Centre for Internet and Society

Govt tweaks enforcement of IT Act after spate of arrests

praskrishna — 2012-11-30T08:27:01Z

The government on Thursday tweaked the law to make it tougher for citizens to be arrested for online comments that are deemed offensive after recent arrests came in for heavy criticism by Internet activists, the media and other groups.

Surabhi Agarwal's article was published in LiveMint on November 29, 2012. Pranesh Prakash is quoted.

This took place just before the Supreme Court was to hear a public interest litigation seeking an amendment to the Information Technology (IT) Act.

Complaints under the controversial Section 66A of the IT Act, which criminalizes “causing annoyance or inconvenience” online or electronically, can be registered only with the permission of an officer of or above the rank of deputy commissioner of police, and inspector general in metro cities, said a senior government official.

The government, however, has not amended the terms in the section that are said to be vague and subject to interpretation.

The public interest litigation against Section 66A filed by student Shreya Singhal came up in chief justice Altamas Kabir’s court on Thursday. The matter will be heard on Friday.

Two girls near Mumbai were arrested last week for criticizing on Facebook the shutdown in the city for Shiv Sena chief Bal Thackeray’s funeral. Earlier in November, a businessman in Puducherry was arrested for comments made on Twitter against finance minister P. Chidambaram’s son Karti Chidambaram.

According to people present at the meeting of the cyber regulatory advisory committee on Thursday, the Union government will issue guidelines to states with respect to the compliance of the new enforcement rules soon. The people didn’t want to be named. An official said the move was not related to the case.

Pranesh Prakash, policy director at the Centre for Internet and Society think tank, said that while the change in the law is a step in the right direction and will eliminate a lot of frivolous complaints, more needs to be done to make the legislation specific.

Chief justice Kabir said the apex court was considering taking suo motu cognisance of recent incidents.

Singhal contended in her plea that “the phraseology of section 66A of the IT Act, 2000, is so wide and vague and incapable of being judged on objective standards, that it is susceptible to wanton abuse and, hence, falls foul of Article 14, 19 (1)(a) and Article 21 of the Constitution.”

She submitted that “unless there is judicial sanction as a prerequisite to the setting into motion the criminal law with respect to freedom of speech and expression, the law as it stands is highly susceptible to abuse and for muzzling free speech in the country.”

The PIL was argued by Mukul Rohatgi, who said in his opening remarks that Section 66A was vague. Terms such as “offensive” and “annoyance” should be clearly defined as the section is part of criminal law, he said.

Senior advocate Harish Salve, who was also present during the hearing, said India guaranteed the right to “annoy” and there was no need to have a separate law.

Salve, who is in the process of filing an intervention on behalf of some technology companies, added that the section needed to be narrowed to specifically cater to private messages sent electronically and not social media communications.

He said the existing law of defamation should suffice and could be extended to include electronic communications. According to a lawyer who is part of the team representing Singhal, the petition also demanded that the law be made non-cognisable so that the police can’t make an arrest without an order from a magistrate.

“There has been a lot of misuse and abuse of the law recently and we want it to be struck down absolutely and also the court to issue guidelines,” he said.

Apart from the incident at Palghar in Thane district involving the two girls, Singhal’s PIL referred to an April incident in which a professor of chemistry from Jadavpur University in West Bengal, Ambikesh Mahapatra, was arrested for posting a cartoon concerning chief minister Mamata Banerjee on a social networking site.

She also referred to the Puducherry case as well as the May arrests of two Air India Ltd employees, V. Jaganatharao and Mayank Sharma, by the Mumbai Police under the IT Act for posting content on Facebook and Orkut against a trade union leader and some politicians.

Singhal has sought guidelines from the apex court to “reconcile Section 41 and 156 (1) of the Criminal Procedure Code (CPC) with Article 19 (1)(a) of the Constitution” and that offences under the Indian Penal Code and any other legislation, if they involve the freedom of speech and expression, be treated as a non-cognizable offences for the purposes of Sections 41 and 156 (1).

Section 41 of CPC empowers the police to arrest any person without an order from a magistrate and without a warrant in the event that the offence involved is a cognizable offence. Section 156 (1) empowers the investigation by the police into a cognizable offence without an order from a magistrate.

The government official present at the cyber regulatory advisory committee said the expressions used in Section 66A had been taken from different statutes around the world, including the UK and the US.

“There has been a broad consensus that the parameters of the law concerned might be in order but from a procedural standpoint there might be difficulty,” the official said.

Prakash said that while some of the terms in the section may be taken from legislation overseas, the penalty imposed under the Indian law is far more stringent at three years of imprisonment than, for instance, six months under the UK law. “Criminal offences can’t be put at the same level as something which causes insult.”

The cyber regulatory advisory committee meeting was attended by minister for communications and information technolgy Kapil Sibal, and secretaries of the department of telecommunications and information technology, besides representatives of technology companies such as Google and Facebook, industry associations and civil society.

The official also said that the situation will be reviewed every three to four months based on “ground realities”.

A government official said on condition of anonymity that the decision to revive the cyber regulatory advisory committee had been taken at a meeting in August. Section 66A was put on the agenda since it was the subject of much debate, he said. The meeting, however, was not a pre-emptive measure ahead of the PIL that was taken up in the Supreme Court. The official also said that the government will spell out its position in court in favour of the legislation.

For more details visit https://cis-india.org/news/livemint-politics-november-29-2012-surabhi-agarwal-govt-tweaks-enforcement-of-it-act-after-spate-of-arrests

List of Chairman and Members of CRAC

snehashish — 2012-12-02T06:22:25Z

Notification on the constitution of the "Cyber Regulation Advisory Committee"

LIST OF CHAIRMAN AND MEMBERS OF CYBER REGULATION ADVISORY COMMITTEE

NOTIFICATION[1]

17th October, 2000

In exercise of the powers conferred by section 88 of the Information Technology Act, 2000 (21 of 2000) the Central Government hereby constitute the “Cyber Regulation Advisory Committee”, consisting of the following, namely: –

1. [2][Minister, Communication and Information Technology] - Chairman

2. Secretary, Legislative Department - Member

3. Secretary, [3][Ministry of Communication and Information Technology, Department of Information Technology] - Member

4. Secretary, Department of Telecommunications - Member

5. Finance Secretary - Member

6. Secretary, Ministry of Defence - Member

7. Secretary, Ministry of Home Affairs - Member

8. Secretary, Ministry of Commerce - Member

9. Deputy Governor, Reserve Bank of India - Member

10. Shri T.K. Vishwanathan, Presently Member Secretary, Law Commission - Member [sic]

11. President, NASSCOM - Member

12. President, Internet Service Provider Association - Member

13. Director, Central Bureau of Investigation - Member

14. Controller of Certifying Authority - Member

15. Information Technology Secretary by rotation from the States - Member

16. Director General of Police by rotation from the States - Member

17. Director, IIT by rotation from the IITs - Member

18. Representative of CII - Member

19. Representative of FICCI - Member

20. Representative of ASSOCHAM - Member

21. [4][Scientist “6”, Department of Information Technology] - Member Secretary

2. Travelling Allowance/Dear Allowance, as per the Central Government rules, for non-official members shall be borne by the Ministry of Communication and Information Technology, Department of Information Technology.

3. The Committee may co-opt any person as member based on specific meetings

_______________________

[1] Vide G.S.R. 790(E), dated 17th October, 2000

[2] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Minister, Information Technology”.

[3] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Minister, Information Technology”.

[4] Subs. by G.S.R. 839(E), dated 23rd December, 2004 for “Senior Director, Ministry of Information Technology”

For more details visit https://cis-india.org/internet-governance/resources/chairman-and-members-of-crac

Comments on Information Technology (Security of Prepaid Payment Instruments) Rules, 2017

amber — 2017-03-23T01:54:28Z

The Centre for Internet and Society submitted comments on the Information Technology (Security of Prepaid Payment Instruments) Rules, 2017. The comments were prepared by Udbhav Tiwari, Pranesh Prakash, Abhay Rana, Amber Sinha and Sunil Abraham.

1. Preliminary

1.1. This submission presents comments by the Centre for Internet and Society^[1] in response to the Information Technology (Security of Prepaid Payment Instruments) Rules 2017 (“the Rules”).^[2] The Ministry of Electronics and Information Technology (MEIT) issued a consultation paper (pdf) which calls for developing a framework for security of digital wallets operating in the country on March 08, 2017. This proposed rules have been drafted under provisions of Information Technology Act, 2000, and comments have been invited from the general public and stakeholders before the enactment of these rules.

2. The Centre for Internet and Society

2.1. The Centre for Internet and Society, (“CIS”), is a non-profit organisation that undertakes interdisciplinary research on internet and digital technologies from policy and academic perspectives. The areas of focus include digital accessibility for persons with diverse abilities, access to knowledge, intellectual property rights, openness (including open data, free and open source software, open standards, and open access), internet governance, telecommunication reform, digital privacy, and cyber-security.

2.2. This submission is consistent with CIS’ commitment to safeguarding general public interest, and the interests and rights of various stakeholders involved, especially the privacy and data security of citizens. CIS is thankful to the MEIT for this opportunity to provide feedback to the draft rules.

3. Comments

3.1 General Comments

Penalty

There is no penalty for not complying with these rules. Even the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 doesn’t have penalties. Under section 43A of the Information Technology Act (under which the 2011 Rules have been promulgated), a wrongful gain or a wrongful loss needs to be demonstrated. This should not be a requirement for financial sector.

Expansion to Contractual Parties.

A majority of these rules, in order to be effective and realistically protect consumer interest, should also be expanded to third parties, agents, contractual relationships and any other relevant relationship an e-PPI issuer may delegate as a part of their functioning.

3.2 Rule 2: Definitions

Certain key words relevant to the field of e-PPI based digital payments such as authorisation, metadata, etc. are not defined in the rules and should both be defined and accounted for in the rules to ensure modern developments such as big data and machine learning, digital surveillance, etc. do not violate human rights and consumer interest.

3.2 Rule 7: Definition of personal information

Rule 7 provides an exhaustive list of data that will be deemed to be personal information for the purposes of the Rules. While information collected at the time of issuance of the pre-paid payment instrument and during its use is included within the scope of Rule 7, it makes no reference to metadata generated and collected by the e-PPI issuer.

3.3 Rule 4: Inadequate privacy protections

Rule 4(2) specifies the details that the privacy policies of each e-PPI issuer must contain. However, these specifications are highly inadequate and fall well below the recommendations under the National Privacy Principles in Report of the Group of Experts on Privacy chaired by Justice A P Shah.

Suggestions: The Rules should include include clearly specified rights to access, correction and opt in/opt out, continuing obligations to seek consent in case of change in policy or purpose and deletion of data after purpose is achieved. Additionally, it must be required that a log of each version of past privacy policies be maintained along with the relevant period of applicability.

3.4 Rule 10: Reasonable security practices

Problem: Financial information (“such as bank account or credit card or debit card or other payment instrument details”) is already invoked in an inclusive manner in the definition of ‘personal information’ in Rule 7. Given this there is no need to make the Reasonable Security Practices Rules applicable to financial data through this provisions: it already is, and it is best to avoid unnecessary redundancy.

Solution: This entire rule should be removed.

3.5 Rule 12: Traceability

Problem: There is a requirement created under this rule that payment-related interactions with customers or other service providers be “appropriately trace[able]”. But it is unclear what that would practically mean: would IP logging suffice? would IMEI need to be captured for mobile transactions? what is “appropriately” traceable? — none of those questions are answered.

Suggestion: The NPCI’s practices and RBI regulations, for instance, seek to limit the amount of information that entities like e-PPI providers have. These rules need to be brought in line with those practices and regulations.

3.6 Rule 5: Risk Assessment

Rule 5 requires e-PPI issuers to carry out risk assessments associated with the security of the payments systems at least once a year and after any major security incident. However, there are no transparency requirements such as publications of details of such review, a summary of the analysis, any security vulnerabilities discovered etc.

Suggestion:

Broaden the scope of this provision to include not just risk assessments but also security audits.
Mandate publication of risk assessment and security audit reports.

3.7 Rule 11: End-to-End Encryption

The rule concerning end-to-end encryption (E2E) needs significantly greater detailing to be effective in ensuring the the protection of information at both storage and transit.

Suggestions: Elements such as Secure Element or a Secured Server and Trusted User Interface, both concepts to enable secure payments, can be detailed in the rule and a timeline can be established to require hardware, e-PPI practices and security standards to realistically account for such best practices to ensure modern, secure and industry accepted implementation of the rule.

3.8 Rule 13: Retention of Information

Problem: Rule 13 leaves the question of retention entirely unanswered by deferring the future rulemaking to the Central Government.

Suggestions: Rule 13 should be expanded to include the various categories of information that can be stored, guidelines for the short-term (fast access) and long-term storage of the information retained under the rule and other relevant details. The rule should also include the security standards that should be followed in the storage of such information, require access logs be maintained for whenever this information is accessed by individuals, detail secure destruction practices at the end of the retention period and finally mandate that end users be notified by the e-PPI issuer of when such retained information is accessed in all situations bar exceptional circumstances such as national security, compromising an ongoing criminal investigations, etc.

3.9 Rule 14: Reporting of Cyber Incidents

Rule 14 is an excellent opportunity to uphold transparency, accountability and consumer rights by mandating time- and information-bound notification of cyber incidents to customers, including intrusions, database breaches and any other compromise of the integrity of the financial system. While the requirement of reporting such incidents to CERT-In is already present in the Rule 12 of the CERT Rules, the rule retains the optional nature of notifying customers. The rule should include an exhaustive list of categories or kinds of cyber incidents that should be reported to affected end users without compromising the investigation of such breaches by private organisations and public authorities. Further, the rule should also include penalties for non-compliance of this requirement (both to CERT-In and the consumer) to serve as an incentive for e-PPI issuers to uphold consumer public interest. The rule should be expanded to include a detailed mechanism for such reporting, including when e-PPI issuers and the CERT-In can withhold information from consumers as well as requiring the withheld information be disclosed when the investigation has been completed. Finally, the rule should also require that such disclosures be public in nature and consumers not be required to not disseminate such information to enable informed choice by the end user community.

Suggestion:

(1) In Rule 14(3) “may” should be substituted by “shall”.

(2) Penalties of up to 5 lakh rupees may be imposed for each day that the e-PPI issuer fails to report any severe vulnerability that could likely result in harm to customers.

3.10 Rule 15: Customer Awareness and Education

Problem: Rule 15 on Customer Awareness and Education by e-PPI issuers does not take into account the vast lingual diversity and varied socio-economic demographic that makes up the end users of e-PPI providers in India, by mandating the actions under the rule must account for these factors prior to be propagated.

Solutions: The rule must ensure that e-PPI issuers track record in carrying out awareness is regularly held accountable by both the government and public disclosures on their websites. Further, the rule can be made more concrete and effective by including mobile operating systems in their scope (along with equipments), mandating awareness for best practices for inclusive technologies like USSD banking, specifying notifications to include SMS reports of financial transactions, etc.

3.11 Rule 16: Grievance Redressal

Problem: Rule 16 lays down the requirement of grievance redressal, without specifying appellate mechanisms (both within the organisation and at the regulatory level), accountability (via penalties) for non-compliance of the rule nor requiring a clear hierarchy of responsibility within the e-PPI organisation. These factors seriously compromise the efficacy of a grievance redressal framework.

Solutions: Similar rules for grievance redressal that have been enacted by the Insurance Regulatory and Development Authority for the insurance sector and the Telecom Regulatory Authority of India for the telecom sector can and should serve as a reference point for this rule. Their effectiveness and real world operation should also be monitored by the relevant authorities while ensuring sufficient flexibility exists in the rule to uphold consumer rights and the public interest. Proper appellate mechanisms at the regulatory level are essential along with penalties for non-compliance.

