We are anonymous, we are legion

Section 43 of the Information Technology Act

pranesh — 2013-06-07T10:37:04Z

Given below is the text of section 43 of the IT Act:

43. Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —

accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Explanation.
For the purposes of this section:

"computer contaminant" means any set of computer instructions that are designed —
- to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
- by any means to usurp the normal operation of the computer, computer system, or computer network;
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

For more details visit https://cis-india.org/internet-governance/resources/section-43-it-act.txt

Second Regional Conference on Connectivity for All: Future Technologies, Markets and Regulation

praskrishna — 2015-12-27T16:16:09Z

This conference organized by the International Telecommunications Society, IIMA IDEA Telecom Centre of Excellence and Indian Institute of Management, Ahmedabad was held in New Delhi from December 13 to 15, 2015. Sunil Abraham was a panelist in the session "Going beyond Cybersecurity: Internet Governance Issues".

Click to read the conference details published by International Telecommunications Society here. Download the Agenda here.

The wide availability of Internet/broadband has been a significant driver of economic growth especially in developed countries. On the contrary, emerging economies lag far behind in Internet/broadband penetration even in urban areas. Further, as emerging economies have poor infrastructure as well as physical service deployment platforms, higher penetration of Internet/broadband could serve as an effective platform for social programmes' delivery. However, the increasing gap in penetration, speed and adoption of Internet/broadband between developed and emerging economies is likely to reduce the ability of the latter to participate in an equitable way in the global knowledge and service economy. As the gap increases, the ability of emerging economies to bridge the digital divide becomes more significantly daunting and is a major cause of concern for policymakers.

The challenges for connectivity in the developed and emerging economies are diverse. While developed countries face issues in providing higher speeds, bandwidth and connectivity among devices to large parts of their population who have basic Internet/broadband, emerging economies still struggle for establishing universal access and providing basic Internet/broadband to their citizens. Even where Internet/broadband is available, adoption may not be adequate especially in the rural and remote areas.

The wired infrastructure in emerging economies is poor, however, the mobile phones are ubiquitous. Therefore, mobile Internet/broadband could be an effective way for increasing Internet/broadband penetration. Technological and regulatory changes, especially those related to spectrum, are necessary to leverage these opportunities.

A related aspect of growth in Internet/broadband is the increasing role of Internet governance frameworks at national, regional and international levels. The challenge for nations is how to leverage this framework for growth of Internet/broadband and play a greater role in Internet governance.

A multi-pronged approach is required to address these diverse issues. A supportive environment for policy, regulatory and technology development is required. This conference provides a platform for dialogue between researchers, industry practitioners, government and regulatory bodies to search for collaborative solutions.

For more details visit https://cis-india.org/telecom/news/second-regional-conference-on-connectivity-for-all-future-technologies-markets-and-regulation

Second Privacy and Surveillance Roundtable

anandini — 2014-08-09T04:10:50Z

On July 4, 2014, the Centre for Internet and Society in association with the Cellular Operators Association of India organized a privacy roundtable at the India International Centre. The primary aim was to gain inputs on what would constitute an ideal surveillance regime in India.

Introduction: About the Privacy and Surveillance Roundtables

The Privacy and Surveillance Roundtables are a CIS initiative, in partnership with the Cellular Operators Association of India (COAI), as well as local partners. From June 2014 – November 2014, CIS and COAI will host seven Privacy and Surveillance Roundtable discussions across multiple cities in India. The Roundtables will be closed-door deliberations involving multiple stakeholders. Through the course of these discussions we aim to deliberate upon the current legal framework for surveillance in India, and discuss possible frameworks for surveillance in India. The provisions of the draft CIS Privacy Bill 2013, the International Principles on the Application of Human Rights to Communication Surveillance, and the Report of the Group of Experts on Privacy will be used as background material and entry points into the discussion. The recommendations and dialogue from each roundtable will be compiled and submitted to the Department of Personnel and training

The second Privacy and Surveillance Roundtable was held in New Delhi at the India International Centre by the Centre for Internet and Society in collaboration with the Cellular Operators Association of India on the 4^th of July, 2014.

The aim of the discussion was to gain inputs on what would constitute an ideal surveillance regime in India working with theCIS Draft Privacy Protection Bill, the Report of the Group of Experts on Privacy prepared by the Justice Shah committee, and the International Principles on the Application of Human Rights to Communications Surveillance.

Background and Context: Privacy and Surveillance in India

The discussion began with the chair giving an overview of the legal framework that governs communications interception under Indian Law. The interception of telecommunication is governed by Section 5(2) of the Telegraph Act,1885 and Rule 419A of the Telegraph Rules,1951. The framework under the Act has remained the same since it was drafted in 1885. An amendment to the Telegraph Rules in 1996 in light of the directions given under PUCL v Union of India was possibly the first change to this colonial framework barring a brief amendment in 1961.

During the drafting of the Act, the only two Indian members of the drafting committee objected to the wide scope given to interception under Section 5(2). In 1968, however, the 30^th Law Commission Report studying Section 5(2) came to the conclusion that the standards in the Act may be unconstitutional given factors such as ‘public emergency’ were too wide in nature and called for a relook at the provision.

While the interception of postal mail is governed by Section 26 of the Post Office Act, 1898, the interception of modern forms of communication that use electronic information and traffic data are governed under Sections 69 and 69B of the Information Technology Act, 2000, while interception of telephonic conversations are governed by section 5(2) of the Indian Telegraph Act 1885 and subsequent rules under section 419A.

What the law ought to be?
With the shift in time, the Chair noted that the concept of the law has changed from its original colonial perspective. Cases such as Maneka Gandhi v Union of India, highlighted that an acceptable law must be one that is ‘just, fair and reasonable’. From judgments such as these, one can impute that any surveillance law should not be arbitrary and must comply with the principles of criminal procedure. Although this is ideal, recent matters that are at the heart of surveillance and privacy, such as the Nira Radia matter, currently sub-judice, will hopefully clarify the scope of surveillance that is considered permissible in India.

Why is it important now?
In India, the need to adopt a legislation on privacy came in the wake of the Indo-EU Free Trade Agreement negotiations, where a data adequacy assessment conducted by the European Commission showed that India’s data protection practices were weak. In response to this, the Department of Personnel and Training drafted a Privacy Bill, of which two drafts have been made, though the later draft has not been made available to the public.

The formation of a privacy proposal in India is not entirely new. For example in 1980, former Union minister VN Gadgil proposed a bill to deal with limiting reportage on public personalities. Much of this bill was based on a bill in the House of Lords in 1960 suggested by Lord Mancroft to prevent uncontrolled reporting. The chair notes here that in India privacy has developed comprehensively as a concept in response to the reporting practices of the media.

Although, the right to privacy has been recognised as an implicit part of the right to life under the Constitution, the National Commission to Review the Working of the Constitution set up in February 2000 suggested the addition of a separate and distinct fundamental right to privacy under Article 21 B along the same lines of Article 8 of the European Convention of Human Rights.

While these are notable efforts in the development of privacy, the Chair raised the question of whether India is merely 'inheriting' reports and negotiations, without adopting such standards into practice and a law.

Discussions

Cloud base storage and surveillance

Opening up the discussion on electronic interception, a participant asked about the applicability of a Privacy regulation to cloud based services. Cloud based storage is of increasing relevance given that the cloud permits foreign software companies to store large amounts of customer information at little or no cost.

Indian jurisdiction, however, would be limited to a server that resides in India or a service provider that originates or terminates in India. Moving the servers back to India is a possible solution, however, it could have negative economic implications.In terms of telecommunications, any communications that originate or terminate using Indian satellites are protected from foreign interception.

Before delving into further discussion, the Chair posed the question of as to what kind of society we would like to live in, contrasting the individual based society principle and the community based principle. While the former is followed by most Western Nations as a form of governance, Orientalist and/or Asian tradition follows the community based principle where the larger focus is community rights. However, it would be incorrect to say that the latter system does not protect rights such as privacy, as often Western perceptions seem to imply. For example, the Chair points out that the oldest Hindu laws such as the Manu Smriti protected personal privacy.

Regulatory models for surveillance

After the preliminary discussion, the Chair then posed the fundamental question of how a government can regulate surveillance. During the discussion, a comparison was made between the UK, the US modus operandi i.e. the rule of probable cause coupled with exhaustion of other remedies, and the Indian rule based out of Section 5(2) of the Telegraph Act, 1885. In the United States, wire taps cannot be conducted without a Judge’s authorization.For example, the Foreign Intelligence Surveillance Act, which governs foreign persons, has secret courts. In addition, a participant added that surveillance requests in the US are rarely if ever, rejected. While on paper, the US model seems acceptable, most participants are weary of the practicability of such a system in India citing that a judiciary that is shielded from public scrutiny entirely cannot be truly independent. The UK follows an interception regime regulated by the Executive, the beginnings of which lay in its Telegraph Act in 1861, which the Indian Telegraph Act is based on. However, the interception regime of the UK has constantly changed with a steady re-evaluation of the law. Surveillance in the UK is regulated by the Regulation of Investigatory Powers Act of 2000(RIPA), in addition it has draft bills pending on Data Retention and on the Admissibility of intercepted communications as evidence.

In contrast, India follows an executive framework, where the Home Secretary gives authorization for conducting wiretaps. This procedure can be compromised in emergent circumstances, where an officer not below the rank of a Joint Secretary can pass an order.

Participants agreed that the current system is grossly inadequate, and the Chair asked whether both a warrant and a judicial order based system would be appropriate for India.

Considering the judicial model as a possible option, participants thought of the level of judiciary apt for regulating matters on surveillance in India. While participants felt that High Court judges would be favourable, the immense backlog at the High Court level and the lack of judges is a challenge and risks being inefficient. If one were to accept the magistrate system, the Chair adds that there are executive magistrates within the hierarchy who are not judicial officers. To this, a participant posed the question as to whether a judicial model is truly a workable one and whether it should be abandoned. In response, a participant, iterated the Maneka Gandhi ratio that “A law must be just, fair and reasonable and be established to the satisfaction of a judicially trained mind”

It was then discussed how the alternative executive model is followed in India, and how sources disclose that police officers often use (and sometimes misuse) dedicated powers under Section 5(2), despite Rule 419A having narrowed down the scope of authority. A participant disagreed here, stating that most orders for the interception of communications are passed by the Home Secretary.

When the People’s Union for Civil Liberties challenged Section 5(2) of the Telegraph Act, the Supreme Court held that it did not stand the test of Maneka Gandhi and proposed the set-up of a review committee under its guidelines which was institutionalised following an amendment in 2007 to the Telegraph Rules.

Under Rule 419A, a review committee comprises of officials such as the Cabinet Secretary, Secretary of the Department of Telecommunications, Secretary of the Department of Law and Justice and the Secretary of Information Technology and Communication ministry at the Centre and the Chief Secretary ,the Law Secretary and an officer not below the rank of a Principal secretary at the State level. A participant suggested that the Home Secretary should also be placed in the review committee to explain the reasons for allowing the interception.

Albeit Rule 419A states that the Review Committee sits twice a month, the actual review time according to conflicting reports is somewhere between a day to a week. The government mandates that such surveillance cannot continue for more than 180 days.

In contrast to the Indian regime, the UK has a Commissioner who reviews the reasons for the interception along with the volume of communication among other elements. The reports of such interceptions are made public after the commissioner decides whether it should be classified or declassified and individuals can challenge such interception at the Appellate Tribunal.

A participant asked whether in India, such a provision exists for informing the person under surveillance about the interception. A stakeholder answered that a citizen can find out whether somebody is intercepting his or her communications via the government but did not elaborate on how.

Authorities for authorizing interception

On the subject of the regulatory model, a participant asked whether magistrates would be competent enough to handle matters on interception. It was pointed out that although this is subjective, it can be said that a lower court judge does not apply the principles of constitutional law, which include privacy, among other rights.

Having rejected the possibility of High Court judges earlier in the discussion, certain participants felt that setting up a tribunal to handle issues related to surveillance could be a good option, considering the subject matter and specialisation of judges. Yet, it was pointed out that the problem with any judicial system, is delay that happens not merely inordinately but strategically with multiple applications being filed in multiple forums. In response, a participant suggested a more federal model with greater checks and balances, which certain others felt can only be found in an executive system.

