Internet Governance Main
Is Data Protection Enough?
The following note looks briefly at different sides of the privacy debate, and asks the question whether a Data Protection law is enough privacy protection for India.
Surveillance Technologies
The following post briefly looks at different surveillance technologies, and the growing use of the them in India.
Encryption Standards and Practices
The below note looks at different types of encryption, varying practices of encryption in India, and the relationship between encryption, data security, and national security.
'Privacy Matters', Ahmedabad: Conference Report
On 26 March 2011, civil society, lawyers, judges, students and NGO’s, gathered together at the Ahmedabad Management Association to take part in 'Privacy Matters' – a public conference organised by Privacy India in partnership with IDRC and Research Foundation for Governance in India (RFGI) — to discuss the challenges of privacy in India, with an emphasis on national security and privacy. The conference was opened by Prashant Iyengar, head researcher at Privacy India and Kanan Drhu, director of RFGI. Mr. Iyengar explained Privacy India’s mandate to raise awareness of privacy, spark civil action, and promote democratic dialogue around privacy challenges and violations in India. RFGI is a think tank established in 2009 which aims to research, promote, and implement various reforms to improve the legal and political process in Gujarat and across India. ‘Privacy Matters – Ahmedabad’ is the third conference out of the eight that Privacy India will be hosting across India. The next conference will take place in Hyderabad on 9 April 2011. It will focus on human rights and privacy.
News Broadcasting Standards Authority censures TV9 over privacy violations!
We at PrivacyIndia/CIS are delighted by the recent order issued by the News Broadcasting Standards Authority(NBSA) which slapped a 1 lakh rupee fine on the news channel TV9 for airing an extremely incendiary and invasive programme titled "Gay Culture rampant in Hyderabad".
A Stolen Perspective
The note below is a perspective piece on biometrics. On March 11th I traveled down to the Philippines, and had a chance to experience the possible convenience of biometric based identification.
The Draft Electronic Delivery of Services Bill, 2011 – Comments by CIS
The Draft Electronic Delivery of Services Bill, 2011 (“Bill”) is a Bill to provide for delivery of government services manadatorily through electronic means by phasing out manual delivery of services. It is heartening to note that the Bill shifts the approach to electronic delivery of services by Government agencies to one as part of the citizens' right to service delivery through electronic means rather than a luxury or benefit doled out by the Government. The Bill introduces bodies exclusively accountable for ensuring that electronic delivery of services by the Government at the state and central levels. While this is a welcome move on the part of the Government there are a few comments we, at the Centre for Internet and Society, have on the present version of the Bill:
Policy for Government's Presence in Social Media - Recommendations
In pursuance of the Office Memorandum issued by the DIT dated March 4, 2011, the e-Governance Group of the DIT, convened on March 23, 2011, the first meeting of an exclusive group to propose guidelines for government presence on social networking and social media sites. The Centre for Internet and Society being one of the invitees to the meeting, has submitted its recommendations for a Policy for the Government's presence in social networking and social media sites.
Privacy and Governmental Databases
In our research we have found that most government databases are incrementally designed in response to developments and improvements that need to be incorporated from time to time. This method of architecting a system leads to a poorly designed database with many privacy risks such as: inaccurate data, incomplete data, inappropriate disclosure of data, inappropriate access to data, and inappropriate security over data. To address these privacy concerns it is important to analyze the problem that is being addressed from the perspective of potential and planned interoperability with other government databases. Below is a list of problems and recommendations concerning privacy, concerning government databases.
RTI Applications on Blocking of Websites
In recent weeks, an increasing number of incidents have come to light on government-ordered blocking of websites. In one case involving Zone-H.org, it is clear who has ordered the block (a Delhi district court judge, as an interim order), even though the block itself is open to constitutional challenge. In all others cases, including the TypePad case, it is unclear who has ordered the block and why. We at CIS have sent in two right to information requests to find out.
CIS Para-wise Comments on Intermediary Due Diligence Rules, 2011
On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Due diligence observed by intermediaries guidelines) Rules, 2011) in exercise of the powers conferred by Section 87(2)(zg), read with Section 79(2) of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para-wise comments for the Ministry’s consideration.
CIS Para-wise Comments on Cyber Café Rules, 2011
On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Guidelines for Cyber Cafe) Rules, 2011) in exercise of the powers conferred by Section 87(2) (zg), read with Section 79(2) of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para wise comments for the Ministry’s consideration.
CIS Para-wise Comments on Draft Reasonable Security Practices Rules, 2011
On February 7th 2011, the Department of Information Technology, MCIT published draft rules on its website (The Information Technology (Reasonable security practices and procedures and sensitive personal information) Rules, 2011) in exercise of the powers conferred by Section 87(2)(ob), read with Section 43A of the Information Technology Act, 2000. Comments were invited from the public before February 25th 2011. Accordingly, Privacy India and Centre for Internet and Society, Bangalore have prepared the following para-wise comments for the Ministry’s consideration.
Google Policy Fellowship Program: Asia Chapter
For the ardent followers of free and open Internet and for those who love to debate on technology, media law and Internet-related policy issues, there is some good news. The Centre for Internet and Society, India is conducting a Google Policy Fellowship program this summer!
Open Letter to the Finance Committee: UID and Transactions
Since official documentation from the UIDAI is very limited, we assume that data pertaining to transactions would comprise of the Aadhaar number, identifier of the authenticating device, date-time stamp, and approval/rejection/error code. Recording and maintaining of data pertaining to transactions is very important because it increases transparency and accountability through an audit trail. However, storage of such sensitive data creates many privacy risks, because more often than not metadata gives you as much intelligence as raw data.
Open Letter to the Finance Committee: Operational Design
The objective of the UID project is to provide identity infrastructure that is not susceptible to fraud or error. This note highlights parts of the operational design of the project, which are flawed. We plead that each point be taken into consideration and that the design be suitably revised.
Open Letter to the Finance Committee: UID Budget
This note presents the aspects of the UID project, which have not been considered or incorporated into the UID’s budget. The costs include re-enrollment, loss in human time, and the cost of the audit function.
Open Letter to the Finance Committe: Biometrics
This note points out the weaknesses inherent in biometrics and the pitfalls in using them. It recommends procedural safeguards that should be adopted by the UID in order to make the use of biometrics more secure and inclusive.
Open Letter to the Finance Committee: Finance and Security
This note explores the three connections between finance and security and demonstrates the cost implications of operating a centrally designed identity management system as proposed by the UID. In doing so, it shows how the monitoring, storing, and securing of transactional data in a centralized database fall short of meeting the project's objectives of authentication, and thus is an additional cost. Further, it is argued that the blanket monitoring of the transaction database is not an effective method of detecting fraud, and is an expensive component of the project.
Conference Report: 'Privacy Matters' Bangalore
On February 5th the 'Privacy Matters" conference was held at the TERI Regional Center in Bangalore. The event was a full day and centered around issues of privacy including: privacy rights of minorities, privacy and open government data, and privacy and identity.