3.12 Rule 17: Security Standards

Problem: Rule 17 empowers the Central Government to mandate security standards to be followed by e-PPI issuers operating in India. While appreciable in its overall outlook on ensuring a minimum standard of security, the Rule needs be improved upon to make it more effective. This can be in done by specifying certain minimum security standards to ensure all e-PPI issuers have a minimal level of security, instead of leaving them open to being intimated at a later date.

Solutions: Standards that can either be made mandatory or be used as a reference point to create a new standard under Rule 17(2) are ISO/IEC 14443, IS 14202, ISO/IEC 7816, PCI DSS, etc. Further, the Rule should include penalties for non-compliance of these standards, to make them effectively enforceable by both the government and end users alike. Additional details like the maximum time period in which such security standards should be implemented post their notification, requiring regular third party audits to ensure continuing compliance and effectiveness and requiring updated standards be used upon their release will go a long way in ensuring e-PPI issuers fulfil their mandate under these Rules.

^[1] http://cis-india.org/

^[2] http://meity.gov.in/sites/upload_files/dit/files/draft-rules-security%20of%20PPI-for%20public%20comments.pdf

For more details visit https://cis-india.org/internet-governance/blog/comments-on-information-technology-security-of-prepaid-payment-instruments-rules-2017

Right to Exclusion, Government Spaces, and Speech

TorShark — 2021-07-02T12:05:13Z

The conclusion of the litigation surrounding Trump blocking its critiques on Twitter brings to forefront two less-discussed aspects of intermediary liability: a) if social media platforms could be compelled to ‘carry’ speech under any established legal principles, thereby limiting their right to exclude users or speech, and b) whether users have a constitutional right to access social media spaces of elected officials. This essay analyzes these issues under the American law, as well as draws parallel for India, in light of the ongoing litigation around the suspension of advocate Sanjay Hegde’s Twitter account.

This article first appeared on the Indian Journal of Law and Technology (IJLT) blog, and can be accessed here. Cross-posted with permission.

---

Introduction

On April 8, the Supreme Court of the United States (SCOTUS), vacated the judgment of the US Court of Appeals for Second Circuit’s in Knight First Amendment Institute v Trump. In that case, the Court of Appeals had precluded Donald Trump, then-POTUS, from blocking his critics from his Twitter account on the ground that such action amounted to the erosion of constitutional rights of his critics. The Court of Appeals had held that his use of @realDonaldTrump in his official capacity had transformed the nature of the account from private to public, and therefore, blocking users he disagreed with amounted to viewpoint discrimination, something that was incompatible with the First Amendment.

The SCOTUS ordered the case to be dismissed as moot, on account of Trump no longer being in office. Justice Clarence Thomas issued a ten-page concurrence that went into additional depth regarding the nature of social media platforms and user rights. It must be noted that the concurrence does not hold any direct precedential weightage, since Justice Thomas was not joined by any of his colleagues at the bench for the opinion. However, given that similar questions of public import, are currently being deliberated in the ongoing Sanjay Hegde litigation in the Delhi High Court, Justice Thomas’ concurrence might hold some persuasive weightage in India. While the facts of these litigations might be starkly different, both of them are nevertheless characterized by important questions of applying constitutional doctrines to private parties like Twitter and the supposedly ‘public’ nature of social media platforms.

In this essay, we consider the legal questions raised in the opinion as possible learnings for India. In the first part, we analyze the key points raised by Justice Thomas, vis-a-vis the American legal position on intermediary liability and freedom of speech. In the second part, we apply these deliberations to the Sanjay Hegde litigation, as a case-study and a roadmap for future legal jurisprudence to be developed.

A flawed analogy

At the outset, let us briefly refresh the timeline of Trump’s tryst with Twitter, and the history of this litigation: the Court of Appeals decision was issued in 2019, when Trump was still in office. Post-November 2020 Presidential Election, where he was voted out, his supporters broke into Capitol Hill. Much of the blame for the attack was pinned on Trump’s use of social media channels (including Twitter) to instigate the violence and following this, Twitter suspended his account permanently.

It is this final fact that seized Justice Thomas’ reasoning. He noted that a private party like Twitter’s power to do away with Trump’s account altogether was at odds with the Court of Appeals’ earlier finding about the public nature of the account. He deployed a hotel analogy to justify this: government officials renting a hotel room for a public hearing on regulation could not kick out a dissenter, but if the same officials gather informally in the hotel lounge, then they would be within their rights to ask the hotel to kick out a heckler. The difference in the two situations would be that, “the government controls the space in the first scenario, the hotel, in the latter.” He noted that Twitter’s conduct was similar to the second situation, where it “control(s) the avenues for speech”. Accordingly, he dismissed the idea that the original respondents (the users whose accounts were blocked) had any First Amendment claims against Trump’s initial blocking action, since the ultimate control of the ‘avenue’ was with Twitter, and not Trump.

In the facts of the case however, this analogy was not justified. The Court of Appeals had not concerned itself with the question of private ‘control’ of entire social media spaces, and given the timeline of the litigation, it was impossible for them to pre-empt such considerations within the judgment. In fact, the only takeaway from the original decision had been that an elected representative’s utilization of his social media account for official purposes transformed only that particular space into a public forum where constitutional rights would find applicability. In delving into questions of ‘control’ and ‘avenues of speech’, issues that had been previously unexplored, Justice Thomas conflates a rather specific point into a much bigger, general conundrum. Further deliberations in the concurrence are accordingly put forward upon this flawed premise.

Right to exclusion (and must carry claims)

From here, Justice Thomas identified the problem to be “private, concentrated control over online content and platforms available to the public”, and brought forth two alternate regulatory systems — common carrier and public accommodation — to argue for ‘equal access’ over social media space. He posited that successful application of either of the two analogies would effectively restrict a social media platform’s right to exclude its users, and “an answer may arise for dissatisfied platform users who would appreciate not being blocked”. Essentially, this would mean that platforms would be obligated to carry all forms of (presumably) legal speech, and users would be entitled to sue platforms in case they feel their content has been unfairly taken down, a phenomenon Daphne Keller describes as ‘must carry claims’.

Again, this is a strange place to find the argument to proceed, since the original facts of the case were not about ‘dissatisfied platform users’, but an elected representative’s account being used in dissemination of official information. Beyond the initial ‘private’ control deliberation, Justice Thomas did not seem interested in exploring this original legal position, and instead emphasized on analogizing social media platforms in order to enforce ‘equal access’, finally arriving at a position that would be legally untenable in the USA.

The American law on intermediary liability, as embodied in Section 230 of the Communications Decency Act (CDA), has two key components: first, intermediaries are protected against the contents posted by its users, under a legal model termed as ‘broad immunity’, and second, an intermediary does not stand to lose its immunity if it chooses to moderate and remove speech it finds objectionable, popularly known as the Good Samaritan protection. It is the effect of these two components, combined, that allows platforms to take calls on what to remove and what to keep, translating into a ‘right to exclusion’. Legally compelling them to carry speech, under the garb of ‘access’ would therefore, strike at the heart of the protection granted by the CDA.

Learnings for India

In his petition to the Delhi High Court, Senior Supreme Court Advocate, Sanjay Hegde had contested that the suspension of his Twitter account, on the grounds of him sharing anti-authoritarian imagery, was arbitrary and that:

Twitter was carrying out a public function and would be therefore amenable to writ jurisdiction under Article 226 of the Indian Constitution; and
The suspension of his account had amounted to a violation of his right to freedom of speech and expression under Article 19(1)(a) and his rights to assembly and association under Article 19(1)(b) and 19(1)(c); and
The government has a positive obligation to ensure that any censorship on social media platforms is done in accordance with Article 19(2).

The first two prongs of the original petition are perhaps easily disputed: as previous commentary has pointed out, existing Indian constitutional jurisprudence on ‘public function’ does not implicate Twitter, and accordingly, it would be a difficult to make out a case that account suspensions, no matter how arbitrary, would amount to a violation of the user’s fundamental rights. It is the third contention that requires some additional insight in the context of our previous discussion.

Does the Indian legal system support a right to exclusion?

Suing Twitter to reinstate a suspended account, on the ground that such suspension was arbitrary and illegal, is in its essence a request to limit Twitter’s right to exclude its users. The petition serves as an example of a must-carry claim in the Indian context and vindicates Justice Thomas’ (misplaced) defence of ‘dissatisfied platform users’. Legally, such claims perhaps have a better chance of succeeding here, since the expansive protection granted to intermediaries via Section 230 of the CDA, is noticeably absent in India. Instead, intermediaries are bound by conditional immunity, where availment of a ‘safe harbour’, i.e., exemption from liability, is contingent on fulfilment of statutory conditions, made under section 79 of the Information Technology (IT) Act and the rules made thereunder. Interestingly, in his opinion, Justice Thomas had briefly visited a situation where the immunity under Section 230 was made conditional: to gain Good Samaritan protection, platforms might be induced to ensure specific conditions, including ‘nondiscrimination’. This is controversial (and as commentators have noted, wrong), since it had the potential to whittle down the US' ‘broad immunity’ model of intermediary liability to a system that would resemble the Indian one.

It is worth noting that in the newly issued Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, proviso to Rule 3(1)(d) allows for “the removal or disabling of access to any information, data or communication link [...] under clause (b) on a voluntary basis, or on the basis of grievances received under sub-rule (2) [...]” without dilution of statutory immunity. This does provide intermediaries a right to exclude, albeit limited, since its scope is restricted to content removed under the operation of specific sub-clauses within the rules, as opposed to Section 230, which is couched in more general terms. Of course, none of this precludes the government from further prescribing obligations similar to those prayed in the petition.

On the other hand, it is a difficult proposition to support that Twitter’s right to exclusion should be circumscribed by the Constitution, as prayed. In the petition, this argument is built over the judgment in Shreya Singhal v Union of India, where it was held that takedowns under section 79 are to be done only on receipt of a court order or a government notification, and that the scope of the order would be restricted to Article 19(2). This, in his opinion, meant that “any suo-motu takedown of material by intermediaries must conform to Article 19(2)”.

To understand why this argument does not work, it is important to consider the context in which the Shreya Singhal judgment was issued. Previously, intermediary liability was governed by the Information Technology (Intermediaries Guidelines) Rules, 2011 issued under section 79 of the IT Act. Rule 3(4) made provisions for sending takedown orders to the intermediary, and the prerogative to send such orders was on ‘an affected person’. On receipt of these orders, the intermediary was bound to remove content and neither the intermediary nor the user whose content was being censored, had the opportunity to dispute the takedown.

As a result, the potential for misuse was wide-open. Rishabh Dara’s research provided empirical evidence for this; intermediaries were found to act on flawed takedown orders, on the apprehension of being sanctioned under the law, essentially chilling free expression online. The Shreya Singhal judgment, in essence, reined in this misuse by stating that an intermediary is legally obliged to act only when a takedown order is sent by the government or the court. The intent of this was, in the court’s words: “it would be very difficult for intermediaries [...] to act when millions of requests are made and the intermediary is then to judge as to which of such requests are legitimate and which are not.”

In light of this, if Hegde’s petition succeeds, it would mean that intermediaries would now be obligated to subsume the entirety of Article 19(2) jurisprudence in their decision-making, interpret and apply it perfectly, and be open to petitions from users when they fail to do so. This might be a startling undoing of the court’s original intent in Shreya Singhal. Such a reading also means limiting an intermediary’s prerogative to remove speech that may not necessarily fall within the scope of Article 19(2), but is still systematically problematic, including unsolicited commercial communications. Further, most platforms today are dealing with an unprecedented spread and consumption of harmful, misleading information. Limiting their right to exclude speech in this manner, we might be exacerbating this problem.

Government-controlled spaces on social media platforms

On the other hand, the original finding of the Court of Appeals, regarding the public nature of an elected representative’s social media account and First Amendment rights of the people to access such an account, might yet still prove instructive for India. While the primary SCOTUS order erases the precedential weight of the original case, there have been similar judgments issued by other courts in the USA, including by the Fourth Circuit court and as a result of a lawsuit against a Texas Attorney General.

A similar situation can be envisaged in India as well. The Supreme Court has repeatedly held that Article 19(1)(a) encompasses not just the right to disseminate information, but also the right to receive information, including receiving information on matters of public concern. Additionally, in Secretary, Ministry of Information and Broadcasting v Cricket Association of Bengal, the Court had held that the right of dissemination included the right of communication through any media: print, electronic or audio-visual. Then, if we assume that government-controlled spaces on social media platforms, used in dissemination of official functions, are ‘public spaces’, then the government’s denial of public access to such spaces can be construed to be a violation of Article 19(1)(a).

Conclusion

As indicated earlier, despite the facts of the two litigations being different, the legal questions embodied within converge startlingly, inasmuch that are both examples of the growing discontent around the power wielded by social media platforms, and the flawed attempts at fixing it.

While the above discussion might throw some light on the relationship between an individual, the state and social media platforms, many questions still continue to remain unanswered. For instance, once we establish that users have a fundamental right to access certain spaces within the social media platform, then does the platform have a right to remove that space altogether? If it does so, can a constitutional remedy be made against the platform? Initial commentary on the Court of Appeals’ decision had contested that the takeaway from that judgment had been that constitutional norms had a primacy over the platform’s own norms of governance. In such light, would the platform be constitutionally obligated to not suspend a government account, even if the content on such an account continues to be harmful, in violation of its own moderation standards?

This is an incredibly tricky dimension of the law, made trickier still by the dynamic nature of the platforms, the intense political interests permeating the need for governance, and the impacts on users in the instance of a flawed solution. Continuous engagement, scholarship and emphasis on having a human rights-respecting framework underpinning the regulatory system, are the only ways forward.

---

The author would like to thank Gurshabad Grover and Arindrajit Basu for reviewing this piece.

For more details visit https://cis-india.org/internet-governance/blog/right-to-exclusion-government-spaces-and-speech

On the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

Torsha Sarkar, Gurshabad Grover, Raghav Ahooja, Pallavi Bedi and Divyank Katira — 2021-06-21T11:52:39Z

This note examines the legality and constitutionality of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. The analysis is consistent with previous work carried out by CIS on issues of intermediary liability and freedom of expression.

On 25 February 2021, the Ministry of Electronics and Information Technology (Meity) notified the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (hereinafter, ‘the rules’). In this note, we examine whether the rules meet the tests of constitutionality under Indian jurisprudence, whether they are consistent with the parent Act, and discuss potential benefits and harms that may arise from the rules as they are currently framed. Further, we make some recommendations to amend the rules so that they stay in constitutional bounds, and are consistent with a human rights based approach to content regulation. Please note that we cover some of the issues that CIS has already highlighted in comments on previous versions of the rules.

The note can be downloaded here.

For more details visit https://cis-india.org/internet-governance/blog/on-the-legality-and-constitutionality-of-the-information-technology-intermediary-guidelines-and-digital-media-ethics-code-rules-2021

Fixing India’s anarchic IT Act

pranesh — 2012-11-30T06:33:58Z

Section 66A of the Information Technology (IT) Act criminalizes “causing annoyance or inconvenience” online, among other things. A conviction for such an offence can attract a prison sentence of as many as three years.

Pranesh Prakash's article was published in LiveMint on November 28, 2012.

How could the ministry of communications and information technology draft such a loosely-worded provision that’s clearly unconstitutional? How could the ministry of law allow such shoddy drafting with such disproportionate penalties to pass through? Were any senior governmental legal officers—such as the attorney general—consulted? If so, what advice did they tender, and did they consider this restriction “reasonable”? These are some of the questions that arise, and they raise issues both of substance and of process.

