We Want and Sexuality and Disability. Bishakha stresses how the internet as a space has altered how we experience societal constructs, which can be easily exhibited in how individuals experience Facebook in the occurrence of a death, for example. Bishakha initiated discussion among participants by posing questions such as, “what is our expectation of privacy in this brave new world?” and “what is the society we want?” to encompass the need to think of privacy in a new way with the coming of the endless possibilities the internet brings with it.

Histories, Bodies and Debates around the Internet, Nishant Shah
CIS Research Director, Nishant Shah, led a session examining internet as a technology more broadly, and our understandings of it in relation to the human body. Nishant proposes the idea that history is a form of technology, as well as time, itself, for which our understanding only comes into being with the aid of technologies of measurement. Although we are inclined to separate technology from the self, Nishant challenges this notion while suggesting that technology is very integral to being human, and defines a “cyborg” as someone who is very intimate with technology. In this way, we are all cyborgs. While making reference to several literary pieces, including Haraway’s Cyborg: Human, Animus, Technology; Kevin Warwick’s Living Cyborg; and Watt’s small world theory, Nishant challenges participants’ previous notions of how one is to understand technology in relation to oneself, as well as the networks we find ourselves implicated within.

Also brought forth by Nishant, was the fact that the internet as a technology has become integral to our identities, making us accessible (rather than us solely making the technology accessible) through online forms of documentation. This digital phenomenon in which we tend to document what we know and experience as a means of legitimizing it can be summed in the modern version of an old fable: “If a tree falls in a lonely forest, and nobody tweets it, has it fallen?”

Nishant refers to several case studies in which the use of online technologies has created a sense of an extension of the self and one’s personal space; which can then be subject to violation as one can be in the physical form, and to the same emotional and psychological effect—as illustrated within the 1993 occurrence referred to as “A Rape in Cyberspace.”

Attendee Participation
Participants remained engaged and enthusiastic for the duration of the day, bringing forth their personal expertise and experiences. Several participants presented their own research initiatives, which looked at issues women face as journalists and as portrayed by the media; amateur pornography without the consent of the woman; study findings on the understandings of symptoms of internet addiction; as well as studies looking at how students engage with college confession pages on Facebook.

Day Two

February 12, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	Wireless Technology: Ravikiran Annaswamy, CEO and Co-founder at Teritree Technologies
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Wired Technology: Ravikiran Annaswamy
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Network, Threats and Securing Yourself: Kingsley John, Independent Consultant
3.00 p.m. – 3.15 p.m.	Tea Break
3.15 p.m. – 4.45 p.m.	Practical Lab: Kingsley John
4.45 p.m. – 5.00 p.m.	Wrap-up: Sunil Abraham

Day Two of the Institute entailed a more technical orientation to “internet & society” across sessions. Participants listened to speakers introduce concepts related to wired and wireless internet connectivity devices and their networks, along with the network of internet users and how one may secure him or herself while “online.”

Wireless & Wired Technology, Ravikiran Annaswamy
Senior industry practitioner, Ravikiran Annaswamy had aimed to enable the Institute’s participants to “understand the depth and omnipresent of telecom networks” that we find ourselves implicated within. Ravikiran went through the basics of these networks—including fixed line-, mobile-, IP-, and Next Generation IP-networks—as well as the technical structuring of wired and wireless broadband. Many participants found this session to be particularly enriching as their projects aimed to provide increased access to internet connectivity to marginalized areas in India, and had been without the know-how to go about it.

Network, Threats and Securing Yourself, Kinglsey John
An instructional session on how to protect oneself was given by Kingsley John, beginning with a lesson on IP Addresses—what they are and the different generations of such, and how IP addresses fit into a broader internet network. Following, Kingsley demonstrated and explained email encryption through the use of software, Kleopatra, and how it may be used to generate keys to encrypt emails through Thunderbird mail client.

Evening Discussion

A handful of participants voluntarily partook in an evening discussion, looking at the role of big players in the global internet network, such as Google and Facebook, how they collect and utilize users’ data, and what sorts of measures can be taken to minimize the collecting of such. Due to the widely varying backgrounds of interest among participants, those coming from this technical orientation towards the internet were able to inform their peers on relevant information and types of software that may be found useful related to minimizing one’s online presence.

Day Three

February 13, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	Free Software: Prof. G. Nagarjuna, Chairperson, Free Software Foundation
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Open Data: Nisha Thompson, Independent Consultant
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Freedom of Expression: Bhairav Acharya, Advocate and Adviser, Centre for Internet and Society
3.00 p.m. – 3.15 p.m.	Tea-break
3.15 p.m. – 4.45 p.m.	Copyright: Nehaa Chaudhari, Program Officer, Centre for Internet and Society

The third day of the Internet Institute incorporated themes presented by speakers ranging from free software, to freedom of expression, to copyright.

Free Software, Prof. G. Nagarjuna
Chairman on the Board of Directors for the Free Software Foundation of India, Professor G. Nagarjuna shared with the Institute’s participants his personal expertise on software freedom. Nagarjuna mapped for us the network of concepts related to software freedom, beginning with the origins of the copyleft movement, and also touching upon the art of hacking, the open source movement, and what role software freedom plays in an interconnected world.

Nagarjuna looks at the free software movement as a political movement in the digital space highlighting the user’s freedoms associated to the use, distribution, and modification of software for the greater good for all. This is said to distinguish this movement from that of Open Source—a technical and more practical development-oriented movement. The free software movement is not set out to compromise the fundamental issues for the sake of being practical and in that sense, ubiquitous. Instead, its objective is “not to make everybody use the software, but to have them understand why they are using the software,” so that they may become “authentic citizens that can also resonate why they’re doing what they’re doing. We want them to understand the ethical and political aspects of doing so,” Nagarjuna says.

Open Data, Nisha Thompson
Participants learned from Nisha Thompson on Open Data; what it is, its benefits, and how it is involved in central government initiatives and policy, as well as civil society groups—generally for uses such as serving as evidence for decision making and accountability. Nisha explored challenges concerning the use of open data, such as those pertaining to privacy, legitimacy, copyright, and interoperability. The group looked at the India Water Portal as a case study, which makes accessible more than 300 water-related datasets already available in the public space for use from anything from sanitation and agriculture to climate change.

Freedom of Expression, Bhairav Acharya
Bhairav Acharya, a constitutional lawyer, traced the development of the freedom of speech and expression in India. Beginning with a conceptual understanding of censorship and the practice of censorship by the state, society, and the individual herself, Bhairav examines the limits traditionally placed by a nation-state on the right to free speech.

In India, modern free speech and censorship law was first formulated by the colonial British government, which broadly imported the common law to India. However, the colonial state also yielded to the religious and communitarian sensitivities of its subjects, resulting in a continuing close link between communalism and free speech in India today. After Independence, the post-colonial Indian state carried forward Raj censorship, but tweaked it to serve to a nation-building and developmental agenda. Nation-building and nationalism are centrifugal forces that attempt to construct a homogenous 'mainstream'; voices from the margins of this mainstream (the geographical, ethnic, and religious peripheries) and of the marginalised within the mainstream (the poor and disadvantaged), are censored.

