We are anonymous, we are legion

Security Research

vanya — 2016-01-03T09:55:27Z

The Centre Internet and Society, India has been researching privacy policy in India since the year 2010 with the following objectives.

Research on the issue of privacy in different sectors in India.
Monitoring projects, practices, and policies around those sectors.
Raising public awareness around the issue of privacy, in light of varied projects, industries, sectors and instances.

State surveillance in India has been carried out by Government agencies for many years. Recent projects include: NATGRID, CMS, NETRA, etc. which aim to overhaul the overall security and intelligence infrastructure in the country. The purpose of such initiatives has been to maintain national security and ensure interconnectivity and interoperability between departments and agencies. Concerns regarding the structure, regulatory frameworks (or lack thereof), and technologies used in these programmes and projects have attracted criticism.

Surveillance/Security Research -

1. Central Monitoring System -

The Central Monitoring System or CMS is a clandestine mass electronic surveillance data mining program installed by the Center for Development of Telematics (C-DOT), a part of the Indian government. It gives law enforcement agencies centralized access to India's telecommunications network and the ability to listen in on and record mobile, landline, satellite, Voice over Internet Protocol (VoIP) calls along with private e-mails, SMS, MMS. It also gives them the ability to geo-locate individuals via cell phones in real time.

The Central Monitoring System: Some Questions to be Raised in Parliament http://bit.ly/1fln2vu

India´s ´Big Brother´: The Central Monitoring System (CMS) http://bit.ly/1kyyzKB

India's Central Monitoring System (CMS): Something to Worry About? http://bit.ly/1gsM4oQ

C-DoT's surveillance system making enemies on internet http://cis-india.org/news/dna-march-21-2014-krishna-bahirwani-c-dots-surveillance-system-making-enemies-on-internet

2. Surveillance Industry : Global And Domestic -

The surveillance industry is a multi-billion dollar economic sector that tracks individuals along with their actions such as e-mails and texts. With the cause for its existence being terrorism and the government's attempts to fight it, a network has been created that leaves no one with their privacy. All that an individual does in the digital world is suspect to surveillance. This included surveillance in the form of snooping where an individual's phone calls, text messages and e-mails are monitored or a more active kind where cameras, sensors and other devices are used to actively track the movements and actions of an individual. This information allows governments to bypass the privacy that an individual has in a manner that is considered unethical and incorrect. This information that is collected also in vulnerable to cyber-attacks that are serious risks to privacy and the individuals themselves. The following set of articles look into the ethics, risks, vulnerabilities and trade-offs of having a mass surveillance industry in place.

Surveillance Technologies http://bit.ly/14pxg74

New Standard Operating Procedures for Lawful Interception and Monitoring http://bit.ly/1mRRIo4

Video Surveillance and Its Impact on the Right to Privacy http://cis-india.org/internet-governance/blog/privacy/video-surveillance-privacy

More than a Hundred Global Groups Make a Principled Stand against Surveillance http://cis-india.org/internet-governance/blog/more-than-hundred-global-groups-make-principled-stand-against-surveillance

Models for Surveillance and Interception of Communications Worldwide http://cis-india.org/internet-governance/blog/models-for-surveillance-and-interception-of-communications-worldwide

Why 'Facebook' is More Dangerous than the Government Spying on You http://cis-india.org/internet-governance/blog/why-facebook-is-more-dangerous-than-the-government-spying-on-you

The Difficult Balance of Transparent Surveillance http://cis-india.org/internet-governance/blog/the-difficult-balance-of-transparent-surveillance

UK's Interception of Communications Commissioner - A Model of Accountability http://cis-india.org/internet-governance/blog/uk-interception-of-communications-commissioner-a-model-of-accountability
Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India http://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age
State Surveillance and Human Rights Camp: Summary http://bit.ly/ZZNm6M
India Subject to NSA Dragnet Surveillance! No Longer a Hypothesis - It is Now Officially Confirmed http://bit.ly/1eqtD8g
Spy Files 3: WikiLeaks Sheds More Light on the Global Surveillance Industry http://bit.ly/1d6EmjD
Surveillance Camp IV: Disproportionate State Surveillance - A Violation of Privacy http://bit.ly/1ilTJts
Hacking without borders: The future of artificial intelligence and surveillance http://bit.ly/1kWiwGv
Driving in the Surveillance Society: Cameras, RFID tags and Black Boxes http://bit.ly/1mr3KTH
Policy Brief: Oversight Mechanisms for Surveillance http://cis-india.org/internet-governance/blog/policy-brief-oversight-mechanisms-for-surveillance

3. Judgements By the Indian Courts -

The surveillance industry in India has been brought before the court in different cases. The following articles look into the cause of action in these cases along with their impact on India and its citizens.

Anvar v. Basheer and the New (Old) Law of Electronic Evidence http://cis-india.org/internet-governance/blog/anvar-v-basheer-new-old-law-of-electronic-evidence

The Gujarat High Court Judgement on the Snoopgate Issue http://cis-india.org/internet-governance/blog/gujarat-high-court-judgment-on-snoopgate-issue

4. International Privacy Laws -

Due to the universality of the internet, many questions of accountability arise and jurisdiction becomes a problem. Therefore certain treaties, agreements and other international legal literature was created to answer these questions. The articles listed below look into the international legal framework which governs the internet.

Learning to Forget the ECJ's Decision on the Right to be Forgotten and its Implications http://cis-india.org/internet-governance/blog/learning-to-forget-ecj-decision-on-the-right-to-be-forgotten-and-its-implications
Privacy and Security Can Co-exist http://cis-india.org/internet-governance/blog/privacy-and-security
European Union Draft Report Admonishes Mass Surveillance, Calls for Stricter Data Protection and Privacy Laws http://cis-india.org/internet-governance/blog/european-union-draft-report-admonishes-mass-surveillance
Draft International Principles on Communications Surveillance and Human Rights http://bit.ly/XCsk9b

5. Indian Surveillance Framework -

The Indian government's mass surveillance systems are configured a little differently from the networks of many countries such as the USA and the UK. This is because of the vast difference in infrastructure both in existence and the required amount. In many ways, it is considered that the surveillance network in India is far worse than other countries. This is due to the present form of the legal system in existence. The articles below explore the system and its functioning including the various methods through which we are spied on. The ethics and vulnerabilities are also explored in these articles.

Paper-thin Safeguards and Mass Surveillance in India - http://cis-india.org/internet-governance/blog/paper-thin-safeguards-and-mass-surveillance-in-india

The Surveillance Industry in India: At Least 76 Companies Aiding Our Watchers! - http://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers

The Surveillance Industry in India - An Analysis of Indian Security Expos http://cis-india.org/internet-governance/blog/surveillance-industry-in-india-analysis-of-indian-security-expos

GSMA Research Outputs: different legal and regulatory aspects of security and surveillance in India http://cis-india.org/internet-governance/blog/gsma-research-outputs

Way to watch http://cis-india.org/internet-governance/blog/indian-express-june-26-2013-chinmayi-arun-way-to-watch
Free Speech and Surveillance http://cis-india.org/internet-governance/blog/free-speech-and-surveillance
Surveillance rises, privacy retreats http://cis-india.org/internet-governance/news/business-standard-namrata-acharya-april-12-2015-surveillance-rises-privacy-retreats

Freedom from Monitoring: India Inc. should Push For Privacy Laws http://cis-india.org/internet-governance/blog/forbesindia-article-august-21-2013-sunil-abraham-freedom-from-monitoring

Surat's Massive Surveillance Network Should Cause Concern, Not Celebration http://cis-india.org/internet-governance/blog/surat-massive-surveillance-network-cause-of-concern-not-celebration

Vodafone Report Explains Government Access to Customer Data http://cis-india.org/internet-governance/blog/vodafone-report-explains-govt-access-to-customer-data

A Review of the Functioning of the Cyber Appellate Tribunal and Adjudicator officers under the IT Act http://cis-india.org/internet-governance/blog/review-of-functioning-of-cyber-appellate-tribunal-and-adjudicatory-officers-under-it-act

A Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications http://bit.ly/U6T3xy

SEBI and Communication Surveillance: New Rules, New Responsibilities? http://bit.ly/1eqtD8g

Snooping Can Lead to Data Abuse http://cis-india.org/internet-governance/blog/snooping-to-data-abuse

Big Brother is Watching You http://bit.ly/1arbxwm

Moving Towards a Surveillance State http://cis-india.org/internet-governance/blog/moving-towards-surveillance-state
How Surveillance Works in India http://cis-india.org/internet-governance/blog/nytimes-july-10-2013-pranesh-prakash-how-surveillance-works-in-india

Big Democracy, Big Surveillance: India's Surveillance State http://bit.ly/1nkg8Ho
Can India Trust Its Government on Privacy? http://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy
Indian surveillance laws & practices far worse than US http://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us
Security, Surveillance and Data Sharing Schemes and Bodies in India http://cis-india.org/internet-governance/blog/security-surveillance-and-data-sharing.pdf/view
Policy Paper on Surveillance in India http://cis-india.org/internet-governance/blog/policy-paper-on-surveillance-in-indiahttp://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technology
The Constitutionality of Indian Surveillance Law: Public Emergency as a Condition Precedent for Intercepting Communications http://cis-india.org/internet-governance/blog/the-constitutionality-of-indian-surveillance-law
Surveillance and the Indian Constitution - Part 1: Foundations http://bit.ly/1ntqsen

Surveillance and the Indian Constitution - Part 2: Gobind and the Compelling State Interest Test http://bit.ly/1dH3meL

Surveillance and the Indian Constitution - Part 3: The Public/Private Distinction and the Supreme Court's Wrong Turn http://bit.ly/1kBosnw

Mastering the Art of Keeping Indians Under Surveillance http://cis-india.org/internet-governance/blog/the-wire-may-30-2015-bhairav-acharya-mastering-the-art-of-keeping-indians-under-surveillance

For more details visit https://cis-india.org/internet-governance/blog/security-research

Security experts say need to secure Aadhaar ecosystem, warn about third party leaks

Admin — 2018-03-26T22:37:30Z

The public reckoning of data leaks in India’s national ID database, Aadhaar is still on hold while reports of data leakage through third-parties keep coming.