When the intermediary guidelines rules were passed last year, the government did not hold consultations in anything but name. Industry and non-governmental organizations (NGOs) sent in submissions warning against the rules, as can be seen from the submissions we retrieved under the Right to Information Act and posted on our website. However, almost none of our concerns, including the legality of the rules, were paid heed to.

Earlier this year, parliamentarians employed a little-used power to challenge the law passed by the government, leading communications minister Kapil Sibal to state that he would call a meeting with “all stakeholders”, and will revise the rules based on inputs. A meeting was called in August, where only select industry bodies and members of Parliament were present, and from which a promise emerged of larger public consultations. That promise hasn’t been fulfilled.

Substantively, there is much that is rotten in the IT Act and the various rules passed under it, and a few illustrations—a longer analysis of which is available on the Centre for Internet and Society (CIS) website—should suffice to indicate the extent of the malaise.

Some of the secondary legislation (rules) cannot be passed under the section of the IT Act they claim as their authority. The intermediary guidelines violate all semblance of due process by not even requiring that a person whose content is removed is told about it and given a chance to defend herself. (Any content that is complained about under those rules is required to be removed within 36 hours, with no penalties for wilful abuse of the process. We even tested this by sending frivolous complaints, which resulted in removal.)

The definition of “cyber terrorism” in section 66F(1)(B) of the IT Act includes wrongfully accessing restricted information that one believes can be used for defamation, and this is punishable by imprisonment for life. Phone-tapping requires the existence of a “public emergency” or threat to “public safety”, but thanks to the IT Act, online surveillance doesn’t. The telecom licence prohibits “bulk encryption” over 40 bits without key escrow, but these are violated by all, including the Reserve Bank of India, which requires that 128-bit encryption be used by banks. These are but a few of the myriad examples of careless drafting present in the IT Act, which lead directly to wrongful impingement of our civil and political liberties. While we agree with the minister for communications, that the mere fact of a law being misused cannot be reason for throwing it out, we believe that many provisions of the IT Act are prone to misuse because they are badly drafted, not to mention the fact that some of them display constitutional infirmities. That should be the reason they are amended, not merely misuse.

What can be done? First, the IT Act and its rules need to be fixed. Either a court-appointed amicus curiae (who would be a respected senior lawyer) or a committee with adequate representation from senior lawyers, Internet policy organizations, government and industry must be constituted to review and suggest revisions to the IT Act. The IT Act (in section 88) has a provision for such a multi-stakeholder advisory committee, but it was filled with mainly government officials and became defunct soon after it was created, more than a decade ago. This ought to be reconstituted. Importantly, businesses cannot claim to represent ordinary users, since except when it comes to regulation of things such as e-commerce and copyright, industry has little to lose when its users’ rights to privacy and freedom of expression are curbed.

Second, there must be informal processes and platforms created for continual discussions and constructive dialogue among civil society, industry and government (states and central) about Internet regulation (even apart from the IT Act). The current antagonism does not benefit anyone, and in this regard it is very heartening to see Sibal pushing for greater openness and consultation with stakeholders. As he noted on the sidelines of the Internet Governance Forum in Baku, different stakeholders must work together to craft better policies and laws for everything from cyber security to accountability of international corporations to Indian laws. In his plenary note at the forum, he stated: “Issues of public policy related to the Internet have to be dealt with by adopting a multi-stakeholder, democratic and transparent approach” which is “collaborative, consultative, inclusive and consensual”. I could not have put it better myself. Now is the time to convert those most excellent intentions into action by engaging in an open reform of our laws.

Pranesh Prakash is policy director at the Centre for Internet and Society.

For more details visit https://cis-india.org/internet-governance/blog/livemint-opinion-november-28-2012-pranesh-prakash-fixing-indias-anarchic-it-act

Webinar on counter-comments to the draft Intermediary Guidelines

Admin — 2019-02-22T01:51:19Z

CCAOI and the ISOC Delhi Chapter organised a webinar on February 11 to discuss the comments submitted to the Information Technology [Intermediary Guidelines (Amendment) Rules] 2018, and counter-comments that were due by February 14.

The agenda of the discussion was:

A brief introduction to the counter comment process [Shashank Mishra]
Invited stakeholders comment on key issues and perspectives on the submissions and the points to be countered.

The following people participated:

Amba Kak, Mozilla
Rajesh Chharia, ISPAI
Gurshabad Grover, CIS
Priyanka Chaudhari, SFLC
Divij Joshi, Vidhi Centre for Legal Policy

For more details visit https://cis-india.org/internet-governance/news/webinar-on-counter-comments-to-the-draft-intermediary-guidelines

Big Data in India: Benefits, Harms, and Human Rights - Workshop Report

Vidushi Marda, Akash Deep Singh and Geethanjali Jujjavarapu — 2016-11-18T12:58:19Z

The Centre for Internet and Society held a one-day workshop on “Big Data in India: Benefits, Harms and Human Rights” at India Habitat Centre, New Delhi on the 1st of October, 2016. This report is a compilation of the the issues discussed, ideas exchanged and challenges recognized during the workshop. The objective of the workshop was to discuss aspects of big data technologies in terms of harms, opportunities and human rights. The discussion was designed around an extensive study of current and potential future uses of big data for governance in India, that CIS has undertaken over the last year with support from the MacArthur Foundation.

Contents

Big Data: Definitions and Global South Perspectives

Aadhaar as Big Data

Seeding

Aadhaar and Data Security

Aadhaar’s Relational Arrangement with Big Data Scheme

The Myths surrounding Aadhaar

IndiaStack and FinTech Apps

Problems with UID

Big Data: Definitions and Global South Perspectives

“Big Data” has been defined by multiple scholars till date. The first consideration at the workshop was to discuss various definitions of big data, and also to understand what could be considered Big Data in terms of governance, especially in the absence of academic consensus. One of the most basic ways to define it, as given by the National Institute of Standards and Technology, USA, is to take it to be the data that is beyond the computational capacity of current systems. This definition has been accepted by the UIDAI of India. Another participant pointed out that Big Data is not only indicative of size, but rather the nature of data which is unstructured, and continuously flowing. The Gartner definition of Big Data relies on the three Vs i.e. Volume (size), Velocity (infinite number of ways in which data is being continuously collected) and Variety (the number of ways in which data can be collected in rows and columns).

The presentation also looked at ways in which Big Data is different from traditional data. It was pointed out that it can accommodate diverse unstructured datasets, and it is ‘relational’ i.e. it needs the presence of common field(s) across datasets which allows these fields to be conjoined. For e.g., the UID in India is being linked to many different datasets, and they don’t constitute Big Data separately, but do so together. An increasingly popular definition is to define data as “Big Data” based on what can be achieved through it. It has been described by authors as the ability to harness new kinds of insight which can inform decision making. It was pointed out that CIS does not subscribe to any particular definition, and is still in the process of coming up with a comprehensive definition of Big Data.

Further, discussion touched upon the approach to Big Data in the Global South. It was pointed out that most discussions about Big Data in the Global South are about the kind of value that it can have, the ways in which it can change our society. The Global North, on the other hand, has moved on to discussing the ethics and privacy issues associated with Big Data.

After this, the presentation focussed on case studies surrounding key Central Government initiatives and projects like Aadhaar, Predictive Policing, and Financial Technology (FinTech).

Aadhaar as Big Data

In presenting CIS’ case study on Aadhaar, it was pointed out that initially, Aadhaar, with its enrollment dataset was by itself being seen as Big Data. However, upon careful consideration in light of definitions discussed above, it can be seen as something that enables Big Data. The different e-governance projects within Digital India, along with Aadhaar, constitute Big Data. The case study discussed the Big Data implications of Aadhaar, and in particular looked at a ‘cradle to grave’ identity mapping through various e-government projects and the datafication of various transaction generated data.

Seeding

Any digital identity like Aadhaar typically has three features: 1. Identification i.e. a number or card used to identify yourself; 2. Authentication, which is based on your number or card and any other digital attributes that you might have; 3. Authorisation: As bearers of the digital identity, we can authorise the service providers to take some steps on our behalf. The case study discussed ‘seeding’ which enables the Big Data aspects of Digital India. In the process of seeding, different government databases can be seeded with the UID number using a platform called Ginger. Due to this, other databases can be connected to UIDAI, and through it, data from other databases can be queried by using your Aadhaar identity itself. This is an example of relationality, where fractured data is being brought together. At the moment, it is not clear whether this access by UIDAI means that an actual physical copy of such data from various sources will be transferred to UIDAI’s servers or if they will just access it through internet, but the data remains on the host government agency’s server. An example of even private parties becoming a part of this infrastructure was raised by a participant when it was pointed out that Reliance Jio is now asking for fingerprints. This can then be connected to the relational infrastructure being created by UIDAI. The discussion then focused on how such a structure will function, where it was mentioned that as of now, it cannot be said with certainty that UIDAI will be the agency managing this relational infrastructure in the long run, even though it is the one building it.

Aadhaar and Data Security

This case study also dealt with the sheer lack of data protection legislation in India except for S.43A of the IT Act. The section does not provide adequate protection as the constitutionality of the rules and regulations under S.43A is ambivalent. More importantly, it only refers to private bodies. Hence, any seeding which is being done by the government is outside the scope of data protection legislation. Thus, at the moment, no legal framework covers the processes and the structures being used for datasets. Due to the inapplicability of S.43A to public bodies, questions were raised as to the existence of a comprehensive data protection policy for government institutions. Participants answered the question in the negative. They pointed out that if any government department starts collecting data, they develop their own privacy policy. There are no set guidelines for such policies and they do not address concerns related to consent, data minimisation and purpose limitation at all. Questions were also raised about the access and control over Big Data with government institutions. A tentative answer from a participant was that such data will remain under the control of the domain specific government ministry or department, for e.g. MNREGA data with the Ministry of Rural Development, because the focus is not on data centralisation but rather on data linking. As long as such fractured data is linked and there is an agency that is responsible to link them, this data can be brought together. Such data is primarily for government agencies. But the government is opening up certain aspects of the data present with it for public consumption for research and entrepreneurial purposes.The UIDAI provides you access to your own data after paying a minimal fee. The procedure for such access is still developing.

Aadhaar’s Relational Arrangement with Big Data Scheme

The various Digital India schemes brought in by the government were elucidated during the workshop. It was pointed out that these schemes extend to myriad aspects of a citizen’s daily life and cover all the essential public services like health, education etc. This makes Aadhaar imperative even though the Supreme Court has observed that it is not mandatory for every citizen to have a unique identity number. The benefits of such identity mapping and the ecosystem being generated by it was also enumerated during the discourse. But the complete absence of any data ethics or data confidentiality principles make us unaware of the costs at which these benefits are being conferred on us. Apart from surveillance concerns, the knowledge gap being created between the citizens and the government was also flagged. Three main benefits touted to be provided by Aadhaar were then analysed. The first is the efficient delivery of services. This appears to be an overblown claim as the Aadhaar specific digitisation and automation does not affect the way in which employment will be provided to citizens through MNREGA or how wage payment delays will be overcome. These are administrative problems that Aadhaar and associated technologies cannot solve. The second is convenience to the citizens. The fallacies in this assertion were also brought out and identified. Before the Aadhaar scheme was rolled in, ration cards were issued based on certain exclusion and inclusion criteria.. The exclusion and inclusion criteria remain the same while another hurdle in the form of Aadhaar has been created. As India is still lacking in supporting infrastructure such as electricity, server connectivity among other things, Aadhaar is acting as a barrier rather than making it convenient for citizens to enroll in such schemes.The third benefit is fraud management. Here, a participant pointed out that this benefit was due to digitisation in the form of GPS chips in food delivery trucks and electronic payment and not the relational nature of Aadhaar. Aadhaar is only concerned with the linking up or relational part. About deduplication, it was pointed out how various government agencies have tackled it quite successfully by using technology different from biometrics which is unreliable at the best of times.

The Myths surrounding Aadhaar

The discussion also reflected on the fact that Aadhaar is often considered to be a panacea that subsumes all kinds of technologies to tackle leakages. However, this does not take into account the fact that leakages happen in many ways. A system should have been built to tackle those specific kinds of leakages, but the focus is solely on Aadhaar as the cure for all. Notably, participants who have been a part of the government pointed out how this myth is misleading and should instead be seen as the first step towards a more digitally enhanced country which is combining different technologies through one medium.

IndiaStack and FinTech Apps

What is India Stack?

The focus then shifted to another extremely important Big Data project, India Stack, being conceptualised and developed by a team of private developers called iStack, for the NPCI. It builds on the UID project, Jan Dhan Yojana and mobile services trinity to propagate and develop a cashless, presence-less, paperless and granular consent layer based on UID infrastructure to digitise India.

A participant pointed out that the idea of India Stack is to use UID as a platform and keep stacking things on it, such that more and more applications are developed. This in turn will help us to move from being a ‘data poor’ country to a ‘data rich’ one. The economic benefits of this data though as evidenced from the TAGUP report - a report about the creation of National Information Utilities to manage the data that is present with the government - is for the corporations and not the common man. The TAGUP report openly talks about privatisation of data.

Problems with India Stack

The granular consent layer of India Stack hasn’t been developed yet but they have proposed to base it on MIT Media Lab’s OpenPDS system. The idea being that, on the basis of the choices made by the concerned person, access to a person’s personal information may be granted to an agency like a bank. What is more revolutionary is that India Stack might even revoke this access if the concerned person expresses a wish to do so or the surrounding circumstances signal to India Stack that it will be prudent to do so. It should be pointed out that the the technology required for OpenPDS is extremely complex and is not available in India. Moreover, it’s not clear how this system would work. Apart from this, even the paperless layer has its faults and has been criticised by many since its inception, because an actual government signed and stamped paper has been the basis of a claim.. In the paperless system, you are provided a Digilocker in which all your papers are stored electronically, on the basis of your UID number. However, it was brought to light that this doesn’t take into account those who either do not want a Digilocker or UID number or cases where they do not have access to their digital records. How in such cases will people make claims?

A Digital Post-Dated Cheque: It’s Ramifications

A key change that FinTech apps and the surrounding ecosystem want to make is to create a digital post-dated cheque so as to allow individuals to get loans from their mobiles especially in remote areas. This will potentially cut out the need to construct new banks, thus reducing the capital expenditure , while at the same time allowing the credit services to grow. The direct transfer of money between UID numbers without the involvement of banks is a step to further help this ecosystem grow. Once an individual consents to such a system, however, automatic transfer of money from one’s bank accounts will be affected, regardless of the reason for payment. This is different from auto debt deductions done by banks presently, as in the present system banks have other forms of collateral as well. The automatic deduction now is only affected if these other forms are defaulted upon. There is no knowledge as to whether this consent will be reversible or irreversible. As Jan Dhan Yojana accounts are zero balance accounts, the account holder will be bled dry. The implication of schemes such as “Loan in under 8 minutes” were also discussed. The advantage of such schemes is that transaction costs are reduced.The financial institution can thus grant loans for the minimum amount without any additional enquiries. It was pointed out that this new system is based on living on future income much like the US housing bubble crash. Interestingly, in Public Distribution Systems, biometrics are insisted upon even though it disrupts the system. This can be seen as a part of the larger infrastructure to ensure that digital post-dated cheques become a success.