The CIS Privacy Protection Bill and surveillance

Section 6 of the CIS Privacy Protection Bill lists the procedure for applying to a magistrate for a warrant for interception. One of the grounds listed in the Bill is the disclosure of all previously issued warrants with respect to the concerned person.

Under Section 7 of the Bill, cognisable offences that impact public interest are listed as grounds for interception. Considering the wide range of offences that are cognisable, there is debate on whether they all constitute serious enough offences to justify the interception of communications. For example, the bouncing of a cheque under the Negotiable Instruments Act is a cognisable offence in public interest, but is it serious enough an offence to justify the interception of communications? How should this, then be classified so as to not make arbitrary classifications and manage national security is another question raised by the Chair.

The example of Nira Radia and the fact that the income tax authorities requested the surveillance demonstrates the subsisting lack of a framework for limiting access to information in India. A participant suggested that a solution could be to define the government agencies empowered to intercept communications and identify the offences that justify the interception of communications under Section 7 of the CIS Privacy Protection Bill.

During the discussion, it was pointed out that the Government Privacy Bill, 2011 gives a broad mandate to conduct interception that goes beyond the reasonable restrictions under Article 19 (2) of the Constitution. For example, among grounds for interception like friendly relations with other States, Security and public disorder, there are also vague grounds for interception such as the protection of the rights and freedoms of others and any other purpose mentioned within the Act.

Although the Justice Shah report did not recommend that “any other purpose within the Act” be a ground for interception, it did recommend “protection of the freedom of others” continue to be listed as a permissible ground for the interception of communications.

Meta-data and surveillance

Under Section 17 of the Draft Bill, metadata can be intercepted on grounds of national security or commission of an offence. Metadata is not protected under Rule 419A of the Telegraph Rules and a participant asked as to why this is. The Chair then posed the question to the conference of whether there should be a distinction between the two forms of data at all.

While participants agreed that Telecommunication Service Providers store meta data and not content data, there is a need according to certain participants, to circumscribe the limits of permissible metadata collection. These participants advocated for a uniform standard of protection for both meta and content data, whereas another participant felt that there needs to be a distinction between content data and meta data. Certain participants also stressed that defining what amounts to metadata is essential in this regard.

The Chair moved on to discussing the provisions relating to communication service providers under Chapter V. It was noted that this section will be irrelevant however, if the Central Monitoring System comes into force, as it will allow interception to be conducted by the Government independent of service providers.

Data Retention and Surveillance

Data can be classified into two kinds for the purposes of interception, i.e. content and Meta data. Content data represents the content in the communication in itself whereas Meta data is the information about the communication.

Telecommunications service providers are legally required to retain metadata for the previous year under the Universal Access Service Terms, although no maximum time limit on retention has been legally established.

A participant highlighted that the principle of necessity has been ignored completely in India and there is currently a practice of mass data collection. In particular, metadata is collected freely by companies, as it is not considered an invasion of privacy.

Another stakeholder mentioned that nodal officers set up under every Telecommunication Service Provider are summoned to court to explain the obtainment of the intercepted data. The participant mentions that Telecom Service Providers are reluctant to explain the process of each interception, questioning as to why Telecom Service Providers must be involved in judicial proceedings regarding the admissibility of evidence when they merely supply the data.

A participant asked as to where a Grievance Redressal mechanism can be fit in within the current surveillance framework in India. In response, it was noted that with a Magistrate model, procedure cannot be prescribed as Criminal Procedure would apply. However, if tribunals were to be created, a procedure that deals with the concerns of multiple stakeholders would be apt.

A doubt raised by a stakeholder was whether prior sanction could be invoked by public servants against surveillance. Its applicability must be seen on a case to case basis, although for the most part, prior sanction would not be applicable considering that public officials accused of offences are not be entitled to prior sanction.

Section 14 of the CIS Privacy Protection Bill prohibits the sharing of information collected by surveillance with persons other than authorised authorities in an event of national security or the commission of a cognisable offence. Participants agreed that the wording of the section was too wide and could be misused.

A participant also pointed out that in practice, such parameters on disclosure are futile as even on civil family matters, metadata is shared amongst the service provider and the individuals that request it.

With relation to metadata, a participant suggested a maximum retention period of 2 years. As pointed out earlier, Call Detail Records, a service provider must retain the information for at least one year, however, there is no limit placed on retention, and destruction of the same is left to the discretion of the service provider. Generally it was agreed by participants that a great deal more clarity is needed as currently the UASL merely states that Internet Protocol Detail Record (IPDR) should be maintained for a year.

Duties of the Service Provider

Under the CIS Privacy Protection Bill , the duties of Telecommunication Service Providers broadly includes ‘measures to protect privacy and confidentiality’ without further elaboration. A participant mentioned that applicable and specific privacy practices for different industries need to be defined. Another participant stressed that such practices should be based in principles and not based in technology - citing rapidly evolving technology and the obsolete government standards that are meant to be followed as security practices for ISPs.

Another area that needs attention according to a participant is the integrity of information after interception is conducted. Participants also felt that audit practices by Telecommunication Service Providers should be confined to examining the procedures followed by the company, and not examine content, which is currently the practice according to other participants.

A participant also mentioned that standards do not be prescribed to Telco's considering the Department of Telecommunications conducts technical audits. Another participant felt that the existing system on audits is inadequate and perhaps a different model standard should be suggested. The Chair suggests that a model akin to the Statement on Auditing Standards that has trained persons acting as auditors could fair better and give security to Telco's by ensuring immunity for proceedings based on compliance with the standards.

The next issue discussed was whether surveillance requests can be ignored by Telco's, and whether Telco's can be held liable for repeatedly ignoring interception requests. A stakeholder replied that although there are no rules for such compliance, a hierarchal acquiescence exists which negates any flexibility.

Admissibility of Evidence

The significance given to intercepted communications as evidence was the next question put forth by the Chair. For example in the US, the ‘fruit of the poisonous tree’ rule is followed where evidence that has been improperly received discredits its admissibility in law as well as further evidence found on the basis of it. In India, however, intercepted communications are accorded full evidentiary value, irrespective of how such evidence is procured. The 1972 Supreme Court Judgment of Malkani v State of Maharashtra, reiterated a seminal UK judgment, Kuruma, Son of Kanju v. R , which stated that if the evidence was admissible it is irrelevant how it was obtained.

Participants suggested more interaction with the actual investigative process of surveillance, which includes prosecutors and investigators to gain a better understanding of how evidence is collected and assessed.

Conclusions

The Roundtable in Delhi was not a discussion on surveillance trapped in theory but a practical exposition on the realities of governance and surveillance. There seemed to be two perspectives on the regulatory model both supported with workable solutions, although the overall agreement was on an organised executive model with accountability and a review system. In addition, inputs on technology and its bearing on the surveillance regime were informative. A clear difference of opinion was presented here on the kind of protection metadata should be accorded. In addition, feedback from stakeholders on how surveillance is conducted at the service provider level, highlight the need for an overhaul of the regime, incorporating multiple stakeholder concerns.

1994 4 SCC 569

The definition of telegraph was expanded with the Telegraph Laws (Amendment) Act, 1961 under Section 3 (1AA) to ‘‘telegraph’ means any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals, writing, images and sounds orintelligence of any nature by wire, visual or other electro-magnetic emissions, radio waves or Hertzian waves, galvanic, electric or magnetic means.

Explanation.—’Radio waves’ or ‘Hertzian waves’ means electromagnetic waves of frequencies lower than 3,000 giga-cycles per second propagated in space without artificial guide;]

1978 AIR 597

Art 21-B-“Every person has a right to respect for his private and family life, his home and his correspondence.”, Accessed at < http://lawmin.nic.in/ncrwc/finalreport/v1ch3.htm>

Article 8 of the European Convention on Human Rights mentions

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.

Article 8 was invoked in Rajagopal v State of Tamil Nadu (1995 AIR 264)

PUCL v Union of India, (1997) 1 SCC 301

IPDR measures bandwidth and monitors internet traffic.

[1955] A.C. 197

For more details visit https://cis-india.org/internet-governance/blog/second-privacy-and-surveillance-july-4-2014

Second International e-Governance Conference

praskrishna — 2012-12-11T10:50:29Z

The second international conference on governance and electronics which is held under the motto "Together Toward Digital Inclusion" is organized by the National Committee for Corporate Governance Electronic Iraq and the United Nations Development Programme at Rashid Hotel in Baghdad from December 2-3, 2012. The event aims to review the achievements of the program e-governance Iraqi national, and discuss the challenges of applying e-governance as a tool to achieve public sector reform and digital inclusion.

Sunil Abraham is a speaker at this event and is presenting on "Review of the Legal Environment in Iraq for Effective e-Governance", and "Government Interoperability Frameworks: Global Overview and implications for Iraq".

Conference Agenda

Sunday, December 2, 2012

09:00 – 10:00	Conference Registration
10:00 – 11:00	Opening Ceremony H.E. Nuri Al-Maliki, Prime Minister of Iraq Ms. Helen Clark, UNDP Administrator H.E. Dr. Abdul Kareem Al-Samaraii, Minister of Science and Technology
11:00 – 11:30	Break
11:30 – 12:30	Plenary session 1: e-Governance and Public Sector Reform Chairman: Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology Mr. Thamir Al Ghadban, Head of the Prime Minister’s Advisory Commission (PMAC) Prof. Subhash Bhatnagar, UNDP Expert Q & A
12:30 – 13:30	Plenary session 2: Citizen Inclusion into the Digital Society Chairman: Mr. Imad Naji, Director General - Ministry of Planning Dr. Laurence Millar, UNDP Expert Dr. Kathim Ibrisim, Director General - Ministry of Planning Q & A
13:30 – 13:40	Plenary Session 3: Challenges of e-Governance Implementation Chairman: Dr. Mahmood Kassim Sharief, Director General – Ministry of Science and Technology
13:40 – 14:00	Break
14:00 – 15:30	Workshop 1: Challenges of implementing an adequate telecommunications infrastructure and Highlighting the role of the private sector and the establishment of the concept of true public-private sector partnership in the field of e-governance Chairman: Mr. Jaber Zwayed Atiyah, Director General – National Security Commission Dr. Rohan Samarajiva Lirne, UNDP Expert Dr. Shahani Markus Weerawarana, UNDP Expert Ms. Raghad Abdulrasoul National Centre for Consultation and Management Development/Ministry of Planning Q&A
13:30 – 14:30	Lunch @ AL-Rashid

Monday, December 3, 2012

09:00 – 09:15	Closure of the Plenary Session 3 Presentation of workshop results
09:15 – 10:45	Plenary Session 4: Effective Role of Local Governments in Framework of e-Governance Program Chairman: Dr. Kathim Ibrisim, Director General - Ministry of Planning Mr. Manu Srivastava, UNDP Expert Dr. Adil Abdullah Shuhaieb, member of e-Governance Committee in Missan Governorate Mr. Anmar Natik Mohammed, Manager of e-Governance Programme in Ninawa Governorate Eng Haider Shaker Yaji , Muthana Governorate Q&A
10:45 – 11:00	Break
11:00 – 12:00	Plenary Session 5: Challenges of Government Interoperability Framework Implementation, Standards and Information Chairman: Mr. Mohammed Raji Mousa, Council of Ministers Secretariat (COMSEC) Mr. Sunil Abraham, UNDP Expert Mr. Ammar Salih and Dr. Firas Hamadani/ Minister of Foreign Affairs Q&A
12:00 – 13:00	Plenary Session 6: Building e-Services Chairman: Dr. Saad Najem / University of Mustanserieh Mr. Emilio Bugli Innocenti, UNDP Expert Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology Mr. Ahmed Saad, Director General – Ministry of Municipality and Public Work Q&A
13:00 – 14:30	Conference Closing Session Chairman: Dr. Samir Attar, Deputy Minister – Ministry of Science and Technology Looking forward Adopt conference recommendation UNDP Closing Speech Government of Iraq Speech
14:30 – 15:30	Lunch @ AL-Rashid

