The Centre for Internet and Society
https://cis-india.org
These are the search results for the query, showing results 101 to 115.
Why entrepreneurs are wary of the new draft e-commerce policy
https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy
<b>Raka Chakrawarti, an entrepreneur from Mumbai, is tensed these days, not about her business, which is booming, but over the rules of the Draft National e-Commerce Policy.
</b>
<p>The article by Rahul Sachitanand was published in <a class="external-link" href="https://economictimes.indiatimes.com/small-biz/entrepreneurship/why-entrepreneurs-are-wary-of-the-new-draft-e-commerce-policy/articleshow/68236907.cms">Economic Times</a> on March 3, 2019. Elonnai Hickok was quoted.</p>
<hr />
<p style="text-align: justify; ">If the policy, drafted by the Department for Promotion of Industry and Internal Trade (DPIIT) and seeking stakeholder comments, gets a go-ahead as it is, Gourmetdelight, her bootstrapped online vendor of organic goods, will have to certify and add reviews of all the products her marketplace sells.</p>
<p style="text-align: justify; ">She says her platform has nearly 1,500 stock keeping units - from black garlic to trikaya baby spinach - and certifying all of these would mean a further strain on her budget and small workforce. Then there are other questions she is seeking answers to: what to do with the growing volume of user data (the policy suggests the government has overarching rights over it); what is the scope of the policy; what is the definition of ecommerce and will the policy, by appearing protectionist, keep away foreign capital, so far the life blood of the sector?</p>
<p style="text-align: justify; ">In five years, according to Venture Intelligence, investors have poured over $18 billion across 667 deals in India's ecommerce market. This money, mostly from overseas, has allowed ecommerce startups to grow fast and also offer investors a handsome exit - like in the case of Walmart buying Flipkart.</p>
<p style="text-align: justify; ">Some of this momentum may be lost, fear entrepreneurs, since the policy appears to take a protectionist approach - by empowering domestic entrepreneurs, pushing Make in India and proposing to own user data and deterring global investors from betting on the potential of India's ecommerce market.</p>
<p style="text-align: justify; ">Legal experts and executives in ecommerce companies feel the draft policy is half-baked. While it makes some progress on protecting home-grown small businesses, the proposals about data ownership and stricter quality norms may make it hard for such businesses to grow.</p>
<p style="text-align: justify; ">Ambareesh Murthy, CEO of furniture retailer Pepperfry, says this is a draft that is evolving and the intent may change over time. He is wary of the proposal to give government ownership of, and therefore control over, user data. While the government argues that data is a national resource, executives feel individuals should hold ultimate control over their personal information.</p>
<p style="text-align: justify; ">While foreign company-owned Amazon and Flipkart have built their business here, newer entrants such as Chinese upstarts will find an India foray costlier, since the policy calls for setting up of an office here to legally operate. Critics also argue that while the policy starts with the right intentions, it loses focus on the way. They say the recommendations made across more than 14,000 words are too broad, encompassing more than the e-commerce industry itself.</p>
<p style="text-align: justify; ">Putting together such an all-encompassing statement isn't right, say policy experts, since it involves not just DPIIT but also other government bodies and regulators, including the Competition Commission of India.</p>
<p style="text-align: justify; ">Elonnai Hickok of Centre for Internet and Society, a think tank, says regulators do not fully appreciate the nuances of the growing mountain of data and properly safeguarding it within the country.</p>
<p style="text-align: justify; ">"The draft policy has not comprehensively addressed what is the appropriate framework for ensuring data as a national resource," she says. "It appears to take a one-size-fits-all approach - bringing in privacy, intermediary liability, piracy, authenticity of information, etc. without considering potential exceptions and implications of such measures, including rights of individuals." Anirudh Rastogi, founder of Ikigai Law, a firm tackling tech legislation, contends that too much onus has been placed on entrepreneurs and their ventures to meet regulatory norms. "The draft proposes a host of consumer protection and anticounterfeiting measures, which is a good thing on principle," he says. "But this also means a lot of requirements for platforms and other intermediaries which dilute their intermediary status."</p>
<p style="text-align: justify; ">Not everyone agrees. For some homegrown entrepreneurs, measures that look protectionist offer a level playing field to compete with well-funded foreign company-owned behemoths.</p>
<p style="text-align: justify; ">"The govt is trying to level the playing field and take away some of the power held by well-funded giants over the Indian market," says Ashish Gurnani, cofounder of Postfold, an online bespoke apparel brand. "We can now hope to compete more on variety, curation and quality, rather than discounts alone." When contacted, a DPIIT official involved in the process of drafting the policy, said: "At present, we don't have control over our data. Companies which control our data can say no to sharing it if we want that data. Servers are outside. We're incapacitated as there is no physical or legal control. We want to create jobs through the policy."</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy'>https://cis-india.org/internet-governance/news/economic-times-rahul-sachitanand-march-3-2019-why-entrepreneurs-are-wary-of-new-draft-e-commerce-policy</a>
</p>
No publisherRahul SachitanandanInternet Governance2019-03-08T00:32:43ZNews ItemWhy did Nandan Nilekani praise a Twitter troll?
https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll
<b>As the Supreme Court upholds the linking of ‘Aadhar’ with PAN, questions around ex-UIDAI chairman Nandan Nilekani praising iSPIRT head Sharad Sharma Twitter troll and ‘Aadhar’s privacy properties will continue to be asked.</b>
<p style="text-align: justify; ">The article by Kiran Jonnalgadda was published in the <b><a class="external-link" href="http://indianexpress.com/article/opinion/why-did-nandan-nilekani-praise-a-twitter-troll-4697235/">Indian Express</a></b> on June 10, 2017.</p>
<hr />
<p style="text-align: justify; ">Last month, Sharad Sharma, the head of the Indian Software Product Industry Round Table (iSPIRT) Foundation, an organisation that promotes Aadhaar to industry, was outed as the operator of at least two anonymous Twitter troll accounts that viciously harassed and defamed critics of Aadhaar. The shocking revelation was first met with denial by iSPIRT, and then followed by what may be understood as a reticent apology from Mr Sharma.</p>
<p style="text-align: justify; ">In a bizarre sequence of events, the apology received praise from several quarters. iSPIRT’s Guidelines and Compliance Committee (IGCC) investigated Mr Sharma and the ‘Sudham’ team that coordinated the trolling campaign. Two members of the investigating committee subsequently resigned, although only one confirmed.</p>
<p style="text-align: justify; ">The committee’s findings, confirming that Mr Sharma was responsible, were summarised for the public by Mr Sharma himself, who then announced that his role as a public spokesperson would now be handled by Sanjay Jain. Mr Jain was once with the Unique Identification Authority of India (UIDAI), launched by Nandan Nilekani, is currently a director at Nandan Nilekani’s EkStep Foundation, and a close confidante of Mr Sharma. The two have often pitched iSPIRT’s IndiaStack initiative together.</p>
<p style="text-align: justify; ">In an internal email questioning this decision, an iSPIRT member asked whether Mr Jain was a part of the ‘Sudham’ team, and whether he was also “at least partially culpable for the [troll] campaign and the violation of the code of conduct.”</p>
<p style="text-align: justify; ">The victims of the trolling have received no report, and the two apologies posted by Mr Sharma were both for having “condoned uncivil behaviour”, but not for personally orchestrating the attacks. Among those who praised him was Nandan Nilekani, former chairman of UIDAI and chief mentor of iSPIRT.</p>
<p style="text-align: justify; ">Critics have been pointing out for years that Aadhaar lacks sufficient checks and balances, and that claims of benefits are overstated. These concerns have been met with denial, condemnation of critics, and often outright refusal to engage in debate. This has unfortunately only served to alienate an even larger section of the population, turning ordinary citizens into activists.</p>
<p style="text-align: justify; ">We can gain an insight into how Aadhaar is promoted by examining iSPIRT. The organisation was founded in 2013 by volunteers who had been working together on the sidelines of the NASSCOM Product Conclave. These volunteers felt the need for an independent grassroots organisation to represent tech entrepreneurs who were building products for India and the world. iSPIRT has grown phenomenally influential over its few years, largely by the work of volunteers who were truly interested in building a mutual assistance community.</p>
<p style="text-align: justify; ">Level playing fields are a recurring topic. Just as there is a desire to lower bureaucratic hurdles to give every entrepreneur a fair chance, there is also the question of how a startup can compete against a foreign competitor that has the advantage of a stronger home market.</p>
<p style="text-align: justify; "><a href="http://indianexpress.com/about/flipkart/">Flipkart</a> and Ola are two prominent examples in their fight to defend their market share against Amazon and Uber, competitors armed with global experience, more capital, and better trained talent. iSPIRT’s take is that for Indian companies to thrive they must have a supportive ecosystem that enables rapid growth, and so iSPIRT must step up as an “activist think tank”.</p>
<p style="text-align: justify; ">One aspect of this activism is IndiaStack, which seeks to help startups by promoting a suite of ‘public goods’: Aadhaar and eKYC for id verification, eSign and Digilocker for digital contracts and certificates, and UPI for payments. If one accepts at face value that these services are well intentioned, then IndiaStack is on a noble quest. The details, unfortunately, are less pristine.</p>
<p style="text-align: justify; ">iSPIRT is a private non-profit, but its volunteers include several former members of UIDAI. The guidance and compliance committee (IGCC) investigating the trolling included a current member of government. iSPIRT helped build and evangelise the UPI (United Payments Interface) platform and BHIM app for NPCI, but the level of involvement and terms of the agreement are not public.</p>
<p style="text-align: justify; ">For an organisation that claims to champion public goods, iSPIRT is opaque on the level of influence they wield with government (Mr Sharma once claimed some influence but no control), and on who exactly built the various components of IndiaStack, within or outside of government.</p>
<p style="text-align: justify; ">They showed a remarkable degree of influence when foisting UPI on a change-resistant banking sector. They have funding from four banks (IDFC, SBI, Bank of Baroda and Axis Bank) and from fintech startups. Despite this level of responsibility, they also have no accountability since they are a pro bono volunteer force, allowing them to distance themselves from failures (UPI failures are NPCI’s problem and Aadhaar failures are UIDAI’s problem, etc) and unpleasant incidents such as the ‘Sudham’ trolling project. (No one has accepted responsibility for operating a troll account.)</p>
<p style="text-align: justify; ">At the core of IndiaStack is ‘Aadhaar’, which as it currently stands has serious concerns from its technical architecture to institutional safeguards. Aadhaar lacks publicly verifiable audits, a data breach disclosure policy, or an engagement process for researchers to report concerns.</p>
<p style="text-align: justify; ">For reasons best known to them, the promoters of ‘Aadhaar’ are in a tearing hurry to impose it everywhere, in every aspect of an Indian’s life, out of an apparent fear that it will die if adoption slows down. This is eerily reminiscent of startup mantras like “fake it till you make it” and “move fast and break things”.</p>
<p style="text-align: justify; ">But ‘Aadhaar’ already has a billion enrollments and the backing of legal measures pushed by the Union Government. There is no threat of imminent demise. And yet, as the Twitter trolling shows, this fear continues to exist for ‘Aadhaar’s proponents, so much so that critics must be silenced at any cost.</p>
<p style="text-align: justify; ">Where trolling failed to work, subtler attacks are sure to follow. There have been some in the recent past.</p>
<p style="text-align: justify; ">The Centre for Internet and Society (CIS) is facing one such attack for its report on the leak of 130 million Aadhaar numbers. The report received wide coverage and was followed by new rules from MEITy (ministry of Electronics & Information Technology) regarding the handling of Aadhaar numbers, but instead of commending CIS for its role in improving safeguards, UIDAI is accusing it of hacking, demanding the identity of the researcher so that he or she may be individually prosecuted.</p>
<p style="text-align: justify; ">When Sameer Kochhar demonstrated that previously captured fingerprints were being reused because Aadhaar’s API lacked technical safeguards, UIDAI responded by prosecuting him. A News18 journalist was also prosecuted for demonstrating how double application for enrollment was possible using different names.</p>
<p style="text-align: justify; ">As of September 30, 2017, ‘registered’ devices will be mandatory as the current devices are not secure against fingerprint reuse, and an unknown number of fingerprints have already been captured and stored. This sort of forced technological upgrade will happen again as more problems surface into public consciousness, with more researchers and critics harassed for pointing these out.</p>
<p style="text-align: justify; ">‘Aadhaar’ pursues inherently contradictory goals. The process of ‘inorganic seeding’, for instance, allows a database to be seeded with ‘Aadhaar’ numbers, to help a service provider identify and eliminate duplicates without the individual’s cooperation. (Inorganic seeding is an official UIDAI scheme.) And yet, the law prohibits using and sharing ‘Aadhaar’ numbers without the individual’s consent.</p>
<p style="text-align: justify; ">‘Aadhaar’ aims to be an inclusive project, providing an identity for everyone, and yet easily lends itself to being an instrument of exclusion. There is technical exclusion when biometrics fail to match, and there is institutional exclusion when Aadhaar is made mandatory and an individual is then blacklisted from a service or denied Aadhaar enrollment.</p>
<p style="text-align: justify; ">Aviation minister <a href="http://indianexpress.com/about/jayant-sinha">Jayant Sinha</a> recently announced a proposal to use digital id for just this purpose. ‘Aadhaar’ in its current state makes it extraordinarily simple for an organisation to demand it for authentication, but what of the necessary safeguards to protect an individual’s rights? Or of ensuring that grievance redressal mechanisms are in place and actually functional? These are not solved by a technical API integration.</p>
<p style="text-align: justify; ">Just as we’ve seen with nuclear power, weak institutions which are sensitive to criticism and fail to ensure effective oversight amplify the risks of the underlying technology. Aadhaar’s supporting institutions, whether government bodies like UIDAI or private bodies like iSPIRT, are immature for the mandate they carry. All technology improves with time, but weak institutions hamper their benefit to society.</p>
<p style="text-align: justify; ">As the leading promoter of Aadhaar, founding chairman of UIDAI, and chief mentor of iSPIRT, Mr Nilekani must step up and commit to improving the institutions he commands, and take responsibility for their failures. Condemning critics instead does not help build institutions.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll'>https://cis-india.org/internet-governance/news/indian-express-kiran-jonnalgadda-june-10-2017-why-did-nandan-nilekani-praise-a-twitter-troll</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-06-12T01:34:53ZNews ItemWhy did India fail to discover the ISIS Twitter handle?
https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle
<b>India's surveillance system fails to track the servers of internet giants like Google or Facebook because these do not have servers in the country, says a leading cyber law expert.</b>
<p style="text-align: justify; ">The article by Anita Babu was <a class="external-link" href="http://www.business-standard.com/article/current-affairs/why-india-failed-to-discover-the-isis-twitter-handle-114122500522_1.html">published in the Business Standard</a> on December 26, 2014. Sunil Abraham gave his inputs.</p>
<hr />
<p style="text-align: justify; ">Back in 2009, after the investigation team, probing into the 26/11 Mumbai terror attacks, almost cracked the case, it was the US’s Federal Bureau of Investigation (FBI) which connected the missing links by arresting David Headley, the mastermind.<br /> <br /> Five years later, India <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Is" target="_blank">is </a>staring at a similar situation, when Bengaluru-based Mehdi Masroor Biswas, was allegedly found to be operating a pro-ISIS (Islamic State) <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Twitter" target="_blank">Twitter </a>handle. It was a British broadcaster, Channel 4, which blew the lid off Biswas’s activity. Soon after the report, Indian authorities swung into action. Last year, when communal violence broke out in some parts of Uttar Pradesh, a Pakistani news organisation reported that a fake video was being circulated to fan sentiments.<br /> <br /> But, why have Indian agencies failed to detect such activities which pose a threat to the national security? A senior government official said intelligence agencies in the country scan the internet for leads. But, in the light of increased threats, systems need to be beefed up significantly. Perhaps, as a first step towards this, the home ministry on Wednesday formed a committee to prepare a road map for tackling cyber crimes in the country.<br /> <br /> It will give suitable recommendations on all facets of cyber crime, apart from suggesting possible partnerships with public and private sector, non-governmental organisations and international bodies.<br /> <br /> According to Sunil Abraham, executive director of a Bengaluru-based research organisation, the Centre for Internet and Society, it’s time we move closer towards intelligent and targeted surveillance, rather than mass surveillance. This will require monitoring a selected accounts or profiles, instead of tapping information from across the population. Old-fashioned detective work is also very important, as it has helped zero in on Biswas.<br /> <br /> Another problem the country faces is that a lot of data is being pooled in by multiple agencies, but of little use. “We must free up our law enforcement agencies and intelligence services from the curse of having too much data,” Abraham adds. Since most of the internet companies are headquartered outside India, the authorities face a lot of difficulties in accessing information from these networks.<br /> <br /> “India’s surveillance system fails to track the servers of internet giants like <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Google" target="_blank">Google </a>or <a class="storyTags" href="http://www.business-standard.com/search?type=news&q=Facebook" target="_blank">Facebook </a>because these do not have servers in the country. Our system is only confined within the country,” says Pavan Duggal, a leading cyber law expert.<br /> <br /> Since the US has the capability to access information from telecom companies, service providers such as Twitter and Facebook and the consortia that run submarine cables, these companies cooperate in a much more effective and immediate manner, adds Abraham. “But these are things that we will never be able to do in India,” he adds.<br /> <br /> For instance, India follows the mutual legal assistance treaty procedure, to gather and exchange information in an effort to enforce public laws or criminal laws. However, this is a time-consuming process and often takes up to two years before we get any data from these companies.<br /> <br /> But due to the threat of cyber-terrorism being shared by both companies and governments, companies such as Google, Twitter and Facebook are cooperating more than before, experts say.<br /> <br /> Internet and Jurisdiction Project, an international group that works towards ensuring digital coexistence, tries to get a procedural law between two countries in a harmonised manner and includes collection, storage, handling and processing of evidence.<br /> <br /> More lubricating efforts should be undertaken internationally on these lines, say experts. Hopefully, the new committee will take steps in this direction.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle'>https://cis-india.org/internet-governance/news/business-standard-december-26-2014-anita-babu-why-india-failed-to-discover-the-isis-twitter-handle</a>
</p>
No publisherpraskrishnaInternet Governance2014-12-27T03:27:16ZNews ItemWhy Data Localisation Might Lead To Unchecked Surveillance
https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance
<b>In recent times, there has been a rash of policies and regulations that propose that the data that Indian entities handle be physically stored on servers in India, in some cases exclusively. In other cases, only a copy needs to be stored.</b>
<p style="text-align: justify; ">The article was published in <a class="external-link" href="https://www.bloombergquint.com/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Bloomberg Quint</a> on October 15, 2018 and also mirrored in the <a class="external-link" href="https://www.thequint.com/voices/opinion/why-data-localisation-might-lead-to-unchecked-surveillance">Quint</a>.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">In April 2018, the Reserve Bank of India put out a<a href="https://www.rbi.org.in/scripts/NotificationUser.aspx?Id=11244&Mode=0" target="_blank"> circular </a>requiring that all “data relating to payment systems operated by them are stored in a system only in India” <a href="https://www.bloombergquint.com/business/rbi-sticks-to-oct-15-deadline-for-data-localisation" target="_blank">within six months</a>. Lesser requirements have been imposed on all Indian companies’ accounting data since 2014 (the back-up of the books of account and other books that are stored electronically must be stored in India, the broadcasting sector under the Foreign Direct Investment policy, must locally store subscriber information, and the telecom sector under the Unified Access licence, may not transfer their subscriber data outside India).</p>
<p style="text-align: justify; ">The draft e-commerce policy has a wide-ranging requirement of exclusive local storage for “community data collected by Internet of Things devices in public space” and “data generated by users in India from various sources including e-commerce platforms, social media, search engines, etc.”, as does the draft e-pharmacy regulations, which stipulate that “the data generated” by e-pharmacy portals be stored only locally.</p>
<p style="text-align: justify; ">While companies such as Airtel, Reliance, PhonePe (majority-owned by Walmart) and Alibaba, have spoken up in support the government’s data localisation efforts, others like Facebook, Amazon, Microsoft, and Mastercard have led the way in opposing it.</p>
<p style="text-align: justify; ">Just this week, two U.S. Senators <a href="https://www.bloombergquint.com/business/us-senators-write-to-pm-modi-seek-soft-stance-on-indias-data-localisation" target="_blank">wrote to</a> the Prime Minister’s office arguing that the RBI’s data localisation regulations along with the proposals in the draft e-commerce and cloud computing policies are “key trade barriers”. In her dissenting note to the Srikrishna Committee's report, Rama Vedashree of the Data Security Council of India notes that, “mandating localisation may potentially become a trade barrier and the key markets for the industry could mandate similar barriers on data flow to India, which could disrupt the IT-BPM (information technology-business process management) industry.”</p>
