We are anonymous, we are legion

Inputs to the Working Group on Enhanced Cooperation on Public Policy Issues Pertaining to the Internet (WGEC)

Sunil Abraham and Vidushi Marda, with inputs from Pranesh Prakash — 2016-12-17T00:20:56Z

The Centre for Internet & Society (CIS) submitted inputs to the Working Group on Enhanced Cooperation on Public Policy Issues Pertaining to the Internet (WGEC) on 15 December 2016. The WGEC sought inputs on two questions that will guide the next meeting of the Working Group which is scheduled to take place on the 26-27 January 2017.

What are the high level characteristics of enhanced cooperation?

The Tunis Agenda leaves the term “enhanced cooperation” unclearly defined. What is clear, however, is that enhanced cooperation is distinct from the Internet Governance Forum.
According to Paragraph 69 of the Tunis Agenda, enhanced cooperation will enable "governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues." In other words enhanced cooperation should result in in the development and enforcement of international public policy and only "day-to-day technical and operational matters" with no public policy impact and national public policy is exempt from government-to-government enhanced cooperation.
According to Paragraph 70, enhanced cooperation includes "development of globally-applicable principles on public policy issues associated with the coordination and management of critical Internet resources." According to the paragraph, “organizations responsible for essential tasks associated with the

Internet should create an environment that facilitates this development of these principles using "relevant international organizations". In other words, both Internet institutions [ICANN, ISOC and RIRs] and multilateral organisations [WIPO, ITU, UNESCO etc] should be used to develop principles.

Paragraph 71 gives some further clarity. According to this paragraph, the process for enhanced cooperation should 1) be “started by the UN Secretary General” 2) "involve all stakeholders in their respective roles" 3) "proceed as quickly as possible" 4) be "consistent with legal process" 5) "be responsive to innovation".
Again according to Paragraph 71, enhanced cooperation should be commenced by "relevant organisations" and should involve "all stakeholders". But only the "relevant organisations shall be requested to provide annual performance reports." Enhanced cooperation as envisioned in the Tunis Agenda, therefore, calls for a multistakeholder model where each constituency leads the process of developing principles and self-regulatory mechanisms that does involve all stakeholders at all stages, but rather, one that requires participation from relevant stakeholders in accordance with the issue at hand at the relevant stage.
For government-to-government enhanced cooperation, governments need to agree on what is within the exclusive realm of "national public policy" for ex. national security, intellectual property policy, and protection of children online. Governments also need to agree on what is within the remit of “international public policy” for ex. cross border taxation, cross border criminal investigations, cross border hate speech. Once this is done, the governments of the world should pursue the development and enforcement of international law and norms at the appropriate forums if they exist or alternatively they must create new forums that are appropriate.
For enhanced cooperation with respect to non-government "relevant organisations" [different sub-groups within the private sector, technical community and civil society], we believe that the requirements of Paragraph 71 can be understood to mean that enhanced cooperation is the “development of self regulatory norms” as a complement to traditional multilateral norm setting and international law making envisioned in Paragraph 69. In other words, the real utility of the multi-stakeholder model is self-regulation by the private sector. Besides the government, it is the private sector that has the greatest capacity for harm and therefore is in urgent need of regulation. The multistakeholder model will best serve its purpose if the end result is that the private sector self-regulates. Most of the harm emerging from large corporations can only be addressed if they agree amongst themselves. Having a centralised or homogenous model of enhanced cooperation will not suffice, the model of cooperation should be flexible in accordance with the issue being brought to the table.

Taking into consideration the work of the previous WGEC and the Tunis Agenda, particularly paragraphs 69-71, what kind of recommendations should we consider?

The previous work of the WGEC is useful as a mapping exercise. However, the working group was unable to agree on a definition of Enhanced Cooperation. In our previous response we have clearly indicated that enhanced cooperation is 1) development of international law and norms by governments at appropriate international/multilateral fora 2) articulation of principles by "organizations responsible for essential tasks associated with the Internet" and "relevant international organizations" and 3) development of self-regulatory norms and enforcement mechanisms by private sector, technical community and civil society with a priority for the private sector because they have the greatest potential after government for harms. To repeat, the Tunis Agenda makes it very clear that enhanced cooperation is distinct from the IGF. If the IGF is only the learning forum, we need a governance forum like ICANN so that different constituencies can develop self regulatory norms and enforcement mechanisms with inputs from other stakeholder constituencies and the public at large.

For more details visit https://cis-india.org/internet-governance/blog/cis-inputs-to-the-working-group-on-enhanced-cooperation-on-public-policy-issues-pertaining-to-the-internet-wgec

Informational Privacy in India: An Emerging Discourse

Admin — 2018-12-01T05:40:31Z

Centre for Policy Research supported by Omidyar Network organized this event in New Delhi on November 29, 2018. Amber Sinha was a speaker on the first panel on privacy and its tradeoffs.

Concept Note

The last few years have seen a formalisation of the right to informational privacy within India’s constitutional framework. While the context to this – the challenge to the validity of the Aadhaar project – has entailed broader issues on delivery of public goods and services, the response to whether an individual can assert control over key informational aspects of her life has become a critical part of our rights jurisprudence.

The Supreme Court verdict in Justice Puttaswamy’s case (2017) unequivocally affirmed this right despite leaving open several important aspects including the permissibility of restrictions on this right, and the level of scrutiny which the judiciary could exercise to safeguard them. What was particularly striking was the judicial reliance on considerable scholarship emerging from India and Indian scholars on important themes pertaining to this right: the differing conceptions of privacy and the role for each of them within India’s constitutional framework; the impact of privacy erosion on citizen-State relationship and private transactions in the commercial realm; surveillance tools and technologies in India; the need for an indigenous data protection law, and much more. The court has picked up on this thread in the second Puttaswamy verdict upholding the constitutional validity of Aadhaar with some important caveats and exceptions.

Recently, the Expert Committee headed by retired Justice Srikrishna also convened to come out with a draft personal data protection bill. The centrality of data to both commercial activity and governance purposes has found recognition in this bill. While the present legal regime to regulate data in India can be considered chequered at best with divergent regulations across finance, healthcare, telecom, mobility etc., the new bill aims to create a “big data-ready” framework. It impacts any private enterprise handling personal data by stipulating new internal procedures and strong penalties. The major themes in the bill are new user rights for data principals (individuals) who share their data with data fiduciaries (technology companies); data localisation and crossborder data flows; data protection authority (DPA) and its powers; data fiduciaries and new compliance requirements; and exceptions including law enforcement. Each of these carries major implications for data-driven solutions.

During the deliberations of the Committee too, substantial Indian scholarship on the themes listed above have been referenced and relied upon. This is truly a breakout moment for privacy and data protection in India. It is changing the terrain of institutional responses to personal data, technology architectures, and digital trade.

Discussion Objectives and Format

With the above background, the Centre for Policy Research conducted a closed-door, invite only discussion on November 29, 2018 on the theme Informational Privacy in India: An Emerging Discourse. This discussion sought to engage with representatives from embassies, chambers of commerce and research funding organisations located in India. It took place from 10.00 to 13.00 hours at the Taj Vivanta Ambassador, Sujan Singh Park off Subramaniam Bharti Marg, New Delhi 110003.

The core objectives driving this workshop were to:

Highlight informational privacy debates in India;
Locate informational privacy within India’s constitutional setting, closely re-examining the Supreme Court verdicts in this regard;
Explore themes such as the notice-and-consent framework, regulatory interventions and structural changes, and other key themes on privacy and data protection in India;
Demystify concepts introduced to strengthen personal data protection, including actor and data categories, and new user rights, and their potential impact on technology design;
Highlight the ramifications of data localization and cross-border data transfer restrictions, on digital trade and e-commerce;
Decode the new structural mechanisms proposed to mitigate risks in collection, storage, and processing of personal data;
Identify the impact of these mechanisms on the functioning of data-driven businesses and the future of data innovation in India.

Click to view the agenda

For more details visit https://cis-india.org/internet-governance/news/informational-privacy-in-india-an-emerging-discourse

Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009

jdine — 2013-07-06T01:51:58Z

Rules under section 69(2) of the Information Technology Act, 2008 (after the 2008 amendment).

G.S.R. 780 (E).— In exercise of the powers conferred by clause (y) of sub-section (2) of section 87, read with sub-section (2) of section 69 of the Information Technology Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,--

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in some manner and include both a direct communication and an indirect communication”;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means--

(i) the Secretary in the Ministry of Home Affairs, in case of the Central Government; or

(ii) the Secretary in charge of the Home Department, in case of a State Government or Union territory, as the case may be;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “decryption” means the process of conversion of information in non-intelligible form to an intelligible form via a mathematical formula, code, password or algorithm or a combination thereof;

(g) “decryption assistance” means any assistance to--

(i) allow access, to the extent possible, to encrypted information; or

(ii) facilitate conversion of encrypted information into an intelligible form;

(h) “decryption direction” means a direction issued under Rule (3) in which a decryption key holder is directed to--

(i) disclose a decryption key; or

(ii) provide decryption assistance in respect of encrypted information

(i) “decryption key” means any key, mathematical formula, code, password, algorithm or any other data which is used to--

(i) allow access to encrypted information; or

(ii) facilitate the conversion of encrypted information into an intelligible form;

(j) “decryption key holder” means any person who deploys the decryption mechanism and who is in possession of a decryption key for purposes of subsequent decryption of encrypted information relating to direct or indirect communications;

(k) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(l) “intercept” with its grammatical variations and cognate expressions, means the aural or other acquisition of the contents of any information through the use of any means, including an interception device, so as to make some or all of the contents of an information available to a person other than the sender or recipient or intended recipient of that communication, and includes--

(a) monitoring of any such information by means of a monitoring device;

(b) viewing, examination or inspection of the contents of any direct or indirect information; and

(c) diversion of any direct or indirect information from its intended destination to any other destination to any other destination;

(m) “interception device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to intercept any information; and any reference to an “interception device” includes, where applicable, a reference to a “monitoring device”;

(n) “intermediary” means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;

(o) “monitor” with its grammatical variations and cognate expressions, includes to view or to inspect or listen to or record information by means of a monitoring device;

(p) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or to inspect or listen to or record any information;

(q) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Direction for interception or monitoring or decryption of any information.— No person shall carry out the interception or monitoring or decryption of any information generated, transmitted, received or stored in any computer resource under sub-section (2) of section 69 of the Act, except by an order issued by the competent authority;

Provided that in an unavoidable circumstances, such order may be issued by an officer, not below the rank of Joint Secretary of the Government of India, who has been duly authorised by the competent authority;

Provided further that in a case of emergency--

(i) in remote areas, where obtaining of prior directions for interception or monitoring or decryption of information is not feasible; or

(ii) for operational reasons, where obtaining of prior directions for interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource is not feasible,

the interception or monitoring of decryption of any information generated, transmitted, received or stored in any computer resource may be carried out with the prior approval of the Head or the second senior most officer of the security and law enforcement agency (hereinafter referred to as the said security agency) at the Central level and the officer authorised in this behalf, not below the rank of the inspector General of Police or an officer of equivalent rank, at the State or Union territory level;

Provided also that the officer, who approved such interception or monitoring or decryption of information in case of emergency, shall inform in writing to the competent authority about the emergency and of such interception or monitoring or decryption within three working days and obtain the approval of the competent authority thereon within a period of seven working days and if the approval of competent authority is not obtained within the said period of seven working days, such interception or monitoring or decryption shall cease and the information shall not be intercepted or monitored or decrypted thereafter without the prior approval of the competent authority.

