We are anonymous, we are legion

Big Brother is here: Amid snooping row, govt report says monitoring system 'practically complete'

Admin — 2018-12-26T15:22:27Z

The recently released 2017-18 annual report of the Centre for Development of Telematics (C-DOT) says that surveillance equipment is being rolled out in 21 service areas across the country.

The article by Keerthana Sankaran was published in New Indian Express on December 26, 2018.

While last week's government order on snooping caused an uproar, the Centre's plans for a far-reaching monitoring system have been in the making for almost a decade -- with the groundwork being done by the previous UPA regime. The recently released 2017-18 annual report of the Centre for Development of Telematics (C-DOT) says that India’s ‘Central Monitoring System’ (CMS) is “practically complete”, confirming that the Orwellian ‘Big Brother’ is here.

The report says that surveillance equipment is being rolled out in 21 service areas across the country and operations have commenced in 12 service areas. The system will monitor and intercept calls and messages.

The government claims the CMS is based on the Telegraph Act of 1885 which states that the central or state government may intercept messages if the government is “satisfied that it is necessary or expedient to do so in the interests of the sovereignty and integrity of India, the security of the state, friendly relations with foreign states or public order or for preventing incitement to the commission of an offence.”

Even though the surveillance system was publicly announced in 2009, C-DOT’s annual report of 2007-2008 had hinted at a testing phase for a “lawful interception, monitoring” system.

A post from the website of the Centre for Internet and Society describes how the CMS could work. Network providers are all required to give interconnected Regional Monitoring Centres access to their network servers. The article also points out that there is no law that describes the CMS.

The CMS was approved by the Cabinet Committee on Security during the UPA government in 2011, receiving flak from experts and the press for not safeguarding the citizen’s right to privacy. However, in a Lok Sabha session in May 2016, Telecom Minister Ravi Shankar Prasad said that the system is for the “process of lawful interception”, adding that regional monitoring centres in Delhi and Mumbai had been operationalised.

The latest C-DOT report also talks about a Centre of Excellence for Lawful Interception being set up, which would use high-end technologies - such as open source intelligence, image processing and search engine tools to scan Twitter and Facebook - for surveillance.

On Thursday, the Ministry of Home Affairs released a notification, authorising 10 central agencies to intercept, monitor and decrypt any "information generated, transmitted, received or stored in any computer." While the public and opposition parties expressed alarm over the new order, the C-DOT report clearly shows that state surveillance plans are already in an advanced stage.

These government moves are taking place despite the August 2017 landmark judgement by the Supreme Court, which declared the right to privacy as a fundamental right which will protect citizens from intrusive activities by the state.

For more details visit https://cis-india.org/internet-governance/news/new-indian-express-keerthana-sankaran-december-26-2018-big-brother-is-here-amid-snooping-row-govt-report-says-monitoring-system-practically-complete

Beyond the Searchlight

praskrishna — 2013-10-23T11:15:27Z

Should we be wary of Google’s all-pervasiveness?

This article Debarshi Dasgupta was published in the Outlook on October 23, 2013. Sunil Abraham is quoted.

Search Google

Some queries to type in the window

Is what is good for Google good for India, especially after Brazil and the EU question its actions?
Are politicians sending out the right signals by associating with Google’s initiatives?
Is Google directing the internet intellectual discourse in a way that will benefit it?
Does Google initiate the kind of offline activities it does here in other democracies?
Is Google shutting out potential competition by obtaining a stranglehold on the internet?

Google’s policy, its CEO Eric Schmidt had once said, was to get right up to the creepy line, but not cross it. It has generated contentious debate about the firm’s activities and products, whether it’s accessing your e-mails to feed you targeted ads, something we have now come to accept grudgingly, or its soon-to-be-released Google Glass that comes fitted with miniature cameras and has advocates all worried about the next big breach on the privacy frontier.

Not just online, where privacy violations and anti-competitive practices have raised concerns globally, some of Google’s offline activities in India too should have us asking questions based on conflict of interest and lack of transparency. Here too, the company seems to have placed itself right next to the creepy line. Especially the way it has gone about sponsoring research at key think-tanks and academia on areas that directly concern its business interests.

Nothing illustrates this better than the work of PRS Legislative Research, which Google has funded in the past. PRS produces policy briefings that are sent out to lawmakers and the media, including on internet governance. PRS hasn’t got a clearance to receive foreign funds since it became independent of the Centre for Policy Research in 2010, where it was launched, and has since then been largely funded by domestic sources.

Prashant Reddy, Blogger

“That an Indian user seeking arbitration
with Google has to do so in a California
court reeks of double standards.”

Does this growing network mean Google is having a say in shaping internet governance laws? Maybe yes. They should have a say by all means, just as other interested parties must get theirs. But given its influence and the certain opaqueness that marks its activities, some more transparency can only boost the credentials of a firm whose informal motto is—“Don’t be evil”. Google may have helped you find that bit of information from the googol tera bytes of online data but it has so far largely evaded discussion on how it has gone on to become big and influential in India.

But while it may have been forced to back out from funding PRS directly, Google’s web of research fellows in this country is growing. In August this year, the Asia Internet Coalition, of which Google is a founding member, selected its two inaugural India fellows—Shehla Rashid Shora and Astik Sinha, both of whom will analyse policies concerning the internet environment here. Sinha also happens to be a social media advisor for BJP MP Anurag Thakur.

So big that it hobnobs with Narendra Modi in the first of its Hangout series and, quite contrary to its espousal of free speech, has comfortable questions pitched to him. Or so influential that it has telecom minister Kapil Sibal, its bete noire from 2011 when his ministry was forcing them to pull down content, to attend the launch of chandnichowkonline.in, a business directory of Sibal’s constituency. Outlook made several attempts to get a reaction from Google but received none by the time this article had to go to the press.


Blurred lines Paid ads seem no different from search results for cameras

Google, since 2011, has also placed three fellows so far under its annual Google Public Policy Fellowship programme at the Bangalore-based Centre for Internet and Society (CIS). The research is supposed to focus on “access to knowledge, openness in India, freedom of expression, privacy, and telecom”. Yet another crucial funding in May 2013 went to the Centre for Communication Governance at the National Law University in New Delhi, which does research on areas directly linked to its business interests. The agreement contains a clause that says “Google will not be excluded from any future business opportunities”. Its research director Chinmayi Arun did not respond to Outlook’s e-mail and said she was too busy to speak when Outlook called her up.

A third institution Google has funded is the media watch website The Hoot. After the 26/11 attacks in Mumbai when the government hastily amended the IT Act, clamping down in a restrictive spirit, noted journalist and the website’s editor Sevanti Ninan was one of the many criticising the government publicly in her articles. Google, she says, contacted her somewhere around mid-2009 seeking a proposal on how they could help with what she was working on. Ninan sent one proposing a Free Speech Hub and received a grant of $22,000 in January 2010 (approximately Rs 10 lakh at 2010 exchange rates) from Google to do so. The hub is an online forum to track free speech violation and highlight problems surrounding freedom of speech and expression and regulation of media.

The commitment was renewed in February 2012 with another grant of Rs 42 lakh. Ninan says that while Google was “not interested in media ethics but free speech”, its approach was entirely “hands-off” to what the site could include on the hub. “I think it’s entirely up to the organisation being funded to decide how it handles a grant. At the same time, anything Google does should be under scrutiny just like other corporations.”

“More transparency
and accountability
can only be good,
both for Google and for the organisation
it funds.”
Anja Kovacs, Internet Democracy Project

So just as it is necessary to publicise that Shell has ties with the India chapter of Brookings Institution or that Reliance sponsors the Observer Research Foundation, it is important that people know where Google is putting its money and for what gains. In fact, more so in the case of Google, a firm that touches our lives in so many more ways that Shell or Reliance does. Yet, a lot of what Google has been doing has gone without adequate publicity and scrutiny. Should we be any less sceptical of Google funding research that helps formulate policies on internet governance than we should be of, let’s say, the Tatas and Jindals on mining? “Google has huge money and its funding of research can be a very contentious issue, especially if it seeks to influence research. Therefore, parties who swear by full disclosure and transparency must adhere to it,” says senior journalist Paranjoy Guha Thakurta. “More transparency and accountability can only be good, both for Google and the organisations it funds,” adds Anja Kovacs, who works with the Internet Democracy Project.


The great connector Hangout with Narendra Modi

But there has been little of that transparency online. For instance, the Rules and Regulations Review of The Information Technology Rules, 2011, put out and sent to MPs by PRS Legislative Research has no mention that an interested party (Google) has funded its work. Similarly, The Hoot has no mention of Google funding it on the ‘About the Hub’ page even though it has details of Google’s funding on the ‘Support The Hoot’ page. Google has also funded numerous ngos, in areas such as health and education, and has sought to promote the use of technology (often theirs, such as in the ongoing Google Impact Challenge Award).

“Because there is
no privacy
commissioner,
Indian citizens are
left vulnerable to
Google when it comes to
privacy.”
Sunil Abraham, CIS, Bangalore

This offline influence apart, Google’s hold online is worrying enough to call for action. The way it manipulates search results to favour clients of its AdSense programme is a global concern. For instance, a search for a popular phone model throws up matches of Google’s clients and features them more prominently than the actual site of the product. The Jaipur-based Consumer Unity and Trust Society (CUTS) conducted a survey that found most internet users could not tell an ad from an organic search result from Google. Says Madhav Dar, an independent anti-trust economist, “Given its financial clout and dominance of e-commerce, Google can directly deny traffic to downstream sites. And because the internet ecosystem is still in a formative stage here, this is something that requires intense and urgent scrutiny by the Competition Commission of India (CCI).”

CUTS filed a formal complaint with the CCI in June last year alleging anti-competitive practices and abuse of its dominant position. BharatMatrimony.com too filed a complaint with the CCI in 2012 accusing it of directing online users’ search for “Bharat+Matrimony” to its rivals.