<h2 style="text-align: justify; ">Justification For Data Localisation</h2>
<p style="text-align: justify; ">What are the reasons for these moves towards data localisation?</p>
<blockquote style="text-align: justify; ">Given the opacity of policymaking in India, many of the policies and regulations provide no justification at all. Even the ones that do, don’t provide cogent reasoning.</blockquote>
<p style="text-align: justify; ">The RBI says it needs “unfettered supervisory access” and hence needs data to be stored in India. However, it fails to state why such unfettered access is not possible for data stored outside of India.</p>
<blockquote style="text-align: justify; ">As long as an entity can be compelled by Indian laws to engage in local data storage, that same entity can also be compelled by that same law to provide access to their non-local data, which would be just as effective.</blockquote>
<p style="text-align: justify; ">What if they don’t provide such access? Would they be blacklisted from operating in India, just as they would if they didn’t engage in local data storage? Is there any investigatory benefit to storing data in India? As any data forensic expert would note, chain of custody and data integrity are what are most important components of data handling in fraud investigation, and not physical access to hard drives. It would be difficult for the government to say that it will block all Google services if the company doesn’t provide all the data that Indian law enforcement agencies request from it. However, it would be facile for the RBI to bar Google Pay from operating in India if Google doesn’t provide it “unfettered supervisory access” to data.</p>
<p style="text-align: justify; ">The most exhaustive justification of data localisation in any official Indian policy document is that contained in the <a href="http://meity.gov.in/writereaddata/files/Data_Protection_Committee_Report.pdf" target="_blank">Srikrishna Committee’s report</a> on data protection. The report argues that there are several benefits to data localisation:</p>
<ol style="text-align: justify; ">
<li>Effective enforcement,</li>
<li>Avoiding reliance on undersea cables,</li>
<li>Avoiding foreign surveillance on data stored outside India,</li>
<li>Building an “Artificial Intelligence ecosystem”</li>
</ol>
<p style="text-align: justify; ">Of these, the last three reasons are risible.</p>
<h2 style="text-align: justify; ">Not A Barrier To Surveillance</h2>
<p style="text-align: justify; ">Requiring mirroring of personal data on Indian servers will not magically give rise to experts skilled in statistics, machine learning, or artificial intelligence, nor will it somehow lead to the development of the infrastructure needed for AI.</p>
<p style="text-align: justify; ">The United States and China are both global leaders in AI, yet no one would argue that China’s data localisation policies have helped it or that America’s lack of data localisation polices have hampered it.</p>
<blockquote style="text-align: justify; ">On the question of foreign surveillance, data mirroring will not have any impact, since the Srikrishna Committee’s recommendation would not prevent companies from storing most personal data outside of India.</blockquote>
<p style="text-align: justify; ">Even for “sensitive personal data” and for “critical personal data”, which may be required to be stored in India alone, such measures are unlikely to prevent agencies like the U.S. National Security Agency or the United Kingdom’s Government Communications Headquarters from being able to indulge in extraterritorial surveillance.</p>
<p style="text-align: justify; ">In 2013, slides from an NSA presentation that were leaked by Edward Snowden showed that the NSA’s “BOUNDLESSINFORMANT” programme collected 12.6 billion instances of telephony and Internet metadata (for instance, which websites you visited and who all you called) from India in just one month, making India one of the top 5 targets.</p>
<p style="text-align: justify; ">This shows that technically, surveillance in India is not a challenge for the NSA.</p>
<p style="text-align: justify; ">So, forcing data mirroring enhances Indian domestic intelligence agencies’ abilities to engage in surveillance, without doing much to diminish the abilities of skilled foreign intelligence agencies.</p>
<p style="text-align: justify; ">As I have <a href="https://slides.com/pranesh/digital-security-for-journalists#/5/1" target="_blank">noted in the past</a>, the technological solution to reducing mass surveillance is to use decentralised and federated services with built-in encryption, using open standards and open source software.</p>
<p style="text-align: justify; ">Reducing reliance on undersea cables is, just like reducing foreign surveillance on Indians’ data, a laudable goal. However, a mandate of mirroring personal data in India, which is what the draft Data Protection Bill proposes for all non-sensitive personal data, will not help. Data will stay within India if the processing happens within India. However, if the processing happens outside of India, as is often the case, then undersea cables will still need to be relied upon.</p>
<p style="text-align: justify; ">The better way to keep data within India is to incentivise the creation of data centres and working towards reducing the cost of internet interconnection by encouraging more peering among Internet connectivity providers.</p>
<blockquote style="text-align: justify; ">While data mirroring will not help in improving the enforcement of any data protection or privacy law, it will aid Indian law enforcement agencies in gaining easier access to personal data.</blockquote>
<h2 style="text-align: justify; ">The MLAT Route</h2>
<p style="text-align: justify; ">Currently, many forms of law enforcement agency requests for data have to go through onerous channels called ‘mutual legal assistance treaties’. These MLAT requests take time and are ill-suited to the needs of modern criminal investigations. However, the U.S., recognising this, passed a law called the CLOUD Act in March 2018. While the CLOUD Act compels companies like Google and Amazon, which have data stored in Indian data centres, to provide that data upon receiving legal requests from U.S. law enforcement agencies, it also enables easier access to foreign law enforcement agencies to data stored in the U.S. as long as they fulfill certain procedural and rule-of-law checks.</p>
<blockquote style="text-align: justify; ">While the Srikrishna Committee does acknowledge the CLOUD Act in a footnote, it doesn’t analyse its impact, doesn’t provide suggestions on how India can do this, and only outlines the negative consequences of MLATs.</blockquote>
<p style="text-align: justify; ">Further, it is inconceivable that the millions of foreign services that Indians access and provide their personal data to will suddenly find a data centre in India and will start keeping such personal data in India. Instead, a much likelier outcome, one which the Srikrishna Committee doesn’t even examine, is that many smaller web services may find such requirements too onerous and opt to block users from India, similar to the way that Indiatimes and the Los Angeles Times opted to block all readers from the European Union due to the coming into force of the new data protection law.</p>
<p style="text-align: justify; ">The government could be spending its political will on finding solutions to the law enforcement agency data access question, and negotiating solutions at the international level, especially with the U.S. government. However it is not doing so.</p>
<p style="text-align: justify; ">Given this, the recent spate of data localisation policies and regulation can only be seen as part of an attempt to increase the scope and ease of the Indian government’s surveillance activities, while India’s privacy laws still remain very weak and offer inadequate legal protection against privacy-violating surveillance. Because of this, we should be wary of such requirements, as well as of the companies that are vocal in embracing data localisation.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance'>https://cis-india.org/internet-governance/blog/bloomberg-quint-pranesh-prakash-october-15-2018-why-data-localisation-might-lead-to-unchecked-surveillance</a>
</p>
No publisherpraneshSurveillanceInternet GovernancePrivacy2018-10-16T14:08:34ZBlog EntryWhy conviction rate for cyber crime cases in Karnataka is abysmally low
https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low
<b>Police say a third of the cases involving economic offences in Karnataka are related to job scams, a third related to OTP and UPI fraud, and the remaining are lottery related scams.</b>
<p>The blog post by Theja Ram published by the <a class="external-link" href="https://www.thenewsminute.com/article/why-conviction-rate-cyber-crime-cases-karnataka-abysmally-low-109803">News Minute</a> on October 1, 2019 quotes Karan Saini.</p>
<hr />
<p style="text-align: justify; ">Just like thousands of engineering graduates in pursuit of a job, 22-year-old Samhita RH had been trying to find one since she graduated from AMC Engineering College in Bengaluru. Samhita’s parents, who live in Hassan district’s Sakleshpur, were counting on their daughter to help clear loans they had taken for her education. A year after graduating, Samhita was desperate. She had uploaded her resume on several job portals and hoped she would get an interview call.</p>
<p style="text-align: justify; ">On the afternoon of December 21 last year, Samhita received an email from an id that read: hr.monster13@india.com. Samhita had signed up for job alerts on employment portal Monster and was thrilled when she finally received a call for an interview, over a year after graduating.</p>
<p class="_yeti_done" style="text-align: justify; ">“I did not suspect that this was a fake account. Soon after I received the email, I also got a call on my mobile number and a man named Abhishek Acharya said he was from Monster and that there was an interview call for a position at HCL. He said I have to pay Rs 1,200 as registration fee and that I would be able to go for the interview then. A few hours later, he asked me to pay Rs 18,000. The next day I had to pay Rs 13,000 and later the same day another Rs 15,000,” Samhita says.</p>
<p style="text-align: justify; ">The next day, she received a fake offer letter from HCL after a telephonic conversation and this time another man named Amit Singh, who claimed to be an employee in HCL’s HR department, allegedly told Samhita that she had to pay Rs 29,000 for a certification programme that would be conducted as part of her induction programme. Samhita paid Amit Singh too and when she asked him the date of joining, Amit allegedly informed her that he would be in touch.</p>
<p style="text-align: justify; ">By the first week of January 2019, Samhita was worried that she may have been duped. She got in touch with HCL in Bengaluru and enquired about the job offer she had received. She even sent them a copy of the “offer letter” she had received. To her dismay, HCL informed her that the letter was forged and that no one from the company had reached out to her.</p>
<p style="text-align: justify; ">When she contacted the mobile number of the alleged Amit Singh and demanded her money back, he allegedly hung up and could never be reached again. “I lost around Rs 76,000 in a few days’ time. My parents were struggling for money. They had taken loans to pay for the job and it turned out to be a sham. When I got that email, I should have been more alert. But hope and relief of finally getting a job had clouded my judgement. I filed a complaint with the Cyber Crime Police Station in Bengaluru on January 19 this year, but there has been no progress in my case,” Samhita says.</p>
<p style="text-align: justify; ">In Samhita’s case, police say that the phones used to contact her were last used in Madhya Pradesh and the IP address from which the email was sent was from Nigeria. “How can we track down some online identity that we don’t know. If it’s a robbery or a murder, its jurisdictional. When it comes to people morphing pictures and extortion rackets on online dating platforms, it is easier to track down the people as there is an ID of the person. But economic offences are the hardest to crack,” says Sandeep Patil, Joint Commissioner of Crime, Bengaluru.</p>
<p style="text-align: justify; ">Just like Samhita, thousands of people have fallen victim to job scams on the internet and the Bengaluru Cyber Crime Police say that a third of the cases involving economic offences in Karnataka are related to job scams, a third of them are related to OTP and UPI fraud, and the remaining are lottery related scams. And the police say that investigating cyber crimes related to economic offenses are very difficult.</p>
<h3 style="text-align: justify; ">UPI, lottery fraud on the rise</h3>
<p style="text-align: justify; ">Ever since demonetisation led people to switch to online money transfer, police say that Unique Identification Pin (UPI) related cyber crimes are on the rise. According to the Cyber Crime Police Station in Bengaluru, of the 12,754 cyber crime cases reported in the city between January 2018 and August 2019, 38% of them were related to UPI.</p>
<p style="text-align: justify; ">“Before demonetisation, a lot of people were not using Google Pay, PayTM, BHIM and other UPI apps for money transfer. With more users, the pool of potential victims for those committing cyber crimes has increased,” Sandeep Patil says.</p>
<p style="text-align: justify; ">In July this year, a Madhusudhan, businessman from Bengaluru, filed a complaint with the Cyber Crime Police Station that a person posing to be a representative of an e-commerce company had looted Rs 1.6 lakh from three of his bank accounts via his BHIM app. Madhusudhan’s wife Lekha had ordered material for a dress from an e-commerce website. After it was delivered, she wanted to return it, and found a customer service number when she searched on Google. She asked Madhusudhan to help her get the money back.</p>
<p style="text-align: justify; ">Madhusudhan spoke to the representative, who informed him that the product could not be returned but that he could initiate a refund. “The product quality was bad and so we wanted to return it. The representative said he would refund the money and told me that he would send me a message, I had to click the link in the message and fill in a form for the refund to be processed. I never thought that this could be a scam. Within minutes, Madhusudhan received a message with a message ID that read: HDFC-UPI. Assuming it was legitimate, I clicked the link, which led me to a portal. But there was no form,” Madhusudhan says.</p>
<p style="text-align: justify; ">Madhusudhan tried calling the customer care number once more but there was no response. About three or four minutes later he received a message from his bank that Rs 90,000 was transferred to an unknown account via BHIM. Seconds later, he received another message that Rs 70,000 was transferred to another bank account via the same app. Madhusudhan immediately called his bank and asked them to stop any fund transfer from his account.</p>
<p style="text-align: justify; ">“I have three bank accounts linked to BHIM and money was wiped out from two accounts. I was able to save Rs 40,000 only after I called the bank,” he says. When Madhusudhan approached the police, Cyber Crime sleuths informed him that it was a phishing scam. “That message that I clicked, that was where it started,” Madhusudhan adds.</p>
<p style="text-align: justify; ">According to Karan Saini, Programme Officer with the Centre for Internet and Society, most UPI-related crimes are phishing operations and in rare cases involve spyware. Karan says that SMS gateways are the easiest means to con people into believing that a message is from a legitimate source.</p>
<p style="text-align: justify; ">“Businesses have the ability to send messages to people from SMS gateways provided by telecom companies. Consider the messages we get from e-commerce sites, banks, etc. While most businesses send messages to customers who have wilfully provided their details, bulk contact information can still be procured quite easily, and the cost barrier for sending bulk SMSes is also quite low. Most SMS providers charge customers around Rs. 300 for sending 1000 messages. Further, businesses have the ability to specify a custom sender ID (i.e., the name that appears on the message), which TRAI (Telecom Regulatory Authority of India) mandates to be 6 characters long (e.g., AXISBK), however, fraudsters can easily subvert the custom Sender ID feature to push their phishing campaigns. Most of the reported UPI scams seem to have succeeded because people were conned by the name of the sender. While several SMS providers maintain ‘blacklists’ that let them protect the Sender IDs of prominent customers, fraudsters can still trivially bypass these blacklists, by alternating characters within the Sender ID (e.g., changing AXISBK to AXISBA or even BKAXIS), or by simply moving to another SMS provider.,” Karan says.</p>
<p style="text-align: justify; ">In December 2017, Venkateshulu S, a jewellery store owner in Bengaluru, received an SMS allegedly from an e-commerce website stating that he had won Rs 1,00,00,000 in a lucky draw. The message stated that Venkateshulu, who had recently purchased a TV from the website, had won the lucky draw from a pool of customers chosen for it.</p>
<p style="text-align: justify; ">Venkateshulu, who was initially sceptical, had ignored the SMS. A day later, he received another SMS from the same sender ID, which claimed that he had to claim the prize within the next 24 hours or the offer would expire. He also received a call from a person posing as a customer care executive and informed him that he had to pay Rs 1 lakh to claim the prize and that the money would be refunded to him once the winnings were deposited into his account.</p>
<p style="text-align: justify; ">Within a few minutes, he transferred the money to an account number given by the conman. It was only after two days that Venkateshulu realised he had been swindled.</p>
<p style="text-align: justify; ">“I was waiting for the money to get deposited into my account. When I contacted that man again, his phone was switched off. Then I filed a complaint with the cyber crime police but they haven’t caught the culprit even now,” Venkateshulu says.</p>
<p style="text-align: justify; ">Speaking to The News Minute, Director General of Police, CID, Praveen Sood, said that just like Venkateshulu, thousands of people get conned in lottery scams. “When someone is asking you to pay money to collect alleged winnings, that must be the trigger. People get conned a lot by lotteries because the amount of money is too huge for them to pass up,” he says.</p>
<h3 id="_mcePaste">Thousands of cases, negligible convictions</h3>
<p style="text-align: justify; ">From just 1,045 cases registered in 2014 to 8,495 cases between January and August 2019, the number of cyber crime cases being reported in Karnataka are on the rise. Between January 2014 and August 2019, 20,920 cases were registered across 30 Cyber Crime police stations in Karnataka and a whopping 85% of them have been registered in the lone Cyber Crime Police Station in Bengaluru City.</p>
<p style="text-align: justify; ">Of the 8,495 cases registered between January and August 2019, 7,516 of them were in Bengaluru. Another alarming reality is the low rate of conviction. There have been only 36 convictions in cyber crime cases in Karnataka in the last six years and out of them only 5 convictions have occurred in cases registered in Bengaluru. Of these convictions, four of them occurred in 2014 and one in 2018. There were zero convictions in the years in between.</p>
<p style="text-align: justify; ">The shockingly low rate of conviction, Cyber Crime sleuths say, is because 95% of the cases registered go unresolved for various reasons. Of the total number of cases registered in the last six years, arrests have been made in only 6.2% of the cases and the number of cases in which chargesheets have been filed is even lower.</p>
<p>Between 2014 and August 2019, chargesheets were filed only in 736 cases in Karnataka, of which 46.86% were from Bengaluru.</p>
<p><img src="https://www.thenewsminute.com/sites/all/var/www/images/Cybercrime_karnataka.jpg" /></p>
<p><img src="https://www.thenewsminute.com/sites/all/var/www/images/Cybercrime_bengaluru.jpg" /></p>
<p style="text-align: justify; ">DGP Sood says that one of the primary reasons for the low conviction rate in cyber crime cases, not only in Karnataka but across the country, is the lack of geographical boundaries in cyber crime cases.</p>
<p>“In most cases across the country, the crime is perpetrated by people from other countries,” he says.</p>
<p style="text-align: justify; ">Senior police officials who have worked on numerous cyber crime cases in Karnataka say that another reason for low conviction rates in these crimes is that the cost of investigating cyber crime cases, especially economic offences, exceeds the actual loss suffered by victims.</p>
<p style="text-align: justify; ">“In many cases that I have worked on, the IP addresses or phone numbers are from Nigeria, Trinidad, Congo or an eastern European country. How do we track down and arrest these people? After five to six days of investigating, we reach a dead end. Between the amount that individual victims lose and the amount that needs to be spent on investigating that case, there is a huge difference. Lakhs have to be spent on one investigation. The economics do not add up and the physical international boundaries are major hurdles,” a senior police officer says.</p>
<h3 style="text-align: justify; ">Limited knowledge about advanced technology</h3>
<p style="text-align: justify; ">Senior officials with the Cyber Crime unit in the Criminal Investigation department say that apart from a severe staff crunch in Cyber Crime stations, most police officers, public prosecutors and magistrates have limited knowledge about cyber crimes, the technology used, the methods of perpetrating such crimes and, most importantly, the technological jargon.</p>
<p style="text-align: justify; ">“Initially, we had only 10 police officials working in one police station in Bengaluru and they were handling thousands of cases. It was only in 2018 that the number of personnel were increased to 40. Even now, these officers are handling thousands of cases and it’s an overload,” JCP Sandeep Patil says.</p>
<p style="text-align: justify; ">According to DGP Praveen Sood, even in cases where arrests are made and chargesheets filed, overburdened sessions courts with limited magistrates who understand the nuances of cyber crime cases contribute to low rates of conviction.</p>
<p> </p>
<p><article class="_yeti_done top_horizontal_show_ads_on_desktop right_vertical_ads_block left_vertical_ads_block">
<p style="text-align: justify; ">Senior police officials who work with the Centre for Cyber Crime Investigation and Training Centre say that prosecutors and lawyers fail to put forth a strong case due to lack of knowledge about these crimes.</p>
<p style="text-align: justify; ">“Understanding the methods used by perpetrators of cyber crimes and most importantly the jargon is difficult for prosecutors and magistrates. Even officers working in Cyber Crime stations keep learning new things every day. Magistrate courts are overloaded and to find judges who can understand the nuances of the case and prosecutors who can put forth a good case is difficult,” the official explains.</p>
<p style="text-align: justify; ">In February this year, the Centre for Cyber Crime Investigation and Training Centre was inaugurated in Bengaluru in order to train police officers, prosecutors and magistrates on the nuances of cyber crime. DGP Praveen Sood says that with more police officers being trained, it is a first step towards ensuring that more cases are detected and disposed of quickly.</p>
<p style="text-align: justify; ">“Since cyber crime has no boundaries, the best way is to prevent it. More awareness is required. People must not use the same email ID for personal and financial transactions. Separate email IDs must be used for social media accounts because many people get conned on social media. There are many cases where social media accounts are hacked and pictures of women are morphed. It’s always better to change passwords frequently and not share it with anyone. Do not believe people who say they are bank officials asking for OTP and PINs. Never buy into lottery scams where they ask you to pay money in order to get your winnings,” Praveen Sood adds.</p>
</article></p>
<p> </p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low'>https://cis-india.org/internet-governance/news/newsminute-october-1-2019-theja-ram-why-conviction-rate-for-cyber-crime-cases-in-karnataka-is-abysmally-low</a>
</p>
No publisherTheja RamInternet Governance2019-10-13T06:07:23ZNews ItemWhy Aadhaar leaks should worry you, and is biometrics really safe?