The article by Nilesh Christopher was published in Economic Times on March 26, 2018. Sunil Abraham was quoted.

While the Unique Identification Authority of India (UIDAI) has maintained that its database is secure and there are no breaches of Aadhaar data from its system, security researchers warn that leaks are happening in third-party sites and it is important for the agency to ensure that its ecosystem adopts measures to keep data safe.

“Securing an entire ecosystem is more important than secure individual databases,” said security researcher Srinivas Kodali. Over the weekend, technology publication ZDnet citing an Indian security researcher said that it identified Aadhaar data leaks on a system run by a state-owned utility company Indane that allowed anyone to access sensitive information like a name, Aadhar number, bank details. The leak was plugged soon after the report appeared.

UIDAI came out with a strong statement denying the breach. “There is no truth in the story as there has been absolutely no breach of UIDAI’s Aadhaar database. Aadhaar remains safe and secure,” the government agency said.

There have been no reports of any breach in the core database so far. However, it is the third-parties that have acted as weak links.

“The simple parallel that can be drawn is, though Facebook’s core database of users information was secure, the data leak happened through third-party developers and organisation like Cambridge Analytica that have allegedly misused it,” Kodali said.

In case of Aadhar too, the allegations of breaches have not been on ‘Aadhaar database’ but rather at insecure government websites and third-parties with API access to the database. “In this aspect, the issue in Facebook and Aadhaar is similar. In both the cases there was no breach of database, but it was third parties that acted as the weakest link. In both cases, it was a legitimate means of access through API that was open for abuse,” said Sunil Abraham, executive director, Center for Internet and Society.

UIDAI could take a leaf from Indian Space Research Organisation while handling data breach reports. The state-run space agency put out a note appreciating security researches for their efforts. An email ID to report flaws is more important than summoning people regarding data breaches.

“The fear of criminal prosecution hanging over the heads of ethical hackers would not help us develop a robust and strong security architecture,” said Karan Saini, a Delhi-based security researcher who first highlighted the Aadhaar leak at Indane.

“UIDAI is working on a policy to enable security experts to report issues in a legal and safe manner,” tweeted Ajay Bhushan Pandey, chief executive of India's Unique Identification Authority (UIDAI), the government department that administers the Aadhaar database. Seven months after the tweet, Pandey’s promise of a bug-reporting mechanism has still has not fructified.

For more details visit https://cis-india.org/internet-governance/news/economic-times-march-26-2018-nilesh-christopher-security-experts-say-need-to-secure-aadhaar-ecosystem-warn-about-third-party-leaks

Security and Surveillance: A public discussion on Optimizing Security while Safeguarding Human Rights

praskrishna — 2014-12-19T08:46:34Z

The Centre for Internet and Society (CIS) invites you to a public discussion on optimizing security and safeguarding human rights at its Bangalore office on Friday, December 19th, 2014, 16:00 to 18:00.

The Centre for Internet and Society, in collaboration with Privacy International UK, has undertaken exploratory research into surveillance, security, and the security market in India.

Through this research, we hope to understand and document policy and law associated with security, surveillance, and the security market in India and learn about the regulation of security and related technologies such as encryption, filtering, monitoring software, and interception equipment. We also hope to understand the import and export policy regime for dual use technologies.

Such findings will be critical in creating evidence based research to inform security policy and regulation in India and work towards enabling regulatory frameworks that optimize the nation’s security while protecting the rights of citizens.

For more details visit https://cis-india.org/internet-governance/events/security-and-surveillance-optimizing-security-human-rights

Security and Surveillance – Optimizing Security while Safeguarding Human Rights

elonnai — 2015-02-13T02:41:46Z

The Centre for Internet and Society (CIS) on December 19, 2014 held a talk on “Security and Surveillance – Optimizing Security while Safeguarding Human Rights.

The talk focused on a project that is being undertaken by CIS in collaboration with Privacy International, UK. Initiated in 2014, the project seeks to study the regulatory side of surveillance and related technologies in the Indian context. The main objective of the project is to initiate dialogue on surveillance and security in India, government regulation, and the processes that go into the same. The talk saw enthusiastic participation from civil society members, policy advisors on technology, and engineering students.

During the event it was highlighted that requirements of judicial authorization, transparency and proportionality are currently lacking in the legal regime for surveillance in India and at the same time India has a strong system of ‘security’ that service providers must adhere to – which works towards enhancing cyber security in the country.

Discussions played out with regard to how most of the nine intelligence agencies that are authorized to intercept information in India are outside the ambit of parliamentary oversight, the RTI and the CAG, making them virtually unaccountable to the Indian public.

Another conversation focused on the sharing of information between various intelligence agencies within the country, and the fact that this area is virtually unregulated. The discussion then steered to cyber-security in general, emerging technologies used by the Government of India for surveillance, cooperative agreements for surveillance technologies that India has with other countries, the export and import of such technologies from India, and most importantly, the role of service providers in the surveillance debate, and the regulations they are subject to.

A common theme seemed to be emerging from the discussion was that the agencies responsible for regulating information interception and surveillance in the country are shockingly unaccountable to the Indian public. As an active civil society member noted today - “There is no oversight/monitoring of the agencies themselves, so there’s no way anyone would even know of how many instances of surveillance or unauthorized interception have actually occurred.”

The talk successfully concluded with inputs from members of the audience, and a broad consensus on the fact that the Government of India would have to adhere to stronger regulatory standards, harmonized surveillance standards, stronger export and import certification standards, etc., in order to make surveillance in India more transparent and accountable. As was stated at the talk, “We don’t have a problem with the concept of surveillance per se, - it has more to do with its problematic implementation”.

For more details visit https://cis-india.org/internet-governance/blog/security-and-surveillance-optimizing-security-while-safeguarding-human-rights

Securing the internet’s future

praskrishna — 2016-03-28T02:24:35Z

Mike Godwin, who proposed the eponymous law about online discussion threads, speaks about net neutrality, differential pricing and why no government is likely to oppose stricter surveillance measures.

The article by Bhavya Dore was published in Hindu Businessline on March 25, 2016.

For gravity, there’s Newton’s law, for internet discussion threads, there’s Godwin’s law. Twenty-five years ago, a law student trawling through cyberspace noticed a recurring pattern: at some point in an online discussion, someone would invariably invoke Hitler or the Nazis. The observation led to an act of ‘mimetic engineering’ — rifling through discussion boards, pointing this out, and promptly naming the law after him.

Godwin’s law states: As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one — that is, the likelier this becomes.

Mike Godwin, 59, a portly, white-haired gent in Harry Potter glasses is best known for this aphoristic piece of wisdom. “The purpose,” he says, “was to make the people who engaged in frivolous comparisons of atrocities seem like they weren’t thinking.”

It is generally understood that when one of the arguers is falling back on the Nazis as rhetorical shorthand, that person is starting to lose the argument.

“It certainly means one of the arguers has gone to a higher or lower level,” he said.

Godwin was in India in February as part of a series of talks organised through the Centre for Internet and Society on net neutrality.

In early February, at the Mumbai University’s civics and politics department, he was on a panel with three others at a discussion that occasionally took an agitated tone.

“[The debate] hasn’t become heated in every country to the same degree,” he said. “In India it has.” The public discussion has been polarised, with activists vehemently opposing, among other things, ‘Free Basics’ — a Facebook offering. On February 8, the telecom regulator ruled against differential pricing, debarring telecom operators from offering slices of the internet at different prices.

Godwin doesn’t see net neutrality and differential pricing as mutually exclusive. “I think some forms [of differential pricing] are potentially good and some forms are potentially bad,” he said. “And the regulator has to look closely and make a determination about the harms or benefits.”

Godwin has worked with the Wikimedia Foundation, which offered Wikipedia Zero for free in some countries through specific providers, as a gateway to Wikipedia. But he isn’t trying to convince you one way or the other.