Papers/Speakers Bio Summary

Plenary Session 1: e-Governance and Public Sector Reform

Chairman: Dr. Adil Matloob, Minister IT Advisor – Ministry of Science and Technology

e-Governance and public sector reform/ Subhash Bhatnagar The paper shares experiences from different countries of implementing e-Governance projects that have significantly contributed to governance reform by enhancing transparency and reducing corruption in delivery of public services. Some lessons are drawn for Iraq. E-Governance should be used as a means of implementing public sector reform agenda. The implementation of projects should be accelerated. *Subhash Bhatnagar* is an alumnus of Indian Institute of Technology, Madras and Indian Institute of Management, Ahmedabad (IIMA). Currently he is an honorary adjunct professor at the IIMA. He was a Chair Professor, member of Board of Governors and the Dean of IIMA in his 30 year tenure at IIMA. He has been a visiting Professor in universities in the US and Africa. He worked with the World Bank in Washington DC for six years serving as an advisor to to mainstream e-Governance in the operations of the Bank. He has been a lead speaker in training workshops for ministers and legislators for 16 states in India. His research and consulting work has covered E-Governance, ICT for development, National IT Policy, and Corporate IT Strategy. He has hundred research papers and seven books to his credit which include two books on eGovernance. He is on the editorial boards of seven international journals and has served as Chairman of International Committees in the ICT field. He serves on a number of central and state Government committees in Inda including the steering committee for ICT sector for formulating India’s 12^th Five Year Plan. He was made a Fellow of the Computer Society of India in 1994. He has served on the boards of a number of educational institutions and private enterprises in India. He has travelled to nearly 60 countries, delivering public lectures and conference key notes

Plenary Session 2: Citizen Inclusion into the Digital Society

Chairman: Mr. Imad Naji, Director General - Ministry of Planning

Citizen Inclusion into the Digital Society/ Laurence Millar This paper describes the importance of digital inclusion to achieve the e-governance Vision for Iraq. The paper reports on international experience in digital inclusion and e-governance, using examples from New Zealand, United Kingdom, Bahrain and Taiwan. These experiences illustrate how to develop a plan for increasing digital inclusion in Iraq which is aligned to the wider priorities for social and economic outcomes. Laurence Millar is an independent advisor in the use of ICT by governments, and Editor at Large for FutureGov magazine. He is the lead advisor for the e-government strategy and second action plan for the Kingdom of Saudi Arabia, and has also worked with other GCC countries on their e-government strategies. He provides expert advice to the government on the adoption of digital technology and broadband in schools; he is also Chair of 2020 Communications Trust, which is the leading provider of digital literacy programmes in New Zealand. During his career of more than 35 years, he has worked in the public and private sector, in the UK, USA, Asia and New Zealand. From 2004, he led the New Zealand e-government programme providing leadership in strategy and policy, establishing a foundation of shared infrastructure, and maintaining oversight of government ICT investment; he finished in the role of NZ Government CIO on 1 May 2009. He is married with four adult children and lives in Wellington, New Zealand; he has a MA from Cambridge University and an MSc with distinction from London University.
The role of ICTs in promoting public participation/ Dr. Kathim Ibrisim Participation is a basic feature of good governance, which suggests providing a democratic environment in the community that allows the integration of citizens, institutions of civil society, stakeholders and the poor and marginalized groups into policy-making and follow-up implementation. As much a democratic atmosphere allows for participation good governance can achieve the hopes of community regardless of its different components. This paper provides an assessment of the reality of public participation in Iraq which is based on a survey of public participation in four sectors concerned with providing services (Health/Education/Higher Education/Water and Sanitation). It was carried out by the National Centre and the support of the ESCWA in 2011 - in the light of identification the main challenges facing the participation. It will focus on how to use ICT in promoting public participation in setting priorities and policy-making and follow-up implementation.
Dr. Kathim Mohammed Breisem Okabi, Director General of the National Center for Administrative Development and Information Technology since 2008, holds Ph.D. in object-oriented software engineering, M.A. in empirical computer science – 1989, Higher Diploma in systems analysis – 1982, and B.A. of Statistics – 1980. Dr. Kazem served as a professor at the universities of Jordan (Al al-Bayt University/Philadelphia University) for the period 1996-2008, a professor at the Al-Tahadi University/Libya for the period 1983 – 1992, and a statistician for the period 1980 -1983.

Plenary Session 3: Workshop 1 (Challenges of implementing an adequate telecommunications infrastructure and Highlighting the role of the private sector and the establishment of the concept of true public-private sector partnership in the field of e-governance)

Chairman: Dr. Mahmood Kassim Sharief, Director General – Ministry of Science and Technology

ICT Infrastructure for e-Government and e-Governance in Iraq / Rohan Samarajiva Lirne Governments provisioning e government services have to address two specific policy principles with regard to infrastructure: ensure universal access to their services and assure a higher level of reliability than with comparable private services. Unlike a decade or so ago, governments today do not have to rely solely on common-access centers (telecenters) to provide universal access. In most countries, mobile signals cover almost the entirety of the population; most households have at least one electronic access device; the few that do not, can gain such access. Today’s smartphones have capabilities little different from the early telecenters, except for functionalities such as printing, scanning, etc. and the support of intermediaries. Therefore, delivering voice-based e government services in the short term and mobile-optimized web-based services in the medium term, with common-access centers performing specialized backup functions, is a viable strategy. Conventional web interfaces that adhere to common standards must be maintained but articulated with mobile applications and voice-based services provided through a government call center. In light of difficulties in supplying continuous electricity and security at the present time, special attention has to be paid to reliability. Reliability can be achieved, beginning with a proper understanding of requirements such as the importance of ensuring redundancy of suppliers, paths and media. Samarajiva is founder Chair and CEO of LIRNEasia, a regional think tank focusing on ICT policy and regulation in the emerging Asia Pacific. He most recently completed a diagnostic report on the potential of the ICT Sector for inclusive growth in Bhutan for the Asian Development Bank. He is a member of the team supporting the World Bank to establish the Pacific ICT Regulatory Resource Center, based at the University of the South Pacific in Suva, Fiji. He served as policy advisor to the Ministry of Post and Telecom in Bangladesh in 2006-07 and 2009. In 2002-2004, Samarajiva served as Team Leader of the Public Interest Program Unit of the Ministry for Economic Reform, Science & Technology of Sri Lanka. He was one of the designers of the USD 53 million plus e Sri Lanka Initiative (that had a major e gov focus) that led the way to rapid growth of fixed and mobile broadband in Sri Lanka. He was one of the founder directors of the ICT Agency. Samarajiva has been active in ICT (including telecom) policy and regulation for over 20 years. From 1998-1999, he served as Director General of Telecommunications in Sri Lanka at the invitation of the Government of Sri Lanka. He taught at the Ohio State University in the US (1987-2000) and at the Delft University of Technology in the Netherlands (2000-2003).
The role of private sector software development services companies in e-Government solution implementation/ Shahani Markus Weerawarana Iraq is a country in transformation and has embarked on a compelling vision for e-Government based on a National e-Governance Strategy and Action Plan. Since the private sector plays an important and pivotal role in any national e-Government program, it is important to develop a comprehensive roadmap towards establishing a true public-private sector partnership in Iraq. As a prerequisite for such an endeavor, we review the current status of the e-Government program implementation in Iraq, the critical challenges that need to be addressed in achieving a robust public-private sector partnership in Iraq and the best practices prevalent globally and regionally with respect to addressing such issues along with the resultant policy and program implications. Based on this critical analysis, we formulate many recommendations that could be included in a public-private sector partnership development roadmap that would create momentum in establishing a competitive and vibrant private-sector role in a knowledge-based economic environment geared towards enabling the vision of e-Iraq. Shahani Markus Weerawarana has global experience in the IT industry, government and academia, in a professional career has spanned many different roles, including being an educator, engineer, entrepreneur, manager and researcher. Currently, she is a Visiting Scientist at Indiana University, USA and a Visiting Lecturer at the University of Moratuwa, Sri Lanka. Previously, she was the CTO at the ICT Agency (ICTA) of Sri Lanka, which is the country's apex IT policy & planning agency for implementing the e-Sri Lanka program. At ICTA, she played a key role in providing technical guidance for many eGovernment projects, including spearheading the design and implementation of LankaGate, a 'FutureGov' Award winning project. Prior to joining ICTA, Shahani was the Head of Engineering at Virtusa (Sri Lanka), where she directly and indirectly led more than 600 IT professionals. Before joining Virtusa Shahani worked in the USA, at Prescient Markets Inc and at the IBM TJ Watson Research Center in New York. Her professional activities have included being a member in the Sri Lankan Presidential Task Force in English and IT, an adviser to the Royal Government of Bhutan in their Interoperability Framework and Enterprise Architecture initiative, and a member of the Open eGovernance Forum Advisory Board in the Pan Asia Network for Democratic eGovernance. She is a free & open source software advocate and is a Committer and PMC member in the Apache Software Foundation. Shahani has more than 50 academic publications and her academic activities include the formulation of Asia's first MBA in eGovernance program for the University of Moratuwa, and the supervision of more than 30 MBA and MSc research projects. Her research interests include e-governance, software engineering, parallel & distributed systems, e-science, and TLA practices in higher education. Shahani has a Ph.D. in Computer Science from Purdue University, USA.
Assess the reality of the public-private partnership (PPP) and its role in promoting ICT for development/ Raghad Abdulrasoul This paper, a field survey in four service sectors (health, education, higher education, water and sanitation), aims at identifying the reality and types of PPPs and how could such partnerships contribute in the provision of or complement services within the target sectors in addition to understand and recognize the quality of the services provided by the private sector than in the public sector with a focus on the role of PPP in the promotion of ICT to support national development efforts and improve the quality of public services. Raghad Abdulrasoul, an expert at the National Center for Administrative Development and Information Technology, Higher Diploma in Development Planning/specialty in feasibility studies and B.A. of Statistics. She has functional experience and participated in implementing projects with international organizations (UNICEF/UNDP/ESCWA) in different subjects dealing with the reform and modernization of the Iraqi public sector. She performed many advisory tasks for various institutions in the state in subjects (performance evaluation, organizational structures, job descriptions , mainstreaming of procedures). She provided a variety of lectures at the National Centre and state institutions in the areas of administration, planning and feasibility studies.