Within this narrative, Bhairav located and explained the evolution of the law relating to press censorship, defamation, obscenity, and contempt of court. Free speech law applies equally online. Broadly, censorship on the internet must survive the same constitutional scrutiny that is applied to offline censorship; but, as technology develops, the law must innovate.

Copyright, Nehaa Chaudhari
CIS Programme Officer, Nehaa Chaudhari examined the concept of Copyright as an intellectual property right in discussing its fundamentals, purpose and origins, and Copyright’s intersection with the internet. Nehaa also explained the different exceptions to Copyright, along with its alternatives, such as opposing intellectual property protection regimes, including the Creative Commons and Copyleft. Within this session, Nehaa also introduced several cases in which Copyright came into play with the use of the internet, including Hunter Moore’s “Is Anyone Up?” website, which had showcased pornographic pictures obtained by submission bringing rise to the phenomenon of “revenge porn.” Instances as such blur the lines of what is commonly referred to as intellectual property, and what specific requirements enables one to own the rights to such.

Day Four

February 14, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	E-Accessibility and Inclusion: Prashant Naik, Union Bank
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Patents: Nehaa Chaudhari
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 2.00 p.m.	Fieldwork Assignment

Day Four of the Internet Institute introduced concepts of eAccessibilty and Inclusion on the internet for persons with disabilities, along with patents as an intellectual property right. Participants were also assigned a fieldwork exercise as a hands-on activity in which they were to employ what they’ve learned to initiate conversation with individuals in public spaces and collect primary data while doing so.

eAccessibility and Inclusion, Prashant Naik

Prashant Naik started off the day with his session on E-Accessibility and Inclusion. Prashant illustrated the importance of accessibility and what is meant by the term. Participants learned of assistive technologies for different disability types and how to create more accessible word and PDF documents, as well as web pages for users. Prashant demonstrated to participants what it is like to use a computer as a visually impaired individual, which provided for an enriching experience.

Patents, Nehaa Chaudhari
Nehaa Chaudhari led a second session at the Internet Institute on intellectual property rights—this one looking at patents particularly and their role within statutory law. Nehaa traced the historical origins of patents before examining the fundamentals of them, and addresses the questions, “Why have patents? And is the present system working for everyone?” Nehaa also introduced notions of the Commons along with the Anticommons, and perspectives within the debate around software patents, as well as different means by which the law can address the exploitation of patents or “patent thickets”—such as through patent pools or compulsory licensing.

Fieldwork Assignment, Groupwork
Participants were split into groups and required to carry out a mini fieldwork assignment in approaching individuals in varying public spaces in Pune in attempts to collect primary data. Questions asked to individuals were to be devised by the group, so long as they pertained to themes examined within the Internet Institute. Areas visited by groups included the Pune Central Mall, MG Road, and FC Road.

Day Five

February 15, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	E-Governance: Manu Srivastav, Vice President, eGovernments Foundation
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Market Concerns: Payal Malik, Economic Adviser, Competition Commission of India
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Digital Natives: Nishant Shah
3.00 p.m. – 3.15 p.m.	Tea-break
3.15 p.m. – 4.45 p.m.	Fieldwork Presentations

Day Five of the Internet Institute brought with it sessions related to themes of e-governance, market concerns of telecommunications, and so called “Digital Natives.”

eGovernance, Manu Srivastava
Vice President of the eGovernments Foundation, Manu Srivastava led a session on eGovernance—the utilization of the internet as a means of delivering government services communicating with citizens, businesses, and members of government. Manu examined the complexities of the eGovernance and barriers to implementation of eGovernance initiatives. Within discussion, participants examined the nuanced relationship between the government and citizens with the incorporation of other governing bodies in an eGovernance system, as well as new spaces for corruption to take place.

Market Concerns, Payal Malik
Payal Malik, Advisor of the Economics Division of the Competition Commission of India shared her knowledge on market concerns of the telecommunications industry, and exclaimed the importance of competition issues in such an industry as a tool to create greater good for a greater number of people. She demonstrated this importance by stating that affordability as a product of increased access can only be possible once there is enough investment, which generally only happens in a competitive market. In this way, we must set the conditions to make competition possible, as a tool to achieve certain objectives. Payal also demonstrated the economic benefits of telecommunications by stating that for every 10% increase in broadband penetration, increase in GDP of 1.3%. She also examined the broadband ecosystem in India and touched upon future possibilities of increased broadband penetration, such as for formers and the education sector.

Digital Natives, Nishant Shah
Nishant Shah shed some light on one of the areas that the Centre for Internet & Society looks at within their research scope, this being the “Digital Native.” As referred to by Nishant, the Digital Native is not to categorize a specific type of internet user, but can be said for simply any person who is performing a digital action, while doing away with this false dichotomy of age, location, and geography.

Nishant examines varying case studies in which “the digital is empowering natives to not merely be benefactors of change, but agents of change,” from the Blank Noise Project’s “I NEVER Ask for it…” campaign in efforts to rethink sexual violence, to Matt Harding’s foolish dancing with groups of individuals from all over the world.

As occurrences in the digital realm, however, these often political expressions may be rewritten by the network when picked up as a growing phenomenon, in order to make it accessible to online consumers by the masses. In doing so, the expression is removed from its political context and is presented in the form of nothing more than a fad. For this reason, Nishant stresses the need to become aware of the potential of the internet in becoming an “echo-chamber”—in which forms of expression are amplified and mimicked, resulting in a restructuring of the dynamics surrounding the subject—whether it be videos of boys lipsyncing to Backstreet Boys in their dorm room going viral, or a strong and malicious movement to punish the Chinese girl who had taken a video of her heinously and wickedly killing a kitten after locating her using the Human Flesh Search Engine.

Fieldwork Presentations, Groupwork

To end off the day, participant groups presented findings collated from the prior evening’s fieldwork exercise, in which they were to ask strangers in various public places of Pune questions pertaining to themes looked at from within this year’s Institute. Participants were divided into four groups and visited Pune’s FC Road, Mahatma Gandhi Road, and Central Mall.

Groups found that the majority of those interviews primarily accessed the phone via the mobile. There was also a common weariness of using the internet and concern for one’s privacy while doing so, especially with uploading photos to Facebook and online financial transactions. People were also generally concerned about using cyber cafes for fear of one’s accounts being hacked. Generally people suspected that so long as conversations are “private” (i.e. in one’s Facebook inbox), so too are they secure. Just as well, those interviewed shared a sense of security with the use of a password.

Day Six

February 16, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	Wikipedia: Dr. Abhijeet Safai
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Open Access: Muthu Madhan (TBC)
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Case Studies Groupwork
3.00 p.m. – 3.15 p.m.	Tea-break
3.15 p.m. – 4.45 p.m.	Case Studies Presentations

As the Institute came closer to its end, participants got the opportunity to hear from speakers on topics pertaining the Wikipedia editing in addition to Open Access to scholarly literature. Participants also worked together in groups to examine specific case studies referenced in previous sessions, and then presented their conclusions.

Wikipedia, Dr. Abhijeet Safai
The Institute was joined by Medical Officer of Clinical Research at Pune’s Symbiosis Centre of Health Care, Dr. Abhijeet Safai, who led a session on Wikipedia. Having edited over 3700 Wikipedia articles, Dr. Abhijeet was able to bring forth his expertise and familiarity in editing Wikipedia to participants so that they would be able to do the same. Introduced within this session were Wikipedia’s different fundamental pillars and codes of conducts to be complied with by all contributors, along with different features and components of Wikipedia articles that one should be aware of when contributing, such as how to cite sources and discuss the contents of an article with other contributors.

