We are anonymous, we are legion

SCOSTA and UID Comparison not Valid, says Finance Committee

elonnai — 2011-11-22T16:37:43Z

The Standing Committee on Finance Branch, Lok Sabha Secretariat has responded to the suggestions offered by CIS on the National Identification Authority of India, Bill 2010 and has requested it to mail its views by 14 October 2011.

On January 6, 2011, CIS had sent an open letter to the Parliamentary Finance Committee demonstrating how the Aadhaar biometric standard is weaker than the SCOSTA standard. The text of the reply is reproduced below.

Sir,

This is in response to one of the views/suggestions offered by CIS on the National Identification Authority of India Bill, 2010.

CIS View /Suggestion:

"Though the Aadhaar biometrics are useful for the de-duplication and identification of individuals, the Smart Card Operating System for Transport Application [(SCOSTA), developed by the National Informatics Centre in India)] standard is a more secure, structurally sound, and cost-effective approach to authentication of identity for India. Therefore, the Aadhaar biometric based authentication process should be replaced with a SCOSTA standard based authentication process."

In this regard, do you agree with the following view? If not, please justify.

"Comparison between SCOSTA and the UID project are not valid since SCOSTA is fundamentally a standard for smart card based authentication and does not work for the objectives of the unique id project.

The UID project follows a different approach and has multiple objectives — providing identity to residents of India, ensuring inclusion of poor and marginalized residents in order to enable access to benefits and services, eliminating the fakes, duplicates and ghost identities prevalent in other databases and provide a platform for authentication in a cost effective and accessible manner.

UIDAI is not issuing cards or smart cards. Cards can be issued by agencies that are providing services. UID authentication does not exclude smart cards — service providers can still choose to issue smart cards to their beneficiaries or customers if they want to."

You are requested to email your view by 14 October, 2011 positively.

Standing Committee on Finance Branch
Lok Sabha Secretariat

For more details visit https://cis-india.org/internet-governance/blog/scosta-uid-comparison-invalid

Scared by a spoof? You’ve got to be kidding me!

praskrishna — 2012-06-05T05:24:09Z

Whether it is Mamata Banerjee's recent crackdown on a comic strip or the new legal guidelines that allow touchy readers to have objectionable content taken down, what you say online is under scrutiny. What, then, will happen to news satire websites?

The article by Dhamini Ratnam was published in the Times of India on June 3, 2012

"Meri site www.cartoonsagainstcorruption.com kabse band ho chuki hai (...) Humara sabse bada hathiyar humse chheena ja raha hai (...) Aaj chup rahe toh phir bolne ke liye zubaan bhi nahin bachegi." (My site www.cartoonsagainstcorruption.com has been shut down (...) Our biggest weapon is being taken away from us (...) If we remain silent, we won't be left with anything to articulate with").

That's the first thing you read on Kanpur-based blogger Aseem Trivedi's new site, www.cartoonsagainstcorruption.blogspot.in, on which he transferred all his satirical cartoons earlier this year, after he found that his website had been arbitrarily blocked based on a complaint lodged with the Mumbai Crime Branch last December.

In May, Trivedi went on a hunger strike. His point was simple. The police had no right to have his website taken down, under the Information Technology (Amendment) Act 2008, or even under the new Information Technology (intermediary guidelines) Rules, 2011. These rules came into effect last April, and give 36 hours to the intermediary (read Internet Service Provider) to take down content deemed 'objectionable'.

At the face of it, this may seem like a handing over of power to Internet users. But what does this hold out for news satire websites that routinely critique public figures, spoof politics and play an important role in raising public awareness through humour?

For one, in a surprising move, the editors are giving up being anonymous. Says Rahul Roushan, editor, Faking News, "I began this site under the pseudonym Pagal Patrakar in 2008. By the end of 2009, I didn't want to remain anonymous anymore."

Roushan, who is based in Gurgaon, felt readers weren't taking him seriously. "Unless there's a face to such sites, people will think you're spreading lies," says the 33-year-old former television news anchor. Yet, coming out wasn't a cakewalk. "A post I wrote about on the anti-people policy of Mr Thackeray received a comment that I am a Bihari, and therefore against Marathi manoos. Had he not known my name, the reader would never have written such a comment," says Roushan.

Yet, Roushan would rather have his readers - his blog gets 10 lakh page views a month - trust his judgement.

However, recent events, including Pashimbanga Chief Minister Mamata Banerjee's crackdown on a comic strip, and Union human resource development, communications and IT minister Kapil Sibal's suggestion to Internet giants to "regulate themselves" has left Roushan and other news satire website editors wary.The new IT guidelines, fears Roushan, will create an army of self-righteous people with "a lot of hurt sentiments".

"I'm scared of sentiments," he says, wryly.

T S Sudhir, editor of Tenali Rama Reports, a news spoof site that was started in September 2011, feels the trick to safeguard against such "sentiments" is to maintain a rigorous editorial policy. "No obscene, lewd or toilet humour," says the Hyderabadbased former journalist.

The recent fracas over Mamata's 'Maoist' concerns, for instance, elicited a light-hearted piece that said all dosa-eaters are Maoists, because 'mao' in Tamil means 'batter'. "India has a long-standing political tradition of satire, and readers are used to political cartoons with biting humour."

Mangalore-based political cartoonist Satish Acharya, however, has faced the brunt for his biting humour. In September 2011, a Mumbai Crime Branch officer asked him to take down a cartoon depicting Sharad Pawar in a red gown that Acharya had posted on his blog, after it was published in a Mumbaibased tabloid. "In political cartoons, what is the yardstick to measure what is objectionable," asks Acharya. "Can a policeman decide whether a political cartoon is objectionable and have it taken down?"

Programme manager at The Centre for Internet and Society, Bengaluru, Pranesh Prakash has a one word reply: No. Together with his teammates, Prakash is working on a set of guidelines that counters the Intermediary Rules and offers checks and balances without trampling on fundamental rights. For instance, says Prakash, after a complaint is made, the content owner - say the website editor, or cartoonist - should be allowed to reply. If the problem persists, the complainant can go to court.

If cartoons are an effective vehicle of critique online, so are videos. The UnReal Times, run by New Delhi-based IIM graduates C S Krishna and Karthik Laxman, shot to online fame last year after they released a video depicting the Prime Minister as Singham, the heroic character played by Ajay Devgn in a film.

"The best sort of satire," says Krishna, "is when you can't prove in the court of law that the piece is insulting." Krishna and Laxman, who do policy research work for BJP MP Uday Singh, insist that they are not card-holders for the party, and have taken pot-shots at the BJP, too. "Since political satire focuses on mocking the establishment, the UPA government is the subject of most our (satirical) pieces on politics," says Krishna. Tanay Sukumar, editor of News That Matters Not, feels that the content should be directed at a problematic policy, not person. Engineering students Sukumar and Sugandha, who founded the site in 2009, feel that a satirist needs to distinguish between what is necessary and what isn't. "Portraying a political figure using sexual innuendo might be funny for several readers, but would be "unnecessary" in most cases. Our job is to to critique governance." In the case of a crackdown, however, they are clear about what they'd do: they'll take down the 'offending' piece, and then write about having done so. "We will not offend them; we will wear them out," they say.

Want to start a news satire website? here's how:

Have a disclaimer page. Apologise in advance for "hurt sentiments", offer readers a chance to get in touch with you directly for redressal, explain why you're using satire as a tool to critique. If your ISP is asked to remove content, the current IT guidelines are such that they would need to obey. However, since the law doesn't require ISPs to keep track of content that has been removed, make noise about it. There'll be enough people online who will fight for your freedom of expression. Study satire - it's an effective tool - but learn to distinguish it from slander and falsehood. Keep the post grounded in a real event or phenomenon. Critique the agenda, not the person. Consult an IT lawyer if you are in doubt about a piece. It's always good to know your legal argument beforehand.

Pranesh Prakash is quoted in this article.

For more details visit https://cis-india.org/news/scared-by-a-spoof

SC seeks govt reply on PIL challenging powers of IT Act

praskrishna — 2014-09-08T04:45:51Z

Section 66A of the IT Act punishes sending offensive messages through communication services, including posts on social media websites like Facebook.

The article by Shreeja Sen was published in Livemint on August 30, 2014. Leslie D’Monte contributed to this story. Sunil Abraham gave his inputs.

The Supreme Court on Friday asked for the central government’s response in a writ petition filed by Internet and Mobile Association of India (IAMAI) challenging the arbitrary powers that the Information Technology (IT) Act confers on the government to remove user-generated content.

This is not the first time that the amended provisions of the IT Act 2000 and the IT (Intermediaries Guidelines) Rules, 2011 have been challenged. The rules were released by the government in April 2011, and laid down detailed procedures for regulation of intermediaries and online content.

A bench of justices J. Chelameswar and A.K. Sikri, while issuing notice to the central government, tagged the cases with others of a similar nature, including ones by MouthShut.com, a consumer review website, and Shreya Singhal, a public interest litigant who challenged the constitutionality of Section 66A in support of Shaheen Dhada, who was arrested for criticizing the shutdown of Mumbai after the death of Shiv Sena supremo Bal Thackeray in 2012. Section 66A of the IT Act punishes sending offensive messages through communication services, including posts on social media websites like Facebook.