Workshop 2 Challenges for creating an enabling legal environment
Chairman: Mrs Afaf Khairallah Hussein, Prime Minister Office

Review of the legal environment in Iraq for effective e-Governance/ Sunil Abraham This paper examines the legal environment and compares it to international best practices for information society aspects that have direct implication for e-governance. It begins with transparency and openness law where there is an examination of right to information/access to information law and subsidiary policies such as free/open source software policy, open content or access policy, open standards policy, electronic accessibility policy, open government data policy. Then it examines privacy law looking at various options for the horizontal statute and also the vertical statutes necessary to comprehensive protect citizen/consumer rights and also public interest simultaneously. This is followed by an examination of intellectual property rights law overall before a more focussed examination patent law and copyright law. The paper ends with examination of some miscellaneous statutes such as the Cyber Crime Law and Electronic Signature and Electronic Transactions Act. Sunil Abraham is the executive director of the Centre for Internet and Society (CIS), Bangalore. CIS is a 4 year old policy and academic research organisation that focuses on accessibility by the disabled, intellectual property rights policy reform, openness [Free/Open Source Software, Open Standards, Open Content, Open Access and Open Educational Resources], internet governance, telecom, digital natives and digital humanities. He is also the founder of Mahiti, a social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. Sunil continues to serve on the board of Mahiti. He is an Ashoka fellow and was elected for a Sarai FLOSS fellowship. For three years, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region. In 2007 - 2008, he managed ENRAP an electronic network of International Fund for Agricultural Development projects in the Asia-Pacific, facilitated and co-funded by International Development Research Centre, Canada. Sunil currently serves on the advisory boards of Open Society Foundations - Information Programme, Mahiti, Tactical Technology Collective, Samvada and International Centre for Free/Open Source Software.
Implementation of the e-system in the Iraqi elections/Dr. Tariq Kazim Ajil, University of Thi Qar

Plenary Session 4: Effective Role of Local Governments in framework of e-Governance Program

Chairman: Dr. Kathim Ibrisim, Director General - Ministry of Planning

Municipal e-Governance Platform / Manu Srivastava The paper discusses the Municipal eGovernance Platform developed by eGovernments Foundation (eGov). The paper sees this in the back ground of the policies and frameworks that the shaped the Municipal eGovernance sector in India. The paper discusses the basic design approach for developing the platform, the platform itself and then discusses the future direction for the platform. *Manu Srivastava* Bio: Manu Srivastava managed and a founding member of the eGovernments Foundation since 2003, that aims at creating an eGovernance Platform (Municipal ERP) to improve the efficiencies of City Municipalities leading to better delivery of services. Between 2000 and 2003, Manu was the project leader of GlobeTrades (Silicon Valley), for creation an Internet platform for medium and large companies to set up industry specific Internet-based solutions to streamline global Procurement and Distribution. He Architected and delivered award winning Citizen Services Solutions in area of eGovernance such as Nirmala Nagara.
Ninawa e-Governance Roadmap/ Anmar Natik Mohammed, Manager of e-Governance Programme in Ninawa Governorate

Plenary Session 5: Challenges of Government Interoperability Framework Implementation, Standards and Information

Chairman: Mr. Mohammed Raji Mousa, Council of Ministers Secretariat (COMSEC)

Government Interoperability Frameworks: Global Overview and implications for Iraq/ Sunil Abraham This paper attempts to identify some next steps for the implementation of the Iraqi Government Interoperability Framework and National Enterprise Architecture[GIF/NEA]. The paper begins with an introduction which provides an historical overview of the GIF/NEA formulation process an the policy document itself. This is followed by a discussion of Open Standards to understand why the GIF/NEA and other open standards policies in the Iraqi government remain critical from a variety of perspectives. The paper then proceeds to look at GIFs across the world and attempts to characterize some of the strategies employed by governments to reach their policy objectives. The paper also features a examination of emerging semantic standards that are most useful from the perspective of storing government data. The paper ends with certain concrete recommendations for taking the open standards agenda forward with Iraqi e-governance. Sunil Abraham is the executive director of the Centre for Internet and Society (CIS), Bangalore. CIS is a 4 year old policy and academic research organisation that focuses on accessibility by the disabled, intellectual property rights policy reform, openness [Free/Open Source Software, Open Standards, Open Content, Open Access and Open Educational Resources], internet governance, telecom, digital natives and digital humanities. He is also the founder of Mahiti, a social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. Sunil continues to serve on the board of Mahiti. He is an Ashoka fellow and was elected for a Sarai FLOSS fellowship. For three years, Sunil also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region. In 2007 - 2008, he managed ENRAP an electronic network of International Fund for Agricultural Development projects in the Asia-Pacific, facilitated and co-funded by International Development Research Centre, Canada. Sunil currently serves on the advisory boards of Open Society Foundations - Information Programme, Mahiti, Tactical Technology Collective, Samvada and International Centre for Free/Open Source Software.

Plenary Session 6: Building e-services

Chairman: Dr. Saad Najem / University of Mustanserieh

Breaking information silos: towards an Iraqi e-Service ecosystem supporting the life-event approach/ Emilio Bugli Innocenti This paper analyses the current status of the e-Service implementation within the e-Governance programmes in developing countries with a specific focus on the Life Event approach delivery of-e-Services along with the related Service Oriented Architecture. Then, it discusses the most suited SOA engineering methodology in order to boost e-Service re-use and integration. Finally, a combined SOA and Cloud Computing approach is proposed in order to provide an effective/efficient implementation of Iraqi e-Governance Action Plan along with a possible fast take-up of e-Services. Emilio Bugli Innocenti has 27 year experience in the ICT domain and over 20 in the e-Governance domain. As Senior e-Governance Consultant he has been working with assignments in transition and developing countries in the Balkans, Caucasus, Middle East, South America and South East Asia. He has been Project Manager of large International ICT projects targeting different sectors and e-Governance, in particular dealing with the implementation of e-Services. He is member of the Italian Industry Executive Association, IEEE Computer Society and Association for Computing Machinery. He holds a MSc in Physics and speaks English, Italian and French.
E-governance and cloud computing services This lecture addresses the historical perspective of cloud computing from a virtual concept to provide computing as a public facility launched in the mid-sixties of the last century as well as the phases of computing services offered by individual computers and then the network to the services provided on line. It also addresses the benefits and types of cloud computing comparing between the benefits and weaknesses of each type. Furthermore, it particularly tackles the economic benefits of balancing security with information, through the architecture and various levels of cloud computing and its impacts on architectures that must be taken into consideration. Furthermore, the ten risks will be put in cloud computing in particular. Adil Matloob is one of the advisors to the Ministry of Science & Technology Baghdad, Iraq. He works in the field of knowledge based systems and artificial intelligence for the last 30 plus years. He was the managing director of the SoftDev limited; a British based company, and a technical director for the Washington based multinational company; the United Press International. He is one of the pioneers’ researchers on machine translation software in the beginning of the nineties with the product known as ArabTrans software. He works on Arabic data mining as well as Arabic abstraction and Arabic knowledge based system. Adil has M.Sc and PhD from Manchester University, Manchester, United Kingdom in 1977 & 1980 respectively.

For more details visit https://cis-india.org/news/second-international-e-governance-conference-at-baghdad

Second India China Think-Tank Forum

praskrishna — 2017-07-07T02:43:09Z

The second India-China Think-Tank Forum was held in Beijing from June 22 to 27, 2017. The Forum was jointly organized by the Institute of Chinese Studies, the Indian Council of World Affairs, and the Chinese Academy of Social Sciences. Saikat Dutta represented an Indian think tank.

The Forum was set up following an MoU between India and China during the visit of Prime Minister Narendra Modi in 2015. The idea of the forum is to explore contentious issues and new areas of cooperation between India and China as a Track 1.5 dialogue. Read More

Click here for the report

Click to read Saikat Dutta's presentation

For more details visit https://cis-india.org/internet-governance/news/second-india-china-think-tank-forum

Second Expert Meeting on Human Rights and the Internet

praskrishna — 2011-06-08T10:01:55Z

The second expert meeting on human rights and the Internet is being organised by the Swedish Ministry for Foreign Affairs and the UN Special Rapporteur on Freedom of Opinion and Expression on 30 and 31 March 2011 in Stockholm (Sweden). Anja Kovacs will participate in this meeting.

List of Participants (draft)

Alison LeClaire Christie alison.leclairechristie@international.gc.ca	Minister-Counsellor and Deputy Permanent Representative, Canadian mission to UN in Geneva
Anabella Rivera libert.expresion@gmail.com	Executive Director, DEMOS, Guatemala
Anja Kovacs anja@cis-india.org	Fellow, The Centre for Internet and Society, Bangalore
Anna Nawrot anna.nawrot@rwi.lu.se	Researcher, Raoul Wallenberg Institute of Human Rights, Lund, Sweden
Annie Game agame@cjfe.org	Executive Director, CJFE-IFEX
Anriette Esterhuysen anriette@apc.org	Executive Director, Association for Progressive Communications, South Africa
Arthit Suriyawongkul arthit@gmail.com	Thai Neitzen Network, Centre for Popular Media Reform
Brett Solomon brett@accessnow.org	Executive Director, Access Now
Charlotta Bredberg charlotta.bredberg@sida.se	Thematic Coordinator for Democracy, Human Rights, Peace and Security, Global Programme Unit, Department for Global Cooperation, Sida
Cynthia Wong cynthia@cdt.org	Director, Project on Global Internet Freedom, Center for Democracy and Technology, Washington DC
Daniel Westman Daniel.Westman@juridicum.su.se	Researcher and Teacher, Faculty of Law, Stockholm University
Danny Aerts danny.aerts@iis.se	CEO, The Internet Infrastructure Foundation (.SE)
David Mothander davidmothander@google.com	Nordic Policy Counsel, Google, Stockholm
Dunja Mijatovic pm-fom@osce.org	OSCE Representative on Freedom of the Media
Eduardo Bertoni eberto2@palermo.edu	Director, Center for Studies on Freedom of Expression and Access to Information, Palermo University School of Law, Argentina
Eric King eric@privacy.org	Human Rights and Technology Advisor, Privacy International
Grace Githaiga ggithaiga@hotmail.com	Kenya ICT Action Network (KICTANET)
Guy Berger G.Berger@ru.ac.za	Professor, School of Journalism & Media Studies, Rhodes University, South Africa
Helena Bjuremalm helena.bjuremalm@sida.se	Senior Policy Specialist, Democracy Assistance, Sida
Hossam Bahgat Hossam@eipr.org	Executive Director, Egyptian Initiative for Personal Rights, Cairo
Jan Kleijssen jan.kleijssen@coe.int	Director, Directorate General of Human Rights and Legal Affairs, Council of Europe
Jean-Luc Delvert Jean-luc.DELVERT@diplomatie.gouv.fr	Counsellor, Human Rights Division, Ministry for Foreign Affairs, France
Jean-Pierre Kempeneers, jem.kempeneers@minbuza.nl	Head of the Human Rights Division, Ministry of Foreign Affairs, The Netherlands
Jermyn P Brooks jermynbrooks@aol.com	Chair, Global Network Initiative
Joana Varon joana@varonferraz.com	Researcher, Centre for Technology and Society, Rio De Janeiro
Joe McNamee joe@mcnamee.eu	EU Advocacy Coordinator, European Digital Rights Initiative
Joy Liddicoat joy@liddicoatlaw.co.nz	Project Coordinator, Internet Rights are Human Rights, APC, South Africa
Kurt Erik Lindqvist kurtis@netnod.se	CEO, NETNOD, Stockholm
Lee Hibbard Lee.HIBBARD@coe.int	Coordinator for Internet Governance and Information Society, Council of Europe
Lisa Horner LisaH@global-partners.co.uk	Head of Research & Policy, Global Dialogue, London
Lise Bergh lise.bergh@amnesty.se	Director, Amnesty International, Swedish Section
Louise Bermsjö louise.bermsjo@sida.se	Programme Manager for Democracy and Human Rights, Global Programme Unit, Department for Global Cooperation, Sida
Lucille Morillon internet@rsf.org	Head, Bureau of New Media, Reporters sans frontières
Maciej TOMASZEWSKI maciej.tomaszewski@ec.europa.eu	European Commission DG INFSO, Unit A3 Internet; Network & Information Security
Maria Häll maria.hall@enterprise.ministry.se	Deputy Director, Division for Information Technology Policy, Ministry of Enterprise, Energy and Communications, Sweden
Mats Ringborg mats.ringborg@foreign.ministry.se	Ambassador of Sweden to OECD and UNESCO
Matthew Barzun BarzunMW@state.gov	US Ambassador to Sweden
Michael Camilleri MCamilleri@oas.org	Attorney, office of the Special Rapporteur for Freedom of Expression, OAS
Nicklas Lundblad nlundblad@google.com	Senior Policy Counsel, Public Policy and Government Affairs, Google
Nicole Gregory nicole.gregory@fco.gov.uk	Head of Human Rights Section, Human Rights and Democracy Department, Foreign and Commonwealth Office, UK
Orest Nowosad onowosad@ohchr.org	Director, Special Procedures of the Office of the UN High Commissioner for Human Rights
Patrik Fältström patrik@frobbit.se	Distinguished Consulting Engineer, Cisco
Patrik Hiselius Patrik.Hiselius@teliasonera.com	Senior Advisor, Public Affairs, Group Communications, Telia Sonera
Paula Uimonen paula@spidercenter.org	Director, The Swedish Program for ICT in Developing Regions, Stockholm
Richard Allan, ric@fb.com	Director of Policy in Europe, Facebook
Richard Esguerra gwen@eff.org	Senior Activist, Global Internet Freedom Policy, Electronic Frontier Foundation
Robert Guerra guerra@freedomhouse.org	Project Director, Internet Freedom, Freedom House
Robert Hårdh Robert.Hardh@civilrightsdefenders.org	Executive Director, Civil Rights Defenders, Stockholm
Sally Elkhodary sally.khodary@anhri.net	Programs Director, The Arabic Network for Human Rights Information, Cairo
Sarah Labowitz LabowitzSB@state.gov	Office of the Coordinator for Cyber Issues, US State Dept
Staffan Jonson staffan.jonson@iis.se	Policy Adviser, The Internet Infrastructure Foundation (.SE)
Sylvie Coudray s.coudray@unesco.org	Division for Freedom of Expression, Democracy and Peace, UNESCO
Thomas Hajnoczi, Thomas.HAJNOCZI@bmeia.gv.at	Ambassador, Permanent Representative of Austria to Council of Europe
Toby Mendel toby@law-democracy.org	Executive Director, Centre for Law and Democracy
Vilhelm Konnander vilhelm.konnander@gmail.com	Global Voices
Wolfgang Benedek wolfgang.benedek@uni-graz.at	Professor, Faculty of Law, Graz University, Austria
Yaman Akdeniz yaman.akdeniz@bilgi.edu.tr Ženet Mujić zenet.mujic@osce.org	Associate Professor of Law, Faculty of Law, Istanbul Bilgi University Senior Adviser, office of the OSCE Representative on Freedom of the Media

