We are anonymous, we are legion

Consilience 2019

Admin — 2019-06-05T07:25:08Z

The Law and Technology Society at the National Law School of India University, Bangalore organised Consilience on May 25, 2019.

Gurshabad Grover was a panelist on the discussion on 'Online Content Regulation: Global Perspectives and Solutions'. The other panelists were Jyoti Panday (Telecom Centre of Excellence) and Alok Prasanna Kumar (Vidhi Centre for Legal Policy). The session was moderated by Divij Joshi. Gurshabad's contributions centered around the interplay of content moderation, regulation and competition issues. He also discussed the disharmony between the recommendations of the UN Special Rapporteur on FoE and developing legal norms of regulation. Akriti Bopanna gave her inputs to Gurshabad Grover.

For more details visit https://cis-india.org/internet-governance/news/consilience-2019

ABLI Privacy Workshop

Admin — 2019-06-05T07:29:18Z

On May 21 and 22, 2019, Elonnai Hickok, participated in the ABLI privacy workshop along with side events in Singapore.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/abli-privacy-workshop

"Aadhaar Reduced Agency in Citizens and Empowered Those in Positions of Authority"

Martin Moore — 2019-05-21T15:33:01Z

In the space of one election cycle, authoritarian governments, moneyed elites and fringe hackers figured out how to game elections, bypass democratic processes, and turn social networks into battlefields. Facebook, Google and Twitter – where our politics now takes place – have lost control and are struggling to claw it back. As our lives migrate online, we are gradually moving into a world of datafied citizens and real-time surveillance. The entire political landscape has changed, with profound consequences for democracy.

The article by Martin Moore was published by NewsClick on May 20, 2019. Pranesh Prakash was quoted.

Written by Martin Moore, Democracy Hacked: Political Turmoil and Information Warfare in the Digital Age, is a compelling account of how democracy is being disrupted by the tech revolution, and what can be done to get us back on track. The following are excerpts from the chapter "Survellaince Democracy" of the book.

Tembhli, a remote rural village in northern Maharashtra, about 250 miles north of Mumbai, is rarely visited by high-powered politicians or prominent dignitaries. But on Wednesday, 29 September 2010, it found itself hosting not just the Indian prime minister, Manmohan Singh, but the president of Congress, Sonia Gandhi; the chief and deputy chief ministers and the governor of Maharashtra; and the head of the recently established Unique Identification Authority of India, Nandan Nilekani. It was this last figure, the least well known of the distinguished group, who was the reason behind the visit, and who would subsequently play the most important role in its aftermath. Nilekani and the politicians were there to give out the first ten ‘unique identifiers’ to residents of Tembhli. These ten people received their own twelve-digit number, a number that would, from that day forward, distinguish each of them from every other Indian citizen, and indeed – combined with their biometric data – from every other citizen in the world. “With this,” Sonia Gandhi said, “Tembhli has got a special importance in the map of India. People of Tembhli will lead the rest of the country. It is a historic step towards strengthening the people of our nation.”

Governments of all stripes are prone to exaggerated rhetoric, but in this instance, Gandhi was proved right when she proclaimed that “starting from this tiny hamlet, the scheme will reach more than a billion people of this country.” Despite the change of government in 2014, by April 2016 a billion Indians had been allocated their unique identifier. By 2018 the number had exceeded 1.1 billion, out of a total population of just over 1.3 billion. It was, in the words of a Harvard Business School report, a “hugely ambitious project”, “the largest-scale project of its kind in the world”. Aadhaar, as the project was called, was “unique in its scale and ambition”.3 Each Aadhaar identifier included not just a twelve-digit number, but all ten fingerprints, iris scans from both eyes, and a photograph of each person’s face (with the potential for facial recognition later). By combining the number with one element of biometric data, the government believed, it could ensure that every Indian citizen had a single, verifiable, machine-readable identity. With this verifiable identity a citizen could open a bank account, receive welfare or pension payments, pay tax, apply for a driving license, or receive healthcare, regardless of literacy. In a country known for its administrative torpor and tortuous bureaucracy, where – in 2013 – only forty per cent of children’s births were even registered, such a scheme had the potential to let India leapfrog other democratic countries into the digital era, and make government not just digitally enabled but digitally empowered.

Yet this, for critics of the scheme, was one of its many flaws. “Aadhaar marks a fundamental shift in citizen–state relations,” Pranesh Prakash from India’s Centre for the Internet and Society wrote in the Hindustan Times, “from ‘We the People’ to ‘We the Government’.” Civil society activists objected to the government’s enhanced power, and the relative unaccountability of the body running Aadhaar, headed by Nandan Nilekani until 2014. “In effect,” tech developer and activist Kiran Jonnalagadda wrote, “they are beyond the rule of law.” Others had practical objections.

Biometric identification often did not work. A database of this size and importance was bound to attract hackers. Leaks were inevitable. Indeed, the Tribune newspaper in January 2018 revealed that it had been able to buy a service, for 500 rupees (less than $10), that gave it access to any of up to one billion Aadhaar details. Yet such objections were written off as ‘scaremongering’ and Aadhaar critics as “activists of the upper crust, upper class, wine ’n cheese, Netflix-watching social media elite”. On top of which, despite an Indian Supreme Court judgment in August 2017 that affirmed the fundamental right of Indians to privacy, by early 2018 Aadhaar had achieved such momentum as to appear unstoppable. If the government was able to navigate the various legislative challenges to the scheme, then there was also a queue of other nations keen to adopt something similar.

[…]

As the government pushed Aadhaar towards every interaction the state had with the citizen, evidence mounted of failures in the system.

In the north-eastern state of Jharkhand, an eleven-year-old girl died of starvation after her family stopped receiving their government food ration. Their ration card, the Hindu Centre for Politics and Public Policy reported, “was not linked to Aadhaar”. The centre also reported on data, taken from the government’s websites, showing that in Rajasthan, where receiving rations was dependent on Aadhaar authentication, between a quarter and a third of people with ration cards did not receive rations between September 2016 and July 2017. In some ration shops, after having spent hours trying and failing to get their fingerprints read by the biometric machines, people lost their temper and smashed the machines on the ground.

Across India there were reports of machines not recognizing fingerprints, or only recognizing them after multiple attempts. Old people’s prints turned out to be more difficult to read, as were those of manual workers and fishermen. Since the system presumes guilt rather than innocence, the burden of proof lies with the citizen, not with the state. To claim a ration, apply for a scholarship or buy a train ticket, you have to prove who you are before receiving it. The obligation lies with the citizen to prove she is not a fraud. Even if she is not, and the failure is not with her but with the system, she pays for the system’s failure, not the government. To dispute a decision made by the machine means going to the nearest large town – often many miles away – and convincing an official that the problem is with the machine or the digital record, not with you. It is not surprising that some people wrecked Aadhaar machines in their rage.

