We are anonymous, we are legion

Surveillance and the Indian Constitution - Part 2: Gobind and the Compelling State Interest Test

pranesh — 2014-01-27T18:03:38Z

Gautam Bhatia analyses the first case in which the Supreme Court recognized a constitutional right to privacy, Gobind v. State of Madhya Pradesh, and argues that the holding in that case adopted the three-pronged American test of strict scrutiny, compelling State interest, and narrow tailoring in its approach to privacy violations.

After its judgment in Kharak Singh, the Court was not concerned with the privacy question for a while. The next case that dealt – peripherally – with the issue came eleven years later. In R.M. Malkani v State of Maharashtra, the Court held that attaching a recording device to a person’s telephone did not violate S. 25 of the Telegraph Act, because

"where a person talking on the telephone allows another person to record it or to hear it, it can-not be said that the other person who is allowed to do so is damaging, removing, tampering, touching machinery battery line or post for intercepting or acquainting himself with the contents of any message. There was no element of coercion or compulsion in attaching the tape recorder to the telephone."

Although this case was primarily about the admissibility of evidence, the Court also took time out to consider – and reject – a privacy-based Article 21 argument, holding that:

"Article 21 was invoked by submitting that the privacy of the appellant’s conversation was invaded. Article 21 contemplates procedure established by law with regard to deprivation of life or personal liberty. The telephonic conversation of an innocent citizen will be protected by Courts against wrongful or high handed interference by tapping the conversation. The protection is not for the guilty citizen against the efforts of the police to vindicate the law and prevent corruption of public servants. It must not be understood that the Courts will tolerate safeguards for the protection of the citizen to be imperiled by permitting the police to proceed by unlawful or irregular methods."

Apart from the fact that it joined Kharak Singh in refusing to expressly find a privacy right within the contours of Article 21, there is something else that unites Kharak Singh and R.M. Malkani: they hypothetical in Kharak Singh became a reality in Malkani – what saved the telephone tapping precisely because it was directed at "… a guilty person", with the Court specifically holding that the laws were not for targeting innocent people. Once again, then, the targeted and specific nature of interception became a crucial – and in this case, a decisive – factor. One year later, in another search and seizure case, Pooran Mal v Inspector, the Court cited M.P. Sharma and stuck to its guns, refusing to incorporate the Fourth Amendment into Indian Constitutional law.

It is Gobind v State of MP, decided in 1975, that marks the watershed moment for Indian privacy law in the Constitution. Like Kharak Singh, Gobind also involved domiciliary visits to the house of a history-sheeter. Unlike Kharak Singh, however, in Gobind the Court found that the Regulations did have statutory backing – S. 46(2)(c) of the Police Act, which allowed State Government to make notifications giving effect to the provisions of the Act, one of which was the prevention of commission of offences. The surveillance provisions in the impugned regulations, according to the Court, were indeed for the purpose of preventing offences, since they were specifically aimed at repeat offenders. To that extent, then, the Court found that there existed a valid “law” for the purposes of Articles 19 and 21.

By this time, of course, American constitutional law had moved forward significantly from eleven years ago, when Kharak Singh had been decided. The Court was able to invoke Griswold v Connecticut and Roe v Wade, both of which had found a "privacy" as an "interstitial" or "penumbral" right in the American Constitution – that is, not reducible to any one provision, but implicit in a number of separate provisions taken together. The Court ran together a number of American authorities, referred to Locke and Kant, to dignity, to liberty and to autonomy, and ended by holding, somewhat confusingly:

“the right to privacy must encompass and protect the personal intimacies of the home, the family marriage, motherhood, procreation and child rearing. This catalogue approach to the question is obviously not as instructive as it does not give analytical picture of that distinctive characteristics of the right of privacy. Perhaps, the only suggestion that can be offered as unifying principle underlying the concept has been the assertion that a claimed right must be a fundamental right implicit in the concept of ordered liberty… there are two possible theories for protecting privacy of home. The first is that activities in the home harm others only to the extent that they cause offence resulting from the mere thought that individuals might he engaging in such activities and that such ‘harm’ is not Constitutionally protective by the state. The second is that individuals need a place of sanctuary where they can be free from societal control. The importance of such a sanctuary is that individuals can drop the mask, desist for a while from projecting on the world the image they want to be accepted as themselves, an image that may reflect the values of their peers rather than the realities of their natures… the right to privacy in any event will necessarily have to go through a process of case-by-case development."

But if no clear principle emerges out of the Court’s elucidation of the right, it was fairly unambiguous in stressing the importance of the right itself. Interestingly, it grounded the right within the context of the freedom struggle. "Our founding fathers," it observed, "were thoroughly opposed to a Police Raj even as our history of the struggle for freedom has borne eloquent testimony to it." (Para 30) The parallels to the American Fourth Amendment are striking here: in his historical analysis Akhil Amar tells us that the Fourth Amendment was meant precisely to avoid the various abuses of unreasonable searches and seizures that were common in England at the time.

The parallels with the United States become even more pronounced, however, when the Court examined the grounds for limiting the right to privacy. "Assuming that the fundamental rights explicitly guaranteed to a citizen have penumbral zones and that the right to privacy is itself a fundamental right, that fundamental right must be subject to restriction on the basis of compelling public interest." "Compelling public interest" is an interesting phrase, for two reasons. First, “public interest” is a ground for fundamental rights restrictions under Article 19 (see, e.g., Article 19(6)), but the text of the Article 19 restrictions do not use – and the Court, in interpreting them, has not held – that the public interest must be “compelling”. This suggests a stricter standard of review for an Article 21 privacy right violation than Article 19 violations. This is buttressed by the fact that in the same paragraph, the Court ended by observing: “even if it be assumed that Article 19(5) [restrictions upon the freedom of movement] does not apply in terms, as the right to privacy of movement cannot be absolute, a law imposing reasonable restriction upon it for compelling interest of State must be upheld as valid.” The Court echoes the language of 19(5), and adds the word “compelling”. This surely cannot be an oversight.

More importantly – the compelling State interest is an American test, used often in equal protection cases and cases of discrimination, where “suspect classes” (such as race) are at issue. Because of the importance of the right at issue, the compelling state interest test goes hand-in-hand with another test: narrow tailoring. Narrow tailoring places a burden upon the State to demonstrate that its restriction is tailored in a manner that infringes the right as narrowest manner that is possible to achieve its goals. The statement of the rule may be found in the American Supreme Court case of Grutter v Bollinger:

"Even in the limited circumstance when drawing racial distinctions is permissible to further a compelling state interest, government is still constrained under equal protection clause in how it may pursue that end: the means chosen to accomplish the government’s asserted purpose must be specifically and narrowly framed to accomplish that purpose."

To take an extremely trivial example that will illustrate the point: the State wants to ban hate speech against Dalits. It passes legislation that bans “all speech that disrespects Dalits.” This is not narrowly tailored, because while all hate speech against Dalits necessarily disrespects them, all speech that disrespects Dalits is not necessarily hate speech. It was possible for the government to pass legislation banning only hate speech against Dalits, one that would have infringed upon free speech more narrowly than the “disrespect law”, and still achieved its goals. The law is not narrowly tailored.

Crucially, then, the Court in Gobind seemed to implicitly accept the narrow-tailoring flip side of the compelling state interest coin. On the constitutionality of the Police Regulations itself, it upheld their constitutionality by reading them narrowly. Here is what the Court said:

“Regulation 855, in our view, empowers surveillance only of persons against whom reasonable materials exist to induce the opinion that they show a determination, to lead a life of crime – crime in this context being confined to such as involve public peace or security only and if they are dangerous security risks. Mere convictions in criminal cases where nothing gravely imperiling safety of society cannot be regarded as warranting surveillance under this Regulation. Similarly, domiciliary visits and picketing by the police should be reduced to the clearest cases of danger to community security and not routine follow-up at the end of a conviction or release from prison or at the whim of a police officer.”

But Regulation 855 did not refer to the gravity of the crime at all. Thus, the Court was able to uphold its constitutionality only by narrowing its scope in a manner that the State’s objective of securing public safety was met in a way that minimally infringed the right to privacy.

Therefore, whether the Gobind bench was aware of it or not, its holding incorporates into Indian constitutional law and the right to privacy, not just the compelling State interest test, but narrow tailoring as well. The implications for the CMS are obvious. Because with narrow tailoring, the State must demonstrate that bulk surveillance of all individuals, whether guilty or innocent, suspected of crimes or not suspected of crimes (whether reasonably or otherwise), possessing a past criminal record or not, speaking to each other of breaking up the government or breaking up a relationship – every bit of data must be collected to achieve the goal of maintaining public security, and that nothing narrower will suffice. Can the State demonstrate this? I do not think it can, but at the very least, it should be made to do so in open Court.

For more details visit https://cis-india.org/internet-governance/blog/surveillance-and-the-indian-consitution-part-2

Interview with Mathew Thomas from the Say No to UID campaign - UID Court Cases

maria — 2014-01-27T12:47:49Z

The Centre for Internet and Society (CIS) recently interviewed Mathew Thomas from the Say No to UID campaign about his ongoing efforts to challenge the UID scheme legally in the Bangalore High Court and Supreme Court of India. Read this interview and gain an interesting insight on recent legal developments with regards to the UID!

Hi Mathew! We've heard that you've been in court a lot over the last few years with regards to the UID scheme. Could you please tell us about the UID case you have filed?

In early 2012, I filed a civil suit at the Bangalore Court to declare the UID scheme illegal and to stop further biometric enrollments. I alleged that foreign agencies are involved in the process of biometric enrollment, and that cases of corruption have occurred with regards to the companies contracted by the UID Authority of India (UIDAI). Many dubious companies have been empanelled for biometric enrollments by the UIDAI and many cases of corruption have been noted, especially with regards to the preparation of biometric databases for below poverty line (BPL) ration cards in Karnataka.

In 2010, according to a government audit report, COMAT Technologies Private Limited had a contract with the Karnataka Government and was required to undertake a door-to-door survey and to set up biometric devices. COMAT Technologies Private Limited was paid ₹ 542.3 million for this purpose, but it turns out that the company did not comply with the terms of the contract and did not fullfill its obligations under the contract. Even though COMAT Technologies Private Limited had been contracted and had been paid ₹ 542.3 million, the company did not hand over any biometric device to the Karnataka Government. Instead, when the company got questioned, it walked away from the contract in 2010, even though it had been paid for a service it did not deliver.

In the same year, 2010, COMAT Technologies was empanelled as an Enrolling Agency of the UIDAI. COMAT Technologies also carries out enrollments in Mysore and a TV channel sting operation revealed that fake IDs were being issued in the Mysore enrollment center. After much persuasion, the e-Government department of Karnataka informed me that they have filed an FIR. And this is just one case of a corrupt company empanelled as an enrollement agency with the UIDAI. Many similar cases with other companies have occurred in other cities in India, such as Mumbai, where the empanelled agencies have committed fraud and police complaints have been filed. But unfortunately, there is no publicly available information on the state of the investigations.