Organisers

Frank la Rue Co-Chair of the meeting libert.expresion@gmail.com	UN Special Rapporteur on Freedom of Opinion and Expression
Olof Ehrenkrona Co-Chair of the meeting olof.ehrenkrona@foreign.ministry.se	Ambassador, Political Adviser to Foreign Minister Carl Bildt, MFA, Sweden
Per Sjögren per.sjogren@foreign.ministry.se	Head, Dept of International Law, Human Rights and Treaty Law, MFA, Sweden
Hans Dahlgren hans.dahlgren@foreign.ministry.se	Ambassador for Human Rights, MFA, Sweden
Måns Molander mans.molander@foreign.ministry.se	Head of Human Rights Section, MFA, Sweden
Johan Hallenborg johan.hallenborg@foreign.ministry.se	Special Adviser, HR Section, MFA, Sweden
Maria Koliopanou maria.koliopanou@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Karin Keil Pettersson karin.keil-pettersson@foreign.ministry.se	Assistant, HR Section, MFA, Sweden
Pauline Etemad pauline.etemad@foreign.ministry.se	Intern, HR Section, MFA Sweden
Rolf Ring rolf.ring@rwi.lu.se	Deputy Director, Raoul Wallenberg Institute of Human Rights and Humanitarian Law, Lund, Sweden
Gordana Jankovic Gordana.Jankovic@osf-eu.org	Director, Open Society Foundation Media Program
Vera Franz vfranz@osf-eu.org	Senior Program Manager, Information Program, Open Society Foundations
Stewart Chisholm Stewart.Chisholm@osf-eu.org	Senior Manager for Freedom of Expression, Open Society Media Program

For more details visit https://cis-india.org/notices/second-expert-meeting

SEBI and Communication Surveillance: New Rules, New Responsibilities?

kovey — 2013-07-12T10:51:46Z

In this blog post, Kovey Coles writes about the activities of the Securities Exchange Board of India (SEBI), discusses the importance of call data records (CDRs), and throws light on the significant transition in governmental leniency towards access to private records.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

Introduction

The Securities Exchange Board of India (SEBI) is the country’s securities and market regulator, an investigation agency which seeks to combat market offenses such as insider trading. SEBI has received much media attention this month regarding its recent expansion of authority; the agency is reportedly on track to be granted powers to access telecom companies’ CDRs. These CDRs are kept by telecommunication companies for billing purposes, and contain information on who sent a call, who received a call, and how long the call lasted, but does not disclose information about call content. Although SEBI has emphatically sought several new investigative powers since 2009 (including access to CDRs, surveillance of email, and monitoring of social media), India’s Ministry of Finance only recently endorsed SEBI’s plea for direct access to service providers’ CDRs. In SEBI’s founding legislation, this capability is not mentioned. Very recently, however, the Ministry of Finance has decided to support expansion of current legislation in regards to CDR access for SEBI, the Reserve Bank of India (RBI), and potentially other agencies, when it comes to prevention of money laundering and other economic offenses.

SEBI’s Authority (Until Now)

Established in 1992 under the Securities and Exchange Board of India Act, SEBI was created with the power of "registering and regulating the working of… [individuals] and intermediaries who may be associated with securities markets in any manner."[1] Its powers have included "calling for information from, undertaking inspection, conducting inquires and audits of the intermediaries and self-regulatory organisations in the securities market."[2] Although the agency has held the responsibility to investigate records on market activity, they have never explicitly enjoyed a right to CDRs or other communications data. Now, with the intention of “meeting new challenges thrown forward by the technological and market advances,”[3] SEBI and the Ministry of Finance want to extend their record keeping scope and investigative powers to include CDR access, a form of communications surveillance.

But the ultimate question is whether agencies like SEBI need this type of easy access to records of communication.

What is the Importance of CDR Access?

Reports on SEBI’s recent expansion are quick to ensure that the agency is not looking for phone-tapping rights, which intercepts messages within telephonic calls, but instead only seeks call records. CDRs, in effect, are “metadata,” a sort of information about information. In this case, it is data about communications, but it is not the communications themselves. Currently, there a total of nine agencies which are able to make actual phone-tapping requests in India. But when it comes to access of CDRs, the government seems much more generous in expanding powers of existing agencies. SEBI, as well as RBI and others, are all looking to be upgraded in their authority over CDRs. Experts argue, however, that "metadata and other forms of non-content data may reveal even more about an individual than the content itself, and thus deserves equivalent protection."[4] Therefore, a second crucial question is whether this sensitive CDR data will feature the same detail of protection and safeguards which exist for communication interception.

One reason for the recent move in CDR access is that SEBI and RBI have found the process of obtaining CDRs too arduous and ill-defined.[5] Currently, under section 92 of the CrPc, Magistrates and Commissioners of Police can request a CDR only with an official corresponding first information report (FIR), while there exists no explicit guideline for SEBI’s role in the process of CDR acquisition.[6] Although the government may seek to relax this procedure, SEBI’s founding legislation prohibits investigation without the pretense of “reasonable grounds," as stipulated in section 11C of the SEBI Act.[7] It has always stood that only under these reasonable grounds could SEBI begin inspection of an intermediary’s "books, registers, and other documents."[7] With the government creating a way for SEBI and similar agencies to circumvent the traditional procedures for access to CDRs, these new standards should incorporate safeguards to ensure the protection of individual privacy. Banking companies, financial institutions, and intermediaries have already been obliged to maintain extensive record keeping of transactions, clients, and other financial data under section 12 of the Prevention of Money-Laundering Act of 2002.[8] But books and records containing financial data differ greatly from communication data, which can include much more personal information and therefore may compromise individuals’ freedom of speech and expression, as well as the right to privacy.

Significance and Responsibility in this Decision

Judging from SEBI’s prior capabilities of inspection and inquiry, this change may initially seem only a minor expansion of power for the agency, but it actually represents a significant transition in governmental leniency toward access to private records. As mentioned, the recent goal of the Ministry of Finance to extend rights to CDRs is resulting in amended powers for more agencies than only SEBI. Moreover, this power expansion comes on the heels of controversy surrounding America’s National Security Agency (NSA) amassing millions of CDRs and other datasets both domestically and internationally. There is obvious room for concern over Indian citizen’s call records being made more easily accessible, with fewer checks and balances in place. The benefits of the new policy include easier access to evidence which could incriminate those involved in financial crimes. But is that benefit actually worth giving SEBI the right to request citizen’s call records? In the cases against economic offenses, CDR access often amounts only to circumstantial evidence. With its ongoing battle against insider trading and other financial malpractice, crimes which are inherently difficult to prove, SEBI could have aspirations to grow progressively more omnipresent. But as the agency’s breadth expands, citizen’s rights to privacy are simultaneously being curtailed. Ultimately, the value of preventing economic offense must be balanced with the value of the people’s rights to privacy.

[1]. 1992 Securities and Exchange Board of India Act, section 11, part 2(b).

[2]. 1992 Securities and Exchange Board of India Act, section 11, part 2(i).

[3]. “Sebi Finalising new Anti-money laundering guidelines,” The Times of India, June 16, 2013

http://timesofindia.indiatimes.com/business/india-business/Sebi-finalizing-new-anti-money-laundering-guidelines/articleshow/20615014.cms

[4]. International Principles on the Application of Human Rights to Communications Surveillance -http://www.necessaryandproportionate.net/#_edn1

[5]. “Sebi to soon to get Powers to Access Call Records,” Business Today, June 13, 2013

http://businesstoday.intoday.in/story/sebi-call-record-access/1/195815.html

[6]. 1973 Criminal Procedure Code, Section 92 http://trivandrum.gov.in/~trivandrum/pdf/act/CODE_OF_CRIMINAL_PROCEDURE.pdf

“Govt gives Sebi, RBI Access to Call Data Records,” The Times of India, June 14, 2013

http://articles.timesofindia.indiatimes.com/2013-06-14/india/39975284_1_home-ministry-access-call-data-records-home-secretary

[7]. 1992 Securities and Exchange Board of India Act, section 11C, part 8

[8]. 2002 Prevention of Money-Laundering Act, section 12

For more details visit https://cis-india.org/internet-governance/blog/sebi-and-communication-surveillance

Search and Seizure and the Right to Privacy in the Digital Age: A Comparison of US and India

divij — 2014-06-02T06:45:14Z

The development of information technology has transformed the way in which individuals make everyday transactions and communicate with the world around us. These interactions and transactions are recorded and stored – constantly available for access by the individual and the company through which the service was used.

For example, the ubiquitous smartphone, above and beyond a communication device, is a device which can maintain a complete record of the communications data, photos, videos and documents, and a multitude of other deeply personal information, like application data which includes location tracking, or financial data of the user. As computers and phones increasingly allow us to keep massive amounts of personal information accessible at the touch of a button or screen (a standard smartphone can hold anything between 500 MB to 64 GB of data), the increasing reliance on computers as information-silos also exponentially increases the harms associated with the loss of control over such devices and the information they contain. This vulnerability is especially visceral in the backdrop of law enforcement and the use of coercive state power to maintain security, juxtaposed with the individual’s right to secure their privacy.

American Law - The Fourth Amendment Protection against Unreasonable Search and Seizure

The right to conduct a search and seizure of persons or places is an essential part of investigation and the criminal justice system. The societal interest in maintaining security is an overwhelming consideration which gives the state a restricted mandate to do all things necessary to keep law and order, which includes acquiring all possible information for investigation of criminal activities, a restriction which is based on recognizing the perils of state-endorsed coercion and its implication on individual liberty. Digitally stored information, which is increasingly becoming a major site of investigative information, is thus essential in modern day investigation techniques. Further, specific crimes which have emerged out of the changing scenario, namely, crimes related to the internet, require investigation almost exclusively at the level of digital evidence. The role of courts and policy makers, then, is to balance the state’s mandate to procure information with the citizens’ right to protect it.

The scope of this mandate is what is currently being considered before the Supreme Court of the United States, which begun hearing arguments in the cases Riley v. California,[1] and United States v Wurie,[2]on the 29^th of April, 2014. At issue is the question of whether the police should be allowed to search the cell phones of individuals upon arrest, without obtaining a specific warrant for such search. The cases concern instances where the accused was arrested on account of a minor infraction and a warrantless search was conducted, which included the search of cell phones in their possession. The information revealed in the phones ultimately led to the evidence of further crimes and the conviction of the accused of graver crimes. The appeal is for a suppression of the evidence so obtained, on grounds that the search violates the Fourth Amendment of the American Constitution. Although there have been a plethora of conflicting decisions by various lower courts (including the judgements in Wurie and Riley),[3] the Federal Supreme Court will be for the first time deciding upon the issue of whether cell phone searches should require a higher burden under the Fourth Amendment.

