We are anonymous, we are legion

Power over privacy: New Personal Data Protection Bill fails to really protect the citizen’s right to privacy

Nikhil Pahwa — 2019-12-15T05:57:31Z

Nikhil Pahwa throws light on the new personal data protection bill.

The article by Nikhil Pahwa was published in the Times of India on December 12, 2019. CIS report was mentioned.

Earlier this year, in April, a data breach in the Election Commission of Philippines led to the leakage of personal information of over 55 million eligible voters on a searchable website: including names, addresses and date of birth. This was not the first data breach from the Election Commission. After the first, which took place in March 2016, where 340 GB of voter data was published online by a group of hackers called LulzSec Pilipinas, the National Privacy Commission of Philippines found that the Election Commission had violated the Data Privacy Act of 2012, and recommended criminal prosecution of its chairman, finding him liable when the agency failed to dispense its duty as a “personal information controller”.

It’s 2019, and that recommendation has still not been acted upon, because the National Privacy Commission of Philippines only has recommendatory powers for criminal prosecution. Meanwhile, data breaches continue at the Election Commission of Philippines.

Between 2017 and 2018, Aadhaar related personally identifiable data of several Indian citizens, including names, addresses, bank account numbers, in some cases pregnancy information and even religion and caste information of individuals, was published online by Indian government departments. The Centre for Internet and Society, in a report, estimated that personally identifiable data for 130-135 million Indian citizens had been leaked, thus putting them at risk. 210 government websites had made Aadhaar related data public, UIDAI confirmed in response to an RTI in 2017.

No one was held liable. There was no data protection law, no data protection authority, no criminal prosecution was recommended. Around that time, the Indian government was instead arguing in the Supreme Court that privacy isn’t a fundamental right under the Indian Constitution.

What we can learn from these two instances is that for the enforcement of a citizen’s right to privacy, and ensuring that no one takes the protection of data lightly, there needs to be a strong privacy law that holds even the government responsible, and above all, a strong data protection authority that is independent and has powers to penalise even government officials. On some of these counts, the Personal Data Protection Bill, 2019, disappoints.

First, members of the Data Protection Authority will no longer be appointed by independent entities from diverse backgrounds: where they were previously going to be appointed by a committee comprising the Chief Justice of India or a Supreme Court judge, the Cabinet secretary, and an independent expert, the power to appoint members to DPA now rests solely with government officials, including the appointment of adjudicating officers. In addition, the central government, in the interest of “national security, sovereignty, international relations and public order, can issue directions to DPA, which DPA will be bound by. Powers of DPA have also been reduced: while in the previous version of the bill, DPA had the sole power to categorise data as sensitive personal data, in the current version, the power rests with the central government, albeit in consultation with DPA. The central government will also notify any social media company as a significant data fiduciary, and not DPA. Only the central government can determine what critical personal data is, and not DPA.

This dependence on the government for appointments, functions and definitions, will invariably impact the independence of DPA, and even though the 2019 version of the bill gives it the authority to fine the state a maximum of Rs 5-15 crore, depending on the offence, i’d be surprised if this ever happens.

The bill does create significant exceptions for the state to acquire and process data, and an opportunity to create a base for surveillance reform in the country has been lost. The previous version of the bill had brought some sense of safety against mass surveillance, when it included the condition that processing of data by the government must be “necessary and proportionate”, drawing from Supreme Court’s historic right to privacy judgment. This is particularly important given that the bill also gives power to the government to exempt any agency from the provisions of the bill for processing of personal data, which includes acquiring data from any public or private entity.

Effectively, this means that government agencies may be exempt from any scrutiny by DPA, and can even collect data from third parties (for example, fin-tech companies, health-tech startups) without the user even knowing. Forget recommending criminal prosecution for mass surveillance, India’s DPA won’t even be able to fine a government agency for such a violation of the fundamental right to privacy. The government also has vast exceptions for data processing: “for the performance of any function of the state authorised by law”.

This aside, one of the more curious clauses in the bill is around non-personal data. The government, a few months ago, constituted a committee led by Infosys co-founder Kris Gopalakrishnan to look into the governance of non-personal data. Non-personal data, as the term suggests, is any data that is not related to an individual. In the bill, the government has given itself the right to acquire this data, which is essentially a company’s intellectual property, to “promote framing of policies for digital economy”. Why non-personal data finds a mention in a Personal Data Protection Bill is beyond comprehension, and this move will not inspire much confidence in businesses operating in India, when the state claims eminent domain over intellectual property.

It’s unfortunate minister Ravi Shankar Prasad is sending the bill to a select committee, given the fact that such significant changes to the bill should have led to another public consultation.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-december-12-2019-power-over-privacy

POV: Should user-generated content be monitored?

praskrishna — 2012-01-19T12:46:26Z

After being in the dock for carrying 'objectionable' content, Google and Facebook, along with15 other websites, are fighting for what they call internet freedom. Wikipedia went dark to protest the Web Piracy Bill being introduced in the US. afaqs! speaks to industry experts to find out if a move to monitor content can backfire.

Paritosh Joshi
CEO, STAR CJ Live

When asked to offer my two-bit on whether user-generated content can be monitored, my immediate response was laden with invective expressions. Any publication that caters to people of refined and/or delicate tastes would find it hard to publish. For what it is worth, here it is, with bits bleeped out: "Only a *bleep*er, would reasonably suggest monitoring user-generated content. Or else, her/his name is Wen JiaBao or Kim Jong Number Un or something".

How big is this UGC thing anyway? Take a relatively small example. Twitter crossed 200 million tweets a day in June, 2011. At even 5 per cent compounded monthly growth rate, that should have ballooned to 280 million a day now. And, we haven't even begun talking about Facebook. Unless, of course, you choose to do a PR China and simply firewall it right out of reach.

Guess what! It isn't going to work because everyone will start figuring our proxy servers. Or perhaps you, or someone called Sybil or Sillable or Sibaling Rivalry (whatever) decided to say, to hell with Article 19 of the Indian Constitution. In which case, there is, quite literally, nothing left to say.

My 13-year-old figured out how to beat Net Nanny when she was 10. And someone thinks he can have a Net Supernanny to cover everyone? That ship has sailed. Deal with it.

Bharat Kapadia,
Founder, ideas@bharatkapadia.com

Gone are the days when a piece of news could be vetted and an editor could control what was being published. In these modern times, content generation has become real-time, making it practically impossible to monitor it. With the scope of the internet being so large and new ways to publish content coming up rapidly, it becomes physically and technically impossible to keep a check.

This is a classic case of shoot the messenger who brings bad news. Just because a website brings up objectionable content on a search does not make it punishable. What is right and wrong is a matter of judgment, and is totally subjective.

On a lighter note, to know why Wikipedia was blacked out for a day, one will have to probably refer to Wikipedia itself!

Sunil Abraham

Executive director, Centre for Internet and Society

User-generated content is already heavily monitored. Be it Facebook or Wikipedia, these sites are heavily monitored by persons and machines. Bots monitoring pornography via image processing, intellectual property via watermarking and pattern recognition, and ban-lists via semantic analysis are already used to ensure that content is compliant with the law of the land, and with the usually even more restrictive site or community "terms of use".

The World Wide Web has, for most parts, gone extinct. Under the Information Technology Act 2000, amended in 2008, take-down notices can be sent to remove illegal content. Our research indicates that even the largest national and international intermediaries happily over-comply with frivolous complaints and only bother about freedom of expression when it undermines their business models. Unfortunately, the IT Act and its associated rules have severely diluted free speech rights for Indians. Now, the government hopes to convince intermediaries to dilute their own terms of reference and step-up enforcement levels.

We should not fool ourselves into thinking that private sector companies like Google will defend our fundamental rights. The next Parliament session is the last opportunity for parliamentarians to ask for the revocation of the rules for intermediaries, cyber-cafes and reasonable security practices.

Alok Kejriwal

CEO, Games2win

I feel that user-generated content should not be monitored, but moderated. And, this responsibility lies with the users or consumers. The reason for this is simple - wisdom of the crowd is more powerful than the wisdom of one.

On the other hand, sites like Google and Facebook, which are in the dock for carrying objectionable content, are being plain arrogant. They have forgotten their purpose for being here. These companies must realise that just because we Indians have a great press and judicial system, they do not have the freedom to publish anything that is derogatory to our culture. In my view, they are behaving like spoilt American brats, who have no respect for another culture, mythology and values.

Anupam Mukerji

The fake IPL player

Co-founder, Pitch Invasion

There are few amongst us who wouldn't want to be amused by a speaking parrot which regales us with stuff it's trained to speak. But, what would you do if your speaking parrot refused to toe your line, spoke only the truth with scant regard to diplomacy and political correctness, spilling your beans to visitors every day?

For far too long, the political class has survived and thrived by keeping the media in covert and overt control, thereby directing public opinion where they wanted. Online social media has changed the rules of this game.

The medium isn't the criminal. Acting against a medium is worse than even shooting the messenger.

The new age citizen is a different animal from any of the past. More aware, more travelled, more opinionated and more demanding. This is a species you try to control at your own peril. But, if you try to embrace it in the right spirit, it will reciprocate in kind.

The constitution gives us the right to voice our opinions without fear. The same constitution also prohibits us from spreading lies, defaming people, inciting violence or acting in an anti-national manner.

India needs an environment of freedom and fearlessness because without this, we will be nothing but 'a China with poor infrastructure'.

Nisha Menon's blog post was originally published in afaqs! on 19 January 2012

For more details visit https://cis-india.org/news/pov-should-user-generated-content-be-monitored

Post-website attack, cops hot on pursuit of Anonymous hackers

praskrishna — 2012-08-06T09:51:11Z

The cyber crime wing has formed special teams to nab the hackers who attacked and stole data from the Tamil Nadu police website.

The article was published in the Times of India on July 11, 2012. Pranesh Prakash is quoted.

"We have submitted a formal complaint to trace the hacker," said additional director general of police (ADGP-State Crime Records Bureau) Ashish Bhengra after a high-level meeting on Tuesday led by director general of Police K Ramanujam. The meeting discussed the precautionary steps to prevent similar incidents.

The hacktivist collective Anonymous said on Tuesday that they hacked the TN police's website to protest internet censorship by the government of India. On July 8, the group released a set of files containing complaints made by public to the TN police and action taken by officials. "This is less about TN police and more about a continuing protest," said members of the group in an internet relay chat to TOI. The group said apart from certain Internet service providers, the government continued to censor the internet.

"If our protest is not respected for the very real and constitutional questions it raises, then we throw more and more areas open where wrongdoing may be found," said a member.

The group's India wing posted links to the leaked documents under its Twitter handle 'opindia_revenge' on Sunday night. The files show a range of complaints filed by the public -- from fleecing of passengers by autorickshaw drivers, property disputes, grouses from police personnel and instances of missing mobile phones and people. The complaints have been filed from across Tamil Nadu, including Chennai, Coimbatore, Madurai, and even places such as Uttarakhand and Kuwait.

The group has redacted phone numbers and email ids in some cases but has left other data like name and address. The documents also have details of action taken by the police -- from forwarding the case to the respective police station to digging up information on accused persons.

Anonymous India, which has done a series of virtual sit-ins on government and corporate websites, has only a few high-profile hacking operations in India. In May, it hacked the servers of Reliance Communications, preventing users from accessing social media websites. The group also released a list of websites that were allegedly blocked by Reliance. The group started attacking official websites to protest what it called 'censorship' of the internet that snowballed after a Madras High Court 'John Doe' order to prevent movie piracy. Anonymous also organised a protest march on June 9 at various Indian cities.

However, the latest attack inconveniences public and damages the cause, said users. "Anonymous consists of a large bunch of activists who gained some credibility in India after they organised offline protests. But this operation doesn't serve any purpose and brings down their credibility as details of those who filed complaints have been revealed," said Pranesh Prakash, lawyer and programme manager at The Centre for Internet and Society, a Bangalore-based research organisation.

According to a member of Anonymous, people are afraid of thinks that they are not aware of. "Some were angry at us for leaking data from Reliance. But if criticism is justified, we will make sure it doesn't happen again," said the member.

For more details visit https://cis-india.org/news/post-website-attack

Post and be Damned

praskrishna — 2012-11-19T03:40:46Z

Your careless comments online could put you in jail, thanks to Section 66A of the Information Technology Act. Kavitha Shanmugam examines a law that some critics say is vague and unconstitutional

Kavita Shanmugham's column was published in the Telegraph on November 14, 2012. Pranesh Prakash is quoted.