As such, I filed a case at the Bangalore Court and stated that the whole UID system is insecure, that it will not achieve the objective of preventing leakages of welfare subsidies and that, therefore, it is a waste of public funds, which also affects individuals' right to privacy and right to life. In my complaint in the civil court I made allegations of corruption and dangers to national security backed by documentary evidence. According to Order 8 of the Civil Procedure Code (CPC), defendants are required to specifically deny each of the allegations against them and if they don't, the court is required to accept the allegations as accurate. According to law, vague, bald denials are not acceptable in courts. Interestingly enough, the defendants in this court case did not deny any of the allegations, but instead stated that they (allegations) are “trivial” and requested the judge to dismiss the case without a trial. The judge requested the defendants to file a written application, asking for the suit to be dismissed under Order 7, Rule 11, of the Civil Procedure Code. Nonetheless, in May 2012, the judge observed that this is a serious case which should not be dismissed and that he would like to have a daily hearing of the case, especially since the case was grounded on the allegation that thousands of crores of rupees of public money are spent every day.

However, one month later in June 2012, the judge dismissed the case by stating that I did not have a “cause of action” and that the case is not of civil nature under Section 9 of the Code of Civil Procedure. I argued that tax payers have a right to know where their money is going and that we all have a right to privacy and that therefore, I did have a cause for action. I quoted the Supreme Court case setting out the law relating to the meaning of “civil nature”. The Apex court said, “Anything which is not of criminal nature is of civil nature”. I also quoted several court precedents which explained conditions under which complaints could be dismissed under Order VII Rule 11. Unfortunately though, the judge dismissed all of this and suggested that I should take this case to the High Court or to the Supreme Court, since the Bangalore Court did not have the authority to address the violation of fundamental human rights. In my opinion, the fallacy in this judgement was that, on the one hand, the judge stated in his order that there was “no cause for action”, but on the other hand, he said that I should take the case to the High Court or to the Supreme Court! And on top of that, the judge stated that my case was frivolous and levied on me a Rs. 25, 000 fine, because apparently I was “wasting the court's time” !

In addition to all of this, the judge made a very intriguing statement in his order: he claimed that the biometric enrollment with the UIDAI is voluntary and that therefore I need not enrol. I argued that although the UID is voluntary in theory, it is actually mandatory on many levels, especially since access to many governmental services require enrollment with the UIDAI. Nonetheless, the judge insisted that the UID is purely voluntary and that if I am not happy with the UID, then I should just “stay at home”.

And how did the case continue thereafter?

In October 2012 I appealed against this to the High Court by stating that there was a misapplication of Order 7, Rule 11, of the Civil Procedure Code and requested the High Court to send the suit back for trial at the Bangalore Court.

Now, when you appeal in India, the Court has to issue notices to the opposite party, which are usually sent by registered post. However, nothing was happening, so I filed a number of applications to hear the case. The registrar’s office filed a number of trivial “objections” with which I needed to comply and this took three months, until January 2013. For example, one “objection” was that the lower court order stated the date of the order as "03-07-12", whereas I had mentioned the date as 3 July 2012. Then they would argue that the acknowledgement of the receipt of the notice from the respondents was not received. The High Court is located next to the head post office (GPO) in Bangalore and normally it would be sent there, then directly to the GPO in Delhi and from there to the Planning Commission or to the UIDAI. Yet, the procedure was delayed because apparently the notices weren't sent. In one hearing, the court clerk said that the address of the defendant was wrong and that the address of the Planning Commission should also be included. All in all, it seemed to me like there was some deliberate attempt to delay the procedure and the dismissal of the case by the Bangalore Court seemed very questionable. As a result, in January 2013, I asked the High Court to permit me to personally hand over my appeal to the Government Council. And finally, on 17th December 2013, my appeal was heard by the Bangalore High Court!

Over the last three months, the defendants have not filed any counter affidavit. Instead, the Government Council came to the High Court and stated that I have not filed a “paper book” (which includes depositions and evidence, among other things). However, the judge stated that this is not a case which requires a “paper book”, since my appeal was about the misapplication of Order 7, Rule 11, of the Civil Procedure Code. Then the Government Council asked for more time to review the appeal and it is has been postponed.

Have there been any other recent court cases against the UID?

Yes. While all of this was going on, retired judge, Justice Puttaswamy, filed a petition in the Supreme Court, stating that the UID scheme is illegal, since it violates article 73 of the Constitution. Aruna Roy, who is an activist at the National Council for People’s Right to Information, has also filed a petition where she has questioned the UID because it violates privacy rights and the rights of the poor.

Furthermore, petitions have been filed in the Madras High Court and in the Mumbai High Court. In 2012, it was argued in the Madras High Court that the only legal provision for taking fingerprints exists under the Prisoners Act, whereas the UIDAI is taking the fingerprints of people who are not prisoners and therefore it is illegal. In 2013, Vikram Crishna, Kamayani Bahl and a few others argued in the Mumbai High Court that the right to privacy is being violated through the UID scheme. It is noteworthy that in most of these cases, the defendants have not filed any counter-arguments. The only exceptions were in the Aruna Roy and Puttaswamy cases, where the defendants claimed that the UID is secure and supported it in general. In the end, the Supreme Court directed that the cases in Mumbai and Madras should be clubbed together and addressed by it. As such, the cases filed in the Madras and Mumbai High Courts have been sent to the Supreme Court of India.

Major General Vombathakere also filed a petition in the Supreme Court, arguing that the UID scheme violates individuals' right to privacy. When the counsel for the General commenced his arguments the judge pointed to the possibility of the Government passing the NIA Bill soon, which will contain provisions for privacy, as stated by the Government. As such, the judge implied that if the Government passes such a law the argument, that the Government is implementing the scheme in a legal vacuum, may not be valid.

So what is the status of your pending court cases?

Well, I impleaded myself in Aruna Roy's petition and brought my arguments with regards to corruption in the case of companies contracted with the UIDAI and the danger to national security through the involvement of persons linked to US intelligence agencies. The last hearing in the Supreme Court was on 10th December 2013, but it was postponed to 28 January 2014. So in short, in the Supreme Court I am currently filing a case for investigation with regards to corruption and links with foreign intelligence agencies by companies contracted with the UIDAI, while in the Bangalore High Court, I have appealed a civil trial with regards to the misplacement of Order 7, Rule 11, of the Civil Procedure Code.

For more details visit https://cis-india.org/internet-governance/blog/interview-with-mathew-thomas-from-the-say-no-to-uid-campaign

The net is taking over

praskrishna — 2014-02-04T05:57:16Z

For many days to come, people will speculate what caused Sunanda Pushkar's death last week in a New Delhi hotel. Did Union minister Shashi Tharoor's wife die of poisoning or a drug overdose? Wasn't she unwell? Was it suicide? Or was it murder? No less a matter of speculation has been the social media's role in the whole affair.

The article by Veenu Sandhu and Surabhi Agarwal published in the Business Standard on January 24, 2014 quotes Sunil Abraham.

Writer Suketu Mehta has called it "murder by Twitter". Pushkar's very public spat with Mehr Tarar, a Pakistani journalist, on the micro-blogging site, many psychologists feel, may have multiplied her anguish. Apart from other things, Tarar had tweeted: "The blonde's aqal is weaker thn (sic) her grammar & spellings." Still others believe Pushkar had the premonition that end was near, and it was there for all to see on social media. "Hasta hua jayega," (will go laughing), she had tweeted a few days before her death.

Social media is no longer time-pass in the country, certainly not with over 90 million users. The line that divides online and offline lives has blurred. Networking sites have begun to impact human behaviour. Lives are being lived in the open: open to comment, analysis and abuse. Mahesh Murthy, the founder of digital brand management firm Pinstorm, calls it the "demise of the culture of secrecy". This is the age, he says, "of diversity, of coming out in the open with sexual preferences et cetera. Social media will help slaughter sacred cows. It is a good thing to happen, except for the sacred cows." According to Murthy, the pitfalls of uncensored speech are for those "who think they can control their lives or are insecure".

But pitfalls are showing up. Some time ago, a high-profile couple from Delhi approached marriage and family counsellor Nisha Khanna. Their problem was aggravated by the wife's obsession with Facebook, to the extent that she would put out everything, including the ups and downs of her relationship with her husband, as status messages for the consumption of her social media friends and acquaintances. The husband was livid - he felt exposed. It took six months of rigorous counselling before the wife started controlling, though marginally, her social media behaviour. "We are seeing obsession, irrationality and an inability to spot the very thick line that divides the private from the public," says Varkha Chulani, clinical psychologist, psychotherapist and consultant with Lilavati Hospital in Mumbai. People, she adds, are looking for Facebook 'like' buttons even in real life.

Feelings of extreme happiness, depression, loneliness and even suicidal thoughts are being shared not with family and friends but with Facebook 'connections' and Twitter 'followers'. Tweets or status updates that point to suicidal tendencies, in particular, can be telling. Some of these key expressions are "depressed", "feeling abused", "it's over" or "empty inside". A study - Tracking Suicide Risk Factors through Twitter - conducted in the US last year found a strong correlation between the number of tweets that indicated suicidal intentions and the number of suicides committed.

Having realised that the platform is also being used as a medium to vent and express personal trauma, Facebook has, for about a year, been sending reports on profiles of people with suicide risk to Mumbai-based suicide helpline Aasra. "In the last one year, we have received 350 such email intimations concerning Indians," says Aasra Director Johnson Thomas. Aasra then mails that person to subtly and sensitively convey that there is help at hand, in case it is needed. Facebook and Twitter did not offer any comment for this article.

Decoding Social Media Slang

I am an aggregator who has left a cookie crumb trail (while writing this) for a machine algorithm to follow. So, can it point out to my boss the scoops and their origin? In all probability, yes. For an all-devouring algorithm, no crumb, no target, is too small. Algorithms (at their core, a step-by-step method for doing a job) can sound scary, but social media analysts depend on these little-understood, obscure mathematical creatures.

So, information posted publicly on blogs, Facebook, Twitter, and other sites are fair game for these data predators. Suppose you click ‘like’ on Facebook, you’re giving away a lot more than you might think. Your ‘likes’ can be pieced together to form an eerily true portrait of yourself. A study of 58,000 volunteers by Michal Kosinski and David Stillwell (University of Cambridge) and Thore Graepel (Microsoft Research, Cambridge) charts the chances of an accurate prediction: 67 per cent for single versus in a relationship, 73 per cent for cigarette smoking, 70 per cent for alcohol drinking, 65 per cent for drug use, 88 per cent for male homosexuality, 75 per cent for female homosexuality, and 93 per cent for gender.