4. Authorisation of agency of Government.— The competent authority may authorise an agency of the Government to intercept, monitor or decrypt information generated, transmitted received or stored in any computer resource for the purpose specified in sub-section (1) of section 69 of the Act.

5. Issue of decryption direction by competent authority.— The competent authority may, under Rule (3), give any decryption direction to the decryption key holder for decryption of any information involving a computer resource or part thereof.

6. Interception or monitoring or decryption of information by a State beyond its jurisdiction.— Notwithstanding anything contained in Rule (3), if a State Government or Union territory Administration requires any interception or monitoring or decryption of information beyond its territorial jurisdiction, the Secretary in-charge of the Home Department in that State or Union territory, as the case may be, shall make a request to the Secretary in the Ministry of Home Affairs, Government of India for issuing direction to the appropriate authority for such interception or monitoring or decryption of information.

7. Contents for direction.— Any direction issued by the competent authority under Rule (3) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee within a period of seven working days.

8. Competent authority to consider alternative means in acquiring information.— The competent authority shall, before issuing any direction under Rule (3), consider possibility of acquiring the necessary information by other means and the direction under Rule (3) shall be issued only when it is not possible to acquire the information by any other reasonable means.

9. Direction of interception or monitoring or decryption of any specific information.— The direction of interception or monitoring or decryption of any information generation, transmitted, received or stored in any computer resource shall be of any information as is sent to or from any person or class of persons or relating to any particular subject whether such information or class of information are received with one or more computer resources, or being a computer resource likely to be used for the generation, transmission, receiving, storing of information from or to one particular person or one or many set of premises, as may be specified or described in the direction.

10. Direction to specify the name and designation of the officer to whom information to be disclosed.— Every directions under Rule (3) shall specify the name and designation of the officer of the authorised agency to whom the intercepted or monitored or decrypted or stored information shall be disclosed and also specify that the use of intercepted or monitored or decrypted information shall be subject to the provisions of sub-section (1) of section 69 of the said Act.

11. Period within which direction shall remain in force.— The direction for interception or monitoring or decryption shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of its issue and may be renewed from time to time for such period not exceeding the total period of one hundred and eighty days.

12. Authorised agency to designate nodal officer.— The agency authorised by the competent authority under Rule (4) shall designate one or more nodal officer, not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption to the designated officers of the concerned intermediaries or person in-charge of computer resource;

Provided that an officer, not below the rank of Inspector of Police or officer of equivalent rank, shall deliver the requisition to the designated officer of the intermediary.

13. Intermediary to provide facilities, etc.—

(1) The officer issuing the requisition conveying direction issued under Rule (3) for interception or monitoring or decryption of information shall also make a request in writing to the designated officers of intermediary or person in-charge of computer resources, to provide all facilities, co-operation and assistance for interception or monitoring or decryption mentioned in the directions.

(2) On the receipt of request under sub-rule (1), the designated officers of intermediary or person in-charge of computer resources, shall provide all facilitates, co-operation and assistance for interception or monitoring or decryption of information mentioned in the direction.

(3) Any direction of decryption of information issued under Rule (3) to intermediary shall be limited to the extent the information is encrypted by the intermediary or the intermediary has control over the decryption key.

14. Intermediary to designate officers to receive and handle.— Every intermediary or person in-charge of computer resource shall designate an officer to receive requisition, and another officer to handle such requisition, from the nodal officer for interception or monitoring or decryption of information generation, transmitted, received or stored in any computer resource.

15. Acknowledgement of instruction.— The designated officer of the intermediary or person in-charge of computer resources shall acknowledge the instructions received by him through letters or fax or e-mail signed with electronic signature to the nodal officer of the concerned agency within two hours on receipt of such intimation or direction for interception or monitoring or decryption of information.

16. Maintenance of records by designated officer.— The designated officer of intermediary or person in-charge of computer resource authorised to intercept or monitor or decrypt any information shall maintain proper records mentioning therein, the intercepted or monitored or decrypted information, the particulars of persons, computer resource, e-mail account, website address, etc. whose information has been intercepted or monitored or decrypted, the name and other particulars of the officer or the authority to whom the intercepted or monitored or decrypted information has been disclosed, the number of copies, including corresponding electronic records of the intercepted or monitored or decrypted information made and the mode of the method by which such copies, including corresponding electronic records are made, the date of destruction of the copies, including corresponding electronic record and the duration within which the directions remain in force.

17. Decryption key holder to disclose decryption key or provide decryption assistance.— If a decryption direction or a copy thereof is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer referred to in Rule (12), the decryption key holder shall within the period mentioned in the decryption direction--

(a) disclose the decryption key; or

(b) provide the decryption assistance,

specified in the decryption direction to the concerned authorised person.

18. Submission of the list of interception or monitoring or decryption of information.—
(1) The designated officers of the intermediary or person in-charge of computer resources shall forward in every fifteen days a list of interception or monitoring or decryption authorisations received by them during the preceding fortnight to the nodal officers of the agencies authorised under Rule (4) for confirmation of the authenticity of such authorisations.
(2) The list referred to in sub-rule (1) shall include details, such as the reference and date of orders of the concerned competent authority including any order issued under emergency cases, date and time of receipt of such order and the date and time of implementation of such order.

19. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or the person in-charge of the computer resource so directed under Rule (3), shall provide technical assistance and the equipment including hardware, software, firmware, storage, interface and access to the equipment wherever requested by the agency authorised under Rule (4) for performing interception or monitoring or decryption including for the purposes of--

(i) the installation of equipment of the agency authorised under Rule (4) for the purposes of interception or monitoring or decryption or accessing stored information in accordance with directions by the nodal officer; or

(ii) the maintenance, testing or use of such equipment; or

(iii) the removal of such equipment; or

(iv) the performance of any action required for accessing of stored information under the direction issued by the competent authority under Rule (3).

20. Intermediary to ensure effective check in handling matter of interception or monitoring or decryption of information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure the unauthorised interception of information does not take place and extreme secrecy is maintained and utmost care and precaution shall be taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary and no other person of the intermediary or person in-charge of computer resources shall have access to such intercepted or monitored or decrypted information.

21. Responsibility of intermediary.— The intermediary or person in-charge of computer resources shall be responsible for any action of their employees also and in case of violation pertaining to maintenance of secrecy and confidentiality of information or any unauthorised interception or monitoring or decryption of information, the intermediary or person in-charge of computer resources shall be liable for any action under the relevant provisions of the laws for the time being in force.

22. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its findings whether the directions issued under Rule (3) are in accordance with the provisions of sub-section (2) of section 69 of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issues order for destruction of the copies, including corresponding electronic record of the intercepted or monitored or decrypted information.

23. Destruction of records of interception or monitoring or decryption of information.—

(1) Every record, including electronic records pertaining to such directions for interception or monitoring or decryption of information and of intercepted or monitored or decrypted information shall be destroyed by the security agency in every six months except in a case where such information is required, or likely to be required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complain or legal proceedings, the intermediary or person in-charge of computer resources shall destroy records pertaining to directions for interception of information within a period of two months of discontinuance of the interception or monitoring or decryption of such information and in doing so they shall maintain extreme secrecy.

24. Prohibition of interception or monitoring or decryption of information without authorisation.—

(1) Any person who intentionally or knowingly, without authorisation under Rule (3) or Rule (4), intercepts or attempts to intercept, or authorises or assists any other person to intercept or attempts to intercept any information in the course of its occurrence or transmission at any place within India, shall be proceeded against and punished accordingly under the relevant provisions of the laws for the time being in force.

(2) Any interception, monitoring or decryption of information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely--

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iii) installation of any communication link or software either at the end of the intermediary or subscriber, or installation of user account on the computer resource of intermediary and testing of the same for its functionality;

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(vi) accessing or analysing information from a computer resource for the purpose of tracing a computer resource of any person who has contravened, or is suspected of having contravened or being likely to contravene, any provision of the Act that is likely to have an adverse impact on the services provided by the intermediary.

(3) The intermediary or the person in-charge of computer resource and its employees shall maintain strict secrecy and confidentiality of information while performing the actions specified under sub-rule (2).

25. Prohibition of disclosure of intercepted or monitored decrypted information.—

(1) The contents of intercepted or monitored or stored or decrypted information shall not be used or disclosed by intermediary or any of its employees or person in-charge of computer resource to any person other than the intended recipient of the said information under Rule (10).

(2) The contents of intercepted or monitored or decrypted information shall not be used or disclosed by the agency authorised under Rule (4) for any other purpose, except for investigation or sharing with other security agency for the purpose of investigation or in judicial proceedings before the competent court in India.

(3) Save as otherwise provided in sub-rule (2), the contents of intercepted or monitored or decrypted information shall not be disclosed or reported in public by any means, without the prior order of the competent court in India.

(4) Save as otherwise provided in sub-rule (2), strict confidentiality shall be maintained in respect of direction for interception, monitoring or decryption issued by concerned competent authority or the nodal officers.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguards-for-interception-monitoring-and-decryption-of-information-rules-2009

Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009

smita — 2012-11-21T09:32:36Z

G.S.R.781 (E).-- In exercise of the powers conferred by clause (z) of sub-section (2) of section 87, read with sub-section (2) of section 69A of the Information Technology Act 2000, (21 of 2000), the Central Government hereby makes the following rules, namely:

1. Short title and commencement.--
(1) These rules may be called the Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public) Rules, 2009.
(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.--
In these rules, unless the context otherwise requires,-
(a) "Act" means the Information Technology Act, 2000 (21 of 2000);
(b) "computer resource" means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;
(c) "Designated Officer" means an officer designated as Designated Officer under rule 3;
(d) "Form" means a form appended to these rules;
(e) "intermediary" means an intermediary as defined in clause (w) of sub-section (1) of section 2 of the Act;
(f) "nodal officer" means the nodal officer designated as such under rule 4;
(g) "organisation" means -
(i) Ministries or Departments of the Government of ;
(ii) state Governments and Union territories;
(iii) any agency of the Central Government, as may be notified in the Official Gazette, by the Central Government;
(h) "request" means the request for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource;
(i) "Review Committee" means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951.

3. Designated Officer.--
The Central Government shall designate by notification in Official Gazette, an officer of the Central Government not below the rank of a Joint Secretary, as the "Designated Officer", for the purpose of issuing direction for blocking for access by the public any information generated, transmitted, received, stored or hosted in any computer resource under sub-section (2) of section 69A of the Act.

4. Nodal officer of organisation.--
Every organisation for the purpose of these rules, shall designate one of its officer as the Nodal Officer and shall intimate the same to the Central Government in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India and also publish the name of the said Nodal Officer on their website.

5. Direction by Designated Officer.--
The Designated Officer may, on receipt of any request from the Nodal Officer of an organisation or a competent court, by order direct any Agency of the Government or intermediary to block for access by the public any information or part thereof generated, transmitted, received, stored or hosted in any computer resource for any of the reasons specified in sub-section (1) of section 69A of the Act.