Two weeks ago, S. Ravi, owner of a small plastic packaging unit in Puducherry, was rudely woken up by the police at 5am, manhandled and arrested. Reason: Ravi had posted a couple of unflattering comments about Karti Chidambaram, son of finance minister P. Chidambaram, on Twitter. He had tweeted that Chidambaram Junior "had amassed more wealth than Robert Vadra".

Ravi was arrested under Section 66A of the Information Technology (IT) Act, 2008, and hauled up before a judicial magistrate who remanded him to nine days in custody. "It was then that I became really scared," says Ravi, who is out on bail.

A casual tweeter with just 16 followers, Ravi believes he did nothing wrong. “I was using a statement that was already there on the Internet. They could have sent me a lawyer’s notice or investigated the complaint before taking action,” argues Ravi, whose Twitter following has now jumped to 2,518.

"My tweet was retweeted by 20,000 people, who dared the authorities to arrest them too," he adds indignantly, terming Section 66A a “draconian law" with "wide scope for misuse".

Ravi is not alone in denouncing Section 66A of the IT Act. Indeed, there is now a huge outcry against the law, with a section of legal and cyber experts saying that it is nothing but a useful tool in the hands of the powers that be to curb freedom of speech and expression online.

At the same time, there are those who believe that online abuse or defamation cannot masquerade as freedom of speech and that the law is necessary to move against those who commit this offence.

Karti Chidambaram, for one, believes that Ravi’s tweet was motivated and defamatory. "The tweeter made one tweet in 78 days. It was about me. It clearly implied that I am corrupt. That is malicious. So I preferred a complaint to the police. The law exists. I didn’t frame the law," he says.

Section 66A of the IT Act lays down that a person can be punished with up to three years’ imprisonment if he or she sends offensive information or messages through a computer resource or communication device. The problem arises because it fails to clarify what can be termed "offensive". For example, information that is "grossly offensive" or has "menacing character” or information disseminated for the “purpose of causing annoyance and inconvenience" are all brought under the ambit of "offensive". This leaves the law wide open for various interpretations and abuse. "It’s too vaguely worded," insists M. Lenin, a lawyer advising volunteers of India Against Corruption in Chennai. “Any online statement can be declared 'offensive' and any tweet may be deemed ‘inconvenient’. The section has become a convenient tool for the police to harass people."

Section 66A of the IT Act lays down that a person can be punished with up to three years’ imprisonment if he or she sends offensive information or messages through a computer resource or communication device. The problem arises because it fails to clarify what can be termed "offensive". For example, information that is "grossly offensive" or has "menacing character” or information disseminated for the “purpose of causing annoyance and inconvenience" are all brought under the ambit of "offensive". This leaves the law wide open for various interpretations and abuse.

"It’s too vaguely worded," insists M. Lenin, a lawyer advising volunteers of India Against Corruption in Chennai. “Any online statement can be declared 'offensive' and any tweet may be deemed ‘inconvenient’. The section has become a convenient tool for the police to harass people."

Earlier this year, Section 66A was also invoked, among other laws, to arrest Jadavpur University professor Ambikesh Mahapatra for forwarding an email cartoon of West Bengal chief minister Mamata Banerjee.

Indeed, some experts go a step further and call Section 66A patently unconstitutional. Says Pranesh Prakash, policy director, Centre for Internet and Society, Bangalore, "It’s clearly in violation of Article 19(1)(a) of our Constitution that guarantees freedom of speech. The fact that some information is ‘grossly offensive’ (Section 66A) or that it causes ‘annoyance’ or ‘inconvenience’ while being known to be false (Section 66A(c)) cannot be a reason for curbing freedom of speech unless it is directly related to violating decency, morality or public order, or amounts to defamation."

However, apologists for Section 66A argue that the law has its merits too in that it can be used to move against genuine incidents of harassment or defamation online. Take the case of Chinmayee Sripada, a popular Chennai-based playback singer. Chinmayee, who has one lakh followers on Twitter, was targeted by a group of six men who sent her lewd and threatening tweets for a period of time. Apparently, they were upset with her remarks on reservation and for not joining them in a Twitter campaign against the killing of Tamil Nadu fishermen by the Sri Lankan navy.

Recently, Chinmayee complained to the police with “thousands of pages of ugliness and vulgarity” and the trolls, including a professor at the National Institute of Fashion Technology, Chennai, were identified and arrested under Section 66A.

The offending tweeters apologised to her and closed their accounts after the arrest. "I believe Section 66A belled the cat. The arrest made people realise that Twitter also demands self-regulation. In the name of freedom of speech there is zero control on platforms like Twitter. There should be some boundaries," says Chinmayee’s mother T. Padmahasini.

Ramachandra Murthy, Ravi’s lawyer, too believes that Section 66A is a "good tool" for genuine cases of harassment. "Unfortunately, it is being misused by influential people. Still, if you are innocent the case can never hold up in court," he reasons.

Others question the need for a separate law to deal with cases of online defamation or harassment when the Indian Penal Code already has provisions to tackle them. New Delhi-based lawyer Apar Gupta cites the examples of Section 500, 499 and 294 of the IPC which deal with defamation or committing obscene acts in public. "Section 66A only makes the burden on the accused harsher," he adds.

While some IT experts want Section 66A scrapped, others say that it should at least be amended. “Even if the section is not struck off the statute books, the provisions in it may be read down by the courts and safeguards may be prescribed in its application,” says Gupta.

Until that happens, mistaking social media platforms for online drawing rooms where you can indulge in all kinds of freewheeling chat could be fraught with danger.

Justice A.P. Shah, a former chief justice of the Delhi High Court, echoes that view. "Section 66A is very broad and loosely worded. The scope of such a law has to be restricted. Instead, it is vague and clearly violative of Article 19(1)(a) of the Constitution that guarantees freedom of speech and expression," he says.

For more details visit https://cis-india.org/news/telegraphindia-opinion-story-kavitha-shanmugham-nov-14-2012-post-and-be-damned

Portal augurs well for transparency

praskrishna — 2011-07-26T15:16:47Z

Data.gov.in will have meta-data, which will facilitate discovery of data and access from portals of ministries, says T Ramachandra. The article was published in the Hindu on 25 July 2011.

The unveiling of an official data access and sharing policy and the commissioning of a data portal (data.gov.in), which is on the anvil, will pave the way for digitally opening up the Central government data to the public.

"The data portal will be having meta-data [data about data], which will facilitate the discovery of the data and access from the portals of respective government departments/ministries. At present, the data policy is likely to cover the Central government and all activities funded by the Government of India," said R. Siva Kumar, CEO of National Spatial Data Infrastructure, and head of Natural Resources Data Management System, Department of Science and Technology.

Governmental data-holding organisations will prepare a negative list of non-shareable sensitive data, weighing the need to restrict public access given such considerations as security and privacy, against the obligation to share it with civil society and the scientific community. Apart from this, access to certain categories of data will be restricted.

The broad guidelines spelt out in the Right to Information Act will be followed and the list will be periodically reviewed. "All data outside the negative list will be proactively disseminated, and an oversight committee will facilitate policy implementation," said Dr. Kumar.

But does this mean that the public have to make specific requests for the unlocking of data-sets? “Data will be available through the data portal, and there will be no specific unlocking required. However, access to certain data may be through registration/authorisation,” he responded.

The sharing of such data might be tied to a pricing policy. "Pricing will be decided by the respective department/ministry. However, standardised parameters will be made available as guidelines for fixing the price," he said.

The draft of the proposed National Data Sharing and Accessibility Policy the government published some time ago indicates that the departments themselves can decide whether the data belongs to the ‘open access', ‘registered access,' or ‘restricted access' categories, with the policy neither mandating nor coming up with guidelines on how to do so, said Pranesh Prakash, programme manager, Centre for Internet and Society (CIS), a Bangalore-based NGO.

The CIS has recommended that the policy have the same scope as the RTI Act, and that all ‘public authorities,' as defined under the Act, be covered by it. Only the restricted categories (laid down in Sections 8 and 9 of the RTI Act) should be allowable for ‘restricted access.'

In a study on open government data in the Indian context, the CIS suggested that any policy be oriented towards meeting the requirements of a broad spectrum of citizenry. Specifically, sections that do not get to immediately benefit from advances in information technology. “Data mashing and private sector information products are important goals,” but the government itself should be proactive in creating the applications that show potential uses for the data.

The World Wide Web Consortium (W3C), the global body that sets web standards, has said governments, by putting their data on the Internet, facilitate greater transparency, deliver more efficient public services and encourage greater public and commercial use and re-use of government information.

Anil Bairwal, National Coordinator of the Association for Democratic Reforms, which is involved in disseminating election-related data through its website Electionwatch, says there is “huge public interest” in data, and that accessibility was of prime importance. For instance, election-related data was made available by the authorities in the PDF/image file formats. “This forces us to do a manual interpretation of every affidavit, which consumes a lot of time and energy. It would be helpful if this data was available in a portable open format via an online tool.”

Other countries have already made strides in furthering open data. Prominent examples are the U.K. government website, data.gov.uk, and the U.S. government's www.data.gov website, which is key to President Barack Obama's Open Government Initiative.

Read the original article published in the Hindu here

For more details visit https://cis-india.org/news/portal-augurs-well-for-transparency

Porn. Panic. Ban: A Conversation on Sexual Expression, Pornography, Sexual Exploitation, Consent

praskrishna — 2015-11-29T07:36:58Z

Point of View and the Internet Democracy Project organized a conference to hold and facilitate an informed conversation on sexual expression, pornography, sexual exploitation and consent. Rohini Lakshané was a speaker. Tanveer Hasan also attended this conference held in New Delhi from October 28 to 30, 2015.

The conference was a first attempt to have an in-depth civil society conversation - among activists, lawyers, researchers working on either gender, sexuality or internet rights, or at their intersections. For more information on the event visit the Internet & Democracy website. Rohini presented her research on online amateur pornography and consent.

For more details visit https://cis-india.org/internet-governance/news/porn-panic-ban-a-conversation-on-sexual-expression-pornography-sexual-exploitation-consent

Porn block in India sparks outrage

pranesh — 2015-08-05T02:10:46Z

India’s government has triggered a storm of protest after blocking 857 alleged pornography websites, with privacy and internet freedom campaigners, as well as consumers, condemning the move as arbitrary and unlawful.

The article by Amanda Hodge was published in the Australian on August 5, 2015. Pranesh Prakash gave his inputs.

The order, enforced since Sunday by the country’s main internet service providers, comes amid debate about the influence of pornography on sex crime in India, and as the Supreme Court considers a petition by lawyer Kamlesh Vaswani to ban pornographic websites that harm children.

The government has been forced to defend the move, saying it was taken in response to Supreme Court criticism at inaction against child pornography websites, although the Supreme Court itself has refused to impose any interim ban while it considers the petition. The websites — a fraction of the world’s millions of internet pornography sites — will remain blocked until the government figures out how to restrict access, a spokesman said.

Critics have slammed the measure as unconstitutional and pointed out the list includes adult humour sites that contain no pornographic content. Others have suggested it is another intrusion into the private lives of ordinary Indians by an administration intent on pushing a puritanical Hindu agenda, citing the recent ban on beef in several states and an alleged “Hindu-isation” of school textbooks.

That prompted outrage from Telecom Minister Ravi Shankar Prasad. “I reject with contempt the charge that it is a Talibani government. Our government supports free media, respects communication on social media and has respected freedom of communication always,” he said.

While India has no law preventing citizens accessing internet pornography, regulations do restrict the publishing of “obscene information in electronic form”. Centre for Internet and Society policy director Pranesh Prakash told The Australian yesterday that some elements of that act were welcome — such as prohibition of child pornography and the uploading of a person’s private parts without consent — but “the provisions relating to ‘sexually explicit materials’ are far too broad, with no exceptions made for art, architecture, education or literature”.

Mr Prakash said the pornography ban amounted to an “abdication of the government’s duty”, given the list of sites blocked was provided on request to the government by one of the Vaswani petitioners. “The additional solicitor-general essentially asked one of the petitioners to provide a list of websites, which she passed on to the Department of Information Technology, which in turn passed to Department of Telecommunications asking for them to be blocked or disabled.

