We are anonymous, we are legion

Consultation on "Understanding the Freedom of Expression Online and Offline"

praskrishna — 2016-01-03T10:27:08Z

The event organized by Digital Empowerment Foundation and Association for Progressive Communications was held at YMCA, New Delhi on December 10, 2015. Jyoti Panday attended the event as a speaker. She covered imposition of legitimate expression specifically in the context of intermediary liability practices in India.

The sessions were divided as under:

Welcome & Overview of the consultation by Digital Empowerment Foundation
Launch of the Country Research Report & Keynote Address
Introducing the Country Research Report titled “Limited Access and Restricting Expression by Osama Manzar, Founder and Director, Digital Empowerment Foundation
Working Session I: Understanding the “Freedom of Expression Online and Offline” in conversation with experts
Working Session II: “Unboxing the Freedom of Expression Online & Offline”
Sub-Group Presentations
Concluding Remarks

Download the Agenda here

For more details visit https://cis-india.org/internet-governance/news/consultation-on-understanding-the-freedom-of-expression-online-and-offline

Constitutional Analysis of the Information Technology (Intermediaries' Guidelines) Rules, 2011

ujwala — 2012-10-31T08:44:41Z

Ujwala Uppaluri provides a constitutional analysis of the Information Technology (Intermediaries' Guidelines) Rules notified in April 2011, and examines its compatibility with Articles 14, 19, 21 of the Constitution of India.

Summary of Salient Provisions

The Information Technology (Intermediaries’ Guidelines) Rules, 2011 (‘the Intermediary Guidelines’) were notified in April, 2011 as rules enacted in exercise of powers conferred under section 87(2)(zg) read with Section 79 of the Information Technology Act, 2000 (as amended) (‘the IT Act’).

Rule 2 of the Intermediary Guidelines imports definitions for key terms from the IT Act. Notably, this includes an importation of Section 2 (w) by Rule 2 (i), which defines “intermediary” broadly in the following terms:

“ “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes;”

Rule 3 whose margin note indicates that it is limited to due diligence measures to be adhered to by intermediaries nevertheless also raises other liabilities by creating a regime to censor content, pre-publication as well as once content has been made publically available online.

Sub-rule (2) of Rule 3 inventories the classes of content which are deemed actionable, with only clause (i), clause (c), clause (e) and, arguably clause (h), of that rule addressing the national interest, public order and security restrictions cognizable under Article 19(2) of the Constitution. The remainder of grounds includes private claims such as content which “belongs to another person”[1], or otherwise infringes proprietary rights[2], or is “defamatory”[3]. Still others are terminologically indeterminate and purely subjective, with the terms “grossly harmful”, “harassing” and “disparaging” being examples.

This sub-rule also includes a number of redundancies. While there is reference to libelous as well as defamatory content in clause (b), it is well established that Indian law does not admit of the former concept, instead dissolving the common law distinction between the two to treat them alike.[4] There is also clause (e), which prohibits content which is all ready illegal for violating the provisions of an existing statute and the residuary phrasing of the clause (b)’s reference to content which is “otherwise unlawful in any manner whatever”.

The sub-rules immediately following the list in Rule 3(2) address the consequences of users publishing content listed in that rule:

Sub-rule (3) of rule 3 provides that intermediaries will not knowingly deal in any manner whatsoever, whether by hosting, publication, transmission or otherwise, with any content of the types that are listed in the previous clause.

Sub-rule (4) of rule 3 creates a complaints mechanism in respect of content incompatible with Rule 3 (2) by requiring intermediaries to disable access to offending content within 36 hours of obtaining knowledge themselves or on being brought to “actual knowledge” by an “affected person”. The Intermediaries Guidelines do nothing to clarify what would amount to “actual knowledge”, to indicate in unambiguous terms, which parties would have sufficient locus to bring complaints in order to be deemed an “affected person” for the purposes of these provisions or to suggest that there is a procedure or timeline for action by the intermediary, such that requirements such notice to the author of the content and time for the preparation of a defence by the author and/or the intermediary are accounted for. Rule 3 (4) also requires that all information which is taken down be preserved, along with “associated records” for a duration of atleast ninety days for investigative purposes.

Sub-rule (5) of rule 3 mandates that intermediaries inform users that non-compliance with the Intermediary Guidelines, inter alia, is a ground for the exercise of their right to terminate access or usage rights and remove non-compliant content.

Finally, sub-rule (11) of rule 3 requires intermediaries to name Grievance Officers to receive complaints on any matters relating to the computer resources made available by the intermediary, including for non-compliance or harm in terms of Rule 3 (2). This officer is bound to respond to the complaint within one month from the date of receipt of the complaint.

In the result, the Intermediary Guidelines create a two-track system by which private censorship is legitimized online. In the first place, intermediaries can take down content on their own motion where they are of the opinion that the content falls under any of the grounds enumerated in Rule 3 (2) or, alternatively, do so in response to a complaint, in terms of Rule 3 (4).

In addition to the provisions relating to censorship, the Intermediary Guidelines also provide for information to be given over to government agencies making a request with lawful authority and in writing under sub-rule (7) of rule 3, for data protection measures in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 notified under Section 43A of the IT Act to be adhered to (sub-rule (8) of rule 3) and for intermediaries to report and share information realting to cyber security with CERT-In (sub-rule (9) of rule 3).

Areas of Infirmity

It is doubtful whether the Intermediary Guidelines could pass constitutional muster, on several grounds:

Compatibility with Article 19 (1) (a) and (2)

(a) Applicability of Article 19 (2) to Rule 3 (2) Grounds

In Romesh Thappar v. State of Madras[5] the Supreme Court held that the freedom of speech and expression under Article 19(1)(a) includes the freedom to propogate and disseminate ideas. It also held that very narrow and stringent limits govern the permissibility of legislative abridgment of the right of free speech. Ordinarily, any abridgement of free speech by means of censorship must be compatible with one or more of the grounds provided for under Article 19 (2), and the Supreme Court held in Express Newspapers (Private) Ltd. v. Union of India[6]that limitations on the exercise of the Article 19(1)(a) right which do not fall within Article 19(2) cannot be upheld.

Further, the right to free speech applies across all media, and the internet is no exception. In Secretary, Ministry of Information and Broadcasting v. Cricket Association of Bengal[7], the Supreme Court reflected the understanding that where media are different, such that the treatment accorded to them must be different in accordance with that indicia of difference, it will treat them as such in order to uphold fundamental rights. More specifically, in Ajay Goswami v. Union of India[8], the Supreme Court opined (in obiter) that the internet, as a unique medium of expression, deserved a different standard of protection than other mediums that have preceded it.

Rule 3 (2) of the Intermediary Guidelines, which lists the grounds for censorship, is not complaint with Article 19 (2) for two reasons:

First, many of the grounds mentioned have no constitutional basis whatsoever. Rule 3 (2) prohibits, inter alia, content which “grossly harmful”, “harassing”, “invasive of another’s privacy”, “hateful”, “disparaging”, “grossly offensive” or “menacing”, in addition to content which is simply illegal, and should be actionable ex post rather than prohibited ex ante (content infringing intellectual property under Rule 3 (2) (d), for example). Most of the terms employed are not legal standards, but merely subjective indicators of personal sensitivities, while still others though legal do not figure in Article 19 (2). Since the whole scheme of the Intermediary Guidelines is premised on these extra-constitutional grounds, they are, as a whole, subject to being to being struck down.

Second, the restriction is unreasonable because instead of preserving rights online in accordance with Ajay Goswami, the Intermediary Guidelines unjustifiably abridge the right to speak and receive information on the internet. The Intermediary Guidelines overreach in their scope, by including as actionable content which is not itself punishable when communicated via any other medium. For example, disparaging speech, as long as it is not defamatory, is not criminalised in India, and cannot be because the Constitution does not allow for it. Similarly, content about gambling in print is not unlawful, but now all Internet intermediaries are required to remove any content that promotes gambling.

(b) Nature of Censorship: Directness of Censorship and Legitimacy of Private and Prior Censorship

In judging whether a statute is constitutional, the effect that the statute will have on the fundamental rights of citizens must be examined. The Supreme Court held in Bennett Coleman & Co. v. Union of India[9] that the test was to examine whether the effect of an impugned action was to abridge a fundamental right, notwithstanding its object.

