We are anonymous, we are legion

Parliament panel blasts govt over ambiguous internet laws

praskrishna — 2013-03-28T08:37:30Z

The Parliamentary Standing Committee on Subordinate Legislation has come out with a report in which it has lambasted the government and asked it to make changes to IT rules that govern internet-related cases in India.

This article by Ishan Srivastava was published in the Times of India on March 28, 2013. Pranesh Prakash is quoted.

It said in the report that multiple clauses in the laws had inherent ambiguity and that discrepancies exist in the government's stand on whether some rules are mandatory or only of advisory nature.

The committee said that inherent ambiguity of words like 'blasphemy' and `disparaging', among others, could lead to harassment of people as has happened with Section 66A of the IT Act repeatedly in recent times. Incidents include the arrest of two girls over 'liking' a Facebook post and a defamation case against an individual for an 'offensive' tweet. It has also been used by multiple politicians to suppress voices of dissent by branding them as 'defamatory'.

These ambiguous terms are used in the Intermediary Guidelines rules, passed in April 2011, which the committtee said could lead to legitimate speech being removed. Also, the Standing Committee noted that many categories of speech prohibited by the Intermediary Guidelines rules were not prohibited by any statute, and hence could not be prohibited by the government through these rules. The Standing Committee has asked the government to ensure that "no new category of crimes or offences is created" by these rules.

The committee also said that discrepancies exist in the nature of implementation of these laws. While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information", the wording of the laws suggest otherwise. In many of the laws, terms like "shall act" within 36 hours are used. The committee said that there was a "need for clarity on the aforesaid contradiction" and "safeguards to protect against any abuse" since it could lead to censorship.

"The government has told the Committee that the rules are for "self-regulation", but they in fact aren't. The rules dictate what content cannot be hosted. And our research found that intermediaries react to fake takedown requests too, just to avoid being liable for their users' content. This is not self-regulation, but government-mandated private censorship," said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS). CIS is a Bangalore-based non-profit body looking at issues of public accountability, privacy, free expression, and openness, and has consistently argued that many parts of the IT Act are unconstitutional.

The committee also suggested that all evidence relating to foreign websites refusing to honour Indian laws should be made public and a public debate should be encouraged as the internet is a global phenomena. Recently there have been instances of issues between the Indian government and tech giants like Facebook and Google related to censorship and taking down of 'offensive' and 'defamatory' content.

While the government's stand is that Intermediary Guidelines are only "of advisory nature and self-regulation" and that "it is not mandatory for the Intermediary to disable the information," the wording of the laws suggest otherwise.

For more details visit https://cis-india.org/news/times-of-india-ishan-srivastava-march-28-2013-parliament-panel-blasts-govt-over-ambiguous-internet-laws

Paranoid about state surveillance? Here’s the FD Guide to living in the age of snoops

Admin — 2017-12-16T13:38:46Z

The US does it, so does China. Ever since Edward Snowden’s revelations back in 2013, which exposed the extent of the US’s global surveillance apparatus, the public has been fairly clued into the extent of mass surveillance.

The blog post by Sriram Sharma was published in Factor Daily on December 12, 2017

It doesn’t take a conspiracy theorist to worry that India does it (or wants to), too, especially with the high decibel campaigns by banks, telecom service providers and others to have Indians link Aadhaar, the unique citizen ID, to multiple services.

If you want a dystopian picture of the future of surveillance, look no further than China, considered the world’s worst abuser of internet freedom for the third year in a row, according to the new Freedom House, a US-based NGO that conducts research and analysis on the internet. With a score of 87/100 (higher is worse), the Chinese state is renowned for its Great Firewall, which filters access to the wider internet. “Digital activism has declined amid growing legal and technical restrictions as well as heavy prison sentences against prominent civil society figures,” the latest Freedom House report notes.

India is rated “Partly Free” with a score of 41/100 (lower is better) in Freedom House’s 2017 report on internet freedom

While it’s a long way away from China, India scores 41/100 on Internet Freedom in 2017 but is still considered only ‘partly free’ owing to blocking of internet and telecom service providers in Kashmir and detainment of citizens for expressing their views online. The India report from Freedom House highlights Aadhaar’s mandatory linking for a wide range of schemes and records concerns regarding its privacy and security implications.

In this guide, we take a look at the why, what and how of India’s surveillance apparatus, the legal provisions in the Indian constitution that enables them, ask domain experts to provide us with tips on living in an age of state surveillance. We also take a look at a variety of widely used tools and apps that help you countering state surveillance or tracking of any kind.

Know your Big Brother: India’s State Surveillance Programs

Right to privacy organisation Privacy International has a detailed dossier on the state of privacy in India, which examines India’s surveillance schemes, laws around interception and access, and central intelligence agencies that carry out surveillance. Apart from the state police and the army, surveillance is carried out at least 16 different intelligence agencies, it notes.