For many, Google crossed the creepy line when it declared, in a court filing in August this year, that people sending e-mails to any of Google’s 425 million Gmail users need have no “reasonable expectation” that their communications are confidential. This is something that concerns Sunil Abraham, the executive director of CIS, which hosts Google fellows but has received no funding from the firm. “India has no omnibus horizontal statutes, neither sufficiently evolved vertical statutes in specific areas of telecommunication or the internet,” he says. “And because of that there is no office of the privacy commissioner in India and the absence of this regulator doesn’t tame the voracious appetite that Google has for personal information. This happens in other jurisdictions, but the Indian citizen is left vulnerable to Google when it comes to privacy.” “Part of Google’s practice can be absolutely abhorrent, such as the way in which it seeks to have a monopoly in digitising information and being the only one to organise it,” adds Kovacs.


Amitabh Bachchan Google maps his home at WEF in Davos

Another controversial move online has been the decision between Airtel and Google to allow the former’s subscribers free usage of Google’s service up to 1 GB. This has thrown up concerns of violation of “network neutrality”, a widely acknowledged concept that requires internet service providers to not discriminate against third party applications and service.

Journalist and blogger Shivam Vij, however, thinks concerns surrounding Google’s offline activities are misplaced. “As long as they keep coming out with transparency reports that show the majority of requests for user data and content removal are refused, I’d consider them an ally. One should be grateful that Google is funding to protect free speech and ashamed that Indian firms aren’t,” he says. “And if they really have been trying to influence MPs, they would have bribed them, not put out research.”

Nikhil Pahwa, who runs Medianama, a digital media news and analysis website, is another person who says “he won’t look a gift horse in the mouth”. “I don’t know what the motives are, but I support what they are doing, especially given the way the state and Indian firms are failing us when it comes to protecting free speech online,” he adds. The only concern he has about Google is regarding its reported unwillingness to agree to a deal between the Advertising Agencies Association of India (AAAI) and the Internet and Mobile Association of India (IAMAI). The deal seeks to ensure smaller online publishers and advertising networks are paid on time by advertisers, who, in most cases, delay payments to smaller entities but always pay bigger players like Google on time. “Smaller players are suffering due to delay in payments, which can extend up to a year, a problem that Google does not face. The IAMAI initiative is something that Google is unwilling to support because it does not impact them,” he adds.

"Anything that
Google does should
be under scrutiny
just like other corporations."
Sevanti Ninan, Editor, The Hoot


The outreach Sibal attends the launch of chandnichowkonline, a business directory of his constituency; Qutub Minar, digitised

Criticising or questioning some of Google’s policies does not amount to siding with the government on cracking down on free speech on the internet. Outlook ran a cover in December 2011 where it was severely critical of the government’s attempt to muzzle online dissent. Neither does concern about Google’s activities stem from a fear of the foreign hand. Its expansion into Indian civil society has to be seen as an attempt by a profits-driven corporation to ensure its market interests in India are protected. The country becomes all the more important given the trouble it has been having in Brazil and in Europe, where the firm has been slapped with a slew of anti-trust charges. Keeping a close watch will only help enforce Google’s policy in India—not crossing the creepy line.

For more details visit https://cis-india.org/news/outlookindia-october-28-2013-debarshi-dasgupta-beyond-the-searchlight

Beyond the PDP Bill: Governance Choices for the DPA

Trishi Jindal and S.Vivek — 2021-11-10T07:32:33Z

This article examines the specific governance choices the Data Protection Authority (DPA) in India must deliberate on vis-à-vis its standard-setting function, which are distinct from those it will encounter as part of its enforcement and supervision functions.

The Personal Data Protection Bill, 2019, was introduced in the Lok Sabha on 11 December 2019. It lays down an overarching framework for personal data protection in India. Once revised and approved by Parliament, it is likely to establish the first comprehensive data protection framework for India. However, the provisions of the Bill are only one component of the forthcoming data protection framework It further proposes setting up the Data Protection Authority (DPA) to oversee the final enforcement, supervision, and standard-setting. The Bill consciously chooses to vest the responsibility of administering the framework with a regulator instead of a government department. As an independent agency, the DPA is expected to be autonomous from the legislature and the Central Government and capable of making expert-driven regulatory decisions in enforcing the framework.

Furthermore, the DPA is not merely an implementing authority; it is also expected to develop privacy regulations for India by setting standards. As such, it will set the day-to-day obligations of regulated entities under its supervision. Thus, the effectiveness with which it carries out its functions will be the primary determinant of the impact of this Bill (or a revised version thereof) and the data protection framework set out under it.

The final version for the PDP Bill may or may not provide the DPA with clear guidance regarding its functions. In this article, we emphasise the need to look beyond the Bill and instead examine the specific governance choices the DPA must deliberate on vis-à-vis its standard-setting function, which are distinct from those it will encounter as part of its enforcement and supervision functions.

A brief timeline of the genesis of a distinct privacy regulator for India

The vision of an independent regulator for data protection in India emerged over the course of several intervening processes that set out to revise India’s data protection laws. In fact, the need for a dedicated data protection regulation for India, with enforceable obligations and rights, was debated years before the Aadhaar, Cambridge Analytica, and Pegasusrevelations captured the public imagination and mainstreamed conversations on privacy.

The Right to Privacy Bill, 2011, which never took off, recognised the right to privacy in line with Article 21 of the Constitution of India, which pertains to the right to life and personal liberty. The Bill laid down express conditions for collecting and processing data and the rights of data subjects. It also proposed setting up a Data Protection Authority (DPA) to supervise and enforce the law and advise the government in policy matters. Upon review by the Cabinet, it was suggested that the Authority be revised to an Advisory Council, given its role under the Bill was limited.

Subsequently, in 2012, the AP Shah Committee Report recommended a principle-based data protection law, focusing on set standards while refraining from providing granular rules, to be enforced through a co-regulatory structure. This structure would consist of central and regional-level privacy commissioners, self-regulatory bodies, and data protection officers appointed by data controllers. There were also a few private members’ bills introduced between 2011 and 2019.

None of these efforts materialised, and the regulatory regime for data protection and privacy remained embedded within the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules). Though the SPDI Rules require body corporates to secure personal data, their enforcement is limited to cases of negligence in abiding by these limited set of obligations pertaining to sensitive personal information only, and which have caused wrongful loss or gain – a high threshold to prove for aggrieved individuals. Otherwise, the Intermediary Guidelines, 2011 require all intermediaries to generally follow these Rules under Rule 3(8). The enforcement of these obligations is entrusted to adjudicating officers (AO) appointed by the central government, who are typically bureaucrats appointed as AOs in an ex-officio capacity.

By 2017, the Aadhaar litigations had provided additional traction to the calls for a dedicated and enforceable data protection framework in India. In its judgement, the Supreme Court recognised the right to privacy as a fundamental right in India and stressed the need for a dedicated data protection law. Around the same time, the Ministry of Electronics and Information Technology (MeitY) constituted a committee of experts under the chairmanship of Justice BN Srikrishna. The Srikrishna Committee undertook public consultations on a 2017 white paper, which culminated in the nearly comprehensive Personal Data Protection Bill, 2018, and an accompanying report. This 2018 Bill outlined a regulatory framework of personal data processing for India and defined data processing entities as fiduciaries, which owe a duty of care to individuals to whom personal data relates. The Bill provided for the setting up of an independent regulator that would, among other things, specify further standards for data protection and administer and enforce the provisions of the Bill.

MeitY invited public comments on this Bill and tabled a revised version, the Personal Data Protection Bill, 2019 (PDP Bill), in the Lok Sabha in December 2019. Following public pressure calling for detailed discussions on the Bill before its passing, it was referred to a Joint Parliamentary Committee (JPC) constituted for this purpose. It currently remains under review; the JPC is reportedly expected to table its report in the 2021 Winter Session of Parliament. Though the Bill is likely to undergo another round of revisions following the JPC’s review, this is the closest India has come to realising its aspirations of establishing a dedicated and enforceable data protection framework.

This Bill carries forward the choice of a distinct regulatory body, though questions remain on the degree of its independence, given the direct control granted to the central government in appointing its members and funding the DPA.

Conceptualising an Independent DPA

The Srikrishna Committee’s 2017 white paper and its 2018 report on the PDP Bill discuss the need for a regulator in the context of enforcement of its provisions. However, the DPA under the PDP Bill is tasked with extensive powers to frame detailed regulations and codes of conduct to inform the day-to-day obligations of data fiduciaries and processors. To be clear, the standard-setting function for a regulator entails laying down the standards based on which regulated entities (i.e. the data fiduciaries) will be held accountable, and the manner in which they may conduct themselves while undertaking the regulated activity (i.e. personal data processing). This is in addition to its administrative and enforcement, and quasi-judicial functions, as outlined below:

Functions of the DPA under the PDP Bill 2019

At this stage, it is important to note that the choice of regulation via a regulator is distinct from the administration of the Bill by the central or state governments. Creating a distinct regulatory body allows government procedures to be replaced with expert-driven decision-making to ensure sound economic regulation of the sector. At the same time, the independence of the regulatory authority insulates it from political processes. The third advantage of independent regulatory authorities is the scope for ‘operational flexibility’, which is embodied in the relative autonomy of its employees and its decision-making from government scrutiny.

This is also the rationale provided by the Srikrishna Committee in stating their choice to entrust the administration of the data protection law to an independent DPA. The 2017 white paper that preceded the 2018 Srikrishna Committee Report proposed a distinct regulator to provide expert-driven enforcement of laws for the highly specialised data protection sphere. Secondly, the regulator would serve as a single point of contact for entities seeking guidance and will ensure consistency by issuing rules, standards, and guidelines. The Srikrishna Committee Report concretised this idea and proposed a sector-agnostic regulator that is expected to undertake expertise-driven standard-setting, enforcement, and adjudication under the Bill. The PDP Bill carries forward this conception of a DPA, which is distinct from the central government.