While the system was found to reduce agency in citizens, it empowered those in positions of authority. Central government was able to make public services conditional on authentication by Aadhaar (despite repeated court rulings that Aadhaar be voluntary, not mandatory). This conditionality could then be extended to the level and type of public services available to individuals. In fact, it had to be for many services – distinguishing pensioners from non-pensioners, for example. Yet in this conditionality, there is plenty of scope for harm and abuse. In 2017 the independent media site Scroll.in reported a rising number of HIV-positive patients who were dropping out of treatment programmes because they were required to use their Aadhaar numbers and were fearful of their condition becoming public.

Equally, while Aadhaar itself did not provide any information about caste, ethnicity, religion or language, once it was linked to other databases, most notably the National Population Register, then it became possible to identify people by group. Formal group identification by the state has an ignominious history. During the apartheid era in South Africa, the penultimate number on the South African identity card indicated race. In the Rwandan genocide in 1994, anyone who had ‘Tutsi’ on their identification was liable to be killed. In Nazi Germany in 1938, every Jewish citizen had ‘J’ stamped on their ID cards and passports. In India, where political and religious divisions are closely intertwined, there is good reason to be anxious about new opportunities for group identification.

Thanks to Aadhaar, companies started to build services using unique identification. A series of ‘trust platforms’ emerged, built on top of Aadhaar, where employers – and others – could access and authenticate people’s identity. A company called TrustID advertised itself as “India’s first, unique and comprehensive online verification platform”. Through TrustID an employer could check whether a potential employee had any criminal or civil convictions, or whether that person had a good or bad reputation (based on a news search and social media profiling). The company even encouraged women to check up on potential husbands they had found via marriage websites. Other international companies integrated Aadhaar into existing services. This is similar to the way in which companies work with platforms like Facebook to profile, and target, individuals based on their personal information – except in this instance doing it via the government. All the same questions about trust, privacy, freedom and power arise, with even greater political potency. The state and private companies are in partnership to track citizens constantly and to gather as much data as they can on them – data that they can then use for commercial or political purposes. This opaque, asymmetrical knowledge of the citizen seems like the reverse of what was intended by democratic transparency, especially in the absence of strong privacy and data protection. “Totalitarian states often do this against the wishes of their citizens,” Pratap Bhanu Mehta, the president of the Centre for Policy Research, writes, yet “in our democracy, our consent is being mobilized to put an imprimatur over more control and arbitrariness.”

In August 2017, the Supreme Court of India came to a unanimous 9–0 decision that Article 21 of the Indian Constitution did guarantee a fundamental right to privacy. As such, it was not lawful for the government to make it mandatory for people to identify themselves using a unique identifier like Aadhaar, except in specific circumstances. To some this looked like a huge blow to the grand project. The Supreme Court decision “raises serious questions about Aadhaar”, lawyer Adarsh Ramanujan argued in India’s Financial Express, and appeared to send “a direction to the central government to create a regime to ensure that privacy rights are not trammelled by other private parties”. The judgment was about privacy broadly, and did not refer to specific cases like Aadhaar, but was seen as the basis from which future challenges to the scheme could be launched. The Modi government, however, appeared to carry on regardless. In October it linked Aadhaar to driving licence applications. By mid-December, the government had made Aadhaar mandatory if citizens wanted to access any of 140 government services.

Nandan Nilekani, who had stepped down as chair of Aadhaar in 2014 in order to become a candidate for the Congress party, railed against those who criticized the scheme. There was, he claimed, an “orchestrated campaign” to malign the system. “I think this so-called anti-Aadhaar lobby is really just a small bunch of liberal elites who are in some echo chamber,” he told an Indian business news channel. Anyway, Nilekani argued, it was too late for the naysayers to stop it. Too many people were now enrolled. It was too integral to the provision of services. Others saw attacks on Aadhaar as political, arguing that Congress was using it for political gain prior to the 2019 election, and that this would backfire. “Aadhaar today is not just a number,” the editor of India’s Economic Timeswrote. “The Congress envisaged it as a means of identity but the Modi government has taken it to a different level. It has become a weapon in the hands of the poor and a powerful tool to fight entrenched black money interests. It is now a symbol of anti-corruption, anti-black money drives, a symbol of efficient allocation of welfare benefits.”

For more details visit https://cis-india.org/internet-governance/news/newsclick-martin-moore-may-20-2019-aadhaar-reduced-agency-in-citizens-and-empowered-those-in-positions-of-authority

BJP outspends Congress, others in social media advertising

Vidhi Choudhary — 2019-05-14T15:21:35Z

The data shows that so far the BJP has spent Rs 25 crore in advertisements across Facebook, Instagram, Google and YouTube.

The article by Vidhi Choudhary was published in Hindustan Times on May 3, 2019. Sunil Abraham was quoted.

The ruling Bharatiya Janata Party (BJP) is way ahead of the Congress in advertising expenditure on social media at the end of the fourth phase of the ongoing Lok Sabha elections, according to data from advertising transparency reports by Google and Facebook - but the spending across parties is being described as much lower than expected by media experts.

The data shows that so far the BJP has spent ₹25 crore in advertisements across Facebook, Instagram, Google and YouTube.

It has spent ₹11.6 crore andRs 13.43 crore on Google and Facebook respectively. The Congress, the main opposition party has spent a total of ₹1.42 crore for ads on Facebook (Rs 74 lakh) and Google (₹62 lakh).

The total spend on political ads across Facebook, Google and their affiliates stood atRs 42.3 crore between February 2019 to the end of April 2019 across 108,968 ads.

The balance political ad spend ofRs 15.9 crore have been incurred by regional parties such as the Telugu Desam Party (TDP) and individual leaders such as Odisha chief minister Naveen Patnaik of the Biju Janata Dal (BJD).

These spends are part of the Facebook and Google political ad transparency reports - a measure most social media companies took as part of a voluntary code of ethics developed to ensure free, fair and ethical usage of social media platforms to maintain the integrity of the electoral process for the general elections 2019.

According to Sunil Abraham, founder and executive director for think tank, Centre for Internet and Society, the poll expenditure on social media appears to be abysmally low.

“Over all these number look low to me. It is possible that political parties are using astroturfing strategies to avoid public scrutiny through the transparency reports published by Facebook and Google. For those unfamiliar with the term, astroturfing is the creation of fake grassroots support - named after the fake grass that is used in sports fields,” he said.

But other experts suggested these figures don’t reflect the full picture.