The Centre for Internet and Society (CIS) and Software Freedom Law Centre (SFLC) have done extensive research in the past on India’s surveillance apparatus. Earlier this year, CIS reported on the various programs and tech infrastructure behind India’s surveillance state: these include Central Monitoring System (CMS), National Intelligence Grid (NATGRID), Network Traffic Analysis System (NETRA), etc. An earlier CIS report highlights a boom in surveillance tech in India following the 26/11 terror attacks in Mumbai.

Based on an RTI (Right to Information) filing, SFLC’s 2014 report on India’s Surveillance State reveals that around 7,500 to 9,000 telephone interception orders are issued by the central government alone each month. State surveillance of citizens’ private communications is authorised by laws that let them monitor phone calls, texts, e-mails and Internet activity on a number of broadly worded grounds such as such as ‘security of the state’, ‘defence of India’, and ‘public safety’.

The Government of India is also known to said to work with private third parties, some of which go so far as to infect target devices using malicious software to extract information on the subject. A 2013 Citizen Lab report titled ‘The Commercialisation of Digital Spying’ found command and control servers (used to control the host system) for FinFisher (a remote computer monitoring software suite) in India. A Wikileaks expose in 2015 dumped over a million emails belonging to Italian surveillance malware vendor HackingTeam. The emails revealed how India’s top intelligence agencies and the government expressed interest in buying Hacking Team’s malware interception tools.

Fears of an Aadhaar Surveillance State

Thejesh G N, an infoactivist wrote in FactorDaily about Hyderabad’s surveillance hub, which wants to collect all manner of details. Aadhaar is one of the primary keys to matching profiles with external data sources, he notes.

A look at data points gathered by Hyderabad’s Integrated Information Hub

“The end product shows on a map where you live, what you consume, did you take PDS, move to some other place, your mobile number, gender… there’s a lot of data in the hands of the very lowest level of government, which doesn’t have any protection as by a parliamentary committee or anything like that. It’s run by bureaucrats, so that has huge implications,” he says. “If you see Citizen Four (a 2014 documentary about Edward Snowden), it shows a similar system, where you enter one’s SSN, and it shows everything you have done, and are planning to do. We are building the same system…Governments change, today we might have a good government, tomorrow we might have the worst possible government on the planet.”

Pranesh Prakash, Policy Director of CIS says he doesn’t regard Aadhaar as a surveillance project. “I see Aadhaar as something that can facilitate surveillance, but by and of itself, it isn’t surveillance,” he says, adding that it does so in a non-consensual manner. “By having Aadhaar numbers across multiple databases, you make surveillance easier. But you need to tie it up to a surveillance system. For instance, Aadhaar without NATGRID isn’t surveillance, but Aadhaar with NATGRID can be helpful for surveillance.” NATGRID (National Intelligence Grid) was first proposed in late 2009 following 26/11 attacks by the Union Home Minister, to enhance India’s counter-terror capabilities. It links 21 citizen databases for access to intelligence/enforcement agencies.

Ongrid’s website earlier had this visualisation depicting its verification service, which made privacy advocates cringe. Source: Twitter.

We discussed some worst-case scenarios around the commercial use of Aadhaar and India Stack companies with Thejesh. “Let’s say there’s a screening company and they have your Aadhaar ID. They will send it to Airtel, or Vodafone, and ask for a list of all the websites you have viewed. Maybe you’ve watched porn or something, at some point in your life, and that could hurt your employment,” he says.

Curbing your data exhaust

The EFF (Electronic Frontier Foundation) has published a number of useful articles and resources for countering internet surveillance. Recommendations include using end-to-end encryption through tools such as OTR (a messaging protocol available on Adium), PGP (to exchange secure emails), and Signal (messenger).

Other useful tips:

Use VPNs

VPNs (virtual private networks) use encryption protocols and secure tunneling techniques to keep your internet activity impervious to snooping. With a VPN, you can bypass ISP restrictions on blocked websites or access services (Spotify) not available in your country, making it appear that you are browsing from another part of the world. Keep in mind that you can still be outed by your VPN provider, so it’s important to choose one that respects your privacy. There are hundreds of VPN service providers to choose from, That One Privacy Guy maintains a detailed comparison chart of over a hundred VPN providers, with details on jurisdiction, price, ethics, logging policies, VPN protocols supported, and more. Out of these, the country that the VPN provider is based in is a key filter: you don’t want to choose a VPN service based out of the ‘14 eyes‘, as they are known to do mass surveillance.

Use TOR

Tor, an acronym for ‘The Onion Router’, is a free app that lets you anonymise your online communication by directing a web browser’s traffic through a volunteer-run network of thousands of servers. It is funded by the US-based National Science Foundation, Mozilla, and Open Technology Fund, among others. Tor is available for download on Windows, Mac, Linux, and Android.