“[There is] an idea that there was something valuable about carriers [service providers] being neutral,” he said. “And I still think that that’s true… But the thing that changed was this: with Wikipedia, I realised it doesn’t matter if you have neutrality if nobody can afford it. Neutrality hasn’t served the people who can’t afford to pay to have the wires built up to their provinces.”

This then boils down to the fundamental question: how do we create a world that gets people connected? “It may involve cross-subsidies of various sorts, and all of these things historically have invited some degree of government regulation,” said Godwin. “The question is less ‘do you regulate or not regulate’, the question is ‘do you do it right’.”

But does Free Basics mean anything to a developing country which needs real basics first: water, sanitation, shelter? Godwin doesn’t buy into the premise that the internet is a luxury that comes after all these things.

“I think that [idea] is wrong,” he said. “Because when people can share information or resources about where the water is or what good health practices are or how to properly cultivate a crop, they help everyone else. And the impulse to help and share what they know is strong.”

Godwin’s first law has now been well entrenched in popular culture. But wait, he has a second one. This one goes: Surveillance is the crack cocaine of governments.

“Almost all governments want to engage in surveillance,” he said. “Some governments have disagreements with other governments over their surveillance but rarely will we see them categorically refuse to surveil.”

And yet, he says, our outrage over this is driven by an “antiquated notion of privacy” that the content of our emails or conversations should be free from prying eyes. “In the rest of the century and future centuries people will look back at this idea and laugh: that people thought that content was the important thing,” he said. Someone reading your mail isn’t the only possible violation, but whether they are accessing the whole ecosystem of your communication. “The metadata can give away the whole store,” he said. “The metadata can be more revealing. Who are you talking to, at what time of day, for how long, how big is the message? These are all things that can matter.”

That’s not the only thing that’s changed. The internet has, since its early days, become a more charged, more violent place, where poison, bile and abuse fly thick and fast.

“The level of hatefulness directed towards women online is particularly bad,” he continued, “It is a huge cross-cultural problem.”

The other enduring problem is how do you balance free speech rights while curtailing hate speech? “If there were an easy answer I’d tell you what it is,” said Godwin.

Still, banning or blocking sites, as the Indian government has been in the past eager to do, is hardly a solution. “I won’t say there is never an argument for it,” said Godwin, pausing a beat, “I will say that I have never heard one that was any good.”

For more details visit https://cis-india.org/internet-governance/news/the-hindu-business-line-march-25-2016-bhavya-dore-securing-internets-future

Securing The Digital Payments Ecosystem

Admin — 2017-11-28T15:27:20Z

Udbhav Tiwari attended a consultation organized by NITI Aayog and Observer Research Foundation on October 9, 2017 in NITI Aayog office in New Delhi.

Since demonetisation, the Indian government has taken several steps to enable digital payments adoption across the country. With initiatives like the Digidhan Mission, setting a target of 25 billion digital transactions in 2017-18, the Modi government is setting high benchmarks which necessitate appropriate ecosystem support. Indeed, the Digidhan Mission’s ‘Objectives and Functions’, recognise that securing India’s digital payments landscape is critical.

In light of the exponential rise in e-commerce and digital payments, this imperative could not have come any sooner. India's digital transformation has not only highlighted the need for increased financial inclusion but also the emergent cyber security threats that it brings with it. This transformation, however, also represents an opportunity - not only to modernize India's laws and regulations to respond to global changes but also influence these changes and set a trajectory of growth for other emerging markets.

Keeping in mind these realities, NITI Aayog, in association with ORF, is preparing a cyber-security White Paper that will highlight best practices for the Integrity of Payments Systems and help enhance trust of the users in the payments ecosystem. The White Paper, through consultations with relevant stakeholders, will provide policy inputs to modernise standards for transaction security, hardware security and information security.

In this context a meeting was convened constituting experts and practitioners, who can help develop a comprehensive strategy to secure the digital payments ecosystem. The discussion was chaired by Dr. VK Saraswat, Hon’ble Member, NITI Aayog.

For more details visit https://cis-india.org/internet-governance/news/securing-the-digital-payments-ecosystem

Securing e-Governance: Ensuring Data Protection and Privacy

praskrishna — 2012-06-15T04:10:57Z

Privacy India in partnership with the Centre for Internet & Society, International Development Research Centre, and Society in Action Group is organizing a discussion on E-Governance. It is based on the theme, ‘Security and Privacy Issues’, and will be held in Ahmedabad, Gujarat on June 16, 2012, from 9.30 a.m. to 5.00 p.m. Registration is free and open to the public.

India has witnessed a rapid proliferation of the use of information and communication technology in the delivery of government services. E-government is seen as an instrument to simultaneously increase the efficiency, transparency and accountability of public administration and improve public service delivery. Consequently, this has transformed the traditional delivery of public sector services, this is known as “e-governance”. These developments have implications and pose challenges for privacy and security.

The right to privacy in India has been a neglected area of study and engagement. Although sectoral legislation deals with privacy issues, India does not as yet have a horizontal legislation that deals comprehensively with privacy across all contexts. The absence of a minimum guarantee of privacy is felt most heavily by marginalized communities, including HIV patients, children, women, sexuality minorities, prisoners, etc. — people who most need to know that sensitive information is protected.

Since June 2010, Privacy India in collaboration with Privacy International, based in London, has been engaging in public awareness through workshops and consultations. These provide a platform for policy makers, sectoral experts, NGOs, and the public to discuss and deliberate different questions of privacy, its intersections and its implications with our everyday life. The discussions have ranged from topics of identity and privacy, to minority rights and privacy, and consumer privacy. The workshops have been organized in different cities — Bangalore, Guwahati, Mumbai, Delhi, Kolkata, Chennai, Goa, etc.

Agenda

9.00 - 9.30	Registration
9.30 - 10.00	Welcome Prashant Iyengar is a practicing lawyer and lead researcher for Privacy India. He will present who Privacy India is, and the objectives of Privacy India's research. His presentation will focus on discussing privacy in India.
10.00 - 10.15	Tea Break
10.15 - 10.45	Session I People as the Most Vulnerable Link in e-Governance Dr. Nityesh Bhatt, Sr. Associate Professor and Chairperson in the information Management Area at Institute of Management, Nirma University, Ahmedabad
10.45 - 11.15	Ongoing e-Governance projects: Issue with security and privacy Professor Subhash Bhatnagar, Advisor - Center for Electronic Governance, Indian Institute of Management, Ahmedabad
11.15 - 11.25	Discussion
11.25 - 11.55	E-governance: What is it? Mr. Gopalkrishnan Devanathan (Kris Dev), Co-founder of the International Transparency and Accountability Network.
11.55 - 12.25	Security and privacy in e-governance with reference to the Gujarat Government Dr. Neeta Shah, Director (eGovernance), Gujarat Informatics, Ltd.
12.25 - 12.35	Discussion
12.35 - 1.20	Lunch Break
1.20 - 1.50	Session II Cyber Usages: Challenges and Dispute Resolution Utkarsh Jani, Advocate, Jani Advocates
1.50 - 2.20	Concern for privacy and security of the common man Dr. Mrinalini Shah, Professor of Operations Management at Institute of Management Technology, Ghaziabad
2.20 - 2.50	Security issues in e-Governance: A hacker's perspective Mr. Sunny Vaghela, Founder & CTO, TechDefence Private Limited
2.50 - 3.00	Discussion
3.00 - 3.30	Session III Securing the desktop through Virtualisation Anindya Kumar Banerjee, Regional Manager East, CG & MP at NComputing Inc
3.30 - 4.00	Opening up Data and privacy Ms. Nisha Thompson, Data Project Manager at Arghyam/India Water Portal
4.00 - 4.10	Discussion
4.10 - 4.25	Tea Break
4.25 - 5.00	Discussion and Questions

Confirmed Speakers

Dr. Nityesh Bhatt, Sr. Associate Professor and Chairperson in the Information Management Area at Institute of Management, Nirma University, Ahmedabad
Utkarsh Jani, Advocate, Jani Advocates
Gopalakrishnan Devanathan (Kris Dev), Co-Founder of the International Transparency and Accountability Network
Prof. Subhash Bhatnagar, Advisor- CEG- IIMA
Anindya Kumar Banerjee, Regional Manager- East, CG & MP @ NComputing India
Nisha Thompson, Consultant, India Water Portal
Dr. Mrinalini Shah, Professor, NMIMS University, Mumbai
Sunny Vaghela, Founder & CTO, TechDefence Private Limited
Prashant Iyengar, Assistant Professor, Jindal Global Law School & Assistant Director, Centre for Intellectual Property Rights Studies

Please confirm your participation with Natasha Vaz at natasha@cis-india.org. We sincerely hope you will be able to attend and look forward to your participation.

Download the following:

E-Governance, Identity and Privacy [PDF, 253 Kb]
Event Poster [PDF, 162 Kb]
Event Brochure [PDF, 1618 Kb]

For more details visit https://cis-india.org/internet-governance/securing-e-governance

Securing e-Governance

natasha — 2012-06-26T06:45:26Z

On June 16, 2012, Privacy India in partnership with the Centre for Internet & Society, Bangalore, International Development Research Centre, Canada, Privacy International, UK and the Society in Action Group, Gurgaon organised a public discussion on “Securing e-Governance: Ensuring Data Protection and Privacy”, at the Ahmedabad Management Association.