“These are only the media spends by major political parties. Media spends don’t reflect the total spend on social media because a lot of money is spent on both content creation and manpower to oversee online campaigns.

Major parties collectively are likely to spend a total ofRs 350- 400 crore on social media this time, especially to tap into the first time voter who are regular users of Internet in the country,” said Ashish Bhasin, chairman and chief executive (CEO) at Dentsu Aegis Network - India and Greater South, a media buying agency.

In 2014, political parties would have spent overRs 175 crore on social media, Bhasin added.

The 2019 Lok Sabha elections have being widely touted as India’s first social media election with close to 600 million Internet users in the country, more than double of 2014.

Some other digital media experts contended that the social media spends by the BJP are more conservative compared to the 2014 general elections.

“The focus is back to booth level marketing as opposed to online spends perhaps because the Election Commission has put stringent audit checks and are closely monitoring all the invoices and ads put up on social media,” said Jyothirmayee JT, founder and chief executive of HiveMinds, a Bangalore based digital marketing agency.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-vidhi-choudhary-may-3-2019-bjp-outspends-congress-others-in-social-media-advertising

Artificial Intelligence and Data Initiative

Admin — 2019-05-14T15:06:02Z

On 3 May 2019 Arindrajit Basu attended a meeting of the Artificial Intelligence and Data Initiative held at IIC in Delhi. I am a member of the Working Group and co-authoring a report with Anindya Chaudhuri of Global Development Network on the prospect of collaborations in Public uses of AI.

The agenda can be viewed here.

For more details visit https://cis-india.org/internet-governance/news/artificial-intelligence-and-data-initiative

Three emerging market think tanks to collaborate on Good ID recommendations with Omidyar backing

Admin — 2019-05-14T15:01:48Z

Omidyar Network has invested in a trio of organizations from different regions to support enhanced understanding of the appropriate use and limits of digital identity.

The blog post by Chris Burt was published in Biometri Update on May 8, 2019.

Organizations from Brazil, Kenya, and India will take on a collaborative and iterative research process to help develop Omidyar’s concept of Good ID, according to a blog post by Omidyar Networks Investment Principal Subhashish Bhadra.

The three organizations are the Institute for Technology & Society (ITS), the Centre for Intellectual Property and Information Technology Law (CIPIT), and the Centre for Internet and Society (CIS). The ITS is a non-profit organization based in Brazil, with a mission of ensuring that emerging markets can respond appropriately to digital technologies, and that their benefits are broadly shared. CIPIT is an academic think tank, operating from the Strathmore Law School in Nairobi, Kenya, addressing emerging issues of continent-wide impact and providing an African voice for research networks. CIS is an India-based non-profit, which conducts interdisciplinary academic research to understand how the internet and digital technologies reconfigure social processes and structures.

Bhadra notes that 110 countries have begun identification schemes in the past decade. These programs are often implemented to serve an initial use case, and their application expanded over time.

“In the absence of adequate legislative or judicial oversight, mission creep can create risks for those very individuals that an identity is supposed to empower,” Bhadra writes. “By their very nature, digital identity systems collect some data about individuals in order to provide access to certain services. This immediately raises two interrelated questions. First, how much data should the system collect? Second, what services should it be tied to?”

Determining the appropriate scope of digital identity is inherently complex, and the potential for mission creep and requirement for a growing list of services risks exclusion, privacy violations, and a power imbalance between institutions and individuals, Bhadra argues.

The three groups will conduct independent research over the next six months, and create a set of recommendations and tools for stakeholders to use when engaging with digital identity systems.
Omidyar is a supporter of the Mission Billion Challenge, among several initiatives related to UN SDG 16.9.

For more details visit https://cis-india.org/internet-governance/news/biometric-update-may-8-2019-three-emerging-market-think-tanks-to-collaborate-on-good-id-recommendations-with-omidyar-backing

Society 5.0 and Artificial Intelligence with a Human Face

Admin — 2019-05-14T14:51:56Z

On 10 May 2019 Radhika Radhakrishnan attended a stakeholder's roundtable consultation on "Society 5.0 and Artificial Intelligence with a Human Face", organized by the Indian Council for Research on International Economic Relations (ICRIER) at India Habitat Centre, New Delhi. The event aimed to chart a roadmap for India’s participation at the G20, under the Japanese Presidency.

The agenda can be found here. Radhika's inputs were primarily focused on the feminist and gender implications of publicly deployed AI models, challenges and opportunities for academic AI-focused research in the Global South, recommendations for AI capacity building and skilling in the Global South, and regulation of black-box AI.

For more details visit https://cis-india.org/internet-governance/news/society-5-0-and-artificial-intelligence-with-a-human-face

Curating Genderlog India's Twitter handle

Admin — 2019-05-14T14:40:08Z

Shweta Mohandas has been nominated to curate Genderlog's Twitter handle (@genderlogindia).

Shweta Mohandas will be tweeting about topics related to gender and data, more specifically around AI, big data, privacy and surveillance. To view the tweets, click here

For more details visit https://cis-india.org/internet-governance/news/curating-genderlog-indias-twitter-handle

Announcement of a Three-Region Research Alliance on the Appropriate Use of Digital Identity

amber — 2019-05-13T09:06:23Z

Omidyar Network has recently announced its decision to invest in establishment of a three-region research alliance — to be co-led by the Institute for Technology & Society (ITS), Brazil, the Centre for Intellectual Property and Information Technology Law (CIPIT) , Kenya, and the CIS, India — on the Appropriate Use of Digital Identity. As part of this Alliance, we at the CIS will look at the policy objectives of digital identity projects, how technological policy choices can be thought through to meet the objectives, and how legitimate uses of a digital identity framework may be evaluated.

As governments across the globe are implementing new, digital foundational identification systems or modernizing existing ID programs, there is a dire need for greater research and discussion about appropriate design choices for a digital identity framework. There is significant momentum on digital ID, especially after the adoption of UN Sustainable Development Goal 16.9, which calls for legal identity for all by 2030. Given the importance of this subject, its implications for both the development agenda as well its impact on civil, social and economic rights, there is a need for more focused research that can enable policymakers to take better decisions, guide civil society in different jurisdictions to comment on and raise questions about digital identity schemes, and provide actionable material to the industry to create identity solutions that are privacy enhancing and inclusive.

Excerpt from the blog post by Subhashish Bhadra announcing this new research alliance

...In the absence of any widely-accepted thinking on this issue, we run the risk of digital identity systems suffering from mission creep, that is being made mandatory or being used for an ever-expanding set of services. We believe this creates several risks. First, people may be excluded from services if they do not have a digital identity or because it malfunctions. Second, this approach creates a wider digital footprint that can be used to create a profile of an individual, sometimes without consent. This can increase privacy risk. Third, this approach increases the power of institutions versus individuals and can be used as rationale to intentionally deny services, especially to vulnerable or persecuted groups.