https://cis-india.org/internet-governance/news/the-news-minute-rakesh-mehar-may-4-2017-why-aadhaar-leaks-should-worry-you-and-is-biometrics-really-safe
<b>What’s worrying is that the UIDAI seems to always be in denial mode over security concerns. </b>
<p style="text-align: justify; ">The blog post was <a class="external-link" href="http://www.thenewsminute.com/article/why-aadhaar-leaks-should-worry-you-and-biometrics-really-safe-61469">published by the News Minute</a> on May 4, 2017. Amber Sinha was quoted.</p>
<hr style="text-align: justify; " />
<p style="text-align: justify; ">If you’ve paid the slightest bit of attention to news about Aadhaar, you’ll have heard about a series of leaks of Aadhaar data from multiple government websites. Some of the latest government websites to leak Aadhaar and demographic data, were the Jharkhand <a href="http://www.hindustantimes.com/india-news/in-massive-data-breach-over-a-million-aadhaar-numbers-published-on-jharkhand-govt-website/story-EeFlScg5Dn5neLyBzrkw1I.html" target="_blank">Directorate</a> of Social Security and the Kerala government’s pension <a href="http://www.livemint.com/Politics/bM6xWCw8rt6Si4seV43C2H/Govt-departments-breach-Aadhaar-Act-leak-details-of-benefic.html" target="_blank">department</a>.</p>
<p style="text-align: justify; ">Shockingly, a <a href="http://cis-india.org/internet-governance/information-security-practices-of-aadhaar-or-lack-thereof-a-documentation-of-public-availability-of-aadhaar-numbers-with-sensitive-personal-financial-information-1" target="_blank">report</a> by The Centre for Internet and Society (CIS) revealed that the Aadhaar details along with demographic details and financial information of around 135 million people in the country has been leaked by four government portals. And this could just be the tip of the iceberg.</p>
<p style="text-align: justify; ">However, the public response to these revelations has been muted. The government and the UIDAI, the authority behind Aadhaar, have retreated behind the defence that only Aadhaar numbers have been leaked, and not biometric details, and hence there is no major problem.</p>
<p style="text-align: justify; ">However, experts warn that Aadhaar numbers by themselves pose a sufficient risk when leaked, and that the UIDAI has been consistently underplaying the risks of such leaks and overplaying the security of biometric identification.</p>
<p style="text-align: justify; ">Amber Sinha, who co-authored the CIS report, points out that it’s not just Aadhaar numbers that have been leaked on government websites, but also demographic information as well as financial details. Various such bits of data can be aggregated by fraudsters and used to steal identities and commit financial fraud online or through phones.</p>
<p style="text-align: justify; ">“We see a lot of examples of social engineering techniques where fraudsters collect data from various sources and impersonate people,” he says. The report points out that one of the most common techniques is to call persons impersonating bank officials requiring sensitive information, and provide Aadhaar and demographic details to make the bid for this information convincing.</p>
<p style="text-align: justify; ">Amber also points out that in online and phone verifications, it is possible to impersonate other persons with such information.</p>
<p style="text-align: justify; ">“Somebody can call the bank pretending to be me, and he could also authenticate himself as me if he has all the data about me. The bank will ask him some four questions and if he has all that information, then the bank has no reason to believe that he is not me,” he explains.</p>
<p style="text-align: justify; ">Co-Founder of HasGeek, Kiran Jonnalagadda, an active voice on net neutrality, freedom of speech and privacy, points out that one of the main problems is that the Aadhaar system assumes biometric verification in every transaction, but Aadhaar cards are often used as identity documents without biometrics particularly for many non-financial transactions.</p>
<p style="text-align: justify; ">“Somebody can apply for a SIM card with your Aadhaar number, and if the place that is issuing the SIM card didn't do a biometric verification then your card is good enough, because now they can do anything they want in your name,” Kiran said. In such cases, he points out, impersonation is almost ridiculously easy because the Aadhaar card, just a colour printout with no security features, can be faked by almost anyone.</p>
<p style="text-align: justify; ">He points out that, particularly in cases of online verifications, the problem of fraud is acutely heightened. “The thing is that if they have your number and your demographic details, if the government does a verification online, the details will match. Which means that the ID is not fake. It's just that you didn't actually authorise any of this. In a perfect world, everybody would do biometrics. The problem is that that does not exist right now.”</p>
<p style="text-align: justify; ">One of the major flaws of the current security practices of Aadhaar is that the UIDAI only takes responsibility for the security of data stored within its Central Identities Data Repository. However, explains Amber, over the last five years, the UIDAI has proactively seeded Aadhaar data across multiple government databases. However, the UIDAI has not exercised strict disclosure controls on these government databases, and there are no clear standards for publicity of information.</p>
<p style="text-align: justify; ">The CIS report points to the example of the Andhra Pradesh portal of the NREGA, which carries information on Aadhaar numbers and disbursal amounts on a simple text file, with no encryption or other security measures. The report argues that this system could easily be exploited to transfer illegal sums of money into these accounts, making beneficiaries liable for them.</p>
<p style="text-align: justify; ">Importantly, Amber points out that the recent publications of Aadhaar details cannot properly be called leaks. A leakage occurs, he points out, when information is treated as secret and stored accordingly and then breached from the outside or leaked by abusing access.</p>
<p style="text-align: justify; ">“Here the websites that we looked at are designed in such a way that anybody without any technical knowledge can access information. They are available for download as spreadsheets, how much simpler could it get?” he asks.</p>
<p style="text-align: justify; ">Even with the much-vaunted infallibility of biometric verification, experts warn, there are some scarily large loopholes present. While the UIDAI regularly goes to town with the claim that the biometric data stored in the CIDR is well protected behind multiple firewalls, detractors point out that biometric data collected at each transaction point is not similarly secure.</p>
<p style="text-align: justify; ">Other kinds of financial transactions such as card transactions , explains Amber, use two-factor authentication (a physical card and a pin number or card details and an OTP, for instance). With Aadhaar, however, authentication is possible with just biometrics.</p>
<p style="text-align: justify; ">This is risky because biometric data is not duplication-proof. When biometric data is collected for authentication, he says, there are ways in which this data can be stored for re-use. “At the end of the day, the way the biometric authentication works is by comparing two images. There is a copy of an image which is collected at the time of enrolment which is stored by the UIDAI, and every time you authenticate yourself you give a fresh image. As far as the CIDR is concerned, it has nothing to do with how that image is being created at that stage,” says Amber.</p>
<p style="text-align: justify; ">This can and has led to what is called a “replay attack”, where stored biometric images are used to complete transactions without the presence of the actual owner of the biometric data. This is what <a href="https://scroll.in/article/830580/security-of-aadhaars-data-is-under-question-but-pointing-to-the-gaps-could-lead-to-a-police-case" target="_blank">happened</a> in the case involving Axis Bank, Suvidha Infoserve and eMudhra in February.</p>
<p style="text-align: justify; ">Such situations arise, says Kiran, because Aadhaar confuses two very separate functions–authentication (establishing that I am who I am) and authorisation (certifying that I want an action done in my name). “It’s the difference between signing a cheque and showing a photo ID to prove that you are who you are,” explains Kiran. The problem with biometrics is that both processes are combined in one, and there is nothing to verify that the person to whom the biometrics belongs to is actually present for each transaction.</p>
<p style="text-align: justify; ">While the UIDAI has now proposed <a href="http://zeenews.india.com/personal-finance/uidai-registration-for-all-aadhaar-authentication-devices-soon_1969917.html" target="_blank">registered</a> and encrypted biometric devices to overcome this problem, some detractors <a href="http://www.thenewsminute.com/article/response-nandan-nilekani-s-new-claims-aadhaar-60945" target="_blank">argue</a> that a way around this is not impossible to find either.</p>
<p style="text-align: justify; ">“The larger problem is that the UIDAI constantly plays a game of denial and catch up. They keep pretending like other people are stupid and their system will never be broken. And other people keep pointing out that they've forgotten the most obvious things about security in any information system. They are currently in denial mode, where they insist such things are not possible until after it happens, and then they say oh it's happening, let's go do something to fix it,” Kiran says.</p>
<p style="text-align: justify; ">What’s more, Kiran and Amber point out that biometrics can even be physically duplicated. On iris scans, Amber argues, “Now, with a lot of CCTV cameras, if their resolution is high enough it is possible to capture things like an iris scan. So the means for biometric authentication can be used covertly, and that is a technological truth,” he asserts.</p>
<p style="text-align: justify; ">Duplicating fingerprints, says Kiran is even easier, pointing out to attendance fraud carried out by students of the Institute of Chemical Technology in Mumbai. These students used a resin adhesive to make copies of their fingerprints, which their friends used to give them proxy attendance in the biometric attendance system.</p>
<p style="text-align: justify; ">“Lifting fingerprints is ridiculously easy. Anything you touch will leave fingerprints on it. All it requires is some cello-tape to make a copy of your fingerprints. And then you can apply some wax to it and you get an actual impression of your finger. You can go place that on any fingerprint reader and it'll be fooled,” says Kiran.</p>
<p style="text-align: justify; ">It’s not as if such duplication is not possible with devices like credit cards. However, says Kiran, there are two key differences. Firstly, credit card companies have built up elaborate checks and balances over years to tackle fraud. Secondly, and far more importantly, credit cards that have been compromised can be cancelled. “Revocability is a feature in the credit card system. In Aadhaar you can't revoke anything. If fraud happens, you are stuck with fraud for the rest of your life,” explains Kiran.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/the-news-minute-rakesh-mehar-may-4-2017-why-aadhaar-leaks-should-worry-you-and-is-biometrics-really-safe'>https://cis-india.org/internet-governance/news/the-news-minute-rakesh-mehar-may-4-2017-why-aadhaar-leaks-should-worry-you-and-is-biometrics-really-safe</a>
</p>
No publisherpraskrishnaAadhaarInternet GovernancePrivacy2017-05-12T15:48:48ZNews ItemWhy 'Facebook' is More Dangerous than the Government Spying on You
https://cis-india.org/internet-governance/blog/why-facebook-is-more-dangerous-than-the-government-spying-on-you
<b>In this article, Maria Xynou looks at state and corporate surveillance in India and analyzes why our "choice" to hand over our personal data can potentially be more harmful than traditional, top-down, state surveillance. Read this article and perhaps reconsider your "choice" to use social networking sites, such as Facebook. </b>
<p align="JUSTIFY"><i>Do you have a profile on Facebook?</i> Almost every time I ask this question, the answer is ‘yes’. In fact, I think the amount of people who have replied ‘no’ to this question can literally be counted on my right hand. But this is not an article about Facebook per se. It’s more about the ‘Facebooks’ of the world, and of people’s increasing “choice” to hand over their most personal data. More accurate questions are probably:</p>
<p align="JUSTIFY">“<i>Would you like the Government to go through your personal diary? If not, then why do you have a profile on Facebook?”</i></p>
<h2><span><b>The Indian Surveillance State</b></span></h2>
<p align="JUSTIFY">Following <span style="text-decoration: underline;"><a href="http://news.yahoo.com/nsa-revelations-timeline-whats-come-since-snowden-leaks-203656274.html">Snowden</a><a href="http://news.yahoo.com/nsa-revelations-timeline-whats-come-since-snowden-leaks-203656274.html">’</a><a href="http://news.yahoo.com/nsa-revelations-timeline-whats-come-since-snowden-leaks-203656274.html">s</a><a href="http://news.yahoo.com/nsa-revelations-timeline-whats-come-since-snowden-leaks-203656274.html"> </a><a href="http://news.yahoo.com/nsa-revelations-timeline-whats-come-since-snowden-leaks-203656274.html">revelations</a></span>, there’s finally been more talk about surveillance. But what is surveillance?</p>
<p align="JUSTIFY">David Lyon - who directs the <span style="text-decoration: underline;"><a href="http://www.sscqueens.org/">Surveillance</a><a href="http://www.sscqueens.org/"> </a><a href="http://www.sscqueens.org/">Studies</a><a href="http://www.sscqueens.org/"> </a><a href="http://www.sscqueens.org/">Centre</a></span> - <span style="text-decoration: underline;"><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">defines</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">surveillance</a></span> as <i>“any collection and processing of personal data, whether identifiable or not, for the purposes of influencing or managing those whose data have been garnered”</i>. <a href="http://www.polity.co.uk/book.asp?ref=9780745635910"><span style="text-decoration: underline;">Surveillance</span></a> can also be defined as the monitoring of the behaviour, activities or other changing information of individuals or groups of people. However, this definition implies that individuals and/or groups of people are being monitored in a top-down manner, without this being their “choice”. But is that actually the case? To answer this question, let’s have a look at how the Indian government and corporations operating in India spy on us.</p>
<h3><b>State Surveillance</b></h3>
<p align="JUSTIFY">The first things that probably come to mind when thinking about India from a foreigner’s perspective are poverty and corruption. Surveillance appears to be a “Western, elitist issue”, which mainly concerns those who have already solved their main survival problems. In other words, the most mainstream argument I hear in India is that surveillance is not a <i>real </i>issue, especially since the majority of the population in the country lives below the line of poverty and does not even have any Internet access. Interestingly enough though, the other day when I was walking around a slum in Koramangala, I noticed that most people have Airtel satellites...even though they barely have any clean water!</p>
<p align="JUSTIFY">The point though is that surveillance in India is a fact, and the state plays a rather large role in it. In particular, Indian law enforcement agencies follow three steps in ensuring that targeted and mass surveillance is carried out in the country:</p>
<p align="JUSTIFY">1. They create surveillance schemes, such as the <span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">Central</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system"> </a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">Monitoring</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system"> </a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">System</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system"> (</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">CMS</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">)</a></span>, which carry out targeted and/or mass surveillance</p>
<p align="JUSTIFY">2. They create laws, guidelines and license agreements, such as the <span style="text-decoration: underline;"><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Information</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Technology</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> (</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Amendment</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">) </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Act</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> 2008</a></span>, which mandate targeted and mass surveillance and which require ISP and telecom operators to comply</p>
<p align="JUSTIFY">3. They buy surveillance technologies from companies, such as CCTV cameras and spyware, and use them to carry out targeted and/or mass surveillance</p>
<p align="JUSTIFY">While Indian law enforcement agencies don’t necessarily follow these steps in this precise order, they usually try to create surveillance schemes, legalise them and then buy the gear to carry them out.</p>
<p align="JUSTIFY">In particular, surveillance in India is regulated under five laws: the <span style="text-decoration: underline;"><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf">Indian</a><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf"> </a><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf">Telegraph</a><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf"> </a><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf">Act</a><a href="http://www.ijlt.in/pdffiles/Indian-Telegraph-Act-1885.pdf"> 1885</a></span>, the <span style="text-decoration: underline;"><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf">Indian</a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf"> </a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf">Post</a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf"> </a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf">Office</a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf"> </a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf">Act</a><a href="http://www.indiapost.gov.in/Pdf/Manuals/TheIndianPostOfficeAct1898.pdf"> 1898</a></span>, the <span style="text-decoration: underline;"><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf">Indian</a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf"> </a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf">Wireless</a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf"> </a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf">Telegraphy</a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf"> </a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf">Act</a><a href="http://tdsat.nic.in/New%20Compendium19.11.2008/TD%20Set%20Vol-1%20PDF/53-58.pdf"> 1933</a></span>, <span style="text-decoration: underline;"><a href="http://indiankanoon.org/doc/911085/">section</a><a href="http://indiankanoon.org/doc/911085/"> 91 </a><a href="http://indiankanoon.org/doc/911085/">of</a><a href="http://indiankanoon.org/doc/911085/"> </a><a href="http://indiankanoon.org/doc/911085/">the</a><a href="http://indiankanoon.org/doc/911085/"> 1973 </a><a href="http://indiankanoon.org/doc/911085/">Code</a><a href="http://indiankanoon.org/doc/911085/"> </a><a href="http://indiankanoon.org/doc/911085/">of</a><a href="http://indiankanoon.org/doc/911085/"> </a><a href="http://indiankanoon.org/doc/911085/">Criminal</a><a href="http://indiankanoon.org/doc/911085/"> </a><a href="http://indiankanoon.org/doc/911085/">Procedure</a><a href="http://indiankanoon.org/doc/911085/"> (</a><a href="http://indiankanoon.org/doc/911085/">CrPc</a><a href="http://indiankanoon.org/doc/911085/">)</a></span> and the <span style="text-decoration: underline;"><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Information</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Technology</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> (</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Amendment</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">) </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Act</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> 2008</a></span>. These laws mandate targeted surveillance, but remain silent on the issue of mass surveillance which means that technically it is neither allowed nor prohibited, but remains a grey legal area.</p>
<p align="JUSTIFY">While surveillance laws in India may not mandate mass surveillance, some of their sections are particularly concerning. Section 69 of the<span style="text-decoration: underline;"><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Information</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Technology</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> (</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Amendment</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">) </a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf">Act</a><a href="http://police.pondicherry.gov.in/Information%20Technology%20Act%202000%20-%202008%20%28amendment%29.pdf"> 2008</a></span> allows for the interception of all information transmitted through a computer resource, while requiring that all users disclose their private encryption keys or face a jail sentence of up to seven years. This appears to be quite bizarre, as individuals can only keep their data private and protect themselves from surveillance through encryption.</p>
<p align="JUSTIFY">Section 44 of the Information Technology (Amendment) Act 2008 imposes stiff penalties on anyone who fails to provide requested information to authorities - which kind of reminds us of Orwell’s totalitarian regime in <a href="http://www.ministryoflies.com/1984.pdf"><span style="text-decoration: underline;">“1984”</span></a>. Furthermore, section 66A of the same law states that individuals will be punished for sending “offensive messages through communication services”. However, the vagueness of this section raises huge concerns, as it remains unclear what defines an “offensive message” and whether this will have grave implications on the freedom of expression. The <span style="text-decoration: underline;"><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">arrest</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">of</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">two</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">Indian</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">women</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">last</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">November</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">over</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">a</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">Facebook</a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx"> </a><a href="http://www.hindustantimes.com/india-news/mumbai/outrage-after-arrest-of-2-women-for-facebook-post-on-mumbai-shutdown/article1-961377.aspx">post</a></span> reminds us of this.</p>
<p align="JUSTIFY">Laws in India may not mandate mass surveillance, but guidelines and license agreements issued by the Department of Telecommunications do. In particular, the <span style="text-decoration: underline;"><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">UAS</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">License</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">Agreement</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">regarding</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">the</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">Central</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">Monitoring</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> </a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">System</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf"> (</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">CMS</a><a href="http://www.dot.gov.in/sites/default/files/DOC231013-004.pdf">) </a></span>not only mandates mass surveillance, but also attempts to legalise a mass surveillance scheme which aims to intercept all telecommunications and Internet communications in India. Furthermore, the Department of Telecommunications has issued <span style="text-decoration: underline;"><a href="http://www.dot.gov.in/data-services/internet-services">numerous</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">guidelines</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">and</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">license</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">agreements</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">for</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">ISPs</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">and</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">telecom</a><a href="http://www.dot.gov.in/data-services/internet-services"> </a><a href="http://www.dot.gov.in/data-services/internet-services">operators</a></span>, which require them to not only be “surveillance-friendly”, but to also enable law enforcement agencies to tap into their servers on the grounds of national security. And then, of course, there’s the new <span style="text-decoration: underline;"><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1">National</a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1"> </a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1">Cyber</a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1"> </a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1">Security</a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1"> </a><a href="http://deity.gov.in/content/national-cyber-security-policy-2013-1">Policy</a></span>, which mandates surveillance to tackle cyber-crime, cyber-terrorism, cyber-war and cyber-vandalism.</p>
<p align="JUSTIFY">As both a result and prerequisite of these laws, the Indian government has created various surveillance schemes and teams to aid them. In particular, <span style="text-decoration: underline;"><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">India</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">’</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">s</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert"> </a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">Computer</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert"> </a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">Emergency</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert"> </a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">Response</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert"> </a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">Team</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert"> (</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">CERT</a><a href="http://deity.gov.in/content/indian-computer-emergency-response-team-cert">)</a></span> is currently monitoring “any suspicious move on the Internet” in order to checkmate any potential cyber attacks from hackers. While this may be useful for the purpose of preventing and detecting cyber-criminals, it remains unclear how “any suspicious move” is defined and whether that inevitably enables mass surveillance, without individuals’ knowledge or consent.</p>
<p align="JUSTIFY">The <span style="text-decoration: underline;"><a href="http://ncrb.gov.in/cctns.htm">Crime</a><a href="http://ncrb.gov.in/cctns.htm"> </a><a href="http://ncrb.gov.in/cctns.htm">and</a><a href="http://ncrb.gov.in/cctns.htm"> </a><a href="http://ncrb.gov.in/cctns.htm">Criminal</a><a href="http://ncrb.gov.in/cctns.htm"> </a><a href="http://ncrb.gov.in/cctns.htm">Tracking</a><a href="http://ncrb.gov.in/cctns.htm"> </a><a href="http://ncrb.gov.in/cctns.htm">and</a><a href="http://ncrb.gov.in/cctns.htm"> </a><a href="http://ncrb.gov.in/cctns.htm">Network</a><a href="http://ncrb.gov.in/cctns.htm"> & </a><a href="http://ncrb.gov.in/cctns.htm">Systems</a><a href="http://ncrb.gov.in/cctns.htm"> (</a><a href="http://ncrb.gov.in/cctns.htm">CCTNS</a><a href="http://ncrb.gov.in/cctns.htm">)</a></span> is the creation of a nationwide networking infrastructure for enhancing the efficiency and effectiveness of policing and sharing data among 14,000 police stations across the country. It has been estimated that Rs. 2000 crore has been allocated for the CCTNS project and while it may potentially increase the effectiveness of tackling crime and terrorism, it raises questions around the legality of data sharing and its potential implications on the right to privacy and other human rights - especially if such data sharing results in data being disclosed or shared with unauthorised third parties.</p>
<p align="JUSTIFY">Similarly, the <span style="text-decoration: underline;"><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html">National</a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html"> </a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html">Intelligence</a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html"> </a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html">Grid</a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html"> (</a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html">NATGRID</a><a href="http://cybersecurityforindia.blogspot.in/2012/12/national-intelligence-grid-natgrid.html">)</a></span> is an integrated intelligence grid that will link the databases of several departments and ministries of the Government of India so as to collect comprehensive patterns of intelligence that can be readily accessed by intelligence agencies. This was first proposed in the aftermath of the Mumbai 2008 terrorist attacks and while it may potentially aid intelligence agencies in countering crime and terrorism, enforced privacy legislation should be a prerequisite, which would safeguard our data from potential abuse.</p>
<p align="JUSTIFY">However, the most controversial surveillance scheme being implemented in India is probably the <span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">Central</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system"> </a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">Monitoring</a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system"> </a><a href="https://cis-india.org/internet-governance/blog/indias-big-brother-the-central-monitoring-system">System</a></span> (CMS). While several states, such as Assam, already have <span style="text-decoration: underline;"><a href="http://www.assampolice.gov.in/tenders/20092012/EOI_IMS_20092012.pdf">Internet</a><a href="http://www.assampolice.gov.in/tenders/20092012/EOI_IMS_20092012.pdf"> </a><a href="http://www.assampolice.gov.in/tenders/20092012/EOI_IMS_20092012.pdf">Monitoring</a><a href="http://www.assampolice.gov.in/tenders/20092012/EOI_IMS_20092012.pdf"> </a><a href="http://www.assampolice.gov.in/tenders/20092012/EOI_IMS_20092012.pdf">Systems</a></span> in place, the Central Monitoring System appears to raise even graver concerns. In particular, the CMS is a system through which all telecommunications and Internet communications in India will be monitored by Indian authorities. In other words, the CMS will be capable of intercepting our calls and of analyzing our data on social networking sites, while all such data would be retained in a centralised database. Given that India currently lacks privacy legislation, such a system would mostly be unregulated and would pose major threats to our right to privacy and other human rights. Given that data would be centrally stored, the system would create a type of “honeypot” for centralised cyber attacks. Given that the centralised database would have massive volumes of data for literally a billion people, the probability of error in pattern and profile matching would be high - which could potentially result in innocent people being convicted for crimes they did not commit. Nonetheless, mass surveillance through the CMS is currently a reality in India.</p>
<p align="JUSTIFY">And the even bigger question: How can law enforcement agencies mine the data of 1.2 billion people? How do they even carry out surveillance in practice? Well, that’s where surveillance technology companies come in. In fact, the <span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers">surveillance</a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers"> </a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers">industry</a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers"> </a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers">in</a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers"> </a><a href="https://cis-india.org/internet-governance/blog/the-surveillance-industry-in-india-at-least-76-companies-aiding-our-watchers">India</a></span> is massively expanding - especially in light of its new surveillance schemes which require advanced and sophisticated technology. According to <span style="text-decoration: underline;"><a href="https://cis-india.org/cisprivacymonitor">CIS</a><a href="https://cis-india.org/cisprivacymonitor">’ </a><a href="https://cis-india.org/cisprivacymonitor">India</a><a href="https://cis-india.org/cisprivacymonitor"> </a><a href="https://cis-india.org/cisprivacymonitor">Privacy</a><a href="https://cis-india.org/cisprivacymonitor"> </a><a href="https://cis-india.org/cisprivacymonitor">Monitor</a><a href="https://cis-india.org/cisprivacymonitor"> </a><a href="https://cis-india.org/cisprivacymonitor">Map</a></span> - which is part of ongoing research - Indian law enforcement agencies use CCTV cameras in pretty much every single state in India. The map also shows that Unmanned Aerial Vehicles (UAVs), otherwise known as drones, are being used in most states in India and the <span style="text-decoration: underline;"><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/">DRDO</a><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/">’</a><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/">s</a><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/"> “</a><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/">Netra</a><a href="http://defence.pk/threads/drdo-develops-uav-netra-to-aid-anti-terrorist-operations.64086/">”</a></span> - which is a lightweight drone, not much bigger than a bird - is particularly noteworthy.</p>
<p align="JUSTIFY">But Indian law enforcement agencies also buy surveillance software and hardware which is aimed at intercepting telecommunications and Internet communications. In particular, <span style="text-decoration: underline;"><a href="http://www.clear-trail.com/">ClearTrail</a><a href="http://www.clear-trail.com/"> </a><a href="http://www.clear-trail.com/">Technologies</a></span> is an Indian company - based in Indore - which equips law enforcement agencies in India and around the world with <span style="text-decoration: underline;"><a href="http://www.wikileaks.org/spyfiles/docs/CLEARTRAIL-2011-Intemonisuit-en.pdf">surveillance</a><a href="http://www.wikileaks.org/spyfiles/docs/CLEARTRAIL-2011-Intemonisuit-en.pdf"> </a><a href="http://www.wikileaks.org/spyfiles/docs/CLEARTRAIL-2011-Intemonisuit-en.pdf">software</a></span> which can probably be compared with the “notorious” FinFisher. So in short, there appears to be a tight collaboration between Indian law enforcement agencies and the surveillance industry, which can be clearly depicted in the <span style="text-decoration: underline;"><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf">ISS</a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf"> </a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf">surveillance</a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf"> </a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf">trade</a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf"> </a><a href="http://www.wikileaks.org/spyfiles/docs/ISS-2013-Sche2013-en.pdf">shows</a></span>, otherwise known as “the wiretappers’ ball”.</p>
<h3><b>Corporate Surveillance</b></h3>
<p align="JUSTIFY">When I ask people about corporate surveillance, the answer I usually get is: <i>“Corporations only care about their profit - they don’t do surveillance per se”</i>. And while that may be true, <span style="text-decoration: underline;"><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">David</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">Lyon</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">’</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">s</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">definition</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">of</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">surveillance</a></span> - as <i>“any collection and processing of personal data, whether identifiable or not, for the purposes of influencing or managing those whose data have been garnered” </i>- may indicate otherwise.</p>