The Role of FinTech Apps

FinTech ‘apps’ are being presented with the aim of propagating financial inclusion. The Technology Advisory Group for Unique Projects report stated that as managing such information sources is a big task, just like electricity utilities, a National Information Utilities (NIU) should be set up for data sources. These NIUs as per the report will follow a fee based model where they will be charging for their services for government schemes. The report identified two key NIUs namely the National Payments Corporation of India (NPCI) and the Goods and Services Tax Network (GSTN). The key usage that FinTech applications will serve is credit scoring. The traditional credit scoring data sources only comprised a thin file of records for an individual, but the data that FinTech apps collect - a person’s UID number, mobile number. and bank account number all linked up, allow for a far more comprehensive credit rating. Government departments are willing to share this data with FinTech apps as they are getting analysis in return. Thus, by using UID and the varied data sources that have been linked together by UID, a ‘thick file’ is now being created by FinTech apps. Banking apps have not yet gone down the route of FinTech apps to utilise Big Data for credit scoring purposes.

The two main problems with such apps is that there is no uniform way of credit scoring. This distorts the rate at which a person has to pay interest. The consent layer adds another layer of complication as refusal to share mobile data with a FinTech app may lead to the app declaring one to be a risky investment thus, subjecting that individual to a higher rate of interest .

Regulation of FinTech Apps and the UID Infrastructure

India Stack and the applications that are being built on it, generate a lot of transaction metadata that is very intimate in nature. The privacy aspects of the UID legislation doesn't cover such data. The granular consent layer which has been touted to cover this still has to come into existence. Also, Big Data is based on sharing and linking of data. Here, privacy concerns and Big Data objectives clash. Big Data by its very nature challenges privacy principles like data minimisation and purpose limitation.The need for regulation to cover the various new apps and infrastructure which are being developed was pointed out.

Problems with UID

It has been observed that any problem present with Aadhaar is usually labelled as a teething problem, it’s claimed that it will be solved in the next 10 years. But, this begs the question - why is the system online right now?

Aadhaar is essentially a new data condition and a new exclusion or inclusion criteria. Data exclusion modalities as observed in Rajasthan after the introduction of biometric Point of Service (POS) machines at ration shops was found to be 45% of the population availing PDS services. This number also includes those who were excluded from the database by being included in the wrong dataset. There is no information present to tell us how many actual duplicates and how many genuine ration card holders were weeded out/excluded by POS.

It was also mentioned that any attempt to question Aadhaar is considered to be an attempt to go back to the manual system and this binary thinking needs to change. Big Data has the potential to benefit people, as has been evidenced by the scholarship and pension portals. However, Big Data’s problems arise in systems like PDS, where there is centralised exclusion at the level of the cloud. Moreover, the quantity problem present in the PDS and MNREGA systems persists. There is still the possibility of getting lesser grains and salary even with analysis of biometrics, hence proving that there are better technologies to tackle these problems. Presently, the accountability mechanisms are being weakened as the poor don’t know where to go to for redressal. Moreover, the mechanisms to check whether the people excluded are duplicates or not is not there. At the time of UID enrollment, out of 90 crores, 9 crore were rejected. There was no feedback or follow-up mechanism to figure out why are people being rejected. It was just assumed that they might have been duplicates.

Another problem is the rolling out of software without checking for inefficiencies or problems at a beta testing phase. The control of developers over this software, is so massive that it can be changed so easily without any accountability.. The decision making components of the software are all proprietary like in the the de-duplication algorithm being used by the UIDAI. Thus, this leads to a loss of accountability because the system itself is in flux, none of it is present in public domain and there are no means to analyse it in a transparent fashion..

These schemes are also being pushed through due to database politics. On a field study of NPR of citizens, another Big Data scheme, it was found that you are assumed to be an alien if you did not have the documents to prove that you are a citizen. Hence, unless you fulfill certain conditions of a database, you are excluded and are not eligible for the benefits that being on the database afford you.

Why is the private sector pushing for UIDAI and the surrounding ecosystem?

Financial institutions stand to gain from encouraging the UID as it encourages the credit culture and reduces transaction costs.. Another advantage for the private sector is perhaps the more obvious one, that is allows for efficient marketing of products and services..

The above mentioned fears and challenges were actually observed on the ground and the same was shown through the medium of a case study in West Bengal on the smart meters being installed there by the state electricity utility. While the data coming in from these smart meters is being used to ensure that a more efficient system is developed,it is also being used as a surrogate for income mapping on the basis of electricity bills being paid. This helps companies profile neighbourhoods. The technical officer who first receives that data has complete control over it and he can easily misuse the data. This case study again shows that instruments like Aadhaar and India Stack are limited in their application and aren’t the panacea that they are portrayed to be.

A participant pointed out that in the light of the above discussions, the aim appears to be to get all kinds of data, through any source, and once you have gotten the UID, you link all of this data to the UID number, and then use it in all the corporate schemes that are being started. Most of the problems associated with Big Data are being described as teething problems. The India Stack and FinTech scheme is coming in when we already know about the problems being faced by UID. The same problems will be faced by India Stack as well.

Can you opt out of the Aadhaar system and the surrounding ecosystem?

The discussion then turned towards whether there can be voluntary opting out from Aadhaar. It was pointed out that the government has stated that you cannot opt out of Aadhaar. Further, the privacy principles in the UIDAI bill are ambiguously worded where individuals only have recourse for basic things like correction of your personal information. The enforcement mechanism present in the UIDAI Act is also severely deficient. There is no notification procedure if a data breach occurs. . The appellate body ‘Cyber Appellate Tribunal’ has not been set up in three years.

CCTNS: Big Data and its Predictive Uses

What is Predictive Policing?

The next big Big Data case study was on the Crime and Criminal Tracking Network & Systems (CCTNS). Originally it was supposed to be a digitisation and interconnection scheme where police records would be digitised and police stations across the length and breadth of the country would be interconnected. But, in the last few years some police departments of states like Chandigarh, Delhi and Jharkhand have mooted the idea of moving on to predictive policing techniques. It envisages the use of existing statistical and actuarial techniques along with many other tropes of data to do so. It works in four ways: 1. By predicting the place and time where crimes might occur; 2. To predict potential future offenders; 3. To create profiles of past crimes in order to predict future crimes; 4. Predicting groups of individuals who are likely to be victims of future crimes.

How is Predictive Policing done?

To achieve this, the following process is followed: 1. Data collection from various sources which includes structured data like FIRs and unstructured data like call detail records, neighbourhood data, crime seasonal patterns etc. 2. Analysis by using theories like the near repeat theory, regression models on the basis of risk factors etc. 3. Intervention

Flaws in Predictive Policing and questions of bias

An obvious weak point in the system is that if the initial data going into the system is wrong or biased, the analysis will also be wrong. Efforts are being made to detect such biases. An important way to do so will be by building data collection practices into the system that protect its accuracy. The historical data being entered into the system is carrying on the prejudices inherited from the British Raj and biases based on religion, caste, socio-economic background etc.

One participant brought about the issue of data digitization in police stations, and the impact of this haphazard, unreliable data on a Big Data system. This coupled with paucity of data is bound to lead to arbitrary results. An effective example was that of black neighbourhoods in the USA. These are considered problematic and thus they are policed more, leading to a higher crime rate as they are arrested for doing things that white people in an affluent neighbourhood get away with. This in turn further perpetuates the crime rate and it becomes a self-fulfilling prophecy. In India, such a phenomenon might easily develop in the case of migrants, de-notified tribes, Muslims etc. A counter-view on bias and discrimination was offered here. One participant pointed out that problems with haphazard or poor quality of data is not a colossal issue as private companies are willing to fill this void and are actually doing so in exchange for access to this raw data. It was also pointed out how bias by itself is being used as an all encompassing term. There are multiplicities of biases and while analysing the data, care should be taken to keep it in mind that one person’s bias and analysis might and usually does differ from another. Even after a computer has analysed the data, the data still falls into human hands for implementation.

The issue of such databases being used to target particular communities on the basis of religion, race, caste, ethnicity among other parameters was raised. Questions about control and analysis of data were also discussed, i.e. whether it will be top-down with data analysis being done in state capitals or will this analysis be done at village and thana levels as well too. It was discussed as topointed out how this could play a major role in the success and possible persecutory treatment of citizens, as the policemen at both these levels will have different perceptions of what the data is saying. . It was further pointed out, that at the moment, there’s no clarity on the mode of implementation of Big Data policing systems. Police in the USA have been seen to rely on Big Data so much that they have been seen to become ‘data myopic’. For those who are on the bad side of Big Data, in the Indian context, laws like preventive detention can be heavily misused.There’s a very high chance that predictive policing due to the inherent biases in the system and the prejudices and inefficiency of the legal system will further suppress the already targeted sections of the society. A counterpoint was raised and it was suggested that contrary to our fears, CCTNS might lead to changes in our understanding and help us to overcome longstanding biases.

Open Knowledge Architecture as a solution to Big Data biases?

The conference then mulled over the use of ‘Open Knowledge’ architecture to see whether it can provide the solution to rid Big Data of its biases and inaccuracies if enough eyes are there. It was pointed out that Open Knowledge itself can’t provide foolproof protection against these biases as the people who make up the eyes themselves are predominantly male belonging to the affluent sections of the society and they themselves suffer from these biases.

Who exactly is Big Data supposed to serve?

The discussion also looked at questions such as who is this data for? Janata Information System (JIS), is a concept developed by MKSS where the data collected and generated by the government is taken to be for the common citizens. For e.g. MNREGA data should be used to serve the purposes of the labourers. The raw data as is available at the moment, usually cannot be used by the common man as it is so vast and full of information that is not useful for them at all. It was pointed out that while using Big Data for policy planning purposes, the actual string of information that turned out to be needed was very little but the task of unravelling this data for civil society purposes is humongous. By presenting the data in the right manner, the individual can be empowered. The importance of data presentation was also flagged. It was agreed upon that the content of the data should be for the labourer and not a MNC, as the MNC has the capability to utilise the raw data on it’s own regardless.

Concerns about Big Data usage

Participants pointed out that privacy concerns are usually brushed under the table due to a belief that the law is sufficient or that the privacy battle has already been lost.
In the absence of knowledge of domain and context, Big Data analysis is quite limited. Big Data’s accuracy and potential to solve problems needs to be factually backed.
The narrative of Big Data often rests on the assumption that descriptive statistics take over inferential statistics, thus eliminating the need for domain specific knowledge. It is claimed that the data is so big that it will describe everything that we need to know.
Big Data is creating a shift from a deductive model of scientific rigour to an inductive one. In response to this, a participant offered the idea that troves of good data allow us to make informed questions on the basis of which the deductive model will be formed. A hybrid approach combining both deductive and inductive might serve us best.
The need to collect the right data in the correct format, in the right place was also expressed.

Potential Research Questions & Participants’ Areas of Research

Following this discussion, participants brainstormed to come up with potential areas of research and research questions. They have been captured below:

Big Data, Aadhaar and India Stack:

Has Aadhaar been able to tackle illegal ways of claiming services or are local negotiations and other methods still prevalent?
Is the consent layer of India Stack being developed in a way that provides an opportunity to the UID user to give informed consent? The OpenPDS and its counterpart in the EU i.e. the My Data Structure were designed for countries with strong privacy laws. Importantly, they were meant for information shared on social media and not for an individual’s health or credit history. India is using it in a completely different sphere without strong data protection laws. What were the granular consent layer structures present in the West designed for and what were they supposed to protect?
The question of ownership of data needs to be studied especially in context of a globalised world where MNCs are collecting copious amounts of data of Indian citizens. What is the interaction of private parties in this regard?

Big Data and Predictive Policing:

How are inequalities being created through the Big Data systems? Lessons should be taken from the Western experience with the advent of predictive policing and other big data techniques - they tend to lead to perpetuation of the current biases which are already ingrained in the system.
It was also pointed out how while studying these topics and anything related to technology generally, we become aware of a divide that is present between the computational sciences and social sciences. This divide needs to be erased if Big Data or any kind of data is to be used efficiently. There should be a cross-pollination between different groups of academics. An example of this can be seen to be the ‘computational social sciences departments’ that have been coming up in the last 3-4 years.
Why are so many interim promises made by Big Data failing? A study of this phenomenon needs to be done from a social science perspective. This will allow one to look at it from a different angle.

Studying Big Data:

What is the historical context of the terms of reference being used for Big Data? The current Big Data debate in India is based on parameters set by the West. For better understanding of Big Data, it was suggested that P.C. Mahalanobis’ experience while conducting the Indian census, (which was the Big Data of that time) can be looked at to get a historical perspective on Big Data. This comparison might allow us to discover questions that are important in the Indian context. It was also suggested that rather than using ‘Big Data’ as a catchphrase to describe these new technological innovations, we need to be more discerning.
What are the ideological aspects that must be considered while studying Big Data? What does the dialectical promise of technology mean? It was contended that every time there is a shift in technology, the zeitgeist of that period is extremely excited and there are claims that it will solve everything. There’s a need to study this dialectical promise and the social promise surrounding it.
Apart from the legitimate fears that Big Data might lead to exclusion, what are the possibilities in which it improve inclusion too?
The diminishing barrier between the public and private self, which is a tangent to the larger public-private debate was mentioned.
How does one distinguish between technology failure and process failure while studying Big Data?

Big Data: A Friend?

In the concluding session, the fact that the Big Data moment cannot be wished away was acknowledged. The use of analytics and predictive modelling by the private sector is now commonplace and India has made a move towards a database state through UID and Digital India. The need for a nuanced debate, that does away with the false equivalence of being either a Big Data enthusiast or a luddite is crucial.

A participant offered two approaches to solving a Big Data problem. The first was the Big Data due process framework which states that if a decision has been taken that impacts the rights of a citizen, it needs to be cross examined. The efficacy and practicality of such an approach is still not clear. The second, slightly paternalistic in nature, was the approach where Big Data problems would be solved at the data science level itself. This is much like the affirmative algorithmic approach which says that if in a particular dataset, the data for the minority community is not available then it should be artificially introduced in the dataset. It was also suggested that carefully calibrated free market competition can be used to regulate Big Data. For e.g. a private personal wallet company that charges higher, but does not share your data at all can be an example of such competition.

Another important observation was the need to understand Big Data in a Global South context and account for unique challenges that arise. While the convenience of Big Data is promising, its actual manifestation depends on externalities like connectivity, accurate and adequate data etc that must be studied in the Global South.

While the promises of Big Data are encouraging, it is also important to examine its impacts and its interaction with people's rights. Regulatory solutions to mitigate the harms of big data while also reaping its benefits need to evolve.

For more details visit https://cis-india.org/internet-governance/big-data-in-india-benefits-harms-and-human-rights-a-report

Constitutional Analysis of the Information Technology (Intermediaries' Guidelines) Rules, 2011

ujwala — 2012-10-31T08:44:41Z

Ujwala Uppaluri provides a constitutional analysis of the Information Technology (Intermediaries' Guidelines) Rules notified in April 2011, and examines its compatibility with Articles 14, 19, 21 of the Constitution of India.

Summary of Salient Provisions

The Information Technology (Intermediaries’ Guidelines) Rules, 2011 (‘the Intermediary Guidelines’) were notified in April, 2011 as rules enacted in exercise of powers conferred under section 87(2)(zg) read with Section 79 of the Information Technology Act, 2000 (as amended) (‘the IT Act’).

Rule 2 of the Intermediary Guidelines imports definitions for key terms from the IT Act. Notably, this includes an importation of Section 2 (w) by Rule 2 (i), which defines “intermediary” broadly in the following terms:

“ “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes;”

Rule 3 whose margin note indicates that it is limited to due diligence measures to be adhered to by intermediaries nevertheless also raises other liabilities by creating a regime to censor content, pre-publication as well as once content has been made publically available online.

Sub-rule (2) of Rule 3 inventories the classes of content which are deemed actionable, with only clause (i), clause (c), clause (e) and, arguably clause (h), of that rule addressing the national interest, public order and security restrictions cognizable under Article 19(2) of the Constitution. The remainder of grounds includes private claims such as content which “belongs to another person”[1], or otherwise infringes proprietary rights[2], or is “defamatory”[3]. Still others are terminologically indeterminate and purely subjective, with the terms “grossly harmful”, “harassing” and “disparaging” being examples.