The conversation brought together a cross section of citizens, lawyers, activists, researchers, academia and students.

	Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012. He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1] He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prashant Iyengar, Assistant Professor, Jindal Global Law, opened the conference with an explanation of Privacy India’s mandate to raise awareness, spark civil action and promote democratic dialogue around privacy challenges and violations in India. He summarized the series of eight consultation previously organized across India in Kolkata on January 23, 2011, in Bangalore on February 5, 2011, in Ahmedabad on March 26, 2011, in Guwahati on June 23, 2011, in Chennai on August 6, 2011, in Mumbai on January 21, 2012, in New Delhi on February 3, 2012 and again in New Delhi on February 4, 2012.

He described an egregious instance where the State Government of Karnataka, announced a plan to “post on its website all details of (1.51 crore) ration cardholders in the state”, to weed out duplicate ration cards and promote transparency. Details posted on the website would include the “ration card number, category of card (BPL/APL), names and photographs of the head and other members of a family, address, sources of income, LPG gas connection and number of cylinders in village/taluk/district wise.” An official said, “This would also work as a marriage bureau, for instance, a boy can see a photograph of a girl on the website and see whether she suits him”.[1]

He described another embarrassing incident, which took place in 2008. Sixteen surveillance cameras were stolen from the Taj Mahal. After they had been replaced, in December 2010, it was reported that all of the CCTVs in the Taj Mahal had stopped working due to a “virus attack” on their computer systems. The district administration and the police department were apparently in disagreement as to who bore the burden of their maintenance.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

Prof. Subhash Bhatnagar, Advisor Center for e-Governance IIM, Ahmedabad, dismissed the notion that privacy is irrelevant in India. A survey on e-governance, of 50,000 people conducted in major cities of India shows that confidentiality and security of data were among the top 3 concerns among 20 choices. He discussed various mission mode projects in the National e-Governance Plan that holds and shares large amounts of data on individuals and business. He referred to his personal experience when enrolling for UID. He noticed that the box concerning consent for sharing of information with third parties was, by default, automatically ticked. When he asked the UID staff, they mentioned that the software does not allow for enrollment to continue if the box is not ticked. He called for increased vigilance among citizens, a phone helpline dedicated to resolution of privacy intrusions and sensitizing designers of e-Governance projects.

	Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Nityesh Bhatt, Sr. Associate Prof and Chairperson-Information Management Area, Institute of Management, Nirma University, Ahmedabad, stressed the importance of limiting access of information on a need-to-know basis, which is one of the most fundamental security principles. He described various characteristics of information security management including: planning, policy, programs, protection, people and project management. Lastly, he recommended ‘SETA’ as an essential program, designed to reduce the incidence of accidental security breaches by employees, contractors, consultants, vendors, and business partners. A SETA program consists of three elements: security education, security training, and security awareness. It can improve employee behavior and enables the organization to hold employees accountable for their actions.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers. E-governance applications of various departments ensure security of data and privacy protection through the following measures: Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.) Data security (robust SAN environment with high raid levels to prevent any data loss) Application security (audited by empanelled TPA) DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations) When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Dr. Neeta Shah, Director (e-Governance) Gujarat Informatics Limited, described the extent of e-governance initiatives in Gujarat (there are more than 100 e-governance applications running) and its impact. She discussed successful e-governance initiatives that have helped solve critical problems such as the online teacher application process, which accelerates the recruitment process of primary teachers.

E-governance applications of various departments ensure security of data and privacy protection through the following measures:

Network security (NIPS, Firewalls, content filtering, HIPS, antivirus, etc.)
Data security (robust SAN environment with high raid levels to prevent any data loss)
Application security (audited by empanelled TPA)
DR/BCP provisioning (real-time data is replicated to DR site in case of any physical calamity or damage to resources at primary site, backup exists at remote different seismological locations)

When designing e-government projects, the government tends to think about security of the system, but not privacy of the data. Security in the minds of the government is achieved through strengthening infrastructure, but they often overlook the human dynamic.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through: Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal) Mirrored data storage with proper security Indelible audit trail using encrypted flat file Prevent server intrusion and data theft upfront rather than do post-mortem analysis Information on data accessed can be communicated on real time basis using ICT tools Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

Gopalkrishnan Devnathan (Kris dev), Co-founder, International Transparency and Accountability Network, described e-Governance as the application of Information and Communication Technology for delivering government services. It involves the integration of various systems and services between Government-to-Citizens, Government-to-Business, Government-to-Government as well as back office processes and interactions within the entire government framework. E-governance initiatives can ensure privacy and security through:

Securing data/transaction using Smart Card with triple access control, Card, PIN and Biometrics (multimodal)
Mirrored data storage with proper security
Indelible audit trail using encrypted flat file
Prevent server intrusion and data theft upfront rather than do post-mortem analysis
Information on data accessed can be communicated on real time basis using ICT tools

Lastly, he identified the usefulness, inhibitions and potential security solutions for the Unique Identification System.

	Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Anindya Kumar Banerjee, Regional Manager- East, CG & MP at Ncomputing Inc., discussed a comparative analysis of e-governance initiatives in India. He analyzed various factors such as ease of use, simplicity of procedures, time savings compared to manual, affordable cost of service and reduction in corruption. He described the difference infrastructural threats of security and privacy in e-Governance.

Dr. Mrinalini Shah, Professor of Operations Management at Institute of Management Technology, Ghaziabad identified the slow legal system and multiple jurisdiction system as a challenge for privacy and security of data and implementations of suitable access controls and authorization as a helping factor.

Utkarsh Jani, Advocate, Jani Advocates, described the relevant section of the Information Technology Act (ITA) relating to privacy and the political and social challenges surrounding the right to privacy. He discussed the right to privacy vis-à-vis data protection. Though the ITA does enforce a level of data protection, it is far from flawless.

The ITA lacks the following:

The definition and classification of data types.

The nature and protection of the categories of data.

Data controllers and data processors have distinct
Clear restrictions on the manner of data collection.
Clear guidelines on the purposes for which the data can be put and to whom it can be sent.

Standards and technical measures governing the collection, storage, access to, protection, retention and destruction of data.
It does not provide strong safeguard and penalties against the aforesaid breaches.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised. He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable. He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server. Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

Sunny Vaghela, Founder and CTO, TechDefence Pvt. Ltd., provided a hacker’s perspective to security and privacy issues in e-governance. Cyber crimes such as privacy violations and data breaches are increasing because of the dependence on complex computer infrastructures. Complex computer infrastructures make systems vulnerable because if one application is hacked, the entire network can be accessed and compromised.

He conducted a live demonstration, showing how simple it is to hack into a government website. From his personal experience as an ethical hacker, he stated that government agencies are extremely negligent about the privacy and the security of data. A major concern with e-governance websites is that they not designed with privacy in mind, leaving the personal and private details of citizens vulnerable.

He called for full penetration testing and vulnerability assessment of e-governance portals in order to maintain the privacy of citizens and protect government data. Some government websites that were hacked include AMC e-governance (was awarded one best e-governance award in 2010), CBI server and the Income Tax of India server.

Lastly, he described the frequent mistakes made by the government in e-Governance projects. The government started using the e-Governance systems in 2003. Typically, three things are a component of the application: the person, the source code and the database, but the security is on the network. Governments work on developing the network to be secure, but they often overlook the application. A solution to this could be the use of high interaction honey pots.

	Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe. Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects. Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

Nisha Thompson, Data Project Manager at Arghyam/ India Water Portal, discussed the increased amount of data generated through e-governance initiatives and its impact. When more data is generated and collected, politics and privacy become intertwined. There can be a conflict between opening up data and privacy thus; one needs to decide on parameters. For example, with regards to privacy and national security, parameters should be in place to determine where privacy ends and the public good starts. In India, this line does not begin with the individual as it does in many contexts. Collective privacy in India is important. She described various online tools that increase transparency and awareness such as: Transparency Chennai, India Governs and I Paid a Bribe.

Over the course of the day, participants engaged in lively discussion on various issues such as the objectives and features of e-governance, examples of e-governance projects, and the parameters, problems, loopholes and tensions in e-governance projects.

Participants response to privacy concerns have to a large extent focused on the fact that e-Governance is a double-edge sword. E-governance initiatives are an invariable tool for ensuring wider participation and deeper involvement of citizens, institutions, NGOs as well as private firms in the decision making process. However, the political and regulatory environment must be strengthened.

About Privacy India

Privacy India was established in 2010 with the objective of raising awareness, sparking civil action and promoting democratic dialogue around privacy challenges and violations in India. One of our goals is to build consensus towards the promulgation of comprehensive privacy legislation in India through consultations with the public, policymakers, legislators and the legal and academic community.