“That is not acceptable in a democracy where it is not the government which has actually found any of these websites to be unlawful.” Mr Prakash also criticised the secrecy surrounding the order, which he said contravened Indian law requiring a public declaration of any intended ban so that it might be challenged. The bans were made under “Rule 12” of India’s IT Act, which empowers the government to force ISPs to block sites when it is “necessary or expedient”.

For more details visit https://cis-india.org/internet-governance/news/the-australian-news-august-5-2015-amanda-hodge-porn-block-in-india-sparks-outrage

Porn ban: People will soon learn to circumvent ISPs and govt orders, expert says

pranesh — 2015-08-05T01:47:52Z

The article by Karthikeyan Hemalatha was published in the Times of India on August 2. Pranesh Prakash gave inputs.

The government used other sections of the Act to circumvent this provision. Sources in the Department of Telecommunication, which comes under the ministry of communications and information technology, said a notification had been issued under Section 79 (b) of IT Act under which internet service providers could be penalized for not following government orders. "Though the section protects an internet service provider (ISP) from legal action for the content it may allow, it can be penalized for not following government orders to ban them," said Prakash.

Last month, the Supreme Court declined to pass an interim order to block websites which have pornographic content. "Such interim orders cannot be passed by this court. Somebody may come to the court and say 'look I am above 18 and how can you stop me from watching it within the four walls of my room?' It is a violation of Article 21 [right to personal liberty]," said Chief Justice H L Dattu.

The judge was reacting to a public interest litigation filed by advocate Kamlesh Vashwani who was seeking to block porn websites in the country. "The issue is definitely serious and some steps need to be taken. The Centre is expected to take a stand. Let us see what stand the Centre will take," the Chief Justice said and directed the Centre to reply within four weeks. Over the weekend, the stance became clear.

Sources also say that Section 19 (2) of the Constitution was used for the ban. The section allows the government to impose "reasonable restrictions in the interest of sovereignty and integrity of India, security of the state, decency or morality or in relation to contempt of court."

For netizens, the government could actually be providing crash courses on proxy sites. "This is the best way to teach people on how to circumvent ISPs and government orders," said Prakash, adding that real abusive porn sites might still be available.

"There is no dynamic mechanism to block all sites with pornographic content. The government has to individually pick URLs (uniform resource locator) to ban websites. Right now, only popular websites have been banned and the little known abusive sites like those that propagate revenge porn or child porn," said Prakash. "No ban can be comprehensive," he added.

For more details visit https://cis-india.org/internet-governance/news/the-times-of-india-august-2-2015-karthikeyan-hemalatha-porn-ban

Poor Guarantee of Online Freedom in India

praskrishna — 2012-06-17T04:18:26Z

The debate over the "Intermediaries Guidelines" as part of the Information Technology Act, 2000 in Parliament brought focus to the issue of censorship and lack of accountability of governing bodies vis-à-vis the internet in the country. This cannot be divorced from the larger questions related to the threats to freedom of expression from both the state and various societal actors today.

This article by Geeta Seshu was published in the Economic & Political Weekly, Vol XLVII No. 24, June 2012.

An annulment motion against the Information Technology (Inter-mediaries Guidelines) Rules, 2011 moved by Member of Parliament (MP) P Rajeev of the Communist Party of India (Marxist) in the Rajya Sabha, was the first serious attempt by internet freedom activists to get the Information Technology (IT) Act, 2000 discussed and reviewed by the country’s lawmakers.

Not unexpectedly, the motion, specifically against the rules governing intermediaries – clause (zg) of subsection (2) of Section 87 read with subsection (2) of Section 79 of the >IT Act, 2000 – was not carried. However, the discussion that preceded it at least demonstrated the concerns of parliamentarians about what internet freedom activists have termed the “draconian” provisions of the IT Act.

It is about time, really, that parliamentarians sit down to review what they very quickly acquiesced to in December 2009. It is also about time that the debate over the provisions of the IT Act be conducted in the public domain, instead of in closed-door meetings with expert groups and committees comprising a narrow set of stakeholders favoured by the government or its various wings.

The discussion in the Rajya Sabha largely centred around the vague and sweeping terminology of the range of content that anyone could take objection to. P Rajeev said that while he supported the regulation of the internet, he was not in favour of its control. The rules were ultra vires the IT Act, he said. Echoing his concern, leader of the opposition Arun Jaitley of the Bharatiya Janata Party, D Raja of the Communist Party of India and N K Singh of the Janata Dal (United) – to name just a few – also said that the internet was different from other media and censoring it was untenable.

Finally, union minister for information technology, Kapil Sibal, was forced to give an assurance to the house that he would call a meeting of MPs, industry and all stakeholders and implement whatever consensus emerges after a discussion on the specific words members had objections to.

There was no mention from the minister on a host of other problem areas in the rules as they are currently framed, including the very sweeping definition of an “intermediary” itself (any entity which on behalf of another receives, stores or transmits any electronic record – which means internet service providers, web hosting providers, search engines, online payment sites, cybercafes and bloggers too). No mention either of the rules for intermediaries to takedown notices within 36 hours of receiving a complaint, irrespective of whether these are fair and reasonable. No mention of whether the rules need to provide procedures for hearing and adjudicating complaints before any content is taken down.

The IT Guidelines

In several ways, the rules have gone way beyond what was laid down in the IT Act, but they also add considerably to the original reasonable restrictions laid down under Article 19 (2) of the Constitution of India. Some of the terms that can invite objections under the guidelines are:

(a) Belongs to another person and to which the user does not have any right to; (b) grossly harmful, harassing, blasphemous, defamatory, obscene, pornographic, paedophiliac, libellous, invasive of another’s privacy, hateful, or racially, ethnically objectionable, disparaging, relating or encouraging money laundering or gambling, or otherwise unlawful in any manner whatever; (c) harm minors in any way; (d) infringes any patent, trademark, copyright or other proprietary rights; (e) violates any law for the time being in force; (f) deceives or misleads the addressee about the origin of such messages or communicates any information which is grossly offensive or menacing in nature; (g) impersonate another person; (h) contains software viruses or any other computer code, files or programmes designed to interrupt, destroy or limit the functionality of any computer resource; (i) threatens the unity, integrity, defence, security or sovereignty of India, friendly relations with foreign states, or public order or causes incitement to the commission of any cognisable offence or prevents investigation of any offence or is insulting any other nation.

With this wide-ranging and entirely arbitrary set of potential violations, the possibility of misuse is also immense. In its comments submitted in response to the draft rules, Privacy India and the Centre for Internet and Society (CIS) pointed out that Sections 79(1) and (2) of the amended IT Act itself did provide for exemptions for third party liabilities of intermediaries, something that the rules have now virtually set aside.[1]

Other comments submitted by these organisations about security and privacy of cybercafe users deal with minors and with the general architecture of cybercafes. In the first instance, the organisations expressed concern that undue restrictions on the use of the internet by minors (photo identity cards, accompanied by adults, etc) would hamper their access to the internet and would actually discourage poorer children from using the internet.

In the second instance, the detailed restrictions on the layout of the cybercafés – the height of cabins and the directions of the screens, etc, would, they felt, be intrusive and violate the privacy of internet users in cybercafes. Besides, vulnerable sections like sexual minorities or HIV positive patients may even be open to identity theft, they feared.

The discussion on the rules unfortunately did not come close to addressing these fears. While the lawmakers generally accepted the importance of regulation of the internet and electronic communication, there is still very little clarity on exactly how this must be done, the extent to which regulation must take place and the agency that will be entrusted with this task.

The IT Act, 2000 was first passed in an era when the country was transitioning to an electronic age. E-commerce was uppermost in the minds of policymakers, their eyes firmly fixed on the new economy. But soon enough, it was clear that technology was developing rapidly and an expert committee was constituted to revise the act and suggest amendments that would incorporate technological changes.

Lack of Accountability

In the wake of the 26 November 2008 attack in Mumbai, national security and intelligence were powerful emotional catchwords and few questioned some of the sweeping provisions laid down by the rules under the IT Act. While the annulment motion focuses on the pernicious nature of the guidelines for intermediaries, this is only one amongst a series of rules that seek to change the very manner in which Indians can access and use the internet. Other rules relate to decrypting, monitoring and blocking of communication, data security and privacy (Section 69: interception, monitoring and decryption of information, Section 69 A: blocking, Section 69 B: monitoring of traffic data or information) and of course, the complete absence of checks and balances for the powers given to authorities like Computer Emergency Response Team India (CERT-In).

In fact, there has been little or no review of the responsibility vested in an agency like CERT-In, which describes itself as the nodal agency to oversee the security of the nation. Conflating security concerns with content that may be objectionable to some is one thing but also providing this agency with the powers to block sites without even the creators of these sites getting to know about it is another.

Most of our attention today is on the censorship rampant on the internet in India. Most recently, there have been several instances of internet sites being blocked and takedown notices sent to bloggers. In the last few months, we have had the arbitrary blocking of the website cartoonsagainstcorruption.com which was run by Kanpur-based cartoonist Aseem Trivedi, the arrest of Jadavpur University professor Ambikesh Mohapatra and the controversial move last year by the Indian government to get internet service providers to remove so-called objectionable content on Facebook, Orkut and Youtube, apart from other sites. A complaint against these sites by journalist Vinay Rai followed soon after, though it strangely did not invoke provisions of the IT Act, preferring to cite alleged violations under the Indian Penal Code.

Trivedi did not even know that his site was blocked till some friends called him to tell him that they could not access his site. After an exchange of emails with his webhost, the portal “Big Rock”, he was informed that the site was suspended because it contained cartoons that showed disrespect to national emblems. A complaint had been received by Mumbai’s cybercrime cell by a Mumbai-based advocate, R P Pandey. The Kanpur resident also learnt later from newspaper reports that another case, this time under charges of sedition, were lodged against him in Beed district of Maharashtra.

While this method of embroiling someone in cases in far-flung geographical areas is not new (the complaint by the Indian Institute of Planning and Management against New Delhi-based Caravan magazine in Silchar, Assam is a good case in point), Trivedi quickly moved the content on his site onto another blogging platform, also got together friends and supporters to launch “Saveyourvoice”, an online and offline campaign, with a cheeky celebration of All Fool’s Day on 1 April 2012 with a greeting to the minister Kapil Sibal “for his foolish attempts to try censoring internet” and another campaign – “Freedom in a cage” – at Jantar Mantar, Delhi, in April 2012.

Other internet freedom activists have got together to secure information on censorship. Last year, a right-to-information (RTI) application by the CIS revealed that 11 websites were blocked on orders from the department of information technology. A writ petition against the IT Act has been filed in the Kerala High Court and the Software Freedom Law Centre, which was instrumental in campaigning for the annulment motion in the Rajya Sabha, has launched an online petition against the IT Act rules that refers to government authority to censor facebook posts, monitor emails and skype conversations, access private information and mine sensitive personal data.[2]

Governments the world over are exercised about the need to impose restrictions on online freedom and a good indication is the bi-annual Google Transparency Report that monitors the number and categories of requests sent by different governments to take down content. In the last report for the period January to June 2011, the report recorded requests to remove 358 items and 68 content removal requests, 58% of which were fully or partially complied with. In addition, there were government requests to remove Youtube videos that were protests against local leaders or used offensive language against religious leaders, besides 236 communities and profiles from Orkut which were critical of a local politician.

Interestingly, while content removal requests for the Orkut profiles remained as Google maintained it did not fit its own community standards or local law, Google chose to “locally” restrict the videos that may incite enmity between communities. With minor variations, this is a stance adopted by other online companies, like Facebook and Twitter, with the latter coming out with a policy earlier this year that it would remove content that appeared to violate local laws.

In the struggle to keep the internet free and protect communication from surveillance and blocking by governments, it would be naive to expect commercially-driven internet companies to put up much of a stand. Most of these stakeholders have agreed with lawmakers that the internet does need regulation. On their part, the Indian government, which has flexed its desire to regulate the internet, has also been sensitive to criticism of its role in censoring online freedom. Other stakeholders – the vast community of users of the internet, bloggers, website hosts, creators and producers of online videos, file-sharers, software developers, etc, are only engaged in a race to protect their content and shift it to more amenable sites every time they run into trouble.