“We’re very happy at MouthShut that IAMAI decided to take a stand regarding this,” said Faisal Farooqui, chief executive officer of MouthShut.com.

The petition, which runs into 1,100 pages according to those familiar with the case, seeks to challenge Section 79(3)(b) of the Information Technology Act. The section holds an Internet service provider (ISP) responsible for content which may be unlawful, published by third parties (not the ISPs) when they’ve been intimated by the government. It takes away the safe harbour rule, which protects ISPs from being sued because of third party actions.

According to a statement by IAMAI, the industry lobby approached the apex court for “objective interpretation of the laws”. Referring to the court agreeing to hear the petition, the statement said, “This admission today allows the industry an opportunity to argue for a clear Safe Harbour Provision for the intermediaries, which is an essential pre-condition of a thriving digital content business.”

“In my view, the court may be sympathetic to this particular situation because there is a body of research and evidence that demonstrates that the private censorship regime instituted by Section 79A that places unconstitutional limits of freedom of speech and expression,” said Sunil Abraham, executive director of the Centre for Internet and Society (CIS), India, a non-profit organization involved with research in freedom of expression, privacy and open access to literature.

On 27 April 2012, CIS-India had released a paper which, among other things, listed why the IT Rules 2011 could have a “chilling” effect on intermediaries. No much has changed since. The paper argued that not all intermediaries have sufficient legal competence or resources (or the willingness to devote such legal resources) to deliberate on the legality of an expression, as a result of which, intermediaries have a tendency to err on the side of caution. It also pointed out that the qualifications and due diligence requirements of different classes of intermediaries have not been clearly defined in the Rules resulting in uncertainty in the steps to be followed by the intermediary. It noted that depending on the nature of a service, it may be technically unfeasible for an intermediary to comply with the takedown within 36 hours.

“The chilling effect can primarily be attributed to the requirement for private intermediaries to perform subjective judicial determination in the course of administering the takedown. From the responses to the takedown notices, it is apparent that not all intermediaries have sufficient legal competence or resources to deliberate on the legality of an expression, as a result of which, such intermediaries have a tendency to err on the side of caution and chill legitimate expressions in order to limit their liability,” the paper said.

Another privacy lobby body, SFLC.in, had submitted feedback to the government when the draft IT Rules were put up for consultation but said that “when the final Rules were notified we found that most of our concerns were not addressed and that the Rules exceeded the scope of the parent act”.

In a July paper, SFLC.in reiterated that “Words and phrases like grossly harmful, harassing, blasphemous, disparaging and “harm minors in any way” are not defined in these Rules or in the Act or in any other legislation. These ambiguous words make the Rules susceptible to misuse…(and have a) chilling effect on free speech rights of users by making them too cautious about the content they post and byforcing them to self-censor…As technology evolves at a fast pace, the law should not be found wanting. The law should be an enabling factor that ensures that citizens enjoy their right to freedom of speech and expression without any hindrance. India, being the largest democracy in the world should lead the world in ensuring that the citizens enjoy the right to express themselves freely online.”

SFLC.in is a donor-supported legal services organization that brings together lawyers, policy analysts, technologists, and students.

According to a March study commissioned by the Global Network Initiative, a multistakeholder group of companies, civil society organizations, investors, and academics and conducted by Copenhagen Economics, an economic consultancy, the GDP contribution of online intermediaries may increase to more than 1.3 % ($ 241 billion) by 2015, provided the current liability regime is improved.

In another development, hearing a petition asking to take down pornographic website, the court deemed it fit to send it to an advisory committee that has been set up under Section 88 of the Information Technology Act. The petition, filed by lawyer Kamlesh Vaswani in 2013, asked for a direction to the central government to block pornography websites, platforms, links or downloading. Speaking to reporters, Vaswani’s lawyer Vijay Panjwani said, “as on date, there are 4 crore pornographic websites. For 18 months, the government has not blocked them.”

The central government informed the committee was considering several options to address the issue of including methods used in the US and UK. This case was being heard by a three-judge bench headed by the chief justice of India R.M. Lodha, who said that to address these technological issues, a “synthesis of law, technology and governance is required.”

For more details visit https://cis-india.org/internet-governance/news/livemint-august-30-2014-shreeja-sen-sc-seeks-govt-reply-on-pil-challenging-powers-of-it-act

SC reserves judgement in cases against Section 66A

praskrishna — 2015-03-08T15:08:00Z

The verdict will have far reaching consequences on civil liberties and right to freedom of speech on the Internet.

The article by Shreeja Sen was published in Livemint on February 26, 2015. Pranesh Prakash is quoted.

The Supreme Court on Thursday reserved its judgment in cases involving multiple challenges to certain provisions of the Information Technology Act, 2000, and so-called guidelines for intermediaries.

The verdict will have far reaching consequences on civil liberties and right to freedom of speech on the Internet. One of the cases is a public interest litigation filed by Shreya Singhal, after two Mumbai-based girls were arrested for criticising on a social media platform the city’s shutdown following the death of Shiv Sena leader Bal Thackeray.

A bench of justices J. Chelameswar and Rohinton F. Nariman has heard 10 cases in all that challenge Section 66A (which punishes sending offensive messages through a communication service), intermediary guidelines under Section 79 of the IT Act, and Section 69A, which allows the central government to block “information” for “public access” over a “computer resource” if the same is “in the interest of sovereignty and integrity of India, defence of India, security of the State, friendly relations with foreign states or public order or for preventing incitement”.

In the court, the government, which made it clear it was not taking an adversarial position, said through additional solicitor general Tushar Mehta that the laws had to interpreted in a way so that they would serve the purpose it was meant for without jeopardising free speech. Some of the petitioners claimed that Section 66A definitely infringes on the right to free speech. “I can’t presume to know the minds of the judges and I will not do so.

But I find it very disappointing that the Narendra Modi government with ministers like Arun Jaitley, who had argued against Section 66A and the intermediary guidelines under Section 79, are now defending them,” said Pranesh Prakash, policy director at think-tank Centre for Internet Society.

“Second, that given the line of questioning the court has taken, the arguments adduced in court and based on our research on 66A, 69A and intermediary guideline rules under 79, which ought to be called Internet censorship rules according to me, it is amply clear that these provisions are unconstitutional.” Ideally, Prakash said, the government should redraft the law, with inputs from legal experts, academics, civil society organizations and technologists.

For more details visit https://cis-india.org/internet-governance/news/livemint-shreeja-sen-february-26-2015-sc-reserves-judgment-in-cases-against-section-66a

SC has set a high threshold for tolerance: Lawrence Liang

praskrishna — 2015-03-28T16:18:18Z

Lawyer-activist Lawrence Liang on why SC upheld section 69A and the implications of striking down section 66A.

The article by Dhamini Ratnam was published in Livemint on March 28, 2015. Lawrence Liang gave his inputs.

Tuesday marked a landmark in the fight for free speech in our country, as the Supreme Court struck down the contentious section 66A of the Information Technology Act of 2000. The section, which was introduced through an amendment in 2009, penalized those who wrote messages online that could be deemed as being false or grossly offensive. However, the apex court turned down a plea to strike down sections 69A (procedure for blocking websites) and 79 (exemption from liability of intermediaries) of the same law. Lawrence Liang, a lawyer who co-founded the Alternative Law Forum in Bengaluru, a fellow at the Centre for Internet and Society, and author of The Public is Watching: Sex, Laws and Videotape and A Guide to Open Content Licenses, spoke in an interview on the wide-ranging implications of the judgement. Edited excerpts:

What was the impetus to fight section 66A?

Over the past few years, there have been numerous cases in which section 66A has been used in bad faith against individuals online. One of the cases that became well-known by virtue of just how ridiculous it was involved the arrest of Shaheen Dhada and her friend Renu Srinivasan (which led petitioner Shreya Singhal to file a public interest litigation in the Supreme Court that eventually led to this judgement), but there have been more, so it was inevitable that a law as draconian as section 66A would be challenged for its constitutional validity.

The judgement begins by noting a distinction between three forms of speech—discussion, advocacy and incitement—and says discussion and advocacy of a particular cause, howsoever unpopular, is at the heart of Article 19(1)(a) of the Constitution (all citizens shall have the right to freedom of speech and expression). Only when they reach the level of incitement can they be legitimately prohibited. While the judgement does not provide a new definition of incitement, it affirms what was laid down in the Rangarajan test (1989), in which the courts had established that for censorship to be justified, the “expression of thought should be intrinsically dangerous to the public interest”. There should be an immediate and direct relation between speech and effect.

The court said that section 66A is “cast so widely that virtually any opinion on any subject would be covered by it, as any serious opinion dissenting with the mores of the day would be caught within its net”. The courts have also historically held that Article 19(1)(a) is as much about the right to receive information as it is to disseminate, and when there is a chilling effect on speech, it also violates the right to receive information. However, I would say that the court missed an opportunity to consider the blocking of websites under section 69A.

Why did the court uphold section 69A, and which other parts of the IT Act did it examine?