Browsing on Tor can be far slower than a regular web browser, but it keeps you anonymous.

Encrypt your storage

It’s now a default feature on your phone, or computer, so there’s no reason why you shouldn’t make use of it. To check if it is turned on in Windows 10, Go to Settings > System > About, and look for a “Device encryption” setting at the bottom of the About tab. Keep in mind that you need to sign into Windows with a Microsoft account to enable this setting, so it’s likely that the NSA or FBI might be able to bypass it.

On a Mac, you turn on full-disk encryption through FileVault, accessible in > System Preferences > Security & Privacy.

On an iPhone, data protection is enabled once you set up a passcode on your device.

Android 5.0 and above devices support full-disk encryption. If it isn’t turned on by default on your device, you can turn on encryption under the Security menu.

Sensitive documents can also be encrypted using TrueCrypt. Though you must keep in mind that key disclosure laws apply in India, under the Section 69 of the Information Technology Act, which states that there’s a seven-year prison sentence for failing to assist the central and state governments in decrypting information on a computer resource.

Use an air-gapped PC

An air-gapped PC is one that is not connected to the internet or to any computers that are connected to the internet. Air-gapped PCs are typically used when handling critical infrastructure, and this is an extreme measure one can take when working with sensitive data that you don’t want to be leaked.

Use HTTPS everywhere

HTTPS Everywhere offers plugins for Firefox, Chrome, and Opera, and turns every link you open or key in, to a secure version of the HTTP protocol, which is encrypted by Transport Layer Security (TLS). The tool protects you from eavesdropping or tampering with the site you are visiting, but only works on sites that support HTTPS. Keep in mind that this tool won’t conceal the sites you have accessed from eavesdroppers but it won’t reveal the specific URL that you visited.

Turn on Advanced Protection in Gmail

If you trust Gmail with your data, take the relationship to the next level with Advanced Protection, which safeguards your account against phishing attacks, limits access to trusted apps, and adds extra verification features to block fraudulent account access. You will need a Bluetooth key and a USB key to turn this feature on.

Some other don’ts

Don’t leave any cameras open. Tape them up if you are a potential surveillance target.
Don’t use freemium apps, which trade in your privacy. A recent example of a worst-case scenario.
Don’t send any data via free email services that you would like to keep private.
Don’t use Google or Facebook, as Snowden says, if you value your privacy. Don’t take our word for it.

As for Aadhaar, Thejesh says that there isn’t much one can do as it is forcibly linked to many essential services. He recommends using different email ids for official work and unofficial work. “Use one email ID for Aadhaar and mobile related accounts, and use the other one for regular communication. It separates the accounts from surveillance and adds a layer of security,” he says. “Don’t use Aadhaar until is necessary. If you use Aadhaar and you are not in a mood to resist everything, then don’t use it where it is not required. Don’t use it like a regular address proof,” he adds.

If you are already an Aadhaar holder, it makes sense to use the biometric locking system provided by UIDAI on its website to protect against identity theft and unauthorised access. The biometric locking feature sends an OTP code to your registered mobile number to unlock or disable the locking system.

If someone is concerned about surveillance, CIS’s Prakash recommends not having a cell phone. “The cellphone is the single largest means of data gathering about you,” he says.

Surveillance can take many forms: it can be physical or off-the-air surveillance (an interception technique used to snoop on phone calls), he points out.

A CCTV camera fitted on top of a Hyderabad Police vehicle

Surveillance is not always bad: medical surveillance, for instance, an entire field around the spread of diseases, is necessary, Prakash clarifies. “Even state surveillance for national security purposes is absolutely necessary. A nation-state can’t survive without surveillance so I am quite clear that those who oppose all forms of surveillance are opposing all kinds of rights – because you can’t have rights without security. And indeed, individual security is a human right guaranteed under the Universal Declaration of Human Rights and guaranteed in Article 21 of the Indian Constitution. Without security of the person, you can’t have the right to freedom of speech, you can’t enjoy the right to privacy… If you’re in a state of war or in a state of terror, then you can’t enjoy rights – so clearly for me, surveillance is necessary,” he says.

That said, surveillance in India is highly problematic as the laws and the democratic framework for surveillance is very weak, and enforcement of that framework is even worse, Prakash adds. “One of the best ways of countering surveillance, I would suggest, is to actually demand a democratic framework for surveillance in India. Demand that your MLA and MP take up this issue at the state and central level… and that we have a democratic framework for both our intelligence agencies and for all the surveillance that is conducted by the state in India,” he says.

He calls everything else – “the technological stuff, using anonymising networks, end-to-end encryption” – a second order issue. “It can help you as an individual, but it doesn’t help us as a society.”