Open Access, Muthu Madhan
Muthu Madhan joined the Internet Institute while speaking on Open Access (OA) to scholarly literature. Within his session, Muthu examined the historical context within which the scholarly journal had arisen and how the idea of Open Access began within this space. The presence of Open Access in India and other developing nations was also examined in this session, and the concept of Open Data, introduced.

Case Studies, Groupworks

Participants were split up into groups and assigned particular case studies looked at briefly in previous sessions. Case studies included #thingsdarkiessay, a once trending Twitter hashtag in South Africa which had offended many Americans for its use of “darkie” as a derogatory term; the literary novel, The Hindus, which offers an alternative narrative of Hindu history had been banned in India for obscenity; a case in which several users’ avatars had been controlled by another in a virtual community and forced to perform sexual acts, referred to as A Rape Happened in Cyber Space; and lastly, a pornographic submission website, Is Anyone Up?, for which content was largely derived from “revenge porn.” Each group then presented on the various perspectives surrounding the issue at hand.

The Cyborg, Nishant Shah
Nishant Shah led an off-agenda session in the evening looking more closely at the notion of the human cyborg. Nishant deconstructs humanity’s relationship to technology, in suggesting that we “think of the human as produced with the technologies… not who produces technology.” Nishant explores the Digital Native as an attained identity for those who, because of technology, restructure and reinvent his or her environment—offline as well as online. Among other ideas shared, Nishant refers to works by Haraway on the human cyborg in illustrating our dependency on technology and our need to care for these technologies we depend on.

Day Seven

February 17, 2014

Time	Detail
9.30 a.m. – 11.00 a.m.	Internet Activism: Laura Stein, Associate Professor, University of Texas and Fulbright Fellow
11.00 a.m. – 11.15 a.m.	Tea-break
11.15 a.m. – 12.45 p.m.	Domestic and International Bodies: Chinmayi Arun, Research Director
12.45 p.m. – 1.30 p.m.	Lunch
1.30 p.m. – 3.00 p.m.	Participant Presentations
3.00 p.m. – 3.15 p.m.	Tea-break
3.15 p.m. – 4.45 p.m.	Hot Question Challenge

The last day of the week-long Internet Institute examined concepts of Internet Activism and Domestic and International Bodies. Some participants led presentations on topics of personal familiarity, before a final wrap-up exercise, calling upon individuals to share any new formulations resulting from the Institute.

Internet Activism, Laura Stein

Associate Professor from the University of Texas, Laura Stein, spoke on activism on the internet. Laura examined some grassroots organizations and movements taking place on the online and the benefits that the internet brings in facilitating their impact, such as its associated low costs, accessibility and possibility for anonymity. Despite the positive effects catalyzed by the internet, Laura stresses that the “laying field is still unequal, and movements are not simply transformed by technology.” Some of the websites exemplifying online activism that were examined within this session includes the It Gets Better Project, which aims to give hope to LGBT youth facing harassment, and the national election watch by the Association for Democratic Reforms. Additionally, Laura spoke on public communication policy, comparing that of the US and India, and how this area of policy may influence media content and practice.

Domestic and International Bodies, Chinmayi Arun
As the Internet Institute’s final speaker, Research Director for Communication Governance at National Law University , Chinmayi Arun, explores the network of factors that affect one’s behavior on the internet—these including: social norms, the law, the markets, and architecture. In referring to Lawrence Lessig’s pathetic dot theory, Chinmayi illustrates how individual’s—the pathetic dots in question—are functions of the interactions of these factors, and in this sense, regulated, and stresses the essential need to understand the system, in order to effectively change the dynamics within it. It is worth noting that not all pathetic dots are equal, and Google’s dot, for example, will be drastically bigger than a single user’s, having more leveraging power within the network of internet bodies. Also demonstrated, is the fact that we must acknowledge the need for regulation by the law to some extent, otherwise, the internet would be a black box where anything goes, putting one’s security at risk of violation.

Hot Question Challenge
The very last exercise of the Institute entailed participants asking each other questions on demand, relating back to different themes looked at within the last week. Participants had the chance, here, to bridge together concepts across sessions, as well as formulate their own opinions, while posing questions to others that they, themselves, were still curious about.

For more details visit https://cis-india.org/telecom/blog/institute-for-internet-society-2014-pune

INSAF National Convention on Crisis of Capitalism and brazen onslaught on DEMOCRACY

praskrishna — 2013-12-26T10:18:35Z

Snehashish Ghosh is participating in this event as a speaker.

Ever since the Neo-liberal agenda began to unfold 22 years back, the democratic spaces within Indian polity have been squeezing continuously and the present scenario of run up to 2014 elections is reflecting the state of disarray in parliamentary democracy. The mainstream discourse appears to have deliberately failed in bringing out the intrinsic relationship between ‘capitalism’; its ‘crisis’ and ‘democracy’ to the core of analyzing and understanding the present amnesia in political process.

The characteristics of crony, fictitious, lumpen and speculative Capital that is on the driving seat of contemporary phase of capitalism are mirrored in the operational levels of parliamentary democracy - from governance to electoral process- in the form of corporate influences on policies and decision making, rampant corruption at the pinnacle of power, control of money and muscle-power in politics.

It is, therefore, important to bring out the correlation between the ensuing crisis in global capitalism - including in India - and the impending crisis in our democracy - to the fore. The divergence in the requirements of the neo-liberal phase of capitalism and ‘democracy’ as its analogous political system seems to be the key in explaining the despair engulfing Indian polity at present. The attempts to transform ‘Democracies’ into ‘Corporatocracies’ that we see today, also emanate from this despondency alone.

Last two decades have also seen the institution of ‘State’ posturing itself more and more aggressively against its own people in order to fulfill its obligations to international financial & trade institutions so to serve the interest of global capital. In such a course, it has extensively resorted to adopt the instrument of ‘fabricating’ cases against the voices of opposition to the interests of the global capital.

Though the instrument of ‘fabrication’ is not new to the ‘State Craft’ but this time it is being used in a targeted and selective manner. Not only the existing criminal laws have been used for this purpose but new laws like UAPA and various state ‘security laws’ were created during this period to meet this requirement.

The ‘Indian State’ is also proceeding feverishly to create a surveillance state through various means of ‘electronic surveillance’ using cutting edge technologies to track mobile phones, internet usage, emails etc. at home while colluding with U.S. military and security establishment internationally against other nations. The business of creating and sharing of its citizen’s databases (both demographic & biometrics etc) has been promoted by Indian establishment by subverting the Constitution, existing norms of parliamentary democracy and citizens’ rights.

It is in this context that INSAF has decided to hold its two day National Convention 2013.

