We are anonymous, we are legion

Private sector censors

praskrishna — 2012-04-26T13:30:47Z

If business decides what’s ‘good’ and ‘bad’ speech, it can lead to multiple interpretations and arbitrary decisions. The article by Salil Tripathi was published in LiveMint on April 25, 2012.

In Milan Kundera’s 1967 Czech novel, Žert (The Joke), Ludvik Jahn sends a postcard to an intense classmate who takes herself too seriously. In the card, he makes sarcastic comments against the Communist Party. Unsurprisingly, others don’t see the joke. He gets expelled from the party, conscripted and has to work in mines.

While The Joke was a work of fiction, in the real Soviet era as punishment for such actions, many people lost jobs, sometimes their homes; some went to jail, often betrayed by those they trusted. In Czechoslovakia (as the country was then known), the state ran the postal service and those who read the postcard were party members. In India, the private sector provides Internet access and others don’t have the legal right to see what’s being transmitted, unless they are intended recipients, or if the material is broadcast publicly. The state now wants the private sector to police and censor the Internet.

Under the draconian Information Technology (Intermediaries Guidelines) Rules, 2011, any intermediary (a search engine, a website, a domain name registry, a service provider, or a cyber café) must take down the “offending” material from its website within 36 hours. The intermediary need not inform the person who posted the material, nor would the creator get the right to respond. As Apar Gupta points out on the Indian Law and Technology Blog, in one recent case, based on these rules, an injunction has been granted.

These rules go significantly beyond the existing restraints on speech. The Constitution limits speech and sections of the criminal code impose further restrictions. To that, add the IT rules’ vaguely defined terms of what can’t be said—content which is “grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophilic, libelous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling or otherwise unlawful in any manner whatever, harms minors in any way, or infringes any patent, trademark, copyright, or other proprietary right”. Who decides that? The intermediaries.

These rules make the private sector act like the state. Nobody elected business to play such a role; it does not have the expertise, capacity, legal training, or authority to act as the state. Censorship is bad; whether in state or private hands. If business decides what’s “good” and “bad” speech, it can lead to multiple interpretations and arbitrary decisions, without recourse to appeal. In a country where those who feel offended have often threatened violence, businesses will understandably take the cautious approach and not allow anyone to say anything that’s remotely controversial, even if it is an opinion about a film.

Decisions will be made on opaque criteria. Apple and Amazon have arbitrarily stopped some products from being sold on their electronic stores, citing “community standards”. Amazon stopped providing server space to WikiLeaks, even though no government had asked it to do so. Credit card companies stopped processing donations going to WikiLeaks, without any legal order. Even Google, which has admirably stood up to China’s bullying, has had to take down content when governments have required that it does so through proper legal channels. India’s record is poor: of the 358 complaints India lodged with Google, 255 were about content that was controversial or political, but not illegal.

To demonstrate the reach of the rules, the Centre for Internet and Society in Bangalore sent random notices to seven companies, asking them to take down content. Of them, six complied beyond what they were called upon to do—instead of the three pages that the centre asked for, one company blocked an entire website. A few legally worded letters were enough to get compliance from companies. The centre’s executive director, Sunil Abraham, told me recently: “Companies which have no interest in free speech are now taking these decisions. They have the power to do so and they are using it without any sense of responsibility.”

Aseem Trivedi knows this well. The cartoonist who ran a website called cartoonistsagainstcorruption.com, found that his site had disappeared after a complaint from an individual that the cartoons violated laws. Since then he has been campaigning for freedom on the Internet. Everyone’s freedom is at stake—whether you want to see cartoons of Sonia Gandhi, Narendra Modi, Ramdev, Kisan Hazare, Binayak Sen, Arundhati Roy, Sachin Tendulkar, Poonam Pandey and even Mamata Banerjee. And yet look at what happened to Ambikesh Mahapatra, the professor who sent a cartoon mocking Banerjee to some friends via the Internet. He was arrested and later roughed up. These rules chill speech.

Last year, Kapil Sibal, minister for information technology, asked companies to screen content manually and censor the Web. The demand was audacious. It showed lack of understanding of how the Internet works and revealed fundamental ignorance of the state’s role: it has to protect the rights of the one who wishes to express and not the one who claims offence.

In Parliament, P. Rajeev, member of Parliament (Rajya Sabha), wants to annul those rules. Everyone should support him.

Read the original in LiveMint here

For more details visit https://cis-india.org/news/private-sector-censors

Private Sector and the cultivation of cyber norms in India

basu — 2019-08-07T15:18:27Z

Information Communication Technologies (ICTs) have become a regular facet of modern existence. The growth of cyberspace has challenged traditional notions of global order and uprooted the notion of governance itself. All over the world, the private sector has become a critical player, both in framing cyber regulations and in implementing them.

The article by Arindrajit Basu was published by Nextrends India on August 5, 2019.

While the United Nations ‘Group of Governmental experts’ (GGE), tried and failed to establish a common law for governing the behavior of states in cyberspace, it is Big Tech who led the discussions on cyberspace regulations. Microsoft’s Digital Geneva Convention which devised a set of rules to protect civilian use of the internet was a notable initiative on that front. Microsoft was also a major driver of the Tech Accords — a public commitment made by over 100 companies “agreeing to defend all customers everywhere from malicious attacks by cyber-criminal enterprises and nation-states.” The Paris Call for Trust and Security in Cyberspace was a joint effort between the French government and Microsoft that brought in (as of today) 66 states, 347 private sector entities, including Indian business guilds such as FICCI and the Mobile Association of India and 139 organisations from civil society and academia from all over the globe.

However, the entry of Big tech into the business of framing regulation has raised eyeballs across jurisdictions. In India, the government has attempted to push back on the global private sector due to arguably extractive economic policies adopted by them, alongside the threats they pose to India’s democratic fabric. The Indian government has taken various steps to constrain Big Tech, although some of these policies have been hastily rolled out and fail to address the root of the problem.

I have identified two regulatory interventions that illustrate this trend. First, on intermediary liability, Rule 3(9) of the Draft of the Information Technology 2018 released by the Ministry of Electronics and Information Technology (MeiTy) last December. The rule follows the footsteps of countries like Germany and France by mandating that platforms use “automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying and removing or disabling public access to unlawful information or content.” These regulations have resulted in criticism from both the private sector and civil society as they fail to address concerns around algorithmic discrimination, excessive censorship and gives the government undue power. Further, the regulations paint all the intermediaries with the same brush, thus not differentiating between platforms such as Whatsapp who thrive on end-to-end encryption and public platforms like Facebook.

Another source of discord between the government and the private sector has been the government’s localisation mandate, featuring in a slew of policies. Over the past year, the Indian government has introduced a range of policy instruments which
demand that certain kinds of data must be stored in servers located physically within India — termed “data localization.”

While this serves a number of policy objectives, the two which stand out are (1) the presently complex process for Indian law enforcement agencies to access data stored in the U.S. during criminal investigations, and (2) extractive economic models used by U.S. companies operating in India.

A study I co-authored earlier this year on the issue found that foreign players and smaller Indian private sector players were against this move due to the high compliance costs in setting up data centres.

On this question, we recommended a dual approach that involves mandatory sectoral localisation for critical sectors such as defense or payments data while adopting ‘conditional’ localisation for all other data. Under ‘conditional localisation,’
data should only be transferred to countries that (1)Agree to share the personal data of Indian citizens with law enforcement authorities based on Indian criminal procedure laws and (2) Have equivalent privacy and security safeguards.

These two instances demonstrate that it is important for the Indian government to engage with both the domestic and foreign private sector to carve out optimal regulatory interventions that benefit the Indian consumer and the private sector as a whole rather than a few select big players. At the same time, it is important for the private sector to be a responsible stakeholder and comply both with existing laws and accepted norms of ‘good behaviour.’

Going forward, there is no denying the role of the private sector in the development of emerging technologies. However, a balance must be struck through continued engagement and mutual respect to create a regulatory ecosystem that fosters innovation while respecting the rule of law with every stakeholder – government, private sector and civil society. India’s position could set the trend for other emerging economies coming online and foster a strategic digital ecosystem that works for all
stakeholders.