At the core of the issue are considerations of individual privacy and the right to limit the state’s interference in private matters. The fourth amendment in the Constitution of the United States expressly grants protection against unreasonable searches and seizure,[4]however, without a clear definition of what is unreasonable, it has been left to the courts to interpret situations in which the right to non-interference would trump the interests of obtaining information in every case, leading to vast and varied jurisprudence on the issue. The jurisprudence stems from the wide fourth amendment protection against unreasonable government interference, where the rule is generally that any warrantless search is unreasonable, unless covered by certain exceptions. The standard for the protection under the Fourth Amendment is a subjective standard, which is determined as per the state of the bind of the individual, rather than any objective qualifiers such as physical location; and extends to all situations where individuals have a reasonable expectation of privacy, i.e., situations where individuals can legitimately expect privacy, which is a subjective test, not purely dependent upon the physical space being searched.[5]

Therefore, the requirement of reasonableness is generally only fulfilled when a search is conducted subsequent to obtaining a warrant from a neutral magistrate, by demonstrating probable cause to believe that evidence of any unlawful activity would be found upon such search. A warrant is, therefore, an important limitation on the search powers of the police. Further, the protection excludes roving or general searches and requires particularity of the items to be searched. The restriction derives its power from the exclusionary rule, which bars evidence obtained through unreasonable search or seizure, obtained directly or through additional warrants based upon such evidence, from being used in subsequent prosecutions. However, there have evolved several exceptions to the general rule, which includes cases where the search takes place upon the lawful arrest of an accused, a practice which is justified by the possibility of hidden weapons upon the accused or of destruction of important evidence.[6]

The appeal, if successful, would provide an exception to the rule that any search upon lawful arrest is always reasonable, by creating a caveat for the search of computer devices like smartphones. If the court does so, it would be an important recognition of the fact that evolving technologies have transmuted the concept of privacy to beyond physical space, and legal rules and standards that applied to privacy even twenty years ago, are now anachronistic in an age where individuals can record their entire lives on an iPhone. Searching a person nowadays would not only lead to the recovery of calling cards or cigarettes, but phones and computers which can be the digital record of a person’s life, something which could not have been contemplated when the laws were drafted. Cell phone and computer searches are the equivalent of searches of thousands of documents, photos and personal records, and the expectation of privacy in such cases is much higher than in regular searches. Courts have already recognized that cell phones and laptop computers are objects in which the user may have a reasonable expectation of privacy by making them analogous to a “closed container” which the police cannot search and hence coming under the protection of the Fourth Amendment.[7]

On the other hand, cell phones and computers also hold data which could be instrumental in investigating criminal activity, and with technologies like remote wipes of computer data available, such data is always at the risk of destruction if delay is occurred upon the investigation. As per the oral arguments, being heard now, the Court seems to be carving out a specific principle applicable to new technologies. The Court is likely to introduce subtleties specific to the technology involved – for example, it may seek to develop different principles for smartphones (at issue in Riley) and the more basic kind of cell-phones (at issue in Wurie), or it may recognize that only certain kinds of information may be accessed,[8]or may even evolve a rule that would allow seizure, but not a search, of the cell phone before a search warrant can be obtained.[9] Recognizing that transformational technology needs to be reflected in technology-specific legal principles is an important step in maintaining a synchronisation between law and technology and the additional recognition of a higher threshold adopted for digital evidence and privacy would go a long way in securing digital privacy in the future.

Search and Seizure in India

Indian jurisprudence on privacy is a wide departure from that in the USA. Though it is difficult to strictly compartmentalize the many facets of the right to privacy, there is no express or implicit mention of such a right in the Indian Constitution. Although courts have also recognized the importance of procedural safeguards in protecting against unreasonable governmental interference, the recognition of the intrinsic right to privacy as non-interference, which may be different from the instrumental rights that criminal procedure seeks to protect (such as misuse of police power), is sorely lacking. The general law providing for the state’s power of search and seizure of evidence is found in the Code of Criminal Procedure, 1973.

Section 93 provides for the general procedure of search. Section 93 allows for a magistrate to issue a warrant for the search of any “document or thing”, including a warrant for general search of an area, where it believes it is required for the purpose of investigation. The particularity of the search warrant is not a requirement under S. 93(2), and hence a warrant may be for general or roving search of a place. Section 100, which further provides for the search of a closed place, includes certain safeguards such as the presence of witnesses and the requirement of a warrant before a police officer may be allowed ingress into the closed place. However, under S. 165 and S. 51 of the code, the requirements of a search warrant are exempted. S. 165 dispenses with the warrant requirement and provides for an officer in charge of a police station, or any other officer duly authorized by him, to conduct the search of any place as long as he has reasonable grounds to believe that such search would be for the purpose of an investigation and a belief that a search warrant cannot be obtained without undue delay. Further, the officer conducting such search must as far as possible note down the reasons for such belief in writing prior to conducting the search. Section 51 provides another express exception to the requirement of search warrants, by allowing the search of a person arrested lawfully provided that the arrested person may not or cannot be admitted to bail, and requires any such seized items to be written in a search memo. As long as these conditions are fulfilled, the police has an unqualified authority to search a person upon arrest. Therefore, where the arrestee can be admitted to bail as per the warrant, or, in cases of warrantless arrest, as per the law, the search and seizure of such person may not be regular, and the evidence so collected would be subject to greater scrutiny by the court. However, besides these minimal protections, there is no additional procedural protection of individual privacy, and the search powers of the police are extremely wide and discretionary. In fact, there is a specific absence of the exclusionary rule as a protection as well, which means that, unlike under the Fourth Amendment, the non-compliance with the procedural requirements of search would not by itself vitiate the proceedings or suppress the evidence so found, but would only amount to an irregularity which must be simply another factor considered in evaluating the evidence.[10]

The extent of the imputation of the Fourth Amendment protection against unreasonable governmental interference in the Indian constitution is also uncertain. A direct imputation of the Fourth Amendment into the Indian Constitution has been disregarded by the Supreme Court.[11]Though the allusions to the Fourth Amendment have mostly been invoked on facts where unreasonable intrusions into the homes of persons were challenged, the indirect imputation of the right to privacy into the right under Article 21 of the Constitution, invoking the right to privacy as a right to non-interference and a right to live with dignity, would suggest that the considerations for privacy under the Constitution are not merely objective, or physical, but depend on the subjective facts of the situation, i.e. its effect on the right to live with dignity (analogous to the reasonable expectation of privacy test laid down in Katz).[12] Further, the court has specifically struck down provisions for search and seizure which confer particularly wide and discretionary powers on the executive without judicial scrutiny, holding that searches must be subject to the doctrine of proportionality, and that a provision probable cause to effect any search.[13] The Fourth Amendment protection against unreasonable interference in private matters by the state is a useful standard to assess privacy, since it imputes a concept of privacy as an intrinsic right as well as an instrumental one, i.e. privacy as non-interference is a good in itself, notwithstanding the rights it helps achieve, like the freedom of movement or speech.

Regarding digital privacy in particular, Indian law and policy has failed to stand up to the challenges that new technologies pose to privacy and has in fact been regressive, by engaging in surveillance of communications and by allowing governmental access to digital records of online communications (including emails, website logs, etc.) without judicial scrutiny and accountability.[14] In an age of transformative technology and of privacy being placed at a much greater risk, laws which were once deemed reasonable are now completely inadequate in guaranteeing freedom and liberty as encapsulated by the right to privacy. The disparity is even more pronounced in cases of investigation of cyber-crimes which rely almost exclusively on digital evidence, such as those substantively enumerated under the Information Technology Act, but investigated under the general procedure laid down in the Code of Criminal Procedure, which is already mentioned. The procedures for investigation of cyber-crimes and the search and seizure of digital evidence require special consideration and must be brought in line with changing norms. Although S.69 and 69B lay down provisions for investigation of certain crimes,[15] which requires search upon an order by competent authority, i.e. the Secretary to the Department of IT in the Government of India, the powers of search and seizure are also present in several other rules, such as rule 3(9) of the Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011 which allows access to information from intermediaries by a simple written order by any agency or person who are lawfully authorised for investigative, protective, cyber security or intelligence activity; or under rule 6 of the draft Reasonable Security Practices Rules, 2011 framed under Section 43A of the Information Technology Act, where any government agency may, for the prevention, detection, investigation, prosecution, and punishment of offences, obtain any personal data from an intermediate “body corporate” which stores such data. The rules framed for investigation of digital evidence, therefore, do not inspire much confidence where safeguarding privacy is concerned. In the absence of specific guidelines or amendments to the procedures of search and seizure of digital evidence, the inadequacies of applying archaic standards leads to unreasonable intrusions of individual privacy and liberties – an incongruity which requires remedy by the courts and legislature of the country.

[1]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-132_h315.pdf

[2]. http://www.supremecourt.gov/oral_arguments/argument_transcripts/13-212_86qd.pdf

[3]. In Wurie, the motion to supress was allowed, while in Riley it was denied. Also see US v Jacob Finley, US v Abel Flores-Lopez where the motion to suppress was denied.

[4]. The Fourth Amendment to the Constitution of the United States of America: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

[5]. Katz v United States, 389 U.S. 347, 352 (1967).

[6]. Stephen Saltzer, American Criminal Procedure

[7]. United States v Chan, 830 F. Supp. 531,534 (N.D. Cal. 1993).

[8]. A factor considered in US v Abel Flores-Lopez, where the court held that the search of call history in a cell phone did not constitute a sufficient infringement of privacy to require the burden of a warrant.

[9]. The decision in Smallwood v. Florida, No. SC11-1130, before the Florida Supreme Court, made such a distinction.

[10]. State Of Maharashtra v. Natwarlal Damodardas Soni, AIR 1980 SC 593; Radhakrishnan v State of UP, 1963 Supp. 1 S.C.R. 408

[11]. M.P. Sharma v Satish Chandra, AIR 1954 SC 300

[12]. Kharak Singh v State of UP, (1964) 1 SCR 332; Gobind v State of Madhya Pradesh, 1975 AIR 1378

[13]. District Registrar and Collector v. Canara Bank, AIR 2005 SC 186, which related to S.73 of the Andhra Pradesh Stamps Act which allowed ‘any person’ to enter into ‘any premises’ for the purpose of conducting a search.

[14]. S. 69 and 69B of the Information Technology (Amendment) Act, 2008.

[15]. Procedures and Safeguards for Monitoring and collecting traffic data or information rules 2009, available at http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

For more details visit https://cis-india.org/internet-governance/blog/search-and-seizure-and-right-to-privacy-in-digital-age

Sean McDonald - Ebola: A Big Data Disaster

sumandro — 2016-04-21T09:57:26Z

We are proud to initiate the CIS Papers series with a fascinating exploration of humanitarian use of big data and its discontents by Sean McDonald, FrontlineSMS, in the context of utilisation of Call Detail Records for public health response during the Ebola crisis in Liberia. The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modeling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

Read

Download the paper: PDF.

Preface

This study titled “Ebola: A Big Data Disaster” by Sean Martin McDonald, undertaken with support from the Open Society Foundation, Ford Foundation, and Media Democracy Fund, explores the use of Big Data in the form of Call Detail Record (CDR) data in humanitarian crisis.

It discusses the challenges of digital humanitarian coordination in health emergencies like the Ebola outbreak in West Africa, and the marked tension in the debate around experimentation with humanitarian technologies and the impact on privacy. McDonald’s research focuses on the two primary legal and human rights frameworks, privacy and property, to question the impact of unregulated use of CDR’s on human rights. It also highlights how the diffusion of data science to the realm of international development constitutes a genuine opportunity to bring powerful new tools to fight crisis and emergencies.

Analysing the risks of using CDRs to perform migration analysis and contact tracing without user consent, as well as the application of big data to disease surveillance is an important entry point into the debate around use of Big Data for development and humanitarian aid. The paper also raises crucial questions of legal significance about the access to information, the limitation of data sharing, and the concept of proportionality in privacy invasion in the public good. These issues hold great relevance in today's time where big data and its emerging role for development, involving its actual and potential uses as well as harms is under consideration across the world.