Programme Schedule

Day 1: Crisis of Capitalism and brazen onslaught on DEMOCRACY

10.00 10.30	Registration & Tea/Coffee
10.30 11.00	Introduction by Anil Chaudhary
11.00 13.00	Inaugural address by eminent writer and journalist P. Sainath Chaired by Justice Rajinder Sachar
13.00 14.30	Lunch
14.30 17.30	Panel Discussion: Prof. Vibhuti Patel (Director, Centre for Study of Social Exclusion and Inclusive Policy, SNDT Women's University, Mumbai) Prof. Achin Vanaik (Former Dean of Social Sciences, Delhi University) Prof. Ramesh Dixit (Lucknow, UP)

Day 2: Surveillance state and perils of DEMOCRACY

10.00 10.30	Panel Discussion Dr. Usha Ramanathan (Law researcher and activist, New Delhi) Prabir Purkayastha (Delhi Science Forum) Ms. Subi Chaturvedi (Asstt. Prof. of Journalism Communication, Lady Shri Ram College for Women, Delhi Univ. Founder Hon. Managing Trustee, Media For Change) Snehashish Ghosh (Centre for Internet & Society) Chaired by Ms. Kalyani Menon-Sen (Feminist activist & researcher)
13.00 14.00	Lunch
14.00 16.30	Panel Discussion: Suppressing dissent: Stifling NGOs via FCRA Kabir Dixit (Advocate, Supreme Court of India) Mathew Cherian (Chairperson, Credibility Alliance) Chaired by Sanjay Parikh (Human Rights activist and Advocate, Supreme Court of India)
16.30 17.00	Tea/Coffee

For more details visit https://cis-india.org/news/insafnational-convention-on-crisis

Inputs to the Working Group on Enhanced Cooperation on Public Policy Issues Pertaining to the Internet (WGEC)

Sunil Abraham and Vidushi Marda, with inputs from Pranesh Prakash — 2016-12-17T00:20:56Z

The Centre for Internet & Society (CIS) submitted inputs to the Working Group on Enhanced Cooperation on Public Policy Issues Pertaining to the Internet (WGEC) on 15 December 2016. The WGEC sought inputs on two questions that will guide the next meeting of the Working Group which is scheduled to take place on the 26-27 January 2017.

What are the high level characteristics of enhanced cooperation?

The Tunis Agenda leaves the term “enhanced cooperation” unclearly defined. What is clear, however, is that enhanced cooperation is distinct from the Internet Governance Forum.
According to Paragraph 69 of the Tunis Agenda, enhanced cooperation will enable "governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues." In other words enhanced cooperation should result in in the development and enforcement of international public policy and only "day-to-day technical and operational matters" with no public policy impact and national public policy is exempt from government-to-government enhanced cooperation.
According to Paragraph 70, enhanced cooperation includes "development of globally-applicable principles on public policy issues associated with the coordination and management of critical Internet resources." According to the paragraph, “organizations responsible for essential tasks associated with the

Internet should create an environment that facilitates this development of these principles using "relevant international organizations". In other words, both Internet institutions [ICANN, ISOC and RIRs] and multilateral organisations [WIPO, ITU, UNESCO etc] should be used to develop principles.

Paragraph 71 gives some further clarity. According to this paragraph, the process for enhanced cooperation should 1) be “started by the UN Secretary General” 2) "involve all stakeholders in their respective roles" 3) "proceed as quickly as possible" 4) be "consistent with legal process" 5) "be responsive to innovation".
Again according to Paragraph 71, enhanced cooperation should be commenced by "relevant organisations" and should involve "all stakeholders". But only the "relevant organisations shall be requested to provide annual performance reports." Enhanced cooperation as envisioned in the Tunis Agenda, therefore, calls for a multistakeholder model where each constituency leads the process of developing principles and self-regulatory mechanisms that does involve all stakeholders at all stages, but rather, one that requires participation from relevant stakeholders in accordance with the issue at hand at the relevant stage.
For government-to-government enhanced cooperation, governments need to agree on what is within the exclusive realm of "national public policy" for ex. national security, intellectual property policy, and protection of children online. Governments also need to agree on what is within the remit of “international public policy” for ex. cross border taxation, cross border criminal investigations, cross border hate speech. Once this is done, the governments of the world should pursue the development and enforcement of international law and norms at the appropriate forums if they exist or alternatively they must create new forums that are appropriate.
For enhanced cooperation with respect to non-government "relevant organisations" [different sub-groups within the private sector, technical community and civil society], we believe that the requirements of Paragraph 71 can be understood to mean that enhanced cooperation is the “development of self regulatory norms” as a complement to traditional multilateral norm setting and international law making envisioned in Paragraph 69. In other words, the real utility of the multi-stakeholder model is self-regulation by the private sector. Besides the government, it is the private sector that has the greatest capacity for harm and therefore is in urgent need of regulation. The multistakeholder model will best serve its purpose if the end result is that the private sector self-regulates. Most of the harm emerging from large corporations can only be addressed if they agree amongst themselves. Having a centralised or homogenous model of enhanced cooperation will not suffice, the model of cooperation should be flexible in accordance with the issue being brought to the table.

Taking into consideration the work of the previous WGEC and the Tunis Agenda, particularly paragraphs 69-71, what kind of recommendations should we consider?

The previous work of the WGEC is useful as a mapping exercise. However, the working group was unable to agree on a definition of Enhanced Cooperation. In our previous response we have clearly indicated that enhanced cooperation is 1) development of international law and norms by governments at appropriate international/multilateral fora 2) articulation of principles by "organizations responsible for essential tasks associated with the Internet" and "relevant international organizations" and 3) development of self-regulatory norms and enforcement mechanisms by private sector, technical community and civil society with a priority for the private sector because they have the greatest potential after government for harms. To repeat, the Tunis Agenda makes it very clear that enhanced cooperation is distinct from the IGF. If the IGF is only the learning forum, we need a governance forum like ICANN so that different constituencies can develop self regulatory norms and enforcement mechanisms with inputs from other stakeholder constituencies and the public at large.

For more details visit https://cis-india.org/internet-governance/blog/cis-inputs-to-the-working-group-on-enhanced-cooperation-on-public-policy-issues-pertaining-to-the-internet-wgec

Informational Privacy in India: An Emerging Discourse

Admin — 2018-12-01T05:40:31Z

Centre for Policy Research supported by Omidyar Network organized this event in New Delhi on November 29, 2018. Amber Sinha was a speaker on the first panel on privacy and its tradeoffs.

Concept Note

The last few years have seen a formalisation of the right to informational privacy within India’s constitutional framework. While the context to this – the challenge to the validity of the Aadhaar project – has entailed broader issues on delivery of public goods and services, the response to whether an individual can assert control over key informational aspects of her life has become a critical part of our rights jurisprudence.

The Supreme Court verdict in Justice Puttaswamy’s case (2017) unequivocally affirmed this right despite leaving open several important aspects including the permissibility of restrictions on this right, and the level of scrutiny which the judiciary could exercise to safeguard them. What was particularly striking was the judicial reliance on considerable scholarship emerging from India and Indian scholars on important themes pertaining to this right: the differing conceptions of privacy and the role for each of them within India’s constitutional framework; the impact of privacy erosion on citizen-State relationship and private transactions in the commercial realm; surveillance tools and technologies in India; the need for an indigenous data protection law, and much more. The court has picked up on this thread in the second Puttaswamy verdict upholding the constitutional validity of Aadhaar with some important caveats and exceptions.