For more details visit https://cis-india.org/internet-governance/blog/nextrends-india-arindrajit-basu-august-5-2019-private-sector-and-the-cultivation-of-cyber-norms-in-india

Private Censorship and the Right to Hear

chinmayi — 2014-07-22T05:57:09Z

Very little recourse is available against publishers or intermediaries if these private parties censor an author’s content unreasonably.

The article was published in the Hoot on July 17, 2014 and also mirrored on the website of Centre for Communication Governance.

DNA newspaper's removal of Rana Ayyub's brave piece on Amit Shah, with no explanation, is shocking. It is reminiscent of the role that media owners played in censoring journalists during the Emergency, prompting L.K. Advani to say, "You were asked to bend, but you crawled."

The promptitude with which some media houses are weeding out political writing that might get them into trouble should make us reconsider the way we think about the freedom of the press. Discussions of press freedom often concentrate on the individual's right to speak, but may be more effective if they also accommodated another perspective - the audience's right to hear.

It is fortunate that Ayyub's piece was printed and reached its audience before attempts were made to bury it. Its removal was counterproductive, making DNA's decision a good example of what is popularly known as the Streisand Effect (when an attempt to censor or remove infor-mation has the unintended consequence of publicising the information even more widely).

The controversy that has emerged from DNA removing the article has generated much wider attention for it now that it has appeared on multiple websites, its readership expanding as outrage at its removal ricochets around the Internet.

This incident is hardly the first of its kind. Just weeks ago, news surfaced of Rajdeep Sardesai being pressurised to alter his news channel's political coverage before the national election. The Mint reported that the people pressurising Sardesai wanted a complete blackout of Kejriwal and the Aam Admi party from CNN-IBN. Had he capitulated, significant news of great public interest would have been lost to a large audience. CNN-IBN's decision would have been put down to editorial discretion, and we the public would have been none the wiser.

Luckily for their audience, Sardesai and Sagarika Ghose quit the channel that they built from scratch instead of compromising their journalistic integrity. However, the league of editors who choose to crawl remains large, their decisions protected by the Indian constitution.

The freedom of the press in India only protects the press from the government's direct attempts to influence it. Both big business and the state have far more instruments at their disposal than just direct ownership or censorship diktats. These include withdrawal of lucrative advertisements, defamation notices threatening journalists with enormous fines and imprisonment, and sometimes even physical violence. Who can forget how Tehelka magazine's exposure of largescale government wrongdoing resulted in its financiers being persecuted by the Enforcement Directorate, with one of them even being jailed for some time.

The instruments of harassment work best when the legal notices are sent to third party publishers or intermediaries. Unlike the authors who may wish to defend their work or modify it a little to make it suitable for publication, a publishing house or web platform would usually prefer to avoid expensive litigation. Third party publishers will often remove legitimate con-tent to avoid spending time and money fighting for it. Pressurising them is a fairly effective way to silence authors and journalists.

Consider the different news outlets and publishing houses that control what reaches us as news or commentary. If they can be forced to bury content, citing editorial discretion, consider what this means for the quality of news that reaches the Indian public. Indira Gandhi understood this weakness of the press, and successfully controlled the Indian media by managing the proprietors.

Although media ownership still remains concentrated in a few hands, the disruptive element that still offers some hope of free public dialogue is the Internet where, through blogs, small websites and social media, journalists can still get access to the public sphere. This means that when DNA deletes Rana Ayyub's article, copies of it are immediately posted in other places.

However, online journalism is also vulnerable. Online intermediaries which receive content blocking and take down orders tend to over-comply rather than risk litigation. Like publishers, these intermediaries can easily prevent speakers from reaching their audiences. Just look at the volume of information online that is dependent on third party intermediaries such as Rediff, Facebook, WordPress or Twitter. The only thing that keeps the state and big business from easily controlling the flow of information on the Internet is that it is difficult to exert cross-border pressure on online intermediaries located outside India.

However, the ease with which most of the mainstream media is controlled makes it easy to construct a bubble of fiction around audiences, leaving them in blissful ignorance of how little they really know. Very little recourse is available against publishers or intermediaries if these private parties censor an author's content unreasonably. Unlike state censorship, private censorship is invisible, and is protected by the online and offline intermediaries' right to their editorial choices.

Ordinarily, there is nothing wrong with editorial discretion or even with a media house choosing a particular slant to its stories. However, it is important for the public to have access to a healthy range of perspectives and interests, with a diversity of content. If news of public significance is regularly filtered out, it affects the state of our democracy. Citizens cannot participate in governance without access to important information.

It is, therefore, vital to acknowledge the harm caused by private censorship. A democracy is endangered when a few parties disproportionately control access to the public sphere. We need to think of how to ensure that the voices of journalists and scholars reach their audience. Media freedom should be seen in the context of the right of the audience, the Indian public, to receive information.

For more details visit https://cis-india.org/internet-governance/blog/the-hoot-july-17-2014-chinmayi-arun-private-censorship-and-the-right-to-hear

Privacy: from regional regulations to global connections ?

praskrishna — 2013-10-21T08:18:56Z

This workshop is being organised by Internet Society at Bali on October 24. Sunil Abraham is one of the panelists for this.

The Internet Governance Forum 2013 is being held at Bali from October 22 to 25. The overarching theme for the 2013 IGF meeting is: "Building Bridges"- Enhancing Multistakeholder Cooperation for Growth and Sustainable Development".

Read the original published on the IGF website.

Theme: Internet Governance Principles

The Internet dissolves geographical boundaries on a greater scale than any prior invention. It allows data, personal and otherwise, to flow across borders, supporting social and economic interactions. However, there is a complex mix of factors at play: multiple policy objectives that are sometimes in conflict; individuals’ rights; the interests of the communities; “monetization” of personal data for short-term and long-term commercial gain; different historical cultural and regulatory approaches to privacy; etc.

Across a diverse, global Internet, how can we best deal with the tensions that naturally result from differences in personal privacy expectations, economic aspirations, and regulatory regimes, particularly when it comes to online data protection?

This workshop will explore what core principles and strategies are needed to achieve a balanced and fair approach to data protection that is effective internationally and regionally. In the process, we will examine the possible paths to a global solution, together with impediments, and explore how successful local and regional approaches could be leveraged at the international level.

We will also strive to articulate lessons learned from recent initiatives such as the modernisation of the Council of Europe Convention 108, the revision of the OECD Privacy Guidelines, the APEC Cross Border Privacy Rules System, and the proposed revisions to the EU data protection framework, etc. in tackling these challenging issues.

Has the proponent organised a workshop with a similar subject during past IGF meetings?
Yes

Indication of how the workshop will build on but go beyond the outcomes previously reached

The submitter has not previously organised a workshop at the IGF. However, his colleague has co-organised the following workshops on related issues: 2012: ICC BASIS and ISOC - Solutions for enabling cross-border data flows – http://wsms1.intgovforum.org/sites/default/files/IGF%202012%20ws86%20report_10%2012%2012%20final.doc 2012: CoE and ISOC – Who is following me: tracking the trackers – http://wsms1.intgovforum.org/content/no181-who-following-me-tracking-trackers#report 2010: ISOC and EFF – The Future of Privacy – http://www.internetsociety.org/sites/default/files/future-privacy%2020100914.pdf Background papers: Report from a WSIS Forum 2012 thematic workshop entitled: “Data Privacy on a global scale: keeping pace with an evolving environment” – http://www.internetsociety.org/sites/default/files/Data%20Privacy%20on%20a%20global%20scale_0.pdf Report from a IGF2012 workshop entitled “Solutions for enabling cross-border data flows - https://www.internetsociety.org/sites/default/files/IGF%202012%20cross-border%20data%20flows.pdf

Background Paper

Download background paper

Co-organisers

Ms. Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Intergovernmental Organizations, FRANCE, Western Europe and Others Group - WEOG
Mr. Frederic Donck, Internet Society, Technical Community, BELGIUM, Western Europe and Others Group - WEOG

Have the Proponent or any of the co-organisers organised an IGF workshop before?
Yes