Further, while it is true in light of the Supreme Court’s holdings in Prakash Jha Productions v. Union of India[10] that pre-censorship is permissible within the Indian constitutional scheme, this permissibility is qualified. Prior censorship may be undertaken only within closely regulated circumstances, such as under the grounds in the Cinematograph Act, 1952, and even then, only by an appropriately empowered governmental entity.

The Intermediary Guidelines create mechanisms for the abridgement of the freedom of speech which amount to indirect and unjustifiable prior censorship, contrary to Article 19 (2):

Firstly, while the state does not itself censor under these rules, it has empowered private, commercial entities to do so vide the Intermediary Guidelines. These rules thus transfer the executive power of censorship to private intermediaries. This amounts to an indirect form of censorship for the purposes of the Bennett Coleman test and has the result of increased censorship on the Internet because the state granted legislative sanction to such a system, although it does not censor by itself or through a state agency. The Intermediary Guidelines, and specifically Rule 3 (4) read with Rule 3 (2), place a burden on intermediaries to decide on the lawfulness of content as a pre-condition for their statutory exemption from liability. An intermediary, on receiving a complaint, to ensure that it continues to receive the protection offered by Section 79 of the IT Act, will be forced to disable access to the content posted by a user. Thus, the direct effect of the rules will be strict censoring of content posted on-line by users. The rules will have a direct effect on the fundamental right of freedom of speech and expression guaranteed under Article 19(1) of the Constitution unreasonable restrictions on fundamental rights, that are imposed by a statute or executive orders are liable to be struck down as unconstitutional.

Secondly, while prior censorship is permissible only in a strictly limited range of cases, the Intermediary Guidelines allow for an unrestrained and unlimited degree of prior and arguably invisible censorship. Rule 3 of the Intermediary Guidelines clearly envisages such a system of prior censorship. Whereas the consequences for passively displaying content incompatible with Rule 3(2) would be a complete waiver and dissolution of the Section 79 immunity that would ordinary accrue to neutral intermediaries, intermediaries or complainants have no obligation in respect of ensuring the tenability of complaints and the grounds cited in them. The Intermediary Guidelines do not draw a distinction between arbitrary actions of an intermediary and take-downs subsequent to a request. Further, the inclusion of a residuary clause in Rule 3 (2) (b) allowing pre-censorship of content which is “unlawful in any manner whatever”, also indicates that the Intermediary Guidelines allow the use of the exceptional instrument of not only allows private censorship, but that they actively encourage it as the default rule rather than the exception without any justification whatsoever.

(c) Vagueness and Overbreadth: Possibility for Over-Censorship

Vagueness in the terms of a restriction to free speech is grounds for it to be struck down, even where the ground is apparently broadly constitutional. The Supreme Court held in Sakal Papers (P) Ltd. v. Union of India[11] that the Constitution must be interpreted in order to enable citizens to enjoy their rights to fullest measure, subject to limited permissible restrictions. In Romesh Thapar[12] the Supreme Court also held that a legislation authorizing the imposition of restrictions on free speech in language wide enough to cover restrictions which are permissible as well as extra-constitutional will be held to be wholly unconstitutional.

The grounds listed in Rule 3 (2) of the Intermediary Guidelines are highly subjective, private interest grounds which are not defined either in the Intermediary Guidelines or in the IT Act itself. These include terms such as “grossly harmful”, “harassing”, “invasive of another’s privacy”, “hateful”, “disparaging”, “grossly offensive” or “menacing”. Consequently, the Intermediary Guidelines constitute unreasonable restrictions on freedom of speech, with Rule 3 (2) containing vague terms which, in addition to falling beyond the purview of Article 19(2), cover only private and subjective grounds, incapable of objective definition or application.

Further, the Intermediary Guidelines do no precisely define the term “affected person” employed in Rule 3 (4). Thus, complaints from any party, including those uninvolved or unaffected by content must all be complied with, without qualification.

In the result, the vagueness of the grounds in Rule 3 (2) and the diffuse terminology of “affected person” leaves Rule 3 (2) grounds serving as placeholders for whatever claim a complainant, having no locus whatsoever, chooses to bring, without regard for whether it is constitutional or even legal. Online content is thus treated as presumptively illegal and take down of content as the presumptive course of action. Additionally, there is a further consequence to the vagueness and overbreadth of the terms in Rule 3 (2): because of the indeterminacy in the grounds listed thereunder, intermediaries tasked with enforcing the law will tend to err on the side of caution and censor, rather than keep speech accessible online. There is empirical evidence to show that cautious intermediaries will over-censor and over comply with complaints in order to avoid liability under Section 79 of the IT Act.[13]

(d) Contravention of International Human Rights Norms & Horizontal Application

The censorship regime constructed by the Intermediary Guidelines is non-compliant not only with domestic requirements under the Constitution, but also with India’s obligations under international human rights law under Articles 19 of the Universal Declaration of Human Rights (‘UDHR’) and the International Covenant on Civil and Political Rights (‘ICCPR’), under the UN Human Rights Council’s Report of the Special Rapporteur Frank La Rue on the Promotion and Protection of the Right to Freedom of Opinion and Expression (2011)[14](‘Special Rapporteur’s Report’) and the UN Human Rights Council Resolution on Internet Freedom (2012)[15] (‘UN Internet Freedom Resolution’).

While the ICCPR as well as the UDHR guarantee a right to free speech “through any…media of…choice” in their respective Articles 19, the Special Rapporteur’s Report and the UN Internet Freedom Resolution recognize the need for special efforts to be undertaken by states to preserve free speech on the internet. The former document justifies censorship only in the most limited circumstances and makes specific mention of the commercial interests that may be implicated in delivering free speech.

Through the Intermediary Guidelines, the Indian state creates a system by which the right to free speech can be systematically violated by private and undisclosed entities and even empowers them to do so, without imposing any constitutional safeguards whatsoever. Thus, egregious violations of the right to free speech and expression are a direct and inevitable consequence of the Intermediary Guidelines. To the degree that the Indian Supreme Court has enagaged with free speech online, it appears from Ajay Goswami that it would apply standards consistent with international law obligations to rectify the Intermediary Guidelines to meet them.

Further, the Indian Supreme Court has held, where necessary for their true enjoyement, that fundamental rights may involve a degree of horizontality in their application. In other words, private action could be guided by fundamental rights, such as in Vishaka v. State of Rajasthan[16] which evidences the Supreme Court’s willingness to hold that private entities could be held to constitutional and international human rights law standards where that is necessary for the real rather than illusory enjoyment of fundamental rights.

As a result, the Intermediary Guidelines are also liable to be struck down for their failure to recognize and account for the role of private interests while empowering them with the right to curtail fundamental rights.

Compatibility with Article 21

(a) Adverse Impact on Privacy (and consequently on Free Speech)

A constitutional right to privacy has been read into Article 21’s guarantee of life and personal liberty in several instances by the Supreme Court. The State is consequently under an obligation to refrain from interfering, whether by itself or through any of its agencies, with private lives and spaces. By the same coin, laws which encourage unwarranted state or societal intrusions into private life will contravene the victim’s Article 21 right. In People’s Union for Civil Liberties v. Union of India,[17] the Supreme Court held that Article 21 privacy protected individuals against the interception and monitoring of private communications by the state in the absence of sufficient safeguards.

Also, an individual’s privacy interests in information relating to him are not dissolved merely because information is not confidential or because another entity has some property interest in that information. In District Registrar and Collector, Hyderabad v. Canara Bank[18], the Supreme Court recognized that even where the search of private documents was concerned, Article 21 protected “persons not places”, i.e., that the privacy interest did not vest in property or communications but, rather, in the rightsholder himself.

The Intermediary Guidelines include no limits whatsoever on the scope of disclosures that government agencies can demand or expect to retain, in contravention of Article 21.

Specifically, Rule 3 (4), which requires data retention for a statutory minimum of ninety days of content taken down as well as “associated records”, violates users’ rights to privacy. In addition to the financial and technical burden (in storing and securing data) imposed by the Intermediary Guidelines in requiring potentially unlimited data retention by intermediaries, there is no clarity as to what or how much information precisely must be held in the form of “associated records”. Instead of subjecting data to limited and closely qualified retention by private intermediaries, and thus limiting the impairment of the fundamental right to privacy to the minimum possible degree necessary, Rule 3 (4) imposes blanket data retention requirements.