Another point is not all data out there are cold facts. Far from that, most are sentiments and slang: sweet, bitter and often intimate. “Wazup homie!! howz it going!!” is a profound example. “‘Yo, homie, I'll be at my house in case you want to come kick it later” is another. How is a number cruncher such as an algorithm expected to crunch slang and emotions? But experts insist there’s a bull market in sentiments and foul language. And an emerging field known as sentiment analysis is taking shape. The simplest algorithms here work by scanning keywords to categorise a statement as positive or negative, based on a simple binary analysis (‘love’ is good, ‘hate’ is bad). But a more reliable analysis requires decoding many linguistic shades of gray. For example, to get at the true intent of a statement like ‘dude, i'm like......duuuude,’ the software will have to activate several different filters, including polarity (is the statement positive or negative?), intensity (what is the degree of emotion being expressed?) and subjectivity (how partial or impartial is the source?)

“People first thought that emotions expressed on social media were just cute and stupid,” says Sreeju Thankan who has done computer science and engineering from the Indian Institute of Technology Roorkee and is now working at Mango Solutions. “Now, they are recognising it as a rich vein.” But translating slang into binary code can be much tougher. “Sentiments are different from conventional facts,” says Thankan. “There is a long way for slang patrol to go.” For casual web surfers, a simpler sentiment-analysis tool, Tweetfeel, is available. It tells you the numbers of positive and negative tweets on a given topic. It also gives you their percentages. Its analysis is based not just on emoticons, but also words and phrases.

Ashish Sharma

Last October in Mumbai, a 17-year-old college student, Aishwarya Dahiwal, killed herself after her parents barred her from using Facebook. "Is Facebook so bad? I cannot stay in a home with such restrictions as I can't live without Facebook," her suicide note reportedly read. The parents were in utter shock. "Girls are more prone to putting personal and emotional messages on social networking sites," says Manju Chhabra, child counsellor who runs an organisation called Cactus Lily in Delhi. And they tend to get more affected by what people say and how they react. "And comments on this very impersonal medium which we are giving a very personal space can be very cruel."

Seema Hingorrany, a Mumbai-based psychologist, says one of her recent patients is a girl studying in Class 9. Her friend from school had uploaded a photo of herself, which got 200 'likes'. That upset the patient terribly because it reinforced her belief that she was unattractive and she became extremely upset, to the extent that her parents felt she needed counselling. Constant use of Facebook can affect one's self-esteem, if it's already low. Another of Hingorrany's patient was a 30-year-old who took to social media after he lost his job. But seeing other people's photos and updates made him increasingly jealous, and he began posting nasty comments. The recipients of his ire began "unfriending" him, which only made him more withdrawn.

Irrational behaviour can also be seen in the world of random video chat. Sites like Omegle and Chatroulette aim to bring together surfers together with the help of webcams. The promise is irresistible: an endless stream of visitors in your room. When Ashish Sharma (the author of the accompanying article) logged on, he met a gaggle of girls who giggled endlessly, a German painter who was looking for his muse and wanted him to pose in a state of undress, a Swede who danced around and asked him to sing in praise of his bottom, and a man with an iron mask. It was crude and shocking. The excessively sexual behaviour can be unsettling for an unsuspecting (and young) visitor.

There is another side to it. "Twitter posts," says an article posted on rediff.com, "have saved lives. A man lost on a ski slope in Switzerland got help when he tweeted his predicament. Another got bail from arrest as his friends discovered from a tweet that he was jailed in a foreign country." Human resource managers check out the profiles of job applicants on social media. "People might mask many judgmental things in an interview; there is a possibility that they might express it on social media," says Debdas Sen, leader of technology consulting, PricewaterhouseCoopers. "Inclusion and diversity are important for us." But job seekers have become wise to it. That's why many airbrush their social media profiles. All politically incorrect posts are removed. Friends are treated lavishly offline so that they write nice posts on Facebook pages. Some even hire professional photographers for as much as Rs 20,000 to paste good profile pictures.

But those who hire have started to see through it. Says Murthy of Pinstrip, "One can easily figure out the truthfulness of your statements by seeing what your friends are saying." One human resource manager says he pays more attention to what people post after 10 pm because "it tends to be more truthful". A senior functionary of a Gurgaon-headquartered firm says that he had hired somebody after he had found nothing suspicious on his LinkedIn profile; it was only later he found out that this person had been involved in some financial misdemeanour in his earlier job. "His LinkedIn profile had no clues, he was not on Facebook. That should have struck me," he says. Of course, the person was asked to leave.

Sunil Abraham, the executive director of Bangalore-based Centre for Internet and Society, says social media has made people forget the distinction between private, semi-private and public statements. "Speech used to be ephemeral, but Internet has given it the power it never had," he says. "Internet never forgets." The fact that traces of a communication may remain in cyberspace even after they have been deleted has prompted a legislation called the Right to Erasure by the European Union. Under the law, earlier called Right to be Forgotten, an individual can request all his data to be erased, including by third parties. India is also mulling a similar legislation under its Privacy Bill.

Those at the bottom of the social pyramid, who have little to lose, express themselves most freely on social media, while those with reputations to protect are cautious. The consequences can be serious, as the Mumbai girl who questioned the city's shutdown after Bal Thackeray's death in November 2012 on Facebook and her friend who "liked" realised: both were called in by the police. It's not surprising why even standup comedians, who can't resist taking potshots at one and all, turn extremely careful before they tweet.

So, is social media good or bad? "Social media can help," Amartya Sen said at the recent Jaipur Literature Festival, "But you must read more books".

For more details visit https://cis-india.org/news/business-standard-january-24-2014-veenu-sandhu-surabhi-agarwal-the-net-is-taking-over

Internet Governance and India: The Way Forward

praskrishna — 2014-02-03T10:33:53Z

Snehashish Ghosh is participating in this event organized by the Observer Research Foundation on January 22 in New Delhi.

The Internet Governance Forum’s (IGF) purpose is to support the United Nations Secretary-General in carrying out the mandate from the World Summit on the Information Society (WSIS) with regard to convening a new forum for multi-stakeholder policy dialogue. The eighth edition of the Internet Governance Forum started on October 22, in Bali, Indonesia. Representatives of governments, intergovernmental organisations, private sector, technical and academic community and civil society gathered together to discuss Internet governance related issues, under the general theme of “Building Bridges – Enhancing Multistakeholder Cooperation for Growth and Sustainable Development”. Cybersecurity, open internet, freedom of expression, protection of human rights were some of the topics discussed and debated at the three day conference. There was also a mutual consensus amongst the participants on the multistakeholder model for internet governance.

Programme

10.30: Registration/Tea
11.00: Opening Remarks by Mahima Kaul, Fellow-ORF
11.10: Subi Chaturvedi, Assistant Professor Journalism & Communication, Lady Shri Ram College for Women & Founder Trustee Media For Change
11.25: Dr. Anja Kovacs, Director, Internet Democracy Project, New Delhi.
11.40: Dr. Govind, CEO, National Internet Exchange of India, Department of Electronics and Information Technology, Government of India.
11.55: Virat Bhatia, Chairman, FICCI Communications & Digital Economy Committee and President, IEA AT&T, SouthAsia
12.10: Question and Answer
12.50: Concluding remarks
13.00: Lunch, ORF Lounge.

Speakers Biography

Subi Chaturvedi, Asstt. Professor Journalism & Communication, Lady Shri Ram College for Women & Founder Trustee Media For Change.

Ms. Chaturvedi strives to promote the role and participation of the youth, women and girls in ICT and the policy dialogue and decision making, along with Improving e-governance and deepening democracy through 'media for change'. She also works on building bridges between different stakeholders in IG and enabling conversations on the national and domestic level on important policy concerns such as cybersecurity, openness, universality, human rights, permission less innovation and freedom of speech and expression online, through roundtables, workshops, public hearings and youth meets (Internet Dialogues) for India.

She also actively participates in domestic as well as International meetings on Internet governance and enhanced cooperation to represent her stakeholder perspective, especially as a women academician and a member of the media and civil society from a developing country and an emerging economy. She often writes opinion and edits pieces for national dailies, journals and provides inputs and commentary to the electronic media to inform the debate and dialogue on Internet Governance policy questions

Dr. Anja Kovacs, Director, Internet Democracy Project, Delhi
Dr. Anja Kovacs directs the Internet Democracy Project, Delhi, where her work focuses on questions regarding freedom of expression, cybersecurity and the architecture of Internet governance as they relate to the Internet and democracy. She is currently also a member of the of the Investment Committee of the Digital Defenders Partnership and of the interim Steering Group of Best Bits, a global network of civil society members. In addition, Anja has worked as an international consultant on Internet issues, including for the United Nations Development Programme Asia Pacific and the UN Special Rapporteur on Freedom of Expression, Mr. Frank La Rue, and has been an IREX Fellow and a Fellow at the Centre for Internet and Society in Bangalore. Prior to focusing her work on the information society, Anja researched, lectured and consulted on a wide range of development-related issues, including at the University of East Anglia, Norwich, and Ambedkar University, Delhi. She obtained her PhD in Development Studies from the University of East Anglia in the UK.

Dr. Govind, CEO, National Internet Exchange of India, Department of Electronics and Information Technology, Government of India

Virat Bhatia, Chairman, FICCI Communications & Digital Economy Committee and President, IEA AT&T, SouthAsia
As Chairman of the FICCI Communications and Digital Economy Committee, Mr. Bhatia currently leads the combined advocacy and policy reform efforts of nearly 150 members - representing leading telecom industry associations, mobile service providers, domestic and long distance service providers, ISPs, internet companies, social media, infrastructure and tower companies, device manufacturers, consultants, legal experts and other related stakeholders in India’s ICT space. He is appointed as a member of the Joint Working Group (JWG) which drafted the “Guidelines on Protection of National Critical Information Infrastructure”, later released by the NSA in June 2013. He serves on the Multistakeholder Advisory Group (MAG) of DeitY for India IGF, and in the past, on the JWG dealing with issues of cyber security.

At AT&T, Mr. Bhatia serves as President, IEA, for the South Asia region. He has responsibility for supporting all of AT&T’s businesses, corporate development activities, new investments and business strategies. He has been involved with the digital economy sector since 1994.

For more details visit https://cis-india.org/news/internet-governance-and-india-the-way-forward

Multistakeholders Consultation on International Public Policy Issues

praskrishna — 2014-02-03T10:07:54Z

The Department of Electronics & Information Technology has called for a meeting on January 21 in New Delhi to discuss international public policy issues. Snehashish Ghosh will participate in the meeting.

MAG Meeting Notice issued by the Department of Electronics & Information Technology on January 13 can be accessed here.