The link(s) to the workshop report(s)

Panelists

Please click on Biography to view the biography of panelist

Sophie Kwasny, Head of the Data Protection Unit, Council of Europe , Female, Intergovernmental Organizations, FRANCE, Western Europe and Others Group – WEOG
Nigel Waters, Public Officer, Australian Privacy Foundation , Male, Civil Society, Australia, Asia-Pacific Group
Wendy Seltzer, Policy Counsel, World Wide Web Consortium (W3C) , Female, Technical Community, United States, Western Europe and Others Group – WEOG
Biography
Joseph Alhadeff, Vice President for Global Public Policy, Chief Privacy Officer, Oracle Corporation, Male, Private Sector, United States, Western Europe and Others Group – WEOG
Biography
Sunil Abraham, Executive Director, Centre for Internet and Society (CIS), Bangalore, Male, Civil Society, India, Asia-Pacific Group
Biography

Moderator

Frederic Donck, Internet Society, Director European Regional Bureau

Remote Moderator

Luca Belli, CERSA,Université Panthéon-Assas Sorbonne University

Agenda

Moderator will briefly introduce the session as well as the different panellists. Each panellist will have 2 minutes (maximum) to introduce his/her own perspective on the general issues addressed by the moderator.

No powerpoints allowed. Very dynamic session with regular interventions from remote participants and audience, as well as between panellists is sought.

Moderator will work out questions (including through a coordinated approach before the session with panellists) and will organise the session in a way that allows a balanced conversation between all stakeholders (on-site/remotely).

Inclusiveness of the Session

Suitability for Remote Participation

Dynamic interaction with remote participants (ISOC community and chapters, technical community, Businesses, etc.) will be ensured through social medias, jabber, webex, and twitter (hashtag will be provided) etc.

Coordinated approach with remote moderator will be ensured as well as the necessary communication and information to remote participants in advance of and during the session.

For more details visit https://cis-india.org/news/igf-2013-workshop-335-privacy-from-regional-regulations-to-global-connections

Privacy, what? Bengaluru police leaks 46,000 phone numbers on Twitter

praskrishna — 2017-04-07T02:57:49Z

Bengaluru police made the biggest goof up of all time by releasing private information of people who called 100 to complain since April 2015 and was seemingly unapologetic about the breach of privacy.

The article by Neha Vashishth was published by India Today on April 6, 2017. Pranesh Prakash was quoted.

We all love our privacy, don't we?

We put various locking apps and hide our private pictures on Facebook, Twitter etc and only share what we want the world to see. But sometimes even after our countless efforts, we end up losing our information on the internet. After all, a breach of privacy is the greatest nightmare one can have.

Bengaluru police goofed up too when it came to handling privacy concerns of Bengaluru citizens. The police department posted phone numbers of thousands of citizens on their Twitter handle (@BCPCR) who called 100 and complained against harassment, quarrels, and gambling etc.

The police posted over 46,000 tweets online since April 2015 sharing information of people who called on 100 along with the app known as 'Suraksha' to lodge complaints. The account was made private as soon as the matter escalated.

The police was unapologetic regarding the matter and said that the tweets were auto-generated from their twitter handle @BCPCR.

Pranesh Prakash, Policy Director at the Centre for Internet and Society said the "police officer who ordered to create such an account should be held responsible if any harm comes to a complainant."

This not only created a major breach of privacy of complainants but also risked their lives. This incident only proves that privacy and sensitivity of the matter has vanished in today's time.

For more details visit https://cis-india.org/internet-governance/news/india-today-neha-vashishth-april-6-2017-privacy-what-bengaluru-police-leaks-phone-numbers-on-twitter

Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm

praskrishna — 2014-12-15T12:56:49Z

Pranesh Prakash was a panelist in the session "Beyond the familiar: how do other countries deal with security and surveillance oversight?" The event was organized by Wilton Park between November 17 and 19, 2014.

Complete details of the programme can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/wilton-park-november-17-19-privacy-security-surveillance

Privacy, Free/Open Source, and the Cloud

elonnai — 2012-03-22T05:50:10Z

A look into the questions that arise in concern to privacy and cloud computing, and how open source plays into the picture.

Introduction

Cloud computing, in basic terms, is internet-based computing where shared resources and services are taken from the primary infrastructure of the internet and provided on demand. Cloud computing creates a shared network between major corporations like Google, Microsoft, Amazon and Yahoo. In this way, cloud systems are related to grid computing systems/service- oriented architectures, and create the potential for the entire I.T. infrastructure to be programmable. Because of this, cloud computing establishes a new consumption and delivery standard for IT services based on the internet. It is a new consumption and delivery model, because it is made up of services delivered through common centers and built on servers which act as a point of access for the computing needs of consumers. The access points facilitate the tailoring and delivering of targeted applications and services to consumers. Details are taken from the users, who no longer need to have an understanding of, or control over the technology infrastructure in the cloud that supports their desired application.

There are both corporate and consumer implications for such a system. For example, according cloud computing lowers the barriers to entry for corporations and new services. It also enables innovative enterprise in locations where there is an insufficient supply of human or other resources through the provision of inexpensive hardware, software, and applications. The consumer, in turn, is provided with information that he or she is projected to be interested in based on information he or she has already “consumed.” Thus, for example: Google has the ability to monitor a person’s consuming habits through searches and to reduce those habits to a pattern which selects applications to display – and consumption of those reinforces the pattern.

Privacy Concerns:

Though cloud computing can be a useful tool for consumers, corporations, and countries, cloud computing poses significant privacy concerns for all actors involved. For the consumer, a major concern is that future business models may rely on the use of personal data from consumers of cloud services for advertising or behavioral targeting. This concern brings to light the fundamental problem of cloud computing which is that consumers consent to the secondary use of their personal data only when they are signing up for services, and that “consent” is almost automatically generated. How can the cloud assure users that their private data will be properly protected? It is true that high levels of encryption can be (and are) used, and that many companies also take other precautionary measures, but protective measures vary, and the secondary sources that gain access to information may not protect it as well as the initial source. Moreover, even strong protection measures are vulnerable to hackers. As well, what happens if a jurisdiction, like the Indian government, gains access to information about a foreign national? India still does not have a comprehensive data protection law, nor does it have many forms of redress for violations of privacy. How is that individuals information protected?

These questions give rise to other privacy concerns with respect to the data that is circulated and stored on the cloud, which are the questions of territory, sovereignty, and regulation. Many of these were brought up at the Internet Governance Forum, which took place on the 16th of September including: Which jurisdiction has authority in cases of dispute or digital crime? If you lose data or your data is damaged, stolen, or manipulated, where do you go? Is the violation enforced under local laws, and, if so, under the law of the violator or the law of the violated? If international law, who can access the tribunals, and which tribunals have this jurisdiction? What if a person's data is replicated in two data centres in two different countries? Are the data subject to scrutiny by the officials of all three? Is there a remedy against abuse by any of them? Does it matter whether the country in which the data centre resides does not require a warrant for government access? And how will a consumer know any of that up front? As a corollary, if content is being sent to one country but resides on a data centre in another country, whose data protection standards apply? For example, certain governments in Europe require data retention for limited amount of time for purposes for law enforcement, but other countries may allow retention of data for shorter or longer periods of time.

How are privacy, free/open source, and the cloud related ?

Eben Moglen, a professor from Columbia law school, and founder and chairman of the Software Freedom Law Center who spoke on cloud computing, privacy, and free/open software at the Indian Institute for science on Thursday September 25, had another solution to the privacy concerns that arise out of the cloud. His lecture explains how the internet has moved from a tool that once promoted equality between people – no servants and no masters – to a tool that reinforces social hierarchies. The reinforcement of these hierarchies is directly related to the language used and communication facilitated between the computer and the individual. Professor Moglen describes how initially, when computers were first introduced to the public, humans spoke directly to computers, and computers responded directly to humans. This open, two-way communication changed when Microsoft, Apple, and IBM removed the language between humans and computers and created proprietary software based on a server-client computing relationship. By removing the language between humans and computers, these corporations dis-empowered individuals. Professor Moglen used this as a springboard to address the privacy concerns that come up in cloud computing. Privacy at its base is the ability of an individual to control access to various aspects of self, such as decisional, informational, and locational. In having the ability to control these factors, privacy consists of a relation between a person and another person or an entity. Professor Moglen postulated that free/open access to code would make the internet an environment where choices over that relationship were still in the hands of an individual, and, among other protections, the individuals could build up their desired levels of privacy.