If section 66A was found to be arbitrary, then the procedure for blocking websites, as laid out in section 69A, is also beset with similar problems. The court, however, upheld this section and the rules under the IT Act on the grounds that there are internal safeguards and reasonable procedures. This section allows the government to block any site or information that violates Article 19(2) of the Constitution (which enables the legislature to impose certain restrictions on free speech).

The problem is that often there is no hearing or notice given to the owner of information, there is no transparency since blocks can happen on a confidential basis and these can have serious implications for the right to receive information.

The court read down section 79, which used to provide an intermediary exemption from liability with the exception that if it received “actual knowledge” of any illegal content, it was obliged to act within 36 hours. A study by the Centre for Internet and Society showed that even on sending frivolous takedown notices, intermediaries tended to comply to be on the safe side. The court’s decision has read down section 79 now to mean that “actual knowledge” means either an order of a court or the government. It moves it away from a subjective determination by intermediaries.

The court could have, like it did with section 79, retained section 66A while clarifying a procedure that would maintain a balance between the need sometimes to block and public interest, and transparency.

What does the judgement open up for the free speech debate?

The judgement speaks of chilling effects, because if one is not careful, one runs the risk of endangering political discourse through self-censorship. This is terrible for a democratic culture, which is premised on the ability to debate and dissent. Much of the use of section 66A has been politically motivated to silence criticism, and the judgement goes a long way towards promoting a culture of critique.

As the first major Supreme Court case on free speech in the 21st century, it sets the tone on how we think of free speech in a context where every individual with a smartphone is potentially a writer, a publisher and a distributor. By setting a high threshold for what is tolerated in online speech, it ensures that the online space is not doomed to be infantilized.

What position must the law take to protect rights and minority identities?

I think it is important to distinguish between different effects of speech. The court has merely reaffirmed a position that has been held in India for a long time (such as through the Ram Manohar Lohia judgement of 1960, which interpreted what “restriction made in the interests of public order” in Article 19(2) means). In other words, if someone is inciting violence, especially if they have the power to effect such violence (such as a politician), then their speech can be regulated, but the court also held that the idea of threat to public order is often imaginary.

For instance, in what way would Shaheen Dhada’s post on Facebook have incited violence? (In November 2012, Dhada, then a student and based in Palghar, Maharashtra, had written a post on Facebook commenting on the state of shutdown that followed politician Bal Thackeray’s death. Her comment was liked by her friend Srinivasan, and both of them were charged under section 66A.) So, the court is distinguishing between speech that is critical and speech that is dangerous. There are laws that deal with the latter, such as 153A and 295A of the IPC (Indian Penal Code).

It must be noted, however, that provisions also suffer from the same vice of vagueness. What we need is a more nuanced understanding of hate speech that addresses speech that incites violence or hatred against a community, but one in which the test is not of subjective hurt sentiment. The problem with hate speech laws is that they collapse questions of law and order with questions of subjective hurt, and we run the risk of becoming a republic of hurt sentiments where anyone can claim that their sentiments are hurt, especially their religious sentiments.

What happens to existing cases that are being tried under section 66A, such as the one against the organizers and participants of the All India Bakchod Roast?

Court judgements do not necessarily have retrospective effect, so cases that have been filed will continue. We must also remember that the cases filed under section 66A were also accompanied by other provisions. Of course, a judgement as significant as this, which completely delegitimizes section 66A, will have a profound impact on the ongoing cases insofar as they relate to the offence under the section, but the other charges remain.

For more details visit https://cis-india.org/internet-governance/news/livemint-dhamini-ratnam-march-28-2015-sc-has-set-a-high-threshold-for-tolerance

SC directs govt to further regulate social media: Is it necessary? Experts weigh in

Geetika Mantri — 2019-09-30T14:28:10Z

With the SC's directive to the Indian government for further regulation of social media, TNM asked experts what were the challenges associated with the same.

The article by Geetika Mantri was published in the News Minute on September 28, 2019. Pranesh Prakash was quoted.

The Supreme Court recently expressed the need to regulate social media to curb fake news, defamation and trolling. It also asked the Union government to come up with guidelines to prevent misuse of social media while protecting users’ privacy in three weeks’ time.

The apex court made these statements while hearing a transfer petition by Facebook which has asked for petitions on regulation of social media filed in Madras, Bombay and Madhya Pradesh High Courts on similar issues to be transferred to the SC so that the scope can be expanded.

In India, social media platforms already come under the purview of the Information Technology (IT) Act, the ‘intermediaries guidelines’ that were notified under the IT Act in 2011 and the Indian Penal Code.

With the SC's directive to the Indian government for further regulation of social media, TNM asked experts what were the challenges associated with the same.

Existing regulations and misuse

Executive Director of the Internet Freedom Foundation (which is also an intervenor in the above case in SC) and lawyer Apar Gupta points out that under existing laws, social media channels are already required to take down content if they are directed to do so by a court or law enforcement.

There are also reporting mechanisms on these platforms, where they exercise discretion to ascertain whether a reported post is violating community guidelines and needs to be taken down. These, however, have been reported to be arbitrary – many posts on body positivity and menstruation, for instance, have been taken down in the past while other explicit imagery continues to be allowed.

“But it’s necessary to have minimum legal standards that need to be fulfilled to compel such take-downs on social media. If platforms had to take down posts based on individual complaints, it could result in many frivolous take-downs. Free speech should be the norm, and removal of content, the exception,” Apar argues.

IT consultant Kiran Chandra says that many of the existing regulations themselves are “dangerously close to censorship and may have a chilling effect on freedom of speech, which is why cases are being fought on those in courts.”

Even under existing regulations, there is scope for misuse - which has also been documented in the past - to curb dissent.

“One of the key problems of a lot of regulatory measures is the vagueness of language which is exploited by state agencies to behave in a repressive way,” Kiran says. “Any regulation has to be clear and concrete so that there is no scope for overreach."

Much of fake news is driven by politics

Fake news isn't exactly new, but its proliferation and extent have expanded manifold with social media.

Srinivas Kodali, an independent security researcher, says that it is not as though governments do not know where a good portion of fake news is coming from. “Most political parties have IT cells that dedicatedly work on creating and spreading fake news. But what is the Election Commission or anyone else doing to stop that?” he questions.

Kiran points out that this machinery exists with a view to gain electoral dividends. “There can be no countering fake news without taking on these structures and the political forces behind them,” he says.

He adds that social media giants also need to take responsibility. “Currently, considering the role social media companies play in the society, they are doing almost nothing [about fake news]. In fact, virality - and a lot of fake news tends to be viral - is the basis of the business model of many social media companies, including Facebook, and WhatsApp, which it owns. At the very least, these companies need to dedicate far more resources, and must provide more transparency into their functioning if any dent has to be made in countering fake news.”

Kiran also says that there is a need to support websites that bust fake news, and make people more aware of the need to verify news.

Defamation and online harassment

Experts say that when it comes to the SC’s observation that there should be redressal mechanisms for someone who has been ‘defamed’ on social media, the recourse is pretty clear-cut.

Pranesh Prakash, a fellow at the Centre for Internet and Society, says, “If it concerns defamation, it is very likely that the victim knows where the defamatory post has come from. Even if it is not an original message, the defamation law does not require you to find out the origin of such a message. Anyone who has put it, forwarded it, is liable.”

That being said, it is the social media giants that need to pick up the slack when it comes to dealing with targeted harassment and online bullying.

It has been reported earlier that Facebook, due to its lack of understanding of the Indian context as well as diversity, often fails in effectively removing hate speech from the platform in India. Facebook's community guidelines are unavailable in several Indian languages too.

Kiran says that while there already exist legal provisions for dealing with offensive speech, the problem is that they are either misused or underused. “Critics of the government get hit with these cases unreasonably while many who engage in hate speech and abuse are followed by the most powerful people in the country. Here again, social media firms need to massively increase the resources they spend on weeding out such content.”

Privacy and surveillance concerns

Any conversation on additional regulation of social media brings up concerns about privacy and surveillance.

Apar says if regulators want easy access to user information for curbing misuse, spread of fake news and the like, it would require online platforms to modify their products to increase surveillance - to have exact details about who said what, when and about whom. “This is why it’s important for legal standards and conditions for accessing user information to be followed. Government also needs to become more accountable on what information on users they are demanding from social media companies.”

Kiran cautions that “any bid at regulating expression online has to be proportional and concrete with adequate redressal mechanisms and without any blanket provisions.”

“We need strong data protection and privacy laws which restrict the scope of these companies and reduce their footprint online,” he adds, referring, for instance to Facebook's monopoly - the company also owns Instagram. “Similarly, the role they play in elections and political processes as a whole, needs to be checked.”

Srinivas points out that ultimately, social media is a reflection of what is happening in the society: “If there is no rule of law offline, it won’t be there online.”

For more details visit https://cis-india.org/internet-governance/news/the-news-minute-geetika-mantri-september-28-2019-sc-directs-govt-to-further-regulate-social-media

Say 'Password' in Hindi

nishant — 2012-03-21T09:18:19Z

English might be the language of the online world, but it’s time other languages had their say, writes Nishant Shah. The article was published in the Indian Express on June 5, 2011.

On skype the other day, a friend narrated an incident that made the otherwise familiar terrains of the internet, uncanny. His grandmother, who had recently acquired a taste for Facebook, had signed off on a message saying “Love, Granny”. For people of the xoxo generation, this sounds commonplace, in fact it might even be archaic. However, for my friend, who had never thought of his emotions for his grandmother as “love”, it produced a moment of sheer strangeness.