Further, Rule 3 (7), which makes any information held by an intermediary subject to being disclosed to the government upon request is also inconsistent with the requirement that the right to life and personal liberty be violated only in accordance with fair, just and reasonable procedures. Notwithstanding that Rule 3 (7) is consistent with Section 67C of the IT Act and specific rules framed in regard to the surveillance of communications, it is also unconstitutional because it fails to include any safeguards whatsoever in the process of surveillance. These would include, as minimum obligatory conditions in light of PUCL, the requirement that the surveilled be informed of the surveillance and be allowed to challenge its propriety ex ante or its procedural regularity ex post, or atleast administrative or judicial review ex parte.

(b) Non-compliance with Due Process and Natural Justice Requirements

Article 21 explicitly includes a due process guarantee. This means that the right to life and personal liberty, and its constituent rights, can be interfered with only through constitutionally consistent procedures. A cornerstone of fair procedure, compliant with the rule of law, is the notion of natural justice. Consequently, Article 21 contemplates that the procedure by which fundamental rights are curtailed will satisfy natural justice principles.

In Maneka Gandhi v. Union of India,[19] the Supreme Court held that natural justice was not a rigid or mechanical term, but one that referred to those practices and principles that would ensure “fair play in action”. In addition the Court held that all deviations from natural justice requirements must be supported by a sufficiently justificatory “compelling state interest”. Specifically, in Union of India v. Tulsiram Patel[20], the Supreme Court held that the principle of natural justice required the satisfaction of the audi alteram partem rule, which consisted of several requirements, including the requirement that a person against whose detriment an action is taken be informed of the case against him and be afforded a full and fair opportunity to respond. Finally, in M.C. Mehta v. Union of India[21] the Supreme Court held that the absence of due notice and a reasonable opportunity to respond would vitiate any holding to the rightsholder’s detriment.

The Intermediary Guidelines fail to satisfy the requirement of natural justice, and particularly the rights to prior notice as well as that of the affected party to a hearing:

By requiring that content be taken down swiftly (within 36 hours of complaint, under Rule 3 (4)) and by failing to require the author of the content to be informed of the complaint and its contents, the Intermediary Guidelines violate the author’s right to notice and consequently affect his/her right to prepare and present a defence at all. In practice, authors of content which is the subject of a complaint may never know of the complaint or even of the fact of the take down, given the absence of any mechanism under the rules by which they could have been informed. In a scheme for silent, invisible censorship, authors are never afforded an opportunity to challenge the take down, just as they have no opportunity to rebut the initial complaint. In addition, at any event, it is the intermediary, a biased private entity whose immunity under Section 79 of the IT Act could be called into question based on the outcome, who must make the determination as to the legality of the content.

While there is nothing to prohibit intermediaries from informing authors on the receipt of a complaint, the limited time within which action must be taken means that such intermediaries would risk liability for non-compliance with the compliant and a waiver of their Section 79 immunity, where the content is not taken down, whether because communication does not occur within the 36 hour timeframe or because an author elects to resist takedown. By creating a system in which takedowns necessarily occur in response to complaints, irrespective of their legitimacy, the Intermediary Guidelines presume and rule in favour of the complainants and in favour of (private) censorship instead of presuming in favour of the preservation of the fundamental right to free speech, or even maintaining neutrality between the two ends.

Compatibility with Article 14

The guarantee of “equal protection of laws” requires equality of treatment of persons who are similarly situated, without discrimination inter se. It is a corollary that that persons differently situated cannot be treated alike. In E. P. Royappa v. State of Tamil Nadu[22] the Supreme Court held that arbitrary or unfair actions necessarily run counter to Article 14. The Supreme Court explained in M/S Sharma Transport v. Government of Andhra Pradesh[23] that arbitrary actions are actions which are unreasonable, non-rational done capriciously or without adequate determining principle, reason or in accordance with due judgment. In addition, Article 14 also requires that state action be reasonable. In Mahesh Chandra v. Regional Manager, U.P. Financial Corporation[24] it was held that discretion must be exercised objectively, and that what is not fair or just will be unreasonable, and subject to being struck down as unconstitutional.Additionally, Article 14 also requires that the basis upon which classifications are undertaken for the purposes of same or differential treatment be reasoned and fair. The Supreme Court held in Sube Singh v. State of Haryana[25] that the state’s failure to support a classification on the touchstone of reasonability, with the existence of intelligible differentia or the rational basis of achieving a stated object, will be ground for it to be held arbitrary and unreasonable. Finally, all state action having the potential to curtail Article 14 must be reasonable, justifiable, undertaken in exercise of constitutional powers and be informed and guided by public interest. The Supreme Court held to this effect in Kasturi Lal Lakshmi Reddy v. State of Jammu and Kashmir[26].

The Intermediary Guidelines contravene Article 14 on the following grounds:

First, intermediaries who are not similarly situated are treated alike. Rule 2 (i) imports the IT Act’s omnibus definition of the term “intermediary”, such that all classes of intermediaries, ranging from intermediaries which control the architecture of the internet and the hardware which enables it to run (such as ISPs and DNS providers) to intermediaries that enable content creation, sharing and communications online (such as email clients, content aggregators, social networking services and content hosts), are empowered to censor and are required to comply with complaints regarding content. Intermediaries, for the purposes of the IT Act and the Intermediary Guidelines, thus refer to a large and disparate group of providers of services enabling access to as well as use of the Internet. Reasoned state action must recognize that their liabilities must necessarily vary with the specific type of service that each provides. The Intermediary Guidelines fail to do so, and are consequently incompatible with Article 14.

Second, the Intermediary Guidelines treat the same or similar content across media differently, without apparent justification. More specifically, users of the internet are unfairly discriminated against. All of the Rule 3 (2) grounds which are not explicitly mentioned in Article 19 (2) in particular reflect this discriminatory, unreasoned treatment. To illustrate, the prohibition under Rule 3 (2) on the display of any content online when it relates to gambling treats speakers using the internet differently from speakers communicating this content via any other medium of communication. Given that nothing in the nature of the medium itself attaches a new or different character to the content, criminality or liability must attach to such content in a medium-neutral fashion. So, while content qualifying as seditious under law remains so across media, whether it be print, audio or video broadcast or online, the same as not the case for communications on the internet. In other words, while gambling itself may be prohibited under law, speech or expression involving it is nowhere prohibited under law. While such content is legal and protected across print and broadcasting media, the same content is liable to take down online. This would amount to discriminatory treatment of equal content merely because speakers choose the internet, and the speech occurred online.

Third, the Intermediary Guidelines accord unrestrained discretion in the curtailment of fundamental rights to private functionaries, without any guidance whatsoever. This should have been the sole reserve of the state. In addition to the lack of guidance, the breadth of the grounds for censorship in Rule 3 (2), some of which are themselves incapable of precise and non-subjective application, means that private censorship can occur to an arguably unlimited degree. Expecting compliance with such terms, and attaching liability (for intermediaries) or a curtailment of fundamental rights (for generators of content), without the provision of a right to challenge or even, more fundamentally, be informed is both unreasonable and arbitrary.

Similarly, Rules 3 (4) and 3 (5) empower intermediaries to take down content without providing any realistic opportunity of hearing to its author. Intermediaries are accorded an adjudicatory role to the intermediary in deciding questions whether or not authors can access their fundamental right to free speech in the process. This role is ordinarily reserved for competent courts or administrative authorities, which are subject to constitutional checks and balances and a general obligation to preserve and promote fundamental rights. Assigning such functions to a self-interested private entity without any accountability whatsoever is both unreasonable as well as arbitrary.