Conceptualised as such, the DPA has a completely new set of questions to contend with. Specifically, regulatory bodies require additional safeguards to overcome the legitimacy and accountability questions that arise when law-making is carried out not by elected members of the legislature, but via the unelected executive. The DPA would need to incorporate democratic decision-making processes to overcome the deficit of public participation in an expert-driven body. Thus, the meta-objective of ensuring autonomous, expertise-driven, and legitimate regulation of personal data processing necessitates that the regulator has sufficient independence from political interference, is populated with subject matter experts and competent decision-makers, and further has democratic decision-making procedures.

Further, the standard-setting role of the regulator does not receive sufficient attention in terms of providing distinct procedural or substantive safeguards either in the legislation or public policy guidance.

Reconnaissance under the PDP Bill: How well does it guide the DPA?

At this time, the PDP Bill is the primary guidance document that defines the DPA and its overall structure. India also lacks an overarching statute or binding framework that lays down granular guidance on regulation-making by regulatory agencies.

The PDP Bill, in its current iteration, sets out skeletal provisions to guide the DPA in achieving its objectives. Specifically, the Bill provides guidance limited to the following:

Parliamentary scrutiny of regulations: The DPA must table all its regulations before the Parliament. This is meant to accord legislative scrutiny to binding legal standards promulgated by unelected officials.
Consistency with the Act: All regulations should be consistent with the Act and the rules framed under it. This integrates a standard of administrative law to a limited extent within the regulation-making process.

However, India’s past track record indicates that regulations, once tabled before the Parliament, are rarely questioned or scrutinised. Judicial review is typically based on ‘thin’ procedural considerations such as whether the regulation is unconstitutional, arbitrary, ultra vires, or goes beyond the statutory obligations or jurisdiction of the regulator. In any event, judicial review is possible only when an instrument is challenged by a litigant, and, therefore, it may not always be a robust ex-ante check on the exercise of this power. A third challenge arises where instruments other than regulations are issued by the regulator. These could be circulars, directions, guidelines, and even FAQs, which are rarely bound by even the minimal procedural mandate of being tabled before the Parliament. To be sure, older regulators including the Reserve Bank of India (RBI) and the Securities and Exchange Board of India (SEBI) also face similar issues, which they have attempted to address through various methods including voluntary public consultations, stakeholder meetings, and publication of minutes of meetings. These are useful tools for the DPA to consider as well.

Apart from these, specific guidance is provided with respect to issuing and approving codes of practice and issuing directions as follows:

Codes of practice: The DPA is required to (i) ensure transparency,^{^[1]} (ii) consult with other sectoral regulators and stakeholders, and (iii) follow a procedure to be prescribed by the central government prior to the notification of codes of practice under the Bill.^{^[2]}
Directions: The DPA may issue directions to individual, regulated entities or their classes from time to time, provided these entities have been given the opportunity to be heard by the DPA before such directions are issued.^{^[3]}

However, the meaning of transparency and the process for engaging with sectoral regulators remains unspecified under the Bill. Furthermore, the central government has been provided vast discretion to formulate these procedures, as the Bill does not specify the principles or outcomes sought to be achieved via these procedures. The Bill also does not specify instances where such directions may be issued and in which form.

Thus, as per its last publicly available iteration, the Bill remains silent on the following:

The principles that may guide the DPA in its functioning.
The procedure to be followed for issuing regulations and other subordinate legislation under the Bill.
The relevant regulatory instruments, other than regulations and codes of practice – such as circulars, guidelines, FAQs, etc. – that may be issued by the DPA.
The specifics regarding the members and employees within the DPA who are empowered to make these regulations.

It is unclear whether the JPC will revise the DPA’s structure or recommend statutory guidance for the DPA in executing any of its functions. This is unlikely, given that parent statutes for other regulators typically omit such guidance. As a result, the DPA may be required to make intentional and proactive choices on these matters, much like their regulatory counterparts in India. These are discussed in the section below.

Envisaging a Proactive Role for the DPA

As the primary regulatory body in charge of the enforcement of the forthcoming data protection framework, what should be the role of the DPA in setting standards for data protection?

The complexity of the subject matter, and the DPA’s role as the frontline body to define day-to-day operational standards for data protection for the entire digital economy, necessitates that it develop transparent guiding principles and procedures. Furthermore, given that the DPA’s autonomy and capacity are currently unclear, the DPA will need to make deliberate choices regarding how it conducts itself. In this regard, the skeletal nature of the PDP Bill also allows the DPA to determine its own procedures to carry out its tasks effectively.

This is not uncommon in India: various regulators have devised frameworks to create benchmarks for themselves. The Airports Economic Regulatory Authority (AERA) is obligated to follow a dedicated consultation process as per an explicit transparency mandate under the parent statute. However, the Insolvency and Bankruptcy Board of India (IBBI) has, on its own initiative, formulated regulations to guide its regulation-making functions. In other cases, consultation processes have been integrated into the respective framework through judicial intervention: the Telecom Regulatory Authority of India (TRAI) has been mandated to undertake consultations through judicial interpretation of the requirement for transparency under the Telecom Regulatory Authority of India Act, 1997 (TRAI Act).

In this regard, we develop a list of considerations that the DPA should look to address while carrying out its standard-setting functions. We also draw on best practices by Indian regulators and abroad, which can help identify feasible solutions for an effective DPA for India.

The choice of regulatory instruments

The DPA is empowered to issue regulations, codes of practice, and directions under the Bill. At the same time, regulators in India routinely issue other regulatory instruments to assign obligations and clarify them. Some commonly used regulatory instruments are outlined below. The terms used for instruments are not standard across regulators, and the list and description set out below outline the main concepts and not fixed labels for the instruments.

Overview of regulatory instruments

	Circulars and Master Circulars	Guidelines	FAQs	Directions
Content	Circulars are used to prescribe detailed obligations and prohibitions for regulated entities and can mimic regulations. Master circulars consolidate circulars on a particular topic periodically.	These may be administrative or substantive, depending on the practice of the regulator in question.	Issued in public interest by regulators to clarify the regulatory framework administered by them. They cannot prescribe new standards or create obligations.	Issued to provide focused instructions to individual entities or class of entities in response to an adjudicatory action or in lieu of a current challenge.
Binding character	They are generally binding in the same manner as regulations and rules. However, if they go beyond the parent Act or existing rules and regulations, they may be struck down following a judicial review.	They may or may not be binding depending upon the language employed or the regulator’s practice.	Unclear whether these are binding and to what extent. However, crucial clarifications on important concepts sometimes emerge from FAQs.	Binding in respect of the class of regulated entities to whom this is issued.
Parliamentary scrutiny	Unlike regulations, these do not have to be laid before the Parliament.

Thus, all these instruments, to varying degrees, have been used to create binding obligations for regulated entities. The choice of regulatory instrument is not made systematically. Indeed, even a hierarchy of instruments and their functions are not clearly set out by most regulators. The rationale for deciding why a circular is issued as against a regulation is also unclear. A study on regulatory performance in India by Burman and Zaveri (2018) has highlighted an over-reliance on instruments such as circulars. As per their study, between 2014 and 2016, RBI and SEBI issued 1,016 and 122 circulars, as against 48 and 51 regulations, respectively. These circulars are not bound by the same pre-consultative mandate nor are they mandated to be laid before the Parliament. While circulars may have been intended for routine to routinely used to lay down administrative or procedural requirements, the study narrows its frame of reference to circulars which lay down substantive regulatory requirements. In this instance, it is unclear why parliamentary scrutiny is mandated for regulations alone, and not for instruments like circulars and directions, even though they lay down similarly substantive requirements. Furthermore, there have also been instances where certain instruments like FAQs have gone beyond their advisory scope to provide new directions or definitions that were not previously shared under binding instruments like regulations or circulars.

The DPA has been provided specific powers to issue regulations, codes of practice, and directions. However, the rationale for issuing one instead of the other has been absent from the PDP Bill so far. In such a scenario, it is important that the DPA transparently outlines the types of instruments it wishes to use, whether they are binding or advisory, and the procedure to be followed for issuing each.

Pre-legislative consultative rule-making

Participatory and consultative processes have emerged as core components of democratic rule-making by regulators. Transparent consultative mechanisms could also ameliorate capacity challenges in a new regulator (particularly for technical matters) and help enhance public confidence in the regulator.

In India, several regulators have adopted consultation mechanisms even when there is no specific statutory requirement. SEBI and IBBI routinely issue discussion papers and consultation papers. The RBI also issues draft instruments soliciting comments. As discussed previously, TRAI and AERA have distinct transparency mandates under which they carry out consultations before issuing regulations. However, these processes are not mandated all forms of subordinate legislation. Taking cognizance of this, the Financial Sector Legislative Reform Committee (FSLRC) has recommended transparency in the regulation-making process. This was carried forward by the Financial Stability and Development Council (FSDC), which recommended that consultation processes should be a prerequisite for all subordinate legislations, including circulars, guidelines, etc. A study on regulators’ adherence to these mandates, spanning TRAI, AERA, SEBI, and RBI, demonstrated that this pre-consultation mandate is followed inconsistently, if at all. Predictable consultation practices are therefore critical.

Furthermore, the study stated that it could not determine whether the consultation processes yielded meaningful participation, given that regulators are not obligated to disclose how public feedback was integrated into the rule-making process. Subordinate legislations issued in the form of circulars and guidelines also do not typically undergo the same rigorous consultation processes. Thus, an ideal consultation framework would comprise:

Publication of the draft subordinate legislation along with a detailed explanation of the policy objectives. Further, the regulator should publish the internal or external studies conducted to arrive at the proposed legislation to engender meaningful discussion.
Permitting sufficient time for the public and interested stakeholders to respond to the draft.
Publishing all feedback received for the public to assess, and allowing them to respond to the feedback.