For more details visit https://cis-india.org/internet-governance/news/factor-daily-sriram-sharma-december-12-2017-paranoid-about-state-surveillance-here-s-the-fd-guide-to-living-in-the-age-of-snoops

Paper-thin Safeguards and Mass Surveillance in India

chinmayi — 2015-06-20T10:17:57Z

The Indian government's new mass surveillance systems present new threats to the right to privacy. Mass interception of communication, keyword searches and easy access to particular users' data suggest that state is moving towards unfettered large-scale monitoring of communication. This is particularly ominous given that our privacy safeguards remain inadequate even for targeted surveillance and its more familiar pitfalls.

This need for better safeguards was made apparent when the Gujarat government illegally placed a young woman under surveillance for obviously illegitimate purposes, demonstrating that the current system is prone to egregious misuse. While the lack of proper safeguards is problematic even in the context of targeted surveillance, it threatens the health of our democracy in the context of mass surveillance. The proliferation of mass surveillance means that vast amounts of data are collected easily using information technology, and lie relatively unprotected.

This paper examines the right to privacy and surveillance in India, in an effort to highlight more clearly the problems that are likely to emerge with mass surveillance of communication by the Indian Government. It does this by teasing out Indian privacy rights jurisprudence and the concerns underpinning it, by considering its utility in the context of mass surveillance and then explaining the kind of harm that might result if mass surveillance continues unchecked.

The first part of this paper threads together the evolution of Indian constitutional principles on privacy in the context of communication surveillance as well as search and seizure. It covers discussions of privacy in the context of our fundamental rights by the draftspersons of our constitution, and then moves on to the ways in which the Supreme Court of India has been reading the right to privacy into the constitution.

The second part of this paper discusses the difference between mass surveillance and targeted surveillance, and international human rights principles that attempt to mitigate the ill effects of mass surveillance.

The concluding part of the paper discusses mass surveillance in India, and makes a case for expanding our existing privacy safeguards to protect the right to privacy in a meaningful manner in face of state surveillance.

Download the paper here.

For more details visit https://cis-india.org/internet-governance/blog/paper-thin-safeguards-and-mass-surveillance-in-india

Panelist at launch of Google-UNESCAP AI Report

Admin — 2019-11-02T06:48:25Z

Arindrajit Basu was a speaker at the panel launching the Google-UNESCAP AI Report at the GovInsider Forum held at the United Nations Convention Centre in Bangkok on October 16, 2019.

Click to view the agenda.

For more details visit https://cis-india.org/internet-governance/news/panelist-at-launch-of-google-unescap-ai-report

Panel suggests law to protect individual privacy

praskrishna — 2012-10-22T14:37:28Z

A government-appointed expert panel Thursday called for a law to protect individual privacy against misuse of information collected by various agencies, public and private, and through various methods like telephone tapping.

Published in Newstrack India on October 18, 2012.

Concerns have been voiced by various quarters in the country on the possible invasion of citizen's privacy guaranteed under Article 21 of the Constitution through national programmes like Unique Identification number, reproductive rights of women, DNA profiling and brain mapping which will be implemented through the information, communication and technology (ICT) platforms.

Minister of State for Planning Ashwani Kumar last year had constituted the experts group to identify the privacy issues and prepare a report to facilitate authoring of the privacy bill.

The group, headed by former Delhi High Court Chief Justice A.P. Shah, recommended setting up of a regulatory framework comprising Privacy Commissioners at the centre and regional levels to deal with privacy issues and mandatory destruction of telephone conversation after a specified period.

As regards the specific issue of phone tapping, it said "interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period up to 180 days".

It suggested that the records of the conservation should be destroyed by security agencies and telephone service providers within stipulated time frame.

"Records of interception must be destroyed by security agencies after six months or nine months and service providers must destroy after two or six months," it said.

Acccording to an official release, the following are some of the major recommendations made in the panel's report:

The regulatory framework will consist of Privacy Commissioners at the Central and Regional levels.

A system of co-regulation that will give self-regulating organizations at industry level choice to develop privacy standards which should be approved by a Privacy Commissioner.

Individuals would be given the choice (opt-in/opt-out) with regard to providing their personal information and the data controller would take individual consent only after providing inputs of its information practices.

The data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection as well as process the data relevant to the purpose for which they are collected.

The data collected would be put to use for the purpose for which it has been collected. Any change in the usage would be done with the consent of the person concerned.

Data collected and processed would be relevant for the purpose and no additional data elements would be collected from the individual.

Interception orders must be specific and all interceptions would only be in force for a period of 60 days and renewed for a period up to 180 days. Records of interception must be destroyed by security agencies after 6 months or 9 months and service providers must destroy after 2 months or 6 months.

Infringement of any provision under the Act would constitute an offence by which individuals may seek compensation for an organization/bodies held accountable to.

Note: CIS was part of the expert committee even though not explicitly mentioned.