<p align="JUSTIFY">Corporations, like Google, Amazon and Facebook, may not have an agenda for spying per se, but they do collect massive volumes of personal data and, in cases such as PRISM, <span style="text-decoration: underline;"><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">allow</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">law</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">enforcement</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">to</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">tap</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">into</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">their</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">servers</a></span>. Once law enforcement agencies get hold of data collected by companies, such as Facebook, they then use data mining software - equipped by various surveillance technology companies - to process and mine the data. And how do companies, like Google and Facebook, make money off our personal data? By selling it to big buyers, such as law enforcement agencies.</p>
<p align="JUSTIFY">So while Facebook and all the ‘Facebooks’ of the world may not profit from surveillance per se, they do profit from collecting our personal data and selling it to third parties, which include law enforcement agencies. And David Lyon argues that <span style="text-decoration: underline;"><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">surveillance</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">involves</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">the</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">collection</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">of</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">personal</a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society"> </a><a href="https://globalsociology.pbworks.com/w/page/14711234/Network%20Society%20or%20Surveillance%20Society">data</a></span> - which corporations, like Facebook, do - for the purpose of influencing and managing individuals. While this last point can probably be widely debated on, it is clear that corporations share their collected data with third parties, which ultimately leads to the influence or managing of individuals - directly or indirectly. In other words, the collection of personal data, in combination with its disclosure to third parties, <i>is</i> surveillance. So when we think about companies, like Google or Facebook, we should not just think of businesses interested in their profit - but also of spying agencies. After all, <span style="text-decoration: underline;"><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">“</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">if</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">the</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">product</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">is</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">free</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">, </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">you</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">are</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">the</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/"> </a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">product</a><a href="http://www.forbes.com/sites/marketshare/2012/03/05/if-youre-not-paying-for-it-you-become-the-product/">”</a></span>.</p>
<p align="JUSTIFY">Now if we look at online corporations more closely, we can probably identify three categories:</p>
<p align="JUSTIFY">1. Websites through which we <i>buy products </i>and hand over our personal details - e.g. Amazon</p>
<p align="JUSTIFY">2. Websites through which we <i>use services</i> and hand over our personal details - e.g. flight ticket</p>
<p align="JUSTIFY">3. Websites through which we <i>communicate</i> and hand over our personal details - e.g. Facebook</p>
<p align="JUSTIFY">And why could the above be considered “spying” at all? Because such corporations collect massive volumes of personal data and subsequently:</p>
<p align="JUSTIFY">- <span style="text-decoration: underline;"><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">Disclose</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">such</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">data</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">to</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">law</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">enforcement</a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html"> </a><a href="http://www.nytimes.com/2013/03/22/technology/microsoft-releases-report-on-law-enforcement-requests.html">agencies</a></span></p>
<p align="JUSTIFY">- <span style="text-decoration: underline;"><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">Allow</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">law</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">enforcement</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">agencies</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">to</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">tap</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">into</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">their</a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&"> </a><a href="http://www.nytimes.com/2013/06/09/us/revelations-give-look-at-spy-agencys-wider-reach.html?_r=2&">servers</a></span></p>
<p align="JUSTIFY">- Sell such data to “third parties”</p>
<p align="JUSTIFY">What’s notable about so-called corporate surveillance is that, in all cases, there is a mutual, key element: we <i><span style="text-decoration: underline;"><a href="https://www.eff.org/wp/know-your-rights">consent</a><a href="https://www.eff.org/wp/know-your-rights"> </a></span></i><span style="text-decoration: underline;"><a href="https://www.eff.org/wp/know-your-rights">to</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">the</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">handing</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">over</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">of</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">our</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">personal</a><a href="https://www.eff.org/wp/know-your-rights"> </a><a href="https://www.eff.org/wp/know-your-rights">information</a></span>. We are not forced to hand over our personal data when buying a book online, booking a flight ticket or using Facebook. Instead, we “choose” to hand over our personal data in exchange for a product or service. Now what significantly differentiates state surveillance to corporate surveillance is the factor of <i>“choice”</i>. While we may choose to hand over our most personal details to large online corporations, such as Google and Facebook, we do not have a choice when the government monitors our communications, collects and stores our personal data.</p>
<h2 align="JUSTIFY"><span><b>State Surveillance </b></span><i><b>vs.</b></i><span><b> Corporate Surveillance</b></span></h2>
<p align="JUSTIFY">Both Indian law enforcement agencies and corporations collect massive volumes of personal data. In fact, it is probably noteworthy to mention that Facebook, in particular, <span style="text-decoration: underline;"><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">collects</a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/"> 20 </a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">times</a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/"> </a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">more</a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/"> </a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">data</a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/"> </a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">per</a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/"> </a><a href="http://www.zdnet.com/data-driven-analysis-debunks-claims-that-nsa-is-out-of-control-special-report-7000019522/">day</a></span> than the NSA in total. In addition, Facebook has <a href="http://www.ft.com/cms/s/0/7536d216-0f36-11e3-ae66-00144feabdc0.html#axzz2jDSrZPHv"><span style="text-decoration: underline;">claimed</span></a> that it has received more demands from the US government for information about its users than from all other countries combined. In this sense, the corporate collection of personal data can potentially be more harmful than government surveillance, especially when law enforcement agencies are tapping into the servers of companies like Facebook. After all, the Indian government and all other governments would have very little data to analyse if it weren’t for such corporations.</p>
<p align="JUSTIFY">Surveillance is not just about “spying” or about “watching people” - it’s about much much more. Observing people’s behaviour only really becomes harmful when the data observed is collected, retained, analysed, shared and disclosed to unauthorised third parties. In other words, surveillance is meaningful to examine because it involves the <a href="https://www.sogeti.nl/updates/vint/internet-things-has-dark-side-well-surveillance"><i><span style="text-decoration: underline;">analysis</span></i></a><span style="text-decoration: underline;"><a href="https://www.sogeti.nl/updates/vint/internet-things-has-dark-side-well-surveillance"> </a><a href="https://www.sogeti.nl/updates/vint/internet-things-has-dark-side-well-surveillance">of</a><a href="https://www.sogeti.nl/updates/vint/internet-things-has-dark-side-well-surveillance"> </a><a href="https://www.sogeti.nl/updates/vint/internet-things-has-dark-side-well-surveillance">data</a></span>, which in turn involves <span style="text-decoration: underline;"><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf">pattern</a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf"> </a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf">matching</a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf"> </a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf">and</a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf"> </a><a href="http://www.surveillance-and-society.org/articles1/whatsnew.pdf">profiling</a></span>, which can potentially have actual, real-world implications - good or bad. But such analysis cannot be possible without having access to large volumes of data - most of which belong to large corporations, like Facebook. The question, though, is: How do corporations collect such large volumes of personal data, which they subsequently share with law enforcement agencies? Simple: Because <i>we “choose”</i> to hand over our data!</p>
<p align="JUSTIFY">Three years ago, when I was doing research on young people’s perspective of Facebook, all of the interviewees replied that they feel that they are in control of their personal data, because they “choose” what they share online. While this may appear to be a valid point, the “choice” factor can widely be debated on. There are many reasons why people “choose” to hand over their personal data, whether to buy a product, use a service, to communicate with peers or because they feel socially pressured into using social networking sites. Nonetheless, it all really comes down to one main reason: <a href="http://edition.cnn.com/2010/TECH/04/14/oppmann.off.the.grid/"><i><span style="text-decoration: underline;">convenience</span></i></a>. Today, in most cases, the reason why we hand over our personal data online in exchange for products or services is because it is simply more convenient to do so. And while that is understandable, at the same time we are exposing our data (and ultimately our lives) in the name of convenience.</p>
<p align="JUSTIFY">The irony in all of this is that, while many people reacted to <span style="text-decoration: underline;"><a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html">Snowden</a><a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html">’</a><a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html">s</a><a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html"> </a><a href="http://america.aljazeera.com/articles/multimedia/timeline-edward-snowden-revelations.html">revelations</a></span> on NSA dragnet surveillance, most of these people probably have profiles on Facebook. Secret, warrantless government surveillance is undeniably intrusive, but in the end of the day, our profiles on Facebook - and on all the ‘Facebooks’ of the world - is what enabled it to begin with. In other words, if we didn’t choose to give up our personal data - especially without really knowing how it would be handled - large databases would not exist and the NSA - and all the ‘NSAs’ of the world - would have had a harder time gathering and analysing data.</p>
<p align="JUSTIFY">In short, the main difference between state and corporate surveillance is that the first is imposed in a top-down manner by authorities, while the second is a result of our “choice” to give up our data. While many may argue that it’s worse to have control imposed on you, I strongly disagree. When control and surveillance are imposed on us in a top-down manner, it’s likely that we will perceive this - sooner or later - as a <i>direct</i> threat to our human rights, which means that it’s likely that we will resist to it at some point. People usually react to what they perceive as a direct threat, whereas <span style="text-decoration: underline;"><a href="https://www.schneier.com/essay-155.html">they</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">rarely</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">react</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">to</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">what</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">does</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">not</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">directly</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">affect</a><a href="https://www.schneier.com/essay-155.html"> </a><a href="https://www.schneier.com/essay-155.html">them</a></span>. For example, one may perceive murder or suicide as a direct threat due the immediateness of its effect, whereas smoking may not be seen as an equally direct threat, because its consequences are indirect and can usually be seen in the long term. It’s somehow like that with surveillance.</p>
<p align="JUSTIFY"><span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">University</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">students</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">have</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">protested</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">on</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">the</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">streets</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">against</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">the</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">installation</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">of</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">CCTV</a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities"> </a><a href="https://cis-india.org/internet-governance/blog/privacy/cctv-in-universities">cameras</a></span>, but how many of them have profiles on social networking sites, such as Facebook? People may react to the installation of CCTV cameras, because it may appear as a direct threat to their right to privacy. However, the irony is that the real danger does not necessarily lie within some CCTV cameras, but rather within the profile of each person on a major commercial social networking site. At very best, a CCTV camera will capture some images of us and through that, track our location and possibly our acquaintances. What type of data is captured through a simple, “harmless” Facebook profile? The following probably only includes a tiny percentage of what is actually captured:</p>
<p align="JUSTIFY">- Personal photos</p>
<p align="JUSTIFY">- Biometrics (possibly through photos)</p>
<p align="JUSTIFY">- Family members</p>
<p align="JUSTIFY">- Friends and acquaintances</p>
<p align="JUSTIFY">- Habits, hobbies and interests</p>
<p align="JUSTIFY">- Location (through IP address)</p>
<p align="JUSTIFY">- Places visited</p>
<p align="JUSTIFY">- Economic standing (based on pictures, comments, etc.)</p>
<p align="JUSTIFY">- Educational background</p>
<p align="JUSTIFY">- Ideas and opinions (which may be political, religious, etc.)</p>
<p align="JUSTIFY">- Activities</p>
<p align="JUSTIFY">- Affiliations</p>
<p align="JUSTIFY">The above list could potentially go on and on, probably depending on how much - or what type - of data is disclosed by the individual. The interesting element to this is that <span style="text-decoration: underline;"><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">we</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">can</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">never</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">really</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">know</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">how</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">much</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">data</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">we</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">are</a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/"> </a><a href="http://www.forbes.com/sites/cherylsnappconner/2012/10/19/sharing-too-much-itll-cost-you/">disclosing</a></span>, even if we think we control it. While an individual may argue that he/she chooses to disclose an x amount of data, while retaining the rest, that individual may actually be disclosing a 10x amount of data. This may be the case because usually every bit of data hides lots of other bits of data, that we may not be aware of. <i>It all really comes down to who is looking at our data, when and why.</i></p>
<p align="JUSTIFY">For example, (fictional) Priya may choose to share on her Facebook profile (through photos, comments, or any other type of data) that she is female, Indian, a Harvard graduate and that her favourite book is <span style="text-decoration: underline;"><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">“</a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">Anarchism</a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view"> </a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">and</a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view"> </a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">other</a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view"> </a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">Essays</a><a href="http://www.free-ebooks.net/ebook/Anarchism-and-other-essays/pdf/view">”</a></span> by Emma Goldman. At first glance, nothing appears to be “wrong” with what Priya is revealing and in fact, she appears to care about her privacy by not revealing “the most intimate details” of her life. Moreover, one could argue that there is absolutely nothing “incriminating” about her data and that, on the contrary, it just reflects that she is a “shiny star” from Harvard. However, I am not sure if a data analyst would be restricted to this data and if data analysis would show the same “sparkly” image.</p>
<p align="JUSTIFY">In theory, the fact that Priya is an Indian who attended Harvard reveals another bit of information, that Priya did not choose to share: her economic standing. Given that the majority of Indians live below the line of poverty, there is a big probability that Priya belongs to India’s middle class - if not elite. Priya may not have intentionally shared this information, but it was indirectly revealed through the bits of data that she did reveal: female Indian and Harvard graduate. And while there may not be anything “incriminating” about the fact that she has a good economic standing, in India this usually means that there’s also some strong political affiliation. That brings us to her other bit of information, that her favourite author is a feminist, anarchist. While that may be viewed as indifferent information, it may be crucial depending on the specific political actors in the country she’s in and on the general political situation. If a data analyst were to map the data that Priya chose to share, along with all her friends and acquaintances that she inevitably has through Facebook, that data analyst could probably tell a story about her. And the concerning part is that that story may or may not be true. But that doesn’t really matter.</p>
<p align="JUSTIFY">Today, governments don’t judge us and take decisions based on our version of our data, but<span style="text-decoration: underline;"><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">based</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">on</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">what</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">our</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">data</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">says</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">about</a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us"> </a><a href="http://www.npr.org/blogs/alltechconsidered/2013/10/02/228134269/your-digital-trail-does-the-fourth-amendment-protect-us">us</a></span>. And perhaps, under certain political, social and economic circumstances, our “harmless” data could be more incriminating than what we think. While an individual may express strong political views within a democratic regime, if that political system were to change in the future and to become authoritarian, that individual would possibly be suspicious in the eyes of the government - to say the least. This is where data retention plays a significant role.</p>
<p align="JUSTIFY">Most companies <span style="text-decoration: underline;"><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">retain</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">data</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">indefinitely</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">or</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">for</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">a</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">long</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">period</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">of</a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf"> </a><a href="http://www.bryancave.com/files/Publication/cbd3503b-c968-4565-9cc7-016b9aa3b6f1/Presentation/PublicationAttachment/b24d1c5a-4550-4207-9486-062a025da8d9/Data%20Privacy%20and%20Security%20Team_Retaining%20Data_March%202012.pdf">time</a></span>, which means that future, potentially less-democratic governments may have access to it. And the worst part is that we can never really know what data is being held about us, because within data analysis, <span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/spy-files-three">every</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">bit</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">of</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">data</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">may</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">potentially</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">entails</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">various</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">other</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">bits</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">of</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">data</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">that</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">we</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">are</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">not</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">even</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">aware</a><a href="https://cis-india.org/internet-governance/blog/spy-files-three"> </a><a href="https://cis-india.org/internet-governance/blog/spy-files-three">of</a></span>. So, when we “choose” to hand over our data, we don’t necessarily know what or how much we are choosing to disclose. Thus, this is why I agree with Bruce Schneier’s argument that people have an <i><span style="text-decoration: underline;"><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html">illusionary</a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html"> </a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html">sense</a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html"> </a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html">of</a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html"> </a><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html">control</a></span></i><a href="https://www.schneier.com/blog/archives/2006/09/facebook_and_da.html"><span style="text-decoration: underline;"> </span></a>over their personal data.</p>
<p align="JUSTIFY"><span style="text-decoration: underline;"><a href="http://www.faculty.ucr.edu/~hanneman/nettext/">Social</a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/"> </a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/">network</a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/"> </a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/">analysis</a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/"> </a><a href="http://www.faculty.ucr.edu/~hanneman/nettext/">software</a></span> is specifically designed to mine huge volumes of data that is collected through social networking sites, such as Facebook. Such software is specifically designed to profile individuals, to create “trees of communication” around them and to <span style="text-decoration: underline;"><a href="http://www.scs.ryerson.ca/~bgajdero/research/Malta08.pdf">match</a><a href="http://www.scs.ryerson.ca/~bgajdero/research/Malta08.pdf"> </a><a href="http://www.scs.ryerson.ca/~bgajdero/research/Malta08.pdf">patterns</a></span>. In other words, this software tells a story about each and every one of us, based on our activities, interests, acquaintances, and all other data. And as mentioned before, such a story may or may not be true.</p>
<p align="JUSTIFY">In data mining, <span style="text-decoration: underline;"><a href="http://www.sagepub.com/upm-data/40006_Chapter1.pdf">behavioural</a><a href="http://www.sagepub.com/upm-data/40006_Chapter1.pdf"> </a><a href="http://www.sagepub.com/upm-data/40006_Chapter1.pdf">statistics</a></span> are being used to analyse our data and to predict how we are likely to behave. When applied to national databases, this may potentially amount to predicting how masses or groups within the public are likely to behave and to subsequently control them. If a data analyst can predict an individual’s future behaviour - with some probability - based on that individuals’ data, the same could potentially occur on a mass, public level. As such, the danger within surveillance - especially corporate surveillance through which we<span style="text-decoration: underline;"><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">voluntarily</a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">disclose</a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">massive</a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">amounts</a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">of</a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/08/the_publicpriva_1.html">data</a></span> about ourselves - is that it appears to come down to <i>public control</i>.</p>
<p align="JUSTIFY">According to security expert Bruce Schneier, <span style="text-decoration: underline;"><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">data</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">today</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">is</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">a</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">byproduct</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">of</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">the</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">Information</a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/"> </a><a href="http://edition.cnn.com/2013/10/16/opinion/schneier-surveillance-trajectories/">Society</a></span>. Unlike an Orwellian totalitarian state where surveillance is imposed in a top-down manner, surveillance today appears to widely exist because we indirectly choose and enable it (by handing over our data to online companies), rather than it being imposed on us in a solely top-down manner. However, contemporary surveillance may potentially be far worse than that described in Orwell’s “1984”, because surveillance is publicly perceived to be an <i>indirect </i>threat - if considered to be a threat at all. It is more likely that people will resist a direct threat, than an indirect threat, which means that the possibility of mass violations of human rights as a result of surveillance is real.</p>
<p align="JUSTIFY">Hannah Arendt argued that a main prerequisite and component of totalitarian power is <span style="text-decoration: underline;"><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/">support</a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/"> </a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/">by</a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/"> </a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/">the</a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/"> </a><a href="http://livingtext.wordpress.com/2012/11/26/totalitarianism-was-supported-by-the-masses/">masses</a></span>. Today, surveillance appears to be socially integrated within societies which indicates that contemporary power fueled by surveillance has mass support. While the argument that surveillance is being socially integrated can potentially be widely debated on and requires an entire in depth research of its own, few simple facts might be adequate to prove it at this stage. Firstly, <span style="text-decoration: underline;"><a href="https://cis-india.org/cisprivacymonitor">CCTV</a><a href="https://cis-india.org/cisprivacymonitor"> </a><a href="https://cis-india.org/cisprivacymonitor">cameras</a></span> are installed in most countries, yet there has been very little resistance - on the contrary, there appears to be a type of universal acceptance on the grounds of security. Secondly, different types of spy products exist in the market - such as <span style="text-decoration: underline;"><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/">Spy</a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/"> </a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/">Coca</a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/"> </a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/">Cola</a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/"> </a><a href="http://www.medianama.com/2013/05/223-surveillance-industry-study-shows-at-least-76-companies-aiding-surveillance-in-india-cis-india/">cans</a></span> - which can be purchased by anyone online. Thirdly, countries all over the world carry out controversial surveillance schemes - such as the <span style="text-decoration: underline;"><a href="http://www.techdirt.com/articles/20130629/17255423670/how-indian-governments-central-monitoring-system-makes-nsa-look-like-paragon-restraint.shtml">Central</a><a href="http://www.techdirt.com/articles/20130629/17255423670/how-indian-governments-central-monitoring-system-makes-nsa-look-like-paragon-restraint.shtml"> </a><a href="http://www.techdirt.com/articles/20130629/17255423670/how-indian-governments-central-monitoring-system-makes-nsa-look-like-paragon-restraint.shtml">Monitoring</a><a href="http://www.techdirt.com/articles/20130629/17255423670/how-indian-governments-central-monitoring-system-makes-nsa-look-like-paragon-restraint.shtml"> </a><a href="http://www.techdirt.com/articles/20130629/17255423670/how-indian-governments-central-monitoring-system-makes-nsa-look-like-paragon-restraint.shtml">System</a></span> in India - yet public resistance to such projects is limited. And while one may argue that the above cases don’t necessarily prove that surveillance is being socially integrated, it would be interesting to look at a fourth fact: most people who have Internet access <i>choose </i>to share their personal data through the use of social networking sites.</p>
<p align="JUSTIFY">Reality shows, such as Big Brother, which broadcast the surveillance of people’s lives and present it as a form of entertainment - when actually, I think it should be worrisome - appear to enable the social integration of surveillance. The very fact that we all probably - or, hopefully - know that Facebook can share our personal data with unauthorised third parties and - now, after the Snowden revelations - that governments can tap into Facebook’s servers, should be enough to convince us to delete our profiles. Yet, why do we still all have Facebook profiles? Perhaps because surveillance is socially integrated and perhaps because it is just <span style="text-decoration: underline;"><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html">convenient</a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html">to</a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html">be</a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html">on</a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html"> </a><a href="https://www.schneier.com/blog/archives/2013/06/trading_privacy_1.html">Facebook</a></span>. But that doesn’t change the fact that surveillance can potentially be a threat to our human rights. It just means that we perceive surveillance as an indirect threat and that we are unlikely to react to it.</p>
<p align="JUSTIFY">In the long term, what does this mean? Well, it seems like we will probably be <span style="text-decoration: underline;"><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">more</a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate"> </a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">acceptive</a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate"> </a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">towards</a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate"> </a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">more</a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate"> </a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">authoritarian</a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate"> </a><a href="https://cis-india.org/internet-governance/blog/interview-with-caspar-bowden-privacy-advocate">power</a></span>, that we will be used to the idea of censoring our own thoughts and actions (in the fear of getting caught by the CCTV camera on the street or the spyware which may or may not be implanted in our laptop) and that ultimately, we will be less politically active and more reluctant to challenge the authority.</p>
<p align="JUSTIFY">What’s particularly interesting though about surveillance today is that it is fueled and <span style="text-decoration: underline;"><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">enabled</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">through</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">our</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">freedom</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">of</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">speech</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">and</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">general</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">Internet</a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063"> </a><a href="http://www.amazon.com/The-Net-Delusion-Internet-Freedom/dp/1610391063">freedom</a></span>. If we didn’t have any Internet freedom - or as much as we do - we would have disclosed less personal data and thus surveillance would probably have been more restricted. The more Internet freedom we have, the more personal data we will disclose on Facebook - and on all the ‘Facebooks’ of the world - and the more data will potentially be available to mine, analyse, share and generally incorporate in the surveillance regime. So in this sense, Internet freedom appears to be a type of prerequisite of surveillance, as contradictory and ironic as it may seem. No wonder why the Chinese government has gone the extra mile in creating the <span style="text-decoration: underline;"><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">Chinese</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">versions</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">of</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">Facebook</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">and</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515">Twitter</a><a href="http://www.mirror.co.uk/news/world-news/weibo-chinese-version-of-twitter-can-1545515"> </a></span>- it’s probably no coincidence.</p>
<p align="JUSTIFY">While we may blame governments for establishing surveillance schemes, ISP and TSP operators for complying with governments’ license agreements which often mandate that they create backdoors for spying on us and security companies for creating the surveillance gear in the first place, in the end of the day, we are all equally a part of this mess. If we didn’t <i>choose </i>to hand over our personal data to begin with, none of the above would have been possible.</p>
<p align="JUSTIFY">The real danger in the Digital Age is not necessarily surveillance per se, but our <i>choice</i> to voluntarily disclose our personal data.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/why-facebook-is-more-dangerous-than-the-government-spying-on-you'>https://cis-india.org/internet-governance/blog/why-facebook-is-more-dangerous-than-the-government-spying-on-you</a>
</p>
No publishermariaSAFEGUARDSInternet GovernancePrivacy2013-11-23T08:38:30ZBlog Entry Whose Data is it Anyway?