Finally, the Intermediary Guidelines fail to account for the public interest because they directly restrict the public’s freedom of speech and expression, without any justifiable reason, and privilege the personal and not necessarily constitutional sensitivities of private complainants instead. Rule 3(3) in effect vests an extraordinary power of censorship in intermediaries, entities which operate on the basis of private interest and outside the limits of administrative or even the most basic human rights control. Safeguards must apply to power-bearers to the degree and in the manner required in relation to the nature of the power, rather than its holder, if fundamental rights are to be legislatively preserved. While the Supreme Court in A.K. Kraipak v. Union of India[27] extended the applicability of natural justice principles from judicial bodies alone and quasi-judicial bodies to administrative bodies as well, the applicability of such principles still remains limited to state entities. In other words, there is an acknowledged difficulty in applying public law standards to private, commercial entities.

The Intermediary Guidelines thus vest the right to abridge core fundamental rights (under Articles 14, 19 and 21) in private delegates operating outside public law controls that constrain the scope in which the power can be exercised and ensure that citizen interest can be preserved. In the alternative, they also failed to provide for other safeguards to prevent abuse to the detriment of fundamental rights private delegates of governmental power, even as they granted such powers in unlimited terms. As a result, the Intermediary Guidelines evidence thoughtless, arbitrary, unreasoned and unjust state action.

Vires vis á vis the Parent Act

While it is permissible within the constitutional scheme for legislative functions of the Parliament to be delegated to a degree, they may be struck down on several grounds. In general, per Indian Express Newspapers (Bombay) Pvt. Ltd. v. Union of India,[28] subordinate legislation can be challenged not only on any of grounds on which the parent legislation is vulnerable to challenge, but also on the grounds that it does not conform to parent statute, that it is contrary to other statutes or that it is unreasonable, in the sense that it is manifestly arbitrary. Notably, the Court also held here that subordinate legislation is liable to being struck down where it fails to conform to constitutional requirements, or, specifically that “it offends Article 14 or Article 19 (1) (a) of the Constitution”.

It is a well-accepted proposition that delegated legislation which travels outside the scope of its enabling law will not stand as valid. It was held in Agricultural Market Committee v. Shalimar Chemical Works Ltd [29] that a delegate cannot alter the scope of the act under which it has been it has been empowered to make rules, or even of a provision or principle included there under. In State of Karnataka v. Ganesh Kamath[30] the Supreme Court held that “it is a well settled principle of interpretation of statutes that the conferment of rule-making power by an Act does not enable the rule-making authority to make a rule which travels beyond the scope of the enabling Act or which is inconsistent there with or repugnant thereto”. Similarly, in KSEB v. Indian Aluminium Company[31], it held that“subordinate legislation cannot be said to be valid unless it is within the scope of the rule making power provided in the statute”.

The Intermediary Guidelines were enacted under Sections 79(2) and 87(2)(zg) of the Information Technology Act, 2000 (as amended). While the latter provision explicitly grants the Central Government rule-making powers by which it can lay out guidelines to be followed by intermediaries in order to comply with Section 79(2), it appears that the rules in their current form appear to have been drafted based on a misunderstanding of Section 79.

Section 79(2) itself merely clarifies the circumstances in which intermediaries can claim that intermediaries are not liable for content where they do not initiate the transmission of potentially actionable content or select its recipient, modify its contents and observe all necessary “due diligence” requirements under the IT Act and rules.

The extent to which the Intermediary Guidelines alter the intent and scope of section 79 (or other provisions of the IT Act, in some cases) clearly leaves them ultra vires the parent statute. The specific instances of deviation by the Intermediary Guidelines from the IT Act are listed below:

First, Rule 3 (3) is ultra vires section 79 of the IT Act. Where this rule expressly prohibits the hosting, publication or initiation of transmission of content described in Rule 3 (2), section 79 does not intend any prohibition. All that it does is to waive the immunity otherwise accorded to intermediaries where the conditions specified are not satisfied. In other words, the section is optional, rather than mandatory and punitive: whether or not an intermediary can claim immunity will depend on whether it chooses to comply with section 79 (2).

Second, Rule 3 (4) requires intermediaries to take steps to disable access to within 36 hours of receiving a complaint in relation thereto. This is inconsistent with section 69B of the IT Act, which lays down in detail, the procedure to be followed to disable access to information. Since section 69B is statutory law, Rule 3 (4), being mere delegated legislation, will have to yield in its favour.

Third, Rule 3 (7) is ultra vires sections 69 and 69B, and falls outside the scope of section 79 (2). Rule 3 (7) provides that intermediaries must comply with requests for information or assistance when required to do so by appropriate authorities. This provision has no relation to the contents of section 79, which regulates intermediaries’ liability for content, and under which these rules were notified. In addition, rules have already been issued under the properly relevant sections, namely sections 69 and 69B, to provide a procedure to be followed by the government for the interception, monitoring, and decryption of information held by intermediaries. Rule 3 (7) is not consistent with the rules under sections 69 and 69B, as it removes all safeguards that those rules included. Under the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules 2009, for instance, permission must be obtained from the competent authority before an intermediary can be directed to provide access to its records and facilities while Rule 3 (7) makes intermediaries answerable to virtually any request from any government agency.

[1]. Rule 3 (2) (a).

[2]. Rule 3 (2) (d).

[3]. Rule 3 (2) (b)

[4]. Section 499, Indian Penal Code, 1860 (“Defamation” is defined to include both written and spoken words).

[5]. AIR 1950 SC 124.

[6]. AIR 1958 SC 578.

[7]. AIR 1995 SC 1236.

[8].(2007) 1 SCC 170.

[9]. AIR 1973 SC 106.

[10]. (2011) 8 SCC 372.

[11]. AIR 1962 SC 305, ¶31.

[12]. Supra, n.5.

[13]. Centre for Internet & Society, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet 2011 available at cis-india.org/internet-governance/chilling-effects-on-free-expression-on-internet/intermediary-liability-in-india.pdf.

[14]. UN Document no. A/HRC/17/27.

[15]. UN Document no. A/HRC/20/.13.

[16]. AIR 1997 SC 3011.

[17]. AIR 1997 SC 568.

[18]. (2005) 1 SCC 496.

[19]. 1978 SCR (2) 621.

[20]. AIR 1985 SC 1416.

[21]. AIR 1999 SC 2583.

[22]. AIR 1974 SC 555.

[23]. AIR 2002 SC 322.

[24]. AIR 1993 SC 935.

[25]. (2001) 7 SCC 545, 548, ¶10.

[26].1980 AIR 1992.

[27]. AIR 1970 SC 150.

[28]. AIR 1986 SC 515.

[29]. AIR 1997 SC 2502.

[30]. (1983) 2 SCC 40.

[31]. AIR 1976 SC 1031.

For more details visit https://cis-india.org/internet-governance/constitutional-analysis-of-intermediaries-guidelines-rules

Constitution of Group of Experts to Deliberate on Privacy Issues

praskrishna — 2012-01-04T07:49:37Z

It has been decided to constitute a Small Group of Experts under the Chairmanship of Justice A.P. Shah, Former Chief Justice, Delhi High Court, to identify the privacy issues and prepare a paper to facilitate authoring the Privacy Bill. The constitution of the proposed group and ToR are as follows:

Constitution of the Group

S.No.	Name	Designation
1	Justice A.P. Shah, Former Chief Justice, Delhi High Court	Chairman
2	Shri. R S Sharma, DG UIDAI	Member
3	Dr. Gulshan Rai, Director General CERT-In, DIT	Member
4	Sh. Rajiv Kapoor, JS, DOPT	Member
5	Representative, Department of Legal Affairs	Member
6	Sh. Som Mittal, President, NASSCOM	Member
7	Ms. Barkha Dutt, NDTV	Member
8	Dr. (Ms) Usha Ramanathan, Researcher & Advocate	Member
9	Sh. PraneshPrakash, Programme Manager, Centre for Internet & Society	Member
10	Dr. Kamlesh Bajaj, CEO, Data Security Council of India (DSCI)	Member
11	Dr. Nagesh Singh, Adviser, Planning Commission	Member
12	Sh. R K Gupta, Adviser (CIT&I), Planning Commission	Member

Terms of Reference
- To study the Privacy laws and related bills promulgated by various countries.
- To make an in-depth analysis of various programmes being implemented by GoI from the point of view of their impact on Privacy.
- To make specific suggestions for consideration of the DOPT for incorporation in the proposed draft Bill on Privacy.
The Chairman may co-opt other Members to the group for their specific inputs.
The expenditure towards TA/DA in connection with the meetings of the Group in respect of the official members will be borne by their respective Ministries/Departments. Domestic travel in respect of non-Official Members of the group would be permitted by Air India (economy class) and the expenditure would be met by the Planning Commission.
The group will be serviced by the CIT & I Division, Planning Commission.
The group shall submit its report by 31st March 2012.