This sub-rule also includes a number of redundancies. While there is reference to libelous as well as defamatory content in clause (b), it is well established that Indian law does not admit of the former concept, instead dissolving the common law distinction between the two to treat them alike.[4] There is also clause (e), which prohibits content which is all ready illegal for violating the provisions of an existing statute and the residuary phrasing of the clause (b)’s reference to content which is “otherwise unlawful in any manner whatever”.

The sub-rules immediately following the list in Rule 3(2) address the consequences of users publishing content listed in that rule:

Sub-rule (3) of rule 3 provides that intermediaries will not knowingly deal in any manner whatsoever, whether by hosting, publication, transmission or otherwise, with any content of the types that are listed in the previous clause.

Sub-rule (4) of rule 3 creates a complaints mechanism in respect of content incompatible with Rule 3 (2) by requiring intermediaries to disable access to offending content within 36 hours of obtaining knowledge themselves or on being brought to “actual knowledge” by an “affected person”. The Intermediaries Guidelines do nothing to clarify what would amount to “actual knowledge”, to indicate in unambiguous terms, which parties would have sufficient locus to bring complaints in order to be deemed an “affected person” for the purposes of these provisions or to suggest that there is a procedure or timeline for action by the intermediary, such that requirements such notice to the author of the content and time for the preparation of a defence by the author and/or the intermediary are accounted for. Rule 3 (4) also requires that all information which is taken down be preserved, along with “associated records” for a duration of atleast ninety days for investigative purposes.

Sub-rule (5) of rule 3 mandates that intermediaries inform users that non-compliance with the Intermediary Guidelines, inter alia, is a ground for the exercise of their right to terminate access or usage rights and remove non-compliant content.

Finally, sub-rule (11) of rule 3 requires intermediaries to name Grievance Officers to receive complaints on any matters relating to the computer resources made available by the intermediary, including for non-compliance or harm in terms of Rule 3 (2). This officer is bound to respond to the complaint within one month from the date of receipt of the complaint.

In the result, the Intermediary Guidelines create a two-track system by which private censorship is legitimized online. In the first place, intermediaries can take down content on their own motion where they are of the opinion that the content falls under any of the grounds enumerated in Rule 3 (2) or, alternatively, do so in response to a complaint, in terms of Rule 3 (4).

In addition to the provisions relating to censorship, the Intermediary Guidelines also provide for information to be given over to government agencies making a request with lawful authority and in writing under sub-rule (7) of rule 3, for data protection measures in accordance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 notified under Section 43A of the IT Act to be adhered to (sub-rule (8) of rule 3) and for intermediaries to report and share information realting to cyber security with CERT-In (sub-rule (9) of rule 3).

Areas of Infirmity

It is doubtful whether the Intermediary Guidelines could pass constitutional muster, on several grounds:

Compatibility with Article 19 (1) (a) and (2)

(a) Applicability of Article 19 (2) to Rule 3 (2) Grounds

In Romesh Thappar v. State of Madras[5] the Supreme Court held that the freedom of speech and expression under Article 19(1)(a) includes the freedom to propogate and disseminate ideas. It also held that very narrow and stringent limits govern the permissibility of legislative abridgment of the right of free speech. Ordinarily, any abridgement of free speech by means of censorship must be compatible with one or more of the grounds provided for under Article 19 (2), and the Supreme Court held in Express Newspapers (Private) Ltd. v. Union of India[6]that limitations on the exercise of the Article 19(1)(a) right which do not fall within Article 19(2) cannot be upheld.

Further, the right to free speech applies across all media, and the internet is no exception. In Secretary, Ministry of Information and Broadcasting v. Cricket Association of Bengal[7], the Supreme Court reflected the understanding that where media are different, such that the treatment accorded to them must be different in accordance with that indicia of difference, it will treat them as such in order to uphold fundamental rights. More specifically, in Ajay Goswami v. Union of India[8], the Supreme Court opined (in obiter) that the internet, as a unique medium of expression, deserved a different standard of protection than other mediums that have preceded it.

Rule 3 (2) of the Intermediary Guidelines, which lists the grounds for censorship, is not complaint with Article 19 (2) for two reasons:

First, many of the grounds mentioned have no constitutional basis whatsoever. Rule 3 (2) prohibits, inter alia, content which “grossly harmful”, “harassing”, “invasive of another’s privacy”, “hateful”, “disparaging”, “grossly offensive” or “menacing”, in addition to content which is simply illegal, and should be actionable ex post rather than prohibited ex ante (content infringing intellectual property under Rule 3 (2) (d), for example). Most of the terms employed are not legal standards, but merely subjective indicators of personal sensitivities, while still others though legal do not figure in Article 19 (2). Since the whole scheme of the Intermediary Guidelines is premised on these extra-constitutional grounds, they are, as a whole, subject to being to being struck down.

Second, the restriction is unreasonable because instead of preserving rights online in accordance with Ajay Goswami, the Intermediary Guidelines unjustifiably abridge the right to speak and receive information on the internet. The Intermediary Guidelines overreach in their scope, by including as actionable content which is not itself punishable when communicated via any other medium. For example, disparaging speech, as long as it is not defamatory, is not criminalised in India, and cannot be because the Constitution does not allow for it. Similarly, content about gambling in print is not unlawful, but now all Internet intermediaries are required to remove any content that promotes gambling.

(b) Nature of Censorship: Directness of Censorship and Legitimacy of Private and Prior Censorship

In judging whether a statute is constitutional, the effect that the statute will have on the fundamental rights of citizens must be examined. The Supreme Court held in Bennett Coleman & Co. v. Union of India[9] that the test was to examine whether the effect of an impugned action was to abridge a fundamental right, notwithstanding its object.

Further, while it is true in light of the Supreme Court’s holdings in Prakash Jha Productions v. Union of India[10] that pre-censorship is permissible within the Indian constitutional scheme, this permissibility is qualified. Prior censorship may be undertaken only within closely regulated circumstances, such as under the grounds in the Cinematograph Act, 1952, and even then, only by an appropriately empowered governmental entity.

The Intermediary Guidelines create mechanisms for the abridgement of the freedom of speech which amount to indirect and unjustifiable prior censorship, contrary to Article 19 (2):

Firstly, while the state does not itself censor under these rules, it has empowered private, commercial entities to do so vide the Intermediary Guidelines. These rules thus transfer the executive power of censorship to private intermediaries. This amounts to an indirect form of censorship for the purposes of the Bennett Coleman test and has the result of increased censorship on the Internet because the state granted legislative sanction to such a system, although it does not censor by itself or through a state agency. The Intermediary Guidelines, and specifically Rule 3 (4) read with Rule 3 (2), place a burden on intermediaries to decide on the lawfulness of content as a pre-condition for their statutory exemption from liability. An intermediary, on receiving a complaint, to ensure that it continues to receive the protection offered by Section 79 of the IT Act, will be forced to disable access to the content posted by a user. Thus, the direct effect of the rules will be strict censoring of content posted on-line by users. The rules will have a direct effect on the fundamental right of freedom of speech and expression guaranteed under Article 19(1) of the Constitution unreasonable restrictions on fundamental rights, that are imposed by a statute or executive orders are liable to be struck down as unconstitutional.

Secondly, while prior censorship is permissible only in a strictly limited range of cases, the Intermediary Guidelines allow for an unrestrained and unlimited degree of prior and arguably invisible censorship. Rule 3 of the Intermediary Guidelines clearly envisages such a system of prior censorship. Whereas the consequences for passively displaying content incompatible with Rule 3(2) would be a complete waiver and dissolution of the Section 79 immunity that would ordinary accrue to neutral intermediaries, intermediaries or complainants have no obligation in respect of ensuring the tenability of complaints and the grounds cited in them. The Intermediary Guidelines do not draw a distinction between arbitrary actions of an intermediary and take-downs subsequent to a request. Further, the inclusion of a residuary clause in Rule 3 (2) (b) allowing pre-censorship of content which is “unlawful in any manner whatever”, also indicates that the Intermediary Guidelines allow the use of the exceptional instrument of not only allows private censorship, but that they actively encourage it as the default rule rather than the exception without any justification whatsoever.

(c) Vagueness and Overbreadth: Possibility for Over-Censorship

Vagueness in the terms of a restriction to free speech is grounds for it to be struck down, even where the ground is apparently broadly constitutional. The Supreme Court held in Sakal Papers (P) Ltd. v. Union of India[11] that the Constitution must be interpreted in order to enable citizens to enjoy their rights to fullest measure, subject to limited permissible restrictions. In Romesh Thapar[12] the Supreme Court also held that a legislation authorizing the imposition of restrictions on free speech in language wide enough to cover restrictions which are permissible as well as extra-constitutional will be held to be wholly unconstitutional.

The grounds listed in Rule 3 (2) of the Intermediary Guidelines are highly subjective, private interest grounds which are not defined either in the Intermediary Guidelines or in the IT Act itself. These include terms such as “grossly harmful”, “harassing”, “invasive of another’s privacy”, “hateful”, “disparaging”, “grossly offensive” or “menacing”. Consequently, the Intermediary Guidelines constitute unreasonable restrictions on freedom of speech, with Rule 3 (2) containing vague terms which, in addition to falling beyond the purview of Article 19(2), cover only private and subjective grounds, incapable of objective definition or application.

Further, the Intermediary Guidelines do no precisely define the term “affected person” employed in Rule 3 (4). Thus, complaints from any party, including those uninvolved or unaffected by content must all be complied with, without qualification.

In the result, the vagueness of the grounds in Rule 3 (2) and the diffuse terminology of “affected person” leaves Rule 3 (2) grounds serving as placeholders for whatever claim a complainant, having no locus whatsoever, chooses to bring, without regard for whether it is constitutional or even legal. Online content is thus treated as presumptively illegal and take down of content as the presumptive course of action. Additionally, there is a further consequence to the vagueness and overbreadth of the terms in Rule 3 (2): because of the indeterminacy in the grounds listed thereunder, intermediaries tasked with enforcing the law will tend to err on the side of caution and censor, rather than keep speech accessible online. There is empirical evidence to show that cautious intermediaries will over-censor and over comply with complaints in order to avoid liability under Section 79 of the IT Act.[13]

(d) Contravention of International Human Rights Norms & Horizontal Application

The censorship regime constructed by the Intermediary Guidelines is non-compliant not only with domestic requirements under the Constitution, but also with India’s obligations under international human rights law under Articles 19 of the Universal Declaration of Human Rights (‘UDHR’) and the International Covenant on Civil and Political Rights (‘ICCPR’), under the UN Human Rights Council’s Report of the Special Rapporteur Frank La Rue on the Promotion and Protection of the Right to Freedom of Opinion and Expression (2011)[14](‘Special Rapporteur’s Report’) and the UN Human Rights Council Resolution on Internet Freedom (2012)[15] (‘UN Internet Freedom Resolution’).

While the ICCPR as well as the UDHR guarantee a right to free speech “through any…media of…choice” in their respective Articles 19, the Special Rapporteur’s Report and the UN Internet Freedom Resolution recognize the need for special efforts to be undertaken by states to preserve free speech on the internet. The former document justifies censorship only in the most limited circumstances and makes specific mention of the commercial interests that may be implicated in delivering free speech.

Through the Intermediary Guidelines, the Indian state creates a system by which the right to free speech can be systematically violated by private and undisclosed entities and even empowers them to do so, without imposing any constitutional safeguards whatsoever. Thus, egregious violations of the right to free speech and expression are a direct and inevitable consequence of the Intermediary Guidelines. To the degree that the Indian Supreme Court has enagaged with free speech online, it appears from Ajay Goswami that it would apply standards consistent with international law obligations to rectify the Intermediary Guidelines to meet them.

Further, the Indian Supreme Court has held, where necessary for their true enjoyement, that fundamental rights may involve a degree of horizontality in their application. In other words, private action could be guided by fundamental rights, such as in Vishaka v. State of Rajasthan[16] which evidences the Supreme Court’s willingness to hold that private entities could be held to constitutional and international human rights law standards where that is necessary for the real rather than illusory enjoyment of fundamental rights.

As a result, the Intermediary Guidelines are also liable to be struck down for their failure to recognize and account for the role of private interests while empowering them with the right to curtail fundamental rights.

Compatibility with Article 21

(a) Adverse Impact on Privacy (and consequently on Free Speech)

A constitutional right to privacy has been read into Article 21’s guarantee of life and personal liberty in several instances by the Supreme Court. The State is consequently under an obligation to refrain from interfering, whether by itself or through any of its agencies, with private lives and spaces. By the same coin, laws which encourage unwarranted state or societal intrusions into private life will contravene the victim’s Article 21 right. In People’s Union for Civil Liberties v. Union of India,[17] the Supreme Court held that Article 21 privacy protected individuals against the interception and monitoring of private communications by the state in the absence of sufficient safeguards.

Also, an individual’s privacy interests in information relating to him are not dissolved merely because information is not confidential or because another entity has some property interest in that information. In District Registrar and Collector, Hyderabad v. Canara Bank[18], the Supreme Court recognized that even where the search of private documents was concerned, Article 21 protected “persons not places”, i.e., that the privacy interest did not vest in property or communications but, rather, in the rightsholder himself.

The Intermediary Guidelines include no limits whatsoever on the scope of disclosures that government agencies can demand or expect to retain, in contravention of Article 21.

Specifically, Rule 3 (4), which requires data retention for a statutory minimum of ninety days of content taken down as well as “associated records”, violates users’ rights to privacy. In addition to the financial and technical burden (in storing and securing data) imposed by the Intermediary Guidelines in requiring potentially unlimited data retention by intermediaries, there is no clarity as to what or how much information precisely must be held in the form of “associated records”. Instead of subjecting data to limited and closely qualified retention by private intermediaries, and thus limiting the impairment of the fundamental right to privacy to the minimum possible degree necessary, Rule 3 (4) imposes blanket data retention requirements.

Further, Rule 3 (7), which makes any information held by an intermediary subject to being disclosed to the government upon request is also inconsistent with the requirement that the right to life and personal liberty be violated only in accordance with fair, just and reasonable procedures. Notwithstanding that Rule 3 (7) is consistent with Section 67C of the IT Act and specific rules framed in regard to the surveillance of communications, it is also unconstitutional because it fails to include any safeguards whatsoever in the process of surveillance. These would include, as minimum obligatory conditions in light of PUCL, the requirement that the surveilled be informed of the surveillance and be allowed to challenge its propriety ex ante or its procedural regularity ex post, or atleast administrative or judicial review ex parte.

(b) Non-compliance with Due Process and Natural Justice Requirements

Article 21 explicitly includes a due process guarantee. This means that the right to life and personal liberty, and its constituent rights, can be interfered with only through constitutionally consistent procedures. A cornerstone of fair procedure, compliant with the rule of law, is the notion of natural justice. Consequently, Article 21 contemplates that the procedure by which fundamental rights are curtailed will satisfy natural justice principles.

In Maneka Gandhi v. Union of India,[19] the Supreme Court held that natural justice was not a rigid or mechanical term, but one that referred to those practices and principles that would ensure “fair play in action”. In addition the Court held that all deviations from natural justice requirements must be supported by a sufficiently justificatory “compelling state interest”. Specifically, in Union of India v. Tulsiram Patel[20], the Supreme Court held that the principle of natural justice required the satisfaction of the audi alteram partem rule, which consisted of several requirements, including the requirement that a person against whose detriment an action is taken be informed of the case against him and be afforded a full and fair opportunity to respond. Finally, in M.C. Mehta v. Union of India[21] the Supreme Court held that the absence of due notice and a reasonable opportunity to respond would vitiate any holding to the rightsholder’s detriment.