For more details visit https://cis-india.org/news/newstrackindia-october-18-2012-suggests-law-to-protect-individual-privacy

Panel on Privacy, Surveillance & the UID in the post-Snowden era

praskrishna — 2013-11-26T19:05:54Z

The Centre for Internet and Society (CIS) and the Say No to UID campaign invite you to a discussion on the UID and on the implications of the world's largest biometric data collection scheme in a post-Snowden era. The panel will take place on November 30th at the Institution of Agricultural Technologists in Bangalore.

Probably one of the most important things that we learnt following the Edward Snowden revelations is that our data has value. In fact, what we learnt is that our data has immense value...since it is clearly worth billions of dollars — to say the least.

However, not only does India lack privacy legislation which could safeguard our data from potential abuse, but it is also currently implementing some of the most controversial surveillance schemes in the world, in addition to the world's largest biometric data collection scheme. What's probably more alarming is that such schemes, such as the UID, lack legal backing, as well as public and parliamentary debate!

We aim to change that. As such, the Centre for Internet and Society (CIS) and the Say No to UID campaign jointly invite you to attend a panel which will discuss all of these crucial topics.

Schedule of panel:

3.30pm - 4pm: Tea/Coffee/Refreshments & Registration

4pm - 5.30pm: Panel on Privacy, Surveillance & the UID in the post-Snowden era

5.30pm - 6pm: Q&A and Open Discussion

Panelists:

- Dr. Usha Ramanathan: Academic, Jurist and Activist

- K V Narendra: Director of Rezorce Research Foundation

- Vinay Baindur: Researcher on Urban Local Government & Decentralisation

- Maria Xynou: Policy Associate on the Privacy Project at the Centre for Internet & Society

For more details visit https://cis-india.org/events/panel-on-privacy-surveillance-uid-in-the-post-snowden-era

Panel Discussion on UID/ Aadhar act 2016 and its impact on Social, Security

praskrishna — 2016-04-28T17:02:59Z

Sunil Abraham was a speaker at this event organized by Students Christian Movement of India at SCM House in Bangalore on April 25, 2016. Mathew Thomas and Usha Ramanathan also gave talks.

With the passage of the Aadhaar act 2016 is UID / Aadhar mandatory now? How do we understand the issue of Social Security in the context of the new law? What does it mean for those who need to access their senior citizen pension, rations, school and college scholarships, etc.

How does one understand the money bill route for introducing the bill in Parliament? What are implications of this for the validity of the law?

What will happen to the court cases challenging the UID now?

Where are we now on the thorny issues of surveillance, tracking, profiling, biometrics, private and foreign companies and subsidy? What does the law say?

This discussion will revisit the debates around the UID and examine the implications of the new law.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-uid-aadhar-act-2016-and-its-impact-on-social-security

Panel Discussion on UID – Its Feasibility, Utility and Legality

praskrishna — 2011-05-25T04:11:48Z

A panel discussion on "UID, its feasibility, utility and legality" is being organised by Citizen’s Action Forum, Grahak Shakti and the Centre for Internet and Society. It would be held at The Energy and Resources Institute (at TERI auditorium) in Domlur, Bangalore (near Domlur Club) on Thursday, May 26, 2011. The program commences with lunch at 1 p.m. and ends at 5.30 p.m. You are cordially invited to attend this program.

The panel members would include Mr. Rama Jois (former Chief Justice of Chattisgarh High Court and present Member of Parliament), Mr. Moinul Hassan (Member of Parliament), Mr. Narendra Babu (Member, Legislative Assembly, Karnataka), Mr. V P Sudarshan (former Chairman, Legislative Council of Karnataka and present speaker of Congress party) and Mr. Venkatesh Baberjung, Advocate, High Court of Karnataka.

The National Identity Authority of India Bill, 2010 has been placed before the Parliament by the Government. This Bill has been referred to the Parliamentary Standing Committee on Finance. Mr. Moinul Hassan is a member of this committee. The committee has held one sitting where the Chairman, UIDAI, Mr. Nandan Nilenkani was asked for certain clarifications on the Bill.

The UID project is now under implementation at Mysore. It is scheduled to be launched in Bangalore in June 2011. The Central Government has decided to include caste and religious data in the census. The linkages between UID and the census could come up for discussion among panel members.

UIDAI officials and government officials from the Department of E-Governance, Government of Karnataka have been invited as panel members.

The subject of the discussion is thus topical and of high public interest and importance. We cordially invite you to the lunch and to cover the event so that the public could become aware of issues concerning the same.

The programme schedule is as follows:

1.00 p.m. to 2.00 p.m. - Lunch
2.00 p.m. to 2. 15 p.m. - Welcome and introduction by sponsoring organisations and moderator
2.15 p.m. to 3.00 p.m. - Opening statements by panel members
3.00 p.m. to 4 p.m. - Panel discussions
4.00 p.m. to 4.15 p.m. - Tea
4.15 p.m. to 4.45 p.m. - Panel discussions and questions to panel from audience
4.45 p.m. to 5.15 p.m. - Open House for Audience views
5.15 p.m. to 5.30 p.m. - Concluding remarks by panel members

For more details visit https://cis-india.org/events/uid-panel-discussion

Panel Discussion on Internet Intermediaries, Law and Innovation

jyoti — 2015-06-14T16:37:56Z

CII, Google and Centre For Communications Governance, NLU Delhi hosted a panel discussion on June 2 in New Delhi. Jyoti Panday attended.