In Gujarati, it would have been silly to think of your emotions for family as “love”. There are better nuances. The emotional connect between lovers is different from the affective relationship with parents. The fondness for siblings is different from the bond with friends. And it was unnerving, for him, to have this range of emotions suddenly condensed into “love”. Like many of us polyglots who work in the rapidly digitising world of the World Wide Web, he was experiencing the gap between the mother tongue and the other tongue. It is an experience that is quite common to non-native speakers of English, who have to succumb to de facto English language usage on the global web and often find themselves at sea about how to translate emotions, histories and experiences into a language which does not always accommodate them.

This experience only becomes more intense for people who are fluent neither in the English language nor in international online English. This question of localisation of language remains one of the biggest gating factors of the internet. It also remains, after literacy and skills, the biggest impediment to including people from non-mainstream geopolitics in discussions online. Several global linguistic majorities have dealt with this by producing different language webs. Spanish, Chinese, Japanese and German are among the largest non-English language internets which are in operation now. However, in post-colonial countries like India, where linguistic diversity is the order of the day, the efforts at localisation have been sporadic and not very popular.

There are many facets to the implementation of localisation practices. It requires developing local language fonts so that people don’t have to merely transliterate local words using an English language script. These fonts further need to be made translatable into other languages, identified by machine translations. Keyboards and hardware infrastructure, which grants ease of access to the users need to be built. Tool kits to de-Anglify the computer language, code, browser signs etc. are being developed. There are many attempts being made by public and private bodies in the country to produce this ecology of localisation, both at the level of hardware and software.

And yet, adoption of localisation tools, despite a growing non-urban user base, remains low. Most people engage with the digital and online services through English, even though their fluency with the language might be low. One of the reasons why localisation of Indic language content is facing so much resistance is because of a narrow understanding of localisation as linguistic translation. Most attempts at localisation in the country merely think of translating English terms like “browser”, “code”, or “password” into the regional languages. In many instances, the term is merely rewritten in the local script.

Such an approach to localisation ignores the fact that the language of technology does not only produce new expressions and words, but also new ways of thinking. While localising the English language content, care also has to be given to translating the contexts, which the words and phrases carry. Do a simple exercise. Take the word “Password”. Try and translate this into your local language so that it makes complete sense to a native speaker. You will realise that just saying “Password” doesn’t mean much and that it requires background information to make that word intelligible to a community.

The second is that localisation is not merely about giving rights to generate content online. While the Web 2.0 wave of user-generated content is ruling the internet now, we must realise that most people come online to consume as much, if not more than, what they generate. Policies that promote local language information production, translation projects etc. need to be in place so that the minimum threshold of information is available online in languages other than English. Government documents, state records, public artifacts, etc. need to be digitised and made available in local languages so that people can access data online.

Localisation is not only about language and translations. It is about changing the top-down approach; instead of forcing existing concepts on to material realities which don’t always fit them, it is time to see that the true power of digital technologies is in building bottom-up models where everyday practice can be captured through localised vocabularies that allow for users to say, “I love you,” to anybody, in a language, and meaning that makes sense to them.

Read the original here

For more details visit https://cis-india.org/internet-governance/blog/password-in-hindi

Saving privacy as we knew it

praskrishna — 2013-10-29T05:01:25Z

Long overdue protection law still on the back-burner; meanwhile, depts put more of one's personal details online.

The article by Surabhi Agarwal and Somesh Jha was published in the Business Standard on October 29, 2013. Sunil Abraham is quoted.

It was in 2010 when the central government decided to institute a legal framework on privacy. This was in the wake of increasing data collection by both government and corporate agencies. Concerns had mounted in the wake of projects such as the National Population Register, Aadhaar and the National Intelligence Grid.

Over three years and hundreds of consultations later, several drafts of the proposed Bill were written and rejected, and at least two committees have given recommendations. However, the law has not seen the light of day. Meanwhile, citizen data digitisation is moving at a pace like never before in the country.

Business Standard had reported on October 28 about how an investigation revealed that several states and central departments might be, unwittingly, following a bare-it-all approach in posting citizen data online in order to push the government's agenda of greater transparency and accountability. While the Centre's National Rural Employment Guarantee Scheme puts out full bank account numbers of its beneficiaries, government website of Uttar Pradesh has put out full details of ration card holders, including annual income along with address and information about members of the family. By putting such sensitive information online, the government could be jeopardising the privacy of its 1.2 billion citizens, who stand exposed to a variety of risks, including those of 360-degree profiling and financial frauds. (INFORMATION DELUGE)

According to government officials, the department of personnel and training has finished compiling the final draft of the privacy legislation, now awaiting approval from the prime minister; the department is under him.

"In the absence of a privacy Bill, the only data protection, pseudo, is through Section 43A of the Information Technology (IT) Act. Unfortunately, that is not a data protection law; it is only a data security provision," said Sunil Abraham, executive director of the Centre for Internet and Society.

Pavan Duggal, a Supreme Court lawyer and cyber security expert, said India needs more security while collecting data and "currently a lot of these websites don't have these security layers". Take for instance, the website of the chief electoral officer of New Delhi. Type a person's first or last name and select the constituency - the website throws up the details of all people with this name, along with all the details such as address and voter identity number. According to officials of the Election Commission, the searchability feature helps in easy access of voter details by people themselves or by interested political parties. "There has been no evidence to prove its use otherwise," an official of the EC told Business Standard.

However, experts said otherwise. Abraham said the electronic version of the electoral roll has a unique identifier, the voter ID number. "And, if there are other databases with the same identifier, a comprehensive profile of a citizen can be created." He added, at the moment, we are saved from 360-degree profiling to some extent, since there is no common identifier.

Once a privacy law comes into being, the government or a private agency will have to adequately inform citizens before collecting data, stating the reasons and only collecting as much information as is necessary for the purpose. It will also have to clearly define the time period for which the data will be stored and the security measures taken to protect it from misuse. The law also lays down the penalties in case of a breach.

Though in a less detailed manner, the current IT Act also addresses some of these issues. It defines anything which reveals financial information, biometric, health and medical records, etc, as sensitive financial information which cannot be put in the public domain.

However, experts said the government is lax in even enforcing the existing laws. To be fair, some states and departments have started being prudent about the data they put online. For instance, the state government of Chhattisgarh, a trend setter in effectively implementing the Public Distribution System, doesn't reveal much in terms of citizen information that can identify a person or can be termed as a breach of privacy. Similarly, Odisha and some northeastern states have put in a layer of security which creates some deterrents while using common keywords to search the electoral roll and create a profile of residents in a particular locality.

However, for now, most departments stuck in the tradeoff between privacy and transparency find solace in pointing fingers at contemporaries who might have also put "more sensitive and dangerous" citizen details online. The blame game doesn't end.

For more details visit https://cis-india.org/news/business-standard-october-29-2013-surabhi-agarwal-somesh-jha-saving-privacy-as-we-knew-it

Save Your Voice — A movement against Web censorship

praskrishna — 2012-03-13T11:44:27Z

‘Save Your Voice (SYV)’ is a movement against Web censorship and its main demand is the repealing of the Information Technology Act, said SYV founders, Aseem Trividi, a cartoonist, and Alok Dixit, a journalist, on Monday.

DNA Correspondent covered a press conference held on March 12, 2012 in Bangalore. Sunil Abraham was quoted in the story.

Trivedi’s website — www.cartoonistagainstcorruption.com — was banned during Anna Hazare’s movement. Trivedi said: “Mumbai police banned the website without any prior notice and cases of ‘treason’ were also filed. The website was banned without a judicial order and I haven’t received an explanation about the crime committed.”

Sunil Abraham, executive director, Centre for Internet and Society, said the private sector does not protect the freedom of expression.

Read the original published by Daily News & Analysis on March 13, 2012

For more details visit https://cis-india.org/news/save-your-voice-2014-a-movement-against-web-censorship

Salient Points in the Aadhaar Bill and Concerns

Amber Sinha and Elonnai Hickok — 2016-03-21T04:37:48Z

Since the release of the Aadhaar Bill, the Centre for Internet and Society has been writing a number of posts analyzing the Bill and calling out problematic areas and the implications of the same. This post is meant to contribute to this growing body of writing and call out our major concerns with the Bill.