https://cis-india.org/internet-governance/whose-data-is-it
<b>Tactical Technology Collective and the Centre for Internet & Society invite you to the second round of discussions of the Exposing Data Series at the CIS office in Bangalore on 24 January 2012. Siddharth Hande and Hapee de Groot will be speaking on this occasion.</b>
<p>Like countless others, this title is a convenient adaptation of a 1972 play by Brian Clark, Whose Life is it Anyway?, a meditation on 'euthanasia' and the extent to which governments or the law can determine the private life of an individual. In a similar sense we use the title to help frame the second set of conversations in the Exposing Data Series, to zero in on the idea of data and who has the right to decide what happens with it. Philosophically, and also at the level of code, computing and the law, the ownership of data can be a somewhat odd and a contentious thing to grapple with. The only other understandings of 'ownership' we really have are those of property and identity and these get imputed onto the intangibility of data. And, in some senses now, many aspects of one's identity exist as data.</p>
<p> </p>
<p> </p>
<p>There are a range of experiences of data ownership that we talk about and experience daily. On the one hand you can hoard hard disks with favourite content to retrieve memories and experiences. On the other end of things, you can aggregate your experiences and memories with that of thousands of others, that then gets treated almost like a private hard disk belonging to some mysterious X. Who is this Mysterious X? Is there a Y? Or an XY? What is the trajectory of data in its movement from the individual to a larger, shadowy infrastructure that harvests it? What happens to our idea of data in its reconfiguration from intangible code to an idea of politics and rights? To introduce another provocation, do our existing ideas of data ownership objectify individuals? What does this objectification imply for the notion of personal privacy? For example, does the fetishization of 'things' called data obfuscate the idea of personal privacy?</p>
<p>One of the ways in which we may consider looking at open data initiatives for transparency and accountability is to assess it as discourse, and in relation to what happens when communities aggregate data. Open Government Data usually involves a top-down approach in terms of how it is aggregated, collated, shared, whilst community based approaches are more particular, contextual and local. What do these different approaches give us when we bring them to the same table?</p>
<p>The second event in the Exposing Data Series will focus on data ownership, looking into open government data and community-based data aggregation, to explore the various levels of data collection, the movement of data and its exchange, its representation, and dissemination in different contexts.</p>
<h2>Speakers<br /></h2>
<ol><li>Siddharth Hande, Transparent Chennai</li><li>Hapee de Groot, Hivos, Netherlands</li></ol>
<p>This event is free and open to everyone. However, we would appreciate a confirmation of attendance ahead of time so as to ensure that your space is reserved. To confirm your attendance please write to: <a class="external-link" href="mailto:yelena.gyulkhandanyan@gmail.com">yelena.gyulkhandanyan@gmail.com <br /></a></p>
<p>Photo Source:<a class="external-link" href="http://www.freedigitalphotos.net/images/view_photog.php?photogid=2000"> http://www.freedigitalphotos.net/images/view_photog.php?photogid=2000</a></p>
<p><a class="external-link" href="http://www.freedigitalphotos.net/images/view_photog.php?photogid=2000"><strong>VIDEOS</strong><br /></a></p>
<p> </p>
<iframe src="http://blip.tv/play/AYLsxhgA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLsxhgA" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLsxj8A.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLsxj8A" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLsxwAA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLsxwAA" type="application/x-shockwave-flash"></embed>
<iframe src="http://blip.tv/play/AYLsxxUA.html?p=1" frameborder="0" height="250" width="250"></iframe><embed style="display:none" src="http://a.blip.tv/api.swf#AYLsxxUA" type="application/x-shockwave-flash"></embed>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/whose-data-is-it'>https://cis-india.org/internet-governance/whose-data-is-it</a>
</p>
No publisherpraskrishnaEvent TypeVideoInternet GovernancePrivacy2012-04-28T04:12:15ZEventWhole Body Imaging and Privacy Concerns that Follow
https://cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison
<b>Law student at the National University of Juridical Sciences, and intern for Privacy India, Srishti Goyal compares, contrasts, and critiques the Whole Body Imaging practices found in the US, the UK, and Australia, and makes recommendations for an Indian regime. </b>
<h3>Introduction</h3>
<p>Whole Body Imaging has been introduced in many countries in light of growing security concerns, two examples in particular being the attack on the twin towers in USA, and what is commonly known as the Christmas Bomb (A man by the name of Umar Farouk Abdulmutallab tried to detonate a bomb on a flight from Amsterdam as it was about to land in Detroit.) Despite the security concerns that have motivated the implementation of Whole Body Imaging, there are also many concerns that have prevented the full fledged application of this technology. Opponents to the technology have stated that the full body scanner would expose travelers to harmful radiation and is thus a health hazard. Others have stated that these digital strip searches (as they are popularly known) will violate child pornography laws. Some, who are trying to encourage the use of full body scanners, are of the opinion that it is better to opt for a whole body scan as the “pat down” searches are more invasive in nature. There are also the concerns that persons may be singled out on the basis of their color and ethnicity. The scope of research for this particular paper is limited to the extent of the privacy concerns that have arisen in light of the use of the technology in order to achieve better security. The question that forms the crux of the debate is: should ones personal privacy be compromised in order to ensure security for one and all? The primary reason why whole body scanners are said to breach privacy is because of the invasive nature of the images produced, which can be detailed enough to show genitalia of the person being scanned.<br />Learning from the experience of other nations that have already implemented the use of Whole Body Imaging” we can decide what policies India should have in place and most importantly whether or not India realistically has a use for this technology. <br />Adequate privacy, it is said, is obtained when the restriction on access to persons and personal information allows a person not to be subjected to intrusion and public exposure [<a href="#1">1</a>]. Full body scanners can be called intrusive because in effect they allow the government to carry out strip searches by using technology to remove clothes instead of physically doing the same. Apart from this there are other concerns. For instance there have been instances when these images have been saved and have been uploaded on the internet [<a href="#2">2</a>]. In Lagos these images have been used as pornographic material. There is also a cause of concern amongst transgender who do not feel comfortable in revealing their gender which is different from the gender that they portray[<a href="#3">3</a>] and they are of the opinion that this information could lead to harassment. Since the scanners can detect medical equipment people who use colostomy bags and catheters which are otherwise hidden may find these scans embarrassing [<a href="#4">4</a>].</p>
<h3>USA</h3>
<p>In the U.S, Whole Body Imaging was introduced in light of the growing concerns with regard to security at airports and terrorist attacks. The Transportation Security Administration is responsible for monitoring security at the airport. The TSA has thus introduced Full Body Scanners at airports. In order to address the privacy concerns that have been raised the TSA has taken the following steps:</p>
<ul><li> Ensuring that the Security officer who is privy to the scan is not the same as the officer interacting with the person who is being scanned. </li><li>The TSA has also stated that personally identifiable information will not be stored and distributed.[<a href="#5">5</a>] </li><li>Another step towards safeguarding the privacy of the passengers has been to blur the faces of the person being scanned.[<a href="#6">6</a>]</li></ul>
<p> Though the TSA has taken various steps to ensure the privacy of individuals, one can argue that these measures are not without loopholes. The fact that the Security Officer looking at the scan and the Security officer handling the passenger are different does not do away with this invasion of privacy. There is also the added concern that these images may be uploaded on the internet, which in fact has already been done. The release and collection of these images is in contravention of the Privacy Act of 1974 that governs the collection, maintenance, use and dissemination of personal identifiable information about individuals which in the possession of the federal agencies. The TSA assures that the images will not be retained, but the fact is that the machines have been programmed such as to enable retention of images, if the same has been disable, it can be tampered with. Lastly, on the point of blurring of faces, it is a software fix and can be undone as easily as the application of the software. The TSA in its Privacy impact Assessment report had listed down that full body scanning would initially be a secondary screening measure. What this means is that everyone goes through one level of security screening and if one is randomly selected or the security has reason to suspect a passenger, the passenger can be called for a second level of screening. At which point the passengers will undergo full body scanning.<br /> A federal judge in California, in 1976 said that the laws of privacy “encompass the individual's regard for his own dignity; his resistance to humiliation and embarrassment; his privilege against unwanted exposure of his nude body and bodily functions." As already stated, these body scanners lead to situations that can be embarrassing, do lead to unwanted exposure of body, and can lead to situation where the person scanned could be humiliated (as in the case of transgender and other persons with catheters and colostomy bags). The Electronic Privacy Information Center is a non-profit group that was established to focus attention on civil liberties issue. EPIC challenged the constitutional validity of full body scanning, claiming that the same violated the fourth amendment [<a href="#9">9</a>]. The amendment guards against unlawful searches and seizures. In the case of whole body imaging, travelers are subjected to “invasive searches” without any suspicion that they did anything wrong, and without being informed of the reason he/she is being subjected to a search of such a nature. [<a href="#10">10</a>] The latest is the use of this technology in courthouses in Florida and at train stations. </p>
<h3>UK</h3>
<p>In the UK if a passenger is selected for full body scanning, the passenger must comply [<a href="#11">11</a>]. The passenger is forbidden from flying if he or she refuses to the scanning process and cannot ask for an alternate screening process [<a href="#12">12</a>] Unlike the US in the UK the option of a pat-down search is not available. The steps taken to protect the privacy of the passengers are the same as practiced in the US.</p>
<ul><li>The images of the passengers are not retained </li><li>The images are produce in such a manner that the Security officer cannot recognize the person.</li></ul>
<p>A major concern in UK is the violation of child pornography laws that do not allow the creation of indecent images of a child. However, a rule that would have exempted persons under the age of 18 from full body scans was overturned by the government in the UK [<a href="#13">13</a>]. Gordon Brown the Prime Minister of UK in 2010 gave permission for the use of full body scanners at the airports. BAA Ltd, which operates six airports in UK (including the Heathrow Airport) has undertaken the installation of these scanners at its airports. In general, the security at the airports comes under the ambit of the Homeland Security and the department will be supervising the installation of the machines. Lord Adonis, the Transport Secretary, confirmed the new policy in a written parliamentary statement, saying that the scanners would help security staff to detect explosives or other dangerous items [<a href="#14">14</a>].</p>
<p>One of the major opponents of Whole Body Imaging has been the Equality and Human Right Commission (EHRC), which is of the opinion that the use of this technology would breach the privacy rules under the Human Rights Act [<a href="#15">15</a>]. The move to use this technology has raised concerns about the excessive collection of personal data. Big Brother Watch, a campaign that fights intrusion on privacy and protects liberties of people, started an online movement that opposes and raises concerns with full body scanning. It has also listed down all the airports around the world that are using (or are going to be using) this technology [<a href="#16">16</a>]. The only group that has openly welcomed this move of the government has been the Liberal Democrats [<a href="#17">17</a>]. The British Department of Transport has published an Interim Code of Practice covering the privacy, health and safety, data protection and equality issues associated with the use of body scanners. The Code calls for the implementation of detailed security standards and for an effective privacy policy to be put in place by airport operators.</p>
<p>The privacy policy should include as a minimum:</p>
<ul><li>rules regarding the location of the equipment;</li><li> A process for identifying who will read the screen (i.e., a person of the same sex as the person selected for scanning);</li><li>A process for selecting passengers (passengers must not be selected on the basis of personal characteristics such as, gender, age, race or ethnic origin);</li><li>Prohibition on copying or transferring the images in any way;</li><li>Instructions for the images of the passenger to be destroyed and rendered irretrievable once the image has been analyzed; and</li><li>A process to call on an appropriate Security Officer if an image suggests there is a viable threat to passenger or staff security.</li></ul>
<p>The BodyScanner Task Force was established by the European Commission to publish an impact assessment report and to advise the commission, but the task force has yet to publish its report with specific legislative proposals [<a href="#18">18</a>]. </p>
<p>Concerns in the UK also arose in light of a response of a judge to a complaint by the Electronic Privacy Information Centre (based in Washington). The judge stated that the Department of Homeland Security (USA) would be allowed to keep images of individuals screened at the airport [<a href="#19">19</a>]. This raises concerns amongst activists as to which images can and which images cannot be saved by the airport authorities.</p>
<h3>Australia</h3>
<p>Post the attempted attack on Christmas Day, pressure on countries such as Australia increased to make use of whole body imaging technology. However, the Association of Asia Pacific Airliners, an association of the international carriers servicing in Australia, criticised the use of full body scanners [<a href="#20">20</a>]. Apart from the privacy concerns, that people all over the world share, another aspect that is cause for concern in Australia is the increase in traveling cost. The machines used for whole body imaging is extremely expensive, and thus the question posed time and again in Australia is if it will be economically viable to make use of this technology?[<a href="#21">21</a>] The Queensland Council for civil liberties has opposed the use of this Advance Imaging Technology (AIT) and has stated that passengers should be allowed to refuse being scanned and should be allowed to opt for a pat down. Kevin Rudd (the Prime Minister of Australia at the time of implementation of this technology) had taken note of the privacy concerns and assured that such measure would be undertaken that would mitigate these concerns. Currently, Body scanners are installed at the international airports in Australia. The transport minister has said that the images produced would be stick figures and not naked images [<a href="#22">22</a>]. This move has been taken in light of the back clash that body scanners faced in the USA. Changes regarding whole body imaging have been referred to the Privacy Commissioner in order to ensure that privacy is not intruded. Namely, Full Body screening will not be applied to all the passengers - instead passengers will either be randomly selected or will be selected on the basis of their profiles [<a href="#23">23</a>].</p>
<h3>India</h3>
<p>Currently in India whole body scanners can be found at the Delhi International Airport [<a href="#24">24</a>]. Thus, debate and discussion about the use of these scanners has not gained much momentum in India. It would be advisable that when framing legislation or guidelines to govern full body scanners, India incorporates the experiences of other nations who have already started the use of this technology.</p>
<p>Generally speaking it seems as though the use of a full body scanner would not be recommendable for the Indian scenario. It has already been seen that these scans are not very effective in detecting plastic and fluids [<a href="#25">25</a>]. Additionally the scanner only shows objects that are on the body and not in the body. Thus, the effectiveness of these scanners is questionable (especially considering it cannot detect plastics and light fluids) [<a href="#26">26</a>]. Additionally, in India the demographic using these scanners would be very different from the people using these scanners in other countries. For instance, it has been pointed out that the interest of Muslim women has not been taken into account when introducing this method of screening. Apart from personal privacy issues there are religious issues that arise, and though the instances of the same maybe far apart in other nations, in India the same will act as a hindrance on a daily basis. If not dealt with delicately this can be a major cause of concern that will have far reaching ramifications. Furthermore, one cannot stress enough the cost that will be involved with the implementation of these scanners. These scanners are extremely expensive and require trained Security Officers to operate them. Additionally, what the scanners seek to accomplish can be achieved by insuring that the pat-downs are carried out properly. But there is a caveat that must be mentioned here. In US, one is allowed to choose between a pat-down and a body scanner. There have been instances when these pat-downs have been more intrusive than the body scanners. Thus, there should be guidelines in place as to how these pat-downs should be carried out. The guidelines should specify actions that the Security Officials would not be allowed to carry out.</p>
<p>Lastly, even if India decided to adopt the full body scanners, considering it helps save time and takes only 15 seconds to complete, it should not be used as a primary screening method. Hypothetically, if body scanners are used as a secondary screening process, alternate screening processes should be available if the passenger does not wish to subject himself/ herself to the scan. But then the question is why should the government invest so much in an expensive technology which the passengers can easily avoid?</p>
<p> </p>
<h3>Bibliography:</h3>
<p> <br /><a name="1">[1].A Companion to Philosophy of Law and Legal Theory, Constitutional Law and Privacy, Anita. L. Allen Pg 147.</a></p>
<p><a name="2">[2]</a><a href=".http://gizmodo.com/5690749/these-are-the-first-100-leaked-body-scans">.http://gizmodo.com/5690749/these-are-the-first-100-leaked-body-scans.</a></p>
<p><a name="3">[3]</a>.<a href="http://www.airlinereporter.com/2010/08/we-do-not-have-all-the-same-body-parts-and-body-scanners-violates-your-privacy/"> Available at http://www.airlinereporter.com/2010/08/we-do-not-have-all-the-same-body-parts-and-body-scanners-violates-your-privacy/.</a></p>
<p><a name="4">[4]</a><a href=".http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searchers">.http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searchers.</a></p>
<p><a name="5">[5]</a>.<a href="http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_wbi.pdf">Privacy impact assessment report. Available at - http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_tsa_wbi.pdf.</a></p>
<p><a name="6">[6]</a><a href="http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searches">.http://www.aclu.org/technology-and-liberty/aclu-backgrounder-body-scanners-and-virtual-strip-searches.</a></p>
<p><a name="7">[7].</a><a href="http://travel.usatoday.com/flights/2010-07-13-1Abodyscans13_ST_N.htm">http://travel.usatoday.com/flights/2010-07-13-1Abodyscans13_ST_N.htm .</a></p>
<p><a name="8">[8]</a><a href="https://cis-india.org/internet-governance/blog/">.http://www.stopdigitalstripsearches.org/.</a></p>
<p><a name="9">[9].</a><a href="http://epic.org/privac/airtravel/backscatter/"> http://epic.org/privac/airtravel/backscatter/.</a></p>
<p><a name="10">[10]</a><a href="http://www.dailymail.co.uk/news/article-2012249/TSA-scanners-catch-implant-bomber-admit-officials.html?ito=feeds-newsxml">.http://www.dailymail.co.uk/news/article-2012249/TSA-scanners-catch-implant-bomber-admit-officials.html?ito=feeds-newsxml.</a></p>
<p><a name="11">[11]</a><a href="http://news.bbc.co.uk/2/hi/uk_news/8490860.stm">.http://news.bbc.co.uk/2/hi/uk_news/8490860.stm.</a></p>
<p><a name="12">[12]</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/03/body-scanner-refuseniks.html">.http://www.bigbrotherwatch.org.uk/home/2010/03/body-scanner-refuseniks.html.</a></p>
<p><a name="13">[13]</a><a href="http://news.bbc.co.uk/2/hi/uk_news/8490860.stm">.http://news.bbc.co.uk/2/hi/uk_news/8490860.stm.</a></p>
<p><a name="14">[14].</a><a href="http://www.timesonline.co.uk/tol/news/uk/article7011224.ece">http://www.timesonline.co.uk/tol/news/uk/article7011224.ece.</a></p>
<p><a name="15">[15].</a><a href="http://www.timesonline.co.uk/tol/news/politics/article6990990.ece">http://www.timesonline.co.uk/tol/news/politics/article6990990.ece.</a></p>
<p><a name="16">[16]</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html">.http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html.</a></p>
<p><a name="17">[17]</a><a href="http://news.bbc.co.uk/2/hi/8438355.stm">.http://news.bbc.co.uk/2/hi/8438355.stm.</a></p>
<p><a name="18">[18]</a><a href="http://www.huntonprivacyblog.com/2010/02/articles/european-union-1/uk-airports-implement-compulsory-use-of-full-body-scanners/">.http://www.huntonprivacyblog.com/2010/02/articles/european-union-1/uk-airports-implement-compulsory-use-of-full-body-scanners/.</a></p>
<p><a name="19">[19]</a><a href="http://www.bigbrotherwatch.org.uk/home/2011/01/judge-blocks-investigations-into-body-scanners.html">.http://www.bigbrotherwatch.org.uk/home/2011/01/judge-blocks-investigations-into-body-scanners.html.</a></p>
<p><a name="20">[20].</a><a href="http://www.theaustralian.com.au/travel/backlash-to-airport-body-scans/story-e6frg8rf-1225817485755">http://www.theaustralian.com.au/travel/backlash-to-airport-body-scans/story-e6frg8rf-1225817485755.</a></p>
<p><a name="21">[21].</a><a href="http://www.sbs.com.au/news/article/1190826/full-body-scanners-to-be-introduced-at-airports">http://www.sbs.com.au/news/article/1190826/full-body-scanners-to-be-introduced-at-airports.</a></p>
<p><a name="22">[22].</a><a href="http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html">http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html.</a></p>
<p><a name="23">[23].</a><a href="http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html">http://www.theage.com.au/travel/travel-news/fullbody-airport-scans-part-of-security-revamp-20100209-npqo.html.</a></p>
<p><a name="24">[24].</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html">List of Airports with full body scanners. Available at http://www.bigbrotherwatch.org.uk/home/2010/06/airports-with-body-scanners.html.</a></p>
<p><a name="25">[25].</a><a href="http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html">http://www.independent.co.uk/news/uk/home-news/are-planned-airport-scanners-just-a-scam-1856175.html.</a></p>
<p><a name="26">[26].</a><a href="http://www.bigbrotherwatch.org.uk/home/2010/01/invasion-of-the-body-scanners.html">http://www.bigbrotherwatch.org.uk/home/2010/01/invasion-of-the-body-scanners.html.</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison'>https://cis-india.org/internet-governance/blog/privacy_wholebodyimagingcomparison</a>
</p>
No publisherSrishti GoyalInternet GovernancePrivacy2011-09-29T05:38:00ZBlog EntryWHO's WHO LEGAL names Malavika Jayaram as one of the top lawyers for Internet and e-Commerce Issues in India
https://cis-india.org/news/whoswholegal-profiles-malavika-jayaram
<b>Malavika Jayaram was one of 10 Indian lawyers selected for inclusion as the top lawyers for internet and e-commerce issues in India. The new volume for 2012 was recently published following a process of peer reviews and independent research.</b>