For more details visit https://cis-india.org/news/multi-stakeholders-consultation-on-intl-public-policy-issues-january-21-2014

What is net neutrality and why it is important

praskrishna — 2014-02-03T08:24:34Z

Internet is built around the idea of openness. It allows people to connect and exchange information freely, if the information or service is not illegal.

The article was published in the Times of India on January 20, 2014. Sunil Abraham is quoted.

Much of this is because of the idea of net neutrality. If you like the current state of the internet, you should know about net neutrality. Many web users are aware of it. But if you are not, don't worry. We explain it here:

What is net neutrality?
Net neutrality is an idea derived from how telephone lines have worked since the beginning of the 20th century. In case of a telephone line, you can dial any number and connect to it. It does not matter if you are calling from operator A to operator B. It doesn't matter if you are calling a restaurant or a drug dealer. The operators neither block the access to a number nor deliberately delay connection to a particular number, unless forced by the law. Most of the countries have rules that ask telecom operators to provide an unfiltered and unrestricted phone service.

When the internet started to take off in 1980s and 1990s, there were no specific rules that asked that internet service providers (ISPs) should follow the same principle. But, mostly because telecom operators were also ISPs, they adhered to the same principle. This principle is known as net neutrality. An ISP does not control the traffic that passes its servers. When a web user connects to a website or web service, he or she gets the same speed. Data rate for Youtube videos and Facebook photos is theoretically same. Users can access any legal website or web service without any interference from an ISP.

Some countries have rules that enforce net neutrality but most don't. Instead, the principle is followed because that is how it has always been. It is more of a norm than a law.

How did net neutrality shape the internet?
Net neutrality has shaped the internet in two fundamental ways.

One, web users are free to connect to whatever website or service they want. ISPs do not bother with what kind of content is flowing from their servers. This has allowed the internet to grow into a truly global network and has allowed people to freely express themselves. For example, you can criticize your ISP on a blog post and the ISP will not restrict access to that post for its other subscribers even though the post may harm its business.

But more importantly, net neutrality has enabled a level playing field on the internet. To start a website, you don't need lot of money or connections. Just host your website and you are good to go. If your service is good, it will find favour with web users. Unlike the cable TV where you have to forge alliances with cable connection providers to make sure that your channel reaches viewers, on internet you don't have to talk to ISPs to put your website online.

This has led to creation Google, Facebook, Twitter and countless other services. All of these services had very humble beginnings. They started as a basic websites with modest resources. But they succeeded because net neutrality allowed web users to access these websites in an easy and unhindered way.

What will happen if there is no net neutrality?
If there is no net neutrality, ISPs will have the power (and inclination) to shape internet traffic so that they can derive extra benefit from it. For example, several ISPs believe that they should be allowed to charge companies for services like YouTube and Netflix because these services consume more bandwidth compared to a normal website. Basically, these ISPs want a share in the money that YouTube or Netflix make.

Without net neutrality, the internet as we know it will not exist. Instead of free access, there could be "package plans" for consumers. For example, if you pay Rs 500, you will only be able to access websites based in India. To access international websites, you may have to pay a more. Or maybe there can be different connection speed for different type of content, depending on how much you are paying for the service and what "add-on package" you have bought.

Lack of net neutrality, will also spell doom for innovation on the web. It is possible that ISPs will charge web companies to enable faster access to their websites. Those who don't pay may see that their websites will open slowly. This means bigger companies like Google will be able to pay more to make access to Youtube or Google+ faster for web users but a startup that wants to create a different and better video hosting site may not be able to do that.

Instead of an open and free internet, without net neutrality we are likely to get a web that has silos in it and to enter each silo, you will have to pay some "tax" to ISPs.

What is the state of net neutrality in India?
Legally, the concept of net neutrality doesn't exist in India. Sunil Abraham, director of Centre for internet and Society in Bangalore, says that Trai, which regulates the telecom industry, has tried to come up with some rules regarding net neutrality several times. For example it invited comments on the concept of net neutrality from industry bodies and stakeholders in 2006. But no formal rules have been formed to uphold and enforce net neutrality.

However, despite lack of formal rules, ISPs in India mostly adhere to the principal of net neutrality. There have been some incidents where Indian ISPs have ignored net neutrality but these are few and far between.

Will the concept of net neutrality survive?
Net neutrality is sort of gentlemen's agreement. It has survived so far because few people realized the potential of internet when it took off around 30 years ago. But now when the internet is an integral part of the society and incredibly important, ISPs across the world are trying to get the power to shape and control the traffic. But there are ways to keep net neutrality alive.

Consumers should demand that ISPs continue their hands-off approach from the internet traffic. If consumers see a violation of net neutrality, they ought to take a proactive approach and register their displeasure with the ISP. They should also reward ISPs that uphold the net neutrality.

At the same time, as Abraham says, Trai needs to come out with a set of clear and precise rules that protect the net neutrality. "We have started seeing ISPs trying to take control of the traffic that flows from their servers but Trai can regulate them. It can keep the internet open and consumer-friendly by forming rules that protect net neutrality. These are early days so it is easy to do. If ISPs manage to change the system, it may become too late," he says.

For more details visit https://cis-india.org/news/times-of-india-january-20-2014-what-is-net-neutrality-and-why-is-it-important

GNI Assessment Finds ICT Companies Protect User Privacy and Freedom of Expression

elonnai — 2014-01-20T06:17:46Z

Elonnai Hickok analyses a public report recently published by GNI on the independent assessment process for Google, Microsoft, and Yahoo. The report finds Google, Microsoft, and Yahoo to be in compliance with the GNI principles on privacy and freedom of expression.

Introduction

In January 2014, the Global Network Initiative (GNI) published the Public Report on the Independent Assessment Process for Google, Microsoft, and Yahoo. GNI is an industry consortium that was started in 2008 with the objective of protecting user’s right to privacy and freedom of expression globally. The main objectives of GNI are to provide a framework for companies that is based on international standards, ensure accountability of ICT companies through independent assessments, create opportunities for policy engagement, and create opportunities for stakeholders from multiple jurisdictions to engage in dialogue with each other. The Centre for Internet and Society, Bangalore, is a member of GNI. Companies based in India have yet to join as members to the GNI network.

Overview of the Public Report

The Public Report provides an overview of assessments completed on the practices and policies of Google, Yahoo, and Microsoft from 2011 - 2013 to measure company compliance with the GNI principles on freedom of expression and privacy. The principles lay out broad guidelines that member companies should seek to incorporate in their internal and external practices and speak to freedom of expression, privacy, responsible company decision making, multi – stakeholder collaboration, and organizational governance, accountability, and transparency. The GNI principles have also been developed with Implementation Guidelines to provide companies with a framework for companies to respond to government requests. The assessment carried out by GNI reviewed cases in each company pertaining to governmental: blocking and filtering, takedown requests, criminalization of speech, intermediary liability, selective enforcement, content surveillance, and requests for user information.

Importantly, the assessment undertaken by GNI finds Yahoo, Microsoft, and Google to be in compliance with the GNI principles on freedom of expression and privacy. The Report highlights practices by the companies that work to protect freedom of expression and privacy such as conducting human rights impact assessments, issuing transparency reports, and notifying affected users when content is removed, have been, adopted by these companies. For example, Google conducts Human Rights Impact Assessments to assess potential threats to freedom of expression and privacy. Google also has in place internal processes to review governmental requests impacting freedom of expression and privacy, and the legal team at Google prepares a “global removal report” to provide a bird’s eye view of trends emerging from content removal requests. If Google has the email address of a user who’s posted content is removed, Google will often notify the user and directs the user to the Chilling Effects website. Google has also published a transparency report since 2010. Like Google, Microsoft conducts Human Rights Impact Assessments before making decisions on whether to incorporate certain features into its platforms when operating in high risk markets. Microsoft has also issued two global law enforcement requests reports in 2013. Yahoo has established a Business and Human Rights Program to ensure responsible actions are taken by the company with regards to freedom of expression and privacy, and now issues transparency reports about government requests. Yahoo’s Public Policy team also engages in dialogue with governments on an international level about existing and proposed legislation impacting and implicating privacy and freedom of expression.

The Report highlights challenges to compliance with the GNI principles that companies face – namely legal restraints and mandates that they are faced with. On the issue of transparency, the assessment found that companies do not disclose information when there are legal prohibitions on such disclosure, when users privacy would be implicated, when companies choose to assert attorney client privilege, and when trade secrets are involved. Despite this, the assessment found that companies do deny and push back on governmental requests impacting freedom of expression and privacy for reasons such as the request needed clarification and modification, or that the request needed to follow established procedure.

A number of findings came out of the assessments undertaken for the Report including:

As demonstrated by the lack of ability to access information about secret national security requests, and the lack of ability for companies to disclose information on this topic there is a dire need for governments to reform surveillance policy and law impacting freedom of expression and privacy.
The implementation of the GNI Principles is challenging when a company is undergoing an acquisition. In this scenario, contractual provisions limiting third party disclosure are critical in ensuring protection of privacy and free expression rights.
Companies need to pro-actively and on an ongoing basis internally review governmental restrictions on content to determine if it is in compliance with the commitment made by that company to the GNI Principles.

The assessment resulted in GNI defining a number of actionable (non-binding) recommendations for companies such as:

Improving the integration of human rights considerations in the due diligence process with respect to the acquiring and selling companies.
Consider the impact of hardware on freedom of expression and privacy.
Improve external and internal reporting.
Review employee access to user data to ensure that employee access rights are restricted by both policy and technical measures on a ‘need to know’ basis across global operations.
Review executive management training.
Improve stakeholder engagement.
Improve communication with users.
Increase sharing of best practices.
The GNI principles are focused on freedom of expression and privacy and are based on internationally recognized laws and standards for human rights.

NSA leaks, global push for governmental surveillance reform, and the Public Report

With special attention given to the various companies responses to the NSA leaks, the Report notes that in response to the NSA leaks the assessed companies have issued public statements and filed legal challenges with the US government and filed suit with the FISA Court seeking the right to disclose data relating to the number of FISA requests received with the public. All three companies have also supported legislation and policy that would allow for such transparency. Furthermore in December 2014, the companies , along with other internet companies, developed and issued the five Principles on Global Government Surveillance Reform. Similar to other efforts to end mass and disproportionate surveillance, such as the Necessary and Proportionate principles, the Principles on Global Government Surveillance Reform address: Limiting Governments’ Authority to Collect Users’ Information, Oversight and Accountability, Transparency about Government Demands, Respecting the Free Flow of Information, Avoiding Conflicts Among Governments. Other companies that signed these principles include AOL, Facebook, LinkedIn, and Twitter.