Three exceptional research groups have undertaken the effort of answering this complex and important question. Over the next six months, these think tanks will conduct independent research, as well as involve experts from across the globe. Based in South America, Africa, and Asia, these institutions represent the collective wisdom and experiences of three very distinct geographies in emerging markets. While drawing on their local context, this research effort is globally oriented. The think tanks will create a set of recommendations and tools that can be used by stakeholders to engage with digital identity systems in any part of the world...

This research will use a collaborative and iterative process. The researchers will put out some ideas every few weeks, with the objective of seeking thoughts, questions, and feedback from various stakeholders. They will participate in several digital rights and identity events across the globe over the next several months. They will also organize webinars to seek input from and present their interim findings to interested communities from across the globe. Each of these provide an opportunity for you to provide your thoughts and help this research program provide an independent, rigorous, transparent, and holistic answer to the question of when it’s appropriate for digital identity to be used. We need a diversity of viewpoints and collaborative dissent to help solve the most pressing issues of our times.

For more details visit https://cis-india.org/internet-governance/blog/appropriate-use-of-digital-identity-alliance-announcement

Workshop on Feminist Information Infrastructure

ambika — 2019-07-09T15:35:24Z

The Centre for Internet and Society (CIS) organised a workshop on feminist infrastructure in collaboration with Blank Noise and Sangama, on 29th October, 2018. The purpose of the workshop was to disseminate the findings from a two-month long project being undertaken by researchers at Blank Noise and Sangama, with research support and training from CIS.

A group of five researchers, one from Blank Noise and four from Sangama, presented their research on different aspects of feminist infrastructure. The workshop was attended by a diverse group of participants, including activists, academics, and representatives from civil society organisations and trade unions.

Feminist infrastructure is a broadly conceptualised term referring to infrastructure that is designed by, and keeping in mind the needs of, diverse social groups with different kinds of marginality. In the field of technology, efforts to conceptualise feminist infrastructure have ranged from rethinking basic technological infrastructure, such as feminist spectrum , to community networks and tools for mobilisation . This project aimed to explore the imagination of feminist infrastructure in the context of different marginalities and lived experiences. Rather than limiting intersectionality to the subject of the research, as with most other feminist projects, this project aimed to produce knowledge from the ‘standpoint’ of those with the lived experience of marginalisation.

This report by Ambika Tandon was edited by Gurshabad Grover and designed by Saumyaa Naidu. The full report can be downloaded here.

For more details visit https://cis-india.org/internet-governance/blog/ambika-tandon-may-9-2019-workshop-on-feminist-information-infrastructure

Will the WTO Finally Tackle the ‘Trump’ Card of National Security?

basu — 2019-05-08T14:22:14Z

The election of Donald Trump has marked a foundational challenge to the rules-based international order based on “free and fair trade”.

The article by Arindrajit Basu was published in the Wire on May 8, 2019.

From stonewalling appointments at the appellate body of the WTO’s dispute settlement body (DSB) to slapping exorbitant steel and aluminium tariffs on a variety of countries, Trump has attempted to desecrate an institution that he views as being historically unfair to America’s national interests.

Given this potentially cataclysmic state of affairs, a WTO panel report adopted last month regarding a transport restriction dispute between the Russia and Ukraine would ordinarily have attracted limited attention. In reality, this widely celebrated ruling was the first instance of the WTO mechanism mounting a substantive legal resistance to Trump’s blitzkrieg.

The opportunity arose from the Russian Federation’s invocation of the ‘national security exception’ carved into the Article XXI of the General Agreement on Tariffs and Trade (GATT-the primary WTO covered agreement dealing with trade in goods.)

This clause has rarely been invoked by a litigating party at the DSB and never been interpreted by the panel or appellate body due to the belief among WTO member states that the exception is ‘self-judging’ i.e. beyond the purview of WTO jurisdiction sovereign prerogative to use as they see fit.

Over the past couple of years, the provision has taken on a new avatar with trade restrictions being increasingly used as a strategic tool to accomplish national security objectives. In addition to the Russian Federation, in this case, it was used by the UAE to justify sanctions against Qatar in 2017and notably by the US administration in response to the commencement of WTO proceedings by nine countries (including India) against its steel and aluminum tariffs.

India itself has also cited the clause in its diplomatic statements when justifying revocation of the Most Favoured Nation Status to Pakistan, although this has not yet resulted in proceedings at the WTO.

Even though the panel held in favour of Russia, this report lays down the edifice for dismantling the Trump Administration’s present strategy. By explicitly stating that Article XXI is not entirely beyond review of the WTO, the panel report gives a cause de celebre for all countries attempting to legally battle Trump’s arbitrary protectionist cause disguised as genuine national security concerns.

At the same time, it might act as a source of comfort for Huawei and China as it allows them to challenge the legality of banning Huawei (as some countries have chosen to do) at the WTO.

History of Article XXI

Article XXI had an uncertain presence in the legal architecture of the WTO from its very inception. It had its origins in the US proposal to establish the International Trade Organisation. The members of the delegation themselves were divided between those who wanted to preserve the sovereign right of the United States to interpret the extent of the exception as it saw fit and others who felt that this provision would be abused to further arbitrary protectionism. The delegate of Australia was also skeptical about the possible exclusion of dispute resolution through a mere invocation of the security exception.

Given this divergence, the drafters of the provision thus sought to create a specific set of exceptions in order to arrive at a compromise that “would take care of real security interests” while limiting “the exception so as to prevent the adoption of protection for maintaining industries under every conceivable circumstances”.

To attain that objective, the provision in the ITO Charter, which was reflected in Article XXI of GATT 1947 was worded thus:

Nothing in this Agreement shall be construed

to require any contracting party to furnish any information the disclosure of which it considers contrary to its essential security interests;

or to prevent any contracting party from taking any action which it considers necessary for the protection of its essential security interests (i) relating to fissionable materials or the materials from which they are derived; (ii) relating to the traffic in arms, ammunition and implements of war and to such traffic in other goods and materials as is carried on directly or indirectly for the purpose of supplying a military establishment; (iii) taken in time of war or other emergency in international relations; or

to prevent any contracting party from taking any action in pursuance of its obligations under the United Nations Charter for the maintenance of international peace and security

Article XXI has been historically invoked in cases where national security is devised as a smokescreen for protectionism. For example, in 1975, Sweden cited Article XXI to justify global import restrictions it had had slapped on certain types of footwear. It argued that a decrease in domestic production of said kinds of footwear represented ” a critical threat to the emergency planning of its economic defense.” There was sustained criticism from some states, who questioned Sweden’s juxtaposition of a national security threat with economic strife, claiming that they too were suffering from severe unemployment at the time and the Swedish restrictions would be devastating for their economic position.

