We are anonymous, we are legion

Sectoral Privacy Research

vanya — 2016-01-03T09:46:20Z

The Centre for Internet and Society, India has been researching privacy in India since the year 2010, with special focus on the following issues.

Research on the issue of privacy in different sectors in India.
Monitoring projects, practices, and policies around those sectors.
Raising public awareness around the issue of privacy, in light of varied projects, industries, sectors and instances.

The Right to Privacy has evolved in India since many decades, where the question of it being a Fundamental Right has been debated many times in courts of Law. With the advent of information technology and digitisation of the services, the issue of Privacy holds more relevance in sectors like Banking, Healthcare, Telecommunications, ITC, etc., The Right to Privacy is also addressed in light of the Sexual minorities, Whistle-blowers, Government services, etc.

Sectors -

1. Consumer Privacy and other sectors -

Consumer privacy laws and regulations seek to protect any individual from loss of privacy due to failures or limitations of corporate customer privacy measures. The following articles deal with the current consumer privacy laws in place in India and around the world. Also, privacy concerns have been considered along with other sectors like Copyright law, data protection, etc.

§ Consumer Privacy - How to Enforce an Effective Protective Regime? http://bit.ly/1a99P2z

§ Privacy and Information Technology Act: Do we have the Safeguards for Electronic Privacy? http://bit.ly/10VJp1P

Limits to Privacy http://bit.ly/19mPG6I

§ Copyright Enforcement and Privacy in India http://bit.ly/18fi9fM

Privacy in India: Country Report http://bit.ly/14pnNwl

§ Transparency and Privacy http://bit.ly/1a9dMnC

§ The Report of the Group of Experts on Privacy (Contributed by CIS) http://bit.ly/VqzKtr

§ The (In) Visible Subject: Power, Privacy and Social Networking http://bit.ly/15koqol

§ Privacy and the Indian Copyright Act, 1857 as Amended in 2010 http://bit.ly/1euwX0r

§ Should Ratan Tata be afforded the Right to Privacy? http://bit.ly/LRlXin

§ Comments on Information Technology (Guidelines for Cyber Café) Rules, 2011 http://bit.ly/15kojJn

§ Broadcasting Standards Authority Censures TV9 over Privacy Violations! http://bit.ly/16L4izl

§ Is Data Protection Enough? http://bit.ly/1bvaWx2

§ Privacy, speech at stake in cyberspace http://cis-india.org/news/privacy-speech-at-stake-in-cyberspace-1

§ Q&A to the Report of the Group of Experts on Privacy http://bit.ly/TPhzQQ

§ Privacy worries cloud Facebook's WhatsApp Deal http://cis-india.org/internet-governance/blog/economic-times-march-14-2014-sunil-abraham-privacy-worries-cloud-facebook-whatsapp-deal

§ GNI Assessment Finds ICT Companies Protect User Privacy and Freedom of Expression http://bit.ly/1mjbpmL

§ A Stolen Perspective http://bit.ly/1bWHyzv

§ Is Data Protection enough? http://cis-india.org/internet-governance/blog/privacy/is-data-protection-enough

§ I don't want my fingerprints taken http://bit.ly/aYdMia

§ Keeping it Private http://bit.ly/15wjTVc

§ Personal Data, Public Profile http://bit.ly/15vlFk4

§ Why your Facebook Stalker is Not the Real Problem http://bit.ly/1bI2MSc

§ The Private Eye http://bit.ly/173ypSI

§ How Facebook is Blatantly Abusing our Trust http://bit.ly/OBXGXk

§ Open Secrets http://bit.ly/1b5uvK0

§ Big Brother is Watching You http://bit.ly/1cGpg0K

2. Banking/Finance -

Privacy in the banking and finance industry is crucial as the records and funds of one person must not be accessible by another without the due authorisation. The following articles deal with the current system in place that governs privacy in the financial and banking industry.

§ Privacy and Banking: Do Indian Banking Standards Provide Enough Privacy Protection? http://bit.ly/18fhsTM

§ Finance and Privacy http://bit.ly/15aUPh6

§ Making the Powerful Accountable http://bit.ly/1nvzSpC

3. Telecommunications -

The telecommunications industry is the backbone of current technology with respect to ICTs. The telecommunications industry has its own rules and regulations. These rules are the focal point of the following articles including criticism and acclaim.

§ Privacy and Telecommunications: Do We Have the Safeguards? http://bit.ly/10VJp1P

§ Privacy and Media Law http://bit.ly/18fgDfF

§ IP Addresses and Expeditious Disclosure of Identity in India http://bit.ly/16dBy4N

§ Telecommunications and Internet Privacy Read more: http://bit.ly/16dEcaF

§ Encryption Standards and Practices http://bit.ly/KT9BTy

§ Encryption Standards and Practices http://cis-india.org/internet-governance/blog/privacy/privacy_encryption

§ Security: Privacy, Transparency and Technology http://cis-india.org/internet-governance/blog/security-privacy-transparency-and-technolog y

4. Sexual Minorities -

While the internet is a global forum of self-expression and acceptance for most of us, it does not hold true for sexual minorities. The internet is a place of secrecy for those that do not conform to the typical identities set by society and therefore their privacy is more important to them than most. When they reveal themselves or are revealed by others, they typically face a lot of group hatred from the rest of the people and therefore value their privacy. The following article looks into their situation.

· Privacy and Sexual Minorities http://bit.ly/19mQUyZ

5. Health -

The privacy between a doctor and a patient is seen as incredibly important and so should the privacy of a person in any situation where they reveal more than they would to others in the sense of CT scans and other diagnoses. The following articles look into the present scenario of privacy in places like a hospital or diagnosis center.

§ Health and Privacy http://bit.ly/16L1AJX

§ Privacy Concerns in Whole Body Imaging: A Few Questions http://bit.ly/1jmvH1z

6. e-Governance -

The main focus of governments in ICTs is their gain for governance. There have many a multiplicity of laws and legislation passed by various countries including India in an effort to govern the universal space that is the internet. Surveillance is a major part of that governance and control. The articles listed below deal with the issues of ethics and drawbacks in the current legal scenario involving ICTs.

§ E-Governance and Privacy http://bit.ly/18fiReX

§ Privacy and Governmental Databases http://bit.ly/18fmSy8

§ Killing Internet Softly with its Rules http://bit.ly/1b5I7Z2

§ Cyber Crime & Privacy http://bit.ly/17VTluv

§ Understanding the Right to Information http://bit.ly/1hojKr7

§ Privacy Perspectives on the 2012-2013 Goa Beach Shack Policy http://bit.ly/ThAovQ

§ Identifying Aspects of Privacy in Islamic Law http://cis-india.org/internet-governance/blog/identifying-aspects-of-privacy-in-islamic-law

§ What Does Facebook's Transparency Report Tell Us About the Indian Government's Record on Free Expression & Privacy? http://cis-india.org/internet-governance/blog/what-does-facebook-transparency-report-tell -us-about-indian-government-record-on-free-expression-and-privacy

§ Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India http://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age

§ Internet Privacy in India http://cis-india.org/telecom/knowledge-repository-on-internet-access/internet-privacy-in-i ndia

§ Internet-driven Developments - Structural Changes and Tipping Points http://bit.ly/10s8HVH

§ Data Retention in India http://bit.ly/XR791u

§ 2012: Privacy Highlights in India http://bit.ly/1kWe3n7

§ Big Dog is Watching You! The Sci-fi Future of Animal and Insect Drones http://bit.ly/1kWee1W

Privacy Law in India: A Muddled Field - I http://cis-india.org/internet-governance/blog/the-hoot-bhairav-acharya-april-15-2014-priv acy-law-in-india-a-muddled-field-1
The Four Parts of Privacy in India http://cis-india.org/internet-governance/blog/economic-and-political-weekly-bhairav-acharya-may-30-2015-four-parts-of-privacy-in-india
Right to Privacy in Peril http://cis-india.org/internet-governance/blog/right-to-privacy-in-peril
Microsoft Releases its First Report on Data Requests by Law Enforcement Agencies around the World http://bit.ly/1kWjylM
The Criminal Law Amendment Bill 2013 - Penalising 'Peeping Toms' and Other Privacy Issues http://bit.ly/1dO46o5
Privacy vs. Transparency: An Attempt at Resolving the Dichotomy http://cis-india.org/openness/blog-old/privacy-v-transparency
Open Letter to "Not" Recognize India as Data Secure Nation till Enactment of Privacy Legislation http://bit.ly/1sJME9j
Open Letter to Prevent the Installation of RFID tags in Vehicles http://bit.ly/1hxidzU
The National Privacy Roundtable Meetings http://bit.ly/158ayNW
Transparency Reports - A Glance on What Google and Facebook Tell about Government Data Requests http://bit.ly/19NYTal
CIS and International Coalition Calls upon Governments to Protect Privacy http://bit.ly/18oOTDk
An Analysis of the Cases Filed under Section 46 of the Information Technology Act, 2000 for Adjudication in the State of Maharashtra http://bit.ly/16dKyoo
Open Letter to Members of the European Parliament of the Civil Liberties, Justice and Home Affairs Committee http://bit.ly/17eZntz
CIS Supports the UN Resolution on "The Right to Privacy in the Digital age" http://bit.ly/1c2A89q
Brochures from Expos on Smart Cards, e-Security, RFID & Biometrics in India http://bit.ly/1f714fN
Electoral Databases - Privacy and Security Concerns http://bit.ly/Mb4ktM
Net Neutrality and Privacy http://bit.ly/1khi1GQ
Intermediary Liability Resources http://bit.ly/1hRT8OD
Feedback to the NIA Bill http://bit.ly/1ePhUeg
India's Identity Crisis http://bit.ly/1lTRuuz
Facebook, Privacy, and India http://bit.ly/a2HzhT
Private censorship and the Right to Hear http://cis-india.org/internet-governance/blog/the-hoot-july-17-2014-chinmayi-arun-private-censorship-and-the-right-to-hear
Your Privacy is Public Property (Rules issued by a control-obsessed government have armed officials with widespread powers to pry into your private life. http://cis-india.org/news/privacy-public-property
The India Privacy Monitor Map http://bit.ly/19A5mCZ
Privacy and Security can Co-Exist http://bit.ly/193fPXi
A Street View of the Private and The Public (http://bit.ly/15VKmdf
Sense and Censorship http://bit.ly/14KFwyo
Government access to private sector data http://bit.ly/18rjd1X
India: Privacy in Peril http://bit.ly/1g5QbZj
Big Democracy, Big Surveillance: India's Surveillance State http://bit.ly/1nkg8Ho
Who Governs the Internet? Implications for Freedom and National Security http://bit.ly/1hnnJ2a

7. Whistle-blowers -

Whistle-blowers are always in a difficult situation when they must reveal the misdeeds of their corporations and governments due to the blowback that is possible if their identity is revealed to the public. As in the case of Edward Snowden and many others, a whistle-blowers identity is to be kept the most private to avoid the consequences of revealing the information that they did. This is the main focus of the article below.

§ The Privacy Rights of Whistle-blowers http://bit.ly/18GWmM3

8. Cloud and Open Source -

Cloud computing and open source software have grown rapidly over the past few decades. Cloud computing is when an individual or company uses offsite hardware on a pay by usage basis provided and owned by someone else. The advantages are low costs and easy access along with decreased initial costs. Open source software on the other hand is software where despite the existence of proprietary elements and innovation, the software is available to the public at no charge. These software are based of open standards and have the obvious advantage of being compatible with many different set ups and are free. The following article highlights these computing solutions.

§ Privacy, Free/Open Source, and the Cloud http://bit.ly/1cTmGoI

9. e-Commerce -

One of the fastest growing applications of the internet is e-Commerce. This includes many facets of commerce such as online trading, the stock exchange etc. in these cases, just as in the financial and banking industries, privacy is very important to protect ones investments and capital. The following article's main focal point is the world of e-Commerce and its current privacy scenario.

§ Consumer Privacy in e-Commerce http://bit.ly/1dCtgTs

For more details visit https://cis-india.org/internet-governance/blog/sectoral-privacy-research

Section 66F of the Information Technology Act, 2000

snehashish — 2012-12-02T09:39:01Z

Section 66F: Punishment for cyber terrorism.

1[66-F. Punishment for cyber terrorism.—(1) Whoever,—

(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by—

(i) denying or cause the denial of access to any person authorised to access computer resource; or

(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or

(iii) introducing or causing to introduce any computer contaminant,

and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under Section 70; or

(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise,

commits the offence of cyber terrorism.

(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.]

1. Inserted by Act 10 of 2009, Section 32 (w.e.f. 27-10-2009)

For more details visit https://cis-india.org/internet-governance/resources/section-66f-of-the-i-t-act-2000

SECTION 66A: DELETE

praskrishna — 2015-03-30T01:32:18Z

The Supreme Court has killed a law that allowed the Government to control social media. What’s the Net worth of freedom hereafter?