Use of Aadhaar Number

What the Bill says:

Used to establish identity: The Aadhaar number can be used by any government or private agency to validate a person’s identity for any lawful purpose, but it cannot be used as a proof of citizenship. (Sections 4, 6, and 57)
Mandatory for access to government services: The government can make it mandatory for a person to authenticate her/his identity using Aadhaar number before receiving any government subsidy, benefit, or service whose expenditure is incurred from the Consolidated Fund of India.
Those without a number, must apply for one: If someone attempting to access an applicable service does not have an Aadhaar number, he/she should make an application for enrolment, and will be allowed to use an alternative method of identification in the meantime. (Section 7)
Open to use by public and private bodies: The Bill does not prevent the use of Aadhaar number to establish identity for other lawful purposes by the State or other private bodies. (Section 57)

Concerns:

Aadhaar is not voluntary: Section 7 makes its mandatory to have an Aadhaar number to access services, subsidies and benefits, and stipulates that in case one does not have the Aadhaar number they must apply for it. This is counter to the repeated claims about Aadhaar being purely voluntary, and the Supreme Court order dated August 11, 2015 which prevents making Aadhaar mandatory, barring a few specified services. The Bill does not limit mandatory use of Aadhaar to those services, and leaves the door open for the government to route more benefits, subsidies and services through the Consolidated Fund of India and expand the scope of Aadhaar.
There are limited and unclear alternatives: While there is a proviso in the Act which speaks for “viable and alternative” means of identification where Aadhaar number is not issued, the language is not clear and speaks of cases where Aadhaar “is not assigned” rather than simply stating that it is applicable to anyone who does not have an Aadhaar number.
There is a conflict in the objects and actual scope of the Bill: There is a conflict between the objects of the Bill which is stated as identification of individuals for targeted delivery of entitlements and Section 57 which allows all entities, public or private, to use the Aadhaar number for authentication.

Enrollment Process

What the Bill says:

Enrolling agencies must provide notice: At the time of enrollment, the enrolling agency will inform the individual of the following details— i) how their information will be used; ii) what type of entities the information will be shared with; and iii) that they have a right to access their information, and also tell them how they can access their information. (Section 3)
Biometrics and demographics will be collected: Biometric information and demographic information will be collected at enrollment. Biometric information means photograph, fingerprint, Iris scan, or any other biological attributes specified by regulations. Demographic information includes information relating to the name, date of birth, address and other relevant information as specified by regulations. (Section 2)
Special measures to ensure enrollment for all: The UIDAI will take special measures to issue Aadhaar number to women, children, senior citizens, persons with disability, unskilled and unorganised workers, nomadic tribes or to such other persons who do not have any permanent residence and similar categories of individuals as specified by the regulations. (Section 5)

Concerns:

The Bill fails to address implementation issues: The Bill does not address issues that have arising during enrolment processes that have already been implemented. These include: the collection of additional and unnecessary information, unclear retention, storage, and destruction standards for data collected by enrollment agencies, abuse of methods used to ensure all have access to the enrollment process, inaccuracy in the collection of data. Detailed procedure and chain of custody for the enrollment process needs to be addressed through provisions in the Bill particularly as this process is undertaken by contracted third party registrars and enrolling agencies.
Definition of “Biometric Information” is broad and ambiguous: The Bill defines “biometric information” as “photograph, fingerprint, iris scan, or other such biological attributes of an individual.” This definition is broad and gives sweeping discretionary power to the UIDAI / Central Government to determine “other such biological attributes of an individual”. The definition should be precise and exhaustive in its scope. Any modification to this, and other terms in the Bill, should take place only through a legislative act.

Authentication Process

What the Bill says:

Consent and use limitation during authentication: The Bill states that any requesting entity will— (a) take consent from the individual before collecting his/her Adhaar information; (b) use the information only for authentication with the CIDR.
Notice during authentication: Further, the entity requesting authentication will also inform the individual of the following— (a) what type of information will be shared for authentication; (b) what will the information be used for; and (c) whether there is any alternative to submitting the Aadhaar information to the requesting entity. (Section 8)
Retention of authentication records: The UIDAI will maintain the authentication records in the manner and for as long as specified by regulations. (Section 32) The UIDAI will not collect, keep or maintain any information about the purpose of authentication. (Section 32)
Ability to obtain authentication records: Every Aadhaar number holder may obtain his authentication record as specified by regulations. (Section 32)
Requirement to update information: The UIDAI has the power to require residents to update their demographic and biometric information from time to time. (Section 6)

Concerns:

Lack of strong consent mechanism: While the Bill does provide for seeking consent for collecting and using an Aadhaar for authentication, the Bill does not specify that this must be informed consent with an ‘opt out’ mechanism and does not specify the manner in which such consent should be sought. This leaves it it in the hands of the UIDAI and possibly the third requesting entity to determine the form of consent that is to be taken. This could result in ambiguous, misleading, or inconsistent consent mechanisms being used.
Lack of strong notice mechanism: While the Bill does provide that individuals should be given notice of the type of information be shared and what the information will be used for, and any alternative identity that will be accepted during the authentication process this is a minimal notice and does not meet the standards in the (Reasonable security practices and procedures and sensitive personal data or information) Rules 2011 which require individuals to be notified of a) the fact that the information is being collected b) the purposes for which the information is being collected c) the intended recipients of the information d) the name and address of the agency collecting the information and the agency that will retain the information. Furthermore, the Bill does not require the UIDAI, contracted bodies, or requesting entities to notify individuals of any changes in organizational privacy policies.
“Obtaining” rather than the right to access: Instead of providing the individual with a clear right to access the information that the UIDAI holds about him or her, the Bill waters down this safeguard by giving the individual the ability to obtain only his authentication record. What ‘obtaining’ will entail and how one will go about it is delegated to regulations.
Lack of ability to opt out, withdraw consent and/or ‘exit’ Aadhaar: There are no opt-out mechanisms in the Aadhaar Act.This means that individuals cannot:

Opt out and leave the Aadhaar ‘ecosystem’ once enrolled and their information is not deleted.
Opt out of sharing of information at the enrollment stage or authentication stage.
Opt out of any use, disclosure, or retention of their information prescribed by the Act.

Security

What the Bill says:

Security measures for information with UIDAI: The UIDAI will take measures to ensure that all information with the UIDAI, including CIDR records is secured and protected against access, use or disclosure and against destruction, loss or damage. (Section 28)
Security measures through contract: The UIDAI will adopt and implement appropriate technical and organisational security measures, and ensure the same are imposed through agreements/arrangements with its agents, consultants, advisors or other persons. (Section 28)
Security protocol via regulations: The UIDAI has the power to prescribe via regulation various processes relating to data management, security protocol and other technology safeguards (Section 54)

Concerns:

Undefined security measures: The Bill specifies that appropriate technical and organisational security measures shall be put in place without elaborating upon what those measure should be or defining any standards that they will adhere to. The Bill gives the Authority the power to define broad regulations pertaining to security protocol.

Confidentiality

What the Bill says:

Restriction on Sharing, Disclosure, and Use: Unless otherwise provided, the UIDAI or its agents will not reveal any information in the CIDR to anyone. (Section 28) The core biometric information collected will not be a) shared with anyone for any reason, and b) used for any purpose other generation of Aadhaar numbers and authentication. (Section 29) Identity information, other than core biometric information, may be shared as per this Act and regulations specified under it. (Section 29) Identity information available with a requesting entity will not be used for any purpose other than what is specified to the individual, nor will it be shared further without the individual’s consent. (Section 29) Aadhaar numbers or core biometric information will not be made public except as specified by regulations. (Section 30)
Application of Information Technology Act: All biometric information collected and stored in electronic form will be deemed to be “electronic record” and “sensitive personal data or information” under Information Technology Act, 2000 and its provisions and rules will apply to it in addition to this Act. (Section 30)

Concerns:

Aadhaar numbers and biometric information to be made public: It is unclear for what purposes it would be necessary for Aadhaar numbers and core biometric information to be made public and it is concerning that such circumstances are left to be defined by regulation. This is different from the Telegraph Act and the IT Act which define the circumstances for interception in the Act and define the procedure for carrying out interception orders in associated Rules. Defining circumstances for such information to be made public is against the disclosure standards in the 43A Rules - which would be applicable to the UIDAI and the disclosure of core biometric information.
Unclear application of Section 43 A Rules: The Bill characterises biometric information collected as ‘sensitive personal data or information’ under the Information Technology Act, 2000 and Section 43A Rules and states that the Act and Rules would be applicable to biometric information. If this is the case, than any body corporate (including the UIDAI) collecting, processing, or storing biometric information would need to follow the standards established in the Rules - including standards for collection, consent, disclosure, sharing, retention, and security. Yet, the Bill allows the UIDAI to make regulations for collection, disclosure, security etc.

Disclosure

What the Bill says:

Disclosure during authentication: During authentication, the UIDAI will respond to the authentication request with yes, no, or other appropriate response and share identity information about the Aadhaar number holder, but not share any biometric information. (Section 8)
Exceptions to confidentiality provisions: The UIDAI may reveal identity information, authentication records or any information in the CIDR following a court order by a District Judge or higher. Any such order may only be made after UIDAI is allowed to appear in a hearing. (Section 33) The confidentiality provisions in Sections 28 and 29 will not apply with respect to disclosure made in the interest of national security following directions by a Joint Secretary to the Government of India, or an officer of a higher rank, authorised for this purpose. (Section 33)
Oversight Committee: An Oversight Committee comprising Cabinet Secretary, and Secretaries of two departments — Department of Legal Affairs and DeitY— will review every direction under 33 B above. Any directions in the interest of national security above are valid for 3 months, after which they may be extended following a review by the Oversight Committee. (Section 33)

Concerns:

Unnecessary disclosure during authentication: Usually authentication would be a binary process leading to a yes or no result, however, Section 8 also allows sharing of identity information in certain cases. It is unclear why any additional information would need to be shared in the authentication process.
Lack of opportunity to data subject: In case of a court order identity information and authentication records of an individual can be revealed without any notice or opportunity of hearing to the individual affected. Aside from allowing the UIDAI a right to be heard, the Bill does not provide any means by which an individual can contest such an order or challenge it after it has been passed.
Lack of defined functions and responsibilities of oversight mechanisms: Section 33 currently specifies a procedure for oversight by a committee, however, there are no substantive provisions laid down as the guiding principles establishing the responsibilities and powers of the oversight mechanism.
Low standards for disclosure order: Though a court order from a District Judge is required to authorize disclosure of information, the Bill fails to define important standards that such an order must meeting including that the order is necessary and proportionate.
Sweeping exception of National Security: Disclosures that are made ‘in the interest of national security’ do not require authorization by a judge and instead can be authorized by the Joint Secretary of the Government of India - a standard lower than that established in the Telegraph Act and IT Act for the interception of communications.