Along these lines, on January 14^th, GNI released the statement “Surveillance Reforms to Protect Rights and Restore Trust”, urging the U.S Government to review and enact surveillance legislation that incorporate a ‘rights based’ approach to issues involving national security. In the statement, GNI specifically recommends the Government to action and: end mass collection of communications metadata, protect and uphold the rights of non-Americans, continue to increase transparency of surveillance practices, support the use of strong encryption standards.

Conclusion and way forward

Looking ahead, GNI is planning on developing and implementing a mechanism to address effectively address consumer engagement and complaints issued by individuals who feel that GNI member companies have not acted consistently with the commitments made as a GNI member. GNI is also looking to expand work around public policy and surveillance.

The Public Report on the Independent Assessment Process for Google, Microsoft, and Yahoo is an important step towards ensuring ICT sector companies are accountable to the public in their practices impacting freedom of expression and privacy. The assessment comes at a time when ICT companies often find themselves stuck between a rock and a hard place – with Governments issuing surveillance and censorship demands with mandates for non-disclosure, and the public demanding transparency, company resistance to such demands from the Government, and a strong commitment to users freedom of expression and privacy. Hopefully, the GNI assessment is and will evolve into a middle ground for ICT companies – where they can be accountable to the public and their customers and compliant with Governmental mandates in all jurisdictions that they operate in. It will be interesting to see if in the future Indian companies join GNI as members and being to adopt the GNI principles and undergo GNI assessments.

For more details visit https://cis-india.org/internet-governance/blog/gni-assessment-finds-ict-companies-protect-user-privacy-and-freedom-of-expression

Social Notworking - 'Murder by Twitter'

praskrishna — 2014-02-04T07:02:30Z

Suketu Mehta (@suketumehta) - terrible news about sunanda tharoor. this is murder by twitter.

The article by Malini Nair published in the Times of India quotes Nishant Shah.

Even before forensic science has declared the reasons behind Sunanda Pushkar's shocking death on Friday night, social media has been accused of murder. Writer Suketu Mehta wasn't the only one to point fingers. "First murder by @TwitterIndia , claps, fellow twitter matured guns!" is how another tweet went. Besides the deadly cocktail of depression, drugs, a strained marriage, questions have been raised about whether the vicious banter and collective howls of derision on social media over her very public meltdown — again on social media — pushed her over the edge.
Have we, the tweeple, in our eagerness to share every detail of our lives over an internet megaphone, not quite understood what the social media can do, especially its pitfalls? Is the line between the public and private blurring too fast? Commentators say that the rules that govern human and social behaviour haven't changed, and the fault lies in how we negotiate the cyber turf.

Can our digital lives have serious offline consequences? Nishant Shah, director, research , Centre for Internet & Society, Bangalore, says people need to realize that though twitter amplifies everything, but the ability to hurt, be mean, fight, question, critique and bully is not new.

"These are human practices , which replay themselves across different media forms. What is perhaps new is that our most personal and darkest desires have become available for public spectacle," says Shah.

That the twitterati can be brutal has been shown often enough this last year. When Tehelka editor Tarun Tejpal was mired in allegations of sexual harassment, his daughter was hounded on social media. Recently when novelist Lavanya Sankaran wrote an op-ed for New York Times defending the decent Indian man, she was royally derided, so much so that another journalist Rahul Bhatia tweeted in her defence, asking people to lay off.

Sunanda's story hurtled towards a tragedy in a space of 48 hours after she went public. As Shah points out it wasn't as though there were no affairs and scandals before the dawn of social media but the tangle would have spun out differently and less brutally in another time and age. It all began, as Pushkar admitted to some papers and later denied, with the spilling of alleged BBMs sent by Pakistani journalist Mehr Tarar to Tharoor on his twitter account.

Predictably, the effect of the first round of revelations was explosive. In fact, Pushkar herself appeared taken aback by the fact that a twitter spat ended up making front page headlines.

The entire drama which, in another age, would have played out at home or a circle of family, friends and acquaintances — and at the most in far less dramatic gossip columns and on TV— was up on social media, provide enormous vicarious pleasure to thousands of social media bystanders. That Pushkar herself set the virtual assault in motion only adds to the bleak irony of it all. This was also not the first time Pushkar took a spat to twitter. @SPTVrocks tweeted about her fight with a journalist in Dubai earlier this month.

Clinical psychologist Varkha Chulani says it is the personality behind the media usage not the form itself that is to be blamed. "People choose to talk about their private lives to impress others, to get attention. We forget what is real and what is virtual." Shah, however, believes that we live in a world of digital striptease and that the ubiquitous and pervasive technologies that surround us have forever blurred the lines between real and virtual.

Activists have often pointed out that the social media has everything going for it — quick and vast connect and instant response — but what it lacks is empathy. It is easy enough to send out an RIP message, for instance, for someone you don't know or even care for, positioning yourself as a caring, empathetic soul in 140 characters.

Post Pushkar's death, news anchor Barkha Dutt tweeted that we need to limit viciousness , stop judging and use greater compassion on twitter.

Shah makes a similar plea for the human touch.

"We are all so self-involved , creating narratives of our selves, bit-stripping every moment , instagramming every event, tweeting every encounter, and liking all the various things that happen around us, that we don't always have enough time to stop, to respond, to think and reflect upon other people's conditions . We have become jaded, to the various 'great' moments in people's time lines, but we are also becoming jaded to the pain that our involvement in these social networks can bring to those who are the subject of our attention," he says.

With additional reporting by Shobita Dhar

For more details visit https://cis-india.org/news/the-times-of-india-january-19-2014-malini-nair-social-networking-murder-by-twitter

EU parliament report slams US surveillance

praskrishna — 2014-02-03T06:13:55Z

Report that outlines need for stringent laws for protecting citizen privacy, democratizing Internet governance holds lessons for India, say analysts.

The article by Moulishree Srivastava and Elizabeth Roche quotes Sunil Abraham. It was published in Livemint on January 17, 2014.

A European Union (EU) parliament report that outlines the need for stringent laws for protecting citizen privacy, democratizing Internet governance and rebuilding trust between Europe and the US holds many lessons for India, analysts and policymakers say.

The US government listened into Indian communications as part of its massive global surveillance, which was exposed last year in leaks to the media. The embassies of France, Italy, Greece, Japan, Mexico, South Korea and Turkey were also subjected to the surveillance put in place after the September 2001 terrorist attacks. According to the external affairs ministry, India has registered its protest at least thrice over the issue with US authorities.

A draft report on the US National Security Agency’s surveillance programme by the European parliament’s committee on civil liberties, justice and home affairs states that trust between the two transatlantic partners, trust among EU member-states, and trust between citizens and their governments were profoundly shaken because of the spying, and to rebuild trust in all these dimensions a comprehensive plan was urgently needed.

"It is very doubtful that data collection of such magnitude is only guided by the fight against terrorism, as it involves the collection of all possible data of all citizens; points therefore to the possible existence of other power motives such as political and economic espionage," says the report.

The report recommends prohibiting blanket mass surveillance activities and bulk processing of personal data, and asks EU member-states, including the UK, Germany, France, Sweden and the Netherlands, to revise their national legislation and practices governing the activities of intelligence services to ensure that they are in line with the standards of the European Convention on Human Rights.

It also calls on the US to revise its legislation without delay in order to bring it in line with international law, recognizing privacy and other rights as well as providing for judicial redress for EU citizens.

"The American approach to privacy regulation has been deeply flawed. The US dominance over the Internet affects the structure and substance of Internet governance and among other human rights, the right to privacy," said Sunil Abraham, executive director of the Centre for Internet and Society, a Bangalore-based not-for-profit research organization. "The (EU) report, if implemented, may change the future of Internet governance by deepening the existing leadership provided by the EU in promoting their privacy standards globally."

On India’s rather restrained reaction to the spying, he said, “It is a tragedy that our politicians are not as proactive when it comes to protecting our rights. While India has only focused on changing its official email policy after the revelations of mass surveillance, it has done nothing as concrete and comprehensive as EU."

"There is neither the recognition of (the) pervasive nature of global mass surveillance, nor is there full appreciation (of) the damaging consequences," Abraham added.

J. Satyanarayana, secretary in India’s department of electronics and information technology, said the concerns over privacy are the same for India as for the EU, but declined to comment on what preventive steps the government is implementing due to security reasons. The EU report called for concluding the EU-US umbrella pact, a framework agreement on data protection in the field of police and judicial cooperation, to ensure proper redress mechanisms for EU citizens in the event of data transfers from the EU to the US for law enforcement purposes. The report asks EU policymakers not to initiate any new sectoral agreements or arrangements for the transfer of personal data for law enforcement purposes and suggests suspending the terrorist finance tracking programme until the umbrella agreement negotiations are concluded.

"EU wants to use EU-US umbrella agreement...to raise the US standards, to ensure the rights of EU citizens and perhaps all the citizens. All humans will need protection under US law as is currently the case in the EU,” said Abraham. “The prohibition of blanket surveillance that the report recommends will hopefully apply to all citizens regardless of their nationality."

The draft report goes as far as suggesting suspending Safe Harbour, the legal instrument used for the transfer of EU personal data to the US through Google, Microsoft, Yahoo, Facebook, Apple and LinkedIn, until a full review has been conducted and current loopholes are plugged. The report’s proposals and recommendations are likely to be implemented after election to the European parliament in May.

In addition to reforms in the existing systems, the report outlines the importance of development of European clouds as it notes that trust in US cloud computing and cloud services providers has been affected by the surveillance practices.

"Three of the major computerized reservation systems used by airlines worldwide are based in the US and that PNR (passenger name record) data are saved in cloud systems operating on US soil under US law...lacks data protection adequacy," states the report.

C.U. Bhaskar, analyst with the South Asia Monitor think tank, was of the view that India had “adequately” responded to the US through quiet diplomacy.

"It is unlikely that the US will give up cyber surveillance,” he said, adding, “We should acquire our own capacity to ensure adequate defensive and offensive firewalls and build up appropriate capacity for our cyber programmes."

"Given our expertise in the IT (information technology) sector, as an analyst my opinion is that we have a reasonable capacity to build up our capabilities," Bhaskar added.

For more details visit https://cis-india.org/news/livemint-january-17-2014-moulishree-srivastava-elizabeth-roche-eu-parliament-slams-us-surveillance

Electoral Databases – Privacy and Security Concerns

snehashish — 2014-01-16T11:07:21Z

In this blogpost, Snehashish Ghosh analyzes privacy and security concerns which have surfaced with the digitization, centralization and standardization of the electoral database and argues that even though the law provides the scope for protection of electoral databases, the State has not taken any steps to ensure its safety.