The article by Kumar Anshuman was published in the Open Magazine on March 27, 2015. Sunil Abraham gave his inputs.

It was in 2009 that Section 66A was added as an amendment to India’s IT Act by the then UPA Government, but it took three years before it came to the notice of Shreya Singhal, a student of Law at Delhi University. By then, the Section had already earned itself a fair amount of notoriety for how much leeway it provided for the police and politicians to abuse the law.

The first time was in September 2011 when Musafir Baitha, a famous poet and government employee in Bihar, was suspended from his job because he criticised the state government on Facebook. An uproar followed, as people realised that freedom of speech in social media could now be construed as a criminal activity. Ambikesh Mahapatra, a professor at Jadavpur Unversity, became a target of the Mamata Banerjee government in April 2012 when he made cartoons of her. In September 2012, cartoonist Aseem Trivedi was arrested in Mumbai for a caricature of corruption under the UPA. But the case that caught Shreya Singhal’s attention was perhaps the most shocking of all. In November 2012, after Shiv Sena founder Bal Thackeray’s death, Shaheen Dhada, a Thane resident, posted a comment on her Facebook page criticising the near-total shutdown of Mumbai for the funeral. She wrote that Mumbai was shut not in respect, but fear, and that a leader should earn respect instead of forcing it out of people. Her friend Renu Srinivasan ‘liked’ this post. Hours later, both were arrested and booked under Section 66A. "I was shocked when I heard of this news," Singhal says, "I went and checked the post and there was nothing which could have provoked such an outrage." Her mother, Manali Singhal, a lawyer at the Supreme Court, advised her to file a Public Interest Litigation (PIL) against the Section.

The case continued for two years in the Supreme Court, while arbitrary arrests continued to be made. The UPA Government first defended 66A in court, taking the position that the current NDA Government took as well. It argued that the law would be used only in extreme cases where a person overreaches his or her online freedom to curtail the rights of others. Unconvinced, on 24 March, the apex court struck 66A down, saying that it could not allow such a law to exist on mere government assurances. The Court found several terms in the Act, such as ‘grossly offensive’ and ‘insult’, that were not clearly defined and could be interpreted arbitrarily to suit one’s convenience. ‘It is clear that Section 66A is unconstitutionally vague and it takes away a guaranteed freedom,’ observed the bench of Justice J Chelameswar and Justice Rohinton Nariman.

"We can celebrate the scrapping of Section 66A, but with caution," says Sunil Abraham, executive director at The Centre for Internet & Society in Bangalore. "[As for] those who are booked under Section 66A, the police also imposes different sections of the Indian Penal Code to justify their arrest." There are examples to support his statement, a recent one being the arrest of a Bareilly-based student, Gulrez Khan, who had posted a picture on Facebook of UP minister Azam Khan along with some derogatory comments about Hindus that he allegedly made. Gulrez Khan denied the comments, saying that his image was being maligned. The boy was arrested and booked. "People are making it out as a moment of triumph against the UP government. The fact is this boy had been arrested under Section 153A and 504 of the IPC along with Section 66A of the IT Act. We have said this even in the Supreme Court," says Gaurav Bhatia, a spokesperson of the Samajwadi Party and also a senior advocate.

But the import of scrapping Section 66A is that there is now one less law that can be misused, one that specifically stifles online freedom. "It’s an excellent judgment," says Lawrence Liang of Alternative Law Forum, Bangalore. “It couldn’t have been better than this. The fact that the apex court termed it ‘vague and overreaching’ signifies how important it was to scrap this."

Once the 122-page judgment arrived, there was a rush to welcome it—even by those who were responsible for Section 66A to begin with. Former Congress minister Kapil Sibal was one of them. "The Supreme Court has scrapped Section 66A to allow freedom of speech in cyberspace and we should welcome it,” he said. His former cabinet colleague P Chidambaram went to the extent of saying that it was poorly drafted. But the Congress as a party also warned of the possible misuse of this freedom, saying that it had woven various safeguards into Section 66A, including the condition that an arrest could only be made after an officer of the level of Inspector General or Superintendent of Police had okayed it. "The Supreme Court, it appears, has not found the safeguards sufficient," says Congress spokesperson and senior lawyer Abhishek Manu Singhvi. “It is now up to the current Government [to decide] how to strike the right balance between freedom of speech on one hand and [prevention of] abuse and hounding of groups or individuals through obscene or incorrigibly false information [on the other] to deter unbridled defamation in cyberspace." The Left parties, which were supporting the UPA Government back when Section 66A was imposed, have expressed happiness over the verdict. “The draconian provision of 66A was used to arrest people who express dissenting views against the Government and the State and to suppress criticism of those in power,” says senior CPM leader Sitaram Yechury.

The NDA Government has also welcomed the verdict. "The Government absolutely respects the right to freedom of speech and expression on social media and has no intention of curbing it," says Ravi Shankar Prasad, Union Minister for Information Technology.

But the scrapping of the Section leaves the Government with very little power to act against real abuse of online freedoms. Like Congress leader Milind Deora says, "An unregulated internet can be more dangerous than a regulated one." This argument is easily countered: there are enough provisions in existing laws that prevent a person from misusing freedom of speech. Says Apar Gupta, a senior lawyer, “Section 66A was a bailable section and arrests were made only with further imposition of IPC acts." While Article 19 (1) of the Constitution guarantees freedom of expression, at the same time Article 19 (2) provides a list of reasonable restrictions on freedom of speech. This is enough, experts believe, to curtail misuse of the internet. The court judgment also grants the Centre the freedom to enact any other law specific to the internet, provided it does not violate the provisions of freedom of speech as laid down by the Constitution of India.

This does, however, put a question mark on the necessity of Section 66A to begin with, if existing laws were quite enough to address freedom-of- speech abuses. "Section 66A of the IT Act, 2000, was enacted to prevent online abuse and hounding of groups and individuals, check the propagation of obscene or incorrigibly false information with the intent to create social divides and unrest, and deter unbridled defamation in cyberspace. This Act came into effect in 2008 when social media was yet evolving," says Singhvi. But experts disagree with this argument. "It is a perfect case of confusion and mixing up of facts,” says Sunil Abraham. “The purpose of this law was to curb unsolicited messages, spamming and harassing someone through fake identities in the internet space." He says that the Government claimed to borrow law provisions from the US, Canada and other countries, but the legislation was so poorly drafted that it didn’t have any teeth for action against spammers. "Even words like ‘unsolicited commercial mails’ were not included in the Act and that is the reason not a single person has been arrested in India for spam mails even after this Act came into being."

A section of the Indian legal fraternity believes that the country’s apex court should also have made a statement about the problem of spamming and harassment on the internet.

But there is bad news too. The same judgment that struck down Section 66A has upheld Section 69A of the IT Act as constitutionally valid. This allows the Government to block any website which it deems a direct threat to public order and security that might spread propaganda.

"In this case, the Government [can decide] to block a website without notifying [it with any] reason for it. If I am an internet user who wants to visit this site, I am also not notified why that website has been taken down. It is just the whims and fancies of a few officials in the Government, what to block and what not," says Apar Gupta. Using the section, the Union Government had blocked 32 websites just this January, saying that anti- national groups were using these websites for ‘jihadi propaganda’.

All major democracies have some form of legal net regulation. "Laws in foreign jurisdictions vary widely as per the guarantees of civil rights afforded to citizens in any legal system," adds Gupta. "The legislations of the United States, which borrowed certain phrases in Section 66A, have already been declared unconstitutional. In the United Kingdom, similar phrases have come under fierce critique and have been limited by guidelines issued by the office of prosecutions. In these jurisdictions, as in India, existing criminal law applies equally to online speech as much as to offline."

Also, while social media enthusiasts rejoice over their first big victory against restrictions on online freedom of speech, the internet is still a matter of great concern for any government, thanks to its reach and influence. The Union Government walks a thin line while dealing with instances of abuse on social media, and many believe India needs an IT Act drafted in proper consultation with all stakeholders.

For now, a young law student has found a place in the legal history of India. "It will always be remembered as Shreya Singhal vs Union of India," says Singhal.

INFORMATION TECHNOLOGY ACT

‘66A. Punishment for sending offensive messages through communication service, etc. Any person who sends, by means of a computer resource or a communication device:

Any information that is grossly offensive or has menacing character; or
Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device;
Any electronic mail or message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages...

shall be punishable with imprisonment for a term which may extend to three years and with fine’

SUPREME COURT ORDER

‘In conclusion, we may summarise what has been held by us: Section 66A of the Information Technology Act, 2000 is struck down in its entirety being violative of Article 19(1)(a) and not saved under Article 19(2)’

For more details visit https://cis-india.org/internet-governance/news/open-magazine-march-27-2015-kumar-anshuman-section-66a-delete

Section 66A not for curbing freedom of speech, govt says

praskrishna — 2015-02-05T13:59:12Z

Section designed to fight cybercrime and protect the right to life, central government tells Supreme Court.

The article by Akansha Seth and Apoorva was published in Livemint on February 3, 2015. Sunil Abraham gave his inputs.

The central government on Tuesday clarified to the Supreme Court that penal provisions of the Information Technology (IT) Act, 2000, were not intended to curb freedom of speech.

Instead, the controversial Section 66A of the IT Act, challenged in the apex court, is designed to fight cybercrime and has nothing to do with any citizen’s freedom of speech and expression, the government said, adding that these provisions seek to protect the right to life of Indian citizens.

The government’s clarification, made in a written submission to the Supreme Court, is significant because the argument made so far in the court by opponents of the controversial section is that they are misused to curb freedom of expression.

The penal provisions deal with online criminal offences like phishing, vishing (voice phishing), spoofing, spamming, and spreading viruses that have a serious potential to not only damage and destroy the computer system of an individual citizen but also bring the functioning of vital organizations and, in extreme cases, even the country to a standstill.

The stand of the government is interesting because it comes on a petition filed when police arrested a 21-year-old girl for questioning on Facebook Mumbai’s shutdown after Shiv Sena leader Bal Thackeray’s funeral in 2012. Another girl who “liked” the comment was also arrested. Last May, five students were detained by police for spreading an anti-Narendra Modi photo on WhatsApp.

“If 66A, as the government argues does not set any additional limits on freedom of speech and expression, then it is wholly unnecessary, serves no purpose and should be struck down by the honourable court. After all it has never been used to tackle the problem of spam which was the original intent,” said Sunil Abraham, executive director, Centre for Internet and Society, a Bengaluru-based think tank.

The central government has clarified that the phrases annoyance, inconvenience, danger, or obstruction as used in Section 66A have no correlation or connection with any citizen’s freedom of speech and expression. Consequently, if as a result of a citizen exercising his or her freedom of speech and expression, annoyance, inconvenience, danger or obstruction is caused while sending anything by way of a computer resource or a communication device, it will not be a penal offence under section 66A.

The government has also argued that if an individual chooses to misuse the provision for a purpose for which it is not intended or resorts to the expressions inconvenience or annoyance in a casual manner, it would be a case of abuse of the process of law. However, it would not be a ground for declaring the provisions unconstitutional if they are otherwise found to be constitutional.

Additional solicitor general Tushar Mehta, appearing for the central government, argued that no one can file a criminal complaint on grounds that they received an information that caused annoyance, inconvenience, etc.—grounds mentioned under section 66A.

Mehta also suggested that the court could come up with guidelines on how to interpret the section, or such regulations could be framed under section 89 of the IT Act which empowers the controller to make regulations to carry out the purposes of the Act, in consistency with it, after consultation with the Cyber Regulations Advisory Committee and with the previous approval of the central government.

Mehta argued that authoritative discretion was required because a precise and concise definition of grossly offensive or menacing character—terms used in section 66A—was not possible. “Nobody can allege that they are annoyed by the exercise of someone’s freedom of speech,” he added.

Gaurav Mishra contributed to this story.

For more details visit https://cis-india.org/internet-governance/news/livemint-akansha-seth-apoorva-livemint-feb-3-2015-section-66a-not-for-curbing-freedom-of-speech-govt-says

Section 66-A, Information Technology Act, 2000: Cases

snehashish — 2012-12-06T09:20:51Z

In this blog post Snehashish Ghosh summarizes the facts of a few cases where Section 66-A, Information Technology Act, 2000, has been mentioned or discussed.

There has been numerous instances application of the Section 66-A, Information Technology Act, 2000 (“ITA”) in the lower courts. Currently, there are six High Court decisions, in which the section has been mentioned or discussed. In this blog post, I will be summarizing facts of a few cases insofar as they can be gathered from the orders of the Court and are pertinent to the application of 66-A, ITA.

Sajeesh Krishnan v. State of Kerala (Kerala High Court, Decided on June 5, 2012)

Petition before High Court for release of passport seized by investigating agency during arrest

In the case of Sajeesh Krishnan v. State of Kerala (Decided on June 5, 2012), a petition was filed before the Kerala High Court for release of passport seized at the time of arrest from the custody of the investigating agency. The Court accordingly passed an order for release of the passport of the petitioner.