Recently, the Expert Committee headed by retired Justice Srikrishna also convened to come out with a draft personal data protection bill. The centrality of data to both commercial activity and governance purposes has found recognition in this bill. While the present legal regime to regulate data in India can be considered chequered at best with divergent regulations across finance, healthcare, telecom, mobility etc., the new bill aims to create a “big data-ready” framework. It impacts any private enterprise handling personal data by stipulating new internal procedures and strong penalties. The major themes in the bill are new user rights for data principals (individuals) who share their data with data fiduciaries (technology companies); data localisation and crossborder data flows; data protection authority (DPA) and its powers; data fiduciaries and new compliance requirements; and exceptions including law enforcement. Each of these carries major implications for data-driven solutions.

During the deliberations of the Committee too, substantial Indian scholarship on the themes listed above have been referenced and relied upon. This is truly a breakout moment for privacy and data protection in India. It is changing the terrain of institutional responses to personal data, technology architectures, and digital trade.

Discussion Objectives and Format

With the above background, the Centre for Policy Research conducted a closed-door, invite only discussion on November 29, 2018 on the theme Informational Privacy in India: An Emerging Discourse. This discussion sought to engage with representatives from embassies, chambers of commerce and research funding organisations located in India. It took place from 10.00 to 13.00 hours at the Taj Vivanta Ambassador, Sujan Singh Park off Subramaniam Bharti Marg, New Delhi 110003.

The core objectives driving this workshop were to:

Highlight informational privacy debates in India;
Locate informational privacy within India’s constitutional setting, closely re-examining the Supreme Court verdicts in this regard;
Explore themes such as the notice-and-consent framework, regulatory interventions and structural changes, and other key themes on privacy and data protection in India;
Demystify concepts introduced to strengthen personal data protection, including actor and data categories, and new user rights, and their potential impact on technology design;
Highlight the ramifications of data localization and cross-border data transfer restrictions, on digital trade and e-commerce;
Decode the new structural mechanisms proposed to mitigate risks in collection, storage, and processing of personal data;
Identify the impact of these mechanisms on the functioning of data-driven businesses and the future of data innovation in India.

Click to view the agenda

For more details visit https://cis-india.org/internet-governance/news/informational-privacy-in-india-an-emerging-discourse

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

jdine — 2013-07-06T01:51:58Z

Rules under section 69(2) of the Information Technology Act, 2008 (after the 2008 amendment).

G.S.R. 780 (E).— In exercise of the powers conferred by clause (y) of sub-section (2) of section 87, read with sub-section (2) of section 69 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,--

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in some manner and include both a direct communication and an indirect communication”;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means--

(i) the Secretary in the Ministry of Home Affairs, in case of the Central Government; or

(ii) the Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “decryption” means the process of conversion of information in non-intelligible form to an intelligible form via a mathematical formula, code, password or algorithm or a combination thereof;

(g) “decryption assistance” means any assistance to--

(i) allow access, to the extent possible, to encrypted information; or

(ii) facilitate conversion of encrypted information into an intelligible form;

(h) “decryption direction” means a direction issued under Rule (3) in which a decryption key holder is directed to--

(i) disclose a decryption key; or

(ii) provide decryption assistance in respect of encrypted information

(i) “decryption key” means any key, mathematical formula, code, password, algorithm or any other data which is used to--

(i) allow access to encrypted information; or

(ii) facilitate the conversion of encrypted information into an intelligible form;

(j) “decryption key holder” means any person who deploys the decryption mechanism and who is in possession of a decryption key for purposes of subsequent decryption of encrypted information relating to direct or indirect communications;

(k) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(l) “intercept” with its grammatical variations and cognate expressions, means the aural or other acquisition of the contents of any information through the use of any means, including an interception device, so as to make some or all of the contents of an information available to a person other than the sender or recipient or intended recipient of that communication, and includes--

(a) monitoring of any such information by means of a monitoring device;

(b) viewing, examination or inspection of the contents of any direct or indirect information; and

(c) diversion of any direct or indirect information from its intended destination to any other destination to any other destination;

(m) “interception device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to intercept any information; and any reference to an “interception device” includes, where applicable, a reference to a “monitoring device”;

(n) “intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;

(o) “monitor” with its grammatical variations and cognate expressions, includes to view or to inspect or listen to or record information by means of a monitoring device;

(p) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or to inspect or listen to or record any information;

(q) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Direction for interception or monitoring or decryption of any information.— No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act, except by an order issued by the competent authority;

Provided that in an unavoidable circumstances, such order may be issued by an officer, not below the rank of Joint Secretary of the Government of India, who has been duly authorised by the competent authority;

Provided further that in a case of emergency--

(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or

(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,

the interception or monitoring of decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the Head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said security agency) at the Central level and the officer authorised in this behalf, not below the rank of the inspector General of Police or an officer of equivalent rank, at the State or Union territory level;

Provided also that the officer, who approved such interception or monitoring or decryption of information in case of emergency, shall inform in writing to the competent authority about the emergency and of such interception or monitoring or decryption within three working days and obtain the approval of the competent authority thereon within a period of seven working days and if the approval of competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.

4. Authorisation of agency of Government.— The competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted received or stored in any computer resource for the purpose specified in sub-section (1) of section 69 of the Act.

5. Issue of decryption direction by competent authority.— The competent authority may, under Rule (3), give any decryption direction to the decryption key holder for decryption of any information involving a computer resource or part thereof.

6. Interception or monitoring or decryption of information by a State beyond its jurisdiction.— Notwithstanding anything contained in Rule (3), if a State Government or Union territory Administration requires any interception or monitoring or decryption of information beyond its territorial jurisdiction, the Secretary in-charge of the Home Department in that State or Union territory, as the case may be, shall make a request to the Secretary in the Ministry of Home Affairs, Government of India for issuing direction to the appropriate authority for such interception or monitoring or decryption of information.

7. Contents for direction.— Any direction issued by the competent authority under Rule (3) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee within a period of seven working days.

8. Competent authority to consider alternative means in acquiring information.— The competent authority shall, before issuing any direction under Rule (3), consider possibility of acquiring the necessary information by other means and the direction under Rule (3) shall be issued only when it is not possible to acquire the information by any other reasonable means.

9. Direction of interception or monitoring or decryption of any specific information.— The direction of interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource shall be of any information as is sent to or from any person or class of persons or relating to any particular subject whether such information or class of information are received with one or more computer resources, or being a computer resource likely to be used for the generation, transmission, receiving, storing of information from or to one particular person or one or many set of premises, as may be specified or described in the direction.

10. Direction to specify the name and designation of the officer to whom information to be disclosed.— Every directions under Rule (3) shall specify the name and designation of the officer of the authorised agency to whom the intercepted or monitored or decrypted or stored information shall be disclosed and also specify that the use of intercepted or monitored or decrypted information shall be subject to the provisions of sub-section (1) of section 69 of the said Act.

11. Period within which direction shall remain in force.— The direction for interception or monitoring or decryption shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of its issue and may be renewed from time to time for such period not exceeding the total period of one hundred and eighty days.

12. Authorised agency to designate nodal officer.— The agency authorised by the competent authority under Rule (4) shall designate one or more nodal officer, not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption to the designated officers of the concerned intermediaries or person in-charge of computer resource;

Provided that an officer, not below the rank of Inspector of Police or officer of equivalent rank, shall deliver the requisition to the designated officer of the intermediary.