6. Forwarding of request by organisation.--
(1) Any person may send their complaint to the Nodal Officer of the concerned organisation for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource:
Provided that any request, other than the one from the Nodal Officer of the organisation, shall be sent with the approval of the Chief Secretary of the concerned State or territory to the Designated Officer:
Provided further that in case a Union territory has no Chief Secretary, then, such request may be approved by the Adviser to the Administrator of that Union territory.
(2) The organisation shall examine the complaint received under sub-rule (1) to satisfy themselves about the need for taking of action in relation to the reasons enumerated in sub-section (1) of section 69A of the Act and after being satisfied, it shall send the request through its Nodal Officer to the Designated Officer in the format specified in the Form appended to these rules.
(3) The Designated Officer shall not entertain any complaint or request for blocking of information directly from any person.
(4) The request shall be in writing on the letter head of the respective organisation, complete in all respects and may be sent either by mail or by fax or by e-mail signed with electronic signature of the Nodal Officer:
Provided that in case the request is sent by fax or by e-mail which is not signed with electronic signature, the Nodal Officer shall provide a signed copy of the request so as to reach the Designated Officer within a period of three days of receipt of the request by such fax or e-mail.
(5) On receipt, each request shall be assigned a number alongwith the date and time of its receipt by the Designated Officer and he shall acknowledge the receipt thereof to the Nodal Officer within a period of twenty four hours of its receipt.

7. Committee for examination of request.--
The request alongwith the printed sample content of the alleged offending information or part thereof shall be examined by a committee consisting of the Designated Officer as its chairperson and representatives, not below the rank of Joint Secretary in Ministries of Law and Justice, Home Affairs, Information and Broadcasting and the Indian Computer Emergency Response Team appointed under sub-section (1) of section 70B of the Act.

8. Examination of request.--
(1) On receipt of request under rule 6, the Designated Officer shall make all reasonable efforts to identify the person or intermediary who has hosted the information or part thereof as well as the computer resource on which such information or part thereof is being hosted and where he is able to identify such person or intermediary and the computer resource hosting the information or part thereof which have been requested to be blocked for public access, he shall issue a notice by way of letters or fax or e-mail signed with electronic signatures to such person or intermediary in control of such computer resource to appear and submit their reply and clarifications, if any, before the committee referred to in rule 7, at a specified date and time, which shall not be less than forty-eight hours from the time of receipt of such notice by such person or intermediary.
(2) In case of non-appearance of such person or intermediary, who has been served with the notice under sub-rule (1), before the committee on such specified date and time, the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(3) In case, such a person or intermediary, who has been served with the notice under sub-rule (1), is a foreign entity or body corporate as identified by the Designated Officer, notice shall be sent by way of letters or fax or e-mail signed with electronic signatures to such foreign entity or body corporate and any such foreign entity or body corporate shall respond to such a notice within the time specified therein, failing which the committee shall give specific recommendation in writing with respect to the request received from the Nodal Officer, based on the information available with the committee.
(4) The committee referred to in rule 7 shall examine the request and printed sample information and consider whether the request is covered within the scope of sub-section (1) of section 69A of the Act and that it is justifiable to block such information or part thereof and shall give specific recommendation in writing with respect to the request received from the Nodal Officer.
(5) The designated Officer shall submit the recommendation of the committee, in respect of the request for blocking of information alongwith the details sent by the Nodal Officer, to the Secretary in the Department of Information Technology under the Ministry of Communications and Information Technology, Government of India (hereinafter referred to as the "Secretary, Department of Information Technology").
(6) The Designated Officer, on approval of the request by the Secretary, Department of Information Technology, shall direct any agency of the Government or the intermediary to block the offending information generated, transmitted, received, stored or hosted in their computer resource for public access within the time limit specified in the direction:
Provided that in case the request of the Nodal Officer is not approved by the Secretary, Department of Information Technology, the Designated Officer shall convey the same to such Nodal Officer.

9. Blocking of information in cases of emergency.--
(1) Notwithstanding anything contained in rules 7 and 8, the Designated Officer, in any case of emergency nature, for which no delay is acceptable, shall examine the request and printed sample information and consider whether the request is within the scope of sub-section (1) of section 69A of the Act and it is necessary or expedient and justifiable to block such information or part thereof and submit the request with specific recommendations in writing to Secretary, Department of Information Technology.
(2) In a case of emergency nature, the Secretary, Department of Information Technology may, if he is satisfied that it is necessary or expedient and justifiable for blocking for public access of any information or part thereof through any computer resource and after recording reasons in writing, as an interim measure issue such directions as he may consider necessary to such identified or identifiable persons or intermediary in control of such computer resource hosting such information or part thereof without giving him an opportunity of hearing.
(3) The Designated Officer, at the earliest but not later than forty-eight hours of issue of direction under sub-rule (2), shall bring the request before the committee referred to in rule 7 for its consideration and recommendation.
(4) On receipt of recommendations of committee, Secretary, Department of Information Technology, shall pass the final order as regard to approval of such request and in case the request for blocking is not approved by the Secretary, Department of Information Technology in his final order, the interim direction issued under sub-rule (2) shall be revoked and the person or intermediary in control of such information shall be accordingly directed to unblock the information for public access.

10. Process of order of court for blocking of information.--
In case of an order from a competent court in India for blocking of any information or part thereof generated, transmitted, received, stored or hosted in a computer resource, the Designated Officer shall, immediately on receipt of certified copy of the court order, submit it to the Secretary, Department of Information Technology and initiate action as directed by the court.

11. Expeditious disposal of request.--
The request received from the Nodal Officer shall be decided expeditiously which in no case shall be more than seven working days from the date of receipt of the request.

12. Action for non-compliance of direction by intermediary.--
In case the intermediary fails to comply with the direction issued to him under rule 9, the Designated Officer shall, with the prior approval of the Secretary, Department of Information Technology, initiate appropriate action as may be required to comply with the provisions of sub-section (3) of section 69A of the Act.

13. Intermediary to designate one person to receive and handle directions.--
(1) Every intermediary shall designate at feast one person to receive and handle the directions for blocking of access by the public any information generated, transmitted, received, stored or hosted in any computer resource under these rules.
(2) The designated person of the Intermediary shall acknowledge receipt of the directions to the Designated Officer within two hours on receipt of the direction through acknowledgement letter or fax or e-mail signed with electronic signature.

14. Meeting of Review Committee.--
The Review Committee shall meet at least once in two months and record its findings whether the directions issued under these rules are in accordance with the provisions of sub-section (1) of section 69A of the Act and if is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for unblocking of said information generated, transmitted, received, stored or hosted in a computer resource for public access.

15. Maintenance of records by Designated Officer.--
The Designated Officer shall maintain complete record of the request received and action taken thereof, in electronic database and also in register of the cases of blocking for public access of the information generated, transmitted, received, stored or hosted in a computer resource.

16. Requests and complaints to be confidential.--
Strict confidentiality shall be maintained regarding all the requests and complaints received and actions taken thereof.

FORM
[See rule 6(2)]
A. Complaint
1. Name of the complainant: --___________________________________________
(Person who has sent the complaint to the Govt./Nodal Officer)
2. Address :________________________________________________________
________________________________________________________________
City :______________________ Pin Code:______________
3. Telephone :______________ (prefix STD code) 4. Fax (if any):__________
5. (if any):_____________________________
6. Email (if any):_____________________________________________
B : Details of website/ computer resource/intermediary/ offending Information hosted on the website
(Please give details wherever known)
7. URL / web address :________________________________
8. IP Address :___________________________
9. Hyperlink:____________________________
10. Server/Proxy Server address :__________________________________
11. Name of the Intermediary :___________________________________
12. URL of the Intermediary :____________________________________
(Please attach screenshot/printout of the offending information)
13. Address or location of intermediary in case the intermediary is telecom service provider, network service provider, internet service provider, web-hosting service provider and cyber cafe or other form of intermediary for which information under points (7), (8), (9), (10), (11) and (12) are not available.
_______________________________________________________
_______________________________________________________
_______________________________________________________
C. Details of Request for blocking
14. Recommendation/Comments of the Ministry/State Govt :______________________
________________________________________________________________________
________________________________________________________________________
15. The level at which the comments/ recommendation have been approved
(Please specify designation):__________________________________________
16. Have the complaint been examined in Ministry/State Government: Y/N
17. If yes, under which of the following reasons it falls (please tick):
(i) Interest of sovereignty or integrity of
(ii) Defence of
(iii) Security of the State
(iv) Friendly relations with foreign States
(v) Public order
(vi) For preventing incitement to the commission of any cognisable offence relating to above
D. Details of the Nodal Officer forwarding the complaint alongwith recommendation of the Ministry/State Govt. and related enclosures
18. Name of the Nodal Officer:_____________________________________________
19. Designation :___________________________________________________
20. organisation :________________________________________________________
21. Address : ______________________________________________________
City :______________________ Pin Code:______________
22. Telephone:________________(prefix STD code) 23. Fax (if any):____________
24. (if any):_____________________________
25. Email (if any):_____________________________________________
E. Any other information :
F. Enclosures :

1.
2.
3
Date: Place: Signature

For more details visit https://cis-india.org/internet-governance/resources/information-technology-procedure-and-safeguards-for-blocking-for-access-of-information-by-public-rules-2009

Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009

jdine — 2013-04-25T04:49:05Z

Draft Rules under section 69B of the Information Technology (Amendment) Act, 2008 as notified by the Central Government.

G.S.R. 782 (E).— In exercise of the power conferred y clause (za) of sub-section (2) of section 87, read with sub-section (3) of section 69B of the Information Technology Act 2000 (21 of 2000), the Central Government hereby makes the following rules, namely:—

1. Short title and commencement.—

(1) These rules may be called the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009.

(2) They shall come into force on the date of their publication in the Official Gazette.

2. Definitions.— In these rules, unless the context otherwise requires,—

(a) “Act” means the Information Technology Act, 2000 (21 of 2000);

(b) “communication” means dissemination, transmission, carriage of information or signal in come manner and include both a direct communication and an indirect communication;

(c) “communication link” means the use of satellite, microwave, radio, terrestrial line, wire, wireless or any other communication media to inter-connect computer resource;

(d) “competent authority” means the Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology;

(e) “computer resource” means computer resource as defined in clause (k) of sub-section (1) of section 2 of the Act;

(f) “cyber security incident” means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service/disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation;

(g) “cyber security breaches” means unauthorised acquisition or unauthorised use by a person of data or information that compromises the confidentiality, integrity or availability of information maintained in a computer resource;

(h) “information” means information as defined in clause (v) of sub-section (1) of section 2 of the Act;

(i) “information security practices” means implementation of security policies and standards in order to minimize the cyber security incidents and breaches;

(j) “intermediary” means an intermediary as defined by clause (w) of sub-section (1) of section 2 of the Act;

(k) “monitor” with its grammatical variations and cognate expressions, includes to view or inspect or to record or collect traffic data or information generated, transmitted, received or stored in a computer resource by means of a monitoring device;

(l) “monitoring device” means any electronic, mechanical, electro-mechanical, electro-magnetic, optical or other instrument, device, equipment or apparatus which is used or can be used, whether by itself or in combination with any other instrument, device, equipment or apparatus, to view or inspect or record or collect traffic data or information;

(m) “port” or “application port” means a set of software rules which identifies and permits communication between application to application, network to network, computer to computer, computer system to computer system;

(n) “Review Committee” means the Review Committee constituted under rule 419A of Indian Telegraph Rules, 1951;

(o) “security policy” means documented business rules and processes for protecting information and the computer resource;

(p) “traffic data” means traffic data as defined in Explanation (ii) to section 69B of the Act.