Threats to Freedom of Expression

However, it must be noted that the censorship of online media is but a reflection of the curbs on freedom of expression in general. The attacks on freedom of expression in “offline” media, the attacks on journalists and the deaths of eight journalists since 2010,[3] the alarming regularity with which we are witnessing a ban on books and cinema, art or theatre, the increasing intolerance of dissenting or differing opinions in society, the abject fear of free and independent debate and discussion and the role of the government in actively furthering this intolerance are suggestive of a dangerous trend.

Almost all these instances are marked by the clear absence of any due procedure in addressing the content that becomes objectionable to someone or some sections of society, instead arbitrarily and speedily removing this content from the public domain. Whether it is the withdrawal of Rohinton Mistry’s book Such a Long Journey, a prescribed textbook by Bombay University, midway through the academic year, or that of recent issue of the National Council of Educational Research and Training (NCERT) textbook on the Constitution of India, institutional redressal mechanisms were simply not given a chance.

The woeful absence of similar redressal mechanisms for so-called objectionable content under the rules of the amended IT Act only exacerbates this situation further.

Notes

[1].http://privacyindia.org/2011/03/10/comments-on-the-information-technology-guidelines-for-cyber-cafe-rules-2011/
[2].www.softwarefreedom.org
[3].The Free Speech Hub, which has been tracking violations of freedom of expression as part of a project from the media-watch site, The Hoot (www.thehoot.org), has this list: Hemchandra Pandey (July 2010), Bimala Prasad Talukdar (September 2010), Sushil Pathak (December 2010), Umesh Rajput (January 2011), J Dey (June 2011), Ramesh Singhla (October 2011), Chandrioka (February 2012) and Rajesh Mishra (March 2012).

For more details visit https://cis-india.org/news/poor-guarantee-of-online-freedom-in-india

Political war on the web

praskrishna — 2012-09-05T05:27:24Z

Twitter is not only the ‘people’s voice’. It is also a forum for orchestrated propaganda.Kunal Majumder tracks the BJP-Congress online duel.

Kunal Majumder's article was published in Tehelka Magazine, Vol 9, Issue 36, Dated 08 Sept 2012. Pranesh Prakash is quoted.

New battlelines Digvijaya Singh (left) and Sushma Swaraj are active tweeples
Photos: Shailendra Pandey

ON 27 August, as the Congress and the BJP battled it out in Parliament and later through news conferences, the story on Twitter was a bit different. Congress supporters, who had been at the receiving end of the ‘Coalgate’ issue so far, finally started hitting back. Adopting a strategy they had so far been accusing right-wingers of, they launched into an all-out attack on anyone who supported the BJP. Every tweet was hashtagged with #RIPBJP. At the end of the day, #RIPBJP was trending, making it the most successful Congress campaign against the BJP — a first on Twitter.

“The social media battle against the BJP has just begun,” says a Congress supporter associated with the new project. “In the days to come, you will see our volunteers in a more combative mode.” However, he says it will not “replicate the negative campaign of the right-wing”.

The Congress’ social media strategy is spearheaded by its tech-savvy General Secretary Digvijaya Singh. On Twitter for nearly nine months, Singh has been readying to take on the BJP on its own turf and influence the ‘voice of people’. Though serious doubt remains about how much of this voice is real and how much is a result of political propaganda.

The push for the Congress to take the battle online comes from the recent ‘banning’ of Twitter handles of BJP sympathiser and senior journalist Kanchan Gupta. While the government insists that the handles were blocked due to security issues, Gupta claimed political martyrdom and launched a tirade against the Congress for imposing a second Emergency. Hashtags like #Emergency2012 and #GOIBlocks started trending, with BJP supporters turning their display pictures to black. "The fact remains none of the blockings were politically motivated,” says Pranesh Prakash, programme manager with Centre for Internet and Society. Prakash instead points to the UPA’s earlier request to IT companies like Google and Facebook to pull down certain pages, which displayed morphed photos and cartoons of Congress “functionaries” as clear example of politically motivated intervention.

Though no explanation was forthcoming from the government as to why specific handles were blocked temporarily through ISPs (Twitter has still not blocked them), the PMO issued a statement saying it has requested Twitter to take “appropriate action against six persons impersonating the PMO”. Certain handles like @PM0India (with a ‘zero’) were often accused of impersonating the actual @PMOIndia. But that’s another story.

#Emergency2012 and #GOIBlocks started trending, with various BJP supporters turning their display pictures to black	The day Gupta’s handle was ‘blocked’, former bureaucrat B Raman wrote a blog that gave an interesting insight into why the government might have targeted Gupta. Raman describes a meeting that took place in Ahmedabad in 2008 — just before the 2009 General Elections — attended by senior BJP leaders and sympathisers, including Gupta. Raman says the general feeling among BJP participants was that mainstream media was not giving enough opportunities to the BJP and other right-wing activists to air their views. Therefore, “it was suggested by some participants that the BJP could get over this handicap by making good use of the online media”. Raman goes on to point that supporters of Gujarat Chief Minister Narendra Modi and other right-wingers have since then used online media superbly with help of IT-savvy Hindutva supporters.

#Emergency2012 and #GOIBlocks started trending,
with various BJP supporters turning their display pictures to black

The day Gupta’s handle was ‘blocked’, former bureaucrat B Raman wrote a blog that gave an interesting insight into why the government might have targeted Gupta. Raman describes a meeting that took place in Ahmedabad in 2008 — just before the 2009 General Elections — attended by senior BJP leaders and sympathisers, including Gupta. Raman says the general feeling among BJP participants was that mainstream media was not giving enough opportunities to the BJP and other right-wing activists to air their views. Therefore, “it was suggested by some participants that the BJP could get over this handicap by making good use of the online media”. Raman goes on to point that supporters of Gujarat Chief Minister Narendra Modi and other right-wingers have since then used online media superbly with help of IT-savvy Hindutva supporters.

What Raman wrote in his blog is confirmed by the BJP’s IT Cell Convener, Arvind Gupta. The BJP was not only the first political party in India to have a website in 1999, its social media network has been way ahead of any other political group in the country. From posting updates to engaging users, it has a well-oiled social media machinery in place. Arvind calls this the “listen, engage and inform” model. This includes Internet TV, YouTube and messenger chats. In fact, the next big thing on the party’s social media agenda is the interaction with Narendra Modi on Google+ Hangout.

Poli-Tweeting

Poli-Faking

BUT IT is not political agenda that has left Digvijaya Singh singed. Speaking to TEHELKA, Singh points to abusive — and at times, factually incorrect — tweets posted by right-wing supporters. In many cases, the mere mention of anything against Modi or Baba Ramdev would have scores of right-wing supporters bombarding Twitter timelines with counter-criticism, and often, abuses. “Anything that incites hate is a problem,” he says.

Though what can be called ‘hate’ is a very subjective matter, Arvind Gupta feels social media reflects the mood of the young population. “People call themselves Internet Hindus. We, as a party, have nothing to do with this. People are so passionate about Modi that they take up his case (against anyone who posts anti-Modi tweets),” says Gupta. He also points towards a similar trend when it comes to people tweeting against Team Anna.

Many right-wing Twitter users are accused of posting sponsored tweets against specific people who they believe are anti-BJP. This accusation has not been proven so far, though many users claim to have tracked interaction between rightwing Twitter users on coordinated attacks on users with liberal or pro-Congress ideologies. “There is a belief — and let me tell you that it is wrong — that we hire people,” says Gupta. So can the high number of right-wing users be put down to an ideological stance alone? Gupta says it’s got to do with understanding politics better. “Our volunteers are generally more educated and understand the the Congress’ wrong policies. That category also forms a major part of the ecosystem in this new media,” he says.

Within minutes of talking to this correspondent, Gupta posts a new hashtag on Twitter — #MotaMaal — taking a cue from Sushma Swaraj’s accusation of corruption against the Congress in the coal scam. The next day, Twitter became all about #MotaMaal versus #RIPBJP. Handles like @BJP0fficials and @PMAdvani have been created to counter the right wing. Clearly, Congress supporters are hitting back even at the risk of adding to the cacophony of an already-chaotic medium.

Kunal Majumder is a Principal Correspondent with Tehelka.

For more details visit https://cis-india.org/news/www-tehelka-com-kunal-majumder-tehelka-magazine-vol-9-issue-36-sep-8-2012-political-war-on-the-web

Policy Officer - Internet Governance

Admin — 2018-09-03T06:58:25Z

The Centre for Internet & Society is seeking an individual with a background and interest in issues pertaining to IG including privacy, big data, FoE, AI etc. under its Internet Governance programme.

This position will include undertaking field research, developing policy briefs, organizing conferences, and writing research reports, engaging with key stakeholders, and collaborating with project partners in areas under our research.

Note: This position is for a duration of 1 year. There is currently one vacancy for this post. Selected candidate will work from CIS office in Bangalore.

Required Skill Sets

Previous work and an interest in issues pertaining to IG including privacy, big data, FoE, and AI.
Strong writing and analytical skills.
Experience in conducting research.
Knowledge of Indian law and policy relevant to the digital sphere.
Demonstrable research skills and ability to undertake research independently.
Strong communication skills.
Ability to work independently or with minimal supervision.

Compensation: Based on experience and education.
Application requirements: two writing samples and CV
Contact: swaraj@cis-india.org

For more details visit https://cis-india.org/jobs/cis-policy-officer-internet-governance

Policy Officer - Internet Governance

Admin — 2018-09-03T07:12:15Z

The Centre for Internet and Society is seeking an individual with a background and interest in issues pertaining to internet governance including privacy, big data, freedom of expression, artificial intelligence etc. under its Internet Governance programme.

This position is for a duration of 1 year. There is currently one vacancy for this post. Selected candidate will work from CIS office in Bangalore.

Required Skill Sets

Previous work and an interest in issues pertaining to IG including privacy, big data, FoE, and AI.
Strong writing and analytical skills.
Experience in conducting research.
Knowledge of Indian law and policy relevant to the digital sphere.
Demonstrable research skills and ability to undertake research independently.
Demonstrable writing and communication skills.
Ability to work independently or with minimal supervision.

Compensation: Based on experience and education.

Application requirements: two writing samples and CV.

Contact: elonnai@cis-india.org.

For more details visit https://cis-india.org/jobs/policy-officer-ig

Policy Lab on Artificial Intelligence & Democracy

Admin — 2019-04-12T01:32:32Z

Shweta Mohandas participated in a policy lab on Artificial Intelligence & Democracy in India organised by Tandem Research, in partnership with Microsoft Research and Friedrich-Ebert-Stiftung on 2 & 3 April, 2019, in Bangalore.

For more details visit https://cis-india.org/telecom/news/policy-lab-on-artificial-intelligence-democracy

Policy Design Jam

Admin — 2019-09-25T14:30:33Z

Pallavi Bedi, Akash Sheshadri and Anubha Sinha attended the event organized by Whatsapp and ISPP on 16 September 2019 at Indian School of Public Policy campus, Qutub Institutional Area, Delhi.

Session Schedule

2 00 pm - 3 00 pm - Registration

3 05 pm - 4 00 pm - Experiential design exercises

4 00 pm - 4 15 pm - Break

4 15 pm - 5 00 pm - Design Thinking for Policy Insights from Global Design Jams

5 00 pm - 5 20 pm - Q & A

5 20 pm - 6 00 pm - High tea

2 00 pm - 3 00 pm - Registration3 05 pm - 4 00 pm - Experiential design exercises
4 00 pm - 4 15 pm - Break
4 15 pm - 5 00 pm - Design Thinking for Policy Insights from Global Design Jams
5 00 pm - 5 20 pm - Q & A
5 20 pm - 6 00 pm - High tea

For more details visit https://cis-india.org/internet-governance/news/policy-design-jam

Policy Brief: Oversight Mechanisms for Surveillance

elonnai — 2015-11-24T06:09:01Z

Download the PDF

Introduction

Across jurisdictions, the need for effective and relevant oversight mechanisms (coupled with legislative safeguards) for state surveillance has been highlighted by civil society, academia, citizens and other key stakeholders.[1] A key part of oversight of state surveillance is accountability of intelligence agencies. This has been recognized at the international level. Indeed, the Organization for Economic Co-operation and Development, The United Nations, the Organization for Security and Cooperation in Europe, the Parliamentary Assembly of the Council of Europe, and the Inter-Parliamentary Union have all recognized that intelligence agencies need to be subject to democratic accountability.[2] Since 2013, the need for oversight has received particular attention in light of the information disclosed through the 'Snowden Revelations'. [3] Some countries such as the US, Canada, and the UK have regulatory mechanisms for the oversight of state surveillance and the intelligence community, while many other countries – India included - have piecemeal oversight mechanisms in place. The existence of regulatory mechanisms for state surveillance does not necessarily equate to effective oversight – and piecemeal mechanisms – depending on how they are implemented, could be more effective than comprehensive mechanisms. This policy brief seeks to explore the purpose of oversight mechanisms for state surveillance, different forms of mechanisms, and what makes a mechanism effective and comprehensive. The brief also reviews different oversight mechanisms from the US, UK, and Canada and provides recommendations for ways in which India can strengthen its present oversight mechanisms for state surveillance and the intelligence community.