13. Intermediary to provide facilities, etc.—

(1) The officer issuing the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption of information shall also make a request in writing to the designated officers of intermediary or person in-charge of computer resources, to provide all facilities, co-operation and assistance for interception or monitoring or decryption mentioned in the directions.

(2) On the receipt of request under sub-rule (1), the designated officers of intermediary or person in-charge of computer resources, shall provide all facilitates, co-operation and assistance for interception or monitoring or decryption of information mentioned in the direction.

(3) Any direction of decryption of information issued under Rule (3) to intermediary shall be limited to the extent the information is encrypted by the intermediary or the intermediary has control over the decryption key.

14. Intermediary to designate officers to receive and handle.— Every intermediary or person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition, from the nodal officer for interception or monitoring or decryption of information generation, transmitted, received or stored in any computer resource.

15. Acknowledgement of instruction.— The designated officer of the intermediary or person in-charge of computer resources shall acknowledge the instructions received by him through letters or fax or e-mail signed with electronic signature to the nodal officer of the concerned agency within two hours on receipt of such intimation or direction for interception or monitoring or decryption of information.

16. Maintenance of records by designated officer.— The designated officer of intermediary or person in-charge of computer resource authorised to intercept or monitor or decrypt any information shall maintain proper records mentioning therein, the intercepted or monitored or decrypted information, the particulars of persons, computer resource, e-mail account, website address, etc. whose information has been intercepted or monitored or decrypted, the name and other particulars of the officer or the authority to whom the intercepted or monitored or decrypted information has been disclosed, the number of copies, including corresponding electronic records of the intercepted or monitored or decrypted information made and the mode of the method by which such copies, including corresponding electronic records are made, the date of destruction of the copies, including corresponding electronic record and the duration within which the directions remain in force.

17. Decryption key holder to disclose decryption key or provide decryption assistance.— If a decryption direction or a copy thereof is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer referred to in Rule (12), the decryption key holder shall within the period mentioned in the decryption direction--

(a) disclose the decryption key; or

(b) provide the decryption assistance,

specified in the decryption direction to the concerned authorised person.

18. Submission of the list of interception or monitoring or decryption of information.—
(1) The designated officers of the intermediary or person in-charge of computer resources shall forward in every fifteen days a list of interception or monitoring or decryption authorisations received by them during the preceding fortnight to the nodal officers of the agencies authorised under Rule (4) for confirmation of the authenticity of such authorisations.
(2) The list referred to in sub-rule (1) shall include details, such as the reference and date of orders of the concerned competent authority including any order issued under emergency cases, date and time of receipt of such order and the date and time of implementation of such order.

19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or the person in-charge of the computer resource so directed under Rule (3), shall provide technical assistance and the equipment including hardware, software, firmware, storage, interface and access to the equipment wherever requested by the agency authorised under Rule (4) for performing interception or monitoring or decryption including for the purposes of--

(i) the installation of equipment of the agency authorised under Rule (4) for the purposes of interception or monitoring or decryption or accessing stored information in accordance with directions by the nodal officer; or

(ii) the maintenance, testing or use of such equipment; or

(iii) the removal of such equipment; or

(iv) the performance of any action required for accessing of stored information under the direction issued by the competent authority under Rule (3).

20. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure the unauthorised interception of information does not take place and extreme secrecy is maintained and utmost care and precaution shall be taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary and no other person of the intermediary or person in-charge of computer resources shall have access to such intercepted or monitored or decrypted information.

21. Responsibility of intermediary.— The intermediary or person in-charge of computer resources shall be responsible for any action of their employees also and in case of violation pertaining to maintenance of secrecy and confidentiality of information or any unauthorised interception or monitoring or decryption of information, the intermediary or person in-charge of computer resources shall be liable for any action under the relevant provisions of the laws for the time being in force.

22. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (3) are in accordance with the provisions of sub-section (2) of section 69 of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issues order for destruction of the copies, including corresponding electronic record of the intercepted or monitored or decrypted information.

23. Destruction of records of interception or monitoring or decryption of information.—

(1) Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency in every six months except in a case where such information is required, or likely to be required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complain or legal proceedings, the intermediary or person in-charge of computer resources shall destroy records pertaining to directions for interception of information within a period of two months of discontinuance of the interception or monitoring or decryption of such information and in doing so they shall maintain extreme secrecy.

24. Prohibition of interception or monitoring or decryption of information without authorisation.—

(1) Any person who intentionally or knowingly, without authorisation under Rule (3) or Rule (4), intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.

(2) Any interception, monitoring or decryption of information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely--

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub-rule (2).

25. Prohibition of disclosure of intercepted or monitored decrypted information.—

(1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under Rule (10).

(2) The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under Rule (4) for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.

(3) Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.

(4) Save as otherwise provided in sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009

Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009

smita — 2012-11-21T09:32:36Z

G.S.R.781 (E).-- In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, read with sub-section (2) of section 69A of the Information Technology Act 2000, (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.--
(1) These rules may be called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.
(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.--
In these rules, unless the context otherwise requires,-
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "computer resource" means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(c) "Designated Officer" means an officer designated as Designated Officer under rule 3;
(d) "Form" means a form appended to these rules;
(e) "intermediary" means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(f) "nodal officer" means the nodal officer designated as such under rule 4;
(g) "organisation" means -
(i) Ministries or Departments of the Government of ;
(ii) state Governments and Union territories;
(iii) any agency of the Central Government, as may be notified in the Official Gazette, by the Central Government;
(h) "request" means the request for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource;
(i) "Review Committee" means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Designated Officer.--
The Central Government shall designate by notification in Official Gazette, an officer of the Central Government not below the rank of a Joint Secretary, as the "Designated Officer", for the purpose of issuing direction for blocking for access by the public any information generated, transmitted, received, stored or hosted in any computer resource under sub-section (2) of section 69A of the Act.

4. Nodal officer of organisation.--
Every organisation for the purpose of these rules, shall designate one of its officer as the Nodal Officer and shall intimate the same to the Central Government in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India and also publish the name of the said Nodal Officer on their website.

5. Direction by Designated Officer.--
The Designated Officer may, on receipt of any request from the Nodal Officer of an organisation or a competent court, by order direct any Agency of the Government or intermediary to block for access by the public any information or part thereof generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in sub-section (1) of section 69A of the Act.

6. Forwarding of request by organisation.--
(1) Any person may send their complaint to the Nodal Officer of the concerned organisation for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource:
Provided that any request, other than the one from the Nodal Officer of the organisation, shall be sent with the approval of the Chief Secretary of the concerned State or territory to the Designated Officer:
Provided further that in case a Union territory has no Chief Secretary, then, such request may be approved by the Adviser to the Administrator of that Union territory.
(2) The organisation shall examine the complaint received under sub-rule (1) to satisfy themselves about the need for taking of action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act and after being satisfied, it shall send the request through its Nodal Officer to the Designated Officer in the format specified in the Form appended to these rules.
(3) The Designated Officer shall not entertain any complaint or request for blocking of information directly from any person.
(4) The request shall be in writing on the letter head of the respective organisation, complete in all respects and may be sent either by mail or by fax or by e-mail signed with electronic signature of the Nodal Officer:
Provided that in case the request is sent by fax or by e-mail which is not signed with electronic signature, the Nodal Officer shall provide a signed copy of the request so as to reach the Designated Officer within a period of three days of receipt of the request by such fax or e-mail.
(5) On receipt, each request shall be assigned a number alongwith the date and time of its receipt by the Designated Officer and he shall acknowledge the receipt thereof to the Nodal Officer within a period of twenty four hours of its receipt.