(S Bose)
Under Secretary to the Government of India

To:
The Chairman and all Members of the Group of Experts
Copy forwarded to:

PS to Deputy Chairman, Planning Commission
PS to MOS (Planning, PA, S&T and ES), Planning Commission
PS to all Members of the Planning Commission
PS to Member Secretary, Planning Commission
Director (PC), IFA unit,Deputy Secretary (Admn.),Planning Commission
Administration/Accounts/General Branches, Library, CIT & I Division, Planning Commission
Information Officer, Planning Commission

(S Bose)
Under Secretary to the Government of India

Download the PDF we got from the Planning Commission.

For more details visit https://cis-india.org/news/constitution-of-group-of-experts

Consilience 2019

Admin — 2019-06-05T07:25:08Z

The Law and Technology Society at the National Law School of India University, Bangalore organised Consilience on May 25, 2019.

Gurshabad Grover was a panelist on the discussion on 'Online Content Regulation: Global Perspectives and Solutions'. The other panelists were Jyoti Panday (Telecom Centre of Excellence) and Alok Prasanna Kumar (Vidhi Centre for Legal Policy). The session was moderated by Divij Joshi. Gurshabad's contributions centered around the interplay of content moderation, regulation and competition issues. He also discussed the disharmony between the recommendations of the UN Special Rapporteur on FoE and developing legal norms of regulation. Akriti Bopanna gave her inputs to Gurshabad Grover.

For more details visit https://cis-india.org/internet-governance/news/consilience-2019

Consilience 2017 - A Conference on Artificial Intelligence & Law

praskrishna — 2017-06-07T01:47:07Z

The Law and Technology Society, NLSIU organized their annual conference, Consilience, on the theme 'Artificial Intelligence and the Law' on May 20, 2017 in Bengaluru. Vidushi Marda took part in the event as a panelist.

The panel consisted of the following speakers:

Arun S. Prabhu (Moderator) Partner, Cyril Amarchand Mangaldas,Bangalore)
Chinmayi Arun (Faculty Associate, Berkman Klein Centre for Internet and Society)
Amlan Mohanty (Founder, Techlawtopia)
Vidushi Marda (Programme Officer, Centre for Internet and Society)
Anirudh Rastogi (Partner, TRA Law)

For more information, click here

For more details visit https://cis-india.org/internet-governance/news/consilience-2017-a-conference-on-artificial-intelligence-law

Consilience – 2013

praskrishna — 2013-11-20T06:15:15Z

The Law and Technology Committee of National Law School of India University, Bangalore is organising ‘Consilience – 2013′, an annual conference on law and technology, to be held on May 25 and 26, 2013. The Centre for Internet and Society is a co-partner for this event.

Theme: Data Protection and Cyber Security in India. Click to read the report here.

Topics:
Frameworks for Data Protection in India: The J. A.P. Shah “Report of the Group of Experts on Privacy”

a. What is the scope of the principles/framework?

b. What could be the strengths and limitation of their application?

c. How does Report define privacy for India?

d. Would an alternative framework for privacy in India be better? If so, what would this framework look like?

India and the EU: The Privacy Debate

a. How does the Indian data protection regime differ from the EU regime?

b. Was the EU is justified in not accepting India as a data secure country? Reason for or against.

c. In what way does the Indian regime on data protection not meet the requirements of EU’s data protection directive?

d. What changes need to be made in the Indian regime to become EU compliant? Are these changes feasible? Should India make these changes?

Governmental Schemes, Data Protection, and Security

a. In India, do private public partnerships between government and the private sector adequately incorporate data protection standards?

b. What have been concerns related to data protection and security that have arisen from government schemes? (Please use two governmental schemes as case studies)

c. Are these concerns related to the policy associated with the project – the architecture of the project as well as the implementation?

d. Should the larger question of data protection for governmental schemes be incorporated into a privacy legislation? If yes, how so?

Contracts and Data Protection in India

a. How are contracts used to ensure data protection in India? What actors use contracts?

b. Are there weaknesses in using contracts to ensure data protection standards?

c. Do contracts address questions brought about from technology like the cloud?

Cyber security in India

a. What are the perceived challenges and threats to cyber security in India?

b. Are these currently being addressed through policy/projects? If yes, how so?

c. How does India’s cyber security regime compare to other countries?

Surveillance and Cyber Security

a. Does policy in India enable the Government of India to surveil individuals for reasons related to cyber security?

b. If so – through what policy, projects, legislation?

c. Do the relevant policies, projects, and legislation impact privacy? How so?

The Draft National Cyber Security Policy

a. What is the scope of the National Cyber Security Policy of India? Does the draft policy adequately address all of the concerns within the ambit of cyber security?

b. Would the Draft National Cyber Security Policy of India be effective in meeting the goal of enhancing cyber security levels in India?

c. How does the Draft National Cyber Security Policy compare to other countries cyber security policies?

Word Limit:

Abstract: 750-800 words

Paper: 2,500 words

Deadlines:

Abstract Submission: April 30, 2013

Paper Submission: May 15, 2013

Contact Details:

consilience2013[at]gmail[dot]com

Mohak Arora: +91-90359-21926

Shivam Singla: +91-99167-08701

Each participant is required to submit an abstract on any one of the seven topics above and can choose the specific issue within the selected topic to discuss.

For additional details, click here.

For more details visit https://cis-india.org/internet-governance/events/consilience-2013-law-technology-committee-nls-bangalore

Consilience

praskrishna — 2015-06-19T01:55:12Z

Pranesh Prakash was a speaker at this event organized by the National Law School of India University on May 9 and 10, 2015 in Bangalore. The theme for this conference was "Net Neutrality".

For those of you who came in late, Net Neutrality refers to the idea that all data on the internet should be treated equally. What this means is that you shouldn't be charged more for using one website or less for another. The internet is meant to be equal for all to access. To access YouTube one should not have to pay extra, just because Airtel is trying to grow.

However, to maintain this network that we love so much, telecom operators argue they have to spend thousands of crores of rupees on licences and cable infrastructure without getting much return. Therefore they want to be able to charge differently for using different websites. This makes it is a very contentious issue as it involves a tricky balancing of business interests v. freedoms of the digital age. For a little more insight on the topic, see the document attached which explains net neutrality in a very simple manner.

The conference was graced by a host of experts in the field, such as Rajan Mathews (Director-General, Cellular Operators Association of India), T.V. Ramachandran (Resident Director, Regulatory Affairs and Govt. Relations, Vodafone Essar Ltd.), the Policy Director for Centre for Internet and Society, Mr. Pranesh Prakash, and the general counsel of CISCO India, Mr. Joginder Yadav. Students and experts alike gave differing opinions and facilitated a great debate.

For more details visit here.

For more details visit https://cis-india.org/internet-governance/news/consilience-nls-2015

Connections 2018

praskrishna — 2018-12-10T15:32:06Z

Gurshabad Grover attended Connections 2018, a pre-IETF event organised by the India Internet Engineering Society (IIESoc) in Bangalore on October 31 and November 1, 2018.

IIESoC organized the event with an objective to:

Discuss the interests and issues important to the network deployment, operation and design of networks in India as they impact IETF standards.

Educate and prepare new members for IETF involvement. Facilitate member involvement in IETF areas.

Provide information, guidance and direction to assist Indian community in involvement in the IETF.

Work from different IETF working groups was discussed in four tracks: IoT Standardisation, SDN and Network Operations, IPv6, and Deployments.

Click to view the agenda

For more details visit https://cis-india.org/internet-governance/news/connections-2018

CONNECTing the Dots: Options for Future Action

praskrishna — 2015-04-01T15:31:45Z

Conference on UNESCO’s Internet Study: access, free expression, privacy and ethics.