3. Directions for monitoring.—

(1) No directions for monitoring and collection of traffic data or information under sub-section (3) of section 69B of the Act shall be issued, except by an order made by the competent authority.

(2) The competent authority may issue directions for monitoring for any or all of the following purposes related to cyber security, namely:-

(a) forecasting of imminent cyber incidents;

(b) monitoring network application with traffic data or information on computer resource;

(d) tracking cyber security breaches or cyber security incidents;

(e) tracking computer resource breaching cyber security or spreading virus or computer contaminants;

(f) identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security;

(g) undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resources;

(h) accessing a stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force;

(i) any other matter relating to cyber security.

(3) Any direction issued by the competent authority under sub-rule (2) shall contain reasons for such direction and a copy of such direction shall be forwarded to the Review Committee withing a period of seven working days.

(4) The direction of the competent authority for monitoring and collection of traffic data or information may include the monitoring and collection of traffic data or information from any person or class of persons or relating to any particular subject whether such traffic data or information, or class of traffic data of information, are received with one or more computer resources, being a computer resource likely to be used for generation, transmission, receiving, storing of traffic data or information from or to one particular person or one or many set of premises.

4. Authorised agency of government for monitoring and collection of traffic data or information.—

(1) The competent authority may authorise any agency of the government for monitoring and collection of traffic data or information generated, transmitted, received or stored in any computer resource.

(2) The agency authorised by the competent authority under sub-rule (1) shall designated one or more nodal officer, not below the rank of Deputy Secretary to the Government of India, for the purpose to authenticate and send the requisition conveying direction issued under rule 3 to the designated officers of the concerned intermediary or person in-charge of computer resources.

(3) The requisition under sub-rule (2) shall specify the name and designation of the officer or the agency to whom the monitored or collected traffic data or information is to be disclosed.

(4) The intermediaries or person in-charge of computer resource shall designate one or more officers to receive requisition and to handle such requisition from the nodal officer for monitoring or collection of traffic data or information.

(5) The requisition conveying directions for monitoring shall be conveyed to the designated officers of the intermediary or person in-charge of computer resources, in writing through letter or fax by the nodal officer or delivered, (including delivery by email signed with electronic signature), by an officer not below the rank of Under Secretary or officer of the equivalent rank.

(6) The nodal officer issuing the requisition conveying directions for monitoring under sub=rule (2) shall also make a request in writing to the designated officer of intermediary or person in-charge of computer resource for monitoring in accordance with the format indicated in such requisition and report the same to the officer designated under sub-rule (3).

(7) The nodal officer shall also make a request to the officer of intermediary or person in-charge of computer resource designated under sub-rule (4) to extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access or to secure and provide online access to the computer resource for monitoring and collecting traffic data or information.

(8) On receipt of requisition under sub-rule (2) conveying the direction issued under sub-rule (2) of rule 3 the designated officer of the intermediary or person in-charge of computer resource designated under sub-rule (4) shall acknowledge the receipt of requisition by way of letter or fax or electronically signed e-mail to the nodal officer within a period of two hours from the time of receipt of such requisition.

(9) The officer of the intermediary or person in-charge of computer resource designed under sub-rule (4) shall maintain proper records of the requisitions received by him.

(10) The designated officer of the intermediary or person in-charge of computer resource shall forward in every fifteen days a list of requisition conveying direction for monitoring or collection of traffic data or information to the nodal officer which shall include details such as the reference and date of requisition conveying direction of the concerned competent authority.

5. Intermediary to ensure effective check in handling monitoring or collection of traffic data or information.— The intermediary or person in-charge of computer resources shall put in place adequate and effective internal checks to ensure that unauthorised monitoring or collection of traffic data or information does not take place and extreme secrecy is maintained and utmost care and precaution is taken in the matter of monitoring or collection of traffic data or information as it affects privacy of citizens and also that this matter is handled only by the designated officer of the intermediary or person in-charge of computer resource.

6. Responsibility of intermediary.— The intermediary or person in-charge of computer resource shall be responsible for the actions of their employees also, and in case of violation of the provision of the Act and rules made thereunder pertaining to maintenance of secrecy and confidentiality of information or any unauthorised monitoring or collection of traffic data or information, the intermediary or person in-charge of computer resource shall be liable for any action under the relevant provision of the laws for the time being in force.

7. Review of directions of competent authority.— The Review Committee shall meet at least once in two months and record its finding whether the directions issued under sub-rule (2) of rule 3 are in accordance with the provisions of sub-section (3) of section 69B of the Act and where the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above, it may set aside the directions and issue order for destruction of the copies, including corresponding electronic record of the monitored or collected traffic data or information.

8. Destruction of records.—

(1) Every record, including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed by the designated officer after the expiry of a period of nine months from the receipt of direction or creation of record, whichever is later, except in a case where the traffic data or information is, or likely to be, required for functional requirements.

(2) Save as otherwise required for the purpose of any ongoing investigation, criminal complaint or legal proceedings the intermediary or the person in-charge of computer resource shall destroy records pertaining to directions for monitoring or collection of information within a period of six months of discontinuance of the monitoring or collection of traffic data and in doing so they shall maintain extreme secrecy.

9. Prohibition of monitoring or collection of traffic data or information without authorisation.—

(1) Any person who, intentionally or knowingly, without authorisation under sub-rule (2) of rule 3 or sub-rule (1) of rule 4, monitors or collects traffic data or information, or attempts to monitor or collect traffic data or information, or authorises or assists any person to monitor or collect traffic data or information in the course of its occurrence or transmission at any place within India, shall be proceeded against, punished accordingly under the relevant provisions of the law for the time being in force.

(2) the monitoring or collection of traffic data or information in computer resource by the employee of an intermediary or person in-charge of computer resource or a person duly authorised by the intermediary, may be undertaken in course of his duty relating to the services provided by that intermediary, if such activities are reasonably necessary for the discharge his duties as per the prevailing industry practices, in connection with the following matters, namely:—

(i) installation of computer resource or any equipment to be used with computer resource; or

(ii) operation or maintenance of computer resource; or

(iv) accessing stored information from computer resource relating to the installation, connection or maintenance of equipment, computer resource or a communication link or code; or

(v) accessing stored information from computer resource for the purpose of--

(a) implementing information security practices in the computer resource;

(b) determining any security breaches, computer contaminant or computer virus;

(4) The details of monitored or collected traffic data or information shall not be used or disclosed by intermediary or person in-charge of computer resource or any of its employees to any person other than the intended recipient of the said information under sub-rule (2) of rule 4. Any intermediary or its employees of person in-charge of computer resource who contravenes the provisions of this rule shall be proceeded against and punished accordingly under the relevant provisions of the Act or any other law for the time being in force.

10. Prohibition of disclosure of traffic data or information by authorised agency.— The details of monitored or collected traffic data or information shall not be used or disclosed by the agency authorised under sub-rule (1) of rule 4 for any other purpose, except for forecasting imminent cyber threats or general trend of port-wise traffic on Internet, or general analysis of cyber incidents, or for investigation or in judicial proceedings before the competent court in India.

11. Maintenance of confidentiality.— Save as otherwise provided in rule 10, strict confidentiality shall be maintained in respect of directions for monitoring or collection of traffic data or information issued by the competent authority under these rules.

For more details visit https://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

Information Security Summit 2010

praskrishna — 2011-04-02T06:33:18Z

The Information Security Summit 2010 will be held between 2-3 December 2010 in Chennai. The following is the agenda for the event.