Is free/open software the solution?

Eben Moglen's solution to the many privacy concerns that arise out of cloud computing is the application and use of free software/open source by individuals. Unlike some applications on the cloud, open source is free, and once an individual has access to the code, that person can control how a program functions, including how a program uses personal information, and thus the person would be able to protect their privacy. Of course, this presumes that the consumer of the internet is sophisticated enough to access and manipulate code. But even putting that presumption aside, is the ability to write code enough to protect data (will help you protect data better – add more security)? Perhaps if a person could create his own server and bypass the cloud, but this does not seem like an ideal (or practical) solution. Though free/open source is an important element that should be incorporated into cloud computing, free/open source depends on open standards. According to Pranesh Prakash, in his presentation at the Internet Governance Forum, the role of standards in ensuring interoperability is critical to allowing consumers to choose between different devices to access the cloud, to choose between different software clients, and to shift between one service and another. This would include moving information, both the data and the metadata, from one cloud to another. Clouds would need to be able to talk to one another to enable data sharing, and open source is key to this, though it is important to note that if one uses free/open source, they must set up their own infrastructure.

Conclusion

Even though Moglen believes that free/open source software brings freedom and provides the solution to protect an individual’s privacy in the context of cloud computing, he was not speaking to the specific context of India. To do that, it is important to expand the definitions that one uses of free/open source and privacy, and then to contextualize them. Looking closely at the words “free/open source,” they are not limited to access to a software's code, even though that is free/open source’s base. For the ideology of free/open source to work, access to code is just a key to the puzzle. A person, community, culture and state must understand the purpose of free/open source, know how to use it, and know how it can be applied in order for it to be transformative, liberating, and protective. There needs to be a shared understanding that free/open source is not just about being able to change code, but about a shared commitment to sharing code and making it transparent and accessible. In the United States and other countries, free/open source did not just enter into American society and immediately fix issues of privacy by bringing freedom, as it seems Professor Moglen is suggesting free/open source will do in India. Though Professor Moglen promises freedom and privacy protection through free/open source, perhaps this is not an honest appraisal of the technology. Free/open source, if not equally accessed or misapplied, protects neither freedom nor privacy. As noted above, even if a person has access to code, he can protect data only to a certain extent. Thus, he might think that he has created a privacy wall around information that actually is readily accessible. In other words, free/open source cannot be the only answer to freedom, but instead a piece to a collective answer.

For more details visit https://cis-india.org/internet-governance/blog/privacy/privacy-cloud-computing

Privacy, By Design

praskrishna — 2011-04-12T06:45:36Z

The Centre for Internet and Society invites people and organizations in the business of 'privacy online' to engage with it in Privacy, By Design — an open space discussion that brings together coders, developers, users and entrepreneurs interested in the design of privacy online.

Is Privacy something we are born with or is it constructed for us? Different actors like governments, markets, cultural negotiators, are often attributed the responsibility of defining what it means to be 'private'. In our rapidly digitizing world, Internet and digital technologies have emerged as new factors that influence the design of privacy. Ranging from social networking systems to e-governance projects and economic transactions to interpersonal relationships, the design of privacy online has become a central concern.

Privacy, By Design is a part of The Identity Project (TIP), a collaboration between the Centre for Internet and Society and the Centre for the Study of Culture and Society. It is a research inquiry that hopes to consolidate multiple perspectives, and ideas in an attempt to initiate a dialogue between people who are in the business of designing platforms and applications that pivot around privacy. For instance: How do the platforms we use define our understanding of privacy? What does privacy in the cloud look like? What are the parameters by which privacy is defined within the digital world? What role do digital technologies play in producing the 'privacy effect?'

For more details visit https://cis-india.org/events/privacy-by-design

Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality

bhairav — 2015-08-23T12:20:52Z

In the last few decades, all major common law jurisdictions have decriminalised non-procreative sex – oral and anal sex (sodomy) – to allow private, consensual, and non-commercial homosexual intercourse.

Download PDF

Anti-sodomy statutes across the world, often drafted in the same anachronistic vein as section 377 of the Indian Penal Code, 1860 (“IPC”), have either been repealed or struck down on the grounds that they invade individual privacy and are detrimentally discriminative against homosexual people.

This is not an examination of India’s laws against homosexuality, it does not review the Supreme Court of India’s judgment in Suresh Koushal v. Naz Foundation (2014) 1 SCC 1 nor the Delhi High Court’s judgment in Naz Foundation v. Government of NCT Delhi 2009 (160) DLT 277, which the former overturned – in my view, wrongly. This note simply provides a legal history of the decriminalisation of non-procreative sexual activity in the United Kingdom and the United States. Same-sex marriage is also not examined.

In the United Kingdom

The Wolfenden Report

In England, following a campaign of arrests of non-heterosexual persons and subsequent protests in the 1950s, the government responded to public dissatisfaction by appointing the Departmental Committee on Homosexual Offences and Prostitution chaired by John Frederick Wolfenden. The report of this committee (“Wolfenden Report”) was published in 1957 and recommended that:

“…homosexual behaviour between consenting adults in private should no longer be a criminal offence.”

The Report further observed that it was not the function of a State to punitively scrutinise the private lives of its citizens:

“(T)he law’s function is to preserve public order and decency, to protect the citizen from what is offensive or injurious, and to provide sufficient safeguards against exploitation and corruption of others… It is not, in our view, the function of the law to intervene in the private life of citizens, or to seek to enforce any particular pattern of behaviour.”

The Sexual Offences Act, 1967

The Wolfenden Report was accepted and, in its pursuance, the Sexual Offences Act, 1967 was enacted to, for the first time in common law jurisdictions, partially decriminalise homosexual activity – described in English law as ‘buggery’ or anal sex between males.
Section 1(1) of the original Sexual Offences Act, as notified on 27 July 1967 stated –
"Notwithstanding any statutory or common law provision, but subject to the provisions of the next following section, a homosexual act in private shall not be an offence provided that the parties consent thereto and have attained the age of twenty one years."
A ‘homosexual act’ was defined in section 1(7) as –
“For the purposes of this section a man shall be treated as doing a homosexual act if, and only if, he commits buggery with another man or commits an act of gross indecency with another man or is a party to the commission by a man of such an act.”
The meaning of ‘private’ was also set forth rather strictly in section 1(2) –
“An act which would otherwise be treated for the purposes of this Act as being done in private shall not be so treated if done –
(a) when more than two persons take part or are present; or
(b) in a lavatory to which the public have or are permitted to have access, whether on
payment or otherwise.”
Hence, by 1967, English law permitted:

as between two men,
both twenty-one years or older,
anal sex (buggery),
and other sexual activity (“gross indecency”)
if, and only if, a strict prescription of privacy was maintained,
that excluded even a non-participating third party from being present,
and restricted the traditional conception of public space to exclude even lavatories.

However, the benefit of Section 1 of the Sexual Offences Act, 1967 did not extend beyond England and Wales; to mentally unsound persons; members of the armed forces; merchant ships; and, members of merchant ships whether on land or otherwise.

Developments in Scotland and Northern Ireland

Over the years, the restrictions in the original Sexual Offences Act, 1967 were lifted. In 1980, the Criminal Justice (Scotland) Act, 1980 partially decriminalised homosexual activity in Scotland on the same lines that the Act of 1967 did for England and Wales. One year later, in 1981, an Irishman Jeffrey Dudgeon successfully challenged the continued criminalisation of homosexuality in Northern Ireland before the European Court of Human Rights (“ECHR”) in the case of Dudgeon v. United Kingdom (1981) 4 EHRR 149. Interestingly, Dudgeon was not decided on the basis of detrimental discrimination or inequality, but on the ground that the continued illegality of homosexuality violated the petitioner’s right to privacy guaranteed by Article 8 of the 1950 European Convention on Human Rights (“European Convention”). In a 15-4 majority judgement, the ECHR found that “…moral attitudes towards male homosexuality…cannot…warrant interfering with the applicant’s private life…” Following Dudgeon, the Homosexual Offences (Northern Ireland) Order, 1982 came into effect; and with it, brought some semblance of uniformity in the sodomy laws of the United Kingdom.