The Intermediary Guidelines fail to satisfy the requirement of natural justice, and particularly the rights to prior notice as well as that of the affected party to a hearing:

By requiring that content be taken down swiftly (within 36 hours of complaint, under Rule 3 (4)) and by failing to require the author of the content to be informed of the complaint and its contents, the Intermediary Guidelines violate the author’s right to notice and consequently affect his/her right to prepare and present a defence at all. In practice, authors of content which is the subject of a complaint may never know of the complaint or even of the fact of the take down, given the absence of any mechanism under the rules by which they could have been informed. In a scheme for silent, invisible censorship, authors are never afforded an opportunity to challenge the take down, just as they have no opportunity to rebut the initial complaint. In addition, at any event, it is the intermediary, a biased private entity whose immunity under Section 79 of the IT Act could be called into question based on the outcome, who must make the determination as to the legality of the content.

While there is nothing to prohibit intermediaries from informing authors on the receipt of a complaint, the limited time within which action must be taken means that such intermediaries would risk liability for non-compliance with the compliant and a waiver of their Section 79 immunity, where the content is not taken down, whether because communication does not occur within the 36 hour timeframe or because an author elects to resist takedown. By creating a system in which takedowns necessarily occur in response to complaints, irrespective of their legitimacy, the Intermediary Guidelines presume and rule in favour of the complainants and in favour of (private) censorship instead of presuming in favour of the preservation of the fundamental right to free speech, or even maintaining neutrality between the two ends.

Compatibility with Article 14

The guarantee of “equal protection of laws” requires equality of treatment of persons who are similarly situated, without discrimination inter se. It is a corollary that that persons differently situated cannot be treated alike. In E. P. Royappa v. State of Tamil Nadu[22] the Supreme Court held that arbitrary or unfair actions necessarily run counter to Article 14. The Supreme Court explained in M/S Sharma Transport v. Government of Andhra Pradesh[23] that arbitrary actions are actions which are unreasonable, non-rational done capriciously or without adequate determining principle, reason or in accordance with due judgment. In addition, Article 14 also requires that state action be reasonable. In Mahesh Chandra v. Regional Manager, U.P. Financial Corporation[24] it was held that discretion must be exercised objectively, and that what is not fair or just will be unreasonable, and subject to being struck down as unconstitutional.Additionally, Article 14 also requires that the basis upon which classifications are undertaken for the purposes of same or differential treatment be reasoned and fair. The Supreme Court held in Sube Singh v. State of Haryana[25] that the state’s failure to support a classification on the touchstone of reasonability, with the existence of intelligible differentia or the rational basis of achieving a stated object, will be ground for it to be held arbitrary and unreasonable. Finally, all state action having the potential to curtail Article 14 must be reasonable, justifiable, undertaken in exercise of constitutional powers and be informed and guided by public interest. The Supreme Court held to this effect in Kasturi Lal Lakshmi Reddy v. State of Jammu and Kashmir[26].

The Intermediary Guidelines contravene Article 14 on the following grounds:

First, intermediaries who are not similarly situated are treated alike. Rule 2 (i) imports the IT Act’s omnibus definition of the term “intermediary”, such that all classes of intermediaries, ranging from intermediaries which control the architecture of the internet and the hardware which enables it to run (such as ISPs and DNS providers) to intermediaries that enable content creation, sharing and communications online (such as email clients, content aggregators, social networking services and content hosts), are empowered to censor and are required to comply with complaints regarding content. Intermediaries, for the purposes of the IT Act and the Intermediary Guidelines, thus refer to a large and disparate group of providers of services enabling access to as well as use of the Internet. Reasoned state action must recognize that their liabilities must necessarily vary with the specific type of service that each provides. The Intermediary Guidelines fail to do so, and are consequently incompatible with Article 14.

Second, the Intermediary Guidelines treat the same or similar content across media differently, without apparent justification. More specifically, users of the internet are unfairly discriminated against. All of the Rule 3 (2) grounds which are not explicitly mentioned in Article 19 (2) in particular reflect this discriminatory, unreasoned treatment. To illustrate, the prohibition under Rule 3 (2) on the display of any content online when it relates to gambling treats speakers using the internet differently from speakers communicating this content via any other medium of communication. Given that nothing in the nature of the medium itself attaches a new or different character to the content, criminality or liability must attach to such content in a medium-neutral fashion. So, while content qualifying as seditious under law remains so across media, whether it be print, audio or video broadcast or online, the same as not the case for communications on the internet. In other words, while gambling itself may be prohibited under law, speech or expression involving it is nowhere prohibited under law. While such content is legal and protected across print and broadcasting media, the same content is liable to take down online. This would amount to discriminatory treatment of equal content merely because speakers choose the internet, and the speech occurred online.

Third, the Intermediary Guidelines accord unrestrained discretion in the curtailment of fundamental rights to private functionaries, without any guidance whatsoever. This should have been the sole reserve of the state. In addition to the lack of guidance, the breadth of the grounds for censorship in Rule 3 (2), some of which are themselves incapable of precise and non-subjective application, means that private censorship can occur to an arguably unlimited degree. Expecting compliance with such terms, and attaching liability (for intermediaries) or a curtailment of fundamental rights (for generators of content), without the provision of a right to challenge or even, more fundamentally, be informed is both unreasonable and arbitrary.

Similarly, Rules 3 (4) and 3 (5) empower intermediaries to take down content without providing any realistic opportunity of hearing to its author. Intermediaries are accorded an adjudicatory role to the intermediary in deciding questions whether or not authors can access their fundamental right to free speech in the process. This role is ordinarily reserved for competent courts or administrative authorities, which are subject to constitutional checks and balances and a general obligation to preserve and promote fundamental rights. Assigning such functions to a self-interested private entity without any accountability whatsoever is both unreasonable as well as arbitrary.

Finally, the Intermediary Guidelines fail to account for the public interest because they directly restrict the public’s freedom of speech and expression, without any justifiable reason, and privilege the personal and not necessarily constitutional sensitivities of private complainants instead. Rule 3(3) in effect vests an extraordinary power of censorship in intermediaries, entities which operate on the basis of private interest and outside the limits of administrative or even the most basic human rights control. Safeguards must apply to power-bearers to the degree and in the manner required in relation to the nature of the power, rather than its holder, if fundamental rights are to be legislatively preserved. While the Supreme Court in A.K. Kraipak v. Union of India[27] extended the applicability of natural justice principles from judicial bodies alone and quasi-judicial bodies to administrative bodies as well, the applicability of such principles still remains limited to state entities. In other words, there is an acknowledged difficulty in applying public law standards to private, commercial entities.

The Intermediary Guidelines thus vest the right to abridge core fundamental rights (under Articles 14, 19 and 21) in private delegates operating outside public law controls that constrain the scope in which the power can be exercised and ensure that citizen interest can be preserved. In the alternative, they also failed to provide for other safeguards to prevent abuse to the detriment of fundamental rights private delegates of governmental power, even as they granted such powers in unlimited terms. As a result, the Intermediary Guidelines evidence thoughtless, arbitrary, unreasoned and unjust state action.

Vires vis á vis the Parent Act

While it is permissible within the constitutional scheme for legislative functions of the Parliament to be delegated to a degree, they may be struck down on several grounds. In general, per Indian Express Newspapers (Bombay) Pvt. Ltd. v. Union of India,[28] subordinate legislation can be challenged not only on any of grounds on which the parent legislation is vulnerable to challenge, but also on the grounds that it does not conform to parent statute, that it is contrary to other statutes or that it is unreasonable, in the sense that it is manifestly arbitrary. Notably, the Court also held here that subordinate legislation is liable to being struck down where it fails to conform to constitutional requirements, or, specifically that “it offends Article 14 or Article 19 (1) (a) of the Constitution”.

It is a well-accepted proposition that delegated legislation which travels outside the scope of its enabling law will not stand as valid. It was held in Agricultural Market Committee v. Shalimar Chemical Works Ltd [29] that a delegate cannot alter the scope of the act under which it has been it has been empowered to make rules, or even of a provision or principle included there under. In State of Karnataka v. Ganesh Kamath[30] the Supreme Court held that “it is a well settled principle of interpretation of statutes that the conferment of rule-making power by an Act does not enable the rule-making authority to make a rule which travels beyond the scope of the enabling Act or which is inconsistent there with or repugnant thereto”. Similarly, in KSEB v. Indian Aluminium Company[31], it held that“subordinate legislation cannot be said to be valid unless it is within the scope of the rule making power provided in the statute”.

The Intermediary Guidelines were enacted under Sections 79(2) and 87(2)(zg) of the Information Technology Act, 2000 (as amended). While the latter provision explicitly grants the Central Government rule-making powers by which it can lay out guidelines to be followed by intermediaries in order to comply with Section 79(2), it appears that the rules in their current form appear to have been drafted based on a misunderstanding of Section 79.

Section 79(2) itself merely clarifies the circumstances in which intermediaries can claim that intermediaries are not liable for content where they do not initiate the transmission of potentially actionable content or select its recipient, modify its contents and observe all necessary “due diligence” requirements under the IT Act and rules.

The extent to which the Intermediary Guidelines alter the intent and scope of section 79 (or other provisions of the IT Act, in some cases) clearly leaves them ultra vires the parent statute. The specific instances of deviation by the Intermediary Guidelines from the IT Act are listed below:

First, Rule 3 (3) is ultra vires section 79 of the IT Act. Where this rule expressly prohibits the hosting, publication or initiation of transmission of content described in Rule 3 (2), section 79 does not intend any prohibition. All that it does is to waive the immunity otherwise accorded to intermediaries where the conditions specified are not satisfied. In other words, the section is optional, rather than mandatory and punitive: whether or not an intermediary can claim immunity will depend on whether it chooses to comply with section 79 (2).

Second, Rule 3 (4) requires intermediaries to take steps to disable access to within 36 hours of receiving a complaint in relation thereto. This is inconsistent with section 69B of the IT Act, which lays down in detail, the procedure to be followed to disable access to information. Since section 69B is statutory law, Rule 3 (4), being mere delegated legislation, will have to yield in its favour.

Third, Rule 3 (7) is ultra vires sections 69 and 69B, and falls outside the scope of section 79 (2). Rule 3 (7) provides that intermediaries must comply with requests for information or assistance when required to do so by appropriate authorities. This provision has no relation to the contents of section 79, which regulates intermediaries’ liability for content, and under which these rules were notified. In addition, rules have already been issued under the properly relevant sections, namely sections 69 and 69B, to provide a procedure to be followed by the government for the interception, monitoring, and decryption of information held by intermediaries. Rule 3 (7) is not consistent with the rules under sections 69 and 69B, as it removes all safeguards that those rules included. Under the Information Technology (Procedure and Safeguards for Interception, Monitoring, and Decryption) Rules 2009, for instance, permission must be obtained from the competent authority before an intermediary can be directed to provide access to its records and facilities while Rule 3 (7) makes intermediaries answerable to virtually any request from any government agency.

[1]. Rule 3 (2) (a).

[2]. Rule 3 (2) (d).

[3]. Rule 3 (2) (b)

[4]. Section 499, Indian Penal Code, 1860 (“Defamation” is defined to include both written and spoken words).

[5]. AIR 1950 SC 124.

[6]. AIR 1958 SC 578.

[7]. AIR 1995 SC 1236.

[8].(2007) 1 SCC 170.

[9]. AIR 1973 SC 106.

[10]. (2011) 8 SCC 372.

[11]. AIR 1962 SC 305, ¶31.

[12]. Supra, n.5.

[13]. Centre for Internet & Society, Intermediary Liability in India: Chilling Effects on Free Expression on the Internet 2011 available at cis-india.org/internet-governance/chilling-effects-on-free-expression-on-internet/intermediary-liability-in-india.pdf.

[14]. UN Document no. A/HRC/17/27.

[15]. UN Document no. A/HRC/20/.13.

[16]. AIR 1997 SC 3011.

[17]. AIR 1997 SC 568.

[18]. (2005) 1 SCC 496.

[19]. 1978 SCR (2) 621.

[20]. AIR 1985 SC 1416.

[21]. AIR 1999 SC 2583.

[22]. AIR 1974 SC 555.

[23]. AIR 2002 SC 322.

[24]. AIR 1993 SC 935.

[25]. (2001) 7 SCC 545, 548, ¶10.

[26].1980 AIR 1992.

[27]. AIR 1970 SC 150.

[28]. AIR 1986 SC 515.

[29]. AIR 1997 SC 2502.

[30]. (1983) 2 SCC 40.

[31]. AIR 1976 SC 1031.

For more details visit https://cis-india.org/internet-governance/constitutional-analysis-of-intermediaries-guidelines-rules

Typing in Indic Languages from Mobiles made Easy!

subha — 2013-07-17T09:02:46Z

A new app is up for typing in Indic languages from mobile phones. This is is available online at: http://bitly.com/indictyping and supports on iOS. Android version is to be released soon.

"There are two hard things in computer science: cache invalidation, naming things, and off-by-one errors."
Phil Karlton

Yuvi Panda smiles saying this. Yuvi Panda, a former Wikimedia Foundation contractor and developer was here in our Delhi office and I had an opportunity to spend some time discussing some of the technical problems that we have been facing.

One of the major setback most people have with their phones is the lack of language support and lack of typing support for Indic languages. Fortunately most of the new generation phones support Indic languages. Three of the major operating systems used currently by most phones are Android, Windows, Blackberry and iOS. Android being an open source operating system has extensive community support and developments which is something we were primarily hopeful while starting this project. Windows phones also have a good number of user base in India and support for Indic languages on Windows is really good. Though iOS has good support for Indic display there is no support for typing. IOS, Windows and Blackberry all being proprietary have really less community support and any tool available on these app market would be proprietary. So, our idea was to start a cross platform app which will use the available jQuery ime used for Indic typing for Indic Wikipedias and sister projects.

Currently, most of the Indic language Wikipedias use a typing tool called Narayam ( "Narayam" is a Malayalam word which refers to a metal stylus that was used for writing on palm leaves and papyrus in ancient days). By default the typing scheme for most of the language wikipedias is set to transliteration or phonetic. An Indian mobile user would normally type his own language using Roman letters from a mobile. "और दोस्त सब ठीक है?" in Hindi would be typed as "Aur dost sab thik hai?" when someone pings a friend on facebook or sends a text message. Now with the new typing tool you need to type "aur dosta saba thiika hai?" to get the same text in Devanagari script. This typing scheme is almost same like the phonetic typing most people use for regional languages on mobile which is why typing won’t be much of difference. In terms of usability most people would use the typed text either for web search in regional languages, Facebook posts, tweeting or even sending mails and text messages.

The detailed procedure for typing using this tool is documented at: http://goo.gl/HdVJW. Indic typing tool is available at: http://bitly.com/indictyping

Scan the QR code below using your QR code application to go "Indic typing tool".

Developer speaks:

This is a simple tool that lets you type in your native language on mobile phones. Currently only iOS devices are supported.

The tool is a simple wrapper around Wikimedia Foundation Language Engineering's jquery.ime project. It simply adds a much easier to use (on a mobile device) language selector, and makes it available offline (on iOS devices).

Quick links:

Source code: https://github.com/yuvipanda/indic-typing-tool
Test the app and report the bugs directly on GitHub or on Meta.
Credits: YuviPanda, Subhashish Panigrahi, Santhosh Thottingal

For more details visit https://cis-india.org/openness/blog-old/typing-in-indic-languages-from-mobiles

Secure IT 2012 — Securing Citizens through Technology

praskrishna — 2012-04-28T04:06:47Z

The event is co-organised by DST and NSDI, Govt. of India in partnership with Elets Technomedia Pvt. Ltd. on March 1, 2012 at Claridges in New Delhi.