Power of UIDAI to make rules and regulations

What the Bill says:

The matters on which the UIDAI may frame rules include:

The process of collecting information,
Verification of information,
Individual access to information,
Sharing and disclosure of information,
Alteration of information,
Request and response for authentication,
Defining use of Aadhaar numbers,
Defining privacy and security processes,
Specifying processes relating to data management, security protocols and other technology safeguards under this Act
Establishing redressal mechanisms.

Concerns:

Over delegation of powers to the UIDAI: This Bill follows in the tradition of laws like the Information Technology Act, which allows the executive a very high degree of discretionary power. As mentioned above, a number of important powers which should ideally be within the purview of the legislature are delegated to the UIDAI. The UIDAI has been administrating the project since its inception, and a number of problems have already been documented in process such as collection, verification, sharing of information, privacy and security processes. Rather than addressing these problems, the Bill allows the UIDAI to continue to have similar powers.
Lack of independence of grievance redressal mechanism: Within the text of the Bill there are no grievance redressal mechanism created under the Bill. The power to set up such a mechanism is delegated to the UIDAI under Section 23 (2) (s) of the Bill. However, making the entity administering a project, also responsible for providing for the frameworks to address the grievances arising from the project, severely compromises the independence of the grievance redressal body.

For more details visit https://cis-india.org/internet-governance/salient-points-in-the-aadhaar-bill-and-concerns

Sales of surveillance cameras are soaring, raising questions about privacy

Admin — 2018-10-16T14:22:55Z

The Telangana government wants more eyes on the streets to upgrade Hyderabad’s safety. It has asked enterprises, public sectors, residential associations and individuals to install closed-circuit television cameras (CCTVs) in and around their premises.

The article by Rahul Sachitanand was published in Economic Times on October 14, 2018. Elonnai Hickok was quoted.

More than a lakh CCTVs are expected to be installed across the city in the next few years. The initiative is part of the Nenu Saitham (Telugu for Me Too) project — being promoted by Hyderabad Police, which will monitor the feed. To ensure that lowquality CCTVs are not installed and the project is sustainable, the police has asked citizens to only buy from selected vendors.

With this move, launched in November 2017, the Telangana govt joins a growing list of governments, corporations, educational institutes, residential buildings and small businesses across the country that are buying such technology.

According to industry estimates, over a million surveillance units were sold every month a couple of years ago. Now it is two million. The Indian market is growing 20-25% annually, say experts. Frost & Sullivan says the security & surveillance market was worth Rs 8,200 crore in FY2017, reached Rs 11,000 crore in FY2018 and is expected to touch Rs 20,000 crore in FY2020.

The rise in CCTV coverage can also be observed anecdotally. There’s a steady uptick in CCTV clips circulating on Whatsapp, capturing crimes or funny events that would otherwise have gone undocumented. Many of the sensational crimes recently, including multiple incidents of murder in Tamil Nadu, were captured on CCTV cameras, distilling the pure horror of those moments on our mobile screens, and also offering valuable proof to nail the culprits.

The surveillance and security boom is fed by several companies, ranging from homegrown firms such as CP Plus to joint ventures such as Prama Hikvision to multinationals such as Bosch, Panasonic, Honeywell and Axis. The Telangana project, for example, helped Sweden-based Axis Communications widen its India market. It has already installed 1,500 cameras, and more will be installed soon. Other state governments have or are in the process of placing orders.

The Swedish company says it recently installed cameras and associated technology across a range of large corporate and government establishments across India. “We are at the beginning of a five-year boom cycle for these devices,” says Sudhindra Holla, sales director (India & Saarc), Axis Communications. “We are catering to a rush of orders ranging from large companies with complex security infrastructure to deals from government agencies in small towns such as Nanded and Kolhapur.”

Multiple factors are driving the growth in the CCTV segment, says Manu Tiwari, programme manager (automation and electronics practice), Frost and Sullivan. A strong government push to enhance security; purchases for initiatives such as the Smart City project, which covers 100 cities, and the Rs 2,219 crore allocated under the Nirbhaya Fund for women’s safety, which covers eight cities, are some of the growth drivers.

According to Sanjay Kaushik, managing director of security consultancy Netrika Consulting, there is a push to better use CCTV feeds to improve security across India. “While the focus hitherto has been on post facto scouting of footage to find perpetrators, organisations are now trying to be more proactive with their monitoring to spot suspicious people and packages before crimes occur.”

This could involve closely looking at footage to spot suspicious movements at places such as malls or airports or using technology to spot suspicious objects left unattended for long periods. Then, there’s also a focus on making sure the cameras are installed correctly. “Recognisability is key. Organisations are being pushed to ensure simple things like camera feeds are free of obstructions, licence plates are visible in feeds and there is adequate lighting,” adds Kaushik. Advances in technology have ensured that CCTV systems are cheaper and more accessible.

While large enterprises had taken to such technology earlier, even smaller commercial establishments and private residents now can afford to install security systems. The prices have practically halved over the last couple of years. An entry-level camera is now available for a little over Rs 2,000. “Even the cost of an integrated solution, which was as much as Rs 40,000 to Rs 50,000 three or four years ago, is today available for as little as Rs 15,000,” says Yogesh Dutta, COO of New Delhi-based CP Plus. “A rapid increase in the number of CCTVs sellers and technicians has also helped widen access.” The devices have become popular as it helps law enforcers to tackle crime, he adds.

CP Plus’s customers include Vedanta Power and Odisha Police, which has also decided to use e-surveillance to enhance security. Frost and Sullivan says small & medium enterprises and large corporations were together the biggest end-user segments in FY18. This segment had a market share of 33%. Residential had a 28% market share; the industrial segment had 18% and the government 13%, it said. Other major end-user segments are hospitality, education and healthcare.

An increase in such surveillance, however, may be double-edged, say privacy advocates. While a blanket coverage using CCTVs may give citizens a feeling of security, India’s rudimentary legislation around who can access these feeds is a problem. Some countries such as the UK and UAE have stricter guidelines on this. Law-enforcement agencies can access such feeds while following up on their investigations, says Supreme Court lawyer Karnika Seth, without procuring a warrant. “As long as it is for this purpose, it is within the purview of the law. However, with the new judgment on privacy, anything more would be a no-go area.”

The use of CCTV can potentially impinge on the rights of an individual, says Elonnai Hickok, who heads privacy research at the Centre for Internet and Society, an advocacy outfit in Bengaluru. “Technically speaking, the feed can reveal personal information about an individual, including identity, location and daily patterns. Because the feed captures individuals in public spaces, it is not possible for people to have an opt-out option. The access and use of the data are often unclear.” Regulations are starting to address the use of CCTV imagery in some places. The European Union’s General Data Protection Regulation, for example, has recognised that imagery that identifies an individual is personal data and thus requires lawful, fair and transparent processing.

The draft data protection bill by the Srikrishna committee also says CCTV imagery would be considered personal data. If CCTV cameras are put in place by a private actor, Hickok contends, they would need to adhere to the principles laid out in chapters II and III of the draft — which covers fair and reasonable processing, purpose limitation, collection limitation, lawful processing, notice, data quality, data storage limitation, accountability and consent.

For feeds used by the state for reasons such as public safety, the consent clause will not apply. But state actors will still need to adhere to the principles laid out in chapter II. If CCTVs are used for the purpose of prevention, detection, investigation and prosecution of a crime, it will be exempt from adhering to the requirements of the bill. However, this use must be backed by a law passed in Parliament and the data cannot be retained once its purpose has been met.

There are more legal restrictions if the CCTV application is integrated with capabilities that capture biometrics. "Clear responsibilities and reasons should be enunciated, the policies should be clearly documented and publicised and, importantly, the cost and benefits should be ascertained," Hickock argues. ¡§It is important to have technical safeguards like encryption and procurement guidelines.

Legal and privacy issues aside, the commercial aspect is clearly looking bright. Prama Hikvision, a Chinese-Indian joint venture, has invested Rs 100 crore in a factory in Bhiwandi to make 500,000 cameras a month. A second factory, possibly in Telangana, is expected to go on stream soon, with a monthly capacity of 1,50,000 units. "CCTVs have gone from being used by a sliver of companies, primarily banks and jewellers, to being adopted by a much broader audience," says Ashish Dhakan, MD and CEO, Prama Hikvision. "Our client list includes companies in the sectors of transportation, power, petroleum, oil and gas and retail."