The Court, while deciding the case, briefly mentioned the facts of the case which were relevant to the petition. It stated that the “gist of the accusation is that the accused pursuant to a criminal conspiracy hatched by them made attempts to extort money by black mailing a Minister of the State and for that purpose they have forged some CD as if it contained statements purported to have been made by the Minister.” The Court also noted the provisions under which the accused was charged. They are Sections 66-A(b) and 66D of the Information Technology Act, 2000 along with a host of sections under the Indian Penal Code, 1860 (120B – Criminal Conspiracy, 419 – Cheating by personation, 511- Punishment for attempting to commit offences punishable with imprisonment for life or other imprisonment, 420 – Cheating and dishonestly inducing delivery of property, 468 – Forgery for purpose of cheating, 469 – Forgery for purpose of harming and 201 – Causing disappearance of evidence of offence, or giving false information to screen offender read with 34 of Indian Penal Code, 1860)

Nikhil Chacko Sam v. State of Kerala (Kerala High Court, Decided on July 9, 2012)

Order of the Kerala High Court on issuing of the summons to the petitioner

In another case, the Kerala High Court while passing an order with respect to summons issued to the accused, also mentioned the charge sheet laid by the police against the accused in its order. The accused was charged under section 66-A, ITA. The brief facts which can be extracted from the order of the Court read: “that the complainant and the accused (petitioner) were together at Chennai. It is stated that on 04.09.2009, the petitioner has transmitted photos of the de facto complainant and another person depicting them in bad light through internet and thus the petitioner has committed the offence as mentioned above.”

J.R. Gangwani and Another v. State of Haryana and Others (Punjab and Haryana High Court, Decided on October 15, 2012)

Petition for quashing of criminal proceedings under section 482 of the Criminal Procedure Code, 1973

In the Punjab and Haryana High Court, an application for quashing of criminal proceeding draws attention to a complaint which was filed under Section 66-A(c). This complaint was filed under Section 66-A(c) on the ground of sending e-mails under assumed e-mail addresses to customers of the Company which contained material which maligned the name of the Company which was to be sold as per the orders of the Company Law Board. The Complainant in the case received the e-mails which were redirected from the customers. According to the accused and the petitioner in the current hearing, the e-mail was not directed to the complainant or the company as is required under Section 66-A (c).

The High Court held that, “the petitioners are sending these messages to the purchasers of cranes from the company and those purchasers cannot be considered to be the possible buyers of the company. Sending of such e-mails, therefore, is not promoting the sale of the company which is the purpose of the advertisement given in the Economic Times. Such advertisements are, therefore, for the purpose of causing annoyance or inconvenience to the company or to deceive or mislead the addressee about the origin of such messages. These facts, therefore, clearly bring the acts of the petitioners within the purview of section 66A(c) of the Act.”

Mohammad Amjad v. Sharad Sagar Singh and Ors. (Criminal Revision no. 72/2011 filed before the Court of Sh. Vinay Kumar Khana Additional Sessions Judge – 04 South East: Saket Courts Delhi)

Revision petition against the order of the metropolitan magistrate

In a revision petition came up before the Additional Sessions Judge on the grounds that the metropolitan magistrate has dismissed a criminal complaint under Section 156(3) of the Criminal Procedure Code without discussing the ingredients of section 295-A, IPC and 66-A, IT Act.

In this case, the judge observed that, “...section 66A of Information Technology Act (IT Act) does not refer at all to any 'group' or 'class' of people. The only requirement of Section 66A IT Act is that the message which is communicated is grossly offensive in nature or has menacing character.” He also observed that the previous order “not at all considered the allegations from this angle and the applicability of Section 66A Information Technology Act, 2000 to the factual matrix of the instant case.”

For more details visit https://cis-india.org/internet-governance/blog/section-66-a-information-technology-act-2000-cases

Section 43 of the Information Technology Act

pranesh — 2013-06-07T10:37:04Z

Given below is the text of section 43 of the IT Act:

43. Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —

accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Explanation.
For the purposes of this section:

"computer contaminant" means any set of computer instructions that are designed —
- to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
- by any means to usurp the normal operation of the computer, computer system, or computer network;
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

For more details visit https://cis-india.org/internet-governance/resources/section-43-it-act.txt

Second Regional Conference on Connectivity for All: Future Technologies, Markets and Regulation

praskrishna — 2015-12-27T16:16:09Z

This conference organized by the International Telecommunications Society, IIMA IDEA Telecom Centre of Excellence and Indian Institute of Management, Ahmedabad was held in New Delhi from December 13 to 15, 2015. Sunil Abraham was a panelist in the session "Going beyond Cybersecurity: Internet Governance Issues".

Click to read the conference details published by International Telecommunications Society here. Download the Agenda here.

The wide availability of Internet/broadband has been a significant driver of economic growth especially in developed countries. On the contrary, emerging economies lag far behind in Internet/broadband penetration even in urban areas. Further, as emerging economies have poor infrastructure as well as physical service deployment platforms, higher penetration of Internet/broadband could serve as an effective platform for social programmes' delivery. However, the increasing gap in penetration, speed and adoption of Internet/broadband between developed and emerging economies is likely to reduce the ability of the latter to participate in an equitable way in the global knowledge and service economy. As the gap increases, the ability of emerging economies to bridge the digital divide becomes more significantly daunting and is a major cause of concern for policymakers.

The challenges for connectivity in the developed and emerging economies are diverse. While developed countries face issues in providing higher speeds, bandwidth and connectivity among devices to large parts of their population who have basic Internet/broadband, emerging economies still struggle for establishing universal access and providing basic Internet/broadband to their citizens. Even where Internet/broadband is available, adoption may not be adequate especially in the rural and remote areas.

The wired infrastructure in emerging economies is poor, however, the mobile phones are ubiquitous. Therefore, mobile Internet/broadband could be an effective way for increasing Internet/broadband penetration. Technological and regulatory changes, especially those related to spectrum, are necessary to leverage these opportunities.

A related aspect of growth in Internet/broadband is the increasing role of Internet governance frameworks at national, regional and international levels. The challenge for nations is how to leverage this framework for growth of Internet/broadband and play a greater role in Internet governance.

A multi-pronged approach is required to address these diverse issues. A supportive environment for policy, regulatory and technology development is required. This conference provides a platform for dialogue between researchers, industry practitioners, government and regulatory bodies to search for collaborative solutions.

For more details visit https://cis-india.org/telecom/news/second-regional-conference-on-connectivity-for-all-future-technologies-markets-and-regulation

Second Privacy and Surveillance Roundtable

anandini — 2014-08-09T04:10:50Z

On July 4, 2014, the Centre for Internet and Society in association with the Cellular Operators Association of India organized a privacy roundtable at the India International Centre. The primary aim was to gain inputs on what would constitute an ideal surveillance regime in India.

Introduction: About the Privacy and Surveillance Roundtables

The Privacy and Surveillance Roundtables are a CIS initiative, in partnership with the Cellular Operators Association of India (COAI), as well as local partners. From June 2014 – November 2014, CIS and COAI will host seven Privacy and Surveillance Roundtable discussions across multiple cities in India. The Roundtables will be closed-door deliberations involving multiple stakeholders. Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India. The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and training

The second Privacy and Surveillance Roundtable was held in New Delhi at the India International Centre by the Centre for Internet and Society in collaboration with the Cellular Operators Association of India on the 4^th of July, 2014.

The aim of the discussion was to gain inputs on what would constitute an ideal surveillance regime in India working with theCIS Draft Privacy Protection Bill, the Report of the Group of Experts on Privacy prepared by the Justice Shah committee, and the International Principles on the Application of Human Rights to Communications Surveillance.

Background and Context: Privacy and Surveillance in India

The discussion began with the chair giving an overview of the legal framework that governs communications interception under Indian Law. The interception of telecommunication is governed by Section 5(2) of the Telegraph Act,1885 and Rule 419A of the Telegraph Rules,1951. The framework under the Act has remained the same since it was drafted in 1885. An amendment to the Telegraph Rules in 1996 in light of the directions given under PUCL v Union of India was possibly the first change to this colonial framework barring a brief amendment in 1961.

During the drafting of the Act, the only two Indian members of the drafting committee objected to the wide scope given to interception under Section 5(2). In 1968, however, the 30^th Law Commission Report studying Section 5(2) came to the conclusion that the standards in the Act may be unconstitutional given factors such as ‘public emergency’ were too wide in nature and called for a relook at the provision.

While the interception of postal mail is governed by Section 26 of the Post Office Act, 1898, the interception of modern forms of communication that use electronic information and traffic data are governed under Sections 69 and 69B of the Information Technology Act, 2000, while interception of telephonic conversations are governed by section 5(2) of the Indian Telegraph Act 1885 and subsequent rules under section 419A.

What the law ought to be?
With the shift in time, the Chair noted that the concept of the law has changed from its original colonial perspective. Cases such as Maneka Gandhi v Union of India, highlighted that an acceptable law must be one that is ‘just, fair and reasonable’. From judgments such as these, one can impute that any surveillance law should not be arbitrary and must comply with the principles of criminal procedure. Although this is ideal, recent matters that are at the heart of surveillance and privacy, such as the Nira Radia matter, currently sub-judice, will hopefully clarify the scope of surveillance that is considered permissible in India.

Why is it important now?
In India, the need to adopt a legislation on privacy came in the wake of the Indo-EU Free Trade Agreement negotiations, where a data adequacy assessment conducted by the European Commission showed that India’s data protection practices were weak. In response to this, the Department of Personnel and Training drafted a Privacy Bill, of which two drafts have been made, though the later draft has not been made available to the public.

The formation of a privacy proposal in India is not entirely new. For example in 1980, former Union minister VN Gadgil proposed a bill to deal with limiting reportage on public personalities. Much of this bill was based on a bill in the House of Lords in 1960 suggested by Lord Mancroft to prevent uncontrolled reporting. The chair notes here that in India privacy has developed comprehensively as a concept in response to the reporting practices of the media.

Although, the right to privacy has been recognised as an implicit part of the right to life under the Constitution, the National Commission to Review the Working of the Constitution set up in February 2000 suggested the addition of a separate and distinct fundamental right to privacy under Article 21 B along the same lines of Article 8 of the European Convention of Human Rights.

While these are notable efforts in the development of privacy, the Chair raised the question of whether India is merely 'inheriting' reports and negotiations, without adopting such standards into practice and a law.

Discussions

Cloud base storage and surveillance

Opening up the discussion on electronic interception, a participant asked about the applicability of a Privacy regulation to cloud based services. Cloud based storage is of increasing relevance given that the cloud permits foreign software companies to store large amounts of customer information at little or no cost.

Indian jurisdiction, however, would be limited to a server that resides in India or a service provider that originates or terminates in India. Moving the servers back to India is a possible solution, however, it could have negative economic implications.In terms of telecommunications, any communications that originate or terminate using Indian satellites are protected from foreign interception.

Before delving into further discussion, the Chair posed the question of as to what kind of society we would like to live in, contrasting the individual based society principle and the community based principle. While the former is followed by most Western Nations as a form of governance, Orientalist and/or Asian tradition follows the community based principle where the larger focus is community rights. However, it would be incorrect to say that the latter system does not protect rights such as privacy, as often Western perceptions seem to imply. For example, the Chair points out that the oldest Hindu laws such as the Manu Smriti protected personal privacy.

Regulatory models for surveillance

After the preliminary discussion, the Chair then posed the fundamental question of how a government can regulate surveillance. During the discussion, a comparison was made between the UK, the US modus operandi i.e. the rule of probable cause coupled with exhaustion of other remedies, and the Indian rule based out of Section 5(2) of the Telegraph Act, 1885. In the United States, wire taps cannot be conducted without a Judge’s authorization.For example, the Foreign Intelligence Surveillance Act, which governs foreign persons, has secret courts. In addition, a participant added that surveillance requests in the US are rarely if ever, rejected. While on paper, the US model seems acceptable, most participants are weary of the practicability of such a system in India citing that a judiciary that is shielded from public scrutiny entirely cannot be truly independent. The UK follows an interception regime regulated by the Executive, the beginnings of which lay in its Telegraph Act in 1861, which the Indian Telegraph Act is based on. However, the interception regime of the UK has constantly changed with a steady re-evaluation of the law. Surveillance in the UK is regulated by the Regulation of Investigatory Powers Act of 2000(RIPA), in addition it has draft bills pending on Data Retention and on the Admissibility of intercepted communications as evidence.

In contrast, India follows an executive framework, where the Home Secretary gives authorization for conducting wiretaps. This procedure can be compromised in emergent circumstances, where an officer not below the rank of a Joint Secretary can pass an order.

Participants agreed that the current system is grossly inadequate, and the Chair asked whether both a warrant and a judicial order based system would be appropriate for India.