What is the purpose and what are the different components of an oversight mechanism for State Surveillance?

The International Principles on the Application of Human Rights to Communication Surveillance, developed through a global consultation with civil society groups, industry, and international experts recommends that public oversight mechanisms for state surveillance should be established to ensure transparency and accountability of Communications Surveillance. To achieve this, mechanisms should have the authority to:

Access all potentially relevant information about State actions, including, where appropriate, access to secret or classified information;
Assess whether the State is making legitimate use of its lawful capabilities;
Evaluate whether the State has been comprehensively and accurately publishing information about the use and scope of Communications Surveillance techniques and powers in accordance with its Transparency obligations publish periodic reports and other information relevant to Communications Surveillance;
Make public determinations as to the lawfulness of those actions, including the extent to which they comply with these Principles[4]

What can inform oversight mechanisms for state surveillance?

The development of effective oversight mechanisms for state surveillance can be informed by a number of factors including:

Rapidly changing technology – how can mechanisms adapt, account for, and evaluate perpetually changing intelligence capabilities?
Expanding surveillance powers – how can mechanisms evaluate and rationalize the use of expanding agency powers?
Tensions around secrecy, national interest, and individual rights – how can mechanisms respect, recognize, and uphold multiple competing interests and needs including an agency's need for secrecy, the government's need to protect national security, and the citizens need to have their constitutional and fundamental rights upheld?
The structure, purpose, and goals of specific intelligence agencies and circumstances– how can mechanisms be sensitive and attuned to the structure, purpose, and functions of differing intelligence agencies and circumstances?

These factors lead to further questions around:

The purpose of an oversight mechanism: Is an oversight mechanism meant to ensure effectiveness of an agency? Perform general reviews of agency performance? Supervise the actions of an agency? Hold an agency accountable for misconduct?
The structure of an oversight mechanism: Is it internal? External? A combination of both? How many oversight mechanisms that agencies should be held accountable to?
The functions of an oversight mechanism: Is an oversight mechanism meant to inspect? Evaluate? Investigate? Report?
The powers of an oversight mechanism: The extent of access that an oversight mechanism needs and should have to the internal workings of security agencies and law enforcement to carry out due diligence? The extent of legal backing that an oversight mechanism should have to hold agencies legally accountable.

What oversight mechanisms for State Surveillance exist in India?

In India the oversight 'ecosystem' for state surveillance is comprised of:

Review committee: Under the Indian Telegraph Act 1885 and the Rules issued thereunder (Rule 419A), a Central Review Committee that consists of the Cabinet Secretary, Secretary of Legal Affairs to the Government of India, Secretary of Department of Telecommunications to the Government of India is responsible for meeting on a bi-monthly basis and reviewing the legality of interception directions. The review committee has the power to revoke the directions and order the destruction of intercepted material.[5] This review committee is also responsible for evaluating interception, monitoring, and decryption orders issued under section 69 of the Information Technology Act 2000.[6] and orders for the monitoring and collection of traffic data under section 69B of the Information Technology Act 2000.[7]
Authorizing Authorities: The Secretary in the Ministry of Home Affairs of the Central Government is responsible for authorizing requests for the interception, monitoring, and decryption of communications issued by central agencies.[8] The Secretary in charge of the Home Department is responsible for authorizing requests for the interception, monitoring, and decryption of communications from state level agencies and law enforcement.[9] The Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology is responsible for authorizing requests for the monitoring and collection of traffic data.[10] Any officer not below the rank of Joint Secretary to the Government of India, who has been authorised by the Union Home Secretary or the State Home Secretary in this behalf, may authorize the interception of communications in case of an emergency.[11] A Commissioner of Police, District Superintendent of Police or Magistrate may issue requests for stored data to any postal or telegraph authority.[12]
Administrative authorities: India does not have an oversight mechanism for intelligence agencies, but agencies do report to different authorities. For example: The Intelligence Bureau reports to the Home Minister, the Research and Anaylsis Wing is under the Cabinet Secretariat and reports to the Prime Minister, the Joint Intelligence Committee (JIC), National Technical Research Organisation (NTRO) and Aviation Research Centre (ARC) report to the National Security Adviser; and the National Security Council Secretariat under the NSA which serves the National Security Council.[13]

It is important to note that though India has a Right to Information Act, but most of the security agencies are exempt from the purview of the Act[14] as is disclosure of any information that falls under the purview of the Official Secrets Act 1923.[15] [Note: There is no point in listing out all the exceptions given in section 8 and other sections as well. I think the point is sufficiently made when we say that security agencies are exempt from the purview of the Act.] The Official Secrets Act does not provide a definition of an 'official secret' and instead protects information: pertaining to national Security, defence of the country, affecting friendly relations with foreign states, etc.[16] Information in India is designated as classified in accordance to the Manual of Departmental Security Instruction which is circulated by the Ministry of Home Affairs. According to the Public Records Rules 1997, “classified records" means the files relating to the public records classified as top-secret, confidential and restricted in accordance with the procedure laid down in the Manual of Departmental Security Instruction circulated by the Ministry of Home affairs from time to time;”[17] Bi-annually officers evaluate and de-classify classified information and share the same with the national archives.[18] In response to questions raised in the Lok Sabha on the 5th of May 2015 regarding if the Official Secrets Act, 1923 will be reviewed, the number of classified files stored with the Government under the Act, and if the Government has any plans to declassify some of the files – the Ministry of Home Affairs clarified that a committee consisting of Secretaries of the Ministry of Home Affairs, the Department of Personnel and Training, and the Department of Legal Affairs has been established to examine the provisions of the Official Secrets Act, 1923 particularly in light of the Right to Information Act, 2005. The Ministry of Home Affairs also clarified that the classification and declassification of files is done by each Government Department as per the Manual of Departmental Security Instructions, 1994 and thus there is no 'central database of the total number of classified files'.[19]

How can India's oversight mechanism for state surveillance be clarified?

Though these mechanisms establish a basic framework for an oversight mechanism for state surveillance in India, there are aspects of this framework that could be clarified and there are ways in which the framework could be strengthened.

Aspects of the present review committee that could be clarified:

Powers of the review committee: Beyond having the authority to declare that orders for interception, monitoring, decryption, and collection of traffic data are not within the scope of the law and order for destruction of any collected information – what powers does the review committee have? Does the committee have the power to compel agencies to produce additional or supporting evidence? Does the committee have the power to compel information from the authorizing authority?
Obligations of the review committee: The review committee is required to 'record its findings' as to whether the interception orders issued are in accordance with the law. Is there a standard set of questions/information that must be addressed by the committee when reviewing an order? Does the committee only review the content of the order or do they also review the implementation of the order? Beyond recording its findings, are there any additional reporting obligations that the review committee must fulfill?
Accountability of the review committee: Does the review committee answer to a higher authority? Do they have to submit their findings to other branches of the government – such as Parliament? Is there a mechanism to ensure that the review committee does indeed meet every two months and review all orders issued under the relevant sections of the Indian Telegraph Act 1885 and the Information Technology Act 2008?

Proposed oversight mechanisms in India

Oversight mechanisms can help with avoiding breaches of national security by ensuring efficiency and effectiveness in the functioning of security agencies. The need for the oversight of state surveillance is not new in India. In 1999 the Union Government constituted a Committee with the mandate of reviewing the events leading up to Pakistani aggression in Kargil and to recommend measures towards ensuring national security. Though the Kargil Committee was addressing surveillance from the perspective of gathering information on external forces, there are parellels in the lessons learned for state surveillance. Among other findings, in their Report the Committee found a number of limitations in the system for collection, reporting, collation, and assessment of intelligence. The Committee also found that there was a lack of oversight for the intelligence community in India – resulting in no mechanisms for tasking the agencies, monitoring their performance and overall functioning, and evaluating the quality of the work.

The Committee also noted that such a mechanism is a standard feature in jurisdictions across the world. The Committee emphasized this need from an economic perspective – that without oversight – the Government and the nation has no way of evaluating whether or not they are receiving value for their money. The Committee recommended a review of the intelligence system with the objective of solving such deficiencies.[20]

In 2000 a Group of Ministers was established to review the security and intelligence apparatus of the country. In their report issued to the Prime Minister, the Group of Ministers recommended the establishment of an Intelligence Coordination Group for the purpose of providing oversight of intelligence agencies at the Central level. Specifically the Intelligence Coordination Group would be responsible for:

Allocation of resources to the intelligence agencies
Consideration of annual reviews on the quality of inputs
Approve the annual tasking for intelligence collection
Oversee the functions of intelligence agencies
Examine national estimates and forecasts[21]

Past critiques of the Indian surveillance regime have included the fact that intelligence agencies do not come under the purview of any overseeing mechanism including Parliament, the Right to Information Act 2005, or the General Comptroller of India.

In 2011, Manish Tewari, who at the time was a Member of Parliament from Ludhiana, introduced the Private Member's Bill - “The Intelligence Services (Powers and Regulation) Bill” proposed stand alone statutory regulation of intelligence agencies. In doing so it sought to establish an oversight mechanism for intelligence agencies within and outside of India. The Bill was never introduced into Parliament.[22] Broadly, the Bill sought to establish: a National Intelligence and Security Oversight Committee which would oversee the functionings of intelligence agencies and would submit an annual report to the Prime Minister, a National Intelligence Tribunal for the purpose of investigating complaints against intelligence agencies, an Intelligence Ombudsman for overseeing and ensuring the efficient functioning of agencies, and a legislative framework regulating intelligence agencies.[23]

Proposed policy in India has also explored the possibility of coupling surveillance regulation and oversight with private regulation and oversight. In 2011 the Right to Privacy Bill was drafted by the Department of Personnel and Training. The Bill proposed to establish a “Central Communication Interception Review Committee” for the purposes of reviewing orders for interception issued under the Telegraph Act. The Bill also sought to establish an authorization process for surveillance undertaken by following a person, through CCTV's, or other electronic means.[24] In contrast, the 2012 Report of the Group of Experts on Privacy, which provided recommendations for a privacy framework for India, recommended that the Privacy Commissioner should exercise broad oversight functions with respect to interception/access, audio & video recordings, the use of personal identifiers, and the use of bodily or genetic material.[25]

A 2012 report by the Institute for Defence Studies and Analyses titled “A Case for Intelligence Reforms in India” highlights at least four 'gaps' in intelligence that have resulted in breaches of national security including: zero intelligence, inadequate intelligence, inaccurate intelligence, and excessive intelligence – particularly in light of additional technical inputs and open source inputs.[26] In some cases, an oversight mechanism could help in remediating some of these gaps. Returning to the 2012 IDSA Report, the Report recommends the following steps towards an oversight mechanism for Indian intelligence:

Establishing an Intelligence Coordination Group (ICG) that will exercise oversight functions for the intelligence community at the Central level. This could include overseeing functions of the agencies, quality of work, and finances.
Enacting legislation defining the mandates, functions, and duties of intelligence agencies.
Holding intelligence agencies accountable to the Comptroller & Auditor General to ensure financial accountability.
Establishing a Minister for National Security & Intelligence for exercising administrative authority over intelligence agencies.
Establishing a Parliamentary Accountability Committee for oversight of intelligence agencies through parliament.
Defining the extent to which intelligence agencies can be held accountable to reply to requests pertaining to violations of privacy and other human rights issued under the Right to Information Act.

Highlighting the importance of accountable surveillance frameworks, in 2015 the external affairs ministry director general of India Santosh Jha stated at the UN General Assembly that the global community needs to "to create frameworks so that Internet surveillance practices motivated by security concerns are conducted within a truly transparent and accountable framework.”[27]

In what ways can India's mechanisms for state surveillance be strengthened?