Elonnai Hickok participated in the conference organized by UNESCO on 3 and 4 March 2015 in Paris. The programme focused on topics like:

Freedom of Expression
Access and Ethics
Privacy and Ethics
Access and Freedom of Expression
Access and Privacy
The Internet Ecosystem and UNESCO's role - which options for future action?

For more details visit https://cis-india.org/internet-governance/news/connecting-the-dots-options-for-future-action

Connecting People Apart - Events Series

praskrishna — 2012-06-15T11:32:44Z

Post-Media Lab is organising an event series at Lüneburg/Berlin from June 20 to June 23, 2012. Nishant Shah will be speaking at this event.

This was published in Mute on June 11, 2012

Events registration (free) and details here - Contact info@postmedialab.org

20 June

Opening presentation – ‘Talk to Me’ with Rasa Smite & Raitis Smits (RIXC) with a contribution by Nishant Shah (Center for Internet and Society, Bangalore). Reception and drinks.
Venue: Halle für Kunst, Lüneburg. 19:30-22:00
Event booking (free)

21 June

‘What Would the Community Say?’ – A public consultation on regional sustainability and participation projects with Nishant Shah (Center for Internet and Society, Bangalore) in cooperation with DialogN.
Venue: Freiraum, Lüneburg. 13:00-15:00
Event booking (free)

McKenzie Wark book launch and presentation, The Beach Beneath the Street: The Everyday Life and Glorious Times of the Situationist International.
Venue: b-books, Berlin. 21:00-23:00
Event booking (free)

22 June

The Community Complex, A Post-Media Lab conference
Participants: Johannes Paul Raether (Basso), McKenzie Wark (The New School, New York), Nishant Shah (Centre for Internet & Society, Bangalore), Marcell Mars (MaMa, Zagreb), Tatiana Bazzichelli (transmediale/reSource), Clemens Caspar Mierau (Spackeria/c-base), Pod (CiTiZEN KiNO/XLterrestrials, Berlin/San Francisco), Graswurzel TV, foebud e.v. (Bielefeld), Tactical Technology Collective (Berlin and Bangalore), Freifunk (Berlin).
Venue: Denkerei, Berlin. 13:00-20:00
Event booking (free)

After conference event: Performative screening - CiTiZEN KiNO (#16): Technotopia / Dystopia : A Social Garden-i-fication Is Elsewhere!
Venue: c-base, Berlin. 22:00
Event booking (free)

23 June

Live Stream/Media Lounge: ‘From Waste to Resource. Recovering Sustainable Attitudes’
Venue: Kulinarisches Kollektiv, Berlin. 17:00-20:00
Event booking (free)

The Post-Media Lab is part of the Lüneburg Innovation Incubator, a major EU project within Leuphana University of Lüneburg, financed by the European Regional Development Fund and co-funded by the German federal state of Lower Saxony.

Full programme details

Events booking (free) – http://pml.eventbrite.co.uk Contact info@postmedialab.org

Opening presentation - ‘Talk to Me’ with Rasa Smite & Raitis Smits (RIXC) with a contribution by Nishant Shah (Center for Internet and Society, Bangalore)

Wednesday, 20 June, 19:30-22:00
Venue: Halle für Kunst, Lüneburg
Reception and drinks

Everyone wants someone to talk to. Nowadays, scientists have performed various experiments in order to verify the old assumption that talking to plants makes them grow better. This is a prototype for an interface, which allows talking to plants remotely via the internet. We invite everyone to participate in a collaborative experiment by talking to growing plants using an online remote interface.

‘What Would the Community Say?’ - A public consultation on regional sustainability and participation projects with Nishant Shah (Center for Internet and Society, Bangalore) in cooperation with DialogN (Lüneburg)

Thursday, 21 June 13:00-15:00
Venue: Freiraum, Lüneburg

Nishant Shah will pass on and upon reflect experiences about the changing face of citizen action in a post-mediatized world. He will be presenting audio-visual material from studies in India and China – from a 'Global South' perspective – in order to look at the affective circuits of digital technologies and how our current models of development and change fail to address these conditions of being human - because mostly they are targeted at conditions of being a subject. This presentation will be embedded into the discursive context of 'citizen participation' and 'liquid feedback' projects destined for Lüneburg as part of a development region funded for by the EU and EFRE.

Book launch and presentation with McKenzie Wark. The Beach Beneath the Street: The Everyday Life and Glorious Times of the Situationist International

Thursday 21 June 21:00-23:00
Venue: b-books, 14 Lübbenerstr, 10997 Berlin

McKenzie Wark appears at b-books to talk about his book on the life and times of the Situationist International, The Beach Beneath the Street.
McKenzie Wark delves into the Situationists' unacknowledged diversity, revealing a world as rich in practice as it is in theory. Tracing the group's development from the bohemian Paris of the '50s to the explosive days of May '68, Wark's take on the Situationists is biographically and historically rich, presenting the group as an ensemble creation, rather than the brainchild and dominion of its most famous member, Guy Debord. Roaming through Europe and the lives of those who made up the movement – including Constant, Asger Jorn, Michèle Bernstein, Alex Trocchi and Jacqueline De Jong – Wark uncovers an international movement riven with conflicting passions.
Accessible to those who have only just discovered the Situationists and filled with new insights, The Beach Beneath the Street rereads the group's history in the light of our contemporary experience of communications, architecture, and everyday life. The Situationists tried to escape the world of twentieth-century spectacle and failed in the attempt. Wark argues that they may still help us to escape the twenty-first century, while we still can …

Organised by The Post Media Lab at Leuphana University, Lüneburg. In collaboration with Mute and b-books

The Community Complex - A Post-Media Lab conference

Friday, 22 June 2012, 13:00-20:00
Venue: Denkerei, Oranienplatz 2, 10999 Berlin

13:00-15:00 / Workshop I: Practice
15:00-15:30 / Pause
15:30-17:30 / Workshop II: Privacy
18:00-20:00 / Evening Panel

Whether you want to have something to do with the ‘community industry’ or not, it has something to do with you. Through its burgeoning expansion, our forms of relating, caring, communicating and collaborating, are being transformed, enclosed, templated and put to work. The most affective components of network culture are rapidly being engineered into ‘product’. Just as virtual space is augmented, real space becomes ever more virtualised, securitised and impoverished. The rise of the network-assembled community has coincided with a radical disinvestment of national and municipal communities in the age of austerity. As services are withdrawn, the ‘community’ itself is enjoined to step into the breach. ‘Community’, in the era of networked neoliberalism, has become both a target of governance as well as of business.
Beyond the commercial drive which is ‘connecting people apart’, communities of difference are also flourishing in the post-internet age. Reimagining community is not just the preserve of belligerent nationalisms and Web 2.0 but also a long-standing activity of alternative, artistic and political cultures’ responses to commercialisation and industrialisation, from the 17th century puritans and diggers, the artist communes of the 19th century, through to the political squatter scenes of post-68 generation, the hacklabs of the past years and new movements such as Anonymous. The Community Complex will ask how normative forms of sociality and identification are not only produced but also challenged in today’s mashup of the virtual and real, free and waged labour, computational and affectual, real-time and bio-time, as well as minor and molar imaginings of connection. To achieve this we bring together different perspectives and experiences of critically engaging with the new realities of mediatised ‘community’ and its reimagination.

Participants: Johannes Paul Raether (Basso), McKenzie Wark (The New School, New York), Nishant Shah (Centre for Internet & Society, Bangalore), Marcell Mars (MaMa, Zagreb), Tatiana Bazzichelli (transmediale/reSource), Clemens Caspar Mierau (Spackeria/c-base), Pod (CiTiZEN KiNO/XLterrestrials, Berlin/San Francisco), Graswurzel TV, foebud e.v. (Bielefeld), Tactical Technology Collective (Berlin and Bangalore).

After conference event: Performative screening - XLterrestrials and PML-present: CiTiZEN KiNO (#16): Technotopia / Dystopia : A Social Garden-i-fication Is Elsewhere!

22:00-late
Venue: c-base, Rungestrasse 20, 10179 Berlin

As much as society appears to be thoroughly seduced by all the technological empowerment in this crash course information + capture age, the flaws, the cracks and all the discontents are beginning to show. In spite of the tsunami of corporate-feeds, gadget trends and heavily wired agendas, a Social Garden-i-fication of on-the-ground communities is underway and determined to grow by any means or hack necessary!