Day 1		2-Dec-10
TIME	SESSION	AGENDA
9:30am to 10:30am	Inaugural Session	Summit Theme Dr. Kamlesh Bajaj, CEO, DSCI Welcome Address Mr. Som Mittal, President, NASSCOM Keynote Address Mr. Jeffrey Carr, Principal, GreyLogic, United States
10:30am to 11:15am	Plenary Session	Encryption – No more a paradox Secure Business Transaction v/s National security Role of Policy Makers Session Chair Dr. P.K. Saxena, Director – SAG, DRDO Panelists Mr. Hitesh Barot, Director, Intel Dr. Kamlesh Bajaj, CEO, DSCI Dr. Sachin Lodha, TCS Mr. Ashutosh Saxena, Principal Research Scientist, SETLabs, Infosys
11:15am to 11:30am		Tea/Coffee Break
11:30am to 11:50am	Session I A	Securing Data & Systems with Trusted Computing Now and in the Future Mr. Brian Berger, TCG Promoter Board Member, Executive Vice President Marketing & Sales, Wave Systems Corp.
11:50am to 12:10pm	Session I B	Take Control of Identities & Data Loss Mr. Vipul Kumra, Consultant, CA Technologies
12:10pm to 12:30pm	Session I C	Security and the Cloud Ms. Smitha Murthy, Head of Product Management, McAfee India
12:30pm to 1:15pm	Session II	DSCI Data-Centric Approach: Information Visibility Moderator Ms. Nandita Mahajan, CISO &CPO, India & South-Asia, IBM & IBM Daksh Presentation Mr. Vinayak Godse, Director – Data Protection, DSCI Panelists Mr. Pradeep Verma, CISO, FirstSource Solutions Mr. Bhaskar Parashuram, Head – Information Security CoreLogic Mr. Agnelo D’souza, CISO, Kotak Mahindra Bank
1:15pm to 2:15pm		Networking Lunch
2:15pm to 2:30pm	Session III	DSCI – KPMG Annual Security Survey 2010 Mr. Akhilesh Tuteja, Executive Director, KPMG
2:30pm to 3:15pm	Session IV	Leveraging Cloud to deliver Security Services Session Chair Mr. Felix Mohan, CSO, Bharti Group Panelists Mr. Geoff Charron, VP Software Engineering, CA Technologies Mr. Prashant Gupta, Head of Solutions – India, Verizon Business Ms. Smitha Murthy, Head of Product Management, McAfee India
3:15pm to 4:00pm	Session V	Security 3.0 – Embedding Security in Design – Trusted Computing, Trusted Environment Session Chair Mr. P.S. Venkat Subramanyan, Head – Data Protection & Privacy, CSC India Panelists Mr. Mark Schiller, TCG Promoter Board Member, Director of HP Security Technology, Hewlett Packard Corp. Mr. Sanjay Bahl, CSO, Microsoft India Mr. Avinash Kadam, Lead Instructor, (ISC)2 and Director, MIEL e-Security Mr. Chris Leach, CISO, ACS Inc
4:00pm to 4:45pm	Session VI	Securing Business Transactions Session Chair Mr. B. Sambamurthy, Director, IDRBT Panelists Ms. Smitha Murthy, Head of Product Management, McAfee India Mr. Shankara Narayanan, Head – Professional Services, Verizon Business Mr. Kartik Shahani, Country Manager – India and SAARC, RSA
4:45pm to 5:00pm		Tea/Coffee Break
5:00pm to 6:00pm	Session VII	DSCI Study Reports Session Chair Mr. B J Srinath, DIT Presentations Theme Introduction – Rahul Jain, Sr. Consultant, DSCI Insider Threats – Sivarama K, Executive Director, PwC Service Provider Assessment Framework – Terry Thomas, Partner, E&Y Reasonable Security Practices – PVS Murthy, Global Head IRM Consulting Practice, TCS Security and Privacy Issues in Cloud Computing – Sai Lakshmi, General Manager, Information Security, Wipro
:30pm onwards		Networking Cocktail and Dinner
DAY 2		3-Dec-10
TIME	SESSION	AGENDA
9:30am to 10:30am	Session I	Economics of Security – ‘Business Flexibility’ and ‘Security & Investment’ in the wake of Cyber crime and expanding compliance regimes Session Chair Mr. Brian J. Manning, President and Managing Director, CSC India Panelists Mr. Laxmikanth Venkatraman, Head – India Operations, Broadridge Financial Solutions Mr. Kumar Rao, Global Head, Cards & Payments Practice, Tata Consultancy Services Prof. Anjali Kaushik, MDI Gurgaon
0:30am to 11:15am	Session II	Panel Discussion – DSCI Best Practices Advisory Group Session Chair Dr. Kamlesh Bajaj, CEO, DSCI Panelists Mr. B.J. Srinath, DIT Ms. Nandita Jain Mahajan, IBM Mr. Abhay Gupte, Deloitte Mr. Anurana Saluja, Infosys Mr. Rahul Biswari, HP Mr. Chalam Peddada, Fidelity
11:15am to 11:30am		Tea/Coffee Break
11:30am to 12:15pm	Session III	Evolution of Privacy in India – ITAA, UIDAI, Privacy Laws, Global Regulations Session Co-chairs Dr. Gulshan Rai, Director General, CERT-In Mr. Rajeev Kapoor, Joint Secretary, DoPT, Govt. of India Speakers Mr. Hitesh Barot, Director – Global Public Policy, Intel Corporation Mr. Sunil Abraham, Executive Director, Centre for Internet and Society Mr. Vakul Sharma, Advocate, Supreme Court of India Mr. Vikram Asnani, Sr. Consultant – Security Practices, DSCI
12:15pm to 12:30pm	Session IV	Deloitte’s India Security Survey Mr. Sundeep Nehra, Sr. Director, Deloitte
12:30pm to 1:30pm	Session V	Technology Challenges To Fight Data Breaches and Cyber Crimes: Collaboration through Public Private Partnerships – The Way Forward Moderator Mr. Pratap Reddy, Director, Cyber Security, NASSCOM Principal Speaker Mr. Michael West, Member of the Board, NCFTA (National Cyber-Forensics Training and Alliance), USA and Strategic Technology Investigator, Fidelity Investments Panelists Mr. Krishna Sastry Pendyala, Cyber Forensics Expert at GEQD, Central Forensics Sciences Laboratory, MHA, Government of India Dr. Srinivas Mukkamala, Sr. Research Scientist Institute for Complex Additive Systems Analysis (ICASA) Adjunct Faculty New Mexico Tech., USA and Advisor Cyber Security Works Pvt. Ltd. Mr. Anil Kona, Specialist and Sr. Manager, Analytics and Forensics Technologies, Deloitte Mr. Samir Datt, Founder CEO, Foundation Futuristic Technologies
1:30pm to 2:30pm		Networking Lunch
2:30pm to 3:15pm	Session VI	Security Technologies in Focus Session Chair Mr. Srikant Vissamsetti, Vice President – Network Security, McAfee India Panelists Mr. Prashant Gupta, Head of Solutions – India, Verizon Business Mr. Kartik Shahani, Country Manager – India and SAARC, RSA Ms. Rashmi Chandrashekar, Vice President, Accenture India
3:15pm to 4:00pm	Session VII	Making their Presence felt in the Security Market: Indian Vendors Session Chair Dr. Gulshan Rai, Director General – Cert-In, DIT Panelists Mr. Prakash Baskaran, CEO, Pawaa Software Mr. Ajay Data, CEO, Data Infosys Ltd Mr. Arnab Chattopadhyay, VP Technology, iViz Technosolutions Mr. Tushar Sighat, Vice President, Cyberoam – India and SAARC, Elitecore Technologies
4:00pm to 4:15pm		Tea/Coffee Break
4:15pm to 5:00pm	Session VIII	E-Security Strategy for the next 5 years – The Way Forward Session Chair Prof. N. Balakrishnan, Chairman, DSCI Panelists Dr. Gulshan Rai, Director General, CERT-In, DIT Mr. Kumar Ranganathan, Principal Engineer and Manager, Intel Labs Mr. Sanjay Bahl, CSO, Microsoft India Mr. Y.D. Wadaskar, Managing Director, WYSE Biometrics Systems Dr. Kamlesh Bajaj, CEO, DSCI
5:00pm to 5:15pm		Closing Remarks by DSCI

See the original here

For more details visit https://cis-india.org/news/security-summit

Information security policy on govt agenda

praskrishna — 2012-11-08T06:18:28Z

As an increasing quantity of sensitive information is transmitted through electronic channels, the government is considering putting in place an internal information security policy to reduce the risk of leaks and counter possible cyber attacks, said three government officials involved in discussions on the proposal.

Surabhi Agarwal's article was published in LiveMint on November 6, 2012. Sunil Abraham is quoted.

The policy will include new guidelines on top of the standards set out by the Official Secrets Act, 1923, and mandate safeguards for each category of information on how it should be transmitted, stored and preserved. The categories are “top secret”, “secret”, “confidential”, “restricted” and “official use only”.

Experts argue that given the easy portability of such information and its vulnerability to hackers, the policy should have been in place much sooner.

The Official Secrets Act seeks to protect sensitive information including official communications, sketch plans, documents and other information pertaining to government functioning. Gaining wrongful access to information deemed to be an official secret or unauthorized use of such information are regarded as offences.

Given that the law was enacted almost a quarter century before independence, it had no provisions to deal with electronic transmission of such information made possible by technological advances in subsequent decades, said cyber expert Pawan Duggal.

One of the three government officials cited above said the aim of the proposed internal information security policy is to protect classified information that’s transmitted electronically much as it is done currently in the paper format.

"As more information is getting transmitted in the electronic format, we have to put in place procedures, guidelines, policies and standards for protecting that information in the electronic format," the official said.

From the newsroom: Securing government information	The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said. A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers. Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

From the newsroom: Securing government information

The discussions, being anchored by the home ministry, have been under way for some time and the policy should be finalized in the “next few months”, the official said.

A second official said the policy will lay down the dos and don’ts for government officers on how information has to be transmitted, stored and preserved in the electronic format. “In case of a breach, the investigation agencies can then look into whether the requisite safeguards were followed or not,” the official said. The proposal follows a rash of attacks on government computer systems that exposed their vulnerability to hackers.

Former minister of state for communications and information technology Sachin Pilot told Parliament recently that between December 2011 and February 2012, a total of 112 government websites had been hacked.

A third government official, who also didn’t want to be identified, said that every government official would have to follow standard procedures in electronic transmission of information.

“The moment one’s computer is connected to the Internet, it is part of a global network, so attackers in the cyber space know which information can be stolen from where if the necessary deterrents are not in place,” the official said.

Sensitive information such as tax matters and intellectual property issues are part of the information that’s transmitted electronically by government offices, which if leaked can have market implications as well as an impact on governance, experts said.

“The government leaks like a sieve,” said B.G. Verghese, a visiting professor at New Delhi-based Centre for Policy Research.

“This is a step and they are trying to lay some ground rules to regulate a process that fits in with concepts of law, good governance, Constitution, privacy and prevents any wrongdoing,” Verghese said.

The proposed policy, when put in place, will be a step forward so long as it does not dilute the powers available to citizens under the Right to Information Act, said Sunil Abraham, executive director of Bangalore-based research organization Centre for Internet and Society.

Currently there are several concerns centred on electronic transmission, including questions about who is responsible for information, especially its unauthorized use. “This could help establish an audit trail,” Abraham said.

The first government official quoted above stressed that although cyber security and information security cut across each other, the two concepts are different.

“Cyber (security) is basically about devices and networks, whereas information security is very particularly about the information which travels on the net,” this official said. Reinforced cyber security will be an additional benefit once the information security policy comes into force, he said.

For more details visit https://cis-india.org/news/live-mint-politics-surabhi-agarwal-nov-6-2012-information-security-policy-on-govt-agenda

Information is Beautiful hacks in India with David Cameron

praskrishna — 2011-04-02T10:22:51Z

The Prime Minister took some of the UK's top hackers and data experts with him to India this week. David McCandless was with them.

This week, I was lucky enough to accompany UK Prime Minister's delegation to India.

I was part of a small contingent of politically active programmers and civic-minded dataheads out to explore links between tech, transparency and community-based democracy in India. The raw stuff of David Cameron's 'Big Society' initiative.

(To the businessmen, journos and politicos in the delegation, we were known simply as "The Hackers" - an image we played up by sometimes rebelliously removing our ties)

The key event of the trip was a hackday hosted by Google India in the southern central city of Bangalore.

I have to confess a slight colonial attitude going into the meet. Thinking of the UK as a great hacking nation and leading data port, I was expecting to be helping the collected Indian IT professionals and activists improve their skills and give them fresh ideas on how to bootstrap their democracy.

However, our Indian counterparts very quickly astonished us with brilliant and powerful data projects and grass roots hacks using simple tools and technologies to solve everyday civic issues. Some of which I wanted to exhibit here.

Bus Map Hack

Information designer Arun Ganesh was frustrated by the bus maps in his native Chennai.

Chennai's bus map goes from this…

The official map was incomplete and incomprehensible - and had been 'under construction' for six years.

Passionate about maps and geo-mapping, Arun took it upon himself to design a new map to help the enormous number of people (Chennai has a population of over 4 million) who used the buses every day. Unfortunately, he faced a major challenge: over 5,000 separate buses & bus routes.

… to this

So he turned to crowd-sourcing on the web to gather data on all the routes. Local travellers poured timetables and bus details into his app. And in just 3 days he had compiled enough data to create a fresh map with a clean comprehensible design. And an accompanying interactive app BusRoutes.in for painless route planning.

Then he went further. Using the data - and a fair walking distance of 500 metres - he visualised the areas covered by all the bus routes. The resulting heatmap instantly and cleverly reveals which areas of the city are poorly served by the bus network.

Karnataka Learning Partnership

Education is a big issue in India, where close to 35% of the population are illiterate. The Karnataka Learning Partnership works to improve government schools in Karnataka region by running literacy, maths and library-use programs across the southern Indian state.

Karnataka schools monitored

Mashing Googlemaps and their detailed data through a web interface, the Akshara Foundation provides a dynamic monitoring and look up service for the quality of schools in each area. It's not unlike the recently launched SchooloScope here in the UK.

(Please note: the site is in beta and not live yet. You can see their work at blog.klp.org.in.)

National Election Watch

Using information liberated by the 2006 Right to Information Act in India, Nationalelectionwatch.org tracks the backgrounds of every single politician in India. An incredible feat given the enormity and intricacies of Indian democracy.

Over 1200 NGOs work to collect data from affidavits filed by the candidates on their financial, criminal and educational background. The myneta.info website acts as an instant power check on a system unfortunately tainted by widespread corruption and bribery.

The crime-o-meter

Pages on particularly criminal MPs feature a 'crime dial' visualisation to get the message across.

Missed Calls

Despite a thriving tech-sector, India still has relatively low internet uptake. Just 0.05% of the 1.2 billion population are active internet users. Compared to around 40% in the UK and 29% in China.