Building upon the recommendations from the Kargil Committee, the Report from the Group of Ministers, the Report of the Group of Experts on Privacy, the Draft Privacy Bill 2011, and the IDSA report, ways in which the framework for oversight of state surveillance in India could be strengthened include:

Oversight to enhance public understanding, debate, accountability, and democratic governance: State surveillance is unique in that it is enabled with the objective of protecting a nations security. Yet, to do so it requires citizens of a nation to trust the actions taken by intelligence agencies and to allow for possible access into their personal lives and possible activities that might infringe on their constitutional rights (such as freedom of expression) for a larger outcome of security. Because of this, oversight mechanisms for state surveillance must balance securing national security while submitting itself to some form of accountability to the public.
Independence of oversight mechanisms: Given the Indian context, it is particularly important that an oversight mechanism for surveillance powers and the intelligence community is capable of addressing and being independent from political interference. Indeed, the majority of cases regarding illegal interceptions that have reached the public sphere pertain to the surveillance of political figures and political turf wars.[28] Furthermore, though the current Review Committee established in the Indian Telegraph Act does not have a member from the Ministry of Home Affairs (the Ministry responsible for authorizing interception requests), it is unclear how independent this committee is from the authorizing Ministry. To ensure non-biased oversight, it is important that oversight mechanisms are independent.
Legislative regulation of intelligence agencies: Currently, intelligence agencies are provided surveillance powers through the Information Technology Act and the Telegraph Act, but beyond the National Intelligence Agency Act which establishes the National Intelligence Agency, there is no legal mechanism creating, regulating and overseeing intelligence agencies using these powers. In the 'surveillance ecosystem' this creates a policy vacuum, where an agency is enabled through law with a surveillance power and provided a procedure to follow, but is not held legally accountable for the effective, ethical, and legal use of the power. To ensure legal accountability of the use of surveillance techniques, it is important that intelligence are created through legislation that includes oversight provisions.
Comprehensive oversight of all intrusive measures: Currently the Review Committee established under the Telegraph Act is responsible for the evaluation of orders for the interception, monitoring, decryption, and collection of traffic data. The Review Committee is not responsible for reviewing the implementation or effectiveness of such orders and is not responsible for reviewing orders for access to stored information or other forms of electronic surveillance. This situation is a result of 1. Present oversight mechanisms not having comprehensive mandates 2. Different laws in India enabling different levels of access and not providing a harmonized oversight mechanism and 3.Indian law not formally addressing and regulating emerging surveillance technologies and techniques. To ensure effectiveness, it is important for oversight mechanisms to be comprehensive in mandate and scope.
Establishment of a tribunal or redress mechanism: India currently does not have a specified means for individuals to seek redress for unlawful surveillance or surveillance that they feel has violated their rights. Thus, individuals must take any complaint to the courts. The downsides of such a system include the fact that the judiciary might not be able to make determinations regarding the violation, the court system in India is overwhelmed and thus due process is slow, and given the sensitive nature of the topic – courts might not have the ability to immediately access relevant documentation. To ensure redress, it is important that a tribunal or a redress mechanism with appropriate powers is established to address complaints or violations pertaining to surveillance.
Annual reporting by security agencies, law enforcement, and service providers: Information regarding orders for surveillance and the implementation of the same is not disclosed by the government or by service providers in India.[29] Indeed, service providers by law are required to maintain the confidentiality of orders for the interception, monitoring, or decryption of communications and monitoring or collection of traffic data. At the minimum, an oversight mechanism should receive annual reports from security agencies, law enforcement, and service providers with respect to the surveillance undertaken. Edited versions of these Reports could be shared with Parliament and the public.
Consistent and mandatory reviews of relevant legislation: Though committees have been established to review various legislation and policy pertaining to state surveillance, the time frame for these reviews is not clearly defined by law. These reviews should take place on a consistent and publicly stated time frame. Furthermore, legislation enabling surveillance in India do not require review and assessment for relevance, adequacy, necessity, and proportionality after a certain period of time. Mandating that legislation regulating surveillance is subject to review on a consistent is important in ensuring that the provisions are relevant, proportionate, adequate, and necessary.
Transparency of classification and declassification process and centralization of de-classified records: Currently, the Ministry of Home Affairs establishes the process that government departments must follow for classifying and de-classifying information. This process is not publicly available and de-classified information is stored only with the respective department. For transparency purposes, it is important that the process for classification of records be made public and the practice of classification of information take place in exceptional cases. Furthermore, de-classified records should be stored centrally and made easily accessible to the public.
Executive and administrative orders regarding establishing of agencies and surveillance projects should be in the public domain: Intelligence agencies and surveillance projects in India are typically enabled through executive orders. For example, NATGRID was established via an executive order, but this order is not publicly available. As a form of transparency and accountability to the public, it is important that if executive orders establish an agency or a surveillance project, these are made available to the public to the extent possible.
Oversight of surveillance should incorporate privacy and cyber/national security: Increasingly issues of surveillance, privacy, and cyber security are interlinked. Any move to establish an oversight mechanism for surveillance and the intelligence committee must incorporate and take into consideration privacy and cyber security. This could mean that an oversight mechanism for surveillance in India works closely with CERT-IN and a potential privacy commissioner or that the oversight mechanism contains internal expertise in these areas to ensure that they are adequately considered.
Oversight by design: Just like the concept of privacy by design promotes the ideal that principles of privacy are built into devices, processes, services, organizations, and regulation from the outset – oversight mechanisms for state surveillance should also be built in from the outset of surveillance projects and enabling legislation. In the past, this has not been the practice in India– the National Intelligence Grid was an intelligence system that sought to link twenty one databases together – making such information easily and readily accessible to security agencies – but the oversight of such a system was never defined.[30] Similarly, the Centralized Monitoring System was conceptualized to automate and internalize the process of intercepting communications by allowing security agencies to intercept communications directly and bypass the service provider.[31] Despite amending the Telecom Licenses to provide for the technical components of this project, oversight of the project or of security agencies directly accessing information has yet to be defined.[32]

Examples of oversight mechanisms for State Surveillance: US, UK, Canada and United States

United States

In the United States the oversight 'ecosystem' for state surveillance is made up of:

The Foreign Intelligence Surveillance Court

The U.S Foreign Intelligence Surveillance Court (FISA) is the predominant oversight mechanism for state surveillance and oversees and authorizes the actions of the Federal Bureau of Investigation and the National Security Agency.[33] The court was established by the enactment of the Foreign Intelligence Surveillance Act 1978 and is governed by Rules of Procedure, the current Rules being formulated in 2010.[34] The Court is empowered to ensure compliance with the orders that it issues and the government is obligated to inform the Court if orders are breached.[35] FISA allows for individuals who receive an order from the Court to challenge the same,[36] and public filings are available on the Court's website.[37] Additionally, organizations, including the American Civil Liberties Union[38] and the Electronic Frontier Foundation, have filed motions with the Court for release of records. [39] Similarly, Google has approached the Court for the ability to publish aggregate information regarding FISA orders that the company recieves.[40]

Government Accountability Office

The U.S Government Accountability Office (GAO) is an independent office that works for Congress and conducts audits, investigates, provides recommendations, and issues legal decisions and opinions with regard to federal government spending of taxpayer's money by the government and associated agencies including the Defence Department, the FBI, and Homeland Security.[41] The head of the GAO is the Comptroller General of the United States and is appointed by the President. The GAO will initiate an investigation if requested by congressional committees or subcommittees or if required under public law or committee reports. The GOA has reviewed topics relating to Homeland Security, Information Security, Justice and Law Enforcement, National Defense, and Telecommunications.[42] For example, in June 2015 the GOA completed an investigation and report on 'Foreign Terrorist Organization Process and U.S Agency Enforcement Actions” [43] and an investigation on “Cyber Security: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies”.[44]

Senate Select Committee on Intelligence and the House Permanent Select Committee on Intelligence

The U.S. Senate Select Committee on Intelligence is a standing committee of the U.S Senate with the mandate to review intelligence activities and programs and ensure that these are inline with the Constitution and other relevant laws. The Committee is also responsible for submitting to Senate appropriate proposals for legislation, and for reporting to Senate on intelligence activities and programs.[45] The House Permanent Select Committee holds similar jurisdiction. The House Permanent Select Committee is committed to secrecy and cannot disclose classified information excepted authorized to do so. Such an obligation does not exist for the Senate Select Committee on Intelligence and the committee can disclose classified information publicly on its own.[46]

Privacy and Civil Liberties Oversight Board (PCLOB)

The Privacy and Civil Liberties Oversight Board was established by the Implementing Recommendations of the 9/11 Commission Act of 2007 and is located within the executive branch.[47] The objective of the PCLOB is to ensure that the Federal Government's actions to combat terrorism are balanced against privacy and civil liberties. Towards this, the Board has the mandate to review and analyse ant-terrorism measures the executive takes and ensure that such actions are balanced with privacy and civil liberties, and to ensure that privacy and civil liberties are liberties are adequately considered in the development and implementation of anti-terrorism laws, regulations and policies.[48] The Board is responsible for developing principles to guide why, whether, when, and how the United States conducts surveillance for authorized purposes. Additionally, officers of eight federal agencies must submit reports to the PCLOB regarding the reviews that they have undertaken, the number and content of the complaints, and a summary of how each complaint was handled. In order to fulfill its mandate, the Board is authorized to access all relevant records, reports, audits, reviews, documents, papers, recommendations, and classified information. The Board may also interview and take statements from necessary personnel. The Board may request the Attorney General to subpoena on the Board's behalf individuals outside of the executive branch.[49]

To the extent possible, the Reports of the Board are made public. Examples of recommendations that the Board has made in the 2015 Report include: End the NSA”s bulk telephone records program, add additional privacy safeguards to the bulk telephone records program, enable the FISC to hear independent views on novel and significant matters, expand opportunities for appellate review of FISC decisions, take advantage of existing opportunities for outside legal and technical input in FISC matters, publicly release new and past FISC and DISCR decisions that involve novel legal, technical, or compliance questions, publicly report on the operation of the FISC Special Advocate Program, Permit Companies to Disclose Information about their receipt of FISA production orders and disclose more detailed statistics on surveillance, inform the PCLOB of FISA activities and provide relevant congressional reports and FISC decisions, begin to develop principles for transparency, disclose the scope of surveillance authorities affecting US Citizens.[50]

The Wiretap Report

The Wiretap Report is an annual compilation of information provided by federal and state officials regarding applications for interception orders of wire, oral, or electronic communications, data address offenses under investigation, types and locations of interception devices, and costs and duration of authorized intercepts.[51] When submitting information for the report a judge will include the name and jurisdiction of the prosecuting official who applied for the order, the criminal offense under investigation, the type of intercept device used, the physical location of the device, and the duration of the intercept. Prosecutors provide information related to the cost of the intercept, the number of days the intercept device was in operation, the number of persons whose communications were intercepted, the number of intercepts, and the number of incriminating intercepts recorded. Results of the interception orders such as arrest, trials, convictions, and the number of motions to suppress evidence are also noted in the prosecutor reports. The Report is submitted to Congress and is legally required under Title III of the Omnibus Crime Control and Safe Streets Act of 1968. The report is issued by the Administrative Office of the United States Courts.[52]

United Kingdom

The Intelligence and Security Committee (ISC) of Parliament

The Intelligence Security Committee was established by the Intelligence Services Act 1994. Members are appointed by the Prime Minster and the Committee reports directly to the same. Additionally, the Committee submits annual reports to Parliament. Towards this, the Committee can take evidence from cabinet ministers, senior officials, and from the public.[53] The most recent report of the Committee is the 2015 “Report on Privacy and Security”.[54] Members of the Committee are subject to the Official Secrets Act 1989 and have access to classified material when carrying out investigations.[55]

Joint Intelligence Committee (JIC)

This Joint Intelligence Committee is located in the Cabinet office and is broadly responsible for overseeing national intelligence organizations and providing advice to the Cabinet on issues related to security, defense, and foreign affairs. The JIC is overseen by the Intelligence and Security Committee.[56]

The Interception of Communications Commissioner

The Interception of Communications Commissioner is appointed by the Prime Minster under the Regulation of Investigatory Powers Act 2000 for the purpose of reviewing surveillance conducted by intelligence agencies, police forces, and other public authorities. Specifically, the Commissioner inspects the interception of communications, the acquisition and disclosure of communications data, the interception of communications in prisons, and the unintentional electronic interception.[57] The Commissioner submits an annual report to the Prime Minister. The Reports of the Commissioner are publicly available.[58]