Citizen Kino is an experimental hybrid of public cinema, theater, laboratory and media self-defense.

Live Stream/Media Lounge: 'From Waste to Resource. Recovering Sustainable Attitudes'

Saturday, 23 June 2012, 17:00–20:00
Venue: Kulinarisches Kollektiv, Lausitzer Str.13 (aka Schweizerei), 10999 Berlin-Kreuzberg

A virtual tour through Re-Use Centres from all over the world
Participating Centres are: SCRAP in Portland, Oregon (USA), ReCircle (Brussels / Belgium), Long Beach Depot For Creative ReUse in Long Beach (California / USA), Mini-Scrapbox (Reepham / UK), The Resource Exchange (Philadelphia /USA), Kunst-Stoffe (Berlin / Germany).

In cooperation with Kunst-Stoffe (Berlin), Drap Art (Barcelona) and Les Petites Gourmandises (Berlin)

Link to the original here

For more details visit https://cis-india.org/news/connecting-people-apart

Connected Trouble

sunil — 2015-10-28T16:47:58Z

The internet of things phenomenon is based on a paradigm shift from thinking of the internet merely as a means to connect individuals, corporations and other institutions to an internet where all devices in (insulin pumps and pacemakers), on (wearable technology) and around (domestic appliances and vehicles) humans beings are connected.

The guest column was published in the Week, issue dated November 1, 2015.

Proponents of IoT are clear that the network effects, efficiency gains, and scientific and technological progress unlocked would be unprecedented, much like the internet itself.

Privacy and security are two sides of the same coin―you cannot have one without the other. The age of IoT is going to be less secure thanks to big data. Globally accepted privacy principles articulated in privacy and data protection laws across the world are in conflict with the big data ideology. As a consequence, the age of internet of things is going to be less stable, secure and resilient. Three privacy principles are violated by most IoT products and services.

Data minimisation

According to this privacy principle, the less the personal information about the data subject that is collected and stored by the data controller, the more the data subject's right to privacy is protected. But, big data by definition requires more volume, more variety and more velocity and IoT products usually collect a lot of data, thereby multiplying risk.

Purpose limitation

This privacy principle is a consequence of the data minimisation principle. If only the bare minimum of personal information is collected, then it can only be put to a limited number of uses. But, going beyond that would harm the data subject. IoT innovators and entrepreneurs are trying to rapidly increase features, efficiency gains and convenience. Therefore, they don't know what future purposes their technology will be put to tomorrow and, again by definition, resist the principle of purpose limitation.

Privacy by design

Data protection regulation required that products and services be secure and protect privacy by design and not as a superficial afterthought. IoT products are increasingly being built by startups that are disrupting markets and taking down large technology incumbents. The trouble, however, is that most of these startups do not have sufficient internal security expertise and in their tearing hurry to take products to the market, many IoT products may not be comprehensively tested or audited from a privacy perspective.

There are other cyber security principles and internet design principles that are disregarded by the IoT phenomenon, further compromising security and privacy of users.

Centralisation

Most of the network effects that IoT products contribute to require centralisation of data collected from users and their devices. For instance, if users of a wearable physical activity tracker would like to use gamification to keep each other motivated during exercise, the vendor of that device has to collect and store information about all its users. Since some users always wear them, they become highly granular stores of data that can also be used to inflict privacy harms.

Decentralisation was a key design principle when the internet was first built. The argument was that you can never take down a decentralised network by bombing any of the nodes. Unfortunately, because of the rise of internet monopolies like Google, the age of cloud computing, and the success of social media giants, the internet is increasingly becoming centralised and, therefore, is much more fragile than it used be. IoT is going to make this worse.

Complexity

The more complex a particular technology is, the more fragile and vulnerable it is. This is not necessarily true but is usually the case given that more complex technology needs more quality control, more testing and more fixes. IoT technology raises complexity exponentially because the devices that are being connected are complex themselves and were not originally engineered to be connected to the internet. The networks they constitute are nothing like the internet which till now consisted of clients, web servers, chat servers, file servers and database servers, usually quite removed from the physical world. Compromised IoT devices, on the other hand, could be used to inflict direct harm on life and property.

Death of the air gap

The things that will be connected to the internet were previously separated from the internet through the means of an air gap. This kept them secure but also less useful and usable. In other words, the very act of connecting devices that were previously unconnected will expose them to a range of attacks. Security and privacy related laws, standards, audits and enforcement measures are the best way to address these potential pitfalls. Governments, privacy commissioners and data protections authorities across the world need to act so that the privacy of people and the security of our information society are protected.

For more details visit https://cis-india.org/internet-governance/blog/the-week-november-1-2015-sunil-abraham-connected-trouble

Connaught Summer Institute on Monitoring Internet Openness and Rights

praskrishna — 2013-07-26T09:17:45Z

Malavika Jayaram is a speaker at this event being held at the Munk School of Global Affairs, Bloor Street West.

Click to read the original posted on Citizen Lab website

Monday, July 22, 2013

Location: Munk School of Global Affairs (Observatory Site), 315 Bloor Street West (map)

14:00 - 17:00	Meet and Greet at the Citizen Lab Participants are free to drop by the Lab between 2:00-5:00 pm to see the space and meet with Citizen Lab researchers. Participants should go to the reception desk on the first floor and have the receptionist call the Lab.

Tuesday, July 23, 2013

Location: Campbell Conference Room, South House, Munk School of Global Affairs (Trinity site), 1 Devonshire Place (map)

08:00 - 09:00	Breakfast
09:00 - 09:15	Opening Remarks
09:15 - 10:45	Tutorial "Welcome to Oz: Beyond a Black and White Debate on Internet Regulation (and Control)" – Jon Penney (Berkman Centre/Oxford Internet Institute/Citizen Lab) and Ryan Budish (Berkman Centre/Herdict)
10:45 - 11:00	Break
11:00 - 12:00	Commercialization of Information Controls "Regulators, Politicians, and Deep Packet Inspection: Who's Driving What and Why" – Chris Parsons (University of Victoria) "Fingerprinting Internet Filtering Products" – Jakub Dalek (Citizen Lab) "Cash Rules Everything Around Me: The Commercialization of Online Spying" – Bill Marczak (UC Berkeley)
12:00 - 13:45	Lunch
13:45 - 14:45	Circumvention / Attacks 1 "Collateral Freedom" – David Robinson (Robinson + Yu) "Remedy: Relays Monitoring and Deployment" – KheOps (Telecomix) "Fake Domain Attacks on Civil Society Groups" – Michael Carbone (Access)
14:45 - 15:45	Characterization / Measurement 1 "Iran through the Eyes of Big Data" – Collin Anderson (Independent Researcher) "Measurement, Detection, and Comparison of Surveillance Data" – Praveen Selvasekaran (Simple Tech Life) "Filbaan: What is Filtered Today?"
15:45 - 16:00	Break
16:00 - 16:45	Identity Systems and Monitoring "Desperately Seeking the Names: Examining the Historical Progression of Real Name Policies on the Chinese Internet" – Lianrui Jia (Carleton University) "India's Civil Liberties Crisis: Digital Free Will in Free Fall" – Malavika Jayaram (Centre for Internet and Society, Bangalore)
17:00 - 18:30	Poster and Demo Session Light refreshments will be served "User-side Approach for Censorship Detection: Home-router and Client-based Platforms" – Giuseppe Aceto (University of Naples Federico II) "The Cyber Losers" – Aaron Brantly and Katrin Verclas (National Democratic Institute) "What is the Impact of Internet Censorship in China?" – Carlotta James (Psiphon Inc.) "Open Integrity Index" – Jun Matsushita "M-Lab: Exploring the Possibilities for Open, Global Censorship and Surveillance Detection" – Stephen Soltesz (Open Technology Institute) and Meredith Whittaker (Google Research) "Mapping Google: Global Business Infrastructure and Implications for Openness " – John Harris Stevenson (University of Toronto) "Chat Program Censorship and Surveillance in China: Tracking TOM-Skype and Sina UC" – Greg Wiseman (Citizen Lab) "The Growth and Spread of Cyberspace Controls" – Benjamin Zaiser (Free University of Berlin)