[1] Nagesh Prabhu, A way to check bogus ration cards, THE HINDU, September 18, 2010, http://www.thehindu.com/todays-paper/tp-national/tp-karnataka/article696087.ece (last visited Oct 23, 2011).

Click below to download the following resources:

E-Governance, Identity and Privacy [PDF, 253 Kb]
Event Brochure [PDF, 1618 Kb]

For more details visit https://cis-india.org/internet-governance/securing-e-governance-event-report

Securing Digital Payments: Imperatives for a Growing Ecosystem

praskrishna — 2017-02-09T01:40:22Z

A round-table conference was organised by ORF and Koan Advisory on “Securing Digital Payments: Imperatives for a Growing Ecosystem”, at “The Claridges”, APJ Abdul Kalam Road, New Delhi, between 11.30 - 13.30 on February 3, 2017. Udbhav Tiwari attended the round-table conference.

The discussion was very enriching, with stakeholders from the government, industry and civil society participating in the event. The discussions mainly focused on:

Most Pressing Challenges - Convince v/s Security balance, Lack of Sector Specific Security Standards, User Digital Literacy (esp Security), Lackof economic incentives, Lack of clear liability guidelines, capable security talent.
Mobile proliferation - Massively, device dependent (Chinese models), increase in attack surface, fragmentation makes security harder toimplement and enforce, low amount high volume fraud, user literacy, etc.
Regulatory Harmonisation - Yes, they can and should be, current process is largely law based, only public consultation, needs to move to amultistage holder model, ISO model is ideal - allows for industry, civil society and governments to participate at equal level, knowledge and perspective sharing. Core legislation/regulations with minimum standards and principles with detailed document made by multistakeholder body.
Infrastructural liabilities - 4 main ones - - device, connectivity medium, payment and transfer switches (Gov & Private) and service provider server. Ways to overcome - Standards, Critical Infrastructure protection, Digital Literacy, High audit and liability requirements, Testing (Red Team/Blue Team)

For more details visit https://cis-india.org/internet-governance/news/securing-digital-payments-imperatives-for-a-growing-ecosystem

Secure IT 2012 — Securing Citizens through Technology

praskrishna — 2012-04-28T04:06:47Z

The event is co-organised by DST and NSDI, Govt. of India in partnership with Elets Technomedia Pvt. Ltd. on March 1, 2012 at Claridges in New Delhi.

Draft Agenda

9.00 am – 9.30 am	Registration & Tea
9.30 am – 11.00 am	Inaugural Session

Securing Citizens through Technology

The SecureIT 2012 Inaugural Session would present an overview of the security scenario in the country, and place the use of ICT towards ensuring national security centrestage. The inaugural would also highlight the use that ICT is being put for in effective disaster management, minimising material as well as human loss.

The session would aim at identifying a policy roadmap towards making effective use of ICT for the purposes of national security, well-being of citizens and businesses in times of disaster and an uncertain external environment and identify the major policy objectives for the sector as a whole.

Introductory Remarks: Dr Ravi Gupta, CEO Elets Technomedia and Editor-in-Chief, egov
Welcome Address: Dr M P Narayanan, President, Centre for Science, Development and Media Studies
Inaugural Address: Anil K Sinha, Vice Chairman, Bihar State Disaster Management Authority, Government of Bihar – Chief Guest, SecureIT 2012

Panel Discussion:

S Regunathan, Former Chief Secretary, Government of NCT of Delhi
R S Sharma, Director General, UIDAI
Shankar Aggarwal, Additional Secretary, Ministry of Defence, Government of India
Shambhu Singh, Joint Secretary (North East), Ministry of Home Affairs, Government of India
Ajay Sawhney, CEO, National e-Governance Division, Government of India
Major General (Dr) R Siva Kumar, Head, (NRDMS), Government of India

11. 00 am – 11.30 am	Networking Tea
11.30 am – 1.30 pm	Technical Session 1

Information Security – Securing Networks, Communications, Data and Applications

In the modern Information Age, knowledge is power like never before. A robust, secure communications network is not only desired, it is an absolute imperative in order to allow efficient functioning of the state. The communications networks have to be secured from state and non-state actors inimical to India. This session would highlight some major threats to the national communications infrastructure and the policies being adopted to counter these threats.

Chair: Ravi S Saxena, Additional Chief Secretary, DST, Government of Gujarat
Key Note Speaker: Dr Gulshan Rai, Director General, CERT-In

Distinguished Panellists:

S K Basu, Vice President, NIIT Technologies
Manas Sarkar, Head Pre-Sales (India & SAARC), Trend Micro
Ruchin Kumar, Principal Solution Architect, India and SAARC, Safenet India Pvt Ltd
Dr Kamlesh Bajaj, CEO, Data Security Council of India
Rajan Raj Pant, Controller, Ministry of Science and Technology, Government of Nepal
Prof. Anjali Kaushik, Management Development Institute, Gurgaon

1.30 pm – 2.30 pm	Lunch
2.30 pm – 5.00 pm	Technical Session 2

ICT in National Security and Policing

India faces a multiplicity of security challenges from within and without. Conventional responses to these challenges are no longer adequate and technology is being increasingly deployed to make the nation safer and more secure for residents, visitors and businesses. The legal framework has also been modified to incorporate modern technological advances.

The MHA has embarked upon a major project – Crime and Criminal Tracking System (CCTNS) that is expected to bring about a major overhaul of the policing system of the country. In this session, CCTNS and state adaptations of ICT in policing would be discussed along with an overview of technological advances in the field of security.

Chair: S Suresh Kumar, Joint Secretary (Centre-State), Ministry of Home Affairs, Government of India

Distinguished Panellists:

NSN Murty, General Manager, Smarter Planet Solutions - India/ South Asia, IBM
Col Vishu Sikka, (Retd) General Manager – Defence, Aerospace & Public Security, SAP India & Subcontinent
Joachim Murat, Director of Sagem Morpho Security Pvt Ltd.
Hemant Sharma, Vice- Chair, BSA India Committee
Raj Prem Khilnani, DGP (Homeguard and Civil Defence), Maharashtra
Rajvir P Sharma, Additional Director General of Police, Bangalore Metropolitan Task Force
Loknath Behra, IGP, National Investigation Agency
Purushottam Sharma, IGP, State Crime Records Bureau, Madhya Pradesh
Ranjan Dwivedi, IGP, UP Police
Sanjay Sahay, IGP, Karnataka State Police

5.00 pm – 5. 30 pm	Networking Tea
5.30 pm – 7.00 pm	Technical Session 3

Managing Information for Safety and Security

In the modern age, ICT is deployed in a variety of ways for enhancing citizen safety and security. ICT is being widely used for disaster management, urban planning, census operations etc.

In this session, discussions would highlight some path-breaking uses of ICT for enhancing citizen safety in a number of diverse settings.

Chair: N Ravishanker, Additional Secretary, Universal Service Obligation Fund, DIT, Govt of India

Distinguished Panellists:

Sandeep Sehgal, IBM, VP, Public Sector, India and South Asia
Sanjeev Mital, CEO, National Institute of Smart Governance (NISG), Government of India
Dr R C Sethi, Additional Registrar General of India
Maj Gen R C Padhi, Assistant Surveyor General, Survey of India
Sunil Abraham, Executive Director, Center For Internet Society
V S Prakash, Director, Karnataka State Natural Disaster Monitoring Centre, Karnataka
Rajiv P Saxena, Deputy Director General, National Informatics Centre, Government of India
Jay Kay Gupta, Fire Chief, Delhi Development Authority

7.00 pm onwards

Valedictory Session: Way Ahead High Tea

VIDEO

For more details visit https://cis-india.org/news/secure-it-2012

Sectoral Privacy Research

vanya — 2016-01-03T09:46:20Z

The Centre for Internet and Society, India has been researching privacy in India since the year 2010, with special focus on the following issues.

Research on the issue of privacy in different sectors in India.
Monitoring projects, practices, and policies around those sectors.
Raising public awareness around the issue of privacy, in light of varied projects, industries, sectors and instances.

The Right to Privacy has evolved in India since many decades, where the question of it being a Fundamental Right has been debated many times in courts of Law. With the advent of information technology and digitisation of the services, the issue of Privacy holds more relevance in sectors like Banking, Healthcare, Telecommunications, ITC, etc., The Right to Privacy is also addressed in light of the Sexual minorities, Whistle-blowers, Government services, etc.

Sectors -

1. Consumer Privacy and other sectors -

Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. The following articles deal with the current consumer privacy laws in place in India and around the world. Also, privacy concerns have been considered along with other sectors like Copyright law, data protection, etc.