However, beyond specifying the manner of conducting consultations, it will be important for the DPA to determine where they are mandatory and binding, and for which type of subordinate legislations. These are discussed in the next section.

Choice of consultation mandates for distinct regulatory instruments

While the Bill provides for consultation processes for issuing and approving codes of practice, no such mechanism has been set out for other instruments. Nevertheless, specifying consultation mandates for different regulatory instruments is important to ensure that decision-making is consistent and regulation-making remains bound by transparent and accountable processes. As discussed above, regulatory instruments such as circulars and FAQs are not necessarily bound by the same consultation mandates in India. This distinction has been clarified in more sophisticated administrative law frameworks abroad. For instance, under the Administrative Procedures Act in the United States (US), all substantive rules made by regulatory agencies are bound by a consultation process, which requires notice of the proposed rule-making and public feedback. This does not preclude the regulatory agency from issuing clarifications, guidelines, and supplemental information on the rules issued. These documents do not require the consultation process otherwise required for formal rules. However, they cannot be used to expand the scope of the rules, set new legal standards, or have the effect of amending the rules. Nevertheless, agencies are not precluded from choosing to seek public feedback on such documents.

Similarly, the Information Commissioner’s Office in the United Kingdom (UK) takes into consideration public consultations and surveys while issuing toolkits and guidance for regulated entities on how to comply with the data protection framework in the UK.

Here, the DPA may choose to subject strictly binding instruments like regulations and codes of practice to pre-legislative consultation mandates, while softer mechanisms like FAQs may be subject to the publication of a detailed outline of the policy objective or online surveys to invite non-binding, advisory feedback. For each of these, the DPA will nonetheless need to create specific criteria by which it classifies instruments as binding and advisory, and further outline specific pre-legislative mandates for each category.

Framework for issuing regulatory instruments and instructions

While the DPA is likely to issue several instruments, the system based on which these instruments will be issued is not yet clear. Without a clearly thought-out framework, different departments within the regulator typically issue a series of directions, circulars, regulations, and other instruments. This raises questions regarding the consistency between instruments. This also requires stakeholders to go through multiple instruments to find the position of law on a given issue. Older Indian regulators are now facing challenges in adapting their ad hoc system into a framework. For example, the RBI currently issues a series of circulars and guidelines that are periodically consolidated on a subject-matter basis as Master Circulars and Master Directions. These are then updated and published on their website. IBBI also publishes handbooks and information brochures that consolidate instruments in an accessible manner.

While these are useful improvements, these practices cannot keep pace with rapid changes in regulatory instructions and are not complete or user-friendly (for example, the subject-matter based consolidation does not allow for filtering regulatory instructions by entity). Other jurisdictions have developed different techniques such as formal codification processes to consolidate regulations issued by government agencies under one unified code, register, or handbook, websites that allow for searches based on different parameters (subject-matter, type of instrument, chronology, entity-based), and guides tailored to different types of entities. The DPA, as a new regulator, can learn from this experience and adopt a consistent framework right from the beginning.

Further, an ethos of responsive regulation also requires the DPA to evaluate and revise directions and regulations periodically, in response to market and technology trends. A commitment to periodic evaluation of subordinate legislations entrenched in the rules is critical to reducing the dependence on officials and leadership, which may change. For instance, the IBBI has set out a mandatory review of regulations issued by it every three years.

Dedicating capacity for drafting subordinate legislations

The DPA has been granted the discretion to appoint experts and staff its offices with the personnel it needs. A study of European data protection authorities shows that by the time the General Data Protection Regulation, 2016 became effective, most of the authorities increased the number of employees with some even reporting a 240% increase. The annual spending on the authorities also went up for most countries. While these authorities do not necessarily frame subordinate legislations, they nonetheless create guidance toolkits and codes of practice as part of their supervisory functions.

In this regard, the DPA will need to ensure it has dedicated capacity in-house to draft subordinate legislations. Since regulators are generally seen as enforcement authorities, there is inadequate investment in capacity-building for drafting legislations in India.

Moreover, considering the multiplicity of instruments and guidance documents the DPA is expected to issue, it may seek to create templates for these instruments, along with compulsory constituents of different types of instruments. For instance, the Office of the Australian Information Commissioner is required to include a mandatory set of components while issuing or approving binding industry codes of practice.

Conclusion

The Personal Data Protection Bill, 2019 (in the final form recommended by the JPC and accepted by the MeitY) will usher in a new chapter in India’s data protection timeline. While the Bill will finally effectuate a nearly comprehensive data protection framework for India, it will also establish a new regulatory framework that sets up a new regulator, the DPA, to oversee the new data protection law. This DPA will be empowered to regulate entities across sectors and is likely to determine the success of the data protection law in India.

Furthermore, the DPA must not only contend with the complexity of markets and the fast pace of technological change, but it must also address anticipated regulatory capacity deficits, low levels of user literacy, the number and diversity of enities within its regulatory ambit, and the need to secure individual privacy within and outside the digital realm.

Thus, looking ahead, we must account for the questions of governance that the forthcoming DPA is likely to face, as these will directly impact how entities and citizens engage with the DPA. In India, regulatory agencies adopt distinct choices to fulfil their functions. Regulators have also fared variably in ensuring transparent and accountable decision-making driven by demonstrable expertise. Even if the final form of the PDP Bill does not address these gaps, the DPA has the opportunity to integrate benchmarks and best practices as discussed above within its own governance framework from the get-go as it takes on its daunting responsibilities under the PDP Bill.

(The authors are Research Fellow, Law, Technology and Society Initiative and Project Lead, Regulatory Governance Project respectively at the National Law School of India University, Bangalore. Views are personal.)

This post was reviewed by Vipul Kharbanda and Shweta Mohandas

References

For a discussion on distinct regulatory choices, please see TV Somanathan, The Administrative and Regulatory State in Sujit Choudhary, Madhav Khosla, et al. (eds), Oxford Handbook of the Indian Constitution (2016).
On best practices for consultative law-making, see generally European Union Better Regulation Communication, Guidelines for Effective Regulatory Consultations (Canada), and OECD Best Practice Principles for Regulatory Policy: The Governance of Regulators, 2014.

^{^[1]} Personal Data Protection Bill 2019, § 50(3).

^{^[2]} Personal Data Protection Bill 2019, § 50(4).

^{^[3]} Personal Data Protection Bill 2019, § 51.

For more details visit https://cis-india.org/internet-governance/blog/trishi-jindal-and-s-vivek-beyond-the-pdp-bill

Beyond Sharing: Towards our Digital Futures

nishant — 2012-06-01T04:39:12Z

The battle is not about file sharing and a petty film producer wanting to rake in the box office earnings. It is about the law’s incapacity to deal with post-analogue practices and processes.

Down to Earth published Nishant Shah's Op-ed on May 31, 2012

Unless you have been hiding under an analogue rock, wearing a tin-foil hat and staying away from electricity, chances are you have heard about the recent court order that bans access to a massive number of file-sharing websites from India. A John Doe order by the Madras High Court, following a complaint by the producers of the movie 3, has meant Internet Service Providers across the country have had to deny access to a number of websites that have been listed as providing free access to copyrighted material. In an attempt to ensure box-office collections for their movie, whose claim to fame, ironically, is the viral ‘Kolaveri Di’ song that had captured the country’s pulse last year, the producers have now denied access to something that is the basic function of anybody immersed in Web 2.0 environments–sharing of information.

Much has been written about this ban. The battlelines are clearly drawn and from both sides we have strong arguments being made for and against piracy. Various media and culture industry people are supporting this ban, recounting losses that they have made because of people accessing pirated material online. Hacker and civil liberties groups are decrying this heavy censorship, providing numerous instances of how piracy has actually helped cultural productions gain more fame and money than they would have otherwise. There are yet others, who, while they respect the rights of the right-holders to protect themselves against copyright infringement, are furious that this blanket ban also disallows them to access material which was under a public license and material that they had produced and shared through these networks.

International Hacker groups like Anonymous are mobilising people in large numbers to come to the streets as a sign of protest against such draconian measures.

Most of these debates eventually are at loggerheads, with each side becoming louder and shriller, their positions attaining cult-like devotion and faith. In this cacophony there are some other points which get missed out. This issuance of the John Doe order has betrayed some startling flaws in how the Internet is governed in India and the alarming implications it has to the future of free, open and inclusive information societies.

One thing that this court order has made excruciatingly clear is how the Internet is not the utopian space of exchange, collaboration, crowd sourcing and sharing it was meant to be. Despite the government’s own investments in building digital infrastructure, and its rhetoric of becoming more accountable, transparent and accessible by granting digital access to the citizens, it is obvious that this is still a space that is looked at with great suspicion.

It comes as a shock to many of us that a high court issued an order which does not only impinge on freedom of speech and expression, but also fails to understand the nature of the Internet. In all reality, this ban is a farce. Everybody who has been used to the shared cultures of the online world, has found proxy servers and Internet anonymisers which allow them to hide their identity and continue with their everyday practice online. The cool kids are already doing this anyway. All we have is a stark realisation that the state might be investing heavily in digital technologies but it still has not been able to get out of the centralised broadcast ways of thinking about it.

All sharing is not piracy. Some of it is just actually sharing. All debates seem to centre only around the copyrighted material being accessed through the file sharing websites. It is a concern which is legitimate. What about all the material that is in the public domain, in the commons and available for free? The user generated content, content which might not have direct economic value but is valuable to the people who created and shared it, is also now inaccessible. In order to protect some people from piracy we have also violated the rights of many more to share. And that is a distinction that is worth preserving, as we increasingly move into becoming an information society.

In the Web 2.0 world, we are all producers of data. We not only leave traces but also put out material of cultural significance–from videos of dancing babies to knowledge that we want to share–through these peer-2-peer networks. A sudden collapse of this infrastructure almost seems to show how it is only the money-making material that is important to the state and not the other.