The paper highlights the absence of a dialogue around the significant legal risks posed by the collection, use, and international transfer of personally identifiable data and humanitarian information, and the grey areas around assumptions of public good. The paper calls for a critical discussion around the experimental nature of data modelling in emergency response due to mismanagement of information has been largely emphasized to protect the contours of human rights.

This study offers an important perspective for us at the Centre for Internet and Society, and our works on Privacy, Big Data, and Big Data for Development, and very productively articulates the risks of adopting solutions to issues important for development without taking into consideration legal implications and the larger impact on human rights. We look forward to continue to critically engage with issues raised by Big Data in the context of human rights and sustainable development, and bring together diverse perspectives on these issues.

- Elonnai Hickok, Policy Director, the Centre for Internet and Society

CIS Papers

The CIS Papers series publishes open access monographs and discussion pieces that critically contribute to the debates on digital technologies and society. It includes publication of new findings and observations, of work-in-progress, and of critical review of existing materials. These may be authored by researchers at or affiliated to CIS, by external researchers and practitioners, or by a group of discussants. CIS offers editorial support to the selected monographs and discussion pieces. The views expressed, however, are of the authors' alone.

For more details visit https://cis-india.org/papers/ebola-a-big-data-disaster

Scrap UID project, say people's organisations

praskrishna — 2011-04-02T12:26:57Z

The unique identification number project is executed without any legislative or parliamentary sanction.

Representatives of people's movements, mass organisations and institutions on Wednesday said the unique identification number (UID) project is being executed without any legislative or parliamentary sanction and demanded an end to it.

Sunil Abraham, executive director of the Centre for Internet and Society told press persons here that neither the launch of the UID project nor the constitution of the Unique Identification Authority of India (UIDAI) had any legislative sanction. Nothing is known of how the chairperson of the authority is selected, while the project proposes finger-printing of the entire population and storing of biometric and personal data of every person throughout his life and thereafter.

“Although the scheme is to only provide verification of identity, it is unclear what safeguards would prevent third parties from handling, sharing and utilising the data for any purpose,” he said. The UIDAI has agreed to use the services of foreign companies, their software and hardware. It appears that no thought has been give to the perils of placing in the hands of foreign companies data pertaining to the entire population of the country, Mr. Abraham felt. About the claims that the UID project will save crores of rupees by preventing misuse of various welfare schemes, Mr. Abraham questioned whether any feasibility study had been made in this regard.

The UID, the National Population Registry and the NATGRID, once combined and connected, pose grave concerns pertaining to civil liberties and fundamental rights.

Read the original article in the Hindu

For more details visit https://cis-india.org/news/Scrap-UID-project

SCOSTA and UID Comparison not Valid, says Finance Committee

elonnai — 2011-11-22T16:37:43Z

The Standing Committee on Finance Branch, Lok Sabha Secretariat has responded to the suggestions offered by CIS on the National Identification Authority of India, Bill 2010 and has requested it to mail its views by 14 October 2011.

On January 6, 2011, CIS had sent an open letter to the Parliamentary Finance Committee demonstrating how the Aadhaar biometric standard is weaker than the SCOSTA standard. The text of the reply is reproduced below.

Sir,

This is in response to one of the views/suggestions offered by CIS on the National Identification Authority of India Bill, 2010.

CIS View /Suggestion:

"Though the Aadhaar biometrics are useful for the de-duplication and identification of individuals, the Smart Card Operating System for Transport Application [(SCOSTA), developed by the National Informatics Centre in India)] standard is a more secure, structurally sound, and cost-effective approach to authentication of identity for India. Therefore, the Aadhaar biometric based authentication process should be replaced with a SCOSTA standard based authentication process."

In this regard, do you agree with the following view? If not, please justify.

"Comparison between SCOSTA and the UID project are not valid since SCOSTA is fundamentally a standard for smart card based authentication and does not work for the objectives of the unique id project.

The UID project follows a different approach and has multiple objectives — providing identity to residents of India, ensuring inclusion of poor and marginalized residents in order to enable access to benefits and services, eliminating the fakes, duplicates and ghost identities prevalent in other databases and provide a platform for authentication in a cost effective and accessible manner.

UIDAI is not issuing cards or smart cards. Cards can be issued by agencies that are providing services. UID authentication does not exclude smart cards — service providers can still choose to issue smart cards to their beneficiaries or customers if they want to."

You are requested to email your view by 14 October, 2011 positively.

Standing Committee on Finance Branch
Lok Sabha Secretariat

For more details visit https://cis-india.org/internet-governance/blog/scosta-uid-comparison-invalid

Scared by a spoof? You’ve got to be kidding me!

praskrishna — 2012-06-05T05:24:09Z

Whether it is Mamata Banerjee's recent crackdown on a comic strip or the new legal guidelines that allow touchy readers to have objectionable content taken down, what you say online is under scrutiny. What, then, will happen to news satire websites?

The article by Dhamini Ratnam was published in the Times of India on June 3, 2012

"Meri site www.cartoonsagainstcorruption.com kabse band ho chuki hai (...) Humara sabse bada hathiyar humse chheena ja raha hai (...) Aaj chup rahe toh phir bolne ke liye zubaan bhi nahin bachegi." (My site www.cartoonsagainstcorruption.com has been shut down (...) Our biggest weapon is being taken away from us (...) If we remain silent, we won't be left with anything to articulate with").

That's the first thing you read on Kanpur-based blogger Aseem Trivedi's new site, www.cartoonsagainstcorruption.blogspot.in, on which he transferred all his satirical cartoons earlier this year, after he found that his website had been arbitrarily blocked based on a complaint lodged with the Mumbai Crime Branch last December.

In May, Trivedi went on a hunger strike. His point was simple. The police had no right to have his website taken down, under the Information Technology (Amendment) Act 2008, or even under the new Information Technology (intermediary guidelines) Rules, 2011. These rules came into effect last April, and give 36 hours to the intermediary (read Internet Service Provider) to take down content deemed 'objectionable'.

At the face of it, this may seem like a handing over of power to Internet users. But what does this hold out for news satire websites that routinely critique public figures, spoof politics and play an important role in raising public awareness through humour?

For one, in a surprising move, the editors are giving up being anonymous. Says Rahul Roushan, editor, Faking News, "I began this site under the pseudonym Pagal Patrakar in 2008. By the end of 2009, I didn't want to remain anonymous anymore."

Roushan, who is based in Gurgaon, felt readers weren't taking him seriously. "Unless there's a face to such sites, people will think you're spreading lies," says the 33-year-old former television news anchor. Yet, coming out wasn't a cakewalk. "A post I wrote about on the anti-people policy of Mr Thackeray received a comment that I am a Bihari, and therefore against Marathi manoos. Had he not known my name, the reader would never have written such a comment," says Roushan.

Yet, Roushan would rather have his readers - his blog gets 10 lakh page views a month - trust his judgement.

However, recent events, including Pashimbanga Chief Minister Mamata Banerjee's crackdown on a comic strip, and Union human resource development, communications and IT minister Kapil Sibal's suggestion to Internet giants to "regulate themselves" has left Roushan and other news satire website editors wary.The new IT guidelines, fears Roushan, will create an army of self-righteous people with "a lot of hurt sentiments".

"I'm scared of sentiments," he says, wryly.

T S Sudhir, editor of Tenali Rama Reports, a news spoof site that was started in September 2011, feels the trick to safeguard against such "sentiments" is to maintain a rigorous editorial policy. "No obscene, lewd or toilet humour," says the Hyderabadbased former journalist.

The recent fracas over Mamata's 'Maoist' concerns, for instance, elicited a light-hearted piece that said all dosa-eaters are Maoists, because 'mao' in Tamil means 'batter'. "India has a long-standing political tradition of satire, and readers are used to political cartoons with biting humour."

Mangalore-based political cartoonist Satish Acharya, however, has faced the brunt for his biting humour. In September 2011, a Mumbai Crime Branch officer asked him to take down a cartoon depicting Sharad Pawar in a red gown that Acharya had posted on his blog, after it was published in a Mumbaibased tabloid. "In political cartoons, what is the yardstick to measure what is objectionable," asks Acharya. "Can a policeman decide whether a political cartoon is objectionable and have it taken down?"

Programme manager at The Centre for Internet and Society, Bengaluru, Pranesh Prakash has a one word reply: No. Together with his teammates, Prakash is working on a set of guidelines that counters the Intermediary Rules and offers checks and balances without trampling on fundamental rights. For instance, says Prakash, after a complaint is made, the content owner - say the website editor, or cartoonist - should be allowed to reply. If the problem persists, the complainant can go to court.

If cartoons are an effective vehicle of critique online, so are videos. The UnReal Times, run by New Delhi-based IIM graduates C S Krishna and Karthik Laxman, shot to online fame last year after they released a video depicting the Prime Minister as Singham, the heroic character played by Ajay Devgn in a film.

"The best sort of satire," says Krishna, "is when you can't prove in the court of law that the piece is insulting." Krishna and Laxman, who do policy research work for BJP MP Uday Singh, insist that they are not card-holders for the party, and have taken pot-shots at the BJP, too. "Since political satire focuses on mocking the establishment, the UPA government is the subject of most our (satirical) pieces on politics," says Krishna. Tanay Sukumar, editor of News That Matters Not, feels that the content should be directed at a problematic policy, not person. Engineering students Sukumar and Sugandha, who founded the site in 2009, feel that a satirist needs to distinguish between what is necessary and what isn't. "Portraying a political figure using sexual innuendo might be funny for several readers, but would be "unnecessary" in most cases. Our job is to to critique governance." In the case of a crackdown, however, they are clear about what they'd do: they'll take down the 'offending' piece, and then write about having done so. "We will not offend them; we will wear them out," they say.

Want to start a news satire website? here's how:

Have a disclaimer page. Apologise in advance for "hurt sentiments", offer readers a chance to get in touch with you directly for redressal, explain why you're using satire as a tool to critique. If your ISP is asked to remove content, the current IT guidelines are such that they would need to obey. However, since the law doesn't require ISPs to keep track of content that has been removed, make noise about it. There'll be enough people online who will fight for your freedom of expression. Study satire - it's an effective tool - but learn to distinguish it from slander and falsehood. Keep the post grounded in a real event or phenomenon. Critique the agenda, not the person. Consult an IT lawyer if you are in doubt about a piece. It's always good to know your legal argument beforehand.

Pranesh Prakash is quoted in this article.

For more details visit https://cis-india.org/news/scared-by-a-spoof

SC seeks govt reply on PIL challenging powers of IT Act

praskrishna — 2014-09-08T04:45:51Z

Section 66A of the IT Act punishes sending offensive messages through communication services, including posts on social media websites like Facebook.

The article by Shreeja Sen was published in Livemint on August 30, 2014. Leslie D’Monte contributed to this story. Sunil Abraham gave his inputs.

The Supreme Court on Friday asked for the central government’s response in a writ petition filed by Internet and Mobile Association of India (IAMAI) challenging the arbitrary powers that the Information Technology (IT) Act confers on the government to remove user-generated content.

This is not the first time that the amended provisions of the IT Act 2000 and the IT (Intermediaries Guidelines) Rules, 2011 have been challenged. The rules were released by the government in April 2011, and laid down detailed procedures for regulation of intermediaries and online content.

A bench of justices J. Chelameswar and A.K. Sikri, while issuing notice to the central government, tagged the cases with others of a similar nature, including ones by MouthShut.com, a consumer review website, and Shreya Singhal, a public interest litigant who challenged the constitutionality of Section 66A in support of Shaheen Dhada, who was arrested for criticizing the shutdown of Mumbai after the death of Shiv Sena supremo Bal Thackeray in 2012. Section 66A of the IT Act punishes sending offensive messages through communication services, including posts on social media websites like Facebook.

“We’re very happy at MouthShut that IAMAI decided to take a stand regarding this,” said Faisal Farooqui, chief executive officer of MouthShut.com.

The petition, which runs into 1,100 pages according to those familiar with the case, seeks to challenge Section 79(3)(b) of the Information Technology Act. The section holds an Internet service provider (ISP) responsible for content which may be unlawful, published by third parties (not the ISPs) when they’ve been intimated by the government. It takes away the safe harbour rule, which protects ISPs from being sued because of third party actions.