The Swedish problem dissipated when Sweden withdrew the restrictions but the uncertain peril of Article XXI remained.

In another instance, the US themselves had previously relied on the security exception to justify measures prohibiting all imports of goods and services of Nicaraguan origin to the US in addition to all U.S. exports to Nicaragua.It argued that Article XXI was self-judging and each party could enact measures it considered necessary for the protection of its essential security interests. In fact, it was successful in keeping its Article XXI invocation outside the terms of reference (which establishes the scope of the Panel’s report), which precluded the Panel from asserting its jurisdiction and examining the provision. It is worth noting, though, that the Panel was critical of the US for utilising the provision in this case and emphasised the need for balancing this exception against the need to preserve the stability of global trade.

The recent spate of national security driven justifications to subvert the adjudicatory powers of the WTO provided a necessary opportunity for the panel to clarify its stance on this issue.

The findings of the panel

The findings of the panel can be divided into three broad clusters:

1) The WTO tribunals’ jurisdiction over the security exception: Right from the outset, the panel clearly stated that it had jurisdiction to adjudicate the matter at hand. It rebutted Russia’s claim that any country invoking the exception had unfettered discretion in the matter

2) The ambit of the self-judging nature of the security clause: Both the Russian Federation and the United States, which had filed a third party submission, re-emphasised the supposed self-judging nature of the security clause due to the incorporation of the words “ which it[the WTO member] considers necessary for the protection of its essential security interests” in clause (2) of the provision.

However, the panel argued that the sub-paragraphs (i)-(iii) require an objective review by the Panel to determine whether the state of affairs indicated in the sub-paragraphs do, in fact, exist. In this way, the Panel added,the three sub-clauses act as “limiting qualifying clauses.” The determination of the measures that may be ‘necessary’ for protecting their ‘essential security interests’ are then left to each WTO member. By interpreting the clause in this manner,the Panel deftly preserved the sovereign autonomy of member states while preventing the bestowing of carte blanche’ ability to take shelter behind the provision.

3) Determination of emergency in international relations: The use of the term “other emergency in international relations” as used in the provision is an amorphous one because the term ‘emergency’ is not clearly defined in international law. Therefore, the Panel relied on UN General Assembly Resolutions and the fact that multiple states had imposed sanctions on Russia to conclude that there was, in fact, an ‘emergency’ in international relations in this case. In doing so, the Panel upheld the transport restrictions imposed by Russia. However, the implications extend far beyond the immediate impact on the two parties.

Implications of the ruling

Before considering the implications of this report, we must consider that, like in other avenues of international law, the municipal legal principle of stare decisis does not apply to Panel or Appellate Body decisions. This means that future panels are not bound by law to follow the finding in this report.

However, WTO tribunals have often used the reasoning put forward in previous panel or Appellate Body reports to support their findings.

Steel and aluminium tariffs

The US, whose third party submission failed to sway the panel has recognised the potential implications of the report and disparaged it as being “seriously flawed”. They have also discouraged the WTO tribunals deciding the steel and aluminium tariff disputes from using it as precedent.

However, Australia, Brazil, Canada, China, European Union, Japan, Moldova, Singapore and Turkey had all filed third party submissions which encouraged the panel to assert its jurisdiction in the matter and have openly supported the panel’s approach – which would be a boost for the panels set up to adjudicate the Trump sanctions.

Given the groundwork laid out by the panel in this dispute, it would be difficult for the US to satisfy the panel’s understanding of ‘emergency in international relations’ as the Panel clearly stated that “political or economic differences between Members are not sufficient, of themselves, to constitute an emergency in international relations for purposes of subparagraph (iii)”.

Huawei and cybersecurity

In addition to steel and aluminium tariffs, the panel’s decision also has an impact on the rapidly unfolding Huawei saga. Huawei, which is the world’s largest telecom equipment company and is now taken the lead in the race to develop one of the world’s most critical emerging technologies: fifth generation mobile telephony.

However, Huawei has recently fallen out of favour with the US and other western countries amidst suspicions of them enabling the Chinese government to spy on other countries by incorporating backdoors into their infrastructure.

Various countries, including Australia, Japan, New Zealand have effectively banned Huawei from public participation while the US has prevented government agencies from buying Huawei infrastructure-triggering litigation by Huawei seeking to prevent the move.India has adopted an independent approach by allowing Huawei to participate in field trials of 5G equipment despite Indian agencies flagging concerns over the use of Chinese made telecom equipment.

On April 11, China complained about the Australian decision at the formal meeting of the WTO’s Council for Trade in Goods by highlighting its discriminatory impact on China. To defend itself, Australia may need to invoke Article XXI and argue that the ban fits in under one of the sub-paragraphs (i)-(iii) of clause (2) The report by this panel, may, therefore propel the WTO’s first big foray into cybersecurity and enable it to act as a multi-lateral adjudicator of the critical geo-political issues discussed in this piece.

The history of international law has been a history of powerful nations manipulating its tenets for strategic gain. At the same time, it has been a history of institutional resilience, evolution and change. The World Trade Organisation is no exception. Despite several aspects of the WTO ecosystem being severely flawed with a disparate impact on vulnerable groups in weaker nations, it has been the bulwark of the modern geo-economic order.

By taking the ‘national security’ exception head on, the panel has undertaken a brave act of self-preservation and foiled the utilisation of a dangerous trump card.

For more details visit https://cis-india.org/internet-governance/blog/the-wire-arindrajit-basu-may-8-2019-will-the-wto-finally-tackle-the-trump-card-of-national-security

An Analysis of the RBI’s Draft Framework on Regulatory Sandbox for Fintech

vipul — 2019-05-08T13:57:49Z

The term Fintech is generally used to describe innovative technology and technological processes being used in the financial services sector.

Click here to download the file.

It originated as a term referring to the back-end technology used by large financial institutions, but has expanded to include technological innovation in the financial sector, including innovations in financial literacy and education, retail banking, investments, etc. Entities engaged in FinTech offer an array of services ranging from peer-to-peer lending platforms and mobile payment solutions to online portfolio management tools and international money transfers.