Draft Agenda

9.00 am – 9.30 am	Registration & Tea
9.30 am – 11.00 am	Inaugural Session

Securing Citizens through Technology

The SecureIT 2012 Inaugural Session would present an overview of the security scenario in the country, and place the use of ICT towards ensuring national security centrestage. The inaugural would also highlight the use that ICT is being put for in effective disaster management, minimising material as well as human loss.

The session would aim at identifying a policy roadmap towards making effective use of ICT for the purposes of national security, well-being of citizens and businesses in times of disaster and an uncertain external environment and identify the major policy objectives for the sector as a whole.

Introductory Remarks: Dr Ravi Gupta, CEO Elets Technomedia and Editor-in-Chief, egov
Welcome Address: Dr M P Narayanan, President, Centre for Science, Development and Media Studies
Inaugural Address: Anil K Sinha, Vice Chairman, Bihar State Disaster Management Authority, Government of Bihar – Chief Guest, SecureIT 2012

Panel Discussion:

S Regunathan, Former Chief Secretary, Government of NCT of Delhi
R S Sharma, Director General, UIDAI
Shankar Aggarwal, Additional Secretary, Ministry of Defence, Government of India
Shambhu Singh, Joint Secretary (North East), Ministry of Home Affairs, Government of India
Ajay Sawhney, CEO, National e-Governance Division, Government of India
Major General (Dr) R Siva Kumar, Head, (NRDMS), Government of India

11. 00 am – 11.30 am	Networking Tea
11.30 am – 1.30 pm	Technical Session 1

Information Security – Securing Networks, Communications, Data and Applications

In the modern Information Age, knowledge is power like never before. A robust, secure communications network is not only desired, it is an absolute imperative in order to allow efficient functioning of the state. The communications networks have to be secured from state and non-state actors inimical to India. This session would highlight some major threats to the national communications infrastructure and the policies being adopted to counter these threats.

Chair: Ravi S Saxena, Additional Chief Secretary, DST, Government of Gujarat
Key Note Speaker: Dr Gulshan Rai, Director General, CERT-In

Distinguished Panellists:

S K Basu, Vice President, NIIT Technologies
Manas Sarkar, Head Pre-Sales (India & SAARC), Trend Micro
Ruchin Kumar, Principal Solution Architect, India and SAARC, Safenet India Pvt Ltd
Dr Kamlesh Bajaj, CEO, Data Security Council of India
Rajan Raj Pant, Controller, Ministry of Science and Technology, Government of Nepal
Prof. Anjali Kaushik, Management Development Institute, Gurgaon

1.30 pm – 2.30 pm	Lunch
2.30 pm – 5.00 pm	Technical Session 2

ICT in National Security and Policing

India faces a multiplicity of security challenges from within and without. Conventional responses to these challenges are no longer adequate and technology is being increasingly deployed to make the nation safer and more secure for residents, visitors and businesses. The legal framework has also been modified to incorporate modern technological advances.

The MHA has embarked upon a major project – Crime and Criminal Tracking System (CCTNS) that is expected to bring about a major overhaul of the policing system of the country. In this session, CCTNS and state adaptations of ICT in policing would be discussed along with an overview of technological advances in the field of security.

Chair: S Suresh Kumar, Joint Secretary (Centre-State), Ministry of Home Affairs, Government of India

Distinguished Panellists:

NSN Murty, General Manager, Smarter Planet Solutions - India/ South Asia, IBM
Col Vishu Sikka, (Retd) General Manager – Defence, Aerospace & Public Security, SAP India & Subcontinent
Joachim Murat, Director of Sagem Morpho Security Pvt Ltd.
Hemant Sharma, Vice- Chair, BSA India Committee
Raj Prem Khilnani, DGP (Homeguard and Civil Defence), Maharashtra
Rajvir P Sharma, Additional Director General of Police, Bangalore Metropolitan Task Force
Loknath Behra, IGP, National Investigation Agency
Purushottam Sharma, IGP, State Crime Records Bureau, Madhya Pradesh
Ranjan Dwivedi, IGP, UP Police
Sanjay Sahay, IGP, Karnataka State Police

5.00 pm – 5. 30 pm	Networking Tea
5.30 pm – 7.00 pm	Technical Session 3

Managing Information for Safety and Security

In the modern age, ICT is deployed in a variety of ways for enhancing citizen safety and security. ICT is being widely used for disaster management, urban planning, census operations etc.

In this session, discussions would highlight some path-breaking uses of ICT for enhancing citizen safety in a number of diverse settings.

Chair: N Ravishanker, Additional Secretary, Universal Service Obligation Fund, DIT, Govt of India

Distinguished Panellists:

Sandeep Sehgal, IBM, VP, Public Sector, India and South Asia
Sanjeev Mital, CEO, National Institute of Smart Governance (NISG), Government of India
Dr R C Sethi, Additional Registrar General of India
Maj Gen R C Padhi, Assistant Surveyor General, Survey of India
Sunil Abraham, Executive Director, Center For Internet Society
V S Prakash, Director, Karnataka State Natural Disaster Monitoring Centre, Karnataka
Rajiv P Saxena, Deputy Director General, National Informatics Centre, Government of India
Jay Kay Gupta, Fire Chief, Delhi Development Authority

7.00 pm onwards

Valedictory Session: Way Ahead High Tea

VIDEO

For more details visit https://cis-india.org/news/secure-it-2012

Names Not Numbers Mumbai

praskrishna — 2011-11-21T05:04:09Z

Names Not Numbers Mumbai is part of an annual series of invitation-only ideas conferences for 100 key players and thinkers across politics, business, media, culture, academia and technology to discuss and debate what individuality in a mass age means. Names Not Numbers Mumbai is put together by the Media, Analysis & Networking company Editorial Intelligence in association with the British Council, the Financial Times and partners including Jnanapravaha.

Taking place on Saturday 26th November 2011 in the south of the city, with a brief recorded address by Professor Amartya Sen, the Nobel Laureate economist.

Please note, guest registation will be closing on Monday 21st November, if you would still like to register to attend after this date, please email events@editorialintelligence.com.

Speakers include:

Vinita Bali, Managing Director, Britannia Industries; R Balakrishnan (Balki), Chairman & Chief Creative Officer, Lowe Lintas, Mumbai; Venky Balakrishnan, Global Vice President, Diageo Plc; Shyam Benegal, distinguished multi-award-winning director & screenwriter; Mihir Bose, Writer & Broadcaster; James Crabtree, Mumbai Correspondent, Financial Times; Kishwar Desai, novelist & winner of the Costa First Novel Award 2010; Aditya Dev Sood, Founder & CEO, Center for Knowledge Societies; Professor Rachel Dwyer, Professor of Indian Culture and Cinema, SOAS; AA Gill, award-winning travel writer, reviewer & critic; Tristram Hunt MP, Member of Parliament & Author; Jo Johnson MP, former Associate Editor, Financial Times & author ‘Reconnecting Britain and India - Ideas for an Enhanced Partnership’; Rajesh Kejriwal, Kaoorius; Amit Khanna, Head, Reliance Entertainment; Vikram Mehta, Chairman, Shell India; Nasser Munjee, Chairman, DCB; Narinder Nayar, Chairman of Mumbai First & Managing Director, Concast (India); Cameilla Panjabi; Rashmi Poddar, cultural polymath, founder & director, Jnanapravaha; Sujata Sen, British Council; Nishant Shah, Director, the Center for Internet Society; Parmesh Shahani, Head of India Culture Lab, author of ‘Gay Bombay’, & editor-at-large of Verve; Meera Syal, actor, writer & bestselling author; and Dr Shashi Tharoor MP, MP & Author.

See what participants say about Names Not Numbers UK

"Terrific organisation, fabulous participants, challenging programme... and a simply great location."
Peter Kellner, President, YouGov

"We made a strange community in that magical place and I loved being part of it."
Suzanne Moore, Columnist, The Guardian and Mail on Sunday

"Amazing organisation, people, conversations…can we go next weekend please?"
Morice Mendoza, Mendoza Media

"I learned so much, met so many fascinating people, and came away with so many ideas that it is hard to credit that it all happened in 48 hours!"
Dylan Jones, Merryck & Co

"The value of Names Not Numbers is enormous, real and singular. Every aspect of the organization, the topics, the panels, up to the walk on the beach was a work of art and a labour of love."
Inmaculada Martinez, Partner, Opus Corporate Finance LLP

"It was a jewel of a weekend….thoroughly enjoyable and quite remarkable."
Frieda Hughes, Author, Painter and Poet

"By the end I'd lost my voice but was upheld by the formless euphoria of Names Not Numbers."
Sarah Churchwell, Senior Lecturer in American Literature & Culture, University of East Anglia

"Never has thought provocation been quite so affirming."
Baroness Oona King, Diversity Executive Channel 4

"There were poignant transformational moments over the weekend which made us reflect, re-evaluate preconceptions and challenge our thinking. So much is still percolating in my head."
Chantal Tregear, Director, Taylor Bennett

"A really fantastic experience... a meeting of minds."
Simon Schama, Historian and Broadcaster

"The best Salon since 1901."
Nassim Nicholas Taleb, Former Trader and Author ‘The Black Swan’

"It was an utterly brilliant and stimulating weekend."
William Eccleshare, President and CEO, Clear Channel International

"Thank you for a superb weekend – stimulating, creative, and beautifully organised."
Emily Kasriel, Executive Producer, ‘The Forum’, BBC World Service

"It was both thought-provoking and highly civilised."
James Mackintosh, Investment Editor, Financial Times

Saturday, 26th November, 2011

9.30-10.00

Arrivals and Greetings

10.15 - 10.30

Welcome messages from Julia Hobsbawm of Editorial Intelligence and Javed Gaya, Chair, Names Not Number Mumbai 2011.

One minute's Silence for the Victims of the Mumbai Attacks 26/11/2008 followed by music by classical Indian vocalist Purvi Parikh

10.30 - 10.45

Reflections: 26/11 and its aftermath
Recorded remarks from Nobel Laureate, Professor Amartya Sen, specially recorded at Trinity College, Cambridge for the occasion and Dr Shashi Tharoor MP, MP & author, on: '26/11: Three Years Later' .

10.45 - 11.30

India's Place in a Threatening World
Chair: James Crabtree, Financial Times
Panel to include: Mihir Bose, Writer & Broadcaster; Narinder Nayar, Mumbai First & Managing Director, Concast (India) Limited and Dr Shashi Tharoor MP, MP & Author and Tristram Hunt MP, author

11.30 – 11.45

Tea Break

11.45 - 12.45

Business Responsibility: Philanthropy and Individualism; Corporate Individuality and Accountability
Chair: Jo Johnson MP, former Associate Editor, Financial Times & author ‘Reconnecting Britain and India - Ideas for an Enhanced Partnership'
Panel to include: Vinita Bali, Managing Director, Britannia Industries Vikram Mehta, Chairman, Shell India; Nasser Munjee, Chairman, DCB and Roopa Purushothaman, Managing Director – Research, Everstone Capital Advisors Pvt Ltd

12.45 – 14.15

Launch of Financial Times India app in the gardens over lunch. Including remarks from Rob Grimshaw, Managing Director, FT.com

14.15

Afternoon Session Begins. Welcome remarks from Rob Lynes, British Council.

14.15 – 15.05

The Influence of Cinema on Media & Communications
Chair: Professor Rachel Dwyer, Professor of Indian Culture and Cineman, SOAS
Panel: R Balakrishnan (Balki), Chairman & Chief Creative Officer, Lowe Lintas, Mumbai; Shyam Benegal, writer and director; Amit Khanna, Head, Reliance Entertainment and Meera Syal, Actor, writer and bestselling author

15.05 – 16.10

The New Digital Individual: Is New Technology Liberating or Enslaving?
Chair: Rob Grimshaw, Managing Director, FT.com
Panel: Aditya Dev Sood, Founder, Center for Knowledge Socities; Rajesh Kejriwal, Founder & CEO, Kyoorius Group; Dan Lloyd, Director of Public Policy for Emerging Markets, Vodafone & Nishant Shah, Director, the Center for Internet and Society

16.10 – 16.30

Tea Break

16.30 – 17.15

Crisis & Culture: Does Creativity Thrive on Turmoil?
Chair: Sujata Sen, British Council
Panel to include: Kishwar Desai, novelist & Winner Costa First Novel Award 2010; Dr. Rashmi Poddar, Director Jnanapravaha Mumbai Art History & Aesthetics and Parmesh Shahani, Head of India Culture Lab, author of ‘Gay Bombay’, and editor-at-large of ‘Verve’

17.15 – 18.15

One To One : Writer & critic A.A. Gill in conversation with bestselling food writer Camellia Panjabi

19.00 - 21.00

Evening cocktail reception hosted by The Oberoi Group.

See the bios of the speakers here
For the list of partners, click here
For registrations, click here
About Editorial Intelligence, see here

The details about the event was published in Editorial Intelligence, it can be read here

For more details visit https://cis-india.org/news/names-not-numbers

Thousands go online against 66A

praskrishna — 2012-11-30T06:40:38Z

An online petition aimed at amending section 66A of the Information Technology (IT) Act and re-examining internet laws has garnered 3,000 signatures since it began on Tuesday — two days before Kapil Sibal, telecom and IT minister, chairs a meeting with the cyber regulation advisory committee.

This article by Apoorva Dutt was published in DNA on November 29, 2012. Pranesh Prakash is quoted.

The petition, anchored on Change.org, a platform for social initiatives, was started by Bangalore-based advocate Gautam John after two girls were arrested for their Facebook post on imposing a bandh in the city on the day Shiv Sena chief Bal Thackeray was cremated. Following their arrests, Shaheen Dhada has deleted her Facebook account while her friend Rini Srinivasan who merely liked the post has opened a new account on the social networking site. However, she has vowed to refrain from making political statements.

John is blunt about the legislative effect an online petition can have. l Turn to p8.

“Honestly, I don’t believe that a petition can change laws, but it gives concerned citizens a platform for documenting their concern in such troubling scenarios. To some extent, this sort of petition can represent a civil society’s point of view. No more can a government authority say ‘only NGOs care about an issue’. Now they know – thousands of ordinary people care,” John said.

Pranesh Prakash, policy director at the Centre For Internet and Society in Bangalore, points out the flaws in section 66A that have been exploited in cases like the Palghar incident. “Section 66A is very broadly-worded and the punishment (three years imprisonment) is excessive,” he said. “The law was borrowed – that too badly – from a British law. There are many a things greatly flawed in this unconstitutional provision, from the disproportionality of the punishment to the non-existence of the crime. The 2008 amendment to the IT Act was one of eight laws passed in 15 minutes without any debate in the winter session of Parliament.”

The petition also aims to organise a meeting of the civil society stakeholders to look into these concerns. A similar meeting was scheduled to be held in August, but it did not take place.

Sudarshan Balachandran of Change.org is the lead campaigner and organiser of the petition. He hopes to hand over a copy of the petition to Sibal during the meeting on Thursday. “Sibal has gone on record to say that they will examine the law, and if they feel it doesn’t work, it will be junked. So I am hopeful,” said Balachandran.

For more details visit https://cis-india.org/news/dnaindia-nov-29-2012-apoorva-dutt-thousands-go-online-against-66a

Information & Communication Technology in Making a Healthy Information Society with special reference to use of ICTS in Educational Technology

praskrishna — 2014-07-18T09:06:20Z

The Department of Computer Science, Andhra Loyola College in collaboration with the Department of Computer Science, Krishna University will be organizing a UGC-sponsored National Seminar on August 11 and 12, 2014 at Andhra Loyola College in Vijayawada.