The Centre for Internet & Society (CIS) participated in the panel discussion on 'Internet Intermediaries, Law and Innovation' hosted by CII, Google and Centre For Communications Governance, NLU Delhi. The panel discussed the impact of the existing provisions on intermediary liability and innovation and sought suggestions and the way forward.

The panel was moderated by Dr Subho Ray, President, IAMAI

Other panelists included:

Mr Anupam Chander, Eminent Global Lawyer & Academician
Mr Apar Gupta, Advocate
Ms Mishi Choudhary, Founding Director , Software Freedom Law Centre
Mr J Sai Deepak, Associate Partner, Litigation Team, Saikrishna & Associates

Mr Indranil Choudhury, Founder and CEO, Lexplosion

Click to download the presentation.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-on-internet-intermediaries-law-and-innovation

Panel Discussion on E-Commerce at NLSIU

praskrishna — 2013-02-03T10:37:05Z

Pranesh Prakash was a panelist at this event held at the National Law School of India University on January 7, 2013.

Suswagata Roy posted a report of this event in Cool Age on January 19, 2013.

E-Commerce in India has brought about a revolution and has changed the way businesses are conducted. In a short period of time, E-Commerce has seen tremendous growth and has been able to generate a market for itself. This definitely seems to be just the beginning and a bright future awaits it.

Given that E-Commerce is a hot topic and has already given rise to some pertinent legal issues, the Law and Technology Committee of National Law School of India University held a panel discussion on the same on 7^th Jan, 2013 at 4 PM in the Training Centre, NLSIU Campus. The Panel, which consisted of Mr. Stephen Mathias (Partner, Kochhar and Co.), Mr. Pranesh Prakash (Policy Director, Centre for Internet and Society) and Mr. N. Vijayashankar (founder Chairman of Digital Society Foundation), focused on three issues in order to bring forth their key points.

The issues that were highlighted through the discussion were:

1. E-Commerce and Privacy: Privacy and the internet has been an important issue with which the legal community has been grappling for a long time. There are no specific legislations in India which protect privacy especially in relation to the internet. Protecting private and confidential information of the users is a primary concern of E-Commerce websites which also highlights the related issue of data protection. The customers' financial information is in special need of protection. While dealing with this issue questions like who is responsible for such protection, what data can be shared and what usage will it be put to use will have to be looked at? While dealing with privacy how the government will create a balance between protecting confidential information and providing information to the regulators to ensure no sham transactions, money laundering and tax evasion is being carried on needs to be addressed.

2. E-Commerce and its compatibility with other laws: the need for a separate Act:E-Commerce has definitely given rise to a new form of transaction. Thus, related laws such as law of contracts, law of evidence, taxation will all have to evolve to accommodate the new form of legal dealing. Contracts will have to evolve to validate such online transactions while law of evidence will have to evolve in order to sustain disputes based on such transactions. Many pertinent questions relating to intellectual property rights also arise especially in the area of copyrights. While minor amendments have been made to the Indian Evidence Act and to the Information Technology Act, they are not sufficient to handle this advanced method of conducting business. Moreover, the Information Technology Act is an enabling Act and this complicates matters even more. These issues give rise to the obvious question of needing a separate Act to regulate E-Commerce. An E-Commerce bill was drafted in 1998 which has never been given any attention and which may not be relevant anymore after the changes that technology has undergone over more than a decade.

3. E-Commerce and Cyber Crimes: E-Commerce has opened new avenues of dealing with consumers in the virtual world and thus, has opened new modes of proliferation of cyber crimes. It has resulted in an increased need to secure the laws in relation to fraud prevention, money laundering and phishing. It is imperative to look at the cyber laws in India and whether they are sufficient to deal with such issues in the wake of E-Commerce. How should the law deal with such issues and what regulatory compliances are required for E-Commerce websites in order to deal with these issues?

Thus, though E-Commerce is on the rise and is a welcome way of conducting business and has entranced many consumers, its effective utilizations and growth is viable only if a sturdy legal framework is in place. The panel discussion brought forth such issues and discussed the solutions for the same.

For more details visit https://cis-india.org/news/panel-discussion-on-e-commerce-at-nlsiu

Panel discussion on 'How to Avoid Digital ID Systems That Put People at Risk: Lessons from Afghanistan' at Freedom Online Conference

praskrishna — 2021-12-03T14:52:35Z

Amber Sinha participated as a panelist in a panel discussion on How to Avoid Digital ID Systems That Put People at Risk: Lessons from Afghanistan at the Freedom Online Conference yesterday.