Regulation and supervision of the Fintech industry raises some unique challenges for regulatory authorities as they have to strike a balance between financial inclusion, stability, integrity, consumer protection, and competition. One of the methods that have been adopted by regulators in certain jurisdictions to tackle the complexities of this sector is to establish a “regulatory sandbox” which could nurture innovative fintech enterprises while at the same time ensuring that the risk associated with any regulatory relaxations is contained within specified boundaries. It was precisely for this reason that establishment of a regulatory sandbox was one of the options put forward by the Working Group on Fintech and Digital Banking established by the Reserve Bank of India in its report of November, 2017 which was released for public comments on February 8, 2018. Acting on this recommendation the Reserve Bank has proposed a Draft Enabling Framework for Regulatory Sandbox, dated April 18, 2019, (“RBI Framework”) which is analysed and discussed below.

Regulatory Sandbox and its benefits

While the basic concept of a regulatory sandbox is to ensure that there is regulatory encouragement and incentive for fledgling Fintech enterprises in a contained environment to mitigate risks, different regulatory authorities have adopted varied methods of achieving this objective. While the Australian Securities and Exchange Commission (ASIC) uses a method where the eligible enterprises notify the ASIC and commence testing without an individual application process, the Financial Conduct Authority, UK (FCA) uses a cohort approach wherein eligible enterprises have to apply to the FCA which then selects the best options based on criteria laid down in the policy. The RBI has, not surprisingly, adopted an approach similar to the FCA wherein applicants will be selected by the RBI based on pre-defined eligibility criterion and start the regulatory sandbox in cohorts containing a few entities at a time.

A regulatory sandbox offers the users the opportunity to test the product’s viability without a larger and more expensive roll out involving heavy investment and regulatory authorizations. If the product appears to have the potential to be successful, it might then be authorized and brought to the broader market more quickly. If there are any problems with the product the limited nature of the sandbox ensures that the consequences of the problems are contained and do not affect the broader market. It also allows regulators to obtain first-hand empirical evidence on the benefits and risks of emerging technologies and business models, and their implications, which allows them to take a considered (and perhaps more nuanced) view on the regulatory requirements that may be needed to support useful innovation, while mitigating the attendant risks. A regulatory sandbox initiative also sends a clear signal to the market that innovation is on the agenda of the regulator.

RBI Draft Framework

Since the RBI has adopted a cohort approach for its regulatory sandbox process (“RS”), it implies that fintech entities will have to apply to the RBI to be selected in the RS. The eligibility criterion provides that the applicants will have to meet the eligibility conditions prescribed by the government for start-ups as per the Government of India, Department of Industrial Policy and Promotion, Notification GSR 364(E) April 11, 2018. The RS will focus on areas where (i) there is an absence of regulations, (ii) regulations need to be eased to encourage innovation, and (iii) the innovation/product shows promise of easing/effecting delivery of financial services in a significant way. The Framework also provides an indicative list of innovative products and technologies which could be considered for RS testing, and at the same time prohibits certain products and technologies from being considered for this programme such as credit registry, crypto currencies, ICOs, etc.

The RBI Framework also lays down specific conditions that the entity has to satisfy in order to be considered for the RS such as satisfaction of the conditions to be considered a start-up, minimum net worth requirements, fit and proper criteria for Directors and Promoters, satisfactory conduct of bank accounts of promoters/directors, satisfactory credit score, technological readiness of the product for deployment in the broader market, ensuring compliance with existing laws and regulations on consumer data and privacy, adequate safeguards in its IT systems for protection against unauthorised access etc. and a robust IT infrastructure and managerial resources. The fit and proper criteria for Directors and Promoters which requires elements of credit history along with the minimum net worth requirements in the RBI Framework are conditions which may be too difficult for some of the smaller and newer start-ups to satisfy even though the technology and products they offer might be sound. The applicants are also required to: (i) highlight an existing gap in the financial ecosystem and how they intend to address that, (ii) show a regulatory barrier or gap that prevents the implementation of the solution on a large scale, (iii) clearly define the test scenarios, expected outcomes, boundary conditions, exit or transition strategy, assessment and mitigation of risks, etc.

The RBI Framework specifies that the focus of the RS should be narrow in terms of areas of innovation and limited in terms of intake. While limits on the number of entities per cohort may be justified based on paucity of resources, limiting the focus of the RS by narrow areas of innovation is a lost opportunity in terms of sharing of ideas and learning from the mistakes of their colleagues who may be employing technologies and principles which could be useful in fields other than those where they are currently being applied.

The RBI Framework specifies that the boundaries of the RS have to be well defined so that any consequences of failure can be contained. These boundary conditions include a specific start and end date, target customer type and limits on number of customers, cash holdings, transaction amounts and customer losses. The Framework does not put in place any hard numbers on the boundary conditions which ensures that the RS process can be customised to the needs of specific entities since the sample sizes and data needed to determine the viability of fintech entities and products may vary from product to product. However a major dampener is the hard limit of 12 weeks imposed on the testing phase of the RS, which is the most important phase since all the data from the operations is generated during this phase and 12 weeks may not be enough time to generate enough reliable data so as to reach a determination of the viability of the product.

Although the RBI has shown a willingness to relax regulatory requirements for RS participants on a case to case basis, it has specified that there shall be no relaxation on issues of customer privacy and data protection, security of payment data, transaction security, KYC requirements and statutory restrictions. Since this is only an initiative by the RBI the RS participants dealing with the insurance or securities sector would not be entitled to any relaxations from the IRDA or the SEBI even if they are found eligible for relaxations from RBI regulations. This would severely limit the efficacy of the RS process and is an issue that could have been addressed if all three regulators had collaborated thereby encouraging innovative start-ups offering a broader spectrum of services.

Once the RS is finished, the regulatory relaxations provided by the RBI will expire and the fintech entity will have to either stop operations or comply with the relevant regulations. In case the entity requires an extension of the RS period, it would apply to the RBI atleast one month prior to the expiry of the RS period with reasons for the extension. The RBI also has the option of prematurely terminating the sandbox process in case the entity does not achieve its intended purpose or if it cannot comply with the regulatory requirements and other conditions specified at the relevant stage of the sandbox process. The fintech entity is also entitled to quit the RS process prematurely by giving one week’s notice to the RBI, provided it ensures that all its existing obligations to its customers are fully addressed before such discontinuance. Infact customer obligations have to be met by the fintech entities irrespective of whether the operations are prematurely ended by the entity or it continues through the entire RS process; no waiver of the legal liability towards consumers is provided by the RS process. In addition, customers are required to be notified upfront about the potential risks and their explicit consent is to be taken in this regard.

The RBI Framework itself lists out some of the risks associated with the regulatory sandbox model such as (i) loss of flexibility in going through the RS process, (ii) case by case determinations involve time and discretional judgements, (iii) no legal waivers, (iv) requirement of regulatory approvals after the RS process is over, (iv) legal issues such as consumer complaints, challenges from rejected candidates, etc. While acknowledging the above risks the Framework also mentions that atleast some of them may be mitigated by following a time bound and transparent process thus reducing risks of arbitrary discretion and loss of flexibility.