Another trend market players have spotted is a shift from analog, which used tapes to record footage, to digital systems, where recording time and storage space are not major constraints. "We see continuous enhancement to megapixel (displays) from lowresolution, improved compression technology. This allows more data, more storage capacity, and overall lowering of cost for storage recording devices," says Sharad Yadav, general manager, Honeywell Building Technologies, India. Frost and Sullivan analyst Tiwari lists emerging offerings - including intelligent video surveillance, wireless systems and higher resolution of visuals - as features that will define the next-generation devices.

But digital also comes with some dangers. As CCTV cameras go from standalone devices to being digital and connected ones, experts say there is a risk of hacking. Hackers may also be able to use the network as a gateway. This could give hackers access to much more than just the camera feed. "Cybersecurity is a constant focus for us," says Holla of Axis Communications. "While no camera is hackproof, we believe we have built enough capabilities to react to these hacks and quickly release patches to secure them."

Others such as Hickok of CIS say more safeguards are required. "Technical safeguards like encryption and procurement guidelines are also important, as has been highlighted by the UK Information Commissioner's Office," she says. Keeping the cameras safe may be as important as safeguarding the lives these devices monitor.

For more details visit https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-october-14-2018-sales-of-surveillance-cameras-are-soaring-raising-questions-about-privacy

Russian social network VKontakte temporarily blocked in India for Blue Whale threat

Admin — 2017-09-14T01:17:51Z

Russian social network Vkontakte, where the suicidal online "game" Blue Whale+ is believed to have originated, was blocked on certain internet service provider networks on Tuesday.

The article by Kim Arora was published in the Times of India on September 12, 2017.

Internet users accessing the website through ACTFibernet in Bengaluru and Chennai, as well as YouBroadband in Bengaluru reported that visiting the its URL vk.com resulted in a page bearing the message: "The URL has been blocked as per the instructions of the Competent Government Authority/in compliance to the orders of the Court of Law." A senior official in the union ministry of electronics and information technology (MeitY) confirmed the block.

"Vkontakte has been blocked temporarily. We understand that it has been used for Blue Whale+ in the past, and are trying to ascertain its current usage. Law enforcement agencies are investigating the suspected cases of Blue Whale suicides and the modus operandi. We have held meeting with internet companies. We are taking several multi-dimensional ways of containing the Blue Whale threat in India," says Dr Ajay Kumar, additional secretary at the MeitY.

While blocked on some networks, vk.com was accessible on several other mobile internet networks such as Idea, Airtel, Vodafone, Jio etc on Tuesday afternoon.

The Blue Whale challenge involves a "curator" or "administrator" guiding a participant through a set of tasks involving self-harm culminating in suicide. These interactions happen through various online channels, like messaging apps or social networks, and allegedly involve participants uploading pictures after completing tasks like inflicting cuts on their bodies. In the last two to three months, India has seen several cases of young persons and teenagers attempting or committing suicide allegedly as part of the Blue Whale challenge.

Rohini Lakshane, program officer at Bengaluru's Centre for Internet and Society points to the lack of hard evidence definitively connecting the suicides to the Blue Whale game in India, and also to hoax-debunking websites that have questioned the veracity of the game. "If the game is so clandestine, then URL-level blocking will not work. Suicide is a mental health issue. Since the affected group here is teenagers, it would make sense for parents and school counselors to educate the children about the evils that exist online," she says.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-kim-arora-russian-social-network-vkontakte-temporarily-blocked-in-india-for-blue-whale-threat

Rural Indians don’t trust messages on WhatsApp blindly: Survey

Admin — 2018-10-28T06:21:34Z

Only 8% of the respondents marked 10 as their trust score on a scale of 1-10, where 1 stands for complete distrust and 10 for complete trust, in information received on WhatsApp, found a survey.

The article by Vidhi Choudhary was published in the Hindustan Times on October 19, 2018. Sunil Abraham was quoted.

WhatsApp users in rural India do not blindly trust messages they receive on the messaging service, according to a limited survey across 14 states, a finding that must provide some cheer to law enforcement officials and policymakers trying to combat fake news and rumours, and to the messaging service itself.

Only 8% of the respondents marked 10 as their trust score on a scale of 1-10, where 1 stands for complete distrust and 10 for complete trust, in information received on WhatsApp, found a survey conducted by Digital Empowerment Foundation (DEF), a New Delhi-based non-profit organisation that seeks to find solutions to bridge the digital divide.

To be sure, the Digital Empowerment Foundation survey titled “What’s up Rural India?” recorded responses from only 1018 rural users in 14 states including districts like Bettiah in Bihar, Barabanki in Uttar Pradesh, Chamba, Narendra Nagar and Pratapnagar in Uttarakhand, Betul and Guna in Madhya Pradesh, Musiri in Tamil Nadu, Memboobnagar, Vikarabad and Warangal in Telangana and Alwar and Barmer in Rajasthan among others, and only a larger survey can authoritatively weigh in on the trust people have in the messaging service.

Since May, at least 30 people have been lynched by mobs with rumours on the messaging platform being responsible for some of the incidents. Fake videos and rumours of child-lifting circulated via WhatsApp have triggered lynchings in at least eight states. The Indian government wrote to WhatsApp about the incidents and the platform, owned by Facebook Inc made some changes, including a clear labelling of forwarded messages as well as limiting the number of forwards to tackle the spread of rumours and Fake News.

WhatsApp has over 200 million users in India, its largest market, and India’s chief election commissioner OP Rawat said in a recent interview with Hindustan Times that attempts to influence poll outcomes using technology was the biggest challenge before his organization, which is responsible for the conduct of polls in India.

According to the DEF survey, almost 70% of the respondents rated their trust score between 1-5. “This composition of trust is unlike what I’d imagined. Users in rural India have exercised restraint in believing the information they get from WhatsApp. They still prefer to check with peers and local communities about what is right and wrong,” said Osama Manzar, founder and director at DEF.

What’s up, rural India?

Survey on WhatsApp by Digital Empowerment Foundation:

It is heartening to know people in rural India are sceptical about messages shared on WhatsApp, said Sunil Abraham co-founder at think-tank Centre for Internet and Society. “It’s a societal learning curve. Most of these users have been exposed to WhatsApp over the last one year. Previous incidents where trust has been misused is perhaps a reason for their apprehension. Their scepticism will grow in the light of all the disappointments that have happened. Ask them this question in 2019 and the numbers are likely to rise further,” added Abraham. Statistics in terms of overall usage of WhatsApp shows that about 66% rural users interviewed in the survey spend 1-4 hours on the messaging app daily, 46% receive between 11-60 messages in a day, 38% are active on upto five WhatsApp groups with a majority being in groups with friends, followed by work colleagues, and family. Experts said the usage of WhatsApp in rural India is surprisingly high. The high usage can be attributed to the rise of smartphone penetration in these areas.

A majority of 88% users also knew what a WhatsApp forward is and 45% said they receive between 6-20 forwarded messages in a day. In July, WhatsApp launched a label to identify forwarded messages in a bid to combat fake news and the spread of misinformation globally, including India. It later set a limit to the use of forwarded messages to 5 chats in India.

In response to an email query, WhatsApp said it has made product changes that make it clear when users have received forwarded messages and also provided greater controls for group administrators to help reduce the spread of unwanted messages in private chats.

“WhatsApp is a private messaging service for communicating with friends and family... We are working together with a number organisations to step up our education efforts so that people know how to spot fake news and hoaxes circulating online. It is heartening to note that these efforts are making a difference and keeping our users safe,” said a WhatsApp spokesperson.

Among other findings, about 40% of respondents said they were part of WhatsApp groups created by members or representatives of political parties.

“This reflects the level of campaigning and penetration of political parties. Villages are always politically sensitive and also interested in politics,” said Manzar.

Interestingly, the survey noted that 63% of the respondents were not on the service in 2014. WhatsApp will play a key role in the campaigns for 2019 as this will be the first election with a host of rural India users actively part of the service.

Data shows that the share of active WhatsApp users in rural India has doubled since 2017, according to a survey done by the Centre for the Study of Developing Societies. Abraham added this means political parties have a “direct channel” of communication with a “huge percentage of the voter base”.

For more details visit https://cis-india.org/internet-governance/news/hindustan-times-october-19-2018-vidhi-choudhary-rural-indians-don-t-trust-messages-on-whatsapp-blindly-survey

Ruling in India shields Web posts

praskrishna — 2015-03-27T00:38:34Z

The Supreme Court in India struck down a section of its country’s information technology act Tuesday that had made it illegal for anyone to spread ‘‘offensive messages’’ on electronic devices and resulted in arrests over posts on Facebook and other social media.

This is the modified version of the article originally published by Washington Post and mirrored in Boston Globe. Sunil Abraham is quoted. Picture by Manjunath Kiran, AFP.

Supreme Court Judge Rohinton Fali Nariman wrote in the ruling that the section of the law, known as 66A, was unconstitutional, saying the vaguely worded legislation had wrongly swept up innocent people and had a ‘‘chilling’’ effect on free speech in the world’s most populous democracy.

‘‘Section 66A is cast so widely that virtually any opinion on any subject would be covered by it,’’ the judge wrote. ‘‘If it is to withstand the test of constitutionality, the chilling effect on free speech would be total.’’