Equalising the age of consent

However, protests continued against the unequal age of consent required for consensual homosexual sex (21 years) as opposed to that for heterosexual sex (16 years). In 1979, a government policy advisory recommended that the age of consent for homosexual sex be reduced to 18 years – two years older than that for heterosexual sex, but was never acted upon. In 1994, an attempt to statutorily equalise the age of consent at 16 years was defeated in the largely conservative House of Commons although a separate legislative proposal to reduce it to 18 years was carried and enacted under the Criminal Justice and Public Order Act, 1994. Following this, the unequal ages of consent forced a challenge against UK law in the ECHR in 1994; four years later, in Sutherland v. United Kingdom [1998] EHRLR 117, the ECHR found that the unequal age of consent violated Articles 8 and 14 of the European Convention – relating to privacy and discrimination. Sutherland was significant in two ways – it forced the British government to once again introduce legislation to equalise the ages of consent; and, significantly, it affirmed a homosexual human right on the ground of anti-discrimination (as opposed to privacy).

To meet its European Convention commitments, the House of Commons passed, in June 1998, a bill for an equal age of sexual consent but it was rejected by the more conservative House of Lords. In December 1998, the government reintroduced the equal age of consent legislation which again passed the House of Commons and was defeated in the House of Lords. Finally, in 1999, the government invoked the statutory superiority of the House of Commons, reintroduced for the third time the legislation, passed it unilaterally to result in the enactment of the Sexual Offences (Amendment) Act, 2000 that equalised the age of sexual consent for both heterosexuals and homosexuals at 16 years of age.

Uniformity of equality

However, by this time, different UK jurisdictions observed separate legislations regarding homosexual activity. The privacy conditions stipulated in the original Sexual Offences Act, 1967 remained, although they had been subject to varied interpretation by English courts. To resolve this, the UK Parliament enacted the Sexual Offences Act, 2003 which repealed all earlier conflicting legislation, removed the strict privacy conditions attached to homosexual activity and re-drafted sexual offences in a gender neutral manner. A year later, the Civil Partnership Act, 2004 gave same-sex couples the same rights and responsibilities as a civil marriage. And, in 2007, the Equality Act (Sexual Orientation) Regulations came into force to prohibit general discrimination against homosexual persons in the same manner as such prohibition exists in respect of grounds of race, religion, disability, sex and so on.

In the United States

Diversity of state laws

Sodomy laws in the United States of America have followed a different trajectory. A different political and legal system leaves individual US States with wide powers to draft and follow their own constitutions and laws. Accordingly, by 1961 all US States had their own individual anti-sodomy laws, with different definitions of sodomy and homosexuality. In 1962, Illinois became the first US State to repeal its anti-sodomy law. Many States followed suit over the next decades including Connecticut (1971); Colorado and Oregon (1972); Delaware, Hawaii and North Dakota (1973); Ohio (1974); New Hampshire and New Mexico (1975); California, Maine, Washington and West Virginia (1976); Indiana, South Dakota, Wyoming and Vermont (1977); Iowa and Nebraska (1978); New Jersey (1979); Alaska (1980); and, Wisconsin (1983).

Bowers v. Hardwick

However, not all States repealed their anti-sodomy laws. Georgia was one such State that retained a statutory bar to any oral or anal sex between any persons of any sex contained in Georgia Code Annotated §16-6-2 (1984) (“Georgia statute”) which provided, in pertinent part, as follows:

“(a) A person commits the offense of sodomy when he performs or submits to any sexual act involving the sex organs of one person and the mouth or anus of another… (b) A person convicted of the offense of sodomy shall be punished by imprisonment for not less than one nor more than 20 years”

In 1982, a police officer arrested Michael Hardwick in his bedroom for sodomy, an offence which carried a prison sentence of up to twenty years. His case went all the way up to the US Supreme Court which, in 1986, pronounced its judgement in Bowers v. Hardwick 478 US 186 (1986). Although the Georgia statute was framed broadly to include even heterosexual sodomy (anal or oral sex between a man and a woman or two women) within its ambit of prohibited activity, the Court chose to frame the issue at hand rather narrowly. Justice Byron White, speaking for the majority, observed at the outset –

“This case does not require a judgment on whether laws against sodomy between consenting adults in general, or between homosexuals in particular, are wise or
desirable. It raises no question about the right or propriety of state legislative decisions to repeal their laws that criminalize homosexual sodomy, or of state-court decisions invalidating those laws on state constitutional grounds. The issue presented is whether the Federal Constitution confers a fundamental right upon homosexuals to engage in sodomy…”

Privacy and autonomy

Interestingly, Hardwick’s case against the Georgia statute was not grounded on an equality-discrimination argument (since the Georgia statute prohibited even heterosexual sodomy but was only enforced against homosexuals) but on a privacy argument that sought to privilege and immunise private consensual non-commercial sexual conduct from intrusive State intervention. To support this privacy claim, a long line of cases was relied upon that restricted the State’s ability to intervene in, and so upheld the sanctity of, the home, marriage, procreation, contraception, child rearing and so on [See, Carey v. Population Services 431 US 678 (1977), Pierce v. Society of Sisters 268 US 510 (1925) and Meyer v. Nebraska 262 US 390 (1923) on child rearing and education; Prince v. Massachusetts 321 US 158 (1944) on family relationships; Skinner v. Oklahoma ex rel. Williamson 316 US 535 (1942) on procreation; Loving v. Virginia 388 US 1 (1967) on marriage; Griswold v. Connecticut 381 US 479 (1965) and Eisenstadt v. Baird 405 US 438 (1972) on contraception; and Roe v. Wade 410 US 113 (1973) on abortion]. Further, the Court was pressed to declare a fundamental right to consensual homosexual sodomy by reading it into the Due Process clause of the Fourteenth Amendment to the US Constitution.

The 9-judges Court split 5-4 down the middle to rule against all of Hardwick’s propositions and uphold the constitutionality of the Georgia statute. The Court’s majority agreed that cases cited by Hardwick had indeed evolved a right to privacy, but disagreed that this privacy extended to homosexual persons since “(n)o connection between family, marriage, or procreation on the one hand and homosexual activity on the other has been demonstrated…”. In essence, the Court’s majority held that homosexuality was distinct from procreative human sexual behaviour; that homosexual sex could, by virtue of this distinction, be separately categorised and discriminated against; and, hence, homosexual sex did not qualify for the benefit of intimate privacy protection that was available to heterosexuals. What reason did the Court give to support this discrimination? Justice White speaking for the majority gives us a clue: “Proscriptions against that (homosexual) conduct have ancient roots.” Justice White was joined in his majority judgement by Chief Justice Burger, Justice Powell, Justice Rehnquist and Justice O’Connor. His rationale was underscored by Chief Justice Burger who also wrote a short concurring opinion wherein he claimed:

“Decisions of individuals relating to homosexual conduct have been subject to state intervention throughout the history of Western civilization. Condemnation of those practices is firmly rooted in Judeo-Christian moral and ethical standards. Blackstone described “the infamous crime against nature” as an offense of “deeper malignity” than rape, a heinous act “the very mention of which is a disgrace to human nature,” and “a crime not fit to be named.” … To hold that the act of homosexual sodomy is somehow protected as a fundamental right would be to cast aside millennia of moral teaching.”