The Intelligence Services Commissioner

The Intelligence Services Commissioner is an independent body appointed by the Prime Minister that is legally empowered through the Regulation of Investigatory Powers Act (RIPA) 2000. The Commissioner provides independent oversight on the use of surveillance by UK intelligence services.[59] Specifically, the Commissioner is responsible for reviewing authorized interception orders and the actions and performance of the intelligence services.[60] The Commissioner is also responsible for providing assistance to the Investigatory Powers Tribunal, submitting annual reports to the Prime Minister on the discharge of its functions, and advising the Home Office on the need of extending the Terrorism Prevention and Investigation Measures regime.[61] Towards these the Commissioner conducts in-depth audits on the orders for interception to ensure that the surveillance is within the scope of the law, that the surveillance was necessary for a legally established reason, that the surveillance was proportionate, that the information accessed was justified by the privacy invaded, and that the surveillance authorized by the appropriate official. The Commissioner also conducts 'site visits' to ensure that orders are being implemented as per the law.[62] As a note, the Intelligence Services Commissioner does not undertake any subject that is related to the Interception of Communications Commissioner. The Commissioner has access to any information that he feels is necessary to carry out his investigations. The Reports of the Intelligence Service Commissioner are publicly available.[63]

Investigatory Powers Tribunal

The Investigatory Powers Tribunal is a court which investigates complaints of unlawful surveillance by public authorities or intelligence/law enforcement agencies.[64] The Tribunal was established under the Regulation of Investigatory Powers Act 2000 and has a range of oversight functions to ensure that public authorities act and agencies are in compliance with the Human Rights Act 1998.[65] The Tribunal specifically is an avenue of redress for anyone who believes that they have been a victim of unlawful surveillance under RIPA or wider human rights infringements under the Human Rights Act 1998. The Tribunal can provide seven possible outcomes for any application including 'found in favor of complainant, no determination in favour of complainant, frivolous or vexatious, out of time, out of jurisdiction, withdrawn, or no valid complaint.[66] The Tribunal has the authority to receive and consider evidence in any form, even if inadmissible in an ordinary court.[67] Where possible, cases are available on the Tribunal's website. Decisions by the Tribunal cannot be appealed, but can be challenged in the European Court of Human Rights.[68]

Canada

In Canada the oversight 'ecosystem' for state surveillance includes:

Security Intelligence Review Committee

The Security Intelligence Review Committee is an independent body that is accountable to the Parliament of Canada and reports on the Canadian Security Intelligence Service.[69] Members of the Security Intelligence Review Committee are appointed by the Prime Minister of Canada. The committee conducts reviews on a pro-active basis and investigates complaints. Committee members have access to classified information to conduct reviews. The Committee submits an annual report to Parliament and an edited version is publicly available. The 2014 Report was titled “Lifting the Shroud of Secrecy”[70] and includes reviews of the CSIS's activities, reports on complaints and subsequent investigations, and provides recommendations.

Office of the Communications Security Establishment Commissioner

The Communications Security Commissioner conducts independent reviews of Communications Security Establishment (CSE) activities to evaluate if they are within the scope of Canadian law.[71] The Commissioner submits a report to Parliament on an annual basis and has a number of powers including the power to subpoena documents and personnel.[72] If the Commissioner believes that the CSE has not complied with the law – it must report this to the Attorney General of Canada and to the Minister of National Defence. The Commissioner may also receive information from persons bound to secrecy if they deem it to be in the public interest to disclose such information.[73] The Commissioner is also responsible for verifying that the CSE does not surveil Canadians and for promoting measures to protect the privacy of Canadians.[74] When conducting a review, the Commissioner has the ability to examine records, receive briefings, interview relevant personnel, assess the veracity of information, listen to intercepted voice recordings, observe CSE operators and analysts to verify their work, examine CSI electronic tools, systems and databases to ensure compliance with the law.[75]

Office of the Privacy Commissioner

The Office of the Privacy Commissioner of Canada (OPC) oversees the implementation of and compliance with the Privacy Act and the Personal information and Electronic Documents Act.[76]

The OPC is an independent body that has the authority to investigate complaints regarding the handling of personal information by government and private companies, but can only comment on the activities of security and intelligence agencies. For example, in 2014 the OPC issued the report “Checks and Controls: Reinforcing Privacy Protection and Oversight for the Canadian Intelligence Community in an Era of Cyber Surveillance”[77] The OPC can also provide testimony to Parliament and other government bodies.[78] For example, the OPC has made appearances before the Senate Standing Committee of National Security and Defense on Bill C-51.[79] The OPC cannot conduct joint audits or investigations with other bodies.[80]

Annual Interception Reports

Under the Criminal Code of Canada, regional governments must issue annual interception reports. The reports must include number of individuals affected by interceptions, average duration of the interception, type of crimes investigated, numbers of cases brought to court, and number of individuals notified that interception had taken place.[81]

Conclusion

The presence of multiple and robust oversight mechanisms for state surveillance does not necessarily correlate to effective oversight. The oversight mechanisms in the UK, Canada, and the U.S have been criticised. For example, Canada . For example, the Canadian regime has been characterized as becoming weaker it has removed one of its key over sight mechanisms – the Inspector General of the Canadian Security Intelligence Service which was responsible for certifying that the Service was in compliance with law.[82]

Other weaknesses in the Canadian regime that have been highlighted include the fact that different oversight bodies do not have the authority to share information with each other, and transparency reports do not include many new forms of surveillance.[83] Oversight mechanisms in the U.S on the other hand have been criticized as being opaque[84] or as lacking the needed political support to be effective.[85] The UK oversight mechanism has been criticized for not having judicial authorization of surveillance requests, have opaque laws, and for not having a strong right of redress for affected individuals.[86] These critiques demonstrate that there are a number of factors that must come together for an oversight mechanism to be effective. Public transparency and accountability to decision making bodies such as Parliament or Congress can ensure effectiveness of oversight mechanisms, and are steps towards providing the public with means to debate in an informed manner issues related to state surveillance and allows different bodies within the government the ability to hold the state accountable for its actions.

.[1]. For example, “Public Oversight” is one of the thirteen Necessary and Proportionate principles on state communications surveillance developed by civil society and academia globally, that should be incorporated by states into communication surveillance regimes. The principles can be accessed here: https://en.necessaryandproportionate.org/

[2]. Hans Born and Ian Leigh, “Making Intelligence Accountable. Legal Standards and Best Practice for Oversight of Intelligence Agencies.” Pg. 13. 2005. Available at: http://www.prsindia.org/theprsblog/wp-content/uploads/2010/07/making-intelligence.pdf. Last accessed: August 6, 2015.

[3]. For example, this point was made in the context of the UK. For more information see: Nick Clegg, 'Edward Snowden's revelations made it clear: security oversight must be fit for the internet age,”. The Guardian. March 3rd 2014. Available at: http://www.theguardian.com/commentisfree/2014/mar/03/nick-clegg-snowden-security-oversight-internet-age. Accessed: July 27, 2015.

[4]. International Principles on the Application of Human Rights to Communications Surveillance. Available at: https://en.necessaryandproportionate.org/

[5]. Sub Rules (16) and (17) of Rule 419A, Indian Telegraph Rules, 1951. Available at:http://www.dot.gov.in/sites/default/files/march2007.pdf Note: This review committee is responsible for overseeing interception orders issued under the Indian Telegraph Act and the Information Technology Act.

[6]. Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules 2009. Definition q. Available at: http://dispur.nic.in/itact/it-procedure-interception-monitoring-decryption-rules-2009.pdf

[7]. Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules, 2009). Definition (n). Available at: http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

[8]. This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act. Section 2, Indian Telegraph Act 1885 and Section 4, Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009

[9]. This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act. Section 2, Indian Telegraph Act 1885 and Section 4, Information Technology Procedure and Safeguards for Interception, Monitoring, and Decryption of Information) Rules, 2009

[10]. Definition (d) and section 3 of the Information Technology (Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules, 2009). Available at: http://cis-india.org/internet-governance/resources/it-procedure-and-safeguard-for-monitoring-and-collecting-traffic-data-or-information-rules-2009

[11]. Rule 1, of the 419A Rules, Indian Telegraph Act 1885. Available at:http://www.dot.gov.in/sites/default/files/march2007.pdf This authority is responsible for authorizing interception requests issued under the Indian Telegraph Act and the Information Technology Act.

[12]. Section 92, CrPc. Available at: http://www.icf.indianrailways.gov.in/uploads/files/CrPC.pdf

[13]. Press Information Bureau GOI. Reconstitution of Cabinet Committees. June 19th 2014. Available at: http://pib.nic.in/newsite/PrintRelease.aspx?relid=105747. Accessed August 6, 2015.

[14]. Press Information Bureau, Government of India. Home minister proposes radical restructuring of security architecture. Available at: http://www.pib.nic.in/newsite/erelease.aspx?relid=56395. Accessed August 6, 2015.

[15]. Section 24 read with Schedule II of the Right to Information Act 2005. Available at: http://rti.gov.in/rti-act.pdf

[16]. Section 8 of the Right to Information Act 2005. Available at: http://rti.gov.in/rti-act.pdf

[17]. Abhimanyu Ghosh. “Open Government and the Right to Information”. Legal Services India. Available at: http://www.legalservicesindia.com/articles/og.htm. Accessed: August 8, 2015

[18]. Public Record Rules 1997. Section 2. Definition c. Available at: http://nationalarchives.nic.in/writereaddata/html_en_files/html/public_records97.html. Accessed: August 8, 2015

[19]. Times of India. Classified information is reviewed after 25-30 years. April 13th 2015. Available at: http://timesofindia.indiatimes.com/india/Classified-information-is-reviewed-after-25-30-years/articleshow/46901878.cms. Accessed: August 8, 2015.

[20]. Government of India. Ministry of Home Affairs. Lok Sabha Starred Question No 557. Available at: http://mha1.nic.in/par2013/par2015-pdfs/ls-050515/557.pdf.

[21]. The Kargil Committee report Executive Summanry. Available at: http://fas.org/news/india/2000/25indi1.htm. Accessed: August 6, 2015.

[22]. PIB Releases. Group of Ministers Report on Reforming the National Security System”. Available at: http://pib.nic.in/archieve/lreleng/lyr2001/rmay2001/23052001/r2305200110.html. Last accessed: August 6, 2015

[23]. The Observer Research Foundation. “Manish Tewari introduces Bill on Intelligence Agencies Reform. August 5th 2011. Available at: http://www.observerindia.com/cms/sites/orfonline/modules/report/ReportDetail.html?cmaid=25156&mmacmaid=20327. Last accessed: August 6, 2015.

[24]. The Intelligence Services (Powers and Regulation) Bill, 2011. Available at: http://www.observerindia.com/cms/export/orfonline/documents/Int_Bill.pdf. Accessed: August 6, 2015.

[25]. The Privacy Bill 2011. Available at: https://bourgeoisinspirations.files.wordpress.com/2010/03/draft_right-to-privacy.pdf

[26]. The Report of Group of Experts on Privacy. Available at: http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf

[27]. Institute for Defence Studies and Analyses. “A Case for Intelligence Reforms in India”. Available at: http://www.idsa.in/book/AcaseforIntelligenceReformsinIndia.html. Accessed: August 6, 2015.

[28]. India Calls for Transparency in internet Surveillance. NDTV. July 3rd 2015. Available at: http://gadgets.ndtv.com/internet/news/india-calls-for-transparency-in-internet-surveillance-710945. Accessed: July 6, 2015.

[29]. Lovisha Aggarwal. “Analysis of News Items and Cases on Surveillance and Digital Evidence in India”. Available at: http://cis-india.org/internet-governance/blog/analysis-of-news-items-and-cases-on-surveillance-and-digital-evidence-in-india.pdf

[30]. Rule 25 (4) of the Information Technology (Procedures and Safeguards for the Interception, Monitoring, and Decryption of Information Rules) 2011. Available at: http://dispur.nic.in/itact/it-procedure-interception-monitoring-decryption-rules-2009.pdf

[31]. Ministry of Home Affairs, GOI. National Intelligence Grid. Available at: http://www.davp.nic.in/WriteReadData/ADS/eng_19138_1_1314b.pdf. Last accessed: August 6, 2015

[32]. Press Information Bureau, Government of India. Centralised System to Monitor Communications Rajya Sabha. Available at: http://pib.nic.in/newsite/erelease.aspx?relid=54679. Last accessed: August 6, 2015.