India had first passed its Information Technology Act in 2000, but stricter provisions were added in 2008 and ratified in 2009 that gave police sweeping authority to arrest citizens for their personal posts on social media, a crime punishable for up to three years in jail and a fine.

Sunil Abraham, the executive director of the Center for Internet and Society in Bangalore, said that the section was originally intended to protect citizens from electronic spam, but it did not turn out that way.

‘‘Politicians who didn’t like what people were saying about them used it to crack down on online criticism,’’ he said.

In the end, there were more than 20 high-profile arrests, including a professor who posted an unflattering cartoon of a state political leader and an artist who drew a set of cartoons lampooning the government and Parliament.

The most well-known was the case of two young women arrested in the western town of Palghar after one of them posted a comment on Facebook that argued that the city of Mumbai should not have been shut down for the funeral of a famous conservative leader. A friend, who merely ‘‘liked’’ the post, was also arrested. After much outcry, the two were released on bail and the charges eventually dropped.

The case of the ‘‘Palghar Girls’’ inspired a young law student, Shreya Singhal, to take on the government’s law. Singhal became the chief petitioner for the case, along with other free speech advocates and an Indian information technology firm.

‘‘It’s a big victory,’’ Singhal said after the ruling. ‘‘The Internet is so far-reaching and so many people use it now, it’s very important for us to protect this right.’’

Singhal and other petitioners had also argued that another section of India’s technology act that allowed the government to block websites containing questionable material were also unconstitutional, but the court disagreed, saying there was a sufficient review process in place to avoid misuse.

Free speech in India is enshrined in the country’s constitution but has its limits. Books and movies are often banned or censored out of consideration for religious and minority groups.

In 2014, a conservative Hindu group persuaded Penguin India to withdraw a book on Hinduism by Wendy Doniger, a professor of religion at the University of Chicago, from the Indian market. And more recently, the government of India blocked a planned television debut of a documentary film on a 2012 gang rape case, ‘‘India’s Daughter.’’

Along with India, other nations have sharply increased monitoring and crackdowns on perceived insulting Web posts in recent years.

Across the Gulf Arab states, dozens of activists have been arrested for social media posts considered insulting to the country’s rulers or tarnishing the national image.

For more details visit https://cis-india.org/internet-governance/news/boston-globe-march-25-2015-annie-gowen-ruling-in-india-shields-web-posts

Rule 419A of the Indian Telegraph Rules, 1951

jdine — 2013-11-19T07:16:04Z

The Central Government made the following rules to amend the Indian Telegraph Rules, 1951.

G.S.R. 193 (E).— In exercise of the powers conferred by Section 7 of the Indian Telegraph Act, 1885 (13 of 1885), the Central Government hereby makes the following rules further to amend the Indian Telegraph Rules, 1951, namely:—

10 (1) These rules may be called the Indian Telegraph (Amendment) Rules, 2007.

(2) They shall come into force on the date of their publication in the Official Gazette.

20 In the Indian Telegraph Rules, 1951, after rule 419, the following rule shall be substituted, namely:—

[1] 419-A. (1) Directions for interception of any message or class of messages under sub-section (2) of Section 5 of the Indian Telegraph Act, 1885 (hereinafter referred to as the said (Act) shall not be issued except by an order made by the Secretary to the Government of India in the Ministry of Home Affairs in the case of Government of India and by the Secretary to the State Government in-charge of the Home Department in the case of a State Government. In unavoidable circumstances, such order may be made by an officer, not below the rank of a Joint Secretary to the Government of India, who has been duly authorized by the Union Home Secretary or the State Home Secretary, as the case may be:

Provided that in emergent cases—

(i) in remote areas, where obtaining of prior directions for interception of messages or class of messages is not feasible; or
(ii) for operational reasons, where obtaining of prior directions for interception of message or class of messages is not feasible;

the required interception of any message or class of messages shall be carried out with the prior approval of the Head or the second senior most officer of the authorized security i.e. Law Enforcement Agency at the Central Level and the officers authorised in this behalf, not below the rank of Inspector General of Police at the state level but the concerned competent authority shall be informed of such interceptions by the approving authority within three working days and that such interceptions shall be got confirmed by the concerned competent authority within a period of seven working days. If the confirmation from the competent authority is not received within the stipulated seven days, such interception shall cease and the same message or class of messages shall not be intercepted thereafter without the prior approval of the Union Home Secretary or the State Home Secretary, as the case may be.

(2) Any order issued by the competent authority under sub-rule (1) shall contain reasons for such direction and a copy of such order shall be forwarded to the concerned Review Committee within a period of seven working days.

(3) While issuing directions under sub-rule (1) the officer shall consider possibility of acquiring the necessary information by other means and the directions under sub-rule (1) shall be issued only when it is not possible to acquire the information by any other reasonable means.

(4) The interception directed shall be the interception of any message or class of messages as are sent to or from any person or class of persons or relating to any particular subject whether such message or class of messages are received with one or more addresses, specified in the order, being an address or addresses likely to be used for the transmission of communications from or to one particular person specified or described in the order or one particular set of premises specified or described in the order.

(5) The directions shall specify the name and designation of the officer or the authority to whom the intercepted message or class of messages is to be disclosed and also specify that the use of intercepted message or class of messages shall be subject to the provisions of sub-section (2) of Section 5 of the said Act.

(6) The directions for interception shall remain in force, unless revoked earlier, for a period not exceeding sixty days from the date of issue and may be renewed but the same shall not remain in force beyond a total period of one hundred and eighty days.

(7) The directions for interception issued under sub-rule (1) shall be conveyed to the designated officers of the licensee(s) who have been granted licenses under Section 4 of the said Act, in writing by an officer not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank.

(8) The officer authorized to intercept any message or class of message shall maintain proper records mentioning therein, the intercepted message or class of messages, the particulars of persons whose message has been intercepted, the name and other particulars of the officer or the authority to whom the intercepted message or class of messages has been disclosed, the number of copies of the intercepted message or class of messages made and the mode or the method by which such copies are made, the date of destruction of the copies and the duration within which the directions remain in force.

(9) All the requisitioning security agencies shall designate one or more nodal officers not below the rank of Superintendent of Police or Additional Superintendent of Police or the officer of the equivalent rank to authenticate and send the requisitions for interception to the designated officers of the concerned service providers to be delivered by an officer not below the rank of Sub-lnspector of Police.

(10) The service providers shall designate two senior executives of the company in every licensed service area/State/Union Territory as the nodal officers to receive and handle such requisitions for interception.

(11) The designated nodal officers of the service providers shall issue acknowledgment letters to the concerned security and Law Enforcement Agency within two hours on receipt of intimations for interception.

(12) The system of designated nodal officers for communicating and receiving the requisitions for interceptions shall also be followed in emergent cases/unavoidable cases where prior approval of the competent authority has not been obtained.

(13) The designated nodal officers of the service providers shall forward every fifteen days a list of interception authorizations received by them during the preceding fortnight to the nodal officers of the security and Law Enforcement Agencies for confirmation of the authenticity of such authorizations. The list should include details such as the reference and date of orders of the Union Home Secretary or State Home Secretary, date and time of receipt of such orders and the date and time of Implementation of such orders.

(14) The service providers shall put in place adequate and effective internal checks to ensure that unauthorized interception of messages does not take place and extreme secrecy is maintained and utmost care and precaution is taken in the matter of interception of messages as it affects privacy of citizens and also that this matter is handled only by the designated nodal officers of the company.

(15) The service providers are responsible for actions for their employees also. In case of established violation of license conditions pertaining to maintenance of secrecy and confidentiality of information and unauthorized interception of communication, action shall be taken against the service providers as per Sections 20, 20-A, 23 & 24 of the said Act, and this shall include not only fine but also suspension or revocation of their licenses.

(16) The Central Government and the State Government, as the case may be, shall constitute a Review Committee. The Review Committee to be constituted by the Central Government shall consist of the following, namely:

(a) Cabinet Secretary — Chairman

(b) Secretary to the Government of India Incharge, Legal Affairs — Member

The Review Committee to be constituted by a State Government shall consist of the following, namely:

(a) Chief Secretary — Chairman

(b) Secretary Law/Legal Remembrancer Incharge, Legal Affairs — Member

(17) The Review Committee shall meet at least once in two months and record its findings whether the directions issued under sub-rule (1) are in accordance with the provisions of sub-section (2) of Section 5 of the said Act. When the Review Committee is of the opinion that the directions are not in accordance with the provisions referred to above it may set aside the directions and orders for destruction of the copies of the intercepted message or class of messages.

(18) Records pertaining to such directions for interception and of intercepted messages shall be destroyed by the relevant competent authority and the authorized security and Law Enforcement Agencies every six months unless these are, or likely to be, required for functional requirements.

(19) The service providers shall destroy records pertaining to directions for interception of message within two months of discontinuance of the interception of such messages and in doing so they shall maintain extreme secrecy.

[1].Subs, by G.S.R. 193 (E), dated 1.3.2007 (w.e.f. 12.3.2007).

For more details visit https://cis-india.org/internet-governance/resources/rule-419-a-indian-telegraph-rules-1951