§ Consumer Privacy - How to Enforce an Effective Protective Regime? http://bit.ly/1a99P2z

§ Privacy and Information Technology Act: Do we have the Safeguards for Electronic Privacy? http://bit.ly/10VJp1P

Limits to Privacy http://bit.ly/19mPG6I

§ Copyright Enforcement and Privacy in India http://bit.ly/18fi9fM

Privacy in India: Country Report http://bit.ly/14pnNwl

§ Transparency and Privacy http://bit.ly/1a9dMnC

§ The Report of the Group of Experts on Privacy (Contributed by CIS) http://bit.ly/VqzKtr

§ The (In) Visible Subject: Power, Privacy and Social Networking http://bit.ly/15koqol

§ Privacy and the Indian Copyright Act, 1857 as Amended in 2010 http://bit.ly/1euwX0r

§ Should Ratan Tata be afforded the Right to Privacy? http://bit.ly/LRlXin

§ Comments on Information Technology (Guidelines for Cyber Café) Rules, 2011 http://bit.ly/15kojJn

§ Broadcasting Standards Authority Censures TV9 over Privacy Violations! http://bit.ly/16L4izl

§ Is Data Protection Enough? http://bit.ly/1bvaWx2

§ Privacy, speech at stake in cyberspace http://cis-india.org/news/privacy-speech-at-stake-in-cyberspace-1

§ Q&A to the Report of the Group of Experts on Privacy http://bit.ly/TPhzQQ

§ Privacy worries cloud Facebook's WhatsApp Deal http://cis-india.org/internet-governance/blog/economic-times-march-14-2014-sunil-abraham-privacy-worries-cloud-facebook-whatsapp-deal

§ GNI Assessment Finds ICT Companies Protect User Privacy and Freedom of Expression http://bit.ly/1mjbpmL

§ A Stolen Perspective http://bit.ly/1bWHyzv

§ Is Data Protection enough? http://cis-india.org/internet-governance/blog/privacy/is-data-protection-enough

§ I don't want my fingerprints taken http://bit.ly/aYdMia

§ Keeping it Private http://bit.ly/15wjTVc

§ Personal Data, Public Profile http://bit.ly/15vlFk4

§ Why your Facebook Stalker is Not the Real Problem http://bit.ly/1bI2MSc

§ The Private Eye http://bit.ly/173ypSI

§ How Facebook is Blatantly Abusing our Trust http://bit.ly/OBXGXk

§ Open Secrets http://bit.ly/1b5uvK0

§ Big Brother is Watching You http://bit.ly/1cGpg0K

2. Banking/Finance -

Privacy in the banking and finance industry is crucial as the records and funds of one person must not be accessible by another without the due authorisation. The following articles deal with the current system in place that governs privacy in the financial and banking industry.

§ Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection? http://bit.ly/18fhsTM

§ Finance and Privacy http://bit.ly/15aUPh6

§ Making the Powerful Accountable http://bit.ly/1nvzSpC

3. Telecommunications -

The telecommunications industry is the backbone of current technology with respect to ICTs. The telecommunications industry has its own rules and regulations. These rules are the focal point of the following articles including criticism and acclaim.

§ Privacy and Telecommunications: Do We Have the Safeguards? http://bit.ly/10VJp1P

§ Privacy and Media Law http://bit.ly/18fgDfF

§ IP Addresses and Expeditious Disclosure of Identity in India http://bit.ly/16dBy4N

§ Telecommunications and Internet Privacy Read more: http://bit.ly/16dEcaF

§ Encryption Standards and Practices http://bit.ly/KT9BTy

§ Encryption Standards and Practices http://cis-india.org/internet-governance/blog/privacy/privacy_encryption

§ Security: Privacy, Transparency and Technology http://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technolog y

4. Sexual Minorities -

While the internet is a global forum of self-expression and acceptance for most of us, it does not hold true for sexual minorities. The internet is a place of secrecy for those that do not conform to the typical identities set by society and therefore their privacy is more important to them than most. When they reveal themselves or are revealed by others, they typically face a lot of group hatred from the rest of the people and therefore value their privacy. The following article looks into their situation.

· Privacy and Sexual Minorities http://bit.ly/19mQUyZ

5. Health -

The privacy between a doctor and a patient is seen as incredibly important and so should the privacy of a person in any situation where they reveal more than they would to others in the sense of CT scans and other diagnoses. The following articles look into the present scenario of privacy in places like a hospital or diagnosis center.

§ Health and Privacy http://bit.ly/16L1AJX

§ Privacy Concerns in Whole Body Imaging: A Few Questions http://bit.ly/1jmvH1z

6. e-Governance -

The main focus of governments in ICTs is their gain for governance. There have many a multiplicity of laws and legislation passed by various countries including India in an effort to govern the universal space that is the internet. Surveillance is a major part of that governance and control. The articles listed below deal with the issues of ethics and drawbacks in the current legal scenario involving ICTs.

§ E-Governance and Privacy http://bit.ly/18fiReX

§ Privacy and Governmental Databases http://bit.ly/18fmSy8

§ Killing Internet Softly with its Rules http://bit.ly/1b5I7Z2

§ Cyber Crime & Privacy http://bit.ly/17VTluv

§ Understanding the Right to Information http://bit.ly/1hojKr7

§ Privacy Perspectives on the 2012-2013 Goa Beach Shack Policy http://bit.ly/ThAovQ

§ Identifying Aspects of Privacy in Islamic Law http://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law

§ What Does Facebook's Transparency Report Tell Us About the Indian Government's Record on Free Expression & Privacy? http://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell -us-about-indian-government-record-on-free-expression-and-privacy

§ Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India http://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age

§ Internet Privacy in India http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-i ndia

§ Internet-driven Developments - Structural Changes and Tipping Points http://bit.ly/10s8HVH

§ Data Retention in India http://bit.ly/XR791u

§ 2012: Privacy Highlights in India http://bit.ly/1kWe3n7

§ Big Dog is Watching You! The Sci-fi Future of Animal and Insect Drones http://bit.ly/1kWee1W

Privacy Law in India: A Muddled Field - I http://cis-india.org/internet-governance/blog/the-hoot-bhairav-acharya-april-15-2014-priv acy-law-in-india-a-muddled-field-1
The Four Parts of Privacy in India http://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india
Right to Privacy in Peril http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril
Microsoft Releases its First Report on Data Requests by Law Enforcement Agencies around the World http://bit.ly/1kWjylM
The Criminal Law Amendment Bill 2013 - Penalising 'Peeping Toms' and Other Privacy Issues http://bit.ly/1dO46o5
Privacy vs. Transparency: An Attempt at Resolving the Dichotomy http://cis-india.org/openness/blog-old/privacy-v-transparency
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation http://bit.ly/1sJME9j
Open Letter to Prevent the Installation of RFID tags in Vehicles http://bit.ly/1hxidzU
The National Privacy Roundtable Meetings http://bit.ly/158ayNW
Transparency Reports - A Glance on What Google and Facebook Tell about Government Data Requests http://bit.ly/19NYTal
CIS and International Coalition Calls upon Governments to Protect Privacy http://bit.ly/18oOTDk
An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra http://bit.ly/16dKyoo
Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee http://bit.ly/17eZntz
CIS Supports the UN Resolution on "The Right to Privacy in the Digital age" http://bit.ly/1c2A89q
Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India http://bit.ly/1f714fN
Electoral Databases - Privacy and Security Concerns http://bit.ly/Mb4ktM
Net Neutrality and Privacy http://bit.ly/1khi1GQ
Intermediary Liability Resources http://bit.ly/1hRT8OD
Feedback to the NIA Bill http://bit.ly/1ePhUeg
India's Identity Crisis http://bit.ly/1lTRuuz
Facebook, Privacy, and India http://bit.ly/a2HzhT
Private censorship and the Right to Hear http://cis-india.org/internet-governance/blog/the-hoot-july-17-2014-chinmayi-arun-private-censorship-and-the-right-to-hear
Your Privacy is Public Property (Rules issued by a control-obsessed government have armed officials with widespread powers to pry into your private life. http://cis-india.org/news/privacy-public-property
The India Privacy Monitor Map http://bit.ly/19A5mCZ
Privacy and Security can Co-Exist http://bit.ly/193fPXi
A Street View of the Private and The Public (http://bit.ly/15VKmdf
Sense and Censorship http://bit.ly/14KFwyo
Government access to private sector data http://bit.ly/18rjd1X
India: Privacy in Peril http://bit.ly/1g5QbZj
Big Democracy, Big Surveillance: India's Surveillance State http://bit.ly/1nkg8Ho
Who Governs the Internet? Implications for Freedom and National Security http://bit.ly/1hnnJ2a

7. Whistle-blowers -

Whistle-blowers are always in a difficult situation when they must reveal the misdeeds of their corporations and governments due to the blowback that is possible if their identity is revealed to the public. As in the case of Edward Snowden and many others, a whistle-blowers identity is to be kept the most private to avoid the consequences of revealing the information that they did. This is the main focus of the article below.

§ The Privacy Rights of Whistle-blowers http://bit.ly/18GWmM3

8. Cloud and Open Source -

Cloud computing and open source software have grown rapidly over the past few decades. Cloud computing is when an individual or company uses offsite hardware on a pay by usage basis provided and owned by someone else. The advantages are low costs and easy access along with decreased initial costs. Open source software on the other hand is software where despite the existence of proprietary elements and innovation, the software is available to the public at no charge. These software are based of open standards and have the obvious advantage of being compatible with many different set ups and are free. The following article highlights these computing solutions.