<p><a class="external-link" href="http://www.whoswholegal.com/profiles/47711/0/jayaram/malavika-jayaram/">WHO'sWHOLEGAL published an online biography of Malavika</a>:</p>
<p style="text-align: justify; ">A dual-qualified lawyer, Malavika spent eight years in London - with Allen & Overy as an IP/IT lawyer in the communications, media & technology group; and with Citigroup, first as vice president and counsel in the technology legal team, and later as senior business analyst.</p>
<p style="text-align: justify; ">A lawyer for over 15 years, she relocated to India in 2006. She is a partner at Jayaram & Jayaram, focusing on domestic and cross-border corporate and technology intensive transactions. She represents clients in the aerospace, automotive, hydraulics and pharmaceutical sectors, as well as in the information technology, e-commerce and communication spaces. She has a special interest in new media and the arts, and advises start-ups, innovators, educational institutions and artists on digital rights, cultural heritage and the dissemination of creative works. Malavika is a fellow at the Centre for Internet and Society, reviewing and commenting on legislative and policy developments, and will have a monograph on privacy and identity in India published this year.</p>
<p style="text-align: justify; ">A graduate of the National Law School of India, she has an LLM from Northwestern University, Chicago. She is working on a PhD on data protection and privacy, with a special focus on India's e-governance schemes and the new biometric ID project. She is on the advisory board of the <i>Indian Journal of Law & Technology</i>, and is the author of the India chapter of <i>Getting the Deal Through - Data Protection & Privacy</i>, which is being launched this year. Malavika will be a visiting scholar during autumn 2012 at the Center for Global Communication Studies at the Annenberg School, University of Pennsylvania.</p>
<p>
For more details visit <a href='https://cis-india.org/news/whoswholegal-profiles-malavika-jayaram'>https://cis-india.org/news/whoswholegal-profiles-malavika-jayaram</a>
</p>
No publisherpraskrishnaInternet Governance2012-11-20T11:22:03ZNews ItemWho is Following Me: Tracking the Trackers (IGF2012)
https://cis-india.org/news/who-is-following-me
<b>The Internet Society and the Council of Europe are co-organising a workshop at the IGF (Baku - 8 November 2012 - 09:00 - 10:30) regarding online tracking. Malavika Jayaram is a speaker.</b>
<p style="text-align: justify; ">Interest in online tracking as a policy issue spiked with the release of the Preliminary Federal Trade Commission Staff Report in December 2010 entitled <i>Protecting Consumer Privacy in an Era of Rapid Change – A Proposed Framework for Businesses and Policymakers</i> calling for a “do not track” mechanism, the launch of the W3C Tracking Protection Workng Group and the recent entry into force of the so-called European “Cookie Directive” provisions. However, the actual and potential observation of individuals’ interactions online has long been a concern for privacy advocates and others.</p>
<p>Much of the policy attention is currently focused on cookies used to track users to build profiles for more targeted advertising, but some of the more difficult issues are:</p>
<ul class="rteindent1">
<li style="text-align: justify; "> How to deal with less-observable tracking (e.g. browser and/or device fingerprinting, monitoring of publicly disclosed information)</li>
<li style="text-align: justify; "> How to develop laws that accommodate different tracking scenarios – for example:
<ul>
<li> different entities (law enforcement, companies, etc.); </li>
<li> different and sometimes multiple purposes (security, personalising user experience, targeting advertising, malicious activity; etc.); </li>
<li> first-party and third-party tracking o single site and multiple site tracking</li>
</ul>
</li>
<li style="text-align: justify; "> Transparency (particularly on small mobile devices)</li>
<li style="text-align: justify; "> Whether a traditional consent model is sufficient and effective</li>
</ul>
<p>The panel:</p>
<ul class="rteindent1">
<li> Wendy Seltzer, Policy Council, World Wide Web Consortium (W3C)</li>
<li> Kimon Zorbas, Vice President, Interactive Advertising Bureau (IAB) Europe</li>
<li> Cornelia Kutterer, Director of Regulatory Policy, Corporate Affairs, LCA, Microsoft EMEA</li>
<li> Malavika Jayaram, partner at Jayaram & Jayaram, Bangalore</li>
<li> Shaundra Watson, Counsel for international consumer protection, USA Federal Trade Commission</li>
<li> Rob van Eijk, Council of Europe expert, Leiden University (PhD student)</li>
</ul>
<p>The moderators:</p>
<ul class="rteindent1">
<li> Christine Runnegar, Internet Society</li>
<li> Sophie Kwasny, Council of Europe</li>
</ul>
<p>The remote moderator:</p>
<ul class="rteindent1">
<li> James Lawson, Council of Europe</li>
</ul>
<p>This workshop will explore:</p>
<ul class="rteindent1">
<li> Current and emerging trends in online tracking (and their related purposes)</li>
<li> How to give individuals full knowledge of the tracking that occurs when they go online</li>
<li> Mechanisms to give individuals greater control over tracking and data use</li>
<li> The respective roles of all actors (government, law enforcement, Internet intermediaries, businesses, browser vendors, application developers, advertisers, data brokers, users, Internet technical community, etc.) </li>
<li> Whether effective data protection online can be ensured solely by law.</li>
<li> Whether self-regulation and voluntary consensus standards offer better options for tuning privacy choice to the rapidly advancing technology environment.</li>
</ul>
<p style="text-align: justify; ">Please read our <b><a href="http://www.internetsociety.org/sites/default/files/Tracking%20-%20Background%20paper%2020120711_0.pdf">background paper</a></b> and <a href="http://www.internetsociety.org/doc/who-following-me-tracking-trackers-part-2"><b>update</b></a></p>
<p>
For more details visit <a href='https://cis-india.org/news/who-is-following-me'>https://cis-india.org/news/who-is-following-me</a>
</p>
No publisherpraskrishnaInternet Governance ForumInternet Governance2012-12-07T17:17:32ZNews ItemWho Governs the Internet? Implications for Freedom and National Security
https://cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security
<b>The second half of last year has been quite momentous for Internet governance thanks to Edward Snowden. German Chancellor Angela Merkel and Brazilian President Dilma Rousseff became aware that they were targets of US surveillance for economic not security reasons. They protested loudly.</b>
<hr />
<p>The article was published in Yojana (April 2014 Issue). <a href="https://cis-india.org/internet-governance/blog/yojana-april-2014-who-governs-the-internet.pdf" class="external-link">Click to download the original here</a>. (PDF, 177 Kb)</p>
<hr />
<p style="text-align: justify; ">The role of the US perceived by some as the benevolent dictator or primary steward of the Internet because of history, technology, topology and commerce came under scrutiny again. The I star bodies also known as the technical community - Internet Corporation for Assigned Names and Numbers (ICANN); five Regional Internet Registries (RIRs) ie. African, American, Asia-Pacific, European and Latin American; two standard setting organisations - World Wide Web Consortium (W3C) & Internet Engineering Task Force (IETF); the Internet Architecture Board (IAB); and Internet Society (ISOC) responded by issuing the Montevideo Statement <a href="#fn1" name="fr1">[1] </a> on the 7th of October. The statement expressed "strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance." It called for "accelerating the globalization of ICANN and IANA functions..." - did this mean that the I star bodies were finally willing to end the special role that US played in Internet governance? However, that dramatic shift in position was followed with the following qualifier "...towards an environment in which all stakeholders, including all governments, participate on an equal footing." Clearly indicating that for the I star bodies multistakeholderism was non-negotiable. Two days later President Rousseff after a meeting with Fadi Chehadé, announced on Twitter that Brazil would host "an international summit of governments, industry, civil society and academia." <a href="#fn2" name="fr2">[2] </a> The meeting has now been dubbed Net Mundial and 188 proposals for “principles” or “roadmaps for the further evolution of the Internet governance ecosystem” have been submitted for discussion in São Paulo on the 23rd and 24th of April. The meeting will definitely be an important milestone for multilateral and multi-stakeholder mechanisms in the ecosystem.</p>
<p style="text-align: justify; ">It has been more than a decade since this debate between multilateralism and multi-stakeholderism has ignited. Multistakeholderism is a form of governance that seeks to ensure that every stakeholder is guaranteed a seat at the policy formulation table (either in consultative capacity or in decision making capacity depending who you ask). The Tunis Agenda, which was the end result of the 2003-05 WSIS upheld the multistakeholder mode. The 2003–2005 World Summit on the Information Society process was seen by those favouring the status quo at that time as the first attempt by the UN bodies or multilateralism - to takeover the Internet. However, the end result i.e. Tunis Agenda <a href="#fn3" name="fr3">[3]</a> clarified and reaffirmed multi-stakeholderism as the way forward even though multilateral governance mechanisms were also accepted as a valid component of Internet governance. The list of stakeholders included states, the private sector, civil society, intergovernmental organisations, international standards organisations and the “academic and technical communities within those stakeholder groups mentioned” above. The Tunis Agenda also constituted the Internet Governance Forum (IGF) and the process of Enhanced Cooperation.</p>
<p style="text-align: justify; ">The IGF was defined in detail with a twelve point mandate including to “identify emerging issues, bring them to the attention of the relevant bodies and the general public, and, where appropriate, make recommendations.” In brief it was to be a learning Forum, a talk shop and a venue for developing soft law not international treaties. Enhanced Cooperation was defined as “to enable governments, on an equal footing, to carry out their roles and responsibilities, in international public policy issues pertaining to the Internet, but not in the day-to-day technical and operational matters, that do not impact on international public policy issues” – and to this day, efforts are on to define it more clearly.</p>
<p style="text-align: justify; ">Seven years later, during the World Conference on Telecommunication in Dubai, the status quoists dubbed it another attempt by the UN to take over the Internet. Even those non-American civil society actors who were uncomfortable with US dominance were willing to settle for the status quo because they were convinced that US court would uphold human rights online more robustly than most other countries. In fact, the US administration had laid a good foundation for the demonization of the UN and other nation states that preferred an international regime. "Internet freedom" was State Department doctrine under the leadership of Hillary Clinton. As per her rhetoric – there were good states, bad states and swing states. The US, UK and some Scandinavian countries were the defenders of freedom. China, Russia and Saudi Arabia were examples of authoritarian states that were balkanizing the Internet. And India, Brazil and Indonesia were examples of swing states – in other words, they could go either way – join the good side or the dark side.</p>
<p style="text-align: justify; ">But Internet freedom rhetoric was deeply flawed. The US censorship regime is really no better than China’s. China censors political speech – US censors access to knowledge thanks to the intellectual property (IP) rightsholder lobby that has tremendous influence on the Hill. Statistics of television viewership across channels around the world will tell us how the majority privileges cultural speech over political speech on any average day. The great firewall of China only affects its citizens – netizens from other jurisdictions are not impacted by Chinese censorship. On the other hand, the US acts of censorship are usually near global in impact.</p>
<p style="text-align: justify; ">This is because the censorship regime is not predominantly based on blocking or filtering but by placing pressure on identification, technology and financial intermediaries thereby forcing their targets offline. When it comes to surveillance, one could argue that the US is worse than China. Again, as was the case with censorship, China only conducts pervasive blanket surveillance upon its citizens – unlike US surveillance, which not only affects its citizens but targets every single user of the Internet through a multi-layered approach with an accompanying acronym soup of programmes and initiatives that include malware, trojans, software vulnerabilities, back doors in encryption standards, over the top service providers, telcos, ISPs, national backbone infrastructure and submarine fibre optic cables.</p>
<p class="callout" style="text-align: justify; ">Security guru Bruce Schneier tells us that "there is no security without privacy. And liberty requires both security and privacy.” Blanket surveillance therefore undermines the security imperative and compromises functioning markets by make e-commerce, e-banking, intellectual property, personal information and confidential information vulnerable. Building a secure Internet and information society will require ending mass surveillance by states and private actors.</p>
<h3 style="text-align: justify; ">The Opportunity for India</h3>
<p style="text-align: justify; ">Unlike the America with its straitjacketed IP regime, India believes that access to knowledge is a precondition for freedom of speech and expression. As global intellectual property policy or access to knowledge policy is concerned, India is considered a leader both when it comes to domestic policy and international policy development at the World Intellectual Property Organisation. From the 70s our policy-makers have defended the right to health in the form of access to medicines. More recently, India played a critical role in securing the Marrakesh Treaty for Visually Impaired Persons in June 2013 which introduces a user right [also referred to as an exception, flexibility or limitation] which allows the visually impaired to convert books to accessible formats without paying the copyright-holder if an accessible version has not been made available. The Marrakesh Treaty is disability specific [only for the visually impaired] and works specific [only for copyright]. This is the first instance of India successfully exporting policy best practices. India's exception for the disabled in the Copyright Act unlike the Marrakesh Treaty, however, is both disability-neutral and works-neutral.</p>
<p style="text-align: justify; ">Given that the Internet is critical to the successful implementation of the Treaty ie. cross border sharing of works that have been made accessible to disabled persons in one country with the global community, it is perhaps time for India to broaden its influence into the sphere of Internet governance and the governance of information societies more broadly.</p>
<p style="text-align: justify; ">Post-Snowden, the so called swing states occupy the higher moral ground. It is time for these states to capitalize on this moment using strong political will. Instead of just being a friendly jurisdiction from the perspective of access to medicine, it is time for India to also be the enabling jurisdiction for access to knowledge more broadly. We could use patent pools and compulsory licensing to provide affordable and innovative digital hardware [especially mobile phones] to the developing world. This would ensure that rights-holders, innovators, manufactures, consumers and government would all benefit from India going beyond being the pharmacy of the world to becoming the electronics store of the world. We could explore flat-fee licensing models like a broadband copyright cess or levy to ensure that users get content [text, images, video, audio, games and software] at affordable rates and rights-holders get some royalty from all Internet users in India. This will go a long way in undermining the copyright enforcement based censorship regime that has been established by the US. When it comes to privacy – we could enact a world-class privacy law and establish an independent, autonomous and proactive privacy commissioner who will keep both private and state actors on a short lease. Then we need a scientific, targeted surveillance regime that is in compliance with human rights principles. This will make India simultaneously an IP and privacy haven and thereby attract huge investment from the private sector, and also earn the goodwill of global civil society and independent media. Given that privacy is a precondition for security, this will also make India very secure from a cyber security perspective. Of course this is a fanciful pipe dream given our current circumstances but is definitely a possible future for us as a nation to pursue.</p>
<h3 style="text-align: justify; ">What is the scope of Internet Governance?</h3>
<p style="text-align: justify; ">Part of the tension between multi-stakeholderism and multilateralism is that there is no single, universally accepted definition of Internet governance. The conservative definitions of Internet Governance limits it to management of critical Internet resources, including the domain name system, IP addresses and root servers – in other words, the ICANN, IANA functions, regional registries and other I* bodies. This is where US dominance has historically been most explicit. This is also where the multi-stakeholder model has clearly delivered so far and therefore we must be most careful about dismantling existing governance arrangements. There are very broadly four approaches for reducing US dominance here – a) globalization [giving other nation-states a role equal to the US within the existing multi-stakeholder paradigm], b) internationalization [bring ICANN, IANA functions, registries and I* bodies under UN control or oversight], c) eliminating the role for nation states in the IANA functions<a href="#fn4" name="fr4">[4]</a> and d) introducing competitors for names and numbers management. Regardless of the final solution, it is clear that those that control domain names and allocate IP addresses will be able to impact the freedom of speech and expression. The impact on the national security of India is very limited given that there are three root servers <a href="#fn5" name="fr5">[5] </a> within national borders and it would be near impossible for the US to shut down the Internet in India.</p>
<p style="text-align: justify; ">For a more expansive definition – The Working Group on Internet Governance report<a href="#fn6" name="fr6">[6] </a>has four categories for public policy issues that are relevant to Internet governance:</p>
<p style="text-align: justify; ">“(a) Issues relating to infrastructure and the management of critical Internet resources, including administration of the domain name system and Internet protocol addresses (IP addresses), administration of the root server system, technical standards, peering and interconnection, telecommunications infrastructure, including innovative and convergent technologies, as well as multilingualization. These issues are matters of direct relevance to Internet governance and fall within the ambit of existing organizations with responsibility for these matters;</p>
<p style="text-align: justify; ">(b) Issues relating to the use of the Internet, including spam, network security and cybercrime. While these issues are directly related to Internet governance, the nature of global cooperation required is not well defined;</p>
<p style="text-align: justify; ">(c)Issues that are relevant to the Internet but have an impact much wider than the Internet and for which existing organizations are responsible, such as intellectual property rights (IPRs) or international trade. ...;</p>
<p style="text-align: justify; ">(d) Issues relating to the developmental aspects of Internet governance, in particular capacity-building in developing countries.”</p>
<p style="text-align: justify; ">Some of these categories are addressed via state regulation that has cascaded from multilateral bodies that are associated with the United Nations such as the World Intellectual Property Organisation for "intellectual property rights" and the International Telecommunication Union for “telecommunications infrastructure”. Other policy issues such as "cyber crime" are currently addressed via plurilateral instruments – for example the Budapest Convention on Cybercrime – and bilateral arrangements like Mutual Legal Assistance Treaties. "Spam" is currently being handled through self-regulatory efforts by the private sector such as Messaging, Malware and Mobile Anti-Abuse Working Group.<a href="#fn7" name="fr7">[7] </a> Other areas where there is insufficient international or global cooperation include "peering and interconnection" - the private arrangements that exist are confidential and it is unclear whether the public interest is being adequately protected.</p>
<h3 style="text-align: justify; ">So who really governs the Internet?</h3>
<p style="text-align: justify; ">So in conclusion, who governs the Internet is not really a useful question. This is because nobody governs the Internet per se. The Internet is a diffuse collection of standards, technologies and actors and dramatically different across layers, geographies and services. Different Internet actors – the government, the private sector, civil society and the technical and academic community are already regulated using a multiplicity of fora and governance regimes – self regulation, coregulation and state regulation. Is more regulation always the right answer? Do we need to choose between multilateralism and multi-stakeholderism? Do we need stable definitions to process? Do we need different version of multi-stakeholderism for different areas of governance for ex. standards vs. names and numbers? Ideally no, no, no and yes. In my view an appropriate global governance system will be decentralized, diverse or plural in nature yet interoperable, will have both multilateral and multistakeholder institutions and mechanisms and will be as interested in deregulation for the public interest as it is in regulation for the public interest.</p>
<hr />
<p style="text-align: justify; ">[<a href="#fr1" name="fn1">1</a>]. Montevideo Statement on the Future of Internet Cooperation <a class="external-link" href="https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm">https://www.icann.org/en/news/announcements/announcement-07oct13-en.htm</a></p>
<p style="text-align: justify; ">[<a href="#fr2" name="fn2">2</a>]. Brazil to host global internet summit in ongoing fight against NSA surveillance <a class="external-link" href="http://rt.com/news/brazil-internet-summit-fight-nsa-006/">http://rt.com/news/brazil-internet-summit-fight-nsa-006/</a></p>
<p style="text-align: justify; ">[<a href="#fr3" name="fn3">3</a>]. Tunis Agenda For The Information Society <a class="external-link" href="http://www.itu.int/wsis/docs2/tunis/off/6rev1.html">http://www.itu.int/wsis/docs2/tunis/off/6rev1.html</a></p>
<p style="text-align: justify; ">[<a href="#fr4" name="fn4">4</a>]. Roadmap for globalizing IANA: Four principles and a proposal for reform: a submission to the Global Multistakeholder Meeting on the Future of Internet Governance by Milton Mueller and Brenden Kuerbis March 3rd 2014 See: <a class="external-link" href="http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf">http://www.internetgovernance.org/wordpress/wp-content/uploads/ICANNreformglobalizingIANAfinal.pdf</a></p>
<p style="text-align: justify; ">[<a href="#fr5" name="fn5">5</a>]. Mumbai (I Root), Delhi (K Root) and Chennai (F Root). See: <a class="external-link" href="http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers">http://nixi.in/en/component/content/article/36-other-activities-/77-root-servers</a></p>
<p style="text-align: justify; ">[<a href="#fr6" name="fn6">6</a>]. Report of the Working Group on Internet Governance to the President of the Preparatory Committee of the World Summit on the Information Society, Ambassador Janis Karklins, and the WSIS Secretary-General, Mr Yoshio Utsumi. Dated: 14 July 2005 See: <a class="external-link" href="http://www.wgig.org/WGIG-Report.html">http://www.wgig.org/WGIG-Report.html</a></p>
<p>[<a href="#fr7" name="fn7">7</a>].Messaging, Malware and Mobile Anti-Abuse Working Group website See: <a class="external-link" href="http://www.maawg.org/">http://www.maawg.org/</a></p>
<hr />