Considering the judicial model as a possible option, participants thought of the level of judiciary apt for regulating matters on surveillance in India. While participants felt that High Court judges would be favourable, the immense backlog at the High Court level and the lack of judges is a challenge and risks being inefficient. If one were to accept the magistrate system, the Chair adds that there are executive magistrates within the hierarchy who are not judicial officers. To this, a participant posed the question as to whether a judicial model is truly a workable one and whether it should be abandoned. In response, a participant, iterated the Maneka Gandhi ratio that “A law must be just, fair and reasonable and be established to the satisfaction of a judicially trained mind”

It was then discussed how the alternative executive model is followed in India, and how sources disclose that police officers often use (and sometimes misuse) dedicated powers under Section 5(2), despite Rule 419A having narrowed down the scope of authority. A participant disagreed here, stating that most orders for the interception of communications are passed by the Home Secretary.

When the People’s Union for Civil Liberties challenged Section 5(2) of the Telegraph Act, the Supreme Court held that it did not stand the test of Maneka Gandhi and proposed the set-up of a review committee under its guidelines which was institutionalised following an amendment in 2007 to the Telegraph Rules.

Under Rule 419A, a review committee comprises of officials such as the Cabinet Secretary, Secretary of the Department of Telecommunications, Secretary of the Department of Law and Justice and the Secretary of Information Technology and Communication ministry at the Centre and the Chief Secretary ,the Law Secretary and an officer not below the rank of a Principal secretary at the State level. A participant suggested that the Home Secretary should also be placed in the review committee to explain the reasons for allowing the interception.

Albeit Rule 419A states that the Review Committee sits twice a month, the actual review time according to conflicting reports is somewhere between a day to a week. The government mandates that such surveillance cannot continue for more than 180 days.

In contrast to the Indian regime, the UK has a Commissioner who reviews the reasons for the interception along with the volume of communication among other elements. The reports of such interceptions are made public after the commissioner decides whether it should be classified or declassified and individuals can challenge such interception at the Appellate Tribunal.

A participant asked whether in India, such a provision exists for informing the person under surveillance about the interception. A stakeholder answered that a citizen can find out whether somebody is intercepting his or her communications via the government but did not elaborate on how.

Authorities for authorizing interception

On the subject of the regulatory model, a participant asked whether magistrates would be competent enough to handle matters on interception. It was pointed out that although this is subjective, it can be said that a lower court judge does not apply the principles of constitutional law, which include privacy, among other rights.

Having rejected the possibility of High Court judges earlier in the discussion, certain participants felt that setting up a tribunal to handle issues related to surveillance could be a good option, considering the subject matter and specialisation of judges. Yet, it was pointed out that the problem with any judicial system, is delay that happens not merely inordinately but strategically with multiple applications being filed in multiple forums. In response, a participant suggested a more federal model with greater checks and balances, which certain others felt can only be found in an executive system.

The CIS Privacy Protection Bill and surveillance

Section 6 of the CIS Privacy Protection Bill lists the procedure for applying to a magistrate for a warrant for interception. One of the grounds listed in the Bill is the disclosure of all previously issued warrants with respect to the concerned person.

Under Section 7 of the Bill, cognisable offences that impact public interest are listed as grounds for interception. Considering the wide range of offences that are cognisable, there is debate on whether they all constitute serious enough offences to justify the interception of communications. For example, the bouncing of a cheque under the Negotiable Instruments Act is a cognisable offence in public interest, but is it serious enough an offence to justify the interception of communications? How should this, then be classified so as to not make arbitrary classifications and manage national security is another question raised by the Chair.

The example of Nira Radia and the fact that the income tax authorities requested the surveillance demonstrates the subsisting lack of a framework for limiting access to information in India. A participant suggested that a solution could be to define the government agencies empowered to intercept communications and identify the offences that justify the interception of communications under Section 7 of the CIS Privacy Protection Bill.

During the discussion, it was pointed out that the Government Privacy Bill, 2011 gives a broad mandate to conduct interception that goes beyond the reasonable restrictions under Article 19 (2) of the Constitution. For example, among grounds for interception like friendly relations with other States, Security and public disorder, there are also vague grounds for interception such as the protection of the rights and freedoms of others and any other purpose mentioned within the Act.

Although the Justice Shah report did not recommend that “any other purpose within the Act” be a ground for interception, it did recommend “protection of the freedom of others” continue to be listed as a permissible ground for the interception of communications.

Meta-data and surveillance

Under Section 17 of the Draft Bill, metadata can be intercepted on grounds of national security or commission of an offence. Metadata is not protected under Rule 419A of the Telegraph Rules and a participant asked as to why this is. The Chair then posed the question to the conference of whether there should be a distinction between the two forms of data at all.

While participants agreed that Telecommunication Service Providers store meta data and not content data, there is a need according to certain participants, to circumscribe the limits of permissible metadata collection. These participants advocated for a uniform standard of protection for both meta and content data, whereas another participant felt that there needs to be a distinction between content data and meta data. Certain participants also stressed that defining what amounts to metadata is essential in this regard.

The Chair moved on to discussing the provisions relating to communication service providers under Chapter V. It was noted that this section will be irrelevant however, if the Central Monitoring System comes into force, as it will allow interception to be conducted by the Government independent of service providers.

Data Retention and Surveillance

Data can be classified into two kinds for the purposes of interception, i.e. content and Meta data. Content data represents the content in the communication in itself whereas Meta data is the information about the communication.

Telecommunications service providers are legally required to retain metadata for the previous year under the Universal Access Service Terms, although no maximum time limit on retention has been legally established.

A participant highlighted that the principle of necessity has been ignored completely in India and there is currently a practice of mass data collection. In particular, metadata is collected freely by companies, as it is not considered an invasion of privacy.

Another stakeholder mentioned that nodal officers set up under every Telecommunication Service Provider are summoned to court to explain the obtainment of the intercepted data. The participant mentions that Telecom Service Providers are reluctant to explain the process of each interception, questioning as to why Telecom Service Providers must be involved in judicial proceedings regarding the admissibility of evidence when they merely supply the data.

A participant asked as to where a Grievance Redressal mechanism can be fit in within the current surveillance framework in India. In response, it was noted that with a Magistrate model, procedure cannot be prescribed as Criminal Procedure would apply. However, if tribunals were to be created, a procedure that deals with the concerns of multiple stakeholders would be apt.

A doubt raised by a stakeholder was whether prior sanction could be invoked by public servants against surveillance. Its applicability must be seen on a case to case basis, although for the most part, prior sanction would not be applicable considering that public officials accused of offences are not be entitled to prior sanction.

Section 14 of the CIS Privacy Protection Bill prohibits the sharing of information collected by surveillance with persons other than authorised authorities in an event of national security or the commission of a cognisable offence. Participants agreed that the wording of the section was too wide and could be misused.

A participant also pointed out that in practice, such parameters on disclosure are futile as even on civil family matters, metadata is shared amongst the service provider and the individuals that request it.

With relation to metadata, a participant suggested a maximum retention period of 2 years. As pointed out earlier, Call Detail Records, a service provider must retain the information for at least one year, however, there is no limit placed on retention, and destruction of the same is left to the discretion of the service provider. Generally it was agreed by participants that a great deal more clarity is needed as currently the UASL merely states that Internet Protocol Detail Record (IPDR) should be maintained for a year.

Duties of the Service Provider

Under the CIS Privacy Protection Bill , the duties of Telecommunication Service Providers broadly includes ‘measures to protect privacy and confidentiality’ without further elaboration. A participant mentioned that applicable and specific privacy practices for different industries need to be defined. Another participant stressed that such practices should be based in principles and not based in technology - citing rapidly evolving technology and the obsolete government standards that are meant to be followed as security practices for ISPs.

Another area that needs attention according to a participant is the integrity of information after interception is conducted. Participants also felt that audit practices by Telecommunication Service Providers should be confined to examining the procedures followed by the company, and not examine content, which is currently the practice according to other participants.

A participant also mentioned that standards do not be prescribed to Telco's considering the Department of Telecommunications conducts technical audits. Another participant felt that the existing system on audits is inadequate and perhaps a different model standard should be suggested. The Chair suggests that a model akin to the Statement on Auditing Standards that has trained persons acting as auditors could fair better and give security to Telco's by ensuring immunity for proceedings based on compliance with the standards.

The next issue discussed was whether surveillance requests can be ignored by Telco's, and whether Telco's can be held liable for repeatedly ignoring interception requests. A stakeholder replied that although there are no rules for such compliance, a hierarchal acquiescence exists which negates any flexibility.

Admissibility of Evidence

The significance given to intercepted communications as evidence was the next question put forth by the Chair. For example in the US, the ‘fruit of the poisonous tree’ rule is followed where evidence that has been improperly received discredits its admissibility in law as well as further evidence found on the basis of it. In India, however, intercepted communications are accorded full evidentiary value, irrespective of how such evidence is procured. The 1972 Supreme Court Judgment of Malkani v State of Maharashtra, reiterated a seminal UK judgment, Kuruma, Son of Kanju v. R , which stated that if the evidence was admissible it is irrelevant how it was obtained.

Participants suggested more interaction with the actual investigative process of surveillance, which includes prosecutors and investigators to gain a better understanding of how evidence is collected and assessed.

Conclusions

The Roundtable in Delhi was not a discussion on surveillance trapped in theory but a practical exposition on the realities of governance and surveillance. There seemed to be two perspectives on the regulatory model both supported with workable solutions, although the overall agreement was on an organised executive model with accountability and a review system. In addition, inputs on technology and its bearing on the surveillance regime were informative. A clear difference of opinion was presented here on the kind of protection metadata should be accorded. In addition, feedback from stakeholders on how surveillance is conducted at the service provider level, highlight the need for an overhaul of the regime, incorporating multiple stakeholder concerns.

1994 4 SCC 569

The definition of telegraph was expanded with the Telegraph Laws (Amendment) Act, 1961 under Section 3 (1AA) to ‘‘telegraph’ means any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds orintelligence of any nature by wire, visual or other electro-magnetic emissions, radio waves or Hertzian waves, galvanic, electric or magnetic means.

Explanation.—’Radio waves’ or ‘Hertzian waves’ means electromagnetic waves of frequencies lower than 3,000 giga-cycles per second propagated in space without artificial guide;]

1978 AIR 597

Art 21-B-“Every person has a right to respect for his private and family life, his home and his correspondence.”, Accessed at < http://lawmin.nic.in/ncrwc/finalreport/v1ch3.htm>

Article 8 of the European Convention on Human Rights mentions

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.

Article 8 was invoked in Rajagopal v State of Tamil Nadu (1995 AIR 264)

PUCL v Union of India, (1997) 1 SCC 301

IPDR measures bandwidth and monitors internet traffic.

[1955] A.C. 197

For more details visit https://cis-india.org/internet-governance/blog/second-privacy-and-surveillance-july-4-2014

Second International e-Governance Conference

praskrishna — 2012-12-11T10:50:29Z

The second international conference on governance and electronics which is held under the motto "Together Toward Digital Inclusion" is organized by the National Committee for Corporate Governance Electronic Iraq and the United Nations Development Programme at Rashid Hotel in Baghdad from December 2-3, 2012. The event aims to review the achievements of the program e-governance Iraqi national, and discuss the challenges of applying e-governance as a tool to achieve public sector reform and digital inclusion.

Sunil Abraham is a speaker at this event and is presenting on "Review of the Legal Environment in Iraq for Effective e-Governance", and "Government Interoperability Frameworks: Global Overview and implications for Iraq".