The majority’s “wilful blindness”: Blackmun’s dissent

The Court’s dissenting opinion was delivered by Justice Blackmun, in which Justice Brennan, Justice Marshall and Justice Stevens joined. At the outset, the Justice Blackmun disagreed with the issue that was framed by the majority led by Justice White: “This case is (not) about “a fundamental right to engage in homosexual sodomy,” as the Court purports to declare…” and further pointed out that the Georgia statute proscribed not just homosexual sodomy, but oral or anal sex committed by any two persons: “…the Court’s almost obsessive focus on homosexual activity is particularly hard to justify in light of the broad language Georgia has used.”. When considering the issue of privacy for intimate sexual conduct, Justice Blackmun criticised the findings of the majority: “Only the most wilful blindness could obscure the fact that sexual intimacy is a sensitive, key relationship of human existence, central to family life, community welfare, and the development of human personality…” And when dealing with the ‘historical morality’ argument that was advanced by Chief Justice Burger, the minority observed:

“The assertion that “traditional Judeo-Christian values proscribe” the conduct involved cannot provide an adequate justification for (§)16-6-2 (of the Georgia Statute). That certain, but by no means all, religious groups condemn the behavior at issue gives the State no license to impose their judgments on the entire citizenry. The legitimacy of secular legislation depends instead on whether the State can advance some justification for its law beyond its conformity to religious doctrine.”

The states respond, privacy is upheld

Bowers was argued and decided over five years in the 1980s. At the time, the USA was witnessing a neo-conservative wave in its society and government, which was headed by a republican conservative. The HIV/AIDS issue had achieved neither the domestic nor international proportions it now occupies and the linkages between HIV/AIDS, homosexuality and the right to health were still unclear. In the years after Bowers, several more US States repealed their sodomy laws.

In some US States, sodomy laws that were not legislatively repealed were judicially struck down. In 1998, the Georgia State Supreme Court, in Powell v. State of Georgia S98A0755, 270 Ga. 327, 510 S.E. 2d 18 (1998), heard a challenge to the same sodomy provision of the Georgia statute that was upheld in by the US Supreme Court in Bowers. In a complete departure from the US Supreme Court’s findings, the Georgia Supreme Court first considered whether the Georgia statute violated individual privacy: “It is clear from the right of privacy appellate jurisprudence…that the “right to be let alone” guaranteed by the Georgia Constitution is far more extensive that the right of privacy protected by the U.S. Constitution…”

Having established that an individual right to privacy existed to protect private consensual sodomy, the Georgia Court then considered whether there was a ‘legitimate State interest’ that justified the State’s restriction of this right. The justifications that were offered by the State included the possibility of child sexual abuse, prostitution and moral degradation of society. The Court found that there already were a number of legal provisions to deter and punish rape, child abuse, trafficking, prostitution and public indecency. Hence: “In light of the existence of these statutes, the sodomy statute’s raison d’ etre can only be to regulate the private sexual conduct of consenting adults, something which Georgians’ right of privacy puts beyond the bounds of government regulation.” By a 2-1 decision, Chief Justice Benham leading the majority, the Georgia Supreme Court struck down the Georgia statute for arbitrarily violating the privacy of individuals. Interestingly, the subjects of the dispute were not homosexual, but two heterosexual adults – a man and a woman. Similar cases where a US State’s sodomy laws were judicially struck down include:

Campbell v. Sundquist 926 S.W.2d 250 (1996) – [Tennessee – by the Tennessee Court of Appeals on privacy violation; appeal to the State Supreme Court expressly denied].
Commonwealth v. Bonadio 415 A.2d 47 (1980) – [Pennsylvania – by the Pennsylvania Supreme Court on both equality and privacy violations];
Doe v. Ventura MC 01-489, 2001 WL 543734 (2001) – [Minnesota – by the Hennepin County District Judge on privacy violation; no appellate challenge];
Gryczan v. Montana 942 P.2d 112 (1997) – [Montana – by the Montana Supreme Court on privacy violation];
Jegley v. Picado 80 S.W.3d 332 (2001) – [Arkansas – by the Arkansas Supreme Court, on privacy violation];
Kentucky v. Wasson 842 S.W.2d 487 (1992) [Kentucky – by the Kentucky Supreme Court on both equality and privacy violations];
Massachusetts v. Balthazar 366 Mass. 298, 318 NE2d 478 (1974) and GLAD v. Attorney General 436 Mass. 132, 763 NE2d 38 (2002) – [Massachusetts – by the Superior Judicial Court on privacy violation];
People v. Onofre 51 NY 2d 476 (1980) [New York – by the New York Court of Appeals on privacy violation]; and,
Williams v. Glendenning No. 98036031/CL-1059 (1999) – [Maryland – by the Baltimore City Circuit Court on both privacy and equality violations; no appellate challenge].

Lawrence v. Texas

These developments made for an uneven field in the matter of legality of homosexual sex with the sodomy laws of most States being repealed by their State legislatures or subject to State judicial invalidation, while the sodomy laws of the remaining States were retained under the shade of constitutional protection afforded by Bowers. Texas was one such State which maintained an anti-sodomy law contained in Texas Penal Code Annotated § 21.06(a) (2003) (“Texas statute”) which criminalised sexual intercourse between two people of the same sex. In 1998, the Texas statute was invoked to arrest two men engaged in private, consensual, non-commercial sodomy. They subsequently challenged the constitutionality of the Texas statute, their case reaching the US Supreme Court. In 2003, the US Supreme Court, in Lawrence v. Texas 539 US 558 (2003) pronounced on the validity of the Texas statute. Interestingly, while the issue under consideration was identical to that decided in Bowers, the Court this time around was presented with detailed arguments on the equality-discrimination aspect of same-sex sodomy laws – which the Bowers Court majority did not consider. The Court split 6-3; the majority struck down the Texas statute. Justice Kennedy, speaking for himself and 4 other judges of the majority, found instant fault with the Bowers Court for framing the issue in question before it as simply whether homosexuals had a fundamental right to engage in sodomy.

Privacy, intimacy, home

This mistake, Justice Kennedy claimed, “…discloses the Court’s own failure… To say that the issue in Bowers was simply the right to engage in certain sexual conduct demeans…the individual…just as it would demean a married couple were it to be said marriage is simply about the right to have sexual intercourse. Their penalties and purposes (of the laws involved)…have more far-reaching consequences, touching upon the most private human conduct, sexual behavior, and in the most private of places, the home.” Justice Kennedy, joined by Justice Stevens, Justice Souter, Justice Ginsburg and Justice Breyer, found that the Texas statute violated the right to privacy granted by the Due Process clause of the US Constitution:

“The petitioners are entitled to respect for their private lives. The State cannot demean their existence or control their destiny by making their private sexual conduct a crime. “It is a promise of the Constitution that there is a realm of personal liberty which the government may not enter.”” [The quote is c.f. Planned Parenthood of Southeastern Pa. v. Casey 505 US 833 (1992)]

Imposed morality is defeated

With the privacy argument established as controlling, Justice Kennedy went to some length to refute the ‘historical morality’ argument that was put forward in Bowers by then Chief Justice Burger: “At the outset it should be noted that there is no longstanding history in this country of laws directed at homosexual conduct as a distinct matter… The sweeping references by Chief Justice Burger to the history of Western civilization and to Judeo-Christian moral and ethical standards did not take account of other authorities pointing in an opposite direction.” To illustrate these other authorities, Justice Kennedy references the ECHR’s decision in Dudgeon supra which was reached five years before Bowers: “Authoritative in all countries that are members of the Council of Europe (21 nations then, 45 nations now), the decision (Dudgeon) is at odds with the premise in Bowers that the claim put forward was insubstantial in our Western civilization.”.

The Court then affirmed that morality could not be a compelling ground to infringe upon a fundamental right: “Our obligation is to define the liberty of all, not to mandate our own moral code”. The lone remaining judge of the majority, Justice O’Connor, based her decision not on the right to privacy but on equality-discrimination considerations. Interestingly, Justice O’Connor sat on the Bowers Court and ruled with the majority in that case. Basing her decision on equal protection grounds allowed her to concur with the majority in Lawrence but not overturn her earlier position in Bowers which had rejected a right to privacy claim. It also enabled her to strike down the Texas statute while not conceding homosexuality as a constitutionally guaranteed private liberty. There were three dissenters: The chief dissent was delivered by Justice Scalia, in which he was joined by Chief Justice Rehnquist and Justice Thomas. Bowers was not merely distinguished by the majority, it was overruled:

“Bowers was not correct when it was decided, and it is not correct today. It ought not to remain binding precedent. Bowers v. Hardwick should be and now is overruled.”