T. Vishnu Vardhan, Programme Director, Access to Knowledge from the Centre for Internet and Society will be giving a key note address at this event.

See the invitation below:

For more details visit https://cis-india.org/news/information-communication-technology-in-making-a-healthy-information-society-with-special-reference-to-use-of-icts-in-educational-technology

Five Frequently Asked Questions about the Amended ITRs

chinmayi — 2013-01-30T05:36:26Z

This piece discusses the five major questions that have been the subject of debate after the World Conference on International Telecommunications 2012 (WCIT). The politics surrounding the WCIT are not discussed here but it must be kept in mind that they have played a significant role in the outcome of the conference and in some of the debates about it.

Each question is discussed with reference to the text of the treaty, to the minutes of the plenary sessions (which are available via the ITU website), a little international law and a few references to other people’s comments on the treaty.

1. Do the ITRs apply to content on the internet?

Article 1.1 (a) has been amended to add the sentence “These Regulations do not address the content-related aspects of telecommunications”. Although some discussions about the International Telecommunication Regulations (ITRs) and content have ignored this altogether, others seem concerned about its interpretation.

The ITU Secretary General has issued a statement in which he has clarified that “The new ITR treaty does NOT cover content issues and explicitly states in the first article that content-related issues are not covered by the treaty”.

Commentators like Chuan-Zheng Lee however, continue to view the treaty with suspicion, on the basis that it is necessary to examine content in order to tell whether it is spam (Lee and Chaparro differ on this question). However, others like Eric Pfanner have pointed to this paragraph in their skepticism about the US refusal to sign.

Some highlights from the plenary session discussions

The Chairman proposed the addition to Article 1.1(a) at the tenth plenary session. He did this to address concerns that the ITRs text could be interpreted to apply to content on the Internet. The original formulation that he proposed was ‘These regulations do not address and cannot be interpreted as addressing content’. This text was suggested in the middle of an extended discussion on Article 5A.

Many countries were skeptical of this insertion. Sudan argued that content could not be avoided in telecommunication networks “because it will always be in transit.” The United Arab Emirates seemed concerned about international interference in states’ existing regulation of content, and said “maybe we could actually say this in the minutes of the meeting that this regulation should not be interpreted as on alteration to Member States content regulation”.

Concerns about what the term ‘content’ means and whether it would apply broadly were raised by more than one country, including Saudi Arabia. For instance, it was argued that the text proposed by the Chairman might interfere with parts of the treaty that require operators to send tariff information correspondence. More than one country that felt that the insertion of this text would impact several parts of the treaty, and that it would be difficult to determine what amounted to dealing with content. The primary issue appeared to be that the term ‘content’ was not defined, and it therefore remained unclear what was being excluded. In response to these concerns, the Chairman withdrew his proposal for the amendment excluding content.

However, several states then spoke up in favour of the Chairman’s proposal, suggesting that the proposed amendment to Article 1.1 influenced their acceptance of Article 5A (on security and robustness of networks – discussed in detail below). Brazil suggested that an answer to the definitional concerns may be found in the work by Study Group 17, which had a definition available.

Following this, the next day, at the twelfth plenary, the Chairman brought back the Article 1.1 amendment excluding content. He stated explicitly that this amendment might be the way to get Articles 5A and 5B approved. The text he read out was insertion of the words “to the exclusion of their content”, after ‘’services’ at the end of 1.1A. Interestingly however, the term ‘content’ was never defined.

At the next plenary session, Iran raised the objection that this phrase was overbroad, and proposed the following formulation instead: “These Regulations do not address the content-related aspects of telecommunications”. This formulation found its way into the amended ITRs as the treaty stands today.

2. Does Article 5A on network security legitimize surveillance of Internet content?

Article 5A deals with ‘security and robustness of networks’ and requires member states to “individually and collectively endeavour to ensure the security and robustness of international telecommunication networks...”. This may have given rise to concerns about interpretations that may extend the security of networks to malware or viruses, and therefore to content on the Internet. However, Article 5A has to be read with Article 1.1(a), and therefore must be interpreted such that it does not ‘address the content-related aspects of telecommunications’.

Some commentators continue to see Article 5A as problematic. Avri Doria has argued that the use of the word ‘security’ in addition to ‘robustness’ of telecommunication infrastructure suggests that it means Internet security. However Emma Llansó of the Centre for Democracy and Technology has noted that the language used in this paragraph is “ far too vague to be interpreted as a requirement or even a recommendation that countries surveil users on their networks in order to maintain security”. Llansó has suggested that civil society advocates make it clear to countries which attempt to use this article to justify surveillance, that it does not lend itself to such practices.

Some highlights from the plenary session discussions

Article 5A was one of the most controversial parts of the ITRs and was the subject of much debate.

On December 11^th, in the Chairman’s draft that was being discussed, Article 5A was titled ‘security of networks’, and required members to endeavour to ensure the “security and robustness of international telecommunication networks”. The Chairman announced that this was the language that came out of Committee 5’s deliberations, and that ‘robustness’ was inserted at the suggestion of CEPT.

Several countries like Poland, Australia, Germany and the United States of America were keen on explicitly stating that Article 5A was confined to the physical or technical infrastructure, and either wanted a clarification that to this effect or use of the term ‘robustness’ instead of security. Many other countries, such as Russia and China, were strongly opposed to this suggestion and insisted that the term security must remain in the document (India was one of the countries that preferred to have the document use the term ‘security’).

It was in the course of this disagreement, during the tenth plenary session, that the Chairman suggested his global solution for Article 1.1 – a clarification that this would not apply to content. This solution was contested by several countries, withdrawn and then reinstated (in the eleventh plenary) after many countries explained that their assent to Article 5A was dependant on the existence of the Article 1 clarification about content (see above for details).

There was also some debate about whether Article 5A should use the term ‘robustness’ or the term ‘security’ (eg. The United States clarified that its preference was for the use of ‘resilience and robustness’ rather than security). The Secretary General referred to this disagreement, and said that he was therefore using both terms in the draft. The title of Article 5A was changed, in the eleventh plenary, to use both terms, instead of only referring to security.

3. Does Article 5B apply to spam content on the Internet?

The text of the amended treaty talks of ‘unsolicited bulk electronic communications’ and does not use the term ‘spam’[Article 5B says that ‘Members should endeavour to take necessary measures to prevent the propagation of unsolicited bulk electronic communications and minimize its impact on international telecommunication services’].If this phrase is read in isolation, it may certainly be interpreted as being applicable to spam. Commentators like Avri Doria have pointed to sources like Resolution 130 of the Plenipotentiary Conference of the International Telecommunication Union (Guadalajara, 2010) to demonstrate that ‘unsolicited bulk electronic communications’ ordinarily means spam. However, others like Enrique A. Chaparro argue that it cannot possibly extend to content on the Internet given the language used in Article 1.1(a). Chapparo has explained, that given the exclusion of content, Article 5B it authorizes anti-spam mechanisms that do not work on content.

Article 5B, which discusses ‘unsolicited bulk electronic communications’, must be read with Article 1, which is the section on purpose and scope of the ITRS. Article 1.1 (a) specifies that the ITRs “do not address the content-related aspects of telecommunications”. Therefore it may be argued that ‘unsolicited bulk electronic communications’ cannot be read as being applicable to content on the Internet.

However, many continue to be concerned about Article 5B’s applicability to spam on the Internet. Although some of them that their fear is that some states may interpret Article 5B as applying to content, despite the contents of Article 1.1(a), many have failed to engage with the issue in the context of Article 1.1(a).

Some highlights from the plenary session discussions

Article 5B is inextricably linked with the amendment to Article 1.1. Mexico asked specifically about what the proposed amendment to Article 1.1 would mean for Article 5B: “I’m referring to the item which we’ll deal with later, namely unsolicited bulk electronic communications. Could that be referred to as content, perhaps?”. The Chairman responded saying, “This is exactly will solve the second Article 5B, that we are not dealing with content here. We are dealing with measures to prevent propagation of unsolicited bulk electronic messages”.

The amendment to Article 1.1 was withdrawn soon after it was introduced. Before it was reintroduced, Sweden said (at the eleventh plenary) that it could not see how Article 5B could apply without looking into the content of messages. The United States agreed with this and went on state that the issue of spam was being addressed at the WTSA level, as well as by other organisations. It argued that the spam issue was better addressed at the technical level than by introducing it in treaty text.

The amendment excluding content was reintroduced during the twelfth plenary. The Chairman explicitly stated that it might be the way to get Articles 5A and 5B approved.

The word ‘spam’ was dropped from the ITRs in the eight plenary, and “unsolicited bulk electronic communications” was used instead. However, in the eleventh plenary, as they listed their reasons for not signing the newly-amended ITRs, Canada and the United States of America referred to ‘spam’ which suggests that they may have viewed the change as purely semantic.

4. Does the resolution on Internet Governance indicate that the ITU plans to take over the Internet?

Much controversy has arisen over the plenary resolution ‘to foster an enabling environment for the greater growth of the Internet’. This controversy has arisen partly thanks to the manner in which it was decided to include the resolution, and partly over the text of the resolution. The discussion here focuses on the text of the resolution and then describes the proceedings that have been (correctly) criticized.

The history of this resolution, as Wolfgang Kleinwächter has explained, is that it was part of a compromise to appease the countries which were taking positions on the ITU’s role in Internet governance, that were similar to the controversial Russian proposal. The controversial suggestions about Internet governance were excluded from the actual treaty and included instead in a non-binding resolution.

The text of the resolution instructs the Secretary General to “to continue to take the necessary steps for ITU to play an active and constructive role in the development of broadband and the multi-stakeholder model of the Internet as expressed in § 35 of the Tunis Agenda”. This paragraph is particularly controversial since of paragraph 35 of the Tunis Agenda says “Policy authority for Internet-related public policy issues is the sovereign right of States. They have rights and responsibilities for international Internet-related public policy issues.” Kleinwächter has pointed out that this selection leaves out later additions that have taken place with progression towards a multi-stakeholder model.

The resolution also resolves to invite member states to “to elaborate on their respective positions on international Internet-related technical, development and public-policy issues within the mandate of ITU at various ITU forums including, inter alia, the World Telecommunication/ICT Policy Forum, the Broadband Commission for Digital Development and ITU study groups”.

A little after its introduction, people began expressing concerns such as the Secretary General may treat the resolution as binding, While the language may raise cause for concern, it is important to note that resolutions of this nature are not binding and countries are free to opt out of them. Opinions vary about the intentions that have driven the inclusion of this resolution, and what it may mean for the future. However commentators like Milton Mueller have scoffed at these concerns, pointing out that the resolution is harmless and may have been a clever political maneuver to resolve the basic conflict haunting the WCIT, and that mere discussion of the Internet in the ITU harms no one.

Some highlights from the plenary session discussions

Egypt and Bulgaria suggested that the resolution refer to paragraph 55 of the Tunis agenda instead of paragraph 35, by inserted the following text “”Recognizing that the existing arrangements for Internet Governance have worked effectively to make the Internet the highly robust, dynamic and geographically diverse medium it is today, with the private sector taking the lead in day-to-day operations and with innovation and value creation at the edges.” The US was also quite insistent on this language (although it did also argue that this was the wrong forum to discuss these issues).

The Chairman was willing to include paragraph 55 in addition to paragraph 35 but Saudi Arabia objected to this inclusion. Finland suggested that the resolution should be removed since it was not supported by all the countries present and was therefore against the spirit of consensus. The Secretary General defended the resolution, suggesting both that it was harmless and that since it was a key component of the compromise, eliminating it would threaten the compromise. South Africa and Nigeria supported this stand.

It was during this debate that the procedural controversy arose. Late into the night, the Chairman said there was a long list of countries that wished to speak and said “I just wanted to have the feel of the room on who will accept the draft resolution”. He proceeded to have countries indicate whether they would accept the draft resolution or not, and then announced that the majority of the countries in the room were in favour of retaining the resolution. The resolution was then retained. Upon Spain’s raising the question, the Chairman clarified that this was not a vote. The next day, other countries raised the same question and the Chairman, while agreeing that the resolution was adopted on the basis of the ‘taking of temperature’ insisted that it was not a vote so much as an effort to see what majority of the countries wanted.

5. Does the human rights language used in the preamble, especially the part about states’ access to the Internet, threaten the Internet in any way?

The preamble says “Member States affirm their commitment to implement these Regulations in a manner that respects and upholds their human rights obligations”, and “These Regulations recognize the right of access of Member States to international telecommunication services”. The text of the preamble can be used as an interpretation aid since it is recognized as providing context to, and detailing the object and purpose of, a treaty. However if the meaning resulting from this appears to be ambiguous, obscure, absurd or unreasonable, then supplementary means such as the preparatory work for the treaty and the circumstances for its conclusion may also be taken into account.

Therefore anyone who is concerned about the impact of the text inserted in the preamble must (a) identify text within the main treaty that could be interpreted in an undesirable manner using the text in the preamble; and (b) consider preparatory work for the treaty and see whether it supports this worrying interpretation. For example, if there were concerns about countries choosing to interpret the term ‘human rights’ as subordinating political rights to economic rights, it would be important to take note of the Secretary General’s emphasis on the UDHR being applicable to all member states.

Initially, only the first insertion about ‘human rights obligations’ was part of the draft treaty. The second insertion, recognizing states’ rights followed after the discussion about human rights language. Some states argued that it was inconsistent to place human rights obligations on states towards their citizens, but to leave out their cross-border obligations. It was immediately after this text was voted into the draft, that the United States, the United Kingdom and other countries refused to sign the ITRs. This particular insertion is phrased as a right of states rather than that of individuals or citizens, which does not align with the language of international human rights. While it may not be strictly accurate to say that human rights have traditionally been individual centric (since collective rights are also recognized in certain contexts), it is certainly very unusual to treat the rights of states or governments as human rights.

Some highlights from the plenary session discussions

The United States of America and the Netherlands wanted to include language to state explicitly that states’ international human rights obligations are not altered in anyway. This was to clarify that the inclusion of human rights language was not setting the ITU up as a forum in which human rights obligations are debated. Malaysia objected to the use of human rights language in the preamble right at the outset, on the grounds that the ITRs are the wrong place for this, and that the right place is the ITU Constitution. It even pointed to the fact that jurisprudence is ever-evolving, to suggest that the meaning of human rights obligations might change over time. These were the two major perspectives offered towards the beginning of the discussion.

The Chairman underlined the fact that the Universal Declaration of Human Rights is already applicable to all UN countries. He argued that reflection of these principles in the ITRs would help build universal public faith in the conference.

The first traces of the states’ access rights can be seen in Cuba’s intervention at the ninth plenary – Cuba argued that limiting states’ access to public information networks amounted to infringement of human rights. At the fourteenth plenary, Nigeria proposed on behalf of the African group that the following text be added to the preamble “And recognize the right of access of all Member States to international telecommunication networks and services." Countries like China which had been ambivalent about the human rights language in the preamble, were happy with this move away from an individual-centric understanding of human rights, to one that sees states as representative of people.

The United States was express in its dissent, and said “human rights obligations go to the individual”. Sweden was also not happy with the proposal and argued that it moved away from well-established human rights language that affirmed existing commitments to drafting new human rights language.

It was an amended version of the African group proposal that finally found its way into the preamble. It was supported by many countries such as China, Nigeria and Sudan, who took the position that group rights are included within human rights, and that governments represent their citizens and therefore have rights on their behalf. This position was strenuously disputed by states like the USA, Switzerland, United Kingdom and Canada.

For more details visit https://cis-india.org/internet-governance/blog/five-faqs-on-amended-itrs