<p style="text-align: justify; "><i>The author is is the Executive Director of the Centre for Internet and Society (CIS), Bangalore. He is also the founder of Mahiti, a 15 year old social enterprise aiming to reduce the cost and complexity of information and communication technology for the voluntary sector by using free software. He is an Ashoka fellow. For three years, he also managed the International Open Source Network, a project of United Nations Development Programme's Asia-Pacific Development Information Programme, serving 42 countries in the Asia-Pacific region</i>.</p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security'>https://cis-india.org/internet-governance/blog/yojana-april-2014-sunil-abraham-who-governs-the-internet-implications-for-freedom-and-national-security</a>
</p>
No publishersunilSurveillanceInternet GovernancePrivacy2014-04-05T16:23:36ZBlog EntryWhite Paper on RTI and Privacy V1.2
https://cis-india.org/internet-governance/blog/white-paper-on-rti-and-privacy-v-1.2
<b>This white paper explores the relationship between privacy and transparency in the context of the right to information in India. Analysing pertinent case law and legislation - the paper highlights how the courts and the law in India address questions of transparency vs. privacy. </b>
<h3 style="text-align: justify; "><b>Introduction</b></h3>
<p style="text-align: justify; ">Although the right to information is not specifically spelt out in the Constitution of India, 1950, it has been read into Articles 14 (right to equality), 19(1)(a) (freedom of speech and expression) and 21 (right to life) through cases such as <i>Bennet Coleman</i> v. <i>Union of India</i>,<a href="#_ftn1" name="_ftnref1">[1]</a> <i>Tata Press Ltd. </i>v.<i> Maharashtra Telephone Nigam Ltd.</i>,<a href="#_ftn2" name="_ftnref2">[2]</a> etc. The same Articles of the Constitution were also interpreted in <i>Kharak Singh</i> v.<i>State of U.P.</i>,<a href="#_ftn3" name="_ftnref3">[3]</a> <i>Govind</i> v. <i>State of M.P.</i>, <a href="#_ftn4" name="_ftnref4">[4]</a> and a number of other cases, to include within their scope a right to privacy. At the very outset it appears that a right to receive information -though achieving greater transparency in public life - could impinge on the right to privacy of certain people. The presumed tension between the right to privacy and the right to information has been widely recognized and a framework towards balancing the two rights, has been widely discussed across jurisdictions. In India, nowhere is this conflict and the attempt to balance it more evident than under the Right to Information Act, 2005 (the "<b>RTI Act</b>").</p>
<p style="text-align: justify; ">Supporting the constitutional right to information enjoyed by the citizens, is the statutorily recognized right to information granted under the RTI Act. Any potential infringement of the right to privacy by the provisions of the RTI Act are sought to be balanced by section 8 which provides that no information should be disclosed if it creates an unwarranted invasion of the privacy of any individual. This exception states that there is no obligation to disclose information which relates to personal information, the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the larger public interest justifies the disclosure of such information. <a href="#_ftn5" name="_ftnref5">[5]</a> The Act further goes on to say that where any information relating to or supplied by a third party and treated by that party as confidential, is to be disclosed, the Central Public Information Officer or State Public Information Officer has to give written notice to that party within five days of receiving such a request inviting such third party (within ten days) to make its case as to whether such information should or should not be disclosed.<a href="#_ftn6" name="_ftnref6">[6]</a></p>
<p style="text-align: justify; ">A plain reading of section 11 suggests that for the section to apply the following three conditions have to be satisfied, i.e. (i) if the PIO is considering disclosing the information (ii) the information relates to the third party or was given to a Public Authority by the third party in confidence; and (iii) the third party treated the information to be a confidential. It has been held that in order to satisfy the third part of the test stated above, the third party has to be consulted and therefore a notice has to be sent to the third party. Even if the third party claims confidentiality, the proviso to the section provides that the information cannot be withheld if the public interest in the disclosure outweighs the possible harm or injury that may be caused to the third party, except in cases of trade or commercial secrets.<a href="#_ftn7" name="_ftnref7">[7]</a> The Courts have also held that section 11 should be read keeping in mind the exceptions contained in section 8 (discussed in detail later) and the exceptions contained therein. <a href="#_ftn8" name="_ftnref8">[8]</a></p>
<p style="text-align: justify; ">This principle of non disclosure of private information can be found across a number of common law jurisdictions. The United Kingdom's Freedom of Information Act, 2000 exempts the disclosure of information where it would violate the data protection principles contained in the Data Protection Act, 1998 or constitute an actionable breach of confidence.<a href="#_ftn9" name="_ftnref9">[9]</a> The Australian Freedom of Information Act, 1982 categorizes documents involving unreasonable disclosure of personal information as conditionally exempt i.e. allows for their disclosure unless such disclosure would be contrary to public interest.<a href="#_ftn10" name="_ftnref10">[10]</a> The Canadian Access to Information Act also has a provision which allows the authorities to refuse to disclose personal information except in accordance with the provisions of the Canadian Privacy Act. <a href="#_ftn11" name="_ftnref11">[11]</a></p>
<p style="text-align: justify; ">An overview of the RTI Act, especially sections 6 to 8 seems to give the impression that the legislature has tried to balance and harmonize conflicting public and private rights and interests by building sufficient safeguards and exceptions to the general principles of disclosure under the Act. <a href="#_ftn12" name="_ftnref12">[12]</a> This is why it is generally suggested that section 8, when applied, should be given a strict interpretation as it is a fetter on not only a statutory right granted under the RTI Act but also a pre-existing constitutional right. <a href="#_ftn13" name="_ftnref13">[13]</a> Logical as this argument may seem and appropriate in some circumstances, it does present a problem when dealing with the privacy exception contained in section 8(1)(j). That is because the right to privacy envisaged in this section is also a pre-existing constitutional right which has been traced to the same provisions of the Constitution from which the constitutional right of freedom of information emanates.<a href="#_ftn14" name="_ftnref14">[14]</a> Therefore there is an ambiguity regarding the treatment and priority given to the privacy exception vs. the disclosure mandate in the RTI Act, as it requires the balancing of not only two competing statutory rights but also two constitutional rights.</p>
<h3 style="text-align: justify; "><b>The Privacy Exception </b></h3>
<p style="text-align: justify; ">As discussed earlier, the purpose of the RTI Act is to increase transparency and ensure that people have access to as much public information as possible. Such a right is critical in a democratic country as it allows for accountability of the State and allows individuals to seek out information and make informed decisions. However, it seems from the language of the RTI Act that at the time of its drafting the legislature did realize that there would be a conflict between the endeavor to provide information and the right to privacy of individuals over the information kept with public authorities, which is why a privacy exception was carved into section 8(1)(j) of the Right to Information Act. The Act does not only protect the privacy of the third party who's information is at risk of being disclosed, but also the privacy of the applicant. In fact it has now been held that a private respondent need not give his/her ID or address as long as the information provided by him/her is sufficient to contact him/her.<a href="#_ftn15" name="_ftnref15">[15]</a></p>
<p style="text-align: justify; ">It is interesting to note that although the RTI Act gives every citizen a right to information, it does not limit this right with a stipulation as to how the information shall be used by the applicant or the reason for which the applicant wants such information. <a href="#_ftn16" name="_ftnref16">[16]</a> This lack of a purpose limitation in the Act may have privacy implications as non sensitive personal information could be sought from different sources and processed by any person so as to convert such non-sensitive or anonymous information into identifiable information which could directly impact the privacy of individuals.</p>
<p style="text-align: justify; ">The exception in S. 8(1)(j) prohibits the disclosure of personal information for two reasons (i) its disclosure does not relate to any public activity or interest or (ii) it would be an unwarranted invasion into privacy. The above two conditions however get trumped if a larger public interest is satisfied by the disclosure of such information.</p>
<p style="text-align: justify; ">One interesting thing about the exception contained in section 8(1)(j) is that this exception itself has an exception to it in the form of a proviso. The proviso says that any information which cannot be denied to the central or state legislature shall not be denied to any person. Since the proviso has been placed at the end of sub-section 8(1) which is also the end of clause 8(1)(j), one might be tempted to ask whether this proviso applies only to the privacy exception i.e. clause 8(1)(j) or to the entire sub-section 8(1) (which includes other exceptions such as national interest, etc.). This issue was put to rest by the Bombay High Court when it held that since the proviso has been put only after clause 8(1)(j) and not before each and every clause, it would not apply to the entire sub-section 8(1) but only to clause 8(1)(j), thus ensuring that the exceptions to disclosure other than the right to privacy are not restricted by this proviso.<a href="#_ftn17" name="_ftnref17">[17]</a></p>
<p style="text-align: justify; "><b>Scope of Proviso to section 8(1)(j)</b><br />Though the courts have agreed that the proviso is applicable only to section 8(1)(j), the import of the proviso to section 8(1)(j) is a little more ambiguous and there are conflicting decisions by different High Courts on this point. Whereas the Bombay High Court has laid emphasis on the letter of the proviso and derived strength from the objects and overall scheme of the Act to water down the provisions of section 8(1)(j), <a href="#_ftn18" name="_ftnref18">[18]</a> the Delhi High Court has disagreed with such an approach which gives "undue, even overwhelming deference" to Parliamentary privilege in seeking information. Such an approach would render the protection under section 8(1)j) meaningless, and the basic safeguard bereft of content.<a href="#_ftn19" name="_ftnref19">[19]</a> In the words of the Delhi High Court:</p>
<p style="text-align: justify; ">" <i> The proviso has to be only as confined to what it enacts, to the class of information that Parliament can ordinarily seek; if it were held that all information relating to all public servants, even private information, can be accessed by Parliament, Section 8(1)(j) would be devoid of any substance, because the provision makes no distinction between public and private information. Moreover there is no law which enables Parliament to demand all such information; it has to be necessarily in the context of some matter, or investigation. If the reasoning of the Bombay High Court were to be accepted, there would be nothing left of the right to privacy, elevated to the status of a fundamental right, by several judgments of the Supreme Court. </i> "</p>
<p style="text-align: justify; ">The interpretation given by the Delhi High Court thus ensures that section 8(1)(j) still has some effect, as otherwise the privacy exception would have gotten steamrolled by parliamentary privilege and all sorts of information such as Income Tax Returns, etc. of both private and public individuals would have been liable to disclosure under the RTI Act.</p>
<p style="text-align: justify; ">Unfortunately, the RTI Act does not describe the terms "personal information" or "larger public interest" used in section 8(1)(j), which leaves some amount of ambiguity in interpreting the privacy exception to the RTI Act. Therefore the only option for anyone to understand these terms in greater depth is to discuss and analyse the case laws developed by the Hon'ble Supreme Court and the High Courts which have tried to throw some light on this issue.</p>
<p style="text-align: justify; ">We shall discuss some of these landmark judgments to understand the interpretations given to these terms and then move on to specific instances where (applying these principles) information has been disclosed or denied.</p>
<p style="text-align: justify; "><b>Personal Information</b><br />The RTI Act defines the term information but does not define the term "personal information". Therefore one has to rely on judicial pronouncements to understand the term a more clearly. Looking at the common understanding and dictionary meaning of "personal" as well as the definition of "information" contained in the RTI Act it could be said that personal information would be information, information that pertains to a person and as such it takes into its fold possibly every kind of information relating to the person. Now, such personal information of the person may, or may not, have relation to any public activity, or to public interest. At the same time, such personal information may, or may not, be private to the person. <a href="#_ftn20" name="_ftnref20">[20]</a></p>
<p style="text-align: justify; ">The Delhi High Court has tried to draw a distinction between the term "private information" which encompasses the personal intimacies of the home, the family, marriage, motherhood, procreation, child rearing and of the like nature and "personal information" which would be any information that pertains to an individual. This would logically imply that all private information would be part of personal information but not the other way round. <a href="#_ftn21" name="_ftnref21">[21]</a> The term 'personal information' has in other cases, been variously described as "identity particulars of public servants, i.e. details such as their dates of birth, personal identification numbers",<a href="#_ftn22" name="_ftnref22">[22]</a> and as including tax returns, medical records etc.<a href="#_ftn23" name="_ftnref23">[23]</a> It is worth noting that just because the term used is "personal information" does not mean that the information always has to relate to an actual person, but may even be a juristic entity such as a trust or corporation, etc.<a href="#_ftn24" name="_ftnref24">[24]</a></p>
<p style="text-align: justify; "><b>Larger Public Interest</b><br />The term larger public interest has not been discussed or defined in the RTI Act, however the Courts have developed some tests to determine if in a given situation, personal information should be disclosed in the larger public interest.</p>
<p style="text-align: justify; ">Whenever a Public Information Officer is asked for personal information about any person, it has to balance the competing claims of the privacy of the third party on the one hand and claim of public interest on the other and determine whether the public interest in such a disclosure satisfies violating a person's privacy. The expression "public interest" is not capable of a precise definition and does not have a rigid meaning. It is therefore an elastic term and takes its colors from the statute in which it occurs, the concept varying with the time and the state of the society and its needs. This seems to be the reason why the legislature and even the Courts have shied away from a precise definition of "public interest". However, the term public interest does not mean something that is merely interesting or satisfies the curiosity or love of information or amusement; but something in which a class of the community have some interest by which their rights or liabilities are affected.<a href="#_ftn25" name="_ftnref25">[25]</a></p>
<p style="text-align: justify; ">There have been suggestions that the use of the word "larger" before the term "public interest" denotes that the public interest involved should serve a large section of the society and not just a small section of it, i.e. if the information has a bearing on the economy, the moral values in the society; the environment; national safety, or the like, the same would qualify as "larger public interest".<a href="#_ftn26" name="_ftnref26">[26]</a> However this is not a very well supported theory and the usage of the term "larger public interest" cannot be given such a narrow meaning, for example what if the disclosure of the information could save the lives of only 10 people or even just 5 children? Would the information not be released just because it violates one person's right to privacy and there is not a significant number of lives at stake? This does not seem to be what all the cases on the right to privacy, right from <i>Kharak Singh<a href="#_ftn27" name="_ftnref27"><b>[27]</b></a></i> all the way to <i>Naz Foundation</i>, <a href="#_ftn28" name="_ftnref28">[28]</a> seem to suggest. Infact, in the very same judgment where the above interpretation has been suggested, the Court undermines this argument by giving the example of a person with a previous crime of sexual assault being employed in an orphanage and says that the interest of the small group of children in the orphanage would outweigh the privacy concerns of the individual thus requiring disclosure of all information regarding the employee's past.</p>
<p style="text-align: justify; ">In light of the above understanding of section 8(1)(j), there seem to be two different tests that have been proposed by the Courts, which seem to connote the same principle although in different words:</p>
<p style="text-align: justify; ">1. The test laid down by <i>Union Public Service Commission</i> v. <i>R.K. Jain</i>:</p>
<p style="text-align: justify; ">(i) The information sought must relate to „Personal information‟ as understood above of a third party. Therefore, if the information sought does not qualify as personal information, the exemption would not apply;</p>
<p style="text-align: justify; ">(ii) Such personal information should relate to a third person, i.e., a person other than the information seeker or the public authority; AND</p>
<p style="text-align: justify; ">(iii) (a) The information sought should not have a relation to any public activity qua such third person, or to public interest. If the information sought relates to public activity of the third party, i.e. to his activities falling within the public domain, the exemption would not apply. Similarly, if the disclosure of the personal information is found justified in public interest, the exemption would be lifted, otherwise not; OR (b) The disclosure of the information would cause unwarranted invasion of the privacy of the individual, and that there is no larger public interest involved in such disclosure. <a href="#_ftn29" name="_ftnref29">[29]</a></p>
<p style="text-align: justify; ">2. The other test was laid down in <i>Vijay Prakash</i> v. <i>Union of India</i>, but in the specific circumstances of disclosure of personal information relating to a public official:</p>
<p style="text-align: justify; ">(i) whether the information is deemed to comprise the individual's private details, unrelated to his position in the organization;</p>
<p style="text-align: justify; ">(ii) whether the disclosure of the personal information is with the aim of providing knowledge of the proper performance of the duties and tasks assigned to the public servant in any specific case; and</p>
<p style="text-align: justify; ">(iii) whether the disclosure will furnish any information required to establish accountability or transparency in the use of public resources. <a href="#_ftn30" name="_ftnref30">[30]</a></p>
<p style="text-align: justify; "><b>Constitutional Restrictions</b><br />Since there is not extensive academic discussion on the meaning of the term "larger public interest" or "public interest" as provided in section 8(1)(j), one is forced to turn to other sources to get a better idea of these terms. One such source is constitutional law, since the right to privacy, as contained in section 8(1)(j) has its origins in Articles 14,<a href="#_ftn31" name="_ftnref31">[31]</a> 19(1)(a) <a href="#_ftn32" name="_ftnref32">[32]</a> and 21<a href="#_ftn33" name="_ftnref33">[33]</a> of the Constitution of India. The constitutional right to privacy in India is also not an absolute right and various cases have carved out a number of exceptions to privacy, a perusal of which may give some indication as to what may be considered as 'larger public interest', these restrictions are:</p>
<p style="text-align: justify; ">a) Reasonable restrictions can be imposed on the right to privacy in the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence; <a href="#_ftn34" name="_ftnref34"><sup><sup>[34]</sup></sup></a></p>
<p style="text-align: justify; ">b) Reasonable restrictions can be imposed upon the right to privacy either in the interests of the general public or for the protection of the interests of any Scheduled Tribe;<a href="#_ftn35" name="_ftnref35"><sup><sup>[35]</sup></sup></a></p>
<p style="text-align: justify; ">c) The right to privacy can be restricted by procedure established by law which procedure would have to satisfy the test laid down in the <i>Maneka Gandhi case</i>.<a href="#_ftn36" name="_ftnref36"><sup><sup>[36]</sup></sup></a></p>
<p style="text-align: justify; ">d) The right can be restricted if there is an important countervailing interest which is superior; <a href="#_ftn37" name="_ftnref37"><sup><sup>[37]</sup></sup></a></p>
<p style="text-align: justify; ">e) It can be restricted if there is a compelling state interest to be served by doing so; <a href="#_ftn38" name="_ftnref38"><sup><sup>[38]</sup></sup></a></p>
<p style="text-align: justify; ">f) It can be restricted in case there is a compelling public interest to be served by doing so; <a href="#_ftn39" name="_ftnref39"><sup><sup>[39]</sup></sup></a></p>
<p style="text-align: justify; ">g) The <i>Rajagopal tests - </i>This case lays down three exceptions to the rule that a person's private information cannot be published, <i>viz. </i> i) person voluntarily thrusts himself into controversy or voluntarily raises or invites a controversy, ii) if publication is based on public records other than for sexual assault, kidnap and abduction, iii) there is no right to privacy for public officials with respect to their acts and conduct relevant to the discharge of their official duties. It must be noted that although the Court talks about public records, it does not use the term 'public domain' and thus it is possible that even if a document has been leaked in the public domain and is freely available, if it is not a matter of public record, the right to privacy can still be claimed in regard to it.<a href="#_ftn40" name="_ftnref40"><sup><sup>[40]</sup></sup></a></p>
<h3 style="text-align: justify; "><b>Section 8(1)(j) in Practice <br /></b></h3>
<p style="text-align: justify; ">The discussion in the previous chapter regarding the interpretation of section 8(1)(j), though (hopefully) helpful still seems a little abstract without specific instances and illustrations to drive home the point. In this chapter we shall endeavor to briefly discuss some specific cases regarding information disclosure where the issue of violation of privacy of a third party was raised.</p>
<p style="text-align: justify; "><b>Private Information of Public Officials</b><br />Some of the most common problems regarding section 8(1)(j) come up when discussing information (personal or otherwise) regarding public officers. The issue comes up because an argument can be made that certain information such as income tax details, financial details, medical records, etc. of public officials should be disclosed since it has a bearing on their public activities and disclosure of such information in case of crooked officers would serve the interests of transparency and cleaner government (hence serving a larger public interest). Although section 8(1)(j) does not make any distinction between a private person and a public servant, a distinction in the way their personal information is treated does appear in reality due to the inherent nature of a public servant. Infact it has sometimes been argued that public servants must waive the right to privacy in favour of transparency.<a href="#_ftn41" name="_ftnref41">[41]</a> However this argument has been repeatedly rejected by the Courts, <a href="#_ftn42" name="_ftnref42">[42]</a> just because a person assumes public office does not mean that he/she would automatically lose their right to privacy in favour of transparency.</p>
<p style="text-align: justify; ">If personal information regarding a public servant is asked for, then a distinction must be made between the information that is inherently personal to the person and that which has a connection with his/her public functions. The information exempted under section 8(1)(j) is personal information which is so intimately private in nature that the disclosure of the same would not benefit any other person, but would result in the invasion of the privacy of the third party.<a href="#_ftn43" name="_ftnref43">[43]</a> In short, the Courts have concluded that there can be no blanket rule regarding what information can and cannot be disclosed when it comes to a public servant, and the disclosure (or lack of it) would depend upon the circumstances of each case.</p>