Conclusions

While there are some who are sceptical of the entire concept of a regulatory sandbox for the reason that it loosens regulation too much while at the same time putting customers at risk, the cohort model adopted by the RBI would reduce that risk to an extent since it ensures comprehensive screening and supervision by the RBI with clear exit strategies and an emphasis on consumer interests. On the other hand the eligibility criterion for applicants prescribes minimum net worth requirements as well as credit history, etc. which may impose conditions too onerous for some start ups which may be their infancy. Further the clear emphasis on protection of customer privacy and consumer interests also ensures that the RBI will not put the interests of ordinary citizens at risk in order to promote new and untested technologies. That said, the regulatory sandbox process is a welcome initiative by the RBI which may send a signal to the financial community that it is aware of the potential advantages as well as risks of Fintech and is willing to play a proactive role in encouraging new technologies to improve the financial sector in India.

Report of Working Group on Fintech and Digital Banking, Reserve Bank of India, November, 2017, available at https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=892

Jenik, Ivo, and Kate Lauer. 2017. “Regulatory Sandboxes and Financial Inclusion.” Working Paper. Washington, D.C.: CGAP, available at https://www.cgap.org/sites/default/files/Working-Paper-Regulatory-Sandboxes-Oct-2017.pdf

Other countries which have regulatory sandboxes are Netherlands, Bahrain, Abu Dhabi, Saudi Arabia, etc.

Report of Working Group on Fintech and Digital Banking, Reserve Bank of India, November, 2017, available at https://www.rbi.org.in/Scripts/PublicationReportDetails.aspx?UrlPage=&ID=892

These conditions are fairly liberal in that they require that the entity should be less than 7 years old; should not have a turnover of more than 25 crores, and should be working for innovation, development or improvement of products or processes or services, or if it is a scalable business model with a high potential of employment generation or wealth creation.

Clause 5 of the RBI Framework.

Clause 6.1 of the RBI Framework.

Clause 6.3 of the RBI Framework.

Clause 6.5 of the RBI Framework.

Clause 6.4 of the RBI Framework.

Clause 6.7 of the RBI Framework.

Clauses 6.2 and 8 of the RBI Framework.

Clause 6.6 of the RBI Framework.

Clause 6.9 of the RBI Framework.

Jemima Kelly, A “fintech sandbox” might sound like a harmless idea. It's not, Financial Times, Aplphaville, https://ftalphaville.ft.com/2018/12/05/1543986004000/A--fintech-sandbox--might-sound-like-a-harmless-idea--It-s-not/

For more details visit https://cis-india.org/internet-governance/blog/vipul-kharbanda-may-8-2019-an-analysis-of-rbi-draft-framework-on-regulatory-sandbox-for-fintech

Why the TikTok ban is worrying

gurshabad — 2019-05-05T10:11:28Z

Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

The article by Gurshabad Grover was published in Hindustan Times on May 2, 2019.

In a span of less than two weeks, the Madras High Court has imposed and lifted a ban on the TikTok mobile application, an increasingly popular video and social platform. While rescinding the ban is welcome, the events tell a worrying tale of how the courts can arbitrarily censor online expression with little accountability.

On April 3, the Madras High Court heard a public interest litigation petitioning for the TikTok mobile app to be banned in India because it was “encouraging pornography”, “degrading culture”, “causing paedophiles”, spreading “explicit disturbing content” and causing health problems for teenagers. It is difficult to establish the truth of these extreme claims about content on the platform that has user generated content, but the court was confident enough to pass wide ranging interim orders on the same day without hearing ByteDance, the company that operates the Tik Tok app.

The interim order had three directives. First, the Madras High Court ordered the government to prohibit the downloading of the app. Second, it restricted the media from broadcasting videos made using the app. Third, it asked the government to respond about whether it plans to enact legislation that would protect children’s online privacy. While the third directive poses an important question to the government that merits a larger discussion, the first two completely lacked a legal rationale. The court order also implied that the availability of pornography on the platform was problematic, even though it is not illegal to access pornography in India.

Appallingly, the order makes no mention at all of the most pertinent legal provision: Section 79 of the Information Technology (IT) Act and the rules issued under it, which form the liability regime applicable to intermediaries (online services). The intermediary liability rules in India generally shield online platforms from liability for the content uploaded to their platform as long as the company operating is primarily involved in transmitting the content, complies with government and court orders, and is not abetting illegal activity. It is this regime that has ensured that online platforms are not hyperactively censoring expression to avoid liability, and has directly supported the proliferation of speech online.

The courts do have some powers of online censorship under the provision, which they have used many times in the past. They have the authority to decide on questions of whether certain content violates law and then direct intermediaries to disable access to that specific content. Such a legal scenario was certainly not the case before the Madras High Court. We can also be sure that the app stores run by Apple and Google, on which TikTok is available, were not the intermediaries under consideration here (which would also be problematic in its own ways) since the interim order makes no mention of them. So, despite the fact that the court’s order had no clear jurisdiction and legal basis, Apple and Google were ordered by the government to remove TikTok from their respective mobile app stores for India.

ByteDance Technology appealed to the Supreme Court of India to rescind the ban, arguing that they qualify as intermediaries under the IT Act and should not face a blanket ban as a repercussion of allegedly problematic content on their platform. The Supreme Court refrained from staying the problematic Madras High Court interim order, but decided that the ban on the app will be lifted by April 24 if the case wasn’t decided by then. On April 24, sense finally prevailed when the High Court decided to take the interim directive back.

Admittedly, popular online platforms can create certain social problems. TikTok has faced bans elsewhere and was fined by the Federal Trade Commission in the United Sates for collecting information on its users who were below the age of 13. There is no debate that the company is legally bound to follow the rules issued under the IT Act, be responsive to legally valid government and court orders, and should strictly enforce their community guidelines that aim to create a safe environment for the young demographic that forms a part of its user base. However, a ban is a disproportionate move that sends signals of regulatory uncertainty, especially for technology companies trying to break into an increasingly consolidated market. The failure of the government to enact a law that protects children’s privacy also cannot be considered a legitimate ground for a ban on a mobile app.