The Freedom Online Coalition (FOC) was established in 2011 in response to the growing recognition of the importance of the Internet for the enjoyment of human rights. Periodically, the FOC holds a multistakeholder Conference that aims to deepen the discussion on how online freedoms are helping to promote social, cultural and economic development. The ownership of the Conference program and outputs lies with the host country, most often the Chair of the Coalition during that year.

The aim of the panel was to use the lessons learned from the Afghanistan case to take a critical and realistic look at the implementation of digital identification programs around the world. A video of the panel can be accessed here.

For more details visit https://cis-india.org/internet-governance/news/panel-discussion-how-to-avoid-digital-id-systems-that-put-people-at-risk

Panel Discussion – Intermediary Liability & Freedom of Expression in India

praskrishna — 2014-04-04T10:10:32Z

Bhairav Acharya will participate in a panel discussion on ‘Intermediary Liability & Freedom of Expression’ on Wednesday evening (26th March 2014) from 6:00 pm onwards at the India International Centre Annex. The event is organized by the Centre for Communication Governance at NLU Delhi in association with the Global Network Initiative, Washington D.C.

The panel comprises of three eminent personalities: Shyam Divan, Senior Advocate, Supreme Court of India; Siddharth Varadarajan, Journalist and Senior Fellow, Centre for Public Affairs and Critical Theory, New Delhi and; Jermyn Brooks, Independent Chair, Global Network Initiative, Washington D.C.

The objective of the panel was to focus on the Indian legal framework governing Internet platforms and explore questions related to Internet intermediaries and the balance that should be involved in regulations affecting user-generated content, in the context of the civil liberties that are key to democracy, in particular free expression and privacy. The discussion was aimed at drawing connections between this ostensibly Internet-related issue and the traditional media, to highlight recurring issues and useful perspectives.

For more details, click here.

For more details visit https://cis-india.org/news/panel-discussion-intermediary-liability-and-freedom-of-expression-in-india

Pandemic Technology takes its Toll on Data Privacy

Aman Nair and Pallavi Bedi — 2021-06-26T06:52:52Z

The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The article by Aman Nair and Pallavi Bedi was published in the Deccan Herald on June 13, 2021.

People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo

Jabalpur: A beneficiary shows his certificate on his mobile phone after receiving COVID-19 vaccine dose, at Gyan Ganga College in Jabalpur, Saturday, May 15, 2021. (PTI Photo)

At a time when technology is spawning smart solutions to combat Covid-19 worldwide, India’s digital response to the pandemic has stoked concerns that surveillance could pose threats to the privacy of the personal data collected. Be it apps or drones, there is widespread criticism that digital tools are being misused to share information without knowledge or consent. At the other end of the spectrum, the great urban-rural digital divide is hampering the already sluggish vaccination drive, exposing vulnerable populations to a fast-mutating virus.

Last year, the Centre, states and municipal corporations launched more than 70 apps relating to Covid-19, demonstrating the country’s digital-driven approach to handling the pandemic. Chief among these was the central government’s contact tracing app Aarogya Setu. Launched under the Digital India programme, the app quickly came under scrutiny over data privacy.

As per its privacy policy, Aarogya Setu collects personal details such as name, age, sex, profession and location. As there is no underlying legislation forming its basis, and in the absence of a personal data protection bill, serious privacy concerns regarding the collection, storage and use of personal data have been raised.

The government has attempted to mitigate these concerns with reassurances that the data will be used solely in tracing the spread of the virus. However, recent reports from the Kulgam district of Jammu and Kashmir point to the sharing of application data with police. This demonstrates how easy it is to use personal data for purposes other than which it was collected, and presents a serious threat to citizen privacy.

Though Aarogya Setu was initially launched as ‘consensual’ and ‘voluntary’, it soon became mandatory for individuals to download the app for various purposes such as air and rail travel (this order was subsequently withdrawn) and for government officials. Initially it was also mandatory for the private sector, but this was later watered down to state that employers should, on a ‘best effort basis', ensure that the app is downloaded by all employees having compatible phones. However, the ‘best effort basis’ soon translated into mandatory imposition for certain individuals, especially those working in the ‘gig economy’.

Several states had also launched apps for various purposes ranging from contact tracing of suspected Covid patients to monitoring the movement of quarantined patients. As a report by the Centre for Internet and Society observed, given the attention on Aarogya Setu, most of the apps launched by the state governments escaped scrutiny and public attention.Most of these apps either did not have a privacy policy or the policy was vague and often did not provide important details such as who was collecting the data, the time period for retaining the data and whether personal data could be shared with other departments, most notably, law enforcement.Apart from contact tracing apps, the pandemic also ushered in a wave of other apps and digital tools by the government. These include systems such as drones to check whether people are following Covid-19 norms and facial recognition cameras to report to the police whether someone has broken quarantine. Similar to Aarogya Setu, these tools have also largely been brought about in the absence of a legal and regulatory framework.
The absence of any legal framework has meant these tools are now being used for purposes beyond managing the pandemic.