There is not going to be a clear, correct position in this case against file-sharing. The legal technicalities will always be hollow in the face of ideologies of openness and inclusion. The moral indignation will always be countered by facts and numbers. But in the middle of all the fights and discussions, it is also good to pay attention to what is at stake. This battle is not merely about file sharing, though there is nothing “mere” about file sharing. This battle is not about a petty film producer wanting to rake in the box office earnings. This battle is about the law’s incapacity to deal with post-analogue practices and processes.

The way we resolve these differences is going to determine the future of what it means to be public, open, free, and inclusive. Those of us who are fighting to get the word out, are not doing it only because the access to our favourite cultural products has become cumbersome, but because scared that this might well be the beginning of the end of all that we had dreamt of our digital futures.

For more details visit https://cis-india.org/internet-governance/beyond-sharing

Beyond Scale: How to make your digital development program sustainable

Admin — 2018-02-26T14:23:26Z

A dissemination workshop was organized by BBC Media Action, with support from the Digital Impact Alliance and the Bill & Melinda Gates Foundation on February 21, 2018 in Bangalore. Sunil Abraham participated in the workshop.

Agenda

9.00 to 9.45

Registration and coffee

9.50 to 10.05

Introduction to ‘Beyond Scale’, Kate Willson, CEO, Digital Impact Alliance

10.15 to 11.15

‘Surviving the Valley of Death’, panel discussion with:

Rahul Mullick, ICT lead, Bill & Melinda Gates Foundation, India,
Nehal Sanghavi, Senior Advisor for Innovation and Partnership, USAID, India
Kate Wilson, CEO, Digital Impact Alliance
Priyanka Dutt, Country Director, BBC Media Action

Moderated by Sara Chamberlain, Digital Director, BBC Media Action

11.15 to 11.30

Tea/coffee break

11.30 to 11.45

Introduction to the table workshop sessions

11.45 to 1.00

Each table works to identify solutions to some of the digital development sector’s most pressing challenges in the areas of organizational change management, regulatory compliance, legal protection and risk, public sector adoption, private sector business models, solution design, technical architecture for scale, partnerships and human capacity.

1 PM to 2.00

Lunch

2.00 to 2.30

Each table finalizes its presentation.

3.00 to 4.15

Presentations, Q&A and discussion of each table’s group work

4.15

Tea/coffee will be served at the tables

4.30 to 4.45

Introduction to the ‘Expert Bar’

4.45 to 6.00

There will be one or more ‘experts’ in specific focus areas of the guide seated at each table. Participants are free to visit the tables that interest them to discuss their challenges and share their own expertise.

6.00 – 9.00

Networking reception with open bar and snacks

For more details visit https://cis-india.org/internet-governance/news/beyond-scale-how-to-make-your-digital-development-program-sustainable

Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media

amber — 2021-05-31T10:19:33Z

For more details visit https://cis-india.org/internet-governance/files/beyond-public-squares-dumb-conduits-and-gatekeepers.pdf

Beyond Public Squares, Dumb Conduits, and Gatekeepers: The Need for a New Legal Metaphor for Social Media

amber — 2021-05-31T10:23:36Z

In the past few years, social networking sites have come to play a central role in intermediating the public’s access to and deliberation of information critical to a thriving democracy. In stark contrast to early utopian visions which imagined that the internet would create a more informed public, facilitate citizen-led engagement, and democratize media, what we see now is the growing association of social media platforms with political polarization and the entrenchment of racism, homophobia, and xenophobia.

There is a dire need to think of regulatory strategies that look beyond the ‘dumb conduit’ metaphors that justify safe harbor protection to social networking sites. Alongside, it is also important to critically analyze the outcomes of regulatory steps such that they do not adversely impact free speech and privacy. By surveying the potential analogies of company towns, common carriers, and editorial functions, this essay provides a blueprint for how we may envision differentiated intermediary liability rules to govern social networking sites in a responsive manner.

Introduction

Only months after Donald Trump’s 2016 election victory — a feat mired in controversy over alleged Russian interference using social media, specifically Facebook — Mark Zuckerberg remarked that his company has grown to serve a role more akin to government, rather than a corporation. Zuckerberg argued that Facebook was responsible for creating guidelines and rules that governed the exchange of ideas of over two billion people online. Another way to look at the same argument is to acknowledge that, today, a quarter of the world’s population (and of India) are subject to the laws of Facebook’s terms and conditions and privacy policies, and public discourse around the globe is shaped within the constraints and conditions they create. Social media platforms, like Facebook, wield hitherto unimaginable power to catalyze public opinions, causing a particular narrative to gather steam — that Big Tech can pose an existential threat to democracy.

This, of course, is in absolute contrast to the early utopian visions which imagined that the internet would create a more informed public, facilitate citizen-led engagement, and democratize media. Instead, what we see now is the growing association of social media platforms with political polarization and the entrenchment of racism, homophobia, and xenophobia. The regulation of social networking sites has emerged as one of the most important and complex policy problems of this time. In this essay, I will explore the inefficacy of the existing regulatory framework, and provide a blueprint for how to think of appropriate regulatory metaphors to revisit it.

Click on to read the article published by IT for Change
Download the PDF (34,328 Kb) to read the full article, pages 126 - 138.

For more details visit https://cis-india.org/internet-governance/blog/it-for-change-amber-sinha-beyond-public-squares-dumb-conduits-and-gatekeepers

Beyond Clicktivism

praskrishna — 2011-04-20T04:33:53Z

Moral support Hazare has in plenty. Count the missed calls, writes Debarshi Dasgupta in this article published in the Outlook on April 18, 2011.

Want to commit sedition against the government?” “Join Dandi March-II.” “A Mahatma announces a fast-unto-death.” These were some of the clarion calls that organisers of the protest against corruption led by Anna Hazare were making online. And people from all classes responded in massive numbers. Possibly fed up with the scale of the CWG and 2G scams and exasperated by the petty and mundane corruption they encounter daily.

Anna Hazare and Jantar Mantar were among the top 10 global trending topics on Twitter on April 7 afternoon. “Earthquake named Anna Hazare lashes on corrupted Indian Politicians, epicenter India, it measures 1.22 Billion Richter Hearts,” said one. A disengaged youngster tweeted: “OK, enough of ignorance...time to read up on Anna Hazare.” On the ‘India Against Corruption’ page on Facebook, people from across the country left posts either announcing their local programme to support Hazare or asking for advice to organise one. Leaflets urged people to give a missed call on a Mumbai landline expressing support. With 6,00,000 missed calls, the organisers were urging more to call in to take that number to over 25 lakh.

Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society, said the organisers of this social media campaign had adopted a “funnel approach”, in which they get people involved gradually. “Clicking on the ‘Like’ function on Facebook to making a call—they are increasing the action, incrementally getting people to become proper activists from being armchair slacktivists.”

Read the original here

For more details visit https://cis-india.org/news/beyond-clicktivism

Beyond Anonymous: Shit people say on Internet piracy

nishant — 2012-06-13T14:01:59Z

This post is a series of provocations around piracy, censorship and the state of Internet in India. Like all good tasting things, these observations need to be taken with a pinch of salt. But it is the hope of the author that this serves as a response to otherwise very persistent voices that have been demonizing file-sharing online.

Firstpost published Nishant Shah's column along with the video that CIS and ALF had made on 'shit people say about piracy' as a lead story on June 7, 2012.

9 June is going to be a big day in India, for all concerned with internet regulation, censorship and the current attacks on file-sharing.

The International Hacker group Anonymous – a group that has become iconic with its members wearing Guy Fawkes mask as they mobilise protest and hacker attacks on what they see as tyrannical regimes – has called for marched protests in 16 Indian cities, to demand a free and open Internet.

They have already started launching Denial of Service attacks and taking down websites owned by the Indian government to express their displeasure about the recent regulation of the internet. Whether or not their guerrilla tactics are efficient and effective, in the right or not, is something that has been discussed quite popularly.

There are hordes of people who think of them as the NewAge Mutant Ninja Hackers, who are protecting our digital worlds from being clamped down. There are others who paint them as the Big Bad Wolf who huffed and puffed and will blow our houses away.

You might be sympathetic, suspicious or scared of the emergence of such a ‘crowd vigilante’, sporting the slogan that has spawned Internet memes galore – Y U No Wake up? – But there is no doubt that the rise of such a collective signals how discourse around piracy, rights, and openness is no longer in the domain of the uber-geek and the academic researcher.

These are concepts with very material realities that affect our everyday functioning and require not only better policies but also a more nuanced public discourse. Today, I look at some of the most ludicrous things that have been said about file-sharing, around the world, wondering why this idea of sharing has evoked such startling responses from different quarters.

File sharing and depression: There has always been a concern about the physical well-being of internet users. From Internet addiction rehabilitation clinics in China to online support groups for internet addicts (I swear I am not making this up!), from doctors worried about posture and eye-sight to mothers concerned about violent video games, we thought we had heard it all.

And then came the extraordinary study that suggested that file sharing might lead to depression. Or rather, if you are an avid file-sharer on the internet, you are prone to attacks of depression. This had the twitter world abuzz, where people were trying to make sense of this ‘scientific’ study that connected spending long hours on the interwebz with mental illness. A trending tweet just about summed up the situation, when it said, “File sharers are depressed only because of what is done to them when they share”.

File sharing and jobs: There was a time when the Music and Film Industry Associations (MAFIA) around the world used to protest file sharing by painting a romanticised picture of the independent starving artists, from whose mouths, we stole morsels, as we shared their work without paying for it. But that argument collapsed in the days of Napster (remember that?) and it has been proven over and over again, that the artist almost always benefits from their work being shared.

However, lately, research from respectable universities (expensively funded by respectable interested parties) have started hitting the real you, rather than the imagined artist. Every torrent being downloaded on the web is correlated with a lost job, because these companies can no longer afford to hire as many people as they used to, because of the growing losses. And then it goes into complicated mumbo-jumbo about how that one torrent that sits merrily on your computer, actually affects all the jobs to kingdom come and will be responsible for your children’s unemployment.