Perhaps most importantly, the interim court order adds yet another example to the increasing number of times the judiciary has responded to petitions by passing censorship orders that have no basis in law. As constitutional scholar Gautam Bhatia has pointed out, we are faced with the trend of “judicial censorship” wherein the judiciary is exercising power without accountability in ways not envisioned by the Constitution. Rather than critically examining the infringement of liberties by the political executive, the Indian courts are becoming an additional threat to the right to freedom of expression, which we must be increasingly wary of.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-may-2-2019-gurshabad-grover-why-the-tik-tok-ban-is-worrying

Cyber criminals hide in the ‘dark web’ to remain anonymous

Tushar Kaushik — 2019-05-02T13:55:39Z

An increasing number of cyber criminals are using the dark web — the encrypted part of the internet that cannot be tracked — to shop for software that helps them remain anonymous while carrying out their crimes.

The article by Tushar Kaushik was published in Economic Times on May 2, 2019. Karan Saini was quoted.

The dark web is a part of the deep web, the non-indexed part of the world wide web that cannot be accessed by standard search engines such as Google and requires encrypted networks such as Tor browser.

The most significant feature of this world is that the identity of its users is hidden and cannot be tracked, which is why several illicit products such as weapons and drugs are available here. Cyber criminals, too, appear to be shopping here.

According to app developer and cofounder of TBG Labs Harsha Halvi, the deep web makes up as much as about 65- 75% of the world wide web. “Many tools that can be used to commit cyber frauds are available on the dark web,” said cyber crime police station inspector M Chandrappa. Deputy superintendent at the cyber crime police station of CID MD Sharath said it was difficult to ascertain the frequency of usage of such applications by criminals.

Those fighting cyber crime in Bengaluru say that as most cases are not detected, chances are that more and more criminals are using the dark web. While investigating a case recently, a suspect admitted to having downloaded a software from the dark web that enabled him to disguise his number and also prevent it from being traced, the police said. “If a person has used tools from the dark web to hide his number, the investigation ends right there, as we do not have the necessary tools and software to trace the person,” a senior police officer said.

Experts say that while there are ways to trace activity on the dark web, police officials would require special training and specific information about the activity. Security researcher and policy officer at the Centre for Internet and Society Karan Saini said, “Attempting to track unconventional online behaviour would call for development of new methods, along with formal training for those involved, especially if malicious actors are using the Tor network to carry out illicit activities instead of the clear web.”

Halvi said some agencies like the FBI deploy ethical hackers to track specific websites on the dark web. “But they, too, have to rely on getting specific information from people to investigate the dark web. It is a time-consuming process.”

Bitcoin transactions are the preferred mode of payment for purchases on the dark web as they cannot be traced. However, Saini said some US-based researchers have written academic papers on how bitcoin exchanges can be tracked.

For more details visit https://cis-india.org/internet-governance/news/economic-times-may-2-2019-tushar-kaushik-cyber-criminals-hide-in-the-dark-web-to-remain-anonymous

How privacy fares in the 2019 election manifestos | Opinion

Aayush Rathi and Ambika Tandon — 2019-05-02T01:49:39Z

We now have a rights-based language around privacy in the mainstream political discourse but that’s where it ends.

The article by Aayush Rathi and Ambika Tandon was published in the Hindustan Times on May 1, 2019.

In August 2017, the Supreme Court, in Puttaswamy vs Union of India, unanimously recognised privacy as a fundamental right guaranteed by the Constitution. Before the historic judgment, the right to privacy had remained contested and was determined on a case-by-case basis. By understanding privacy as the preservation of individual dignity and autonomy, the judgment laid the groundwork to accommodate subsequent landmark legislative moves — varying from decriminalising homosexuality to limiting the use of the Aadhaar by private actors.

Reflecting the importance gained by privacy within public imagination, the 2019 elections are the first time it finds mention across major party manifestos. In 2014, the Communist Party of India (Marxist) was the only political party to have made commitments to safeguarding privacy, albeit in a limited fashion. For the 2019 election, both the Congress and the CPI(M) promise to protect the right to privacy if elected to power. The Congress promises to “pass a law to protect the personal data of all persons and uphold the right to privacy”. However, it primarily focuses on informational privacy and its application to data protection, limited to the right of citizens to control access and use of information about themselves.

The CPI(M) focuses on privacy more broadly while promising to protect against “intrusion into the fundamental right to privacy of every Indian”. In a similar vein, both the Congress and the CPI(M) also commit to bringing about surveillance reform by incorporating layers of oversight. The CPI(M) manifesto further promises to support the curtailment of mass surveillance globally. It promises to enact a data privacy law to protect against “appropriation/misuse of private data for commercial use”, albeit without any reference to misuse by government agencies.

On the other hand, the Samajwadi Party manifesto proposes the reintroduction of the controversial NATGRID, an overarching surveillance tool proposed by the Congress in the aftermath of the 26/11 Mumbai attacks. In this backdrop, digital rights for individuals are conspicuous by their absence from the Bharatiya Janata Party’s manifesto. Data protection is only seen in a limited sense as being required in conjunction with increasing digital financialisation.

The favourable articulation of privacy in some of the manifestos should be read along with other commitments across parties around achieving development goals through the digital economy. Central to the operation of this is aggregating citizen data. Utilising this aggregated data for predictive abilities is key to initiatives being proposed in the manifestos —digitising health records, a focus on sunrise technologies, such as machine learning and big data, and readiness for “Industry 5.0” are some examples.

The right is then operationalised in a manner that leads data subjects to pick between their privacy and accessing services being provided by the data collector. Relinquishing privacy becomes the only option especially when access to welfare services is at stake.

The discourse around privacy in India has historically been used to restrict individual freedoms. In the Puttaswamy case, Justice DY Chandrachud, in his plurality opinion, acknowledges feminist scholarship to broaden the understanding of the right to privacy to one that protects bodily integrity and decisional privacy for marginalised communities. This implies protection against any manner of State interference with decisions regarding the self, and, more broadly, the right to create a private space to allow the personality to develop without interference. This includes protection from undue violations of bodily integrity such as protecting the freedom to use public spaces without fear of harassment, and criminalising marital rape.

While the articulation of privacy in the manifestos is a good start, it should be much more. Governance must implement the right to look beyond the individualised conception of privacy so as to allow it to support a whole range of freedoms, rather than limiting it to data protection. This could take the shape of modifying traditional legal codes. Family law, for instance, could be reshaped to allow for greater exercise of agency by women in marriage, guardianship, succession etc. Criminal law, too, could render inadmissible evidence obtained through unjustified privacy violations. The manifestos do mark the entry of a rights-based language around privacy and bodily integrity into mainstream political discourse. However, there appears to be a lack of imagination of the extent to which these protections can be used to further individual liberty collectively.

For more details visit https://cis-india.org/internet-governance/blog/hindustan-times-may-1-2019-aayush-rathi-and-ambika-tandon-how-privacy-fares-in-the-2019-election-manifestos