For more details visit https://cis-india.org/internet-governance/blog/privacy-autonomy-sexual-choice-common-law-recognition-of-homosexuality

Privacy worries cloud Facebook's WhatsApp Deal

sunil — 2014-03-20T05:59:28Z

Privacy activists in the United States have asked the competition regulator or the Federal Trade Commission to put on hold Facebook's acquisition of WhatsApp. Why have they done this when Facebook has promised to leave WhatsApp untouched as a standalone app?

Read the original published in the Economic Times on March 14, 2014

Activists have five main concerns.

Facebook has a track record of not keeping its promises to users.
The ethos of both companies when it comes to privacy is diametrically opposite.
The probability that WhatsApp messages and content will be intercepted because of Facebook's participation in NSA's PRISM spying programme.
Facebook slurping WhatsApp's large repository of phone numbers.
Two hundred trackers already monitor your internet use when you are not using Facebook and now they tracking mobile use much more granularly. This week the Indian competition regulator (CCI) also told the media that the acquisition would be subject to scrutiny. However, unlike the US regulator the Indian regulator does not have the mandate to examine the acquisition from a privacy perspective.

LIRNEAsia research in Indonesia paints a very similar picture to one we have in India. When Indonesian mobile phone users were asked if they used Facebook they answered in affirmative. Then the very same users were asked if they used the internet and they replied in negative. A large number of Facebook users in these other similar economies are trapped within what are called "walled gardens."

Walled gardens allow mobile phone subscribers without data connections to get access to a single over-the-top service provider like Facebook because their telcom provider has an arrangement. Software such as Facebook on every phone makes it possible for feature phone users to also enter the walled garden.

According to Facebook it "is a fast and easyto-use native app that works on more than 3,000 different types of feature phones from almost every handset manufacturer that exists today."

Unlike North American and European users of Facebook - who freely roam the "world wild web" and then choose to visit Facebook when they want to many Indian users will first experience data services in a domesticated fashion within a walled garden.

Whether or not they will wander in the wild when they are have full access to the internet remains to be seen. But given our poor rates of penetration, dogmatic insistence on network neutrality at this early stage of internet adoption may not be the right way to maximise welfare and consumer interest.

Fortunately for Facebook and unfortunately for us, India still does not have a comprehensive data protection or horizontal privacy law. The Justice AP Shah Committee that was constituted by the Planning Commission in October 2012 recommended that the Privacy Act articulate national privacy principles and establish the office of the Privacy Commissioner. It further recommended that data protection and surveillance be regulated for both the private sector and the state.

Since then the Department of Personnel and Training has updated the draft bill to implement these recommendations and has been working towards consensus within government.

Since we still don't have our own privacy regulator we will have to depend on foreign data protection authorities and privacy commissioners to protect us from the voracious appetite for personal data of over-the-top service providers like Facebook This is woefully insufficient because they will not act on harm caused to Indian consumers or be aware of how Facebook acts differently in the Indian market.

As we approach the first general election in India when social media will play a small but influential role it would have been excellent if we had someone to look out for our right to privacy.

For more details visit https://cis-india.org/internet-governance/blog/economic-times-march-14-2014-sunil-abraham-privacy-worries-cloud-facebook-whatsapp-deal

Privacy Round Table, New Delhi (October 2013)

praskrishna — 2013-09-28T02:52:26Z

The Centre for Internet and Society (CIS), Federation of Indian Chambers of Commerce and Industry (FICCI), and DSCI cordially invite you to a "Privacy Round Table" at the FICCI Federation House in Tansen Marg on October 19, 2013.

Click the below links to:

Download the event brochure
Download the latest version of the Draft Privacy Bill

Jacob Kohnstamm, Data Protection Authority, Netherlands and Chairman of the Article 29 Working Party, Chantel Bernier, Assistant Privacy Commissioner, Canada, and Christopher Graham, Information Commissioner, UK will make presentations:

Agenda

Time	Detail
10:00 10:30	Introduction and summary of previous Roundtables
10:30 11:00	“Data Protection in the European Union” Mr. Jacob Kohnstamm, Data Protection Authority, Netherlands and Chairman of the Article 29 Working Party
11:00 11:15	Tea
11:15 12:15	Regulatory Frameworks and Jurisdiction a. Co-Regulation vs. Self Regulation vs. Statutory Regulation b. Applicability of regulatory framework to domestic processing vs. multiple/international jurisdictions
12:15 12:45	“An Overview of the Canadian Privacy Regime” Ms. Chantal Bernier, Assistant Privacy Commissioner, Canada
12:15 13:30	The Privacy Commissioner a. Composition of the Office of the Privacy Commissioner (officers, funding, organizational structure) b. Powers of the Privacy Commissioner (investigation, audit, privacy impact assessment etc) c. Functions of the Office of the Privacy Commissioner
13:30 14:30	Lunch
14:30 15:30	Rights of the individual and exceptions to the right to privacy a. Rights of the individual including: notice, access, deletion etc. b. Exceptions to the right to privacy: national security, public order, public interest, prevention and detection of crime etc.
15:30 16:00	“An overview of the Privacy Regime in the UK” Mr. Christopher Graham, Information Commissioner, UK
16:00 16:15	Tea
16:15 17:00	Defining and protecting personal data and personal sensitive data a. Definitions and distinctions between personal data vs personal sensitive data b. Levels of protection for personal data vs. personal sensitive data c. Penalty and remedy for breach of personal data vs. personal sensitive data
17:00 18:00	Penalty and Redress a. Forms and extent of penalty: fine, public notice, shut down of services etc. b. Forms of redress for the individual c. Enforcement of penalty and redress

The Speakers

Jacob Kohnstamm	Before his appointment as Chairman of the Dutch Data Protection Authority in 2004, Jacob Kohnstamm was active in Dutch politics as member of the Lower House of the Dutch Parliament, as State Secretary for Internal Affairs and as member of the Senate of the Dutch Parliament (between 1981 and 2004). Before that, he worked as a lawyer in Amsterdam. Since February 2010, Jacob Kohnstamm is Chairman of the Art. 29 Working Party of European Data Protection Authorities. Since November 2011, Jacob Kohnstamm is also Chairman of the Executive Committee of the International Conference of Data Protection and Privacy Commissioners.
Chantal Bernier	Chantal Bernier was appointed Assistant Privacy Commissioner of Canada in December 2008. Ms. Bernier started her career in the federal government as a lawyer in the Department of Justice, Canada. She went on to hold a directorship at the Privy Council Office before being appointed Assistant Deputy Minister at Indian and Northern Affairs Canada, and later on at Public Safety Canada. She holds a Bachelor of Civil Law from the University of Sherbrooke and a Masters in Public International Law from the London School of Economics and Political Science.
Christopher Graham	Christopher Graham became UK Information Commissioner in June 2009, with responsibility for overseeing the Freedom of Information Act and Data Protection Act regimes — upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals. He is the Vice Chair of the Article 29 Working Party of the European Data Protection Authorities. Christopher was the director general of the Advertising Standards Authority (ASA) from April 2000 to June 2009. From 2003-5, he was chairman of the European Advertising Standards Alliance (EASA), the federation of advertising self-regulatory bodies across the EU Single Market. Prior to joining the ASA, Christopher was for three years Secretary of the BBC. Christopher first joined the broadcaster as a news trainee in 1973. He was a Current Affairs Producer for BBC Radio and TV before becoming Managing Editor of News Programmes for TV and Radio.

Confirmations and RSVP

Please send your email confirmations for attending the Delhi Privacy Round Table on October 19, 2013, to Elonnai Hickok (elonnai@cis-india.org)

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-delhi-october-19-2013

Privacy Round Table, New Delhi

praskrishna — 2013-08-12T10:41:08Z

The Centre for Internet and Society (CIS), FICCI and DSCI cordially invites you to attend the "Privacy Round Table" to be held at the FICCI, Federation House, Tansen Marg, New Delhi on Saturday, August 24, 2013, 10.30 a.m. to 5.00 p.m., to discuss the "Report of the Group of Experts on Privacy" by the Justice A.P. Shah Committee, the text of the "Citizen's Privacy (Protection) Bill, 2013, drafted by the Centre for Internet and Society, and "Strengthening Privacy Protection through Co-Regulation" by DSCI.