The recent move by the Election Commission of India (ECI) to tie-up with Google for providing electoral look-up services for citizens and electoral information services has faced heavy criticism on the grounds of data security and privacy.[i] After due consideration, the ECI has decided to drop the plan.[ii]

The plan to partner with Google has led to much apprehension regarding Google gaining access to the database of 790 million voters including, personal information such as age, place of birth and residence. It could have also gained access to cell phone numbers and email addresses had the voter chosen to enroll via the online portal on the ECI website. Although, the plan has been cancelled, it does not necessarily mean that the largest database of citizens of India is safe from any kind of security breach or abuse. In fact, the personal information of each voter in a constituency can be accessed by anyone through the ECI website and the publication of electoral rolls is mandated by the law.

Publication of Electoral Rolls
The electoral roll essentially contains the name of the voter, name of the relationship (son of/wife of, etc.), age, sex, address and the photo identity card number. The main objective of creation and maintenance of electoral rolls and the issue of Electoral Photo Identity Card (EPIC) was to ensure a free and fair election where the voter would have been able to cast his own vote as per his own choice. In other words, the main purpose of the exercise was to curtail bogus voting. This is achieved by cross referencing the EPIC with the electoral roll.

The process of creation and maintenance of electoral rolls is governed by the Registration of Electors Rules, 1960. Rule 22 requires the registration officer to publish the roll with list of amendments at his office for inspection and public information. Furthermore, ECI may direct the registration officer to send two copies of the electoral roll to every political party for which a symbol has exclusively been reserved by the ECI. It can be safely concluded that the electoral roll of a constituency is a public document[iii] given that the roll is published and can be circulated on the direction of the ECI.

With the computational turn, in 1998 the ECI took the decision to digitize the electoral databases. Furthermore, printed electoral rolls and compact discs containing the rolls are available for sale to general public.[iv] In addition to that, the electoral rolls for the entire country are available on the ECI website.[v] However, the current database is not uniform and standardized, and entries in some constituencies are available only in the local language. The ECI has taken steps to make the database uniform, standardized and centralized.[vi]

Security Concerns
The Registration of Electoral Rules, 1960 is an archaic piece of delegated legislation which is still in force and casts a statutory duty on the ECI to publish the electoral rolls. The publication of electoral rolls is not a threat to security when it is distributed in hard copies and the availability of electoral rolls is limited. The security risks emerge only after the digitization of electoral database, which allows for uniformity, standardization and centralization of the database which in turn makes it vulnerable and subject to abuse. The law has failed to evolve with the change in technology.

In a recent article, Bill Davidow analyzes "the dark side of Moore’s Law" and argues that with the growth processing power there has been a growth in surveillance capabilities and on this note the article is titled, “With Great Computing Power Comes Great Surveillance”[vii] Drawing from Davidow’s argument, with the exponential growth in computing power, search has become convenient, faster and cheap. A uniform, standardized and centralized database bearing the personal information of 790 million voters can be searched and categorized in accordance with the search terms. The personal information of the voters can be used for good, but it can be equally abused if it falls into the wrong hands. Big data analysis or the computing power makes it easier to target voters, as bits and pieces of personal information give a bigger picture of an individual, a community, etc. This can be considered intrusive on individual’s privacy since the personal information of every voter is made available in the public domain

For example, the availability of a centralized, searchable database of voters along with their age would allow the appropriate authorities to identify wards or constituencies, which has a high population of voters above the age of 65. This would help the authority to set up polling booths at closer location with special amenities. However, the same database can be used to search for density of members of a particular community in a ward or constituency based on the name, age, sex of the voters. This information can be used to disrupt elections, target vulnerable communities during an election and rig elections.

Current IT Laws does not mandate the protection of the electoral database
A centralized electoral database of the entire country can be considered as a critical information infrastructure (CII) given the impact it may have on the election which is the cornerstone of any democracy. Under Section 70 of the Information Technology Act, 2000 (IT Act) CII means “the computer resource, incapacitation or destruction of which, shall have debilitating impact on national security, economy.”[viii] However, the appropriate Government has not notified the electoral database as a protected system[ix]. Therefore, information security practices and procedures for a protected system are not applicable to the electoral database.

The Information Technology Rules (IT Rules) are also not applicable to electoral databases, per se. Since, ECI is not a body corporate, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information), Rules, 2011 (hereinafter Reasonable Security Practices Rules) do not apply to electoral databases. Ignoring that Reasonable Security Practices Rules only apply to a body corporate, the electoral database does fall within the ambit of definition of “personal information”[x] and should arguably be made subject to the Rules.

The intent of the ECI for hosting the entire country’s electoral database online inter alia is to provide electronic service delivery to the citizens. It seeks to provide “electoral look up services for citizens ... for better electoral information services.”[xi] However, the Information Technology (Electronic Service Delivery) Rules, 2011 are not applicable to the electoral database given that it is not notified by the appropriate Government as a service to be delivered electronically. Hence, the encryption and security standards for electronic service delivery are not applicable to electoral rolls.

The IT Act and the IT Rules provide a reasonable scope for the appropriate Government to include electoral databases within the ambit of protected system and electronic service delivery. However, the appropriate government has not taken any steps to notify electoral database as protected system or a mode of electronic service delivery under the existing laws.

Conclusion
Publication of electoral rolls is a necessary part of an election process. It ensures free and fair election and promotes transparency and accountability. But unfettered access to electronic electoral databases may have an adverse effect and would endanger the very goal it seeks to achieve because the electronic database may pose threat to privacy of the voters and also lead to security breach. It may be argued that the ECI is mandated by the law to publish the electoral database and hence, it is beyond the operation of the IT Act. But Section 81 of the IT Act has an overriding effect on any law inconsistent, therewith. The appropriate Government should take necessary steps under the IT Act and notify electoral databases as a protected system.

It is recommended that the Electors Registration Rules, 1960 should be amended, taking into account the advancement in technology. Therefore, the Rules should aim at restricting the unfettered electronic access to the electoral database and also introduce purposive limitation on the use of the electoral database. It should also be noted that more adequate and robust data protection and privacy laws should be put in place, which would regulate the collection, use, storage and processing of databases which are critical to national security.

[i] Pratap Vikram Singh, Post-uproar, EC’s Google tie-up plan may go for a toss, Governance Now, January 7, 2014 available at http://www.governancenow.com/news/regular-story/post-uproar-ecs-google-tie-plan-may-go-toss

[ii] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

[iii] Section 74, Indian Evidence Act, 1872

[iv] eci.nic.in/eci_main1/the_function.aspx

[v] http://eci.nic.in/eci_main1/Linkto_erollpdf.aspx

[vi] “At present, in most States and UTs the Electoral Database is kept at the district level. In some cases it is kept even with the vendors. In most States/UTs it is maintained in MS Access, while in some cases it is on a primitive technology like FoxPro and in some other cases on advanced RDBMS like Oracle or Sql Server. The database is not kept in bilingual form in some of the States/UTs, despite instructions of the Commission. In most cases Unicode fonts are not used. The database structure not being uniform in the country, makes it almost impossible for the different databases to talk to each other” – Election Commission of India, Revision of Electoral Rolls with reference to 01-01-2010 as the qualifying date – Integration and Standardization of the database- reg., No. 23/2009-ERS, January 6, 2010 available at eci.nic.in/eci_main/eroll&epic/ins06012010.pdf

[vii] http://www.theatlantic.com/technology/archive/2014/01/with-great-computing-power-comes-great-surveillance/282933/

[viii] Section 70, Information Technology Act, 2000

[ix] Computer resource which directly or indirectly affects the facility of Critical Information Infrastructure

[x] Rule 2(1)(i), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

[xi] Press Note No.ECI/PN/1/2014, Election Commission of India , January 9, 2014 available at http://eci.nic.in/eci_main1/current/PN09012014.pdf

For more details visit https://cis-india.org/internet-governance/blog/electoral-databases-2013-privacy-and-security-concerns

Surveillance and the Indian Constitution - Part 1: Foundations

pranesh — 2014-01-23T15:12:30Z

In this insightful seven-part series, Gautam Bhatia looks at surveillance and the right to privacy in India from a constitutional perspective, tracing its genealogy through Supreme Court case law and compares it with the law in the USA.

Note: This was originally posted on the Indian Constitutional Law and Philosophy blog.

On previous occasions, we have discussed the ongoing litigation in ACLU v. Clapper in the United States, a challenge to the constitutionality of the National Security Agency’s (NSA) bulk surveillance program. Recall that a short while after the initial Edward Snowden disclosures, The Hindu revealed the extent of domestic surveillance in India, under the aegis of the Central Monitoring System (CMS). The CMS (and what it does) is excellently summarized here. To put thing starkly and briefly:

“With the C.M.S., the government will get centralized access to all communications metadata and content traversing through all telecom networks in India. This means that the government can listen to all your calls, track a mobile phone and its user’s location, read all your text messages, personal e-mails and chat conversations. It can also see all your Google searches, Web site visits, usernames and passwords if your communications aren’t encrypted.”

The CMS is not sanctioned by parliamentary legislation. It also raises serious privacy concerns. In order to understand the constitutional implications, therefore, we need to investigate Indian privacy jurisprudence. In a series of posts, we plan to discuss that.

Privacy is not mentioned in the Constitution. It plays no part in the Constituent Assembly Debates. The place of the right – if it exists – must therefore be located within the structure of the Constitution, as fleshed out by judicial decisions. The first case to address the issue was M. P. Sharma v. Satish Chandra, in 1954. In that case, the Court upheld search and seizure in the following terms:

"A power of search and seizure is in any system of jurisprudence an overriding power of the State for the protection of social security and that power is necessarily regulated by law. When the Constitution makers have thought fit not to subject such regulation to Constitutional limitations by recognition of a fundamental right to privacy, analogous to the American Fourth Amendment, we have no justification to import it, into a totally different fundamental right. by some process of strained construction."

The right in question was 19(1)(f) – the right to property. Notice here that the Court did not reject a right to privacy altogether – it only rejected it in the context of searches and seizures for documents, the specific prohibition of the American Fourth Amendment (that has no analogue in India). This specific position, however, would not last too long, and was undermined by the very next case to consider this question, Kharak Singh.

In Kharak Singh v. State of UP, the UP Police Regulations conferred surveillance power upon certain “history sheeters” – that is, those charged (though not necessarily convicted) of a crime. These surveillance powers included secret picketing of the suspect’s house, domiciliary visits at night, enquiries into his habits and associations, and reporting and verifying his movements. These were challenged on Article 19(1)(d) (freedom of movement) and Article 21 (personal liberty) grounds. It is the second ground that particularly concerns us.