According to a statement by IAMAI, the industry lobby approached the apex court for “objective interpretation of the laws”. Referring to the court agreeing to hear the petition, the statement said, “This admission today allows the industry an opportunity to argue for a clear Safe Harbour Provision for the intermediaries, which is an essential pre-condition of a thriving digital content business.”

“In my view, the court may be sympathetic to this particular situation because there is a body of research and evidence that demonstrates that the private censorship regime instituted by Section 79A that places unconstitutional limits of freedom of speech and expression,” said Sunil Abraham, executive director of the Centre for Internet and Society (CIS), India, a non-profit organization involved with research in freedom of expression, privacy and open access to literature.

On 27 April 2012, CIS-India had released a paper which, among other things, listed why the IT Rules 2011 could have a “chilling” effect on intermediaries. No much has changed since. The paper argued that not all intermediaries have sufficient legal competence or resources (or the willingness to devote such legal resources) to deliberate on the legality of an expression, as a result of which, intermediaries have a tendency to err on the side of caution. It also pointed out that the qualifications and due diligence requirements of different classes of intermediaries have not been clearly defined in the Rules resulting in uncertainty in the steps to be followed by the intermediary. It noted that depending on the nature of a service, it may be technically unfeasible for an intermediary to comply with the takedown within 36 hours.

“The chilling effect can primarily be attributed to the requirement for private intermediaries to perform subjective judicial determination in the course of administering the takedown. From the responses to the takedown notices, it is apparent that not all intermediaries have sufficient legal competence or resources to deliberate on the legality of an expression, as a result of which, such intermediaries have a tendency to err on the side of caution and chill legitimate expressions in order to limit their liability,” the paper said.

Another privacy lobby body, SFLC.in, had submitted feedback to the government when the draft IT Rules were put up for consultation but said that “when the final Rules were notified we found that most of our concerns were not addressed and that the Rules exceeded the scope of the parent act”.

In a July paper, SFLC.in reiterated that “Words and phrases like grossly harmful, harassing, blasphemous, disparaging and “harm minors in any way” are not defined in these Rules or in the Act or in any other legislation. These ambiguous words make the Rules susceptible to misuse…(and have a) chilling effect on free speech rights of users by making them too cautious about the content they post and byforcing them to self-censor…As technology evolves at a fast pace, the law should not be found wanting. The law should be an enabling factor that ensures that citizens enjoy their right to freedom of speech and expression without any hindrance. India, being the largest democracy in the world should lead the world in ensuring that the citizens enjoy the right to express themselves freely online.”

SFLC.in is a donor-supported legal services organization that brings together lawyers, policy analysts, technologists, and students.

According to a March study commissioned by the Global Network Initiative, a multistakeholder group of companies, civil society organizations, investors, and academics and conducted by Copenhagen Economics, an economic consultancy, the GDP contribution of online intermediaries may increase to more than 1.3 % ($ 241 billion) by 2015, provided the current liability regime is improved.

In another development, hearing a petition asking to take down pornographic website, the court deemed it fit to send it to an advisory committee that has been set up under Section 88 of the Information Technology Act. The petition, filed by lawyer Kamlesh Vaswani in 2013, asked for a direction to the central government to block pornography websites, platforms, links or downloading. Speaking to reporters, Vaswani’s lawyer Vijay Panjwani said, “as on date, there are 4 crore pornographic websites. For 18 months, the government has not blocked them.”

The central government informed the committee was considering several options to address the issue of including methods used in the US and UK. This case was being heard by a three-judge bench headed by the chief justice of India R.M. Lodha, who said that to address these technological issues, a “synthesis of law, technology and governance is required.”

For more details visit https://cis-india.org/internet-governance/news/livemint-august-30-2014-shreeja-sen-sc-seeks-govt-reply-on-pil-challenging-powers-of-it-act

SC reserves judgement in cases against Section 66A

praskrishna — 2015-03-08T15:08:00Z

The verdict will have far reaching consequences on civil liberties and right to freedom of speech on the Internet.

The article by Shreeja Sen was published in Livemint on February 26, 2015. Pranesh Prakash is quoted.

The Supreme Court on Thursday reserved its judgment in cases involving multiple challenges to certain provisions of the Information Technology Act, 2000, and so-called guidelines for intermediaries.

The verdict will have far reaching consequences on civil liberties and right to freedom of speech on the Internet. One of the cases is a public interest litigation filed by Shreya Singhal, after two Mumbai-based girls were arrested for criticising on a social media platform the city’s shutdown following the death of Shiv Sena leader Bal Thackeray.

A bench of justices J. Chelameswar and Rohinton F. Nariman has heard 10 cases in all that challenge Section 66A (which punishes sending offensive messages through a communication service), intermediary guidelines under Section 79 of the IT Act, and Section 69A, which allows the central government to block “information” for “public access” over a “computer resource” if the same is “in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign states or public order or for preventing incitement”.

In the court, the government, which made it clear it was not taking an adversarial position, said through additional solicitor general Tushar Mehta that the laws had to interpreted in a way so that they would serve the purpose it was meant for without jeopardising free speech. Some of the petitioners claimed that Section 66A definitely infringes on the right to free speech. “I can’t presume to know the minds of the judges and I will not do so.

But I find it very disappointing that the Narendra Modi government with ministers like Arun Jaitley, who had argued against Section 66A and the intermediary guidelines under Section 79, are now defending them,” said Pranesh Prakash, policy director at think-tank Centre for Internet Society.

“Second, that given the line of questioning the court has taken, the arguments adduced in court and based on our research on 66A, 69A and intermediary guideline rules under 79, which ought to be called Internet censorship rules according to me, it is amply clear that these provisions are unconstitutional.” Ideally, Prakash said, the government should redraft the law, with inputs from legal experts, academics, civil society organizations and technologists.

For more details visit https://cis-india.org/internet-governance/news/livemint-shreeja-sen-february-26-2015-sc-reserves-judgment-in-cases-against-section-66a

SC has set a high threshold for tolerance: Lawrence Liang

praskrishna — 2015-03-28T16:18:18Z

Lawyer-activist Lawrence Liang on why SC upheld section 69A and the implications of striking down section 66A.

The article by Dhamini Ratnam was published in Livemint on March 28, 2015. Lawrence Liang gave his inputs.

Tuesday marked a landmark in the fight for free speech in our country, as the Supreme Court struck down the contentious section 66A of the Information Technology Act of 2000. The section, which was introduced through an amendment in 2009, penalized those who wrote messages online that could be deemed as being false or grossly offensive. However, the apex court turned down a plea to strike down sections 69A (procedure for blocking websites) and 79 (exemption from liability of intermediaries) of the same law. Lawrence Liang, a lawyer who co-founded the Alternative Law Forum in Bengaluru, a fellow at the Centre for Internet and Society, and author of The Public is Watching: Sex, Laws and Videotape and A Guide to Open Content Licenses, spoke in an interview on the wide-ranging implications of the judgement. Edited excerpts:

What was the impetus to fight section 66A?

Over the past few years, there have been numerous cases in which section 66A has been used in bad faith against individuals online. One of the cases that became well-known by virtue of just how ridiculous it was involved the arrest of Shaheen Dhada and her friend Renu Srinivasan (which led petitioner Shreya Singhal to file a public interest litigation in the Supreme Court that eventually led to this judgement), but there have been more, so it was inevitable that a law as draconian as section 66A would be challenged for its constitutional validity.

The judgement begins by noting a distinction between three forms of speech—discussion, advocacy and incitement—and says discussion and advocacy of a particular cause, howsoever unpopular, is at the heart of Article 19(1)(a) of the Constitution (all citizens shall have the right to freedom of speech and expression). Only when they reach the level of incitement can they be legitimately prohibited. While the judgement does not provide a new definition of incitement, it affirms what was laid down in the Rangarajan test (1989), in which the courts had established that for censorship to be justified, the “expression of thought should be intrinsically dangerous to the public interest”. There should be an immediate and direct relation between speech and effect.

The court said that section 66A is “cast so widely that virtually any opinion on any subject would be covered by it, as any serious opinion dissenting with the mores of the day would be caught within its net”. The courts have also historically held that Article 19(1)(a) is as much about the right to receive information as it is to disseminate, and when there is a chilling effect on speech, it also violates the right to receive information. However, I would say that the court missed an opportunity to consider the blocking of websites under section 69A.

Why did the court uphold section 69A, and which other parts of the IT Act did it examine?

If section 66A was found to be arbitrary, then the procedure for blocking websites, as laid out in section 69A, is also beset with similar problems. The court, however, upheld this section and the rules under the IT Act on the grounds that there are internal safeguards and reasonable procedures. This section allows the government to block any site or information that violates Article 19(2) of the Constitution (which enables the legislature to impose certain restrictions on free speech).

The problem is that often there is no hearing or notice given to the owner of information, there is no transparency since blocks can happen on a confidential basis and these can have serious implications for the right to receive information.

The court read down section 79, which used to provide an intermediary exemption from liability with the exception that if it received “actual knowledge” of any illegal content, it was obliged to act within 36 hours. A study by the Centre for Internet and Society showed that even on sending frivolous takedown notices, intermediaries tended to comply to be on the safe side. The court’s decision has read down section 79 now to mean that “actual knowledge” means either an order of a court or the government. It moves it away from a subjective determination by intermediaries.

The court could have, like it did with section 79, retained section 66A while clarifying a procedure that would maintain a balance between the need sometimes to block and public interest, and transparency.

What does the judgement open up for the free speech debate?

The judgement speaks of chilling effects, because if one is not careful, one runs the risk of endangering political discourse through self-censorship. This is terrible for a democratic culture, which is premised on the ability to debate and dissent. Much of the use of section 66A has been politically motivated to silence criticism, and the judgement goes a long way towards promoting a culture of critique.

As the first major Supreme Court case on free speech in the 21st century, it sets the tone on how we think of free speech in a context where every individual with a smartphone is potentially a writer, a publisher and a distributor. By setting a high threshold for what is tolerated in online speech, it ensures that the online space is not doomed to be infantilized.

What position must the law take to protect rights and minority identities?

I think it is important to distinguish between different effects of speech. The court has merely reaffirmed a position that has been held in India for a long time (such as through the Ram Manohar Lohia judgement of 1960, which interpreted what “restriction made in the interests of public order” in Article 19(2) means). In other words, if someone is inciting violence, especially if they have the power to effect such violence (such as a politician), then their speech can be regulated, but the court also held that the idea of threat to public order is often imaginary.

For instance, in what way would Shaheen Dhada’s post on Facebook have incited violence? (In November 2012, Dhada, then a student and based in Palghar, Maharashtra, had written a post on Facebook commenting on the state of shutdown that followed politician Bal Thackeray’s death. Her comment was liked by her friend Srinivasan, and both of them were charged under section 66A.) So, the court is distinguishing between speech that is critical and speech that is dangerous. There are laws that deal with the latter, such as 153A and 295A of the IPC (Indian Penal Code).

It must be noted, however, that provisions also suffer from the same vice of vagueness. What we need is a more nuanced understanding of hate speech that addresses speech that incites violence or hatred against a community, but one in which the test is not of subjective hurt sentiment. The problem with hate speech laws is that they collapse questions of law and order with questions of subjective hurt, and we run the risk of becoming a republic of hurt sentiments where anyone can claim that their sentiments are hurt, especially their religious sentiments.

What happens to existing cases that are being tried under section 66A, such as the one against the organizers and participants of the All India Bakchod Roast?

Court judgements do not necessarily have retrospective effect, so cases that have been filed will continue. We must also remember that the cases filed under section 66A were also accompanied by other provisions. Of course, a judgement as significant as this, which completely delegitimizes section 66A, will have a profound impact on the ongoing cases insofar as they relate to the offence under the section, but the other charges remain.

For more details visit https://cis-india.org/internet-governance/news/livemint-dhamini-ratnam-march-28-2015-sc-has-set-a-high-threshold-for-tolerance