Featured Remote Presentation from Jamie Hine and Betsy Broder, Federal Trade Commissioner, US

The discussions and recommendations from the meeting will be published into a compilation, and presented at the Internet Governance meeting planned for October 2013.

Draft Agenda for the Roundtable Discussion

Time	Detail
10.30	Overview, explanation, and discussion: The Report of the Group of Experts on Privacy.
11.30	Overview, explanation, and discussion: Strengthening Privacy Protection through Co-regulation.
12.15	Tea
12.30	Overview, explanation, and discussion: The Citizens Privacy (Protection) Bill, 2013.
13.15	Lunch
14.15	In depth discussion and overview of discussions and feedback from previous Roundtables and subsequent amendments to the Citizens Privacy (Protection) Bill, 2013.
16.00	The US Privacy Framework: Remote Presentation from Jamie Hine and Betsy Broder, Federal Trade Commission, US.
17.00	Tea

Confirmations and RSVP:

Please send your email confirmations for attending the New Delhi Privacy Roundtable on August 24, 2013, to elonnai@cis-india.org

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-delhi

Privacy Round Table, Kolkata

praskrishna — 2013-07-10T06:11:59Z

The Centre for Internet and Society, the Federation for Indian Chambers of Commerce and Industry, and the Data Security Council of India cordially invite you to attend the "Privacy Round Table" in Kolkata on July 13, 2013, 10.30 a.m. to 4.00 p.m., to discuss the "Report of the Group of Experts on Privacy" by the Justice A.P. Shah Committee, the text of the "Citizen's Privacy (Protection) Bill, 2013, drafted by the Centre for Internet and Society, and "Strengthening Privacy Protection through Co-Regulation" by DSCI.

Reijo Aarino, Data Protection Ombudsman of Finland will be the featured guest for this event. The discussions and recommendations from the meeting will be published into a compilation, and presented at the Internet Governance meeting planned for October 2013.

Click below to download the documents:

Draft Agenda

Time	Detail
10.30	Introduction to privacy frameworks for India: The Draft 2011 Right to Privacy Bill, the Report of the Group of Experts on Privacy, and Strengthening Privacy Protection through Co-regulation.
11.30	Overview, explanation, and discussion: The Privacy Protection Bill 2013
13.00	Lunch
14.00	Open Discussion: Reijo Aarnio, Data Protection Ombudsman of Finland
16.15	Tea

Please send your confirmations for attending the Kolkata Roundtable Privacy on July 13, 2013, to Maria Xynou at maria@cis-india.org

For more details visit https://cis-india.org/internet-governance/events/privacy-round-table-kolkata

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback)

elonnai — 2013-07-12T10:50:22Z

In 2013 CIS drafted the Privacy Protection Bill as a citizens' version of a privacy legislation for India. Since April 2013, CIS has been holding Privacy Roundtables in collaboration with FICCI and DSCI, with the objective of gaining public feedback to the Privacy Protection Bill and other possible frameworks for privacy in India.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC

As a part of this process, CIS has been amending the Privacy Protection Bill based on public feedback. Below is the text of the Bill as amended according to feedback gained from the New Delhi, Bangalore, and Chennai Roundtables.

Click to download the Privacy Protection Bill, 2013 with latest amendments (PDF, 196 Kb).

For more details visit https://cis-india.org/internet-governance/blog/privacy-protection-bill-2013-with-amendments-based-on-public-feedback

Privacy Policy Research

vanya — 2016-01-03T09:40:37Z

The Centre Internet and Society, India has been researching privacy policy in India since the year 2010 with the following objectives.

Raising public awareness and dialogue around privacy,
Undertaking in depth research of domestic and international policy pertaining to privacy
Driving comprehensive privacy legislation in India through research.

India does not have a comprehensive legislation covering issues of privacy or establishing the right to privacy In 2010 an "Approach Paper on Privacy" was published, in 2011 the Department of Personnel and Training released a draft Right to Privacy Bill, in 2012 the Planning Commission constituted a group of experts which published The Report of the Group of Experts on Privacy, in 2013 CIS drafted the citizens Privacy Protection Bill, and in 2014 the Right to Privacy Bill was leaked. Currently the Government is in the process of drafting and finalizing the Bill.

Privacy Research -

1. Approach Paper on Privacy, 2010 -

The following article contains the reply drafted by CIS in response to the Paper on Privacy in 2010. The Paper on Privacy was a document drafted by a group of officers created to develop a framework for a privacy legislation that would balance the need for privacy protection, security, sectoral interests, and respond to the domain legislation on the subject.

CIS Responds to Privacy Approach Paper http://bit.ly/16dEPB3

2. Report on Privacy, 2012 -

The Report on Privacy, 2012 was drafted and published by a group of experts under the Planning Commission pertaining to the current legislation with respect to privacy. The following articles contain the responses and criticisms to the report and the current legislation.

The National Cyber Security Policy: Not a Real Policy http://bit.ly/16yLYFq

Privacy Law Must Fit the Bill http://bit.ly/19DNYjs

3. Privacy Protection Bill, 2013 -

The Privacy Protection Bill, 2013 was a legislation that aims to formulate the rules and law that governs privacy protection. The following articles refer to this legislation including a citizen's draft of the legislation.

The Privacy (Protection) Bill 2013: A Citizen's Draft http://bit.ly/1bXYbL6

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback) http://bit.ly/1efkgbe

Privacy (Protection) Bill, 2013: Updated Third Draft http://bit.ly/14WAgI7

The Privacy Protection Bill, 2013 http://bit.ly/1g3TwIX

The New Right to Privacy Bill 2011: A Blind Man's View of the Elephant http://bit.ly/17VSgCH

4. Right to Privacy Act, 2014 (Leaked Bill) -

The Right to Privacy Act, 2014 is a bill still under proposal that was leaked, linked below.

Leaked Privacy Bill: 2014 vs. 2011 http://bit.ly/QV0Y0w

For more details visit https://cis-india.org/internet-governance/blog/privacy-policy-research

We are anonymous, we are legion

Private sector censors

Private Sector and the cultivation of cyber norms in India

Private Censorship and the Right to Hear

Privacy: from regional regulations to global connections ?

Theme: Internet Governance Principles

Background Paper

Co-organisers

Panelists

Moderator

Remote Moderator

Agenda

Inclusiveness of the Session

Suitability for Remote Participation

Privacy, what? Bengaluru police leaks 46,000 phone numbers on Twitter

Privacy, security and surveillance: tackling international dilemmas and dangers in the digital realm

Privacy, Free/Open Source, and the Cloud

Introduction

Privacy Concerns:

How are privacy, free/open source, and the cloud related ?

Is free/open software the solution?

Conclusion

Privacy, By Design

Privacy, Autonomy, and Sexual Choice: The Common Law Recognition of Homosexuality

In the United Kingdom

The Wolfenden Report

The Sexual Offences Act, 1967

Developments in Scotland and Northern Ireland

Equalising the age of consent

Uniformity of equality

In the United States

Diversity of state laws

Bowers v. Hardwick

Privacy and autonomy

The majority’s “wilful blindness”: Blackmun’s dissent

The states respond, privacy is upheld

Lawrence v. Texas

Privacy, intimacy, home

Imposed morality is defeated

Privacy worries cloud Facebook's WhatsApp Deal

Privacy Round Table, New Delhi (October 2013)

Agenda

The Speakers

Jacob Kohnstamm

Chantal Bernier

Christopher Graham

Confirmations and RSVP

Privacy Round Table, New Delhi

Draft Agenda for the Roundtable Discussion

Confirmations and RSVP:

Privacy Round Table, Kolkata

Draft Agenda

Privacy Protection Bill, 2013 (With Amendments based on Public Feedback)

Privacy Policy Research