They remain silent about the jobs lost because of the funding that went into buying supporting this research.

I am not a Pirate: And lest you go away with the idea that the rest of the junta does not gaff, here are some of the gems that have come our way while working with people in the field. It is common, for instance, for people to take a moral stance on piracy, radiating a holier-than-thou ethical persona, without realising that recording that last IPL match to watch later on your tablet is also an act of piracy.

Then there are those who only consume material pirated by others, happily ignoring the fact that the ring-tone that they copied from their friend is also an act of piracy. Ditto, people who claim “I am not a pirate”, meaning that they haven’t yet figured out the bittorrent system and hence go to the local corner shop to buy pirated DVDs of the latest releases. In their heads, they have paid somebody for the material and hence it must be alright.

Piracy is not a one-point source process. It is a networked ecosystem, and I am still to find that one person who has never shared anything and make a video of them saying “I am not a pirate”. But that is probably just wishful thinking.

There are many more such instances which make your mind boggle and your eyes goggle and you wonder if you heard it right for the first time. Do share your favourite ones if you can. In the meantime you might also want to look at the new meme video ‘Sh!t People say about Piracy’ that captures some of these responses in their absurdity.

Video

(Video by The Centre for Internet and Society , and the Alternative Law Forum)

Follow the video on YouTube

For more details visit https://cis-india.org/internet-governance/shit-people-say-on-internet-piracy

Beyond Access as Inclusion

anja — 2011-08-02T07:29:03Z

On 13 September, the day before the fifth Internet Governance Forum opens, CIS is coorganising in Vilnius a meeting on Internet governance and human rights. One of the main aims of this meeting is to call attention to the crucial, yet in Internet governance often neglected, indivisibility of rights. In this blog post, Anja Kovacs uses this lens to illustrate how it can broaden as well reinvigorate our understanding of what remains one of the most pressing issues in Internet governance in developing countries to this day: that of access to the Internet.

One of the most attractive characteristics of the Internet – and perhaps also one of the most debated ones – is its empowering, democratising potential. In expositions in favour of access to the Internet for all, this potential certainly often plays a central role: as the Internet can help us to make our societies more open, more inclusive, and more democratic, everybody should be able to reap the fruits of this technology, it is argued. In other words, in debates on access to the Internet, most of us take as our starting point the desirability of such access, for the above reasons. But how justified is such a stance? Is an Internet-induced democratic transformation of our societies what is actually happening on the ground?

I would like to move away, in this blog post, from the more traditional approaches to the issue of access, where debates mostly veer towards issues of infrastructure (spectrum, backbones, last mile connectivity, …) or, under the banner of “diversity”, towards the needs of specific, disadvantaged communities (especially linguistic minorities and the disabled). To remind us more sharply of the issues at stake and of the wide range of human rights that need our active attention to make our dreams a reality, I would like to take a step back and to ask two fundamental questions regarding access: why might access be important? And what do we actually have access to?

Let me start, then, by exploring the first question: why, actually, is Internet access important? In his canonical work on the information age, and especially in the first volume on the rise of the network society, Manuel Castells (2000) has perhaps provided the most elaborate and erudite description of the ways in which new technologies are restructuring our societies and our lives. We are all all too familiar with the many and deep-seated ways in which the Internet changes the manner in which we learn, play, court, pay, do business, maintain relationships, dream, campaign. And yet, the exact nature of the divide created by the unequal distribution of technical infrastructure and access, despite being so very real, receives relatively little attention: this divide is not simply one of opportunities, it is crucially one of power. If in traditional Marxist analysis the problem was that the oppressed did not have access to the means of production, today, one could well argue, the problem is that they do not have access to the means of communication and information.

Indeed, the Internet is not something that is simply happening to us: there are people who are responsible for these new evolutions. And so it becomes important to ask: who is shaping the Internet? Who is creating this new world? Let us, by way of example, consider some figures relating to Internet use in India. So often hailed as the emerging IT superpower of the world, there are, by the end of 2009, according to official government figures, in this country of 1 billion 250 million people slightly more than 15 million Internet connections. Of these, only slightly more than half, or almost 8 million, are broadband connections – the rest are still dial-up ones (TRAI 2010). The number of Internet users is of course higher – one survey estimates that there are between 52 million and 71 million Internet users in urban areas, where the bulk of users is still located (IAMAI 2010). But while this is a considerable number, it remains a fraction of the population in a country so big. What these figures put in stark relief, then, is that the poor and marginalised are not so much excluded from the information society (in fact, many have to bear the consequences of new evolutions made possible by it in rather excruciating fashion), but rather, that they are fundamentally excluded from shaping the critical ways in which our societies are being transformed.

To have at least the possibility to access the Internet is, then, of central significance in this context for the possibility of participation it signals in the restructuring of our societies at the community, national and global level, and this in two ways: in the creation of visions of where our societies should be going, and in the actual shaping of the architecture of our societies in the information age.

If we agree that access attains great significance in this sense, then a second question poses itself, and that is: in practice, what exactly are we getting access to? This query should be of concern to all of us. With the increasing corporatisation of the Internet and the seemingly growing urges of governments on all continents to survey and control their citizens, new challenges are thrown up of how to nurture the growth of open, inclusive, democratic societies, that all of us are required to take an interest in.

Yet it is in the case of poor and marginalised people that the challenges are most pronounced. Efforts to include them in the information society are disproportionately legitimised on the basis of the contribution these can make to improving their livelihoods. Initiatives, often using mobile technology, that allow farmers to get immediate information about the market prices of the produce they are intending to sell, are perhaps the most well-known and oft-cited examples in this category. Other efforts aim to improve the information flow from the government to citizens: India has set up an ambitious network of Common Service Centres, for example, that aim to greatly facilitate the access of citizens to particular government services, such as obtaining birth or caste certificates – and going by first indications, this also seems to be succeeding in practice. Only rarely, however, do initiatives to “include” the poor in the information society address them as holistic beings who do not only have economic lives, but political, emotional, creative and intellectual existences as well. This is not to say that economic issues are not of importance. But by highlighting only this aspect of poor people's lives, we promote a highly impoverished understanding of their existences.

The focus on a limited aspect of the poor's identity - important as that aspect may be - has a function, however: it makes it possible to hide from view the extremely restrictive terms on which poor people are currently being integrated into the information society. Even initiatives such as the Common Service Centres are in fact based on a public-private-partnership model that explicitly aims to “align [..] social and commercial goals” (DIT 2006: 1), and in effect subordinates government service design to the requirements of the CSC business model (Singh 2008). The point is not simply that we need strong privacy and data protection policies in such a context – although we clearly do. There is a larger issue here, which is that efforts to include the poor in the information society, in the present circumstances, really seem to simply integrate them more closely into a capitalist system over which they have little control, or to submit them to ever greater levels of government and corporate surveillance. Their own capacity to give shape to the system in which they are “included”, despite the oft-heralded capacities of the Internet to allow greater democratic participation and to turn everybody into a producer and distributor, as well as a consumer, remains extremely limited.

Such tendencies have not gone unnoticed. For example, unlike in many other parts of the world, social movements in India fighting against dams, special economic zones or mining operations in forest areas - all initiatives that lead to large-scale displacement – have not embraced technology as enthusiastically as one might have expected. There are various reasons for this. Within Indian nationalism, there have always been strands deeply critical of technology, with Gandhi perhaps their most illustrious proponent. But for many activists, technology often also already comes with an ideological baggage: an application such as Twitter, for example, in so many of its aspects is clearly manufactured by others, for others, drawing on value sets that activists often in many ways are reluctant to embrace. And such connotations only gain greater validity because of the intimate connections that exist in India between the IT boom and neoliberalism: technology has great responsibility for many of the trends and practices these activists are fighting against. While the Internet might have made possible many new publics, most movements do not – as movements – recognise these publics as their own (Kovacs, forthcoming).

To some extent, these are of course questions of the extent of access that people are granted. But they also raise the important issue of the value structure of the Internet. Efforts at inclusion always take for granted a standard that is already set. But what if the needs and desires of the many billions that still need to be included are not served by the Internet as it exists? What if, for it to really work for them, they need to be able to make the Internet a different place than the one we know today? While it is obvious that different people will give different answers in different parts of the world, such debates are complicated tremendously by the fact that it is no longer sufficient to reach a national consensus on the issues under discussion, as was the case in earlier eras. The global nature of the Internet's infrastructure requires that the possibility of differing opinions, too, needs to be facilitated at the global level. What are the consequences of this for the development of democracy?

For access to the Internet to be substantively meaningful from a human rights perspective in the information age, it is crucial, then, that at a minimum, the openness of the Internet is ensured at all levels. Of course, openness can be considered a value in itself. But perhaps more importantly, at the moment, it is the only way in which the possibility of a variety of answers to the pressing question of what shape our societies should take in the information age can emerge. Open standards and the portability of data, for example, are crucial if societies are to continue to decide on the role corporations should play in their public life, rather than having corporations de facto rule the roost. Similarly, under no circumstances should anyone be cut off from the Internet, if people are to participate in the public life of the societies of which they are members. And these are not just concerns for developing countries: if recent incidents from France to Australia are anything to go by, new possibilities facilitated by the Internet have, at least at the level of governments, formed the impetus for a clear shift to the right of the political spectrum in many developed countries. In the developed world, too, the questions of access and what it allows for are thus issues that should concern all. In the information age, human rights will only be respected if such respect is already inscribed in the very architecture of its central infrastructure itself.

List of References

Castells, Manuel (2000). The Rise of the Network Society, 2^nd edition. Oxford: Blackwell.

Department of Information Technology (DIT) (2006). Guidelines for the Implementation of Common Services Centers (CSCs) Scheme in States. New Delhi: Department of Information Technology, Government of India.