Conference Agenda

Sunday, December 2, 2012

09:00 – 10:00	Conference Registration
10:00 – 11:00	Opening Ceremony H.E. Nuri Al-Maliki, Prime Minister of Iraq Ms. Helen Clark, UNDP Administrator H.E. Dr. Abdul Kareem Al-Samaraii, Minister of Science and Technology
11:00 – 11:30	Break
11:30 – 12:30	Plenary session 1: e-Governance and Public Sector Reform Chairman: Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology Mr. Thamir Al Ghadban, Head of the Prime Minister’s Advisory Commission (PMAC) Prof. Subhash Bhatnagar, UNDP Expert Q & A
12:30 – 13:30	Plenary session 2: Citizen Inclusion into the Digital Society Chairman: Mr. Imad Naji, Director General - Ministry of Planning Dr. Laurence Millar, UNDP Expert Dr. Kathim Ibrisim, Director General - Ministry of Planning Q & A
13:30 – 13:40	Plenary Session 3: Challenges of e-Governance Implementation Chairman: Dr. Mahmood Kassim Sharief, Director General – Ministry of Science and Technology
13:40 – 14:00	Break
14:00 – 15:30	Workshop 1: Challenges of implementing an adequate telecommunications infrastructure and Highlighting the role of the private sector and the establishment of the concept of true public-private sector partnership in the field of e-governance Chairman: Mr. Jaber Zwayed Atiyah, Director General – National Security Commission Dr. Rohan Samarajiva Lirne, UNDP Expert Dr. Shahani Markus Weerawarana, UNDP Expert Ms. Raghad Abdulrasoul National Centre for Consultation and Management Development/Ministry of Planning Q&A
13:30 – 14:30	Lunch @ AL-Rashid

Monday, December 3, 2012

09:00 – 09:15	Closure of the Plenary Session 3 Presentation of workshop results
09:15 – 10:45	Plenary Session 4: Effective Role of Local Governments in Framework of e-Governance Program Chairman: Dr. Kathim Ibrisim, Director General - Ministry of Planning Mr. Manu Srivastava, UNDP Expert Dr. Adil Abdullah Shuhaieb, member of e-Governance Committee in Missan Governorate Mr. Anmar Natik Mohammed, Manager of e-Governance Programme in Ninawa Governorate Eng Haider Shaker Yaji , Muthana Governorate Q&A
10:45 – 11:00	Break
11:00 – 12:00	Plenary Session 5: Challenges of Government Interoperability Framework Implementation, Standards and Information Chairman: Mr. Mohammed Raji Mousa, Council of Ministers Secretariat (COMSEC) Mr. Sunil Abraham, UNDP Expert Mr. Ammar Salih and Dr. Firas Hamadani/ Minister of Foreign Affairs Q&A
12:00 – 13:00	Plenary Session 6: Building e-Services Chairman: Dr. Saad Najem / University of Mustanserieh Mr. Emilio Bugli Innocenti, UNDP Expert Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology Mr. Ahmed Saad, Director General – Ministry of Municipality and Public Work Q&A
13:00 – 14:30	Conference Closing Session Chairman: Dr. Samir Attar, Deputy Minister – Ministry of Science and Technology Looking forward Adopt conference recommendation UNDP Closing Speech Government of Iraq Speech
14:30 – 15:30	Lunch @ AL-Rashid

Papers/Speakers Bio Summary

Plenary Session 1: e-Governance and Public Sector Reform

Chairman: Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology

e-Governance and public sector reform/ Subhash Bhatnagar The paper shares experiences from different countries of implementing e-Governance projects that have significantly contributed to governance reform by enhancing transparency and reducing corruption in delivery of public services. Some lessons are drawn for Iraq. E-Governance should be used as a means of implementing public sector reform agenda. The implementation of projects should be accelerated. *Subhash Bhatnagar* is an alumnus of Indian Institute of Technology, Madras and Indian Institute of Management, Ahmedabad (IIMA). Currently he is an honorary adjunct professor at the IIMA. He was a Chair Professor, member of Board of Governors and the Dean of IIMA in his 30 year tenure at IIMA. He has been a visiting Professor in universities in the US and Africa. He worked with the World Bank in Washington DC for six years serving as an advisor to to mainstream e-Governance in the operations of the Bank. He has been a lead speaker in training workshops for ministers and legislators for 16 states in India. His research and consulting work has covered E-Governance, ICT for development, National IT Policy, and Corporate IT Strategy. He has hundred research papers and seven books to his credit which include two books on eGovernance. He is on the editorial boards of seven international journals and has served as Chairman of International Committees in the ICT field. He serves on a number of central and state Government committees in Inda including the steering committee for ICT sector for formulating India’s 12^th Five Year Plan. He was made a Fellow of the Computer Society of India in 1994. He has served on the boards of a number of educational institutions and private enterprises in India. He has travelled to nearly 60 countries, delivering public lectures and conference key notes

Plenary Session 2: Citizen Inclusion into the Digital Society

Chairman: Mr. Imad Naji, Director General - Ministry of Planning

Citizen Inclusion into the Digital Society/ Laurence Millar This paper describes the importance of digital inclusion to achieve the e-governance Vision for Iraq. The paper reports on international experience in digital inclusion and e-governance, using examples from New Zealand, United Kingdom, Bahrain and Taiwan. These experiences illustrate how to develop a plan for increasing digital inclusion in Iraq which is aligned to the wider priorities for social and economic outcomes. Laurence Millar is an independent advisor in the use of ICT by governments, and Editor at Large for FutureGov magazine. He is the lead advisor for the e-government strategy and second action plan for the Kingdom of Saudi Arabia, and has also worked with other GCC countries on their e-government strategies. He provides expert advice to the government on the adoption of digital technology and broadband in schools; he is also Chair of 2020 Communications Trust, which is the leading provider of digital literacy programmes in New Zealand. During his career of more than 35 years, he has worked in the public and private sector, in the UK, USA, Asia and New Zealand. From 2004, he led the New Zealand e-government programme providing leadership in strategy and policy, establishing a foundation of shared infrastructure, and maintaining oversight of government ICT investment; he finished in the role of NZ Government CIO on 1 May 2009. He is married with four adult children and lives in Wellington, New Zealand; he has a MA from Cambridge University and an MSc with distinction from London University.
The role of ICTs in promoting public participation/ Dr. Kathim Ibrisim Participation is a basic feature of good governance, which suggests providing a democratic environment in the community that allows the integration of citizens, institutions of civil society, stakeholders and the poor and marginalized groups into policy-making and follow-up implementation. As much a democratic atmosphere allows for participation good governance can achieve the hopes of community regardless of its different components. This paper provides an assessment of the reality of public participation in Iraq which is based on a survey of public participation in four sectors concerned with providing services (Health/Education/Higher Education/Water and Sanitation). It was carried out by the National Centre and the support of the ESCWA in 2011 - in the light of identification the main challenges facing the participation. It will focus on how to use ICT in promoting public participation in setting priorities and policy-making and follow-up implementation.
Dr. Kathim Mohammed Breisem Okabi, Director General of the National Center for Administrative Development and Information Technology since 2008, holds Ph.D. in object-oriented software engineering, M.A. in empirical computer science – 1989, Higher Diploma in systems analysis – 1982, and B.A. of Statistics – 1980. Dr. Kazem served as a professor at the universities of Jordan (Al al-Bayt University/Philadelphia University) for the period 1996-2008, a professor at the Al-Tahadi University/Libya for the period 1983 – 1992, and a statistician for the period 1980 -1983.

Plenary Session 3: Workshop 1 (Challenges of implementing an adequate telecommunications infrastructure and Highlighting the role of the private sector and the establishment of the concept of true public-private sector partnership in the field of e-governance)

Chairman: Dr. Mahmood Kassim Sharief, Director General – Ministry of Science and Technology

ICT Infrastructure for e-Government and e-Governance in Iraq / Rohan Samarajiva Lirne Governments provisioning e government services have to address two specific policy principles with regard to infrastructure: ensure universal access to their services and assure a higher level of reliability than with comparable private services. Unlike a decade or so ago, governments today do not have to rely solely on common-access centers (telecenters) to provide universal access. In most countries, mobile signals cover almost the entirety of the population; most households have at least one electronic access device; the few that do not, can gain such access. Today’s smartphones have capabilities little different from the early telecenters, except for functionalities such as printing, scanning, etc. and the support of intermediaries. Therefore, delivering voice-based e government services in the short term and mobile-optimized web-based services in the medium term, with common-access centers performing specialized backup functions, is a viable strategy. Conventional web interfaces that adhere to common standards must be maintained but articulated with mobile applications and voice-based services provided through a government call center. In light of difficulties in supplying continuous electricity and security at the present time, special attention has to be paid to reliability. Reliability can be achieved, beginning with a proper understanding of requirements such as the importance of ensuring redundancy of suppliers, paths and media. Samarajiva is founder Chair and CEO of LIRNEasia, a regional think tank focusing on ICT policy and regulation in the emerging Asia Pacific. He most recently completed a diagnostic report on the potential of the ICT Sector for inclusive growth in Bhutan for the Asian Development Bank. He is a member of the team supporting the World Bank to establish the Pacific ICT Regulatory Resource Center, based at the University of the South Pacific in Suva, Fiji. He served as policy advisor to the Ministry of Post and Telecom in Bangladesh in 2006-07 and 2009. In 2002-2004, Samarajiva served as Team Leader of the Public Interest Program Unit of the Ministry for Economic Reform, Science & Technology of Sri Lanka. He was one of the designers of the USD 53 million plus e Sri Lanka Initiative (that had a major e gov focus) that led the way to rapid growth of fixed and mobile broadband in Sri Lanka. He was one of the founder directors of the ICT Agency. Samarajiva has been active in ICT (including telecom) policy and regulation for over 20 years. From 1998-1999, he served as Director General of Telecommunications in Sri Lanka at the invitation of the Government of Sri Lanka. He taught at the Ohio State University in the US (1987-2000) and at the Delft University of Technology in the Netherlands (2000-2003).
The role of private sector software development services companies in e-Government solution implementation/ Shahani Markus Weerawarana Iraq is a country in transformation and has embarked on a compelling vision for e-Government based on a National e-Governance Strategy and Action Plan. Since the private sector plays an important and pivotal role in any national e-Government program, it is important to develop a comprehensive roadmap towards establishing a true public-private sector partnership in Iraq. As a prerequisite for such an endeavor, we review the current status of the e-Government program implementation in Iraq, the critical challenges that need to be addressed in achieving a robust public-private sector partnership in Iraq and the best practices prevalent globally and regionally with respect to addressing such issues along with the resultant policy and program implications. Based on this critical analysis, we formulate many recommendations that could be included in a public-private sector partnership development roadmap that would create momentum in establishing a competitive and vibrant private-sector role in a knowledge-based economic environment geared towards enabling the vision of e-Iraq. Shahani Markus Weerawarana has global experience in the IT industry, government and academia, in a professional career has spanned many different roles, including being an educator, engineer, entrepreneur, manager and researcher. Currently, she is a Visiting Scientist at Indiana University, USA and a Visiting Lecturer at the University of Moratuwa, Sri Lanka. Previously, she was the CTO at the ICT Agency (ICTA) of Sri Lanka, which is the country's apex IT policy & planning agency for implementing the e-Sri Lanka program. At ICTA, she played a key role in providing technical guidance for many eGovernment projects, including spearheading the design and implementation of LankaGate, a 'FutureGov' Award winning project. Prior to joining ICTA, Shahani was the Head of Engineering at Virtusa (Sri Lanka), where she directly and indirectly led more than 600 IT professionals. Before joining Virtusa Shahani worked in the USA, at Prescient Markets Inc and at the IBM TJ Watson Research Center in New York. Her professional activities have included being a member in the Sri Lankan Presidential Task Force in English and IT, an adviser to the Royal Government of Bhutan in their Interoperability Framework and Enterprise Architecture initiative, and a member of the Open eGovernance Forum Advisory Board in the Pan Asia Network for Democratic eGovernance. She is a free & open source software advocate and is a Committer and PMC member in the Apache Software Foundation. Shahani has more than 50 academic publications and her academic activities include the formulation of Asia's first MBA in eGovernance program for the University of Moratuwa, and the supervision of more than 30 MBA and MSc research projects. Her research interests include e-governance, software engineering, parallel & distributed systems, e-science, and TLA practices in higher education. Shahani has a Ph.D. in Computer Science from Purdue University, USA.
Assess the reality of the public-private partnership (PPP) and its role in promoting ICT for development/ Raghad Abdulrasoul This paper, a field survey in four service sectors (health, education, higher education, water and sanitation), aims at identifying the reality and types of PPPs and how could such partnerships contribute in the provision of or complement services within the target sectors in addition to understand and recognize the quality of the services provided by the private sector than in the public sector with a focus on the role of PPP in the promotion of ICT to support national development efforts and improve the quality of public services. Raghad Abdulrasoul, an expert at the National Center for Administrative Development and Information Technology, Higher Diploma in Development Planning/specialty in feasibility studies and B.A. of Statistics. She has functional experience and participated in implementing projects with international organizations (UNICEF/UNDP/ESCWA) in different subjects dealing with the reform and modernization of the Iraqi public sector. She performed many advisory tasks for various institutions in the state in subjects (performance evaluation, organizational structures, job descriptions , mainstreaming of procedures). She provided a variety of lectures at the National Centre and state institutions in the areas of administration, planning and feasibility studies.