§ Privacy, Free/Open Source, and the Cloud http://bit.ly/1cTmGoI

9. e-Commerce -

One of the fastest growing applications of the internet is e-Commerce. This includes many facets of commerce such as online trading, the stock exchange etc. in these cases, just as in the financial and banking industries, privacy is very important to protect ones investments and capital. The following article's main focal point is the world of e-Commerce and its current privacy scenario.

§ Consumer Privacy in e-Commerce http://bit.ly/1dCtgTs

For more details visit https://cis-india.org/internet-governance/blog/sectoral-privacy-research

Section 66F of the Information Technology Act, 2000

snehashish — 2012-12-02T09:39:01Z

Section 66F: Punishment for cyber terrorism.

1[66-F. Punishment for cyber terrorism.—(1) Whoever,—

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by—

(i) denying or cause the denial of access to any person authorised to access computer resource; or

(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or

(iii) introducing or causing to introduce any computer contaminant,

and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under Section 70; or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise,

commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.]

1. Inserted by Act 10 of 2009, Section 32 (w.e.f. 27-10-2009)

For more details visit https://cis-india.org/internet-governance/resources/section-66f-of-the-i-t-act-2000

SECTION 66A: DELETE

praskrishna — 2015-03-30T01:32:18Z

The Supreme Court has killed a law that allowed the Government to control social media. What’s the Net worth of freedom hereafter?

The article by Kumar Anshuman was published in the Open Magazine on March 27, 2015. Sunil Abraham gave his inputs.

It was in 2009 that Section 66A was added as an amendment to India’s IT Act by the then UPA Government, but it took three years before it came to the notice of Shreya Singhal, a student of Law at Delhi University. By then, the Section had already earned itself a fair amount of notoriety for how much leeway it provided for the police and politicians to abuse the law.

The first time was in September 2011 when Musafir Baitha, a famous poet and government employee in Bihar, was suspended from his job because he criticised the state government on Facebook. An uproar followed, as people realised that freedom of speech in social media could now be construed as a criminal activity. Ambikesh Mahapatra, a professor at Jadavpur Unversity, became a target of the Mamata Banerjee government in April 2012 when he made cartoons of her. In September 2012, cartoonist Aseem Trivedi was arrested in Mumbai for a caricature of corruption under the UPA. But the case that caught Shreya Singhal’s attention was perhaps the most shocking of all. In November 2012, after Shiv Sena founder Bal Thackeray’s death, Shaheen Dhada, a Thane resident, posted a comment on her Facebook page criticising the near-total shutdown of Mumbai for the funeral. She wrote that Mumbai was shut not in respect, but fear, and that a leader should earn respect instead of forcing it out of people. Her friend Renu Srinivasan ‘liked’ this post. Hours later, both were arrested and booked under Section 66A. "I was shocked when I heard of this news," Singhal says, "I went and checked the post and there was nothing which could have provoked such an outrage." Her mother, Manali Singhal, a lawyer at the Supreme Court, advised her to file a Public Interest Litigation (PIL) against the Section.

The case continued for two years in the Supreme Court, while arbitrary arrests continued to be made. The UPA Government first defended 66A in court, taking the position that the current NDA Government took as well. It argued that the law would be used only in extreme cases where a person overreaches his or her online freedom to curtail the rights of others. Unconvinced, on 24 March, the apex court struck 66A down, saying that it could not allow such a law to exist on mere government assurances. The Court found several terms in the Act, such as ‘grossly offensive’ and ‘insult’, that were not clearly defined and could be interpreted arbitrarily to suit one’s convenience. ‘It is clear that Section 66A is unconstitutionally vague and it takes away a guaranteed freedom,’ observed the bench of Justice J Chelameswar and Justice Rohinton Nariman.

"We can celebrate the scrapping of Section 66A, but with caution," says Sunil Abraham, executive director at The Centre for Internet & Society in Bangalore. "[As for] those who are booked under Section 66A, the police also imposes different sections of the Indian Penal Code to justify their arrest." There are examples to support his statement, a recent one being the arrest of a Bareilly-based student, Gulrez Khan, who had posted a picture on Facebook of UP minister Azam Khan along with some derogatory comments about Hindus that he allegedly made. Gulrez Khan denied the comments, saying that his image was being maligned. The boy was arrested and booked. "People are making it out as a moment of triumph against the UP government. The fact is this boy had been arrested under Section 153A and 504 of the IPC along with Section 66A of the IT Act. We have said this even in the Supreme Court," says Gaurav Bhatia, a spokesperson of the Samajwadi Party and also a senior advocate.

But the import of scrapping Section 66A is that there is now one less law that can be misused, one that specifically stifles online freedom. "It’s an excellent judgment," says Lawrence Liang of Alternative Law Forum, Bangalore. “It couldn’t have been better than this. The fact that the apex court termed it ‘vague and overreaching’ signifies how important it was to scrap this."

Once the 122-page judgment arrived, there was a rush to welcome it—even by those who were responsible for Section 66A to begin with. Former Congress minister Kapil Sibal was one of them. "The Supreme Court has scrapped Section 66A to allow freedom of speech in cyberspace and we should welcome it,” he said. His former cabinet colleague P Chidambaram went to the extent of saying that it was poorly drafted. But the Congress as a party also warned of the possible misuse of this freedom, saying that it had woven various safeguards into Section 66A, including the condition that an arrest could only be made after an officer of the level of Inspector General or Superintendent of Police had okayed it. "The Supreme Court, it appears, has not found the safeguards sufficient," says Congress spokesperson and senior lawyer Abhishek Manu Singhvi. “It is now up to the current Government [to decide] how to strike the right balance between freedom of speech on one hand and [prevention of] abuse and hounding of groups or individuals through obscene or incorrigibly false information [on the other] to deter unbridled defamation in cyberspace." The Left parties, which were supporting the UPA Government back when Section 66A was imposed, have expressed happiness over the verdict. “The draconian provision of 66A was used to arrest people who express dissenting views against the Government and the State and to suppress criticism of those in power,” says senior CPM leader Sitaram Yechury.

The NDA Government has also welcomed the verdict. "The Government absolutely respects the right to freedom of speech and expression on social media and has no intention of curbing it," says Ravi Shankar Prasad, Union Minister for Information Technology.

But the scrapping of the Section leaves the Government with very little power to act against real abuse of online freedoms. Like Congress leader Milind Deora says, "An unregulated internet can be more dangerous than a regulated one." This argument is easily countered: there are enough provisions in existing laws that prevent a person from misusing freedom of speech. Says Apar Gupta, a senior lawyer, “Section 66A was a bailable section and arrests were made only with further imposition of IPC acts." While Article 19 (1) of the Constitution guarantees freedom of expression, at the same time Article 19 (2) provides a list of reasonable restrictions on freedom of speech. This is enough, experts believe, to curtail misuse of the internet. The court judgment also grants the Centre the freedom to enact any other law specific to the internet, provided it does not violate the provisions of freedom of speech as laid down by the Constitution of India.

This does, however, put a question mark on the necessity of Section 66A to begin with, if existing laws were quite enough to address freedom-of- speech abuses. "Section 66A of the IT Act, 2000, was enacted to prevent online abuse and hounding of groups and individuals, check the propagation of obscene or incorrigibly false information with the intent to create social divides and unrest, and deter unbridled defamation in cyberspace. This Act came into effect in 2008 when social media was yet evolving," says Singhvi. But experts disagree with this argument. "It is a perfect case of confusion and mixing up of facts,” says Sunil Abraham. “The purpose of this law was to curb unsolicited messages, spamming and harassing someone through fake identities in the internet space." He says that the Government claimed to borrow law provisions from the US, Canada and other countries, but the legislation was so poorly drafted that it didn’t have any teeth for action against spammers. "Even words like ‘unsolicited commercial mails’ were not included in the Act and that is the reason not a single person has been arrested in India for spam mails even after this Act came into being."

A section of the Indian legal fraternity believes that the country’s apex court should also have made a statement about the problem of spamming and harassment on the internet.

But there is bad news too. The same judgment that struck down Section 66A has upheld Section 69A of the IT Act as constitutionally valid. This allows the Government to block any website which it deems a direct threat to public order and security that might spread propaganda.

"In this case, the Government [can decide] to block a website without notifying [it with any] reason for it. If I am an internet user who wants to visit this site, I am also not notified why that website has been taken down. It is just the whims and fancies of a few officials in the Government, what to block and what not," says Apar Gupta. Using the section, the Union Government had blocked 32 websites just this January, saying that anti- national groups were using these websites for ‘jihadi propaganda’.

All major democracies have some form of legal net regulation. "Laws in foreign jurisdictions vary widely as per the guarantees of civil rights afforded to citizens in any legal system," adds Gupta. "The legislations of the United States, which borrowed certain phrases in Section 66A, have already been declared unconstitutional. In the United Kingdom, similar phrases have come under fierce critique and have been limited by guidelines issued by the office of prosecutions. In these jurisdictions, as in India, existing criminal law applies equally to online speech as much as to offline."