7. Committee for examination of request.--
The request alongwith the printed sample content of the alleged offending information or part thereof shall be examined by a committee consisting of the Designated Officer as its chairperson and representatives, not below the rank of Joint Secretary in Ministries of Law and Justice, Home Affairs, Information and Broadcasting and the Indian Computer Emergency Response Team appointed under sub-section (1) of section 70B of the Act.

8. Examination of request.--
(1) On receipt of request under rule 6, the Designated Officer shall make all reasonable efforts to identify the person or intermediary who has hosted the information or part thereof as well as the computer resource on which such information or part thereof is being hosted and where he is able to identify such person or intermediary and the computer resource hosting the information or part thereof which have been requested to be blocked for public access, he shall issue a notice by way of letters or fax or e-mail signed with electronic signatures to such person or intermediary in control of such computer resource to appear and submit their reply and clarifications, if any, before the committee referred to in rule 7, at a specified date and time, which shall not be less than forty-eight hours from the time of receipt of such notice by such person or intermediary.
(2) In case of non-appearance of such person or intermediary, who has been served with the notice under sub-rule (1), before the committee on such specified date and time, the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(3) In case, such a person or intermediary, who has been served with the notice under sub-rule (1), is a foreign entity or body corporate as identified by the Designated Officer, notice shall be sent by way of letters or fax or e-mail signed with electronic signatures to such foreign entity or body corporate and any such foreign entity or body corporate shall respond to such a notice within the time specified therein, failing which the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(4) The committee referred to in rule 7 shall examine the request and printed sample information and consider whether the request is covered within the scope of sub-section (1) of section 69A of the Act and that it is justifiable to block such information or part thereof and shall give specific recommendation in writing with respect to the request received from the Nodal Officer.
(5) The designated Officer shall submit the recommendation of the committee, in respect of the request for blocking of information alongwith the details sent by the Nodal Officer, to the Secretary in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India (hereinafter referred to as the "Secretary, Department of Information Technology").
(6) The Designated Officer, on approval of the request by the Secretary, Department of Information Technology, shall direct any agency of the Government or the intermediary to block the offending information generated, transmitted, received, stored or hosted in their computer resource for public access within the time limit specified in the direction:
Provided that in case the request of the Nodal Officer is not approved by the Secretary, Department of Information Technology, the Designated Officer shall convey the same to such Nodal Officer.

9. Blocking of information in cases of emergency.--
(1) Notwithstanding anything contained in rules 7 and 8, the Designated Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the request and printed sample information and consider whether the request is within the scope of sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit the request with specific recommendations in writing to Secretary, Department of Information Technology.
(2) In a case of emergency nature, the Secretary, Department of Information Technology may, if he is satisfied that it is necessary or expedient and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing, as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.
(3) The Designated Officer, at the earliest but not later than forty-eight hours of issue of direction under sub-rule (2), shall bring the request before the committee referred to in rule 7 for its consideration and recommendation.
(4) On receipt of recommendations of committee, Secretary, Department of Information Technology, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary, Department of Information Technology in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person or intermediary in control of such information shall be accordingly directed to unblock the information for public access.

10. Process of order of court for blocking of information.--
In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed by the court.

11. Expeditious disposal of request.--
The request received from the Nodal Officer shall be decided expeditiously which in no case shall be more than seven working days from the date of receipt of the request.

12. Action for non-compliance of direction by intermediary.--
In case the intermediary fails to comply with the direction issued to him under rule 9, the Designated Officer shall, with the prior approval of the Secretary, Department of Information Technology, initiate appropriate action as may be required to comply with the provisions of sub-section (3) of section 69A of the Act.

13. Intermediary to designate one person to receive and handle directions.--
(1) Every intermediary shall designate at feast one person to receive and handle the directions for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource under these rules.
(2) The designated person of the Intermediary shall acknowledge receipt of the directions to the Designated Officer within two hours on receipt of the direction through acknowledgement letter or fax or e-mail signed with electronic signature.

14. Meeting of Review Committee.--
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under these rules are in accordance with the provisions of sub-section (1) of section 69A of the Act and if is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

15. Maintenance of records by Designated Officer.--
The Designated Officer shall maintain complete record of the request received and action taken thereof, in electronic database and also in register of the cases of blocking for public access of the information generated, transmitted, received, stored or hosted in a computer resource.

16. Requests and complaints to be confidential.--
Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof.

FORM
[See rule 6(2)]
A. Complaint
1. Name of the complainant: --___________________________________________
(Person who has sent the complaint to the Govt./Nodal Officer)
2. Address :________________________________________________________
________________________________________________________________
City :______________________ Pin Code:______________
3. Telephone :______________ (prefix STD code) 4. Fax (if any):__________
5. (if any):_____________________________
6. Email (if any):_____________________________________________
B : Details of website/ computer resource/intermediary/ offending Information hosted on the website
(Please give details wherever known)
7. URL / web address :________________________________
8. IP Address :___________________________
9. Hyperlink:____________________________
10. Server/Proxy Server address :__________________________________
11. Name of the Intermediary :___________________________________
12. URL of the Intermediary :____________________________________
(Please attach screenshot/printout of the offending information)
13. Address or location of intermediary in case the intermediary is telecom service provider, network service provider, internet service provider, web-hosting service provider and cyber cafe or other form of intermediary for which information under points (7), (8), (9), (10), (11) and (12) are not available.
_______________________________________________________
_______________________________________________________
_______________________________________________________
C. Details of Request for blocking
14. Recommendation/Comments of the Ministry/State Govt :______________________
________________________________________________________________________
________________________________________________________________________
15. The level at which the comments/ recommendation have been approved
(Please specify designation):__________________________________________
16. Have the complaint been examined in Ministry/State Government: Y/N
17. If yes, under which of the following reasons it falls (please tick):
(i) Interest of sovereignty or integrity of
(ii) Defence of
(iii) Security of the State
(iv) Friendly relations with foreign States
(v) Public order
(vi) For preventing incitement to the commission of any cognisable offence relating to above
D. Details of the Nodal Officer forwarding the complaint alongwith recommendation of the Ministry/State Govt. and related enclosures
18. Name of the Nodal Officer:_____________________________________________
19. Designation :___________________________________________________
20. organisation :________________________________________________________
21. Address : ______________________________________________________
City :______________________ Pin Code:______________
22. Telephone:________________(prefix STD code) 23. Fax (if any):____________
24. (if any):_____________________________
25. Email (if any):_____________________________________________
E. Any other information :
F. Enclosures :

1.
2.
3
Date: Place: Signature

For more details visit https://cis-india.org/internet-governance/resources/information-technology-procedure-and-safeguards-for-blocking-for-access-of-information-by-public-rules-2009

Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009

jdine — 2013-04-25T04:49:05Z

Draft Rules under section 69B of the Information Technology (Amendment) Act, 2008 as notified by the Central Government.