Workshop 2 Challenges for creating an enabling legal environment
Chairman: Mrs Afaf Khairallah Hussein, Prime Minister Office

Review of the legal environment in Iraq for effective e-Governance/ Sunil Abraham This paper examines the legal environment and compares it to international best practices for information society aspects that have direct implication for e-governance. It begins with transparency and openness law where there is an examination of right to information/access to information law and subsidiary policies such as free/open source software policy, open content or access policy, open standards policy, electronic accessibility policy, open government data policy. Then it examines privacy law looking at various options for the horizontal statute and also the vertical statutes necessary to comprehensive protect citizen/consumer rights and also public interest simultaneously. This is followed by an examination of intellectual property rights law overall before a more focussed examination patent law and copyright law. The paper ends with examination of some miscellaneous statutes such as the Cyber Crime Law and Electronic Signature and Electronic Transactions Act. Sunil Abraham is the executive director of the Centre for Internet and Society (CIS), Bangalore. CIS is a 4 year old policy and academic research organisation that focuses on accessibility by the disabled, intellectual property rights policy reform, openness [Free/Open Source Software, Open Standards, Open Content, Open Access and Open Educational Resources], internet governance, telecom, digital natives and digital humanities. He is also the founder of Mahiti, a social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. Sunil continues to serve on the board of Mahiti. He is an Ashoka fellow and was elected for a Sarai FLOSS fellowship. For three years, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region. In 2007 - 2008, he managed ENRAP an electronic network of International Fund for Agricultural Development projects in the Asia-Pacific, facilitated and co-funded by International Development Research Centre, Canada. Sunil currently serves on the advisory boards of Open Society Foundations - Information Programme, Mahiti, Tactical Technology Collective, Samvada and International Centre for Free/Open Source Software.
Implementation of the e-system in the Iraqi elections/Dr. Tariq Kazim Ajil, University of Thi Qar

Plenary Session 4: Effective Role of Local Governments in framework of e-Governance Program

Chairman: Dr. Kathim Ibrisim, Director General - Ministry of Planning

Municipal e-Governance Platform / Manu Srivastava The paper discusses the Municipal eGovernance Platform developed by eGovernments Foundation (eGov). The paper sees this in the back ground of the policies and frameworks that the shaped the Municipal eGovernance sector in India. The paper discusses the basic design approach for developing the platform, the platform itself and then discusses the future direction for the platform. *Manu Srivastava* Bio: Manu Srivastava managed and a founding member of the eGovernments Foundation since 2003, that aims at creating an eGovernance Platform (Municipal ERP) to improve the efficiencies of City Municipalities leading to better delivery of services. Between 2000 and 2003, Manu was the project leader of GlobeTrades (Silicon Valley), for creation an Internet platform for medium and large companies to set up industry specific Internet-based solutions to streamline global Procurement and Distribution. He Architected and delivered award winning Citizen Services Solutions in area of eGovernance such as Nirmala Nagara.
Ninawa e-Governance Roadmap/ Anmar Natik Mohammed, Manager of e-Governance Programme in Ninawa Governorate

Plenary Session 5: Challenges of Government Interoperability Framework Implementation, Standards and Information

Chairman: Mr. Mohammed Raji Mousa, Council of Ministers Secretariat (COMSEC)

Government Interoperability Frameworks: Global Overview and implications for Iraq/ Sunil Abraham This paper attempts to identify some next steps for the implementation of the Iraqi Government Interoperability Framework and National Enterprise Architecture[GIF/NEA]. The paper begins with an introduction which provides an historical overview of the GIF/NEA formulation process an the policy document itself. This is followed by a discussion of Open Standards to understand why the GIF/NEA and other open standards policies in the Iraqi government remain critical from a variety of perspectives. The paper then proceeds to look at GIFs across the world and attempts to characterize some of the strategies employed by governments to reach their policy objectives. The paper also features a examination of emerging semantic standards that are most useful from the perspective of storing government data. The paper ends with certain concrete recommendations for taking the open standards agenda forward with Iraqi e-governance. Sunil Abraham is the executive director of the Centre for Internet and Society (CIS), Bangalore. CIS is a 4 year old policy and academic research organisation that focuses on accessibility by the disabled, intellectual property rights policy reform, openness [Free/Open Source Software, Open Standards, Open Content, Open Access and Open Educational Resources], internet governance, telecom, digital natives and digital humanities. He is also the founder of Mahiti, a social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. Sunil continues to serve on the board of Mahiti. He is an Ashoka fellow and was elected for a Sarai FLOSS fellowship. For three years, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region. In 2007 - 2008, he managed ENRAP an electronic network of International Fund for Agricultural Development projects in the Asia-Pacific, facilitated and co-funded by International Development Research Centre, Canada. Sunil currently serves on the advisory boards of Open Society Foundations - Information Programme, Mahiti, Tactical Technology Collective, Samvada and International Centre for Free/Open Source Software.

Plenary Session 6: Building e-services

Chairman: Dr. Saad Najem / University of Mustanserieh

Breaking information silos: towards an Iraqi e-Service ecosystem supporting the life-event approach/ Emilio Bugli Innocenti This paper analyses the current status of the e-Service implementation within the e-Governance programmes in developing countries with a specific focus on the Life Event approach delivery of-e-Services along with the related Service Oriented Architecture. Then, it discusses the most suited SOA engineering methodology in order to boost e-Service re-use and integration. Finally, a combined SOA and Cloud Computing approach is proposed in order to provide an effective/efficient implementation of Iraqi e-Governance Action Plan along with a possible fast take-up of e-Services. Emilio Bugli Innocenti has 27 year experience in the ICT domain and over 20 in the e-Governance domain. As Senior e-Governance Consultant he has been working with assignments in transition and developing countries in the Balkans, Caucasus, Middle East, South America and South East Asia. He has been Project Manager of large International ICT projects targeting different sectors and e-Governance, in particular dealing with the implementation of e-Services. He is member of the Italian Industry Executive Association, IEEE Computer Society and Association for Computing Machinery. He holds a MSc in Physics and speaks English, Italian and French.
E-governance and cloud computing services This lecture addresses the historical perspective of cloud computing from a virtual concept to provide computing as a public facility launched in the mid-sixties of the last century as well as the phases of computing services offered by individual computers and then the network to the services provided on line. It also addresses the benefits and types of cloud computing comparing between the benefits and weaknesses of each type. Furthermore, it particularly tackles the economic benefits of balancing security with information, through the architecture and various levels of cloud computing and its impacts on architectures that must be taken into consideration. Furthermore, the ten risks will be put in cloud computing in particular. Adil Matloob is one of the advisors to the Ministry of Science & Technology Baghdad, Iraq. He works in the field of knowledge based systems and artificial intelligence for the last 30 plus years. He was the managing director of the SoftDev limited; a British based company, and a technical director for the Washington based multinational company; the United Press International. He is one of the pioneers’ researchers on machine translation software in the beginning of the nineties with the product known as ArabTrans software. He works on Arabic data mining as well as Arabic abstraction and Arabic knowledge based system. Adil has M.Sc and PhD from Manchester University, Manchester, United Kingdom in 1977 & 1980 respectively.

For more details visit https://cis-india.org/news/second-international-e-governance-conference-at-baghdad

Second India China Think-Tank Forum

praskrishna — 2017-07-07T02:43:09Z

The second India-China Think-Tank Forum was held in Beijing from June 22 to 27, 2017. The Forum was jointly organized by the Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences. Saikat Dutta represented an Indian think tank.

The Forum was set up following an MoU between India and China during the visit of Prime Minister Narendra Modi in 2015. The idea of the forum is to explore contentious issues and new areas of cooperation between India and China as a Track 1.5 dialogue. Read More

Click here for the report

Click to read Saikat Dutta's presentation

For more details visit https://cis-india.org/internet-governance/news/second-india-china-think-tank-forum

Second Expert Meeting on Human Rights and the Internet

praskrishna — 2011-06-08T10:01:55Z

The second expert meeting on human rights and the Internet is being organised by the Swedish Ministry for Foreign Affairs and the UN Special Rapporteur on Freedom of Opinion and Expression on 30 and 31 March 2011 in Stockholm (Sweden). Anja Kovacs will participate in this meeting.

List of Participants (draft)

Alison LeClaire Christie alison.leclairechristie@international.gc.ca	Minister-Counsellor and Deputy Permanent Representative, Canadian mission to UN in Geneva
Anabella Rivera libert.expresion@gmail.com	Executive Director, DEMOS, Guatemala
Anja Kovacs anja@cis-india.org	Fellow, The Centre for Internet and Society, Bangalore
Anna Nawrot anna.nawrot@rwi.lu.se	Researcher, Raoul Wallenberg Institute of Human Rights, Lund, Sweden
Annie Game agame@cjfe.org	Executive Director, CJFE-IFEX
Anriette Esterhuysen anriette@apc.org	Executive Director, Association for Progressive Communications, South Africa
Arthit Suriyawongkul arthit@gmail.com	Thai Neitzen Network, Centre for Popular Media Reform
Brett Solomon brett@accessnow.org	Executive Director, Access Now
Charlotta Bredberg charlotta.bredberg@sida.se	Thematic Coordinator for Democracy, Human Rights, Peace and Security, Global Programme Unit, Department for Global Cooperation, Sida
Cynthia Wong cynthia@cdt.org	Director, Project on Global Internet Freedom, Center for Democracy and Technology, Washington DC
Daniel Westman Daniel.Westman@juridicum.su.se	Researcher and Teacher, Faculty of Law, Stockholm University
Danny Aerts danny.aerts@iis.se	CEO, The Internet Infrastructure Foundation (.SE)
David Mothander davidmothander@google.com	Nordic Policy Counsel, Google, Stockholm
Dunja Mijatovic pm-fom@osce.org	OSCE Representative on Freedom of the Media
Eduardo Bertoni eberto2@palermo.edu	Director, Center for Studies on Freedom of Expression and Access to Information, Palermo University School of Law, Argentina
Eric King eric@privacy.org	Human Rights and Technology Advisor, Privacy International
Grace Githaiga ggithaiga@hotmail.com	Kenya ICT Action Network (KICTANET)
Guy Berger G.Berger@ru.ac.za	Professor, School of Journalism & Media Studies, Rhodes University, South Africa
Helena Bjuremalm helena.bjuremalm@sida.se	Senior Policy Specialist, Democracy Assistance, Sida
Hossam Bahgat Hossam@eipr.org	Executive Director, Egyptian Initiative for Personal Rights, Cairo
Jan Kleijssen jan.kleijssen@coe.int	Director, Directorate General of Human Rights and Legal Affairs, Council of Europe
Jean-Luc Delvert Jean-luc.DELVERT@diplomatie.gouv.fr	Counsellor, Human Rights Division, Ministry for Foreign Affairs, France
Jean-Pierre Kempeneers, jem.kempeneers@minbuza.nl	Head of the Human Rights Division, Ministry of Foreign Affairs, The Netherlands
Jermyn P Brooks jermynbrooks@aol.com	Chair, Global Network Initiative
Joana Varon joana@varonferraz.com	Researcher, Centre for Technology and Society, Rio De Janeiro
Joe McNamee joe@mcnamee.eu	EU Advocacy Coordinator, European Digital Rights Initiative
Joy Liddicoat joy@liddicoatlaw.co.nz	Project Coordinator, Internet Rights are Human Rights, APC, South Africa
Kurt Erik Lindqvist kurtis@netnod.se	CEO, NETNOD, Stockholm
Lee Hibbard Lee.HIBBARD@coe.int	Coordinator for Internet Governance and Information Society, Council of Europe
Lisa Horner LisaH@global-partners.co.uk	Head of Research & Policy, Global Dialogue, London
Lise Bergh lise.bergh@amnesty.se	Director, Amnesty International, Swedish Section
Louise Bermsjö louise.bermsjo@sida.se	Programme Manager for Democracy and Human Rights, Global Programme Unit, Department for Global Cooperation, Sida
Lucille Morillon internet@rsf.org	Head, Bureau of New Media, Reporters sans frontières
Maciej TOMASZEWSKI maciej.tomaszewski@ec.europa.eu	European Commission DG INFSO, Unit A3 Internet; Network & Information Security
Maria Häll maria.hall@enterprise.ministry.se	Deputy Director, Division for Information Technology Policy, Ministry of Enterprise, Energy and Communications, Sweden
Mats Ringborg mats.ringborg@foreign.ministry.se	Ambassador of Sweden to OECD and UNESCO
Matthew Barzun BarzunMW@state.gov	US Ambassador to Sweden
Michael Camilleri MCamilleri@oas.org	Attorney, office of the Special Rapporteur for Freedom of Expression, OAS
Nicklas Lundblad nlundblad@google.com	Senior Policy Counsel, Public Policy and Government Affairs, Google
Nicole Gregory nicole.gregory@fco.gov.uk	Head of Human Rights Section, Human Rights and Democracy Department, Foreign and Commonwealth Office, UK
Orest Nowosad onowosad@ohchr.org	Director, Special Procedures of the Office of the UN High Commissioner for Human Rights
Patrik Fältström patrik@frobbit.se	Distinguished Consulting Engineer, Cisco
Patrik Hiselius Patrik.Hiselius@teliasonera.com	Senior Advisor, Public Affairs, Group Communications, Telia Sonera
Paula Uimonen paula@spidercenter.org	Director, The Swedish Program for ICT in Developing Regions, Stockholm
Richard Allan, ric@fb.com	Director of Policy in Europe, Facebook
Richard Esguerra gwen@eff.org	Senior Activist, Global Internet Freedom Policy, Electronic Frontier Foundation
Robert Guerra guerra@freedomhouse.org	Project Director, Internet Freedom, Freedom House
Robert Hårdh Robert.Hardh@civilrightsdefenders.org	Executive Director, Civil Rights Defenders, Stockholm
Sally Elkhodary sally.khodary@anhri.net	Programs Director, The Arabic Network for Human Rights Information, Cairo
Sarah Labowitz LabowitzSB@state.gov	Office of the Coordinator for Cyber Issues, US State Dept
Staffan Jonson staffan.jonson@iis.se	Policy Adviser, The Internet Infrastructure Foundation (.SE)
Sylvie Coudray s.coudray@unesco.org	Division for Freedom of Expression, Democracy and Peace, UNESCO
Thomas Hajnoczi, Thomas.HAJNOCZI@bmeia.gv.at	Ambassador, Permanent Representative of Austria to Council of Europe
Toby Mendel toby@law-democracy.org	Executive Director, Centre for Law and Democracy
Vilhelm Konnander vilhelm.konnander@gmail.com	Global Voices
Wolfgang Benedek wolfgang.benedek@uni-graz.at	Professor, Faculty of Law, Graz University, Austria
Yaman Akdeniz yaman.akdeniz@bilgi.edu.tr Ženet Mujić zenet.mujic@osce.org	Associate Professor of Law, Faculty of Law, Istanbul Bilgi University Senior Adviser, office of the OSCE Representative on Freedom of the Media