[33]. Department of Telecommunications. Amendemnt to the UAS License agreement regarding Central Monitoring System. June 2013. Available at: http://cis-india.org/internet-governance/blog/uas-license-agreement-amendment

[34]. United States Foreign Intelligence Surveillance Court. July 29th 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf. Last accessed: August 8, 2015

[35]. United States Foreign Intelligence Surveillance Court. Rules of Procedure 2010. Available at: http://www.fisc.uscourts.gov/sites/default/files/FISC%20Rules%20of%20Procedure.pdf

[36]. United States Foreign Intelligence Court. Honorable Patrick J. Leahy. 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf

[37]. United States Foreign Intelligence Surveillance Court. July 29th 2013. Available at: http://www.fisc.uscourts.gov/sites/default/files/Leahy.pdf. Last accessed: August 8, 2015

[38]. Public Filings – U.S Foreign Intelligence Surveillance Court. Available at: http://www.fisc.uscourts.gov/public-filings

[39]. ACLU. FISC Public Access Motion – ACLU Motion for Release of Court Records Interpreting Section 215 of the Patriot Act. Available at: https://www.aclu.org/legal-document/fisc-public-access-motion-aclu-motion-release-court-records-interpreting-section-215

[40]. United States Foreign Intelligence Surveillance Court Washington DC. In Re motion for consent to disclosure of court records or, in the alternative a determination of the effect of the Court's rules on statutory access rights. Available at: https://www.eff.org/files/filenode/misc-13-01-opinion-order.pdf

[41]. Google Official Blog. Shedding some light on Foreign Intelligence Surveillance Act (FISA) requests. February 3rd 2014. Available at: http://googleblog.blogspot.in/2014/02/shedding-some-light-on-foreign.html

[42]. U.S Government Accountability Office. Available at: http://www.gao.gov/key_issues/overview#t=1. Last accessed: August 8, 2015.

[43]. Report to Congressional Requesters. Combating Terrorism: Foreign Terrorist Organization Designation Proces and U.S Agency Enforcement Actions. Available at: http://www.gao.gov/assets/680/671028.pdf. Accessed: August 8, 2015

[44]. United States Government Accountability Office. Cybersecurity: Recent Data Breaches Illustrate Need for Strong Controls across Federal Agencies. Available: http://www.gao.gov/assets/680/670935.pdf. Last accessed: August 6, 2015.

[45]. Committee Legislation. Available at: http://ballotpedia.org/United_States_Senate_Committee_on_Intelligence_(Select)#Committee_legislation

[46]. Congressional Research Service. Congressional Oversight of Intelligence: Current Structure and Alternatives. May 14th 2012. Available at: https://fas.org/sgp/crs/intel/RL32525.pdf. Last Accessed: August 8, 2015

[47]. The Privacy and Civil Liberties Oversight Board: About the Board. Available at: https://www.pclob.gov/aboutus.html

[48]. The Privacy and Civil Liberties Oversight Board: About the Board. Available at: https://www.pclob.gov/aboutus.html

[49]. Congressional Research Service. Congressional Oversight of Intelligence: Current Structure and Alternatives. May 14th 2012. Available at: https://fas.org/sgp/crs/intel/RL32525.pdf. Last Accessed: August 8th 2015

[50]. United States Courts. Wiretap Reports. Available at: http://www.uscourts.gov/statistics-reports/analysisreports/wiretap-reports

[51]. United States Courts. Wiretap Reports. Available at: http://www.uscourts.gov/statisticsreports/
analysis-reports/wiretap-reports/faqs-wiretap-reports#faq-What-information-does-the-AO-receive-from-prosecutors?. Last Accessed: August 8th 2015

[52]. Intelligence and Security Committee of Parliament. Transcripts and Public Evidence. Available at: http://isc.independent.gov.uk/public-evidence. Last accessed: August 8th 2015.

[53]. Intelligence and Security Committee of Parliament. Special Reports. Available at http://isc.independent.gov.uk/committee-reports/special-reports. Last accessed: August 8th 2015.

[54]. Hugh Segal. The U.K. has legislative oversight of surveillance. Why not Canada. The Globe and Mail. June 12th 2013. Available at: http://www.theglobeandmail.com/globe-debate/uk-haslegislative-oversight-of-surveillance-why-not-canada/article12489071/. Last accessed: August 8th 2015

[55]. The Joint Intelligence Committee home page. For more information see: https://www.gov.uk/government/organisations/national-security/groups/joint-intelligence-committee

[56]. Interception of Communications Commissioner's Office. RIPA. Available at: http://www.iocco-uk.info/sections.asp?sectionID=2&type=top. Last accessed: August 8th 2015

[57]. Interception of Communications Commissioner's Office. Reports. Available at: http://www.iocco-uk.info/sections.asp?sectionID=1&type=top. Last accessed: August 8th 2015

[58]. The Intelligence Services Commissioner's Office Homepage. For more information see: http://intelligencecommissioner.com/

[59]. The Intelligence Services Commissioner's Office – The Commissioner's Statutory Functions. Available at: http://intelligencecommissioner.com/content.asp?id=4

[60]. The Intelligence Services Commissioner's Office – The Commissioner's Statutory Functions. Available at: http://intelligencecommissioner.com/content.asp?id=4

[61]. The Intelligence Services Commissioner's Office. What we do. Available at: http://intelligencecommissioner.com/content.asp?id=5. Last Accessed: August 8th 2015.

[62]. The Intelligence Services Commissioner's Office. Intelligence Services Commissioner's Annual Reports. Available at: http://intelligencecommissioner.com/content.asp?id=19. Last
accessed: August 8th 2015

[63]. The Investigatory Powers Tribunal Homepage. Available at: http://www.ipt-uk.com/

[64]. The Investigatory Powers Tribunal – Functions – Key role. Available at: http://www.ipt-uk.com/section.aspx?pageid=1

[65]. Investigatory Powers Tribunal. Functions – Decisions available to the Tribunal. Available at: http://www.ipt-uk.com/section.aspx?pageid=4. Last accessed: August 8th 2015

[66]. Investigator Powers Tribunal. Operation - Available at: http://www.ipt-uk.com/section.aspx?pageid=7

[67]. Investigatory Powers Tribunal. Operation- Differences to the ordinary court system. Available at: http://www.ipt-uk.com/section.aspx?pageid=7. Last accessed: August 8th 2015

[68]. Security Intelligence Review Committee – Homepage. Available at: http://www.sirc-csars.gc.ca/index-eng.html

[69]. SIRC Annual Report 2013-2014: Lifting the Shroud of Secrecy. Available at: http://www.sirccsars. gc.ca/anrran/2013-2014/index-eng.html. Last accessed: August 6th 2015.

[70]. The Office of the Communications Security Establishment – Homepage. Available at: http://www.ocsecbccst.gc.ca/index_e.php

[71]. The Office of the Communications Security Establishment – Homepage. Available at: http://www.ocsecbccst.gc.ca/index_e.php

[72]. The Office of the Communications Security Establishment – Mandate. Available at: http://www.ocsecbccst.gc.ca/mandate/index_e.php

[73]. The Office of the Communications Security Establishment – Functions. Available at: http://www.ocsecbccst.gc.ca/functions/review_e.php

[74]. The Office of the Communications Security Establishment – Functions. Available at: http://www.ocsecbccst.gc.ca/functions/review_e.php

[75]. Office of the Privacy Commissioner of Canada. Homepage. Available at: https://www.priv.gc.ca/index_e.ASP

[76]. Office of the Privacy Commissioner of Canada. Reports and Publications. Special Report to Parliament “Checks and Controls: Reinforcing Privacy Protection and Oversight for the Canadian Intelligence Community in an Era of Cyber-Surveillance. January 28th 2014. Available at: https://www.priv.gc.ca/information/srrs/201314/sr_cic_e.asp

[77]. Office of the Privacy Commissioner of Canada. Available at: https://www.priv.gc.ca/index_e.asp. Last accessed: August 6th 2015.

[78]. Office of the Privacy Commissioner of Canada. Appearance before the Senate Standing Commitee National Security and Defence on Bill C-51, the Anti-Terrorism Act, 2015. Available at: https://www.priv.gc.ca/parl/2015/parl_20150423_e.asp. Last accessed: August 6th 2015.

[79]. Office of the Privacy Commissioner of Canada. Special Report to Parliament. January 8th 2014. Available at: https://www.priv.gc.ca/information/sr-rs/201314/sr_cic_e.asp. Last accessed: August 6th 2015.

[80]. Telecom Transparency Project. The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians. Available at: http://www.telecomtransparency.org/wp-content/uploads/2015/05/Governance-of-Telecommunications-Surveillance-Final.pdf. Last accessed: August 6th 2015.

[81]. Patrick Baud. The Elimination of the Inspector General of the Canadian Security Intelligence Serive. May 2013. Ryerson University. Available at; http://www.academia.edu/4731993/The_Elimination_of_the_Inspector_General_of_the_Canadian_Security_Intelligence_Service

[82]. Telecom Transparency Project. The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians. Available at: http://www.telecomtransparency.org/wp-content/uploads/2015/05/Governance-of-Telecommunications-Surveillance-Final.pdf. Last accessed: August 6th 2015.

[83]. Glenn Greenwald. Fisa court oversight: a look inside a secret and empty process. The Guardian. June 19th 2013. Available at: http://www.theguardian.com/commentisfree/2013/jun/19/fisa-court-oversight-process-secrecy, Nadia Kayyali. Privacy and Civil Liberties Oversight Board to NSA: Why is Bulk Collection of Telelphone Records Still Happening? February 2105. Available at :https://www.eff.org/deeplinks/2015/02/privacy-and-civil-liberties-oversight-board-nsa-whybulk-collection-telephone. Last accessed: August 8th 2015.

[84]. Scott Shance. The Troubled Life of the Privacy and Civil Liberties Oversight Board. August 9th 2012. The Caucus. Available at: http://thecaucus.blogs.nytimes.com/2012/08/09/thetroubled-life-of-the-privacy-and-civil-liberties-oversight-board/?_r=0. Last accessed: August 8th 2015

[85]. The Open Rights Group. Don't Spy on Us. Reforming Surveillance in the UK. September 2014. Available at: https://www.openrightsgroup.org/assets/files/pdfs/reports/DSOU_Reforming_surveillance_old.pdf

[86].

For more details visit https://cis-india.org/internet-governance/blog/policy-brief-oversight-mechanisms-for-surveillance

We are anonymous, we are legion

Power over privacy: New Personal Data Protection Bill fails to really protect the citizen’s right to privacy

POV: Should user-generated content be monitored?

Paritosh JoshiCEO, STAR CJ Live

Bharat Kapadia,Founder, ideas@bharatkapadia.com

Sunil Abraham

Executive director, Centre for Internet and Society

Alok Kejriwal

CEO, Games2win

Anupam Mukerji

The fake IPL player

Co-founder, Pitch Invasion

Post-website attack, cops hot on pursuit of Anonymous hackers

Post and be Damned

Portal augurs well for transparency

Porn. Panic. Ban: A Conversation on Sexual Expression, Pornography, Sexual Exploitation, Consent

Porn block in India sparks outrage

Porn ban: People will soon learn to circumvent ISPs and govt orders, expert says

Poor Guarantee of Online Freedom in India

The IT Guidelines

Lack of Accountability

Threats to Freedom of Expression

Notes

Political war on the web

Policy Officer - Internet Governance

Required Skill Sets

Policy Officer - Internet Governance

Required Skill Sets

Policy Lab on Artificial Intelligence & Democracy

Policy Design Jam

Session Schedule

Policy Brief: Oversight Mechanisms for Surveillance

Introduction

What is the purpose and what are the different components of an oversight mechanism for State Surveillance?

What can inform oversight mechanisms for state surveillance?

What oversight mechanisms for State Surveillance exist in India?

How can India's oversight mechanism for state surveillance be clarified?

Proposed oversight mechanisms in India

In what ways can India's mechanisms for state surveillance be strengthened?

Examples of oversight mechanisms for State Surveillance: US, UK, Canada and United States

United States

United Kingdom

Canada

Conclusion

Paritosh Joshi
CEO, STAR CJ Live

Bharat Kapadia,
Founder, ideas@bharatkapadia.com