But nearly half the population own mobile phones. So SMS and missed calls have become a dominant form of free information exchange, especially when ingeniously hacked together.

In a typical hacked service, information providers set up phone numbers. Information seekers phone the number and then immediately hang up, registering a 'missed call'. The information provider then sends them an SMS with the info they might be seeking. Carpenter jobs or internet cafes in the locality, for example.

Ironically, lax privacy protection - by our standards - in the country actually improves this service. While banned here, triangulation of mobile signals to determine the location of a call is freely permitted in India. So services are able to text back localised information. All for free.

Hacktastic!

Thanks to Harry Metcalfe at TellThemWhatYouThink.Org, Tim Green from DemocracyClub.org.uk, Edmund von der Burg at YourNextMp.com, and Pranesh Prakash at the Centre for Internet and Society for their help and input.

Read the original in the Guardian

For more details visit https://cis-india.org/news/information-beautiful

Information Influx Conference

praskrishna — 2014-07-28T06:31:40Z

Malavika Jayaram was a speaker at the event organized by the Institute for Information Law, University of Amsterdam from July 2 to 4, 2014.

Click to read the full details here.

When IViR set up its research 25 years ago, the digital transition was just starting to gather speed. Since then, our societies have been undergoing enormous changes in the modes of expression, organization and (re)use of information. Traditional roles of producers, intermediaries, users and governments blur and are recast. Information is the central building block of market economies. New ways of creating, disseminating and using it impact the workings of democracy, of science and education, creativity and culture.

Information Influx will bridge disciplines, regions and institutional perspectives to confront the major challenges of developing the rules that govern the expression, organization and re(use) of information in our society – as the central aspects of IViR’s Research Programme.

Wednesday 2 July

13.00 – 16.30

Information Influx Young Scholars Competition:

13.00 – 15.00

Welcome by Prof. Mireille van Eechoud & Dr. L. Guibault

Catherine Doldirina (Joint Research Centre EC) – Open data and Earth observations: the case of opening access to and use of EO through the Global Earth Observation System of Systems
Comments by Prof. Mark Perry

Jenny Metzdorf (University of Luxembourg) – The implementation of the Audiovisual Media Services Directive by national regulatory authorities – National reponses to regulatory challenges
Comments by Dr. Tarlach McGonagle

Harry Halpin (MIT/W3C) – No Safe Haven: The Storage of Data Secrets
Comments by Dr. Philippe Aigrain

15.00 – 15.15
Refreshments break

15.15 – 16.30

Ellen Wauters (ICRI – University of Leuven) – Social Networking Sites’ Terms of Use: addressing imbalances in the user-provider relationship through ex ante and ex post mechanisms
Comments by Dr. Chantal Mak

Nicolo Zingales (Tilburg University) – Virtues and perils of anonymity: should intermediaries bear the burden?
Comments by Prof. Joel Reidenberg

Closing remarks

17.00 – 18.30

Information Influx public opening:

Welcome Louise Gunning-Schepers (University of Amsterdam), Edgar du Perron (University of Amsterdam) and Bernt Hugenholtz (Institute for Information Law)
Keynote – Degrees of Freedom: Sketches of a political theory for an age of deep uncertainty and persistent imperfection – prof. Yochai Benkler (Harvard Law School)
Young Scholars Award ceremony
Speech by Neelie Kroes (Vice-President of the European Commission) – Our Single Market is Crying out for Copyright Reform!

19.00 – 22.00

IViR 25th birthday soirée – by invitation

Thursday 3 July

9.00 – 10.00

Keynote – Governance, Function and Form – prof. Deirdre Mulligan (University of California, Berkeley)

As data and technology to wield it become pervasive, privacy protection must take new forms. Traditional models of governance centered on state actors, and human oversight do not scale to today’s challenges. Drawing from several research projects Mulligan suggests that focusing on roles and functions, rather than traditional forms and actors, can assist us in leveraging the potential of a range of human and technical actors towards privacy’s protection.

10.30 – 12.30

Parallel sessions:

12.30 – 13.45

Lunch

13.45 – 14.30

Julian Oliver & Danja Vasiliev

14.30 – 16.30

Parallel sessions:

17.00 – 18.00

Keynote – Copyright as Innovation Policy – Fred von Lohmann (Google)

Copyright has historically been concerned with encouraging commercial cultural production. Thanks to digital technology, however, copyright law today finds itself called upon to take on additional unfamiliar roles, including fostering technological innovation and encouraging amateur creative expression. The talk will suggest some ways that copyright can successfully grow into these new roles.

19.00 – 22.00

Conference Dinner

Friday 4 July

9.00 – 10.00

Keynote – Datafication, dataism and dataveillance – prof. José van Dijck (University of Amsterdam)

The popularization of datafication as a neutral paradigm is carried by a widespread belief and supported by institutional guardians of trust. That notion of trust becomes problematic when it leads to dataveillance by a number of institutions that handle people’s (meta)data. The interlocking of government, business, and academia in the adaptation of this ideology (“dataism”) prompts us to look more critically at the entire ecosystem of connective media.

10.30 – 12.30
Parallel sessions:

12.30 – 14.00

Buffet Lunch, plus: Brown bag lunch with Rob Frieden – Net Neutrality: One step beyond

14.00 – 15.00

Keynote – Intellectual Property: Two Pasts and A Future – prof. James Boyle (Duke Law School)

Twenty years from now, will our children look up from their digital devices and ask “Daddy, did anyone ever own a book”? In his keynote speech, James Boyle will trace the past lives of intellectual property, the battles fought, the technologies regulated. Can we find hints of the future in the battles of our past? Boyle’s answer is yes, and that answer should give us pause.

15.30 – 17.30

Parallel sessions:

17.30 – 18.30

Farewell drinks

Parallel sessions

Rights in the mix

Among amateur and professional creators alike there is a manifest need to not only share but also remix existing works. The panel discusses how adequately open content licensing systems support these needs. It also looks to how well this licensing system fits in the wider legal framework.

prof. Séverine Dusollier (University of Namur) (moderator)
Paul Keller (Kennisland)
prof. Daniel Gervais (Vanderbilt Law School)
prof. Volker Grassmuck (Lüneburg University)

Behavioural targeting – If you cannot control it, ban it?

The discussion about the potential pitfalls of behavioural targeting practices and the problems it may create for users and user rights continues in full force. The growing evidence of the ineffectiveness of the existing informed-consent-approach to regulation can no longer be ignored. Is it time for the regulator to move to more drastic means and ban certain behavioural targeting practices, and if so, which practices?

prof. Chris Hoofnagle (University of California, Berkeley) (moderator)
prof. Neil Richards (Washington University)
Frederik Borgesius (Institute for Information Law)
prof. Joseph Turow (University of Pennsylvania)
prof. Mireille Hildebrandt (University of Nijmegen)
dr. Tal Zarsky (University of Haifa)

Tomorrow’s news: bright, mutualized and open?

As public debate becomes more diversified, crowded, interactive, noisy and technology-dependent than ever before, what survival strategies are being devised for the news as we know it? Are existing expressive and communicative rights, and related duties and responsibilities, fit-for-purpose in increasingly digitized and networked democratic societies? Will tomorrow’s news still be worth tuning into?

dr. Tarlach McGonagle (Institute for Information Law) (moderator)
dr. Susanne Nikoltchev (European Audiovisual Observatory)
Aidan White (Ethical Journalism Network)
dr. Luís Santos (University of Minho)
dr. Eugenia Siapera (Dublin City University)
Gillian Phillips (The Guardian)

Filtering away infringement: copyright, injunctions and the role of ISPs

Can technology solve the problem of intermediary liability for online copyright infringement? If so, should technology be allowed to determine law? This panel shall focus on the issue of injunctions imposed on online intermediaries to force them to adopt measures that filter or block copyright infringements by third parties on their websites.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Dirk Visser (University of Leiden)
Remy Chavannes (Brinkhof)
Fred von Lohmann (Google)
Sir Richard Arnold (High Court UK)
prof. Niva Elkin-Koren (University of Haifa)
prof. Reto Hilty (Max Planck Institute)

Mass-digitization and the conundrum of online access

Cultural heritage institutions face difficulties providing online access to digitized materials in their collections. This session examines a number of pressing issues, taking a trans-Atlantic perspective. When does digitization in public-private partnerships pose a threat to access to public domain materials? What ways are there to manage rights clearance of copyrighted materials and deal with territoriality?

prof. Martin Senftleben (VU University Amsterdam) (moderator)
prof. Pamela Samuelson (University of California, Berkeley)
dr. Elisabeth Niggemann (Deutsche Nationalbibliothek)
prof. Martin Kretschmer (Glasgow University)

The algorithmic public: towards a normative framework for automated media

In the online media, decisions about what users get to see (or not to see) are increasingly automated, through the use of smart algorithms and extensive data about users’ preferences and online behaviour. This raises a number of fundamental questions about freedom of expression, editorial integrity and user autonomy. Leading thinkers will debate algorithmic decision-making in online media and explore the contours of a much needed normative framework for automated media.

prof. Natali Helberger (Institute for Information Law) (moderator)
dr. Joris van Hoboken (New York University)
prof. Wolfgang Schulz (Hans-Bredow-Institut)
prof. Niva Elkin-Koren (University of Haifa)
dr. Bernhard Rieder (University of Amsterdam)

Accountability and the public sector data push

Initiatives to make governments more ‘transparent’ abound. Freedom of information laws are reconfigured to push out ever more information to citizens and businesses. Promises of benefits abound too: better accountability and increased participation, as well as efficiency gains and new business opportunities. Can and should the next generation of freedom of information laws serve both political-democratic objectives and economic ones?

prof. Mireille van Eechoud (Institute for Information Law) (moderator)
Chris Taggart (Open Corporates)
Helen Darbishire (Access Info)
prof. Deirdre Curtin (University of Amsterdam)
dr. Ben Worthy (Birkbeck University College London)
Jonathan Gray (Open Knowledge Foundation / University of London)

A new governance model for communications security?

Today, the vulnerable state of electronic communications security dominates headlines across the globe, while money and power increasingly permeate the policy arena. 2013 has seen no less than five sweeping legislative initiatives in the E.U., while the U.S. seems to trust in the market to deliver. Amidst these diverging approaches, how should communications security be regulated?

Axel Arnbak (Institute for Information Law) (moderator)
prof. Deirdre Mulligan (University of California, Berkeley)
prof. Ian Brown (Oxford University)
prof. Michel van Eeten (Delft university of technology)
Amelia Andersdotter (European Parliament)
Ashkan Soltani (independent researcher)

Global information flows and the nation state

Information flows contest the physical spaces in which the nation state has been deemed a sovereign for almost five centuries. This tension dominates nearly all areas of information law, from data protection and IP enforcement to mass surveillance by national intelligence agencies. This session reflects on the broader challenges that territoriality presents for information law today.

prof. Urs Gasser (Harvard) (moderator)
prof. Joel Reidenberg (Fordham Law School)
prof. Graeme Dinwoodie (Oxford University)
Malavika Jayaram (Harvard)
Hielke Hijmans (Vrije Universiteit Brussel)

United in diversity – the future of the public mission

Digital technologies and the information economy create fascinating new opportunities but also pose fundamental challenges to the fulfilment of the public mission of the media, public archives and libraries alike. This panel is a step towards establishing a dialogue between the three institutions: to explore the congruence between their missions, and their responses to critical issues such as technological convergence, the changing habits of users, the growing abundance of content and their relationship to new information intermediaries, such as search engines, social networks or content platforms.

prof. Natali Helberger (Institute for Information Law) (moderator)
prof. Klaus Schönbach (University of Vienna)
prof. Frank Huysmans (University of Amsterdam)
prof. Egbert Dommering (Institute for Information Law)
Maarten Brinkerink (Netherlands Institute for Sound and Vision)
Richard Burnley (European Broadcasting Union)

Legalizing file-sharing: an idea whose time has come – or gone?