Organisers

Frank la Rue Co-Chair of the meeting libert.expresion@gmail.com	UN Special Rapporteur on Freedom of Opinion and Expression
Olof Ehrenkrona Co-Chair of the meeting olof.ehrenkrona@foreign.ministry.se	Ambassador, Political Adviser to Foreign Minister Carl Bildt, MFA, Sweden
Per Sjögren per.sjogren@foreign.ministry.se	Head, Dept of International Law, Human Rights and Treaty Law, MFA, Sweden
Hans Dahlgren hans.dahlgren@foreign.ministry.se	Ambassador for Human Rights, MFA, Sweden
Måns Molander mans.molander@foreign.ministry.se	Head of Human Rights Section, MFA, Sweden
Johan Hallenborg johan.hallenborg@foreign.ministry.se	Special Adviser, HR Section, MFA, Sweden
Maria Koliopanou maria.koliopanou@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Karin Keil Pettersson karin.keil-pettersson@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Pauline Etemad pauline.etemad@foreign.ministry.se	Intern, HR Section, MFA Sweden
Rolf Ring rolf.ring@rwi.lu.se	Deputy Director, Raoul Wallenberg Institute of Human Rights and Humanitarian Law, Lund, Sweden
Gordana Jankovic Gordana.Jankovic@osf-eu.org	Director, Open Society Foundation Media Program
Vera Franz vfranz@osf-eu.org	Senior Program Manager, Information Program, Open Society Foundations
Stewart Chisholm Stewart.Chisholm@osf-eu.org	Senior Manager for Freedom of Expression, Open Society Media Program

For more details visit https://cis-india.org/notices/second-expert-meeting

SEBI and Communication Surveillance: New Rules, New Responsibilities?

kovey — 2013-07-12T10:51:46Z

In this blog post, Kovey Coles writes about the activities of the Securities Exchange Board of India (SEBI), discusses the importance of call data records (CDRs), and throws light on the significant transition in governmental leniency towards access to private records.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

Introduction

The Securities Exchange Board of India (SEBI) is the country’s securities and market regulator, an investigation agency which seeks to combat market offenses such as insider trading. SEBI has received much media attention this month regarding its recent expansion of authority; the agency is reportedly on track to be granted powers to access telecom companies’ CDRs. These CDRs are kept by telecommunication companies for billing purposes, and contain information on who sent a call, who received a call, and how long the call lasted, but does not disclose information about call content. Although SEBI has emphatically sought several new investigative powers since 2009 (including access to CDRs, surveillance of email, and monitoring of social media), India’s Ministry of Finance only recently endorsed SEBI’s plea for direct access to service providers’ CDRs. In SEBI’s founding legislation, this capability is not mentioned. Very recently, however, the Ministry of Finance has decided to support expansion of current legislation in regards to CDR access for SEBI, the Reserve Bank of India (RBI), and potentially other agencies, when it comes to prevention of money laundering and other economic offenses.

SEBI’s Authority (Until Now)

Established in 1992 under the Securities and Exchange Board of India Act, SEBI was created with the power of "registering and regulating the working of… [individuals] and intermediaries who may be associated with securities markets in any manner."[1] Its powers have included "calling for information from, undertaking inspection, conducting inquires and audits of the intermediaries and self-regulatory organisations in the securities market."[2] Although the agency has held the responsibility to investigate records on market activity, they have never explicitly enjoyed a right to CDRs or other communications data. Now, with the intention of “meeting new challenges thrown forward by the technological and market advances,”[3] SEBI and the Ministry of Finance want to extend their record keeping scope and investigative powers to include CDR access, a form of communications surveillance.

But the ultimate question is whether agencies like SEBI need this type of easy access to records of communication.

What is the Importance of CDR Access?

Reports on SEBI’s recent expansion are quick to ensure that the agency is not looking for phone-tapping rights, which intercepts messages within telephonic calls, but instead only seeks call records. CDRs, in effect, are “metadata,” a sort of information about information. In this case, it is data about communications, but it is not the communications themselves. Currently, there a total of nine agencies which are able to make actual phone-tapping requests in India. But when it comes to access of CDRs, the government seems much more generous in expanding powers of existing agencies. SEBI, as well as RBI and others, are all looking to be upgraded in their authority over CDRs. Experts argue, however, that "metadata and other forms of non-content data may reveal even more about an individual than the content itself, and thus deserves equivalent protection."[4] Therefore, a second crucial question is whether this sensitive CDR data will feature the same detail of protection and safeguards which exist for communication interception.

One reason for the recent move in CDR access is that SEBI and RBI have found the process of obtaining CDRs too arduous and ill-defined.[5] Currently, under section 92 of the CrPc, Magistrates and Commissioners of Police can request a CDR only with an official corresponding first information report (FIR), while there exists no explicit guideline for SEBI’s role in the process of CDR acquisition.[6] Although the government may seek to relax this procedure, SEBI’s founding legislation prohibits investigation without the pretense of “reasonable grounds," as stipulated in section 11C of the SEBI Act.[7] It has always stood that only under these reasonable grounds could SEBI begin inspection of an intermediary’s "books, registers, and other documents."[7] With the government creating a way for SEBI and similar agencies to circumvent the traditional procedures for access to CDRs, these new standards should incorporate safeguards to ensure the protection of individual privacy. Banking companies, financial institutions, and intermediaries have already been obliged to maintain extensive record keeping of transactions, clients, and other financial data under section 12 of the Prevention of Money-Laundering Act of 2002.[8] But books and records containing financial data differ greatly from communication data, which can include much more personal information and therefore may compromise individuals’ freedom of speech and expression, as well as the right to privacy.

Significance and Responsibility in this Decision

Judging from SEBI’s prior capabilities of inspection and inquiry, this change may initially seem only a minor expansion of power for the agency, but it actually represents a significant transition in governmental leniency toward access to private records. As mentioned, the recent goal of the Ministry of Finance to extend rights to CDRs is resulting in amended powers for more agencies than only SEBI. Moreover, this power expansion comes on the heels of controversy surrounding America’s National Security Agency (NSA) amassing millions of CDRs and other datasets both domestically and internationally. There is obvious room for concern over Indian citizen’s call records being made more easily accessible, with fewer checks and balances in place. The benefits of the new policy include easier access to evidence which could incriminate those involved in financial crimes. But is that benefit actually worth giving SEBI the right to request citizen’s call records? In the cases against economic offenses, CDR access often amounts only to circumstantial evidence. With its ongoing battle against insider trading and other financial malpractice, crimes which are inherently difficult to prove, SEBI could have aspirations to grow progressively more omnipresent. But as the agency’s breadth expands, citizen’s rights to privacy are simultaneously being curtailed. Ultimately, the value of preventing economic offense must be balanced with the value of the people’s rights to privacy.

[1]. 1992 Securities and Exchange Board of India Act, section 11, part 2(b).

[2]. 1992 Securities and Exchange Board of India Act, section 11, part 2(i).

[3]. “Sebi Finalising new Anti-money laundering guidelines,” The Times of India, June 16, 2013

http://timesofindia.indiatimes.com/business/india-business/Sebi-finalizing-new-anti-money-laundering-guidelines/articleshow/20615014.cms

[4]. International Principles on the Application of Human Rights to Communications Surveillance -http://www.necessaryandproportionate.net/#_edn1

[5]. “Sebi to soon to get Powers to Access Call Records,” Business Today, June 13, 2013

http://businesstoday.intoday.in/story/sebi-call-record-access/1/195815.html

[6]. 1973 Criminal Procedure Code, Section 92 http://trivandrum.gov.in/~trivandrum/pdf/act/CODE_OF_CRIMINAL_PROCEDURE.pdf

“Govt gives Sebi, RBI Access to Call Data Records,” The Times of India, June 14, 2013

http://articles.timesofindia.indiatimes.com/2013-06-14/india/39975284_1_home-ministry-access-call-data-records-home-secretary

[7]. 1992 Securities and Exchange Board of India Act, section 11C, part 8

[8]. 2002 Prevention of Money-Laundering Act, section 12

For more details visit https://cis-india.org/internet-governance/blog/sebi-and-communication-surveillance

Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India

divij — 2014-06-02T06:45:14Z

The development of information technology has transformed the way in which individuals make everyday transactions and communicate with the world around us. These interactions and transactions are recorded and stored – constantly available for access by the individual and the company through which the service was used.

For example, the ubiquitous smartphone, above and beyond a communication device, is a device which can maintain a complete record of the communications data, photos, videos and documents, and a multitude of other deeply personal information, like application data which includes location tracking, or financial data of the user. As computers and phones increasingly allow us to keep massive amounts of personal information accessible at the touch of a button or screen (a standard smartphone can hold anything between 500 MB to 64 GB of data), the increasing reliance on computers as information-silos also exponentially increases the harms associated with the loss of control over such devices and the information they contain. This vulnerability is especially visceral in the backdrop of law enforcement and the use of coercive state power to maintain security, juxtaposed with the individual’s right to secure their privacy.

American Law - The Fourth Amendment Protection against Unreasonable Search and Seizure

The right to conduct a search and seizure of persons or places is an essential part of investigation and the criminal justice system. The societal interest in maintaining security is an overwhelming consideration which gives the state a restricted mandate to do all things necessary to keep law and order, which includes acquiring all possible information for investigation of criminal activities, a restriction which is based on recognizing the perils of state-endorsed coercion and its implication on individual liberty. Digitally stored information, which is increasingly becoming a major site of investigative information, is thus essential in modern day investigation techniques. Further, specific crimes which have emerged out of the changing scenario, namely, crimes related to the internet, require investigation almost exclusively at the level of digital evidence. The role of courts and policy makers, then, is to balance the state’s mandate to procure information with the citizens’ right to protect it.

The scope of this mandate is what is currently being considered before the Supreme Court of the United States, which begun hearing arguments in the cases Riley v. California,[1] and United States v Wurie,[2]on the 29^th of April, 2014. At issue is the question of whether the police should be allowed to search the cell phones of individuals upon arrest, without obtaining a specific warrant for such search. The cases concern instances where the accused was arrested on account of a minor infraction and a warrantless search was conducted, which included the search of cell phones in their possession. The information revealed in the phones ultimately led to the evidence of further crimes and the conviction of the accused of graver crimes. The appeal is for a suppression of the evidence so obtained, on grounds that the search violates the Fourth Amendment of the American Constitution. Although there have been a plethora of conflicting decisions by various lower courts (including the judgements in Wurie and Riley),[3] the Federal Supreme Court will be for the first time deciding upon the issue of whether cell phone searches should require a higher burden under the Fourth Amendment.