G.S.R. 782 (E).— In exercise of the power conferred y clause (za) of sub-section (2) of section 87, read with sub-section (3) of section 69B of the Information Technology Act 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:—

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,—

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in come manner and include both a direct communication and an indirect communication;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means the Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service/disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;

(g) “cyber security breaches” means unauthorised acquisition or unauthorised use by a person of data or information that compromises the confidentiality, integrity or availability of information maintained in a computer resource;

(h) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(i) “information security practices” means implementation of security policies and standards in order to minimize the cyber security incidents and breaches;

(j) “intermediary” means an intermediary as defined by clause (w) of sub-section (1) of section 2 of the Act;

(k) “monitor” with its grammatical variations and cognate expressions, includes to view or inspect or to record or collect traffic data or information generated, transmitted, received or stored in a computer resource by means of a monitoring device;

(l) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or inspect or record or collect traffic data or information;

(m) “port” or “application port” means a set of software rules which identifies and permits communication between application to application, network to network, computer to computer, computer system to computer system;

(n) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951;

(o) “security policy” means documented business rules and processes for protecting information and the computer resource;

(p) “traffic data” means traffic data as defined in Explanation (ii) to section 69B of the Act.

3. Directions for monitoring.—

(1) No directions for monitoring and collection of traffic data or information under sub-section (3) of section 69B of the Act shall be issued, except by an order made by the competent authority.

(2) The competent authority may issue directions for monitoring for any or all of the following purposes related to cyber security, namely:-

(a) forecasting of imminent cyber incidents;

(b) monitoring network application with traffic data or information on computer resource;

(d) tracking cyber security breaches or cyber security incidents;

(e) tracking computer resource breaching cyber security or spreading virus or computer contaminants;

(f) identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security;

(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;

(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;

(i) any other matter relating to cyber security.

(3) Any direction issued by the competent authority under sub-rule (2) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee withing a period of seven working days.

(4) The direction of the competent authority for monitoring and collection of traffic data or information may include the monitoring and collection of traffic data or information from any person or class of persons or relating to any particular subject whether such traffic data or information, or class of traffic data of information, are received with one or more computer resources, being a computer resource likely to be used for generation, transmission, receiving, storing of traffic data or information from or to one particular person or one or many set of premises.

4. Authorised agency of government for monitoring and collection of traffic data or information.—

(1) The competent authority may authorise any agency of the government for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource.

(2) The agency authorised by the competent authority under sub-rule (1) shall designated one or more nodal officer, not below the rank of Deputy Secretary to the Government of India, for the purpose to authenticate and send the requisition conveying direction issued under rule 3 to the designated officers of the concerned intermediary or person in-charge of computer resources.

(3) The requisition under sub-rule (2) shall specify the name and designation of the officer or the agency to whom the monitored or collected traffic data or information is to be disclosed.

(4) The intermediaries or person in-charge of computer resource shall designate one or more officers to receive requisition and to handle such requisition from the nodal officer for monitoring or collection of traffic data or information.

(5) The requisition conveying directions for monitoring shall be conveyed to the designated officers of the intermediary or person in-charge of computer resources, in writing through letter or fax by the nodal officer or delivered, (including delivery by email signed with electronic signature), by an officer not below the rank of Under Secretary or officer of the equivalent rank.

(6) The nodal officer issuing the requisition conveying directions for monitoring under sub=rule (2) shall also make a request in writing to the designated officer of intermediary or person in-charge of computer resource for monitoring in accordance with the format indicated in such requisition and report the same to the officer designated under sub-rule (3).

(7) The nodal officer shall also make a request to the officer of intermediary or person in-charge of computer resource designated under sub-rule (4) to extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access or to secure and provide online access to the computer resource for monitoring and collecting traffic data or information.

(8) On receipt of requisition under sub-rule (2) conveying the direction issued under sub-rule (2) of rule 3 the designated officer of the intermediary or person in-charge of computer resource designated under sub-rule (4) shall acknowledge the receipt of requisition by way of letter or fax or electronically signed e-mail to the nodal officer within a period of two hours from the time of receipt of such requisition.

(9) The officer of the intermediary or person in-charge of computer resource designed under sub-rule (4) shall maintain proper records of the requisitions received by him.

(10) The designated officer of the intermediary or person in-charge of computer resource shall forward in every fifteen days a list of requisition conveying direction for monitoring or collection of traffic data or information to the nodal officer which shall include details such as the reference and date of requisition conveying direction of the concerned competent authority.

5. Intermediary to ensure effective check in handling monitoring or collection of traffic data or information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure that unauthorised monitoring or collection of traffic data or information does not take place and extreme secrecy is maintained and utmost care and precaution is taken in the matter of monitoring or collection of traffic data or information as it affects privacy of citizens and also that this matter is handled only by the designated officer of the intermediary or person in-charge of computer resource.

6. Responsibility of intermediary.— The intermediary or person in-charge of computer resource shall be responsible for the actions of their employees also, and in case of violation of the provision of the Act and rules made thereunder pertaining to maintenance of secrecy and confidentiality of information or any unauthorised monitoring or collection of traffic data or information, the intermediary or person in-charge of computer resource shall be liable for any action under the relevant provision of the laws for the time being in force.

7. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its finding whether the directions issued under sub-rule (2) of rule 3 are in accordance with the provisions of sub-section (3) of section 69B of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.

8. Destruction of records.—

(1) Every record, including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed by the designated officer after the expiry of a period of nine months from the receipt of direction or creation of record, whichever is later, except in a case where the traffic data or information is, or likely to be, required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information within a period of six months of discontinuance of the monitoring or collection of traffic data and in doing so they shall maintain extreme secrecy.

9. Prohibition of monitoring or collection of traffic data or information without authorisation.—

(1) Any person who, intentionally or knowingly, without authorisation under sub-rule (2) of rule 3 or sub-rule (1) of rule 4, monitors or collects traffic data or information, or attempts to monitor or collect traffic data or information, or authorises or assists any person to monitor or collect traffic data or information in the course of its occurrence or transmission at any place within India, shall be proceeded against, punished accordingly under the relevant provisions of the law for the time being in force.

(2) the monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely:—

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(4) The details of monitored or collected traffic data or information shall not be used or disclosed by intermediary or person in-charge of computer resource or any of its employees to any person other than the intended recipient of the said information under sub-rule (2) of rule 4. Any intermediary or its employees of person in-charge of computer resource who contravenes the provisions of this rule shall be proceeded against and punished accordingly under the relevant provisions of the Act or any other law for the time being in force.

10. Prohibition of disclosure of traffic data or information by authorised agency.— The details of monitored or collected traffic data or information shall not be used or disclosed by the agency authorised under sub-rule (1) of rule 4 for any other purpose, except for forecasting imminent cyber threats or general trend of port-wise traffic on Internet, or general analysis of cyber incidents, or for investigation or in judicial proceedings before the competent court in India.

11. Maintenance of confidentiality.— Save as otherwise provided in rule 10, strict confidentiality shall be maintained in respect of directions for monitoring or collection of traffic data or information issued by the competent authority under these rules.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009