Alternative compensation systems are designed to legalize and monetize online copyright restricted acts of distributing and consuming content. Empirical evidence shows that end-users strongly support paying flat-rate fees for the ability to legally download and share content. So what prevents us from introducing such schemes? The group of experts convened debates the future of alternative compensation systems in light of current legal, business and technology trends.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Neil Netanel (University of California, Los Angeles)
prof. Alexander Peukert (University of Frankfurt)
dr. Philippe Aigrain (Quadrature du Net)
prof. Séverine Dusollier (University of Namur)

Assembly (Information influx)

Taking legal cases and controversies involving intellectual property, art collective Agency composes a growing list of “Things” that resist the split between “nature” and “culture”, a split that intellectual property relies upon. From the list of over a 1,000 Things, Agency calls forth Thing 002094, the copyright controversy Être et Avoir, to jointly speculate upon. The purpose is less to re-enact the judgment and more to prolong hesitation.

Agency
Severine Dusollier
Wilco Kalff
Sanne Rovers
Margot van de Linde
Arnisa Zeqo

Big brother is back

The debate about the pervasive surveillance of the online environment is roaring. Considering what we know now, what better metaphor is there than to conclude that we live in the world of Big Brother? This session will bring together leading thinkers and doers related to power and control in the communication environment, who will provide critical input on the way we think and speak about information freedom and control. Should we aspire to tame Big Brother or should we think differently about the problem?

Axel Arnbak (Institute for Information Law) (moderator)
dr. Joris van Hoboken (New York University) (moderator)
John McGrath (National Theatre of Wales)
dr. Seda Gürses (New York University)
Hans de Zwart (Bits of Freedom)

Who owns the World Cup? The case for and against property rights in sports events

Sports have important economic, social and cultural dimensions. What is the optimal form of legal protection of sports events considering the public-private nature of sports? The focus of debate will be on football because of its major relevance in Europe in terms of diffusion, commercial exploitation, and social impact; but we can expect many insights to hold true for other sports as well.

prof. Bernt Hugenholtz (Institute for Information Law) (moderator)
prof. Lionel Bently (University of Cambridge)
prof. Dirk Voorhoof (Ghent University)
prof. Peter Jaszi (American University Washington)
prof. Graeme Dinwoodie (Oxford University)
prof. Egbert Dommering (Institute for Information Law)
prof. Alan Bairner (Loughborough University)

Associated events

Invitation only:
Wednesday 2 July: Big Breakfast with Joseph Turow & Tal Zarksy – Ethical, normative, social and cultural implications of profiling & targeting in an era of big data – towards a research agenda, Institute for Information Law (IViR) & Amsterdam School of Communication Research (ASCoR), East India House, room E0.02, 09.00-12.00 a.m.

Public event:

Friday 4 July: Lecture James Boyle & Marjan Hammersma about cultural heritage and the public domain
More information and registration at:
Cultural heritage institutions as guardians of public domain works in the digital environment, Rijksmuseum & Kennisland in cooperation with IViR, Rijksmuseum Auditorium, 18.00-20.00 p.m.

About IViR

The Institute for Information Law (IViR) is a centre of excellence in academic research which consistently seeks to further our understanding of how legal norms reflect and shape the creation, dissemination and use of information in our societies. That is the ambition at the heart of the many research initiatives IVIR has undertaken since its foundation in 1989. The urgency of taking an interdisciplinary and international approach has only grown in the past decades. It is crucial if we want to understand and evaluate the rapidly evolving complex and myriad legal norms that govern information relations in markets, in social and in political spaces. With over 30 researchers, teachers and support staff based in our offices in the historic centre of Amsterdam, we have the critical mass to broach key regulatory challenges of today’s information society.

Our focus on information relations deliberately cuts across traditional boundaries in legal scholarship. We bring together insights from constitutional law, human rights, public administration, intellectual property, contract and property law, and competition law. Our functional approach enables fruitful collaboration with experts from an array of academic disciplines, in information and communications technology, economics, media studies, political science and the arts.

Continuing a long Dutch tradition of openness towards the world, our work has a strong international orientation. It shows in the topics we study, the strong global network of affiliations we have in academia and the wonderful dynamic mix of upcoming and experienced researchers from all over Europe and beyond that make up IViR.

With each consecutive research programme we prioritize legal developments that fascinate us, and translate them into a variety of research projects. This includes doctoral research, research for policymakers at national, European and international level, and projects funded through national and European research grant programmes. Our current research programme and an overview of research projects can be found here. Doctoral dissertations, journal articles, books, case comments, studies, reports, lectures, debates, workshops, conferences and summer schools are the staple means of communicating what we do. Browse our publications here.

Media reports and conference outputs will be posted on the IViR website

For more details visit https://cis-india.org/news/information-influx-conference

Information Disorders and their Regulation

Torsha Sarkar, Shruti Trikanad, and Anoushka Soni — 2024-01-31T14:20:20Z

The Indian media and digital sphere, perhaps a crude reflection of the socio-economic realities of the Indian political landscape, presents a unique and challenging setting for studying information disorders.

In the last few years, ‘fake news’ has garnered interest across the political spectrum, as affiliates of both the ruling party and its opposition have seemingly partaken in its proliferation. The COVID-19 pandemic added to this phenomenon, allowing for xenophobic, communal narratives, and false information about health-protective behaviour to flourish, all with potentially deadly effects. This report maps and analyses the government’s regulatory approach to information disorders in India and makes suggestions for how to respond to the issue.

In this study, we gathered information by scouring general search engines, legal databases, and crime statistics databases to cull out data on a) regulations, notifications, ordinances, judgments, tender documents, and any other legal and quasi-legal materials that have attempted to regulate ‘fake news’ in any format; and b) news reports and accounts of arrests made for allegedly spreading ‘fake news’. Analysing this data allows us to determine the flaws and scope for misuse in the existing system. It also gives us a sense of the challenges associated with regulating this increasingly complicated issue while trying to avoid the pitfalls of the present system.

Click to download the full report here.

For more details visit https://cis-india.org/internet-governance/blog/information-disorders-and-their-regulation

Information and livelihoods

radha — 2011-08-02T07:18:32Z

An article by Prof. Subbiah Arunachalam (Distinguished Fellow, CIS) in GISW 2009 (Global Information Society Watch, 2009)

Introduction

We live in a divided world where far too many people live in abject poverty. To help these people get out of poverty is good for the world as a whole, for great disparities in wealth will lead to violence and terrorism and no one can live in peace and harmony. None of the Millennium Development Goals (MDGs) can be achieved if we fail to address the problem of poverty and ensure livelihood security for the majority of the poor.

A vast majority of the poor live in the rural areas of developing countries and are dependent on agriculture or fishing for a living. They need information directly relevant to their livelihoods. Agriculture-related information is often one of the most immediate needs, since small-scale agriculture is very important to household incomes in rural areas. Information on current crop prices, fertiliser and pesticide costs, and the availability of improved seeds and low-cost improvements in farm technology can help farmers buy farm inputs and equipment of good quality at the right price, or help them successfully obtain credit.[1] Information on government entitlements and training programmes, opportunities for developing new products, and markets for environmental goods[2] is also useful. Without such information, poor families find it hard to take advantage of new opportunities for generating income and increasing their assets.

Many asset-less poor migrate to cities far and near and are constantly on the lookout for opportunities to work in construction sites, ports, factories and wherever they can be employed. They are often exploited and work in conditions far from satisfactory. They will be happy to have information on where work is available and wages are good.

This report looks at a few examples of how access to information helps improve the lives of people and how new technologies are being used in getting information to those who need it.

Small catch but big impact

About twelve years ago scientists at the M S Swaminathan Research Foundation (MSSRF) started working with fishing communities in coastal villages of southern India. The major thrust of the project, funded by the International Development Research Centre (IDRC), was to look at how emerging information and communications technologies (ICTs) could be used to make a difference to these people’s lives. But the project managers took a holistic perspective and put people and their needs before technology: they went beyond merely providing online access to information through their internet-enabled Village Knowledge Centres (VKCs). They were concerned about fisherpeople losing their catches, nets, boats and even their lives on days when the sea turned rough. Lives could be saved if only one could have advance knowledge of weather conditions. After some investigation, the MSSRF researchers found that United States (US) Navy satellites were collecting weather and wave height information for the Bay of Bengal, and the Navy website released forecasts based on these data twice daily. The VKC volunteers started downloading this information and made it available to the fisherpeople in their local language through notice boards and a public address system. Ever since this service commenced not a single death in mid-sea has been reported from these villages.

The need for innovation

Suddenly, the US Navy stopped providing this information and something needed to be done. MSSRF joined hands with Qualcomm, Tata Teleservices and Astute Systems Technology,[3] and these companies came up with an innovative mobile application called Fisher Friend based on third-generation code division multiple access (3G CDMA) technology. With Fisher Friend, the VKCs provide fisherpeople with real-time information on things like fish prices in different markets, weather, wave heights, satellite scan data on the location of fish shoals, and news flashes while they are at mid-sea. Access to these, as well as other information such as relevant government schemes, has improved market transparency and the earnings of smaller fisherpeople. Qualcomm is working on incorporating global positioning system (GPS) capability in the phones, so their exact location can be tracked. This would make rescue operations much easier.

Timely access to relevant information can not only improve the standards of living of a community, but also save lives.

Real evidence, not just anecdotal

Much of the evidence of the benefits of access to information and the use of technology to facilitate access so far has been anecdotal. In a recent paper in the Quarterly Journal of Economics Robert Jensen of Harvard University has quantified the benefits.[4] He showed that the adoption of mobile phones by fisherpeople and wholesalers in Kerala in southern India had led to a dramatic reduction in price dispersion (the mean coefficient of variation of price across markets over a stretch of 150 kilometres came down from 60%-70% to less than 15%); the complete elimination of waste (from 5%-8% to virtually nil); and near perfect adherence to the Law of One Price.[5] In addition, fisherpeople’s profits increased by 8%, while consumer prices declined by 4% (directly driving a 20 rupee/person/month consumer surplus, the equivalent of a 2% increase in per capita GDP from this one market alone). Sardine consumption increased by 6%. The advent of mobile phones also led to a 6% increase in school enrolment and a 5% increase in the probability of using healthcare when sick. All this with no government programmes, and no new funding requirements.[6]

Several other initiatives involve mobile technology. Nokia recently launched Life Tools in India, a fee-based service, with a view to impacting on the daily lives of people, especially farmers. Life Tools offers timely online access to information that will be of great relevance to farmers, students and the lay public. Nokia has partnered with the Maharashtra State Agricultural Marketing Board (to gather commodity prices from 291 markets), Reuters Market Light, Syngenta and Skymet,[7] among others. It has plans to introduce Life Tools to other developing countries before the end of the year.