Wednesday, July 24, 2013

Location: Campbell Conference Room, South House, Munk School of Global Affairs (Trinity site), 1 Devonshire Place (map)

08:00 - 09:00	Breakfast
09:00 - 10:20	Characterization / Methodology 2 "Refining the Tor Censorship Detector" – Sam Burnett (Georgia Tech) "From Internet Security to Internet Freedom: The case of the RPKI" – Sharon Goldberg (Boston University) "Running Software in Albuquerque to Measure Censorship Anywhere" – Jeffrey Knockel (University of New Mexico) "Social Media as Labratory: What We Can Learn about Chinese Politics from Sina Weibo Censorship and Online Discussion" – Jason Q. Ng (Citizen Lab)
10:20 - 11:00	Break
11:00 - 12:00	Circumvention 2 "VPNthnography: Hacking the Great Firewall for Fun and Profit" "Economics of Web Proxy Networks" – Bennett Haselton (Peace Fire/Citizen Lab) "Censors Working Overtime" – Karl Kathuria (Psiphon Inc.)
12:00 - 14:00	Lunch
14:00 - 15:30	Tutorial "Network Censorship Techniques, Detection, and Localization" – Nick Weaver (ICSI)
15:30 - 16:00	Break
16:00 - 17:30	Panel: Bridging Activism and Research (5 minute talks + discussion) Ali Bangi (ASL19 / Citizen Lab) Stefania Milan (Tillburg University) Deji Olukotun (PEN) John Scott-Railton (Citizen Lab / UCLA) 'Gbenga Sesan (Paradigm Initiative Nigeria)

Thursday, July 25, 2013

Location: Campbell Conference Room, South House, Munk School of Global Affairs (Trinity site), 1 Devonshire Place (map)

08:00 - 09:00	Breakfast
09:00 - 10:20	Jurisdictions and Borders Online "Cyberconflict and the Legal-Territorial Paradox" – Cameran Ashraf (UCLA) "Beyond Borders: Legislative Challenges to the Management of Records in the Cloud" – Elaine Goh (University of British Columbia) "Civil Society 2.0: The Global Struggle to Govern the Democratic Impacts of ICTs" – Muzammil M. Hussain (University of Michigan) "The Anti-Counterfeiting Trade Agreement and the Networked Public Sphere: How to avoid a Convergent Crisis" – James Losey (Open Technology Institute)
10:20 - 10:40	Break
10:40 - 12:10	Tutorial "Ranking Companies on Digital Rights: Challenges and Synergies" – Rebecca MacKinnon (New America Foundation)
12:10 - 14:00	Lunch
14:00 - 15:30	Surveillance and Monitoring "Revisiting Webtapping: Learning From Five Years’ of U.S. Cyber and Intel Policy" – Chris Bronk (Rice University) "Who Watches the Watchmen?: Detecting Stealth and Unattributed Information Controls" – Herve Saint Louis (University of Toronto) "IX Maps" – Andrew Clement (University of Toronto) "Technologies of Control, ‘National Security’ and Systemic Abuse of Minorities in the East and Horn of Africa" – Clara Gutteridge (Equal Justice Forum)
15:30 - 15:45	Break
15:45 - 16:30	Closing Discussion on Interdisciplinary Research and Information Controls

Friday, July 26, 2013

Location: Rooms 108, 208 and Basement, North House, Munk School of Global Affairs (Trinity site), 1 Devonshire Place (map)

10:00 - 14:00

Breakout Sessions

Light refreshments will be served

The half day will be dedicated to giving participants the opportunity to break into small groups to further discuss, share, and hack on topics raised during the workshop.

Sponsor

The workshop is sponsored by University of Toronto's Connaught Fund. Since it was founded in 1972, the fund has invested more than $1 million in projects that span across the disciplines.

For more details visit https://cis-india.org/news/citizenlab-summer-institute-on-monitoring-internet-openness-and-rights

Conmen seed fake phone numbers in Google to trap people looking for customer care details

Admin — 2019-02-01T15:22:27Z

Googling for anything might seem like a good idea, but searching for contacts of businesses and customer care numbers is landing people in the hands of conmen.

The article by Tushar Kaushik was published in Economic Times on January 30, 2019.

Many use Google or other search engines for specific contact numbers — the customer care numbers of a bank, for instance. The search results do not throw up bona fide numbers, but those of conmen waiting to lure a victim. The conmen, knowing what the caller is seeking, and on the pretext of helping, cunningly makes them part with information such as bank account, debit/credit card and even the OTP.

About 20-odd people have been duped in this manner in the past month in Bengaluru, according to the city’s cybercrime police. About 20-30 victims have fallen prey in Gurugram in the last one-and-a-half months. In Maharashtra and Hyderabad, the trend of fake numbers being seeded on Google Maps and being used to dupe people is being observed since October 2018. The frauds are helped by the fact that any user can edit contact information on Google Maps. The Maharashtra cyber police reportedly notified Google authorities regarding this.

Inspector and in-charge of cyber police station at Gurugram, Anand Kumar, said another variant of such cases was on the rise. People searching for contacts to help them return products they bought from e-commerce websites have been led to fake numbers. “In the past one-and-half months, about 20-30 such complaints have been received,” Kumar said.

Srinivas Kodali, a Hyderabad-based data security researcher, said similar incidents using fake numbers being uploaded on Google Maps had occurred in Hyderabad 2-3 months ago. He claimed Google had been informed of the incidents.

Illustrating another instance of the way Google searches are misused, dairy brand Amul issued a legal notice to Google, alleging that a series of fake B2B campaigns regarding Amul Parlours and Distributors have started through fake websites using Google search ads since September 2018.

Bengaluru-based app developer and co-founder of TBG Labs Harsha Halvi said it was fairly easy for any conman to seed his own number and masquerade as a contact number and make it appear in a Google search. He said all it takes is a very good understanding of search engine optimisation (SEO).

Gurshabad Grover, senior policy officer at The Centre for Internet and Society, Bengaluru, said, “The problem right now is Google is not making it clear whether something is verified information or is crowdsourced. On Google Maps, businesses can be claimed by legitimate owners. A suggestion is that Google verify the claimed entities,” Grover said. He added that people too should exercise vigilance while accessing information online.

Additional commissioner of police (crime) at Bengaluru Alok Kumar said Google could not be held responsible for such incidents as individuals seeded the fake numbers.

Reacting to the incidents, a spokesperson from Google India said, “Overall, allowing users to suggest edits provides comprehensive and up-to-date info, but we recognise there may be occasional inaccuracies or bad edits suggested by users.” The spokesperson said when such issues are reported to Google, the claims are investigated and action is taken in line with the findings.

For more details visit https://cis-india.org/internet-governance/news/economic-times-tushar-kaushik-january-30-2019-conmen-seed-fake-phone-numbers-in-google-to-trap-people-looking-for-customer-care-details

Confidentiality of Communications and Privacy of Data in the Digital Age

praskrishna — 2018-10-28T06:02:07Z

On September 25, 2018, Elonnai Hickok participated in a side event Confidentiality of Communications and Privacy of Data in the Digital Age organized by INCLO and Privacy International at the Human Rights Council 39th ordinary session. Elonnai spoke on artificial intelligence and privacy.

For more details visit https://cis-india.org/internet-governance/news/confidentiality-of-communications-and-privacy-of-data-in-the-digital-age

Conference: Internet at Liberty 2010

praskrishna — 2011-04-02T10:00:01Z

This conference is being held in Budapest from 20 to 22 September 2010. It is co-sponsored by Google and Central European University. Sunil Abraham and Anja Kovacs are attending the conference.

The conference Internet at Liberty 2010 will explore creative ways to address the boundaries of online free expression, the complex relationship among technology, economic growth and human rights, ways in which dissidents and governments are using the Internet, the role of Internet intermediaries, and pressing policy and legal issues such as privacy and cybersecurity. The event will bring together grassroots global activists alongside representatives of NGOs, academic centers, governments and corporations. The Centre for Media and Communication Studies is playing a core role in the organisation of the event.

Download the agenda

For further information, see CMCS website

Also see, Internet at Liberty 2010 website.

For more details visit https://cis-india.org/news/internet-at-liberty-conference