Internet and Mobile Association of India (IAMAI) (2010). I-Cube 2009-2010: Internet in India. Mumbai: Internet and Mobile Association of India.

Kovacs, Anja (forthcoming). Inquilab 2.0? Reflections on Online Activism in India (working title). Bangalore: Centre for Internet and Society.

Singh, Parminder Jeet (2008). Recommendations for a Meaningful and Successful e-Governance in India. IT for Change Policy Brief, IT for Change, Bangalore.

Telecom Regulatory Auhority of India (TRAI) (2010). The Indian Telecom Services Performance Indicators, October-December 2009. New Delhi: Telecom Regulatory Auhority of India.

For more details visit https://cis-india.org/internet-governance/blog/beyond-access-as-inclusion

Between the Local and the Global: Notes Towards Thinking the Nature of Internet Policy

nishant — 2014-04-04T03:49:14Z

This post by Nishant Shah is part of a series related to the 2014 Milton Wolf Seminar on Media and Diplomacy: The Third Man Theme Revisited: Foreign Policies of the Internet in a Time Of Surveillance and Disclosure, which takes place in Vienna, Austria from March 30 – April 1, 2014.

The 2014 seminar is jointly organized by the Center for Global Communication Studies (CGCS) at the University of Pennsylvania’s Annenberg School for Communication, the American Austrian Foundation (AAF), and the Diplomatic Academy of Vienna (DA). For more information visit the seminar webpage and Facebook Page. Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India.

Nishant Shah's post was published on April 1st, 2014 | by cgcsblog

An imagined and perceived gap between the global and the local informs transnational politics and internet policy. The global views the local as both the site upon which the global can manifest itself as well as the microcosm that supports and strengthens global visions by providing mutations, adaptations and reengineering of the governance practices. The local is encouraged to connect with the global through a series of outward facing practices and policies, thus producing two separate domains of preservation and change. On the one hand, the local, the organic and the traditional, needs to be preserved and make the transnational and the global the exotic other. On the other hand, the local also needs to be in a state of aspiration, transforming itself to belong to global networks of polity and policy that are deemed as desirable, especially for a development and rights based vision of societies.

While these negotiations and transactions are often fruitful and local, national, and transnational structures and mechanics have been developed to facilitate this flow, this relationship is precarious. There is an implicit recognition that the local and the transnational, dialectically produced, are often opaque categories and empty signifiers. They sustain themselves through unquestioned presumptions of particular attributes that are taken for granted in these interactions. There have been many different metaphors that have been used to understand and explain these complex transfers of knowledge and information, resources and capital, bodies and ideologies. Vectors, Flows, Disjunctures, Intersections are some of the examples. However, with the rise of the digital technologies and vocabularies, especially the internet, the metaphor of the Network with its distributed nodes has become one of the most potent explanations of contemporary politics. This idea of living in networked worlds is so seductive and ‘common-sense,’ that it has become an everyday practice to think of the global as a robust, never-ending, all-inclusive network where the local becomes an important node because it enables both connectivity within but also an expansion of the edges, in order to connect to that which is outside the traffic capacities of the network.

The ‘Network Society’ paradigm is distinct from earlier rubrics of information and open society that have informed existing information and communication policies. In this paradigm we have the opportunity to revisit and remap the ways in which local governments and populations function and how they produce locals who can feed into the transnational and global discourse. The network facilitates some knowledge that is valuable and allows us to map inequity and mal-distribution of resources by offering comparisons between the different nodes. Networks force our attention to the edges, the no-person’s-zone which is porous but still serves as an osmotic filter that often keeps the underprivileged and the unintelligible outside its fold. Networks as metaphors are valuable because they produce a cartographic vision of the world with multiple boundaries and layers, dealing with big data sets to create patterns that might otherwise be invisible. They enable the replication of models that can be further localised and adapted to fit the needs of the context. Networks make the world legible – we write it through the lens of the network, intelligible – we understand it through the language and vocabulary of the network, and accessible – it allows for knowledge and practices to transfer across geographies and times.

At the same time, networks are a vicious form of organisation because they work through the logic of resource maximisation, efficiency and optimisation, often disallowing voices of dissent that threaten the consensus making mechanisms of the network. Networks have a self-referential relationship with reality because they produce accounts of reality which can easily stand in for the material and the real. They are the new narratives that can operate with existing data sets and produce such rich insights for analysis that we forget to account for that which cannot be captured in the database structures of these data streams. Networks work through a principle of homogeneity and records, thus precluding forms of operation which cannot be easily quantified.

Given this complex nature of networks and the fact that they are emerging as the de facto explanations of not only social and cultural relationships but also economic and political transactions, it might be fruitful to approach the world of policy and politics, the local and the transnational, through the lens of the network. Building a critique of the network while also deploying the network as a way to account for the governmental practices might produce key insights into how the world operates. What does it mean to imagine the world in the image of the internet as a gigantic network? What are the ways in which a networked visualisation of policy and governmental processes can help us analyse and understand contemporary politics? What tools can we develop to expose the limitations of a network paradigm and look at more inclusive and sensitive models for public discourse and participation? How do we document events, people, and drivers of political change that often get overlooked in the networked imagination of transnational politics? These are the kind of questions that the Center for Global Communication Study’s Internet Policy Observatory (IPO) could initiate, building empirical, qualitative and historical research to understand the complex state of policy making and its relationship with enforcement, operationalization and localisation.

Given the scope and scale of these questions, there are a few specific directions that can be followed to ensure that research is focused and concentrated rather than too vague and generalised:

Bird’s eye views: The big picture understanding of transnational political and policy networks is still missing from our accounts of contemporary discourse. While global representative networks of multi-stakeholder dialogues have been established, there is not enough understanding of how they generate traffic (information, knowledge, data, people, policies) within the network through the different nodes. Producing an annotated and visual network map that looks at the different structural and organisational endeavours and presences, based on available open public data, bolstered by qualitative interviews would be very useful both as a research resource but also an analytic prototype to understand the complex relationships between the various stakeholders involved in processes of political change.
Crisis Mapping: One of the most important things within Network studies is how the network identifies and resolves crises. Crises are the moment when the internal flaws, the structural weaknesses, and the fragile infrastructure become visible. The digital network, like the internet, has specific mechanisms of protecting itself against crises. However, the appearance of a crisis becomes an exciting time to look at the discrepancy between the ambition of the network and its usage. A crisis is generally a symptom that shows the potentials for radical subversion, overthrowing, questioning and the abuse of network designs and visions. Locating ICT related crises with historical and geographical focuses could similarly reveal the discrepancies of the processes of making policy and orchestrating politics.
Longitudinal Studies: The network remains strong because it works through a prototype principle. Consequently, no matter how large the network is, it is possible to splice, slice, and separate a small component of the network for deep dive studies. This microcosm offers rich data sets, which can then be applied across the network to yield different results. Further, working with different actors – from individual to the collective, from the informal the institutional – but giving them all equal valency provides a more equal view of the roles, responsibilities, and aspirations of the different actors involved in the processes. This kind of a longitudinal study, working on very small case-studies and then applying them to analyse the larger social and political conditions help in understanding the transnational and global processes in a new way.

These research based inquiries could result in many different outputs based on the key users that they are working with and for. The methods could be hybrid, using existing local and experimental structures, with predefined criteria for rigour and robustness. The research, given its nature, would necessitate working with existing networks and expanding them, thus building strong and sustainable knowledge networks that can be diverted towards intervention through capacity building and pedagogy directed at the different actors identified within these nodes.

Dr. Nishant Shah is the co-founder and Director-Research at the Centre for Internet and Society, Bangalore, India. He is an International Tandem Partner at the Centre for Digital Cultures, Leuphana University, Germany and a Knowledge Partner with the Hivos Knowledge Programme, The Netherlands. In these varied roles, he has been committed to producing infrastructure, frameworks and collaborations in the global south to understand and analyse the ways in which emergence and growth of digital technologies have shaped the contemporary social, political and cultural milieu. He is the editor for a series of monographs on ‘Histories of Internet(s) in India’ that looks at the complicated relationship that technologies have with questions of gender, sexuality, body, city, governance, archiving and gaming in a country like India. He is also the principle researcher for a research programme that produced the four-volume anthology ‘Digital AlterNatives With a Cause?’ that examines the ways in which young people’s relationship with digital technologies produces changes in their immediate environments.

For more details visit https://cis-india.org/internet-governance/blog/cgcs-nishant-shah-april-1-2014-between-the-local-and-the-global

Best Practices Meet

praskrishna — 2014-08-06T06:25:20Z

The Best Practices Meet 2014 is being organized by DSCI at Hotel Leela Palace on July 9, 2014. Sunil Abraham will participate as a panelist at the event.

SMAC: new paradigm for Security?

Convergence of Social, Mobile, Analytics, and Cloud, is collectively referred as SMAC technologies. The success of social media products and sites such as Facebook, Twitter, Linkedin many more has been driving organizations’ investment in social computing. Mobile is another example of how technologies invented initially for personal use, entrenched itself into the enterprise ecosystem. Social computing and mobile blurs the boundaries between personal, social and business transactions. They lead to the explosion of information, which provides interesting insights, critical for business benefits. This reflects in huge impetus that has been seen in analytics, widely known as Big Data analytics. On the other hand, cloud brings completely new paradigm of organizing entperise IT, developing new products and services and delivering consumer experiences.

Increasing adoption of SMAC stack by enterprises breaks the existing paradigm of security. The data explosion on mobile devices exposes organizations’ information to inadvertent loss of revenue and brand value. Malicious applications may steal vital information stored on an employee’s mobile device and pave the way for a major data breach. Web application attacks remain the most significant threat for environments of cloud-hosting providers, amongst other apprehensions about data security. Data sovereignty also continue to pose serious concerns, which organizations need to tackle while moving their data to the cloud. Big data facilitates advanced analytics; however, requires protection from intrusion, corruption and securing its access. Furthermore, social media platforms are continuously exploited to launch malicious content and stealthy payload on devices. Social technologies are also plagued by the use of malicious techniques to mine confidential personal information under the guise of innocuous looking web pages via social engineering techniques.