Also, while social media enthusiasts rejoice over their first big victory against restrictions on online freedom of speech, the internet is still a matter of great concern for any government, thanks to its reach and influence. The Union Government walks a thin line while dealing with instances of abuse on social media, and many believe India needs an IT Act drafted in proper consultation with all stakeholders.

For now, a young law student has found a place in the legal history of India. "It will always be remembered as Shreya Singhal vs Union of India," says Singhal.

INFORMATION TECHNOLOGY ACT

‘66A. Punishment for sending offensive messages through communication service, etc. Any person who sends, by means of a computer resource or a communication device:

Any information that is grossly offensive or has menacing character; or
Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device;
Any electronic mail or message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages...

shall be punishable with imprisonment for a term which may extend to three years and with fine’

SUPREME COURT ORDER

‘In conclusion, we may summarise what has been held by us: Section 66A of the Information Technology Act, 2000 is struck down in its entirety being violative of Article 19(1)(a) and not saved under Article 19(2)’

For more details visit https://cis-india.org/internet-governance/news/open-magazine-march-27-2015-kumar-anshuman-section-66a-delete

Section 66A not for curbing freedom of speech, govt says

praskrishna — 2015-02-05T13:59:12Z

Section designed to fight cybercrime and protect the right to life, central government tells Supreme Court.

The article by Akansha Seth and Apoorva was published in Livemint on February 3, 2015. Sunil Abraham gave his inputs.

The central government on Tuesday clarified to the Supreme Court that penal provisions of the Information Technology (IT) Act, 2000, were not intended to curb freedom of speech.

Instead, the controversial Section 66A of the IT Act, challenged in the apex court, is designed to fight cybercrime and has nothing to do with any citizen’s freedom of speech and expression, the government said, adding that these provisions seek to protect the right to life of Indian citizens.

The government’s clarification, made in a written submission to the Supreme Court, is significant because the argument made so far in the court by opponents of the controversial section is that they are misused to curb freedom of expression.

The penal provisions deal with online criminal offences like phishing, vishing (voice phishing), spoofing, spamming, and spreading viruses that have a serious potential to not only damage and destroy the computer system of an individual citizen but also bring the functioning of vital organizations and, in extreme cases, even the country to a standstill.

The stand of the government is interesting because it comes on a petition filed when police arrested a 21-year-old girl for questioning on Facebook Mumbai’s shutdown after Shiv Sena leader Bal Thackeray’s funeral in 2012. Another girl who “liked” the comment was also arrested. Last May, five students were detained by police for spreading an anti-Narendra Modi photo on WhatsApp.

“If 66A, as the government argues does not set any additional limits on freedom of speech and expression, then it is wholly unnecessary, serves no purpose and should be struck down by the honourable court. After all it has never been used to tackle the problem of spam which was the original intent,” said Sunil Abraham, executive director, Centre for Internet and Society, a Bengaluru-based think tank.

The central government has clarified that the phrases annoyance, inconvenience, danger, or obstruction as used in Section 66A have no correlation or connection with any citizen’s freedom of speech and expression. Consequently, if as a result of a citizen exercising his or her freedom of speech and expression, annoyance, inconvenience, danger or obstruction is caused while sending anything by way of a computer resource or a communication device, it will not be a penal offence under section 66A.

The government has also argued that if an individual chooses to misuse the provision for a purpose for which it is not intended or resorts to the expressions inconvenience or annoyance in a casual manner, it would be a case of abuse of the process of law. However, it would not be a ground for declaring the provisions unconstitutional if they are otherwise found to be constitutional.

Additional solicitor general Tushar Mehta, appearing for the central government, argued that no one can file a criminal complaint on grounds that they received an information that caused annoyance, inconvenience, etc.—grounds mentioned under section 66A.

Mehta also suggested that the court could come up with guidelines on how to interpret the section, or such regulations could be framed under section 89 of the IT Act which empowers the controller to make regulations to carry out the purposes of the Act, in consistency with it, after consultation with the Cyber Regulations Advisory Committee and with the previous approval of the central government.

Mehta argued that authoritative discretion was required because a precise and concise definition of grossly offensive or menacing character—terms used in section 66A—was not possible. “Nobody can allege that they are annoyed by the exercise of someone’s freedom of speech,” he added.

Gaurav Mishra contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-akansha-seth-apoorva-livemint-feb-3-2015-section-66a-not-for-curbing-freedom-of-speech-govt-says

Section 66-A, Information Technology Act, 2000: Cases

snehashish — 2012-12-06T09:20:51Z

In this blog post Snehashish Ghosh summarizes the facts of a few cases where Section 66-A, Information Technology Act, 2000, has been mentioned or discussed.

There has been numerous instances application of the Section 66-A, Information Technology Act, 2000 (“ITA”) in the lower courts. Currently, there are six High Court decisions, in which the section has been mentioned or discussed. In this blog post, I will be summarizing facts of a few cases insofar as they can be gathered from the orders of the Court and are pertinent to the application of 66-A, ITA.

Sajeesh Krishnan v. State of Kerala (Kerala High Court, Decided on June 5, 2012)

Petition before High Court for release of passport seized by investigating agency during arrest

In the case of Sajeesh Krishnan v. State of Kerala (Decided on June 5, 2012), a petition was filed before the Kerala High Court for release of passport seized at the time of arrest from the custody of the investigating agency. The Court accordingly passed an order for release of the passport of the petitioner.

The Court, while deciding the case, briefly mentioned the facts of the case which were relevant to the petition. It stated that the “gist of the accusation is that the accused pursuant to a criminal conspiracy hatched by them made attempts to extort money by black mailing a Minister of the State and for that purpose they have forged some CD as if it contained statements purported to have been made by the Minister.” The Court also noted the provisions under which the accused was charged. They are Sections 66-A(b) and 66D of the Information Technology Act, 2000 along with a host of sections under the Indian Penal Code, 1860 (120B – Criminal Conspiracy, 419 – Cheating by personation, 511- Punishment for attempting to commit offences punishable with imprisonment for life or other imprisonment, 420 – Cheating and dishonestly inducing delivery of property, 468 – Forgery for purpose of cheating, 469 – Forgery for purpose of harming and 201 – Causing disappearance of evidence of offence, or giving false information to screen offender read with 34 of Indian Penal Code, 1860)

Nikhil Chacko Sam v. State of Kerala (Kerala High Court, Decided on July 9, 2012)

Order of the Kerala High Court on issuing of the summons to the petitioner

In another case, the Kerala High Court while passing an order with respect to summons issued to the accused, also mentioned the charge sheet laid by the police against the accused in its order. The accused was charged under section 66-A, ITA. The brief facts which can be extracted from the order of the Court read: “that the complainant and the accused (petitioner) were together at Chennai. It is stated that on 04.09.2009, the petitioner has transmitted photos of the de facto complainant and another person depicting them in bad light through internet and thus the petitioner has committed the offence as mentioned above.”

J.R. Gangwani and Another v. State of Haryana and Others (Punjab and Haryana High Court, Decided on October 15, 2012)

Petition for quashing of criminal proceedings under section 482 of the Criminal Procedure Code, 1973

In the Punjab and Haryana High Court, an application for quashing of criminal proceeding draws attention to a complaint which was filed under Section 66-A(c). This complaint was filed under Section 66-A(c) on the ground of sending e-mails under assumed e-mail addresses to customers of the Company which contained material which maligned the name of the Company which was to be sold as per the orders of the Company Law Board. The Complainant in the case received the e-mails which were redirected from the customers. According to the accused and the petitioner in the current hearing, the e-mail was not directed to the complainant or the company as is required under Section 66-A (c).

The High Court held that, “the petitioners are sending these messages to the purchasers of cranes from the company and those purchasers cannot be considered to be the possible buyers of the company. Sending of such e-mails, therefore, is not promoting the sale of the company which is the purpose of the advertisement given in the Economic Times. Such advertisements are, therefore, for the purpose of causing annoyance or inconvenience to the company or to deceive or mislead the addressee about the origin of such messages. These facts, therefore, clearly bring the acts of the petitioners within the purview of section 66A(c) of the Act.”

Mohammad Amjad v. Sharad Sagar Singh and Ors. (Criminal Revision no. 72/2011 filed before the Court of Sh. Vinay Kumar Khana Additional Sessions Judge – 04 South East: Saket Courts Delhi)

Revision petition against the order of the metropolitan magistrate

In a revision petition came up before the Additional Sessions Judge on the grounds that the metropolitan magistrate has dismissed a criminal complaint under Section 156(3) of the Criminal Procedure Code without discussing the ingredients of section 295-A, IPC and 66-A, IT Act.

In this case, the judge observed that, “...section 66A of Information Technology Act (IT Act) does not refer at all to any 'group' or 'class' of people. The only requirement of Section 66A IT Act is that the message which is communicated is grossly offensive in nature or has menacing character.” He also observed that the previous order “not at all considered the allegations from this angle and the applicability of Section 66A Information Technology Act, 2000 to the factual matrix of the instant case.”

For more details visit https://cis-india.org/internet-governance/blog/section-66-a-information-technology-act-2000-cases