The government is now planning to use facial recognition technology along with Aadhaar toauthenticate people before giving them vaccine shots.

Aarogya Setu is now linked with the vaccination process. Beneficiaries have been provided an option to register through Aarogya Setu. The pandemic has also provided a means for the government to bring in changes to health policies and introduce the National Health Data Management Policy for the creation of a Unique Health Identity Number for citizens.

Vaccination and digital platforms

The use of digital technology has extended to the vaccination process through the deployment of the Covid Vaccine Intelligence Network (Co-WIN) platform.During the first phase of inoculation, beneficiaries were required to register on the Co-WIN app while in the subsequent phases, registration was to be done on the Co-WIN website. The beneficiary is required to upload a photo identity proof.

While Aadhaar has been identified as one of the seven documents that can be uploaded for this, the Health Ministry has clarified that Aadhaar is not mandatory for registration either through Co-WIN or through Aarogya Setu. However, as per media reports, certain vaccination centres still seem to insist on Aadhaar identity even though beneficiaries may have used another identity proof to register on the Co-WIN website.

It is also pertinent to note that the website did not have a privacy policy till the Delhi High Court issued directions on June 2, 2021. The privacy policy hyperlinked on the Co-WIN app directed the user to the Health Data Policy of the National Health Data Management Policy, 2020.

The vaccination drive has been used as a means to push the health identity project forward as beneficiaries who have opted to provide Aadhaar identity proof have also been provided with a health identity number on their vaccination certificate. It is interesting to note that Co-WIN’s privacy policy now states that if the beneficiary uses Aadhaar as identity proof, it can 'opt' to get a Unique Health Id.However, as a recent report revealed, health identity numbers have already been generated for certain beneficiaries without obtaining consent from them for the purpose.

Have the apps been successful?

One could argue that privacy concerns are a worthwhile tradeoffin order to contain the spread of thepandemic. But it is worth examining how successful these technologies have been. In reality, the use of digital technology at every stage of combating the pandemic has clearly highlighted the extent of our digital divide. As per data from TRAI, there are around 750 million Internet subscribers in India,which is only a little more than half of India’s estimated 1.3 billion citizens — with this gap having a significant impact on the efficacy of the government’s strategies. Aarogya Setu has fallen far short of its goal, of having near universal adoption. It has limited adoption in much of the country. This has severely limited its efficacy in tracing the spread of the virus. Research from Maulana Azad Medical College has cited socio-economic inequalities,educational barriers and the lack of smartphone penetration as being the key causes behind the app’s limited success, pointing back to the digital divide. Moreover, the app has also brought with it a host of associated problems including lateral surveillance and function creep caused by the addition of new features. All of which, along with the previously mentioned privacy concerns, have served to hamper public trust and adoption.

A similar situation is seen in the case of vaccination and the Centre’s Co-WIN web portal. The need for registration, first on the Co-WIN app and later on the Co-WIN web portal, has disproportionately affected those who either have no or limited digital access. Many of them belong to vulnerable groups such as migrant and informal sector workers (mainly from disadvantaged castes), LGBTQIA + individuals, sex workers and both urban and rural poor. These issues have also been acknowledged by the Supreme Court, which raised serious concerns about the government being able to achieve its stated object of universal vaccination.

As the inoculation exercise opened up for the 18-45 age group, it increasingly favoured the urban population who possessed the technological and digital literacy to either create or access a host of tools. One need to only look at the wave of automated CO-WIN bots that arose as soon as the vaccination process was expanded to see how these dynamics manifested.

Ultimately, the digital-driven approach that the governments have adopted has resulted in a number of issues — most notably, data privacy and exclusion. Going forward, government strategies must actively account for these factors and ensure that citize rights are adequately protected.

For more details visit https://cis-india.org/internet-governance/blog/deccan-herald-aman-nair-and-pallavi-bedi-june-13-2021-pandemic-technology-takes-its-toll-on-data-privacy

PAI WG Labor and Economy Meeting

Admin — 2018-05-05T09:35:07Z

Elonnai Hickok co-chaired the first PAI Labor and Economy WG in NYC on April 25, 2018.

Agenda

For more details visit https://cis-india.org/internet-governance/news/pai-wg-labor-and-economy-meeting

Packets, net neutrality and gaming public policy outcomes

Admin — 2019-08-28T15:15:37Z

Gurshabad Grover attended Prof. Vishal Misra's lecture on net neutrality at Has Geek in Bangalore on August 15, 2019.

For more details visit https://cis-india.org/internet-governance/news/packets-net-neutrality-and-gaming-public-policy-outcomes