Apart from security concerns, privacy supposed to be a big causality, as each component of the SMAC stack is considered intrusive enough to compromise the personal rights. Convergence and nexus of them add to the woes.

The collaborative and cumulative effect of all of these technologies working in unison essentially magnifies the efforts of the organizations that are able to wield them effectively. This evolution is challenging the ability of current security capabilities to address business critical risks. The way forward for organizations would be to understand the perspective of end users and IT infrastructure in terms of its integration with any or all the elements of SMAC. The organizations will have to deal with the new paradigm of security that will take them to more scalable, granualar, complex, independent and diverse challenges.

The DSCI Best Practices Meet, 2014 brings the security community and other stakeholders together, to deliberate and ponder over these diverse set of issues and challenges. It is aimed at deliberating on the new security paradigm from the perspectives of public policy, enterprise strategies, technology and practices.

Click to download the agenda and other details here.

For more details visit https://cis-india.org/news/best-practices-meet-2014

Best Bits 2012

praskrishna — 2012-12-06T06:46:17Z

Best Bits organized a workshop at the IGF. It was held on November 3 and 4, 2012. Pranesh Prakash and Elonnai Hickok participated in the event.

Agenda

Day 1, Saturday, November 3, 2012

9.00 - 10.45	Internet governance history and review Mapping Internet governance – institutions and actors Last 20 years of Internet governance: ITU, ISOC, WSIS and IGF Last 2 years – ACTA, SOPA/PIPA and online activism eg. StopTheMeter.ca, government assertions of sovereignty over IG Southern perspectives on global Internet governance
11.00 - 12.45	The ITU and the International Telecommunications Regulations What are the real dangers of the proposed ITR revisions? Remaining opportunities for input into the WCIT process How to engage with your national delegation to the ITU Beyond WCIT – WTPF, WTSA, IMPACT, and the Dedicated Group
12.45 - 14.00	Lunch and networking break
12.00 - 17.30	Drafting a civil society statement to WCIT Draws together points of consensus Defines the legitimate role of the ITU Judges it against the WSIS criteria Refers to statement on IG principles

Day 2, Sunday, November 4, 2012

9.00 - 10.30	Declarations of Internet rights and Internet governance principles Background to Internet principles declarations 1999 to 2012 Declaration of Internet Freedom – first and second iterations Other current initiatives – “rival” Declaration, Marco Civil, etc. Respective advantages of consolidation and maintaining diversity
10.45 - 12.15	Process towards enhanced cooperation on Internet public policy issues If not the ITU, then what? The global vacuum on Internet-related public policy issues Likely scenarios (favourable or not) if the vacuum is not filled Discussion of reform proposals – Committee on Internet Related Policies, Enhanced Cooperation Task Force
12.15 - 13.00	Lunch and networking break
13.00 - 16.00	Drafting civil society IG principles for the IGF Development of existing statements Reinforces multi-stakeholder approach Suggests roadmap for improved implementation of enhanced cooperation
16.15 - 17.45	Next steps Making an inclusive civil society network on IG issues sustainable Other existing civil society+ networks – Internet Defence League, Internet Governance Caucus, Global Network Initiative, CSISAC, OpenMedia network, Internet Progress Administration Recap of upcoming events and campaigns for possible joint action

Participants

Alejandro Pisanty
Andrew Puddephatt
Anja Kovacs
Anna Orlova
Anriette Esterhuysen
Antonio Medina Gomez
Arthit Suriyawongkul
Ashnah Kalemera
Avri Doria
bdelachapelle
Brett Solomon
Carlos Alberto Afonso
Claudio Ruiz
Deborah Brown
Dixie Hawtin
Donny B U
Elonnai Hickok
Emma Llanso
Fouad Bajwa
Gene Kimmelman
Iarla Flynn
Imran Ahmed Shah
Jeremy Malcolm
Joana Varon Ferraz
Jochai Ben-Avie
Joonas Mikael Mäkinen
Joy Liddicoat
Katitza Rodriguez
Kevin Bankston
LAURA ABBA
matthew shears
Mawaki Chango
Michael Gurstein
Nnenna Nwakanla
Norbert Bollow
Parminder Jeet Singh
Pranesh Prakash
Premila Kumar
Raquel Gatto
Rashmi Rangnath
Sanja_Kelly
Shahzad Ahmad
Shita Laksmi
STEFANO TRUMPY
Stephanie Borg Psaila
Sylwia Rudnik
Tapani Tarvainen
Theresa Züger
Valeria Betancourt
William Drake
Wolfgang Kleinwächter

Attending Remotely

AHM Bazlur Rahman
Alex Comninos
Baudouin SCHOMBE
chaitanyabd
cveraq
De
encels
Fatima Cambronero
ganda
Hanane
Hindenburgo Francisco Pires
Jorge Gonzalez
Julian Casasbuenas G.
Lorna Tingu Makuma
Narine Khachatryan
natienciso
Pitshou Bulembi Ndongala
richaraix
rohanjay
Siranush Vardanyan
Sonigitu Asibong Ekpe
Susan Coughtrie
thierrys
vinsolo
Virginia Paque

For more details visit https://cis-india.org/news/best-bits

Bengaluru gives data safety tips to panel

Admin — 2018-01-16T23:19:00Z

A crucial consultation ahead of the framing of the country's data protection laws witnessed animated discussions here on Saturday.

The article was published in Deccan Herald on January 14, 2018

Participants raised a variety of concerns. Held on the IISc campus, it discussed everything from revenge porn and human genomics to artificial intelligence and the right to be forgotten.

Cybersecurity experts, academics, lawyers and others attended the day-long event.

They made their submissions to the Srikrishna Committee, formed on July 31 last year to frame principles for data protection laws.

The session was chaired by Justice B N Srikrishna, retired Supreme Court judge. Also on the panel were Rama Vedashree, CEO, Data Security Council of India, and Gopalakrishnan S.

The basis of the discussion was a 200-page document drafted by the nine members of the Srikrishna Committee. January 31 is the deadline to respond to the committee's white paper.

Classification of data

Several dystopian scenarios, such as profiling and discrimination with the help of behavioural and psychometric data, led to discussions on the need for classification of data types.

Darshana, a lawyer from the People's Union of Civil Liberties (PUCL), spoke about how people were being denied rations for not holding Aadhaar.

The collection of children's biometric data brought up the question of consent.

Srikrishna clarified the white paper contained a chapter on consent: it suggests an age limit below which parental consent will have to be mandatory.

A discussion on the right to be forgotten arose after some participants sought a provision to revoke consent already given.

Questions associated with genome sequencing were raised by Vijay Chandru, professor, IISc.

"We need to pay special attention to this type of information. The collection of DNA in the form of saliva, when, say, you make a visit to a weight loss clinic, has become the commercial norm. The Insurance Regulatory Act can have huge implications as genetic data can be used to discriminate and deny health coverage," Chandru said.

Sunil Abraham, head of the Centre for Internet and Society, said he was delighted with the quality of debate and discussion.

For more details visit https://cis-india.org/internet-governance/news/deccan-herald-january-14-2018-pranshu-rathee-bengaluru-gives-data-safety-tips-to-panel

Bengaluru cops' twitter handle in ethical storm

praskrishna — 2017-04-07T02:38:24Z

The city's privacy activists are among the most strident in trying to prevent the Union government from gaining unprecedented access to citizens' personal information through Aadhaar. But in their own backyard, Bengaluru police have been publishing on Twitter the phone numbers of thousands of citizens reporting various crimes such as gambling on the streets, random quarrels and harassment of women.

The article by Umesh Yadav was published in the Times of India on April 6, 2017. Pranesh Prakash was quoted.

The police control room has put out more than 46,000 tweets since April 2015 containing the numbers of complainants calling the emergency number 100. The phone numbers of citizens reaching the control room through Bengaluru police's new emergency mobile application, Suraksha, too are being published through this handle.

Thankfully, the Twitter handle, @BCPCR, had a mere 66 followers as on the evening of April 5, nearly 30 per cent of which were various police stations in the city. On Wednesday evening, the police closed the account for public view.

ET has screenshots of tweets from the account. A senior police officer at Bengaluru police's Command Control was unapologetic for the breach of privacy. The tweets are generated automatically and meant to `show' the number of calls received by the control room and the number of people using the new app, he said.

On the matter of compromising the safety of the complainants, the officer said, "It is obvious that the accused will know who registered the complaint and privacy does not matter here."

Expectedly, privacy and law experts are indignant.

"This is horrible and unpardonable," said Supreme Court advocate KV Dhananjay. "The fact that the police did not consider it necessary to ask for permission before broadcasting someone's identity shows how insensitive the Police Commissioner's office has become to the privacy concern of our society." Pranesh Prakash, Policy Director at the Centre for Internet and Society and who has been at the forefront of the campaign against any potential misuse of Aadhaar, too said the "police officer who ordered to create such an account should be held responsible if any harm comes to a complainant."

Complainants ET spoke with were startled about the abuse of their privacy. Gowda, a complainant, who had informed the police control room about the sale of cigarettes within 100 metres of a school, had specifically requested the police to not disclose his identity.

"(This is why) it is better to keep quiet when you see lawbreakers," he said on hearing that Bengaluru police had published his phone number on Twitter.

"This is injustice and this is the reason why people are scared to inform the police of crimes. If the accused send people to beat me, what should I do?" Dhanusha had called the control room about some teenagers who were teasing girls at a bus stop. The police arrived and took the boys in. She, too, is now worried. "If the accused get my number, they are going to harass me. The police do not have any right to display our phone numbers in public."

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-april-6-2017-umesh-yadav-bengaluru-cops-twitter-handle-in-ethical-storm