As a preliminary matter, we may observe that the Regulations in question were administrative – that is, they did not constitute a “law”, passed by the legislature. This automatically ruled out a 19(2) – 19(6) defence, and a 21 “procedure established by law” defence – which were only applicable when the State made a law. The reason for this is obvious: fundamental rights are extremely important. If one is to limit them, then that judgment must be made by a competent legislature, acting through the proper, deliberative channels of lawmaking – and not by mere administrative or executive action. Consequently – and this is quite apart from the question of administrative/executive competence - if the Police Regulations were found to violate Article 19 or Article 21, that made them ipso facto void, without the exceptions kicking in. (Paragraph 5)

It is also important to note one other thing: as a defence, it was expressly argued by the State that the police action was reasonable and in the interests of maintaining public order precisely because it was “directed only against those who were on proper grounds suspected to be of proved anti-social habits and tendencies and on whom it was necessary to impose some restraints for the protection of society.” The Court agreed, observing that this would have “an overwhelming and even decisive weight in establishing that the classification was rational and that the restrictions were reasonable and designed to preserve public order by suitable preventive action” – if there had been a law in the first place, which there wasn’t. Thus, this issue itself was hypothetical, but what is crucial to note is that the State argued – and the Court endorsed – the basic idea that what makes surveillance reasonable under Article 19 is the very fact that it is targeted – targeted at individuals who are specifically suspected of being a threat to society because of a history of criminality.

Let us now move to the merits. The Court upheld secret picketing on the ground that it could not affect the petitioner’s freedom of movement since it was, well secret – and what you don’t know, apparently, cannot hurt you. What the Court found fault with was the intrusion into the petitioner’s dwelling, and knocking at his door late at night to wake him up. The finding required the Court to interpret the meaning of the term “personal liberty” in Article 21. By contrasting the very specific rights listed in Article 21, the Court held that:

“Is then the word “personal liberty” to be construed as excluding from its purview an invasion on the part of the police of the sanctity of a man’s home and an intrusion into his personal security and his right to sleep which is the normal comfort and a dire necessity for human existence even as an animal? It might not be inappropriate to refer here to the words of the preamble to the Constitution that it is designed to “assure the dignity of the individual” and therefore of those cherished human value as the means of ensuring his full development and evolution. We are referring to these objectives of the framers merely to draw attention to the concepts underlying the constitution which would point to such vital words as “personal liberty” having to be construed in a reasonable manner and to be attributed that these which would promote and achieve those objectives and by no means to stretch the meaning of the phrase to square with any preconceived notions or doctrinaire constitutional theories.” (Paragraph 16)

A few important observations need to be made about this paragraph. The first is that it immediately follows the Court’s examination of the American Fifth and Fourteenth Amendments, with their guarantees of “life, liberty and property…” and is, in turn, followed by the Court’s examination of the American Fourth Amendment, which guarantees the protection of a person’s houses, papers, effects etc from unreasonable searches and seizures. The Court’s engagement with the Fourth Amendment is ambiguous. It admits that “our Constitution contains no like guarantee…”, but holds that nonetheless “these extracts [from the 1949 case, Wolf v Colorado] would show that an unauthorised intrusion into a person’s home and the disturbance caused to him thereby, is as it were the violation of a common law right of a man – an ultimate essential of ordered liberty”, thus tying its own holding in some way to the American Fourth Amendment jurisprudence. But here’s the crucial thing: at this point, American Fourth Amendment jurisprudence was propertarian based – that is, the Fourth Amendment was understood to codify – with added protection – the common law of trespass, whereby a man’s property was held sacrosanct, and not open to be trespassed against. Four years later, in 1967, in Katz, the Supreme Court would shift its own jurisprudence, to holding that the Fourth Amendment protected zones where persons had a “reasonable expectation of privacy”, as opposed to simply protecting listed items of property (homes, papers, effects etc). Kharak Singh was handed down before Katz. Yet the quoted paragraph expressly shows that the Court anticipated Katz, and in expressly grounding the Article 21 personal liberty right within the meaning of dignity, utterly rejected the propertarian-tresspass foundations that it might have had. To use a phrase invoked by later Courts – in this proto-privacy case, the Court already set the tone by holding it to attach to persons, not places.

While effectively finding a right to privacy in the Constitution, the Court expressly declined to frame it that way. In examining police action which involved tracking a person’s location, association and movements, the Court upheld it, holding that “the right of privacy is not a guaranteed right under our Constitution and therefore the attempt to ascertain the movements of an individual which is merely a manner in which privacy is invaded is not an infringement of a fundamental right guaranteed by Part III.”

The “therefore” is crucial. Although not expressly, the Court virtually holds, in terms, that tracking location, association and movements does violate privacy, and only finds that constitutional because there is no guaranteed right to privacy within the Constitution. Yet.

In his partly concurring and partly dissenting opinion, Subba Rao J. went one further, by holding that the idea of privacy was, in fact, contained within the meaning of Article 21: “it is true our Constitution does not expressly declare a right to privacy as a fundamental right, but the said right is an essential ingredient of personal liberty.” Privacy he defined as the right to “be free from restrictions or encroachments on his person, whether those restrictions or encroachments are directly imposed or indirectly brought about by calculated measures.” On this ground, he held all the surveillance measures unconstitutional.

Justice Subba Rao’s opinion also explored a proto-version of the chilling effect. Placing specific attention upon the word “freely” contained within 19(1)(d)’s guarantee of free movment, Justice Subba Rao went specifically against the majority, and observed:

“The freedom of movement in clause (d) therefore must be a movement in a free country, i.e., in a country where he can do whatever he likes, speak to whomsoever he wants, meet people of his own choice without any apprehension, subject of course to the law of social control. The petitioner under the shadow of surveillance is certainly deprived of this freedom. He can move physically, but he cannot do so freely, for all his activities are watched and noted. The shroud of surveillance cast upon him perforce engender inhibitions in him and he cannot act freely as he would like to do. We would, therefore, hold that the entire Regulation 236 offends also Art. 19(1)(d) of the Constitution.”

This early case, therefore, has all the aspects that plague the CMS today. What to do with administrative action that does not have the sanction of law? What role does targeting play in reasonableness – assuming there is a law? What is the philosophical basis for the implicit right to privacy within the meaning of Article 21’s guarantee of personal liberty? And is the chilling effect a valid constitutional concern?

We shall continue with the development of the jurisprudence in the next post.

You can follow Gautam Bhatia on Twitter

For more details visit https://cis-india.org/internet-governance/blog/surveillance-and-the-indian-consitution-part-1

Election panel rejects Google’s proposal for electoral services tie-up

praskrishna — 2014-01-31T08:58:01Z

EC had earlier signed a non-disclosure agreement with Google but had not shared or handed over any data to the Internet giant so far.

The article by Anuja and Moulishree Srivastava was published in Livemint on January 9, 2014. Lawrence Liang is quoted.

The Election Commission (EC) on Thursday rejected a proposal by Internet search engine operator Google Inc. to provide electoral information services to EC ahead of the general election due later this year. Google’s proposal, made earlier this week, was criticized by experts and political parties on the grounds of security.

Google, which deals with Internet-related services and products, had made a presentation at EC where it proposed to deliver voter facilitation services through a tie-up with the Commission.

“Google made a presentation to the Commission for electoral hook up services for citizens to help in efforts of the Commission for better electoral information services. However, after due consideration, the Commission has decided not to pursue the proposal any further,” EC said in a statement.

Its decision came at a meeting of senior EC officials on Thursday, called to discuss the proposal. Security was one of the main issues before it.

“Security and controlling the data were the main points which were considered. By ways of such a tie-up all the data would have been up for access. It was always a question of whether Indian laws would apply to it or not, so we decided against it,” a senior official from EC said.

PTI reported that the meeting was attended by the chief election commissioner V.S. Sampath and election commissioners H.S. Brahma and S. N. A. Zaidi.

The Times of India in a report on Sunday said there were concerns over the EC move to tie up with Google for voter registration.

EC had earlier signed a non-disclosure agreement with Google but it had not shared any data with it. The move was criticised by the ruling Congress party as well as the main opposition Bharatiya Janata Party. The legal cell of the Congress had written to EC raising concerns over national security and asking whether the tie-up would affect the electoral process. The BJP’s complaint was that stakeholders, including political parties, should have been consulted.

Experts say that in the event of such a tie-up, concerns about protection of privacy would have outweighed national security fears.

“The concern is not so much about national security as it is about privacy issues. This kind of database is too important and too powerful to be controlled by a private company. There have been too many instances of this kind of data being skewed and riots happening during the election process. Privately owned databases could lead to potential misuse of the data,” said Lawrence Liang, co-founder of Alternative Law Forum and chairman of the board at the Bangalore-based Centre for Internet and Society.

“It is not a question of how and what service Google could have provided for elections, but how the state can bring itself to provide that kind of service,” he said.

In the US, when George W. Bush was re-elected president in 2004, the company that manufactured the voting machines was accused of rigging the polls, Liang added.

Google called the EC’s rejection “unfortunate”, pointing out that the company has already helped governments with such services in countries like the Philippines, Egypt, Mexico and Kenya.

“It is unfortunate that our discussions with the Election Commission of India to change the way users access their electoral information, that is publicly available, through an online voter look up tool, were not fruitful,” Google said in a statement.

“Google will continue to develop tools and resources to make civic information universally accessible and useful, help drive more informed citizen participation, and open up new avenues for engagement for politicians, citizens, and civic leaders,” it added.

For more details visit https://cis-india.org/news/livemint-january-31-2014-anuja-moulishree-srivastava-election-panel-rejects-google-proposal-for-electoral-services-tie-up

Worldwide: International Privacy - 2013 Year in Review - Asia

praskrishna — 2014-01-31T08:44:20Z

Asian Data Privacy Updates

The article by Gonzalo S. Zeballos, James A. Sherer and Alan M. Pate was published in Mondaq's yearly review on January 8, 2014.

China

China's Personal Information Protection Law Proposal was submitted to the State Council in 2008, which was followed by the Ministry of Industry and Information Technology's non-binding Internet Information Services Market Order Provisions of 2011. However, little direct progress was made until the standing committee of the National People's Congress (NPC) introduced its Decision on Strengthening Internet Information Protection (the Decision) on December 28, 2012. Echoing Directive 95/46/EC in the EU by stipulating that the collection and use of information will be "legitimate, proper, and necessary," the Decision seeks to protect network information security; the lawful interest of citizens, legal persons, and other organizations; and safeguard China's security and social order through its Articles.

he Decision's first Article states that "[n]o organization or individual may steal or obtain in other illegal manners [ ] citizens' individual electronic information, sell or illegally provide citizens' individual electronic information to other persons." Instruction to Internet Service Providers (ISPs) continues, where providers must, among other activities:

Clearly indicate the purposes, methods, and scope of collection and use of citizens' data;
Obtain agreement from citizens before collecting their data;
Publicize rules for the collection and use of personal data;
Preserve the secrecy of collected data;
Not divulge, distort, or damage the data;
Refrain from selling or otherwise illegally providing the data to others; and
Adopt technical measures and other methods to ensure information security and prevent damage to or loss of the data.