At the core of the issue are considerations of individual privacy and the right to limit the state’s interference in private matters. The fourth amendment in the Constitution of the United States expressly grants protection against unreasonable searches and seizure,[4]however, without a clear definition of what is unreasonable, it has been left to the courts to interpret situations in which the right to non-interference would trump the interests of obtaining information in every case, leading to vast and varied jurisprudence on the issue. The jurisprudence stems from the wide fourth amendment protection against unreasonable government interference, where the rule is generally that any warrantless search is unreasonable, unless covered by certain exceptions. The standard for the protection under the Fourth Amendment is a subjective standard, which is determined as per the state of the bind of the individual, rather than any objective qualifiers such as physical location; and extends to all situations where individuals have a reasonable expectation of privacy, i.e., situations where individuals can legitimately expect privacy, which is a subjective test, not purely dependent upon the physical space being searched.[5]

Therefore, the requirement of reasonableness is generally only fulfilled when a search is conducted subsequent to obtaining a warrant from a neutral magistrate, by demonstrating probable cause to believe that evidence of any unlawful activity would be found upon such search. A warrant is, therefore, an important limitation on the search powers of the police. Further, the protection excludes roving or general searches and requires particularity of the items to be searched. The restriction derives its power from the exclusionary rule, which bars evidence obtained through unreasonable search or seizure, obtained directly or through additional warrants based upon such evidence, from being used in subsequent prosecutions. However, there have evolved several exceptions to the general rule, which includes cases where the search takes place upon the lawful arrest of an accused, a practice which is justified by the possibility of hidden weapons upon the accused or of destruction of important evidence.[6]

The appeal, if successful, would provide an exception to the rule that any search upon lawful arrest is always reasonable, by creating a caveat for the search of computer devices like smartphones. If the court does so, it would be an important recognition of the fact that evolving technologies have transmuted the concept of privacy to beyond physical space, and legal rules and standards that applied to privacy even twenty years ago, are now anachronistic in an age where individuals can record their entire lives on an iPhone. Searching a person nowadays would not only lead to the recovery of calling cards or cigarettes, but phones and computers which can be the digital record of a person’s life, something which could not have been contemplated when the laws were drafted. Cell phone and computer searches are the equivalent of searches of thousands of documents, photos and personal records, and the expectation of privacy in such cases is much higher than in regular searches. Courts have already recognized that cell phones and laptop computers are objects in which the user may have a reasonable expectation of privacy by making them analogous to a “closed container” which the police cannot search and hence coming under the protection of the Fourth Amendment.[7]

On the other hand, cell phones and computers also hold data which could be instrumental in investigating criminal activity, and with technologies like remote wipes of computer data available, such data is always at the risk of destruction if delay is occurred upon the investigation. As per the oral arguments, being heard now, the Court seems to be carving out a specific principle applicable to new technologies. The Court is likely to introduce subtleties specific to the technology involved – for example, it may seek to develop different principles for smartphones (at issue in Riley) and the more basic kind of cell-phones (at issue in Wurie), or it may recognize that only certain kinds of information may be accessed,[8]or may even evolve a rule that would allow seizure, but not a search, of the cell phone before a search warrant can be obtained.[9] Recognizing that transformational technology needs to be reflected in technology-specific legal principles is an important step in maintaining a synchronisation between law and technology and the additional recognition of a higher threshold adopted for digital evidence and privacy would go a long way in securing digital privacy in the future.

Search and Seizure in India

Indian jurisprudence on privacy is a wide departure from that in the USA. Though it is difficult to strictly compartmentalize the many facets of the right to privacy, there is no express or implicit mention of such a right in the Indian Constitution. Although courts have also recognized the importance of procedural safeguards in protecting against unreasonable governmental interference, the recognition of the intrinsic right to privacy as non-interference, which may be different from the instrumental rights that criminal procedure seeks to protect (such as misuse of police power), is sorely lacking. The general law providing for the state’s power of search and seizure of evidence is found in the Code of Criminal Procedure, 1973.

Section 93 provides for the general procedure of search. Section 93 allows for a magistrate to issue a warrant for the search of any “document or thing”, including a warrant for general search of an area, where it believes it is required for the purpose of investigation. The particularity of the search warrant is not a requirement under S. 93(2), and hence a warrant may be for general or roving search of a place. Section 100, which further provides for the search of a closed place, includes certain safeguards such as the presence of witnesses and the requirement of a warrant before a police officer may be allowed ingress into the closed place. However, under S. 165 and S. 51 of the code, the requirements of a search warrant are exempted. S. 165 dispenses with the warrant requirement and provides for an officer in charge of a police station, or any other officer duly authorized by him, to conduct the search of any place as long as he has reasonable grounds to believe that such search would be for the purpose of an investigation and a belief that a search warrant cannot be obtained without undue delay. Further, the officer conducting such search must as far as possible note down the reasons for such belief in writing prior to conducting the search. Section 51 provides another express exception to the requirement of search warrants, by allowing the search of a person arrested lawfully provided that the arrested person may not or cannot be admitted to bail, and requires any such seized items to be written in a search memo. As long as these conditions are fulfilled, the police has an unqualified authority to search a person upon arrest. Therefore, where the arrestee can be admitted to bail as per the warrant, or, in cases of warrantless arrest, as per the law, the search and seizure of such person may not be regular, and the evidence so collected would be subject to greater scrutiny by the court. However, besides these minimal protections, there is no additional procedural protection of individual privacy, and the search powers of the police are extremely wide and discretionary. In fact, there is a specific absence of the exclusionary rule as a protection as well, which means that, unlike under the Fourth Amendment, the non-compliance with the procedural requirements of search would not by itself vitiate the proceedings or suppress the evidence so found, but would only amount to an irregularity which must be simply another factor considered in evaluating the evidence.[10]

The extent of the imputation of the Fourth Amendment protection against unreasonable governmental interference in the Indian constitution is also uncertain. A direct imputation of the Fourth Amendment into the Indian Constitution has been disregarded by the Supreme Court.[11]Though the allusions to the Fourth Amendment have mostly been invoked on facts where unreasonable intrusions into the homes of persons were challenged, the indirect imputation of the right to privacy into the right under Article 21 of the Constitution, invoking the right to privacy as a right to non-interference and a right to live with dignity, would suggest that the considerations for privacy under the Constitution are not merely objective, or physical, but depend on the subjective facts of the situation, i.e. its effect on the right to live with dignity (analogous to the reasonable expectation of privacy test laid down in Katz).[12] Further, the court has specifically struck down provisions for search and seizure which confer particularly wide and discretionary powers on the executive without judicial scrutiny, holding that searches must be subject to the doctrine of proportionality, and that a provision probable cause to effect any search.[13] The Fourth Amendment protection against unreasonable interference in private matters by the state is a useful standard to assess privacy, since it imputes a concept of privacy as an intrinsic right as well as an instrumental one, i.e. privacy as non-interference is a good in itself, notwithstanding the rights it helps achieve, like the freedom of movement or speech.

Regarding digital privacy in particular, Indian law and policy has failed to stand up to the challenges that new technologies pose to privacy and has in fact been regressive, by engaging in surveillance of communications and by allowing governmental access to digital records of online communications (including emails, website logs, etc.) without judicial scrutiny and accountability.[14] In an age of transformative technology and of privacy being placed at a much greater risk, laws which were once deemed reasonable are now completely inadequate in guaranteeing freedom and liberty as encapsulated by the right to privacy. The disparity is even more pronounced in cases of investigation of cyber-crimes which rely almost exclusively on digital evidence, such as those substantively enumerated under the Information Technology Act, but investigated under the general procedure laid down in the Code of Criminal Procedure, which is already mentioned. The procedures for investigation of cyber-crimes and the search and seizure of digital evidence require special consideration and must be brought in line with changing norms. Although S.69 and 69B lay down provisions for investigation of certain crimes,[15] which requires search upon an order by competent authority, i.e. the Secretary to the Department of IT in the Government of India, the powers of search and seizure are also present in several other rules, such as rule 3(9) of the Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011 which allows access to information from intermediaries by a simple written order by any agency or person who are lawfully authorised for investigative, protective, cyber security or intelligence activity; or under rule 6 of the draft Reasonable Security Practices Rules, 2011 framed under Section 43A of the Information Technology Act, where any government agency may, for the prevention, detection, investigation, prosecution, and punishment of offences, obtain any personal data from an intermediate “body corporate” which stores such data. The rules framed for investigation of digital evidence, therefore, do not inspire much confidence where safeguarding privacy is concerned. In the absence of specific guidelines or amendments to the procedures of search and seizure of digital evidence, the inadequacies of applying archaic standards leads to unreasonable intrusions of individual privacy and liberties – an incongruity which requires remedy by the courts and legislature of the country.

[1]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-132_h315.pdf

[2]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-212_86qd.pdf

[3]. In Wurie, the motion to supress was allowed, while in Riley it was denied. Also see US v Jacob Finley, US v Abel Flores-Lopez where the motion to suppress was denied.

[4]. The Fourth Amendment to the Constitution of the United States of America: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

[5]. Katz v United States, 389 U.S. 347, 352 (1967).

[6]. Stephen Saltzer, American Criminal Procedure

[7]. United States v Chan, 830 F. Supp. 531,534 (N.D. Cal. 1993).

[8]. A factor considered in US v Abel Flores-Lopez, where the court held that the search of call history in a cell phone did not constitute a sufficient infringement of privacy to require the burden of a warrant.

[9]. The decision in Smallwood v. Florida, No. SC11-1130, before the Florida Supreme Court, made such a distinction.

[10]. State Of Maharashtra v. Natwarlal Damodardas Soni, AIR 1980 SC 593; Radhakrishnan v State of UP, 1963 Supp. 1 S.C.R. 408

[11]. M.P. Sharma v Satish Chandra, AIR 1954 SC 300

[12]. Kharak Singh v State of UP, (1964) 1 SCR 332; Gobind v State of Madhya Pradesh, 1975 AIR 1378

[13]. District Registrar and Collector v. Canara Bank, AIR 2005 SC 186, which related to S.73 of the Andhra Pradesh Stamps Act which allowed ‘any person’ to enter into ‘any premises’ for the purpose of conducting a search.

[14]. S. 69 and 69B of the Information Technology (Amendment) Act, 2008.

[15]. Procedures and Safeguards for Monitoring and collecting traffic data or information rules 2009, available at http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

For more details visit https://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age

Sean McDonald - Ebola: A Big Data Disaster

sumandro — 2016-04-21T09:57:26Z

We are proud to initiate the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modeling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

Read

Download the paper: PDF.

Preface

This study titled “Ebola: A Big Data Disaster” by Sean Martin McDonald, undertaken with support from the Open Society Foundation, Ford Foundation, and Media Democracy Fund, explores the use of Big Data in the form of Call Detail Record (CDR) data in humanitarian crisis.

It discusses the challenges of digital humanitarian coordination in health emergencies like the Ebola outbreak in West Africa, and the marked tension in the debate around experimentation with humanitarian technologies and the impact on privacy. McDonald’s research focuses on the two primary legal and human rights frameworks, privacy and property, to question the impact of unregulated use of CDR’s on human rights. It also highlights how the diffusion of data science to the realm of international development constitutes a genuine opportunity to bring powerful new tools to fight crisis and emergencies.

Analysing the risks of using CDRs to perform migration analysis and contact tracing without user consent, as well as the application of big data to disease surveillance is an important entry point into the debate around use of Big Data for development and humanitarian aid. The paper also raises crucial questions of legal significance about the access to information, the limitation of data sharing, and the concept of proportionality in privacy invasion in the public good. These issues hold great relevance in today's time where big data and its emerging role for development, involving its actual and potential uses as well as harms is under consideration across the world.

The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modelling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

This study offers an important perspective for us at the Centre for Internet and Society, and our works on Privacy, Big Data, and Big Data for Development, and very productively articulates the risks of adopting solutions to issues important for development without taking into consideration legal implications and the larger impact on human rights. We look forward to continue to critically engage with issues raised by Big Data in the context of human rights and sustainable development, and bring together diverse perspectives on these issues.

- Elonnai Hickok, Policy Director, the Centre for Internet and Society

CIS Papers

The CIS Papers series publishes open access monographs and discussion pieces that critically contribute to the debates on digital technologies and society. It includes publication of new findings and observations, of work-in-progress, and of critical review of existing materials. These may be authored by researchers at or affiliated to CIS, by external researchers and practitioners, or by a group of discussants. CIS offers editorial support to the selected monographs and discussion pieces. The views expressed, however, are of the authors' alone.

For more details visit https://cis-india.org/papers/ebola-a-big-data-disaster

Scrap UID project, say people's organisations

praskrishna — 2011-04-02T12:26:57Z

The unique identification number project is executed without any legislative or parliamentary sanction.

Representatives of people's movements, mass organisations and institutions on Wednesday said the unique identification number (UID) project is being executed without any legislative or parliamentary sanction and demanded an end to it.

Sunil Abraham, executive director of the Centre for Internet and Society told press persons here that neither the launch of the UID project nor the constitution of the Unique Identification Authority of India (UIDAI) had any legislative sanction. Nothing is known of how the chairperson of the authority is selected, while the project proposes finger-printing of the entire population and storing of biometric and personal data of every person throughout his life and thereafter.

“Although the scheme is to only provide verification of identity, it is unclear what safeguards would prevent third parties from handling, sharing and utilising the data for any purpose,” he said. The UIDAI has agreed to use the services of foreign companies, their software and hardware. It appears that no thought has been give to the perils of placing in the hands of foreign companies data pertaining to the entire population of the country, Mr. Abraham felt. About the claims that the UID project will save crores of rupees by preventing misuse of various welfare schemes, Mr. Abraham questioned whether any feasibility study had been made in this regard.

The UID, the National Population Registry and the NATGRID, once combined and connected, pose grave concerns pertaining to civil liberties and fundamental rights.

Read the original article in the Hindu

For more details visit https://cis-india.org/news/Scrap-UID-project