Online access to information through mobile phones and through telecentres has also helped shop owners, traders and the self-employed increase their earnings in many countries. The mobile phone is becoming the primary connectivity tool. With significant computing power, it will soon be the primary internet connection, providing information in a portable, well-connected form at a relatively low price, pushing aside the personal computer.

Conclusion

Today the “bottom” three-quarters of the world’s population accounts for at least 50% of all people with internet access, says a Pew report.[8] As Turner pointed out in 2007, investment in telecom, which facilitates easy access to information, is more productive than investment in other kinds of infrastructure.[9] The impact is particularly noticeable in developing nations.

ICTs are not a technical solution on their own but are enablers in a process of local prioritisation and problem solving. This report has highlighted initiatives that use mobile technology. But mobile solutions are obviously not the only useful ones. For instance, LabourNet in Bangalore connects employers and casual labourers through an online database that is updated constantly.[10] Thanks to LabourNet, workers, especially at construction sites, get decent pay, training, insurance and safety measures at the workplace. However, the information supplied is more at the administrative level than the grassroots level.

The success lies in embedding ICTs in a holistic approach encompassing a diverse range of development initiatives. The trick is not to emphasise technology but to put people and their needs before technology. Sustainable livelihood approaches need to be people-centred, recognising the capital assets of the poor and the influence of policies and institutions on their livelihood strategies.[11]

Also, the mere ability to access information cannot take one far. What is important is what one can do with that information. Often one would need to have additional skills and capital to take advantage of the information. That is why efforts to provide improved access to information should go hand in hand with efforts to enhance skills through training programmes, and efforts to enhance access to finance through microfinance and the formation of self-help groups.

Rural livelihoods involve a wide range of strategies both within and outside the farming sector. Often farming communities need to augment their income through non-farming enterprises, and here the women and youth could play a role in enhancing household income.

It will be good to remember that a large number of ICT-enabled development pilot projects have remained just that – pilot projects that did not scale up.

References

Chapman, R., Slaymaker, T. and Young, J. (2003) Livelihoods Approaches to Information and Communication in Support of Rural Poverty Elimination and Food Security, Overseas Development Institute, London.
Chapman, R. (2005) ICT enabled knowledge centres and learning in the global village, in The Third MSSRF South-South Exchange Travelling Workshop (MSSRF/PR/05/59), M S Swaminathan Research Foundation, Chennai.
Jensen, R. (2007) The digital provide: Information (technology), market performance, and welfare in the South Indian fisheries sector, Quarterly Journal of Economics, 122 (August), p. 879-924.
Quitney Anderson, J. and Rainie, L. (2008) The Future of the Internet III, Pew Internet and American Life Project, Washington. www.future-internet.eu/fileadmin/documents/prague_documents/oc-meetings/PIP_FutureInternet3.pdf

Chapman, R., Slaymaker, T. and Young, J. (2003) Livelihoods Approaches to Information and Communication in Support of Rural Poverty Elimination and Food Security, Overseas Development Institute, London.
Good examples of environmental goods are handicrafts made from locally available material (plant or mineral-based material) and organic products.
Qualcomm is a US-based multinational that designs and make chips for telecom equipment. Tata Teleservices is a leading mobile service provider, and Astute Systems Technology is a software company writing applications for the chips.
Jensen, R. (2007) The digital provide: Information (technology), market performance, and welfare in the South Indian fisheries sector, Quarterly Journal of Economics, 122 (August), p. 879-924.
An economic law which states that in an efficient market, all identical goods must have only one price. In other words, variations in fish prices caused by differences in demand and supply at different locations disappeared once both buyers and sellers started using mobile phones.
Turner, B. (2007) Cellphones & Development — Evidence, not anecdotes.
blogs.nmss.com/communications/2007/02/cellphones_deve.html
Syngenta is a multinational company. One of its corporate goals is to help farmers maximise the potential of their resources. Towards this end it provides technological solutions, as well as information relating to agronomy, land use, etc. Skymet provides weather-related services that allow clients to adapt to a changing environment.
Quitney Anderson, J. and Rainie, L. (2008) The Future of the Internet III, Pew Internet and American Life Project, Washington.
www.future-internet.eu/fileadmin/documents/prague_documents/oc-meetings/PIP_FutureInternet3.pdf
Turner (2007) op. cit.
LabourNet matches the skills sets of people available for work with the needs of those who use their services, similar to headhunters who match the skills of executives and managers and place them in the right companies at the right levels, Only LabourNet deals with the poor.
Chapman, R. (2005) ICT enabled knowledge centres and learning in the global village, in The Third MSSRF South-South Exchange Travelling Workshop (MSSRF/PR/05/59), M S Swaminathan Research Foundation, Chennai..

Link to the article

For more details visit https://cis-india.org/internet-governance/blog/information-and-livelihoods

Information & Communication Technology in Making a Healthy Information Society with special reference to use of ICTS in Educational Technology

praskrishna — 2014-07-18T09:06:20Z

The Department of Computer Science, Andhra Loyola College in collaboration with the Department of Computer Science, Krishna University will be organizing a UGC-sponsored National Seminar on August 11 and 12, 2014 at Andhra Loyola College in Vijayawada.

T. Vishnu Vardhan, Programme Director, Access to Knowledge from the Centre for Internet and Society will be giving a key note address at this event.

See the invitation below:

For more details visit https://cis-india.org/news/information-communication-technology-in-making-a-healthy-information-society-with-special-reference-to-use-of-icts-in-educational-technology

Infographic: The Impending Right to Privacy Judgment

Amber Sinha and Pooja Saxena — 2017-08-22T23:50:44Z

The ruling will be important not just for the immediate Aadhaar case but also numerous other matters to do with state intrusions, decisional autonomy and informational privacy.

The article was published in the Wire on August 17, 2017.

Over the last month, a nine-judge constitutional bench of the Supreme Court has heard arguments on the existence of a fundamental right to privacy in India. Media coverage of judicial hearings in the apex court is often ripe with inaccuracies, thanks in no small measure to the court’s own restrictive policies, which, for instance, prevent video recordings. In this case, the arguments – which were heard over the course of three weeks – were widely reported in much greater detail and with fidelity, thanks largely to the live tweets by Gautam Bhatia and Prasanna S. (the entire collection of tweets is available here).

The availability of the entire set of written arguments made available by LiveLaw was another rich source for anyone following this matter in detail. The ruling by the bench will be of extreme importance not just for the immediate Aadhaar case, which has witnessed gross delays, but also numerous other matters in the future to do with state intrusions, decisional autonomy and informational privacy.

The questions before this bench are two fold – do the judgments in M.P. Sharma and Others vs Satish Chandra (decided by an eight-judge bench in 1954) and Kharak Singh vs State of UP and Others (decided by a six-judge bench in 1962) lead to the conclusion that there is no fundamental right to privacy, and whether the decisions in the later cases upholding a right to privacy were correct.

This infographic tries to unpack the hearings in the court into distinct issues, and the key arguments advanced by both the sides on them. The arguments from both sides on a particular question have been presented side by side for better appreciation, even though they were not argued together

Given the nature of the exercise, some of the arguments made in the infographic are bound to be a simplification of the actual issue. But it is hoped that this will provide a good overview of the issues argued.

Research and writing by Amber Sinha. Design by Pooja Saxena. Amber Sinha is a lawyer and works at the Centre for Internet and Society. Pooja Saxena is a typeface and graphic designer, specialising in Indic scripts.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-amber-sinha-and-pooja-saxena-august-17-2017-infographic-the-impending-right-to-privacy-judgment

INET Bangkok to Explore Internet’s Impact on Thailand’s Economy and Society

praskrishna — 2013-06-06T06:18:34Z

The Internet Society, in collaboration with the Thailand Internet community, the National Science & Technology Development Agency (NSTDA), and the Ministry of Information & Communication Technology (MICT), will host the INET Bangkok, 7-8 June 2013. The conference will be held at the Queen Sirikit National Convention Center, and will focus on the power of the Internet as a force for economic and social progress.

This post was published in BusinessWire on May 30, 2013. Sunil Abraham is participating in this conference.

INET Bangkok will bring together Thai Internet stakeholders to engage in an open discussion on the Internet agenda. This event will specifically showcase the creative power of the Internet, promote the importance of participating in the Internet governance process, and share capacity building efforts to expand Internet access.

The INET Bangkok agenda will feature four tracks covering key drivers of the Internet in Thailand: Technology, Innovation, Society, and the Future. Noted speakers at the event include H.E. Anudith Nakornthap, Minister of Information & Communication Technology (MICT); Dr. Thaweesak “Hugh” Koanantakool, President, National Science and Technology Development Agency (NSTDA); Paul Wilson, Director General of Asia Pacific Network Information Centre (APNIC); Dr. Rohan Samarajiva, Founder of LIRNEasia; Sunil Abraham, Executive Director, The Centre for Internet and Society; and Dr. Sak Segkhoonthod, President & CEO, Electronic Government Agency (EGA).

“The Internet has become a remarkable engine for social development and economic growth,” said Rajnesh Singh, Internet Society Regional Bureau Director for Asia-Pacific. “The Internet Society works closely with our Chapters, members, and regional community organizations to ensure the Internet continues to evolve as a platform for innovation, collaboration, creativity, and economic and social development. INET Bangkok will bring together leading Internet experts to discuss critical Internet issues for Thailand and across the region.”

A highlight of the event will be VIP Gala Dinner on 6 June 2013, celebrating the 25^th anniversary of the .TH group, Thailand’s ccTLD. For more details and to register, visit http://www.internetsociety.org/inet-bangkok.

About the Internet Society
The Internet Society is the trusted independent source for Internet information and thought leadership from around the world. With its principled vision and substantial technological foundation, the Internet Society promotes open dialogue on Internet policy, technology, and future development among users, companies, governments, and other organizations. Working with its members and Chapters around the world, the Internet Society enables the continued evolution and growth of the Internet for everyone. For more information, visit www.internetsociety.org.

For more details visit https://cis-india.org/news/businesswire-may-30-2013-inet-bangkok-to-explore-internet-impact-on-thailand-economy-and-society

Industry Consultation Panel on Data Retention - DSCI

praskrishna — 2016-12-06T15:55:14Z

Udbhav Tiwari was a panelist for an Industry Consultation Panel on Data Retention organised by the Data Security Council of India (DSCI) at the Le Meridian, New Delhi on 23 November 2016.

The agenda for the Panel was ‘Data Retention – Provisions under 67C’ and Udbhav's co-panellists were:

Gowree Gokhale, Nishith Desai and Associates
Srinivas Poosarla, Vice President and Head (Global), Privacy & Data Protection, Infosys
Chandra Ballabh, Security & Continuity Group, Bharti Airtel

The Panel was moderated by Bishakha Bhattacharya, Senior Director, NASSCOM.

The panel was fairly interesting and I largely espoused an outlook based on the principles of Transparency, Accountability, Proportionality and Due Process for any regulation that does come out in the near future regarding data retention, with a particular focus on balancing the interests of the key stakeholders. (Government, Industry & the Public)

The feedback to our position on the panel was decent to good, with Microsoft, Intel-McAfee, Samsung and SAP reaching out and agreeing to our broader stand and some of them looking forward to collaborating on us on future work on the topic as well.

For more details visit https://cis-india.org/internet-governance/news/industry-consultation-panel-on-data-retention-dsci