Among the provisions of the Decision is Article Six, specifically directed at network service providers, whereby users of the services must "provide real identity information" prior to "website access," "fixed telephone, mobile telephone," "other surfing formalities," or "information publication services." In response to criticism that Article Six would be used to discourage whistleblowers and other Chinese dissention, the government-sponsored Xinhua News Agency argued that the Decision "will help, rather than harm, the country's netizens."

Japan

On May 24, 2013, the LDP-led ruling coalition directed the passage of the "Common Number" Bill through both Diet chambers. The Common Number Bill plans to assign every Japanese resident, including mid-to-long-stay foreigners and special permanent residents, a personal identification number beginning in January 2016. Additionally, a portal site through which people can check their social security records and other information via the Internet is planned for 2017. The numbering system was originally proposed in 2009, but remained quiescent until the LDP-New Komeito ruling coalition mustered sufficient support based, in part, on a philosophical foundation for fair social welfare and tax systems.

To oversee some aspects of the ID system, a third-party independent committee with independent authority will oversee allegations of data mishandling by public officials. Those who leak or illegally commercialize ID information will face up to four years in prison or a ¥2 million fine. While the use of a single number system has raised some concerns, including the potential for "forcible data-matching," the government push for support has focused on efficiencies in administration and easier detection of tax evasion and welfare fraud.

Malaysia

On November 15, 2013, the Personal Data Protection Act (PDPA) of 2010 was entered into force, introducing an omnibus privacy regime in Malaysia for the first time. This new regulation carries a host of requirements, including registration with the Personal Data Protection Department of Malaysia (PDPD) for a number of industries, including (among others) banking and financial institutions. The PDPA also includes the threat of severe consequences for non-compliance, including "fines for companies and/or fines and imprisonment for directors and officers of the company."

Khazaksthan

On November 26, 2013, Kazakhstani Law No. 94-V on Personal Data and its Protection came into force, defining such concepts as "personal data" among others, but left some ambiguity in how data might be transferred and/or stored internationally. It also contained a number of limitations: Law No. 94-V does not extend to the collection of personal data for personal and family needs; the use of information for the Kazakhstani National Archive; the collection, processing, and protection of personal data related to Kazakhstani state secrets; or the use of information related to intelligence, counter-intelligence, and criminal activities, within legal limits.

South Korea

Article 16 of South Korea's Personal Information Protection Act (effective September 30, 2011) was amended on August 6, 2013 to incorporate an affirmative obligation on the part of a personal information processor, requiring notification to data subjects that data subjects may deny consent for the collection of any personal information other than for any purposes under Article 15(1). This continues South Korea's stringent efforts to promote data privacy, and provides another instance of South Korea's articulation of a minimum data collection regime.

Singapore

Singapore's Personal Data Protection Act (PDPA), passed in 2012, went into effect on January 2, 2013, the same day Singapore's Personal Data Protection Commission (PDPC) was established; some portion of PDPA does not come into full effect until July 2, 2014. The PDPC followed-up the implementation of the PDPA with a further guidance note on September 24, 2013 which, among other topics, gave direction to organizations regarding notification requirements for the collection, use, or disclosure of personal data as well as the anonymization of personal data. This guidance outlined the use of 'cookies' for internet user's online activity, distinguishing in part between active consent on one hand, and "the mere failure of an individual to actively manage his browser settings" on the other.

Hong Kong

Revisions to Hong Kong's Personal Data (Privacy) Ordinance – Code of Practice on Consumer Credit Data – took effect on April 1, 2013. These revisions require consent prior to the use of personal data in the context of targeted, direct advertising, and instruct individuals that, while direct marketers must notify individuals of their opt-out right prior to using personal data for the first time, individuals may choose to opt out at any time at no cost to the individual opting out. The Ordinance also provides for the following penalties: if "the transfer of personal data to third parties [is] for gain, the maximum penalty is a fine of HK$1,000,000 and imprisonment for 5 years. For other direct marketing contraventions, the maximum penalty is a fine of HK$500,000 and imprisonment for 3 years."

India

While India currently adheres to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (Rules) enacted in 2011, the Centre for Internet and Society presented a new Privacy (Protection) Bill, 2013 (Bill), on September 30, 2013. The Bill seeks to further refine provisions of the Rules, with a focus on protection of personal data through limitations on use and requirements for notice. The collection of personal data would be prohibited unless "necessary for the achievement of a purpose of the person seeking its collection," and, subject to sections 6 and 7 of the Bill, "no personal data may be collected under this Act prior to the data subject being given notice, in such form and manner as may be prescribed, of the collection." The Bill acknowledges the collection of data with and without consent; the regulation of personal data storage, processing, transfer, and security; and discusses the different types of disclosure.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

For more details visit https://cis-india.org/news/mondaq-january-8-2014-gonzalo-s-zeballos-james-a-sherer-alan-m-pate-worldwide-international-privacy-2013-year-in-review-asia

Letter requesting public consultation on position of GoI at WGEC

snehashish — 2014-01-08T18:36:09Z

Snehashish Ghosh on behalf of the Centre for Internet and Society sent a letter to the Ministry of Communication and Information Technology, requesting for a public consultation on India's position at the Working Group on Enhanced Cooperation (WGEC).

January 3, 2014

Shri Kapil Sibal,
Honourable Minister for Communication and Information Technology
Ministry of Communication and Information Technology,
Government of India

Subject: Public consultation at the domestic level on the position of Government of India at WGEC

Dear Sir,

We at the Centre for Internet and Society, Bangalore (“CIS”) commend, Government of India’s participation at the Working Group on Enhanced Cooperation (WGEC), working under the aegis of United Nations Commission on Science and Technology and Development (CSTD). The Working Group was set up in pursuance of General Assembly Resolution A/Res/67/195, to identify a shared understanding of enhanced cooperation on public policy issues pertaining to the internet. The WGEC after its first meeting circulated a questionnaire to collect the views and positions of the stakeholders on various aspects of enhanced cooperation. The Government of India responded to the questionnaire and also represented its position at the second meeting of WGEC held in Geneva from November 6-8, 2013. We would like the Government to take cognizance of representations from concerned stakeholders before finalizing its position.

In this regard, we would like to note, Government of India’s commitment towards multi-stakeholder approach in formulation of public policy pertaining to the internet. At the Internet Governance Forum, 2012 held in Baku, the Honourable Minister for Communications and Information Technology noted that the “issues of public policy related to the internet have to be dealt with, by adopting a multi-stakeholder, democratic and transparent approach”. Furthermore, the Government of India’s stand at the World Conference on International Telecommunications, 2012 in Dubai supported and recognized the multi-stakeholder nature of the internet.

However, it seems that the Government has digressed from its previous stand on internet governance whereas it fell short of having a multi-stakeholder public consultation on India’s position on enhanced cooperation at the WGEC. We earnestly urge you to hold domestic public consultation before the next WGEC meeting.

Thank you.
Sincerely,

Snehashish Ghosh,
Policy Associate,
Centre for Internet and Society, Bangalore

Copied to: Dr. Ajay Kumar, Joint Secretary, DietY, MOCIT and Shri. J. Satyanarayana, Secretary, DietY, MOCIT

Download a copy of the letter here

For more details visit https://cis-india.org/internet-governance/blog/public-consultation-at-domestic-level-on-position-of-goi-at-wgec

Digital Citizens: Why Cyber Security and Online Privacy are Vital to the Success of Democracy and Freedom of Expression

praskrishna — 2014-01-08T04:59:10Z

Michael Oghia will give a presentation which will show why cyber security and online privacy are vital for democracy and freedom of expression.

In the time when Edward Snowden is fighting for both clemency and to be known as a brave whistle blower that exposed government wrongdoing, cyber security and online privacy have never been more important. As Jacob Applebaum discussed in May last year, and CIS’ Maria Xynou presented recently in December, surveillance throughout the world is increasing. With security apparatus’ likethe NSA and now India’s Central Monitoring System, coupled with corporate data centers around the world storing our e–mails, address books, preferences, and passwords, it is easy to see how our online privacy is increasingly being threatened and often, violated.

Indeed, online privacy is inextricably linked to freedom of expression, and freedom of expression is a fundamental civil liberty imperative to democracy. Moreover, online security and privacy are essential to good, transparent, and accountable democratic governance. This is largely because surveillance, censorship, and monitoring ultimately create environments where self-censorship is the norm, as is the fear of the government instead of spaces that allow for freedom of expression and democratic dialogue and dissent.

What I would like to accomplish my speaking at CIS is not to merely educate about the dangers posed to Internet security or to world democracy, but rather to:

Reiterate the importance of digital privacy and cyber security to the success of democracy and the continued protection of free expression.
Encourage citizens, technology specialists, Internet and privacy advocates, and others to see themselves as part of a larger system of democratic governance and civic participation. This means understanding how technical capabilities intersect with civil society, and then use them to advocate for a more open, accessible, and private cyberspace.
Reinforce that digital media literacy education is vital to ensuring a free, open, accessible, and democratic Internet.

Additionally, I want to present ideas and recommendations for what you can do to engage with these problems, and how we can collaborate together to address them.

About the Public Intelligence Project

The Public Intelligence Project is an independent, non-partisan, not-for-profit think tank conducting research, education, and advocacy on the importance of diversity, critical thinking, dialogue, and freedom of expression. We seek to promote more robust systems of participatory democracy, civic engagement, and conflict prevention in order to create a culture of democracy.

Michael Oghia

Michael is responsible for a new project at Meta-Culture called the Public Intelligence Project, which focuses on expanding participatory democracy, civic engagement, and conflict prevention by conducting research, education, and advocacy on the intersections between diversity, dialogue, critical thinking, and freedom of expression. While new to the conflict resolution field, as a poet, musician, editor, writer, blogger, and activist, he is well-versed in the importance of freedom of expression and participating in the democratic process. He was born in Kentucky to Lebanese-Syrian parents, and after graduating with a BS in sociology from the University of Louisville, he moved to Lebanon to pursue an MA in sociology from the American University of Beirut. There, he had the opportunity to witness the Arab Revolutions first-hand while research about topics such as Internet ownership in the Middle East, social movements, Arab media, globalization, Arab youth and family, and his thesis subject, romantic love in the Arab world. Michael enjoys engaging Twitter conversations, and has an unnatural affinity for crunchy peanut butter.

Date: Tuesday, January 14, 2014
Time: 6.30 p.m. to 8.00 p.m.
Talk by: Michael Oghia
Title: Research & Advocacy Consultant, and Project Manager
Organisation: Meta-Culture / Public Intelligence Project
Websites: www.meta-culture.in <http://www.meta-culture.in> & www.publicintelligenceproject.org <http://www.publicintelligenceproject.org>

For more details visit https://cis-india.org/events/why-cyber-security-and-online-privacy-are-vital-for-success-of-democracy-and-freedom-of-expression