<p style="text-align: justify; ">Although the earlier thinking of the CIC as well as various High Courts of the country was that information regarding disciplinary proceedings and service records of public officials is to be treated as public information in order to boost transparency,<a href="#_ftn44" name="_ftnref44">[44]</a> however this line of thinking took almost a U-turn in 2012 after the decision of the Supreme Court in <i>Girish Ramchandra Deshpande </i>v. <i>Central Information Commissioner,<a href="#_ftn45" name="_ftnref45"><b>[45]</b></a></i> and now the prevailing principle is that such information is personal information and should not be disclosed unless a larger public interest is would be served by the disclosure.</p>
<p style="text-align: justify; ">It would also be helpful to look at a list of the type of information regarding public servants which has been disclosed in the past, gleaned from various cases, to get a better understanding of the prevailing trends in such cases:</p>
<p style="text-align: justify; ">(i) Details of postings of public servants at various points of time, since this was not considered as personal information; <a href="#_ftn46" name="_ftnref46">[46]</a></p>
<p style="text-align: justify; ">(ii) Copies of posting/ transfer orders of public servants, since it was not considered personal information; <a href="#_ftn47" name="_ftnref47">[47]</a></p>
<p style="text-align: justify; ">(iii) Information regarding transfers of colleagues cannot be exempted from disclosure, since disclosure would not cause any unwarranted invasion of privacy and non disclosure would defeat the object of the RTI Act;<a href="#_ftn48" name="_ftnref48">[48]</a></p>
<p style="text-align: justify; ">(iv) Information regarding the criteria adopted and the marks allotted to various academic qualifications, experience and interview in selection process for government posts by the state Public Service Commission;<a href="#_ftn49" name="_ftnref49">[49]</a></p>
<p style="text-align: justify; ">(v) Information regarding marks obtained in written test, interview, annual confidential reports of the applicant as well as the marks in the written test and interview of the last candidate selected, since this information was not considered as personal information; <a href="#_ftn50" name="_ftnref50">[50]</a></p>
<p style="text-align: justify; ">(vi) Information relating to the appointment and educational certificates of teachers in an educational institution (which satisfies the requirements of being a public authority) was disclosed since this was considered as relevant to them performing their functions. <a href="#_ftn51" name="_ftnref51">[51]</a></p>
<p style="text-align: justify; ">The performance of an employee/officer in an organization is primarily a matter between the employee and the employer and normally those aspects are governed by the service rules which fall under the expression "personal information", the disclosure of which has no relationship to any public activity or public interest. To understand this better below is a brief list of the type of information that has been considered by the Courts as personal information which is liable to be exempt from disclosure under section 8(1)(j):</p>
<p style="text-align: justify; ">(i) (a) Salary details, (b) show cause notice, memo and censure, (c) return of assets and liabilities, (d) details of investment and other related details, (e) details of gifts accepted, (f) complete enquiry proceedings, (g) details of income tax returns;<a href="#_ftn52" name="_ftnref52">[52]</a></p>
<p style="text-align: justify; ">(ii) All memos issued, show cause notices and orders of censure/punishment etc. are personal information. Cannot be revealed unless a larger public interest justifies such disclosure;<a href="#_ftn53" name="_ftnref53">[53]</a></p>
<p style="text-align: justify; ">(iii) Disciplinary information of an employee is personal information and is exempt under section 8(1)(j); <a href="#_ftn54" name="_ftnref54">[54]</a></p>
<p style="text-align: justify; ">(iv) Medical records cannot be disclosed due to section 8(1)(j) as they come under "personal information", unless a larger public interest can be shown meriting such disclosure;<a href="#_ftn55" name="_ftnref55">[55]</a></p>
<p style="text-align: justify; ">(v) Copy of personnel records and service book (containing Annual Confidential Reports, etc.) of a public servant is personal information and cannot be disclosed due to section 8(1)(j);<a href="#_ftn56" name="_ftnref56">[56]</a></p>
<p style="text-align: justify; ">(vi) Information regarding sexual disorder, DNA test between an officer and his surrogate mother, name of his biological father and step father, name of his mother and surrogate step mother and such other aspects were denied by the Courts as such information was considered beyond the perception of decency and was an invasion into another man's privacy.<a href="#_ftn57" name="_ftnref57">[57]</a></p>
<p style="text-align: justify; ">It is not just the issue of disclosure of personal details of public officials that raises complicated questions regarding the right to information, but the opposite is equally true, i.e. what about seemingly "public" details of private individuals. A very complicated question arose with regard to information relating to the passport details of private individuals.</p>
<p style="text-align: justify; "><b>Passport Information of Private Individuals</b><br />The disclosure of passport details of private individuals is complicated because for a long time there was some confusion because of the treatment to be given to passport details, i.e. would its disclosure cause an invasion of privacy since it contains personally identifying information, specially because photocopies of the passport are regularly given for various purposes such as travelling, getting a new phone connection, etc. The Central Information Commission used a somewhat convoluted logic that since a person providing information relating to his residence and identity while applying for a passport was engaging in a public activity therefore such information relates to a public activity and should be disclosed. This view was rejected by the Delhi High Court in the case of <i>Union of India</i> v. <i>Hardev Singh</i>,<a href="#_ftn58" name="_ftnref58">[58]</a> and the view taken in<i>Hardev Singh</i> was later endorsed and relied upon in <i>Union of India </i>v. <i>Rajesh Bhatia</i>, <a href="#_ftn59" name="_ftnref59">[59]</a> while hearing a number of petitions to decide what details of a third party's passport should be disclosed and what should be exempt from disclosure.</p>
<p style="text-align: justify; ">A list of the Courts conclusions is given below:</p>
<p style="text-align: justify; "><i><span>Information that can be revealed:</span></i></p>
<p style="text-align: justify; ">(i) Name of passport holder;</p>
<p style="text-align: justify; ">(ii) Whether a visa was issued to a third party or not;</p>
<p style="text-align: justify; ">(iii) Details of the passport including dates of first issue, subsequent renewals, dates of application for renewals, numbers of the new passports and date of expiry;</p>
<p style="text-align: justify; ">(iv) Nature of documents submitted as proof;</p>
<p style="text-align: justify; ">(v) Name of police station from where verification for passport was done;</p>
<p style="text-align: justify; ">(vi) Whether any report was called for from the jurisdictional police;</p>
<p style="text-align: justify; ">(vii) Whether passport was renewed through an agent or through a foreign embassy;</p>
<p style="text-align: justify; ">(viii) Whether it was renewed in India or any foreign country;</p>
<p style="text-align: justify; ">(ix) Whether tatkal facility was availed by the passport holder;</p>
<p style="text-align: justify; "><i><span>Information that cannot be revealed:</span></i></p>
<p style="text-align: justify; ">(i) Contents of the documents submitted with the passport application;</p>
<p style="text-align: justify; ">(ii) Marital status and name and address of husband;</p>
<p style="text-align: justify; ">(iii) Whether person's name figures as mother/guardian in the passport of any minor;</p>
<p style="text-align: justify; ">(iv) Copy of passport application form;</p>
<p style="text-align: justify; ">(v) Residential address of passport holder;</p>
<p style="text-align: justify; ">(vi) Details of cases filed/pending against passport holder;</p>
<p style="text-align: justify; ">(vii) Copy of old passport;</p>
<p style="text-align: justify; ">(viii) Report of the police and CID for issuing the passport;</p>
<p style="text-align: justify; ">(ix) Copy of the Verification Certificate, if any such Verification Certificate was relied upon for the issue of the passport.</p>
<p style="text-align: justify; "><b>Other Instances </b></p>
<p style="text-align: justify; ">Apart from the above two broad categories of information that has been the subject of intense judicial discussion, certain other situations have also arisen where the Courts have had to decide the issue of disclosure under section 8(1)(j), a brief summary of such situations is given below:</p>
<p style="text-align: justify; ">(i) names and details of people who received money as donations from the President out of public funds was considered as information which has a definite link to public activities and was therefore liable to be disclosed;<a href="#_ftn60" name="_ftnref60">[60]</a></p>
<p style="text-align: justify; ">(ii) information regarding the religion practiced by a person, who is alleged to be a public figure, collected by the Census authorities was not disclosed since it was held that the quest to obtain the information about the religion professed or not professed by a citizen cannot be in any event; <a href="#_ftn61" name="_ftnref61">[61]</a></p>
<p style="text-align: justify; ">(iii) information regarding all FIRs against a person was not protected under section 8(1)(j) since it was already a matter of public record and Court record and could not be said to be an invasion of the person's privacy;<a href="#_ftn62" name="_ftnref62">[62]</a></p>
<p style="text-align: justify; ">(iv) information regarding the income tax returns of a public charitable trust was held not to be exempt under section 8(1)(j), since the trust involved was a public charitable trust functioning under a Scheme formulated by the District Court and registered under the Bombay Public Trust Act as such due to its character and activities its tax returns would be in relation to public interest or activities.<a href="#_ftn63" name="_ftnref63">[63]</a></p>
<h3 style="text-align: justify; "><b>Conclusion</b></h3>
<p style="text-align: justify; ">A discussion of the provisions of section 8 and 11 of the RTI Act as well as the case laws under it reveals that the legislature was aware of the dangers posed to the privacy of individuals from such a powerful transparency law. However, it did not want the exceptions carved out to protect the privacy of individuals to nullify the objects of the RTI Act and therefore drafted the legislation to incorporate the principle that although the RTI Act should not be used to violate the privacy of individuals, such an exception will not be applicable if a larger public interest is to be served by the disclosure. This principle is in line with other common law jurisdictions such as the U.K, Austalia, Canada, etc. which have similar exceptions based on privacy or confidentiality.</p>
<p style="text-align: justify; ">However it is disappointing to note that the legislature has only left the legislation at the stage of the principle which has left the language of the exception very wide and open to varied interpretations. It is understandable that the legislature would try to keep specifics out of the scope of the section to make it future proof. It is obvious that it would be impossible for the legislature or the courts to imagine every single circumstance that could arise where the right to information and the right to privacy would be at loggerheads. However, such wide and ambiguous drafting has led to cases where the Courts and the Central Information Commission have taken opposing views, with the views of the Court obviously prevailing in the end. This was illustrated by the issue of disclosure of passport details of private individuals with a large number of CIC cases taking different views till the High Court of Delhi gave categorical findings on the issue in the <i>Hardev Singh</i> and <i>Rajesh Bhatia</i> cases. Similar was the issue of service details of public officials since before the decision of the Supreme Court in the case of <i>Girish Ramchandra Deshpande</i> in 2012 the prevailing thinking of the CIC was that details of disciplinary proceedings against public officials are not covered by section 8(1)(j), however this thinking has now taken a U-turn as the Supreme Court's understanding of the right to privacy has taken stronger roots and such information is now outside the scope of the RTI Act, unless a larger public interest in the disclosure can be shown.</p>
<p style="text-align: justify; ">The ambiguity that arises in application when trying to balance the right to privacy against the right to information is a drawback in incorporating only a principle and leaving the language ambiguous in any legislation. This paper does not advocate that the legislature try to list out all the instances of this problem that are possibly imaginable, this would be too time consuming and may even be counterproductive. However, it is possible for the legislature to adopt an accepted practice of legislative drafting and list certain instances where there is an obvious balancing required between the two rights and put them as "<i>Illustrations</i>" to the section. This device has been utilised to great effect by some of the most fundamental legislations in India such as the Contract Act, 1872 and the Indian Penal Code, 1860. An alternative to this approach could be to utilize the approach taken in the Australian Freedom of Information Act, where the Act itself gives certain factors which should be considered to determine whether access to a particular document would be in the public interest or not.</p>
<h2 style="text-align: justify; "><b>List of References</b></h2>
<p style="text-align: justify; "><span style="text-decoration: underline;"><b>Primary Sources</b></span></p>
<p style="text-align: justify; ">1. Australia Freedom of Information Act, 1982.</p>
<p style="text-align: justify; ">2. <i>Bennet Coleman</i> v. <i>Union of India</i>, AIR 1973 SC 106.</p>
<p style="text-align: justify; ">3. <i>Bhagat Singh </i>v. <i>Chief Information Commissioner, </i>2008 (64) AIC 284 (Del).</p>
<p style="text-align: justify; ">4. Calcutta High Court, WP (W) No. 33290 of 2013, dated 20-11-2013.</p>
<p style="text-align: justify; ">5. Canadian Access to Information Act.</p>
<p style="text-align: justify; ">6. <i>Canara Bank</i> v. <i>Chief Information Commissioner</i>, 2007 (58) AIC Ker 667</p>
<p style="text-align: justify; ">7. Constitution of India, 1950.</p>
<p style="text-align: justify; ">8. <i>Govind</i> v. <i>State of M.P.</i>, Supreme Court of India, WP No. 72 of 1970, dated 18-03-1975.</p>
<p style="text-align: justify; ">9. <i>Haryana Public Service Commission </i>v. <i>State Information Commission, </i>AIR 2009 P & H 14.</p>
<p style="text-align: justify; ">10. <i>Jamia Millia Islamia v. Sh. Ikramuddin</i>, Delhi High Court, WP(C) 5677 of 2011 dated 22-11-2011.</p>
<p style="text-align: justify; ">11. <i>Jitendra Singh</i> v. <i>State of U.P.</i>, 2008 (66) AIC 685 (All).</p>
<p style="text-align: justify; ">12. <i>Kharak Singh</i> v. <i>State of U.P.</i>, AIR 1963 SC 129.</p>
<p style="text-align: justify; ">13. <i>Maneka Gandhi </i>v. <i>Union of India</i>, Supreme Court of India, WP No. 231 of 1977, dated 25-01-1978.</p>
<p style="text-align: justify; ">14. <i>Naz Foundation</i> Delhi High Court, WP(C) No.7455/2001 dated 02-07-2009.</p>
<p style="text-align: justify; ">15. <i>P.C. Wadhwa</i> v. <i>Central Information Commission</i>, Punjab and Haryana High Court, LPA No. 1252 of 2009 dated 29-11-2010.</p>
<p style="text-align: justify; ">16. <i>Paardarshita Public Welfare Foundation</i> v. <i>Union of India and others</i>, AIR 2011 Del 82.</p>
<p style="text-align: justify; ">17. <i>President's Secretariat</i> v. <i>Nitish Kumar Tripathi</i>, Delhi High Court, WP (C) 3382 of 2012, dated 14-06-2012.</p>
<p style="text-align: justify; ">18. <i>Public Information Officer</i> v. <i>Andhra Pradesh Information Commission</i>,2009 (76) AIC 854 (AP).</p>
<p style="text-align: justify; ">19. <i>R. Rajagopal v. Union of India</i>, Supreme Court of India, dated 7-10-1994.</p>
<p style="text-align: justify; ">20. <i>Rajendra Vasantlal Shah</i> v. <i>Central Information Commissioner, New Delhi</i>, AIR 2011 Guj 70.</p>
<p style="text-align: justify; ">21. <i>Rajinder Jaina</i> v. <i>Central Information Commission</i>, 2010 (86) AIC 510 (Del. H.C.).</p>
<p style="text-align: justify; ">22. Right to Information Act, 2005</p>
<p style="text-align: justify; ">23. <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra,</i> Delhi High Court - Full Bench, LPA No.501/2009, dated 12-01-2010.</p>
<p style="text-align: justify; ">24. <i>Srikant Pandaya</i> v. <i>State of M.P.</i>, AIR 2011 MP 14.</p>
<p style="text-align: justify; ">25. <i>Surendra Singh </i>v. <i>State of U.P</i>, AIR 2009 Alld. 106.</p>
<p style="text-align: justify; ">26. <i>Surup Singh Hyra Naik</i> v. <i>State of Maharashtra</i>, 2007 (58) AIC 739 (Bom).</p>
<p style="text-align: justify; ">27. <i>Tata Press Ltd. </i>v.<i> Maharashtra Telephone Nigam Ltd.</i>, (1995) 5 SCC 139.</p>
<p style="text-align: justify; ">28. U.K. Freedom of Information Act, 2000.</p>
<p style="text-align: justify; ">29. <i>UCO Bank</i> v. <i>Central Information Commissioner and another</i>, 2009 (79) AIC 545 (P&H).</p>
<p style="text-align: justify; ">30. <i>Union Centre for Earth Science Studies </i>v. <i>Anson Sebastian, </i>AIR 2010 Ker. 151</p>
<p style="text-align: justify; ">31. <i>Union of India</i> v. <i>Hardev Singh</i> WP(C) 3444 of 2012 dated 23-08-2013.</p>
<p style="text-align: justify; ">32. <i>Union of India </i>v. <i>Rajesh Bhatia</i> WP(C) 2232/2012 dated 17-09-2013.</p>
<p style="text-align: justify; ">33. <i>Union Public Service Commission </i>v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 ( for stay), dated 13-07-2012.</p>
<p style="text-align: justify; ">34. <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
<p style="text-align: justify; "><span style="text-decoration: underline;"><b>Secondary Sources</b></span></p>
<p style="text-align: justify; ">1. "Country Report for U.K.", Privacy International, available at <a href="https://www.privacyinternational.org/reports/united-kingdom">https://www.privacyinternational.org/reports/united-kingdom</a>.</p>
<p style="text-align: justify; ">2. "Country Report for Australia", Privacy International, available at <a href="https://www.privacyinternational.org/reports/australia">https://www.privacyinternational.org/reports/australia</a>.</p>
<p style="text-align: justify; ">3. "Country Report for Canada", Privacy International, available at <a href="https://www.privacyinternational.org/reports/canada">https://www.privacyinternational.org/reports/canada</a>.</p>
<div style="text-align: justify; ">
<hr />
<div id="ftn1">
<p><a href="#_ftnref1" name="_ftn1">[1]</a> AIR 1973 SC 106. This case held that the freedom of the press embodies in itself the right of the people to read.</p>
</div>
<div id="ftn2">
<p><a href="#_ftnref2" name="_ftn2">[2]</a> (1995) 5 SCC 139.</p>
</div>
<div id="ftn3">
<p><a href="#_ftnref3" name="_ftn3">[3]</a> AIR 1963 SC 129.</p>
</div>
<div id="ftn4">
<p><a href="#_ftnref4" name="_ftn4">[4]</a> Supreme Court of India, WP No. 72 of 1970, dated 18-03-1975.</p>
</div>
<div id="ftn5">
<p><a href="#_ftnref5" name="_ftn5">[5]</a> Section 8(1) in its entirety states as follows:</p>
<p>(1) Notwithstanding anything contained in this Act, there shall be no obligation to give any citizen,-</p>
<p>(a) information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence;</p>
<p>(b) information which has been expressly forbidden to be published by any court of law or tribunal or the disclosure of which may constitute contempt of court;</p>
<p>(c) information, the disclosure of which would cause a breach of privilege of Parliament or the State Legislature;</p>
<p>(d) information including commercial confidence, trade secrets or intellectual property, the disclosure of which would harm the competitive position of a third party, unless the competent authority is satisfied that larger public interest warrants the disclosure of such information;</p>
<p>(e) information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information;</p>
<p>(f) information received in confidence from foreign Government;</p>
<p>(g) information, the disclosure of which would endanger the life or physical safety of any person or identify the source of information or assistance given in confidence for law enforcement or security purposes;</p>
<p>(h) information which would impede the process of investigation or apprehension or prosecution of offenders;</p>
<p>(i) cabinet papers including records of deliberations of the Council of Ministers, Secretaries and other officers:</p>
<p>Provided that the decisions of Council of Ministers, the reasons thereof, and the material on the basis of which the decisions were taken shall be made public after the decision has been taken, and the matter is complete, or over:</p>
<p>Provided further that those matters which come under the exemptions specified in this section shall not be disclosed;</p>
<p>(j) information which relates to personal information the disclosure of which has no relationship to any public activity or interest, or which would cause unwarranted invasion of the privacy of the individual unless the Central Public Information Officer or the State Public Information Officer or the appellate authority, as the case may be, is satisfied that the larger public interest justifies the disclosure of such information:</p>
<p>Provided that the information which cannot be denied to the Parliament or a State Legislature shall not be denied to any person.</p>
</div>
<div id="ftn6">
<p><a href="#_ftnref6" name="_ftn6">[6]</a> Section 11 of the RTI Act.</p>
</div>
<div id="ftn7">
<p><a href="#_ftnref7" name="_ftn7">[7]</a> <i>The Registrar General</i> v. <i>A. Kanagaraj</i>, (Madras High Court, 14 June 2013, available at http://www.indiankanoon.org/doc/36226888/.</p>
</div>
<div id="ftn8">
<p><a href="#_ftnref8" name="_ftn8">[8]</a> Arvind Kejriwal v. Central Public Information Officer, (Delhi High Court, 30 September 2011, available at http://www.indiankanoon.org/doc/1923225/.</p>
</div>
<div id="ftn9">
<p><a href="#_ftnref9" name="_ftn9">[9]</a> Sections 40 and 41 of the U.K. Freedom of Information Act, 2000.</p>
</div>
<div id="ftn10">
<p><a href="#_ftnref10" name="_ftn10">[10]</a> Section 11A read with section 47-F of the Australia Freedom of Information Act, 1982.</p>
</div>
<div id="ftn11">
<p><a href="#_ftnref11" name="_ftn11">[11]</a> Section 19 of the Canadian Access to Information Act.</p>
</div>
<div id="ftn12">
<p><a href="#_ftnref12" name="_ftn12">[12]</a> <i>Public Information Officer</i> v. <i>Andhra Pradesh Information Commission</i>,2009 (76) AIC 854 (AP).</p>
</div>
<div id="ftn13">
<p><a href="#_ftnref13" name="_ftn13">[13]</a> <i>Bhagat Singh </i> v. <i>Chief Information Commissioner, </i>2008 (64) AIC 284 (Del).</p>
</div>
<div id="ftn14">
<p><a href="#_ftnref14" name="_ftn14">[14]</a> Articles 14, 19(1)(a) and 21 of the Constitution of India, 1950.</p>
</div>
<div id="ftn15">
<p><a href="#_ftnref15" name="_ftn15">[15]</a> Calcutta High Court, WP(W) No. 33290 of 2013, dated 20-11-2013.</p>
</div>
<div id="ftn16">
<p><a href="#_ftnref16" name="_ftn16">[16]</a> <i>Jitendra Singh</i> v. <i>State of U.P.</i>, 2008 (66) AIC 685 (All).</p>
</div>
<div id="ftn17">
<p><a href="#_ftnref17" name="_ftn17">[17]</a> <i>Surup Singh Hyra Naik</i> v. <i>State of Maharashtra</i>, 2007 (58) AIC 739 (Bom).</p>
</div>
<div id="ftn18">
<p><a href="#_ftnref18" name="_ftn18">[18]</a> <i>Surup Singh Hyra Naik</i> v. <i>State of Maharashtra</i>, 2007 (58) AIC 739 (Bom), para 14. Where the Court held that since the medical records of a convict cannot be denied to Parliament or State legislature therefore they cannot be exempted from disclosure under the Act.</p>
</div>
<div id="ftn19">
<p><a href="#_ftnref19" name="_ftn19">[19]</a> <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
</div>
<div id="ftn20">
<p><a href="#_ftnref20" name="_ftn20">[20]</a> <i>Union Public Service Commission </i> v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 ( for stay), dated 13-07-2012.</p>
</div>
<div id="ftn21">
<p><a href="#_ftnref21" name="_ftn21">[21]</a> <i>Union Public Service Commission </i> v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 ( for stay), dated 13-07-2012.</p>
</div>
<div id="ftn22">
<p><a href="#_ftnref22" name="_ftn22">[22]</a> <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
</div>
<div id="ftn23">
<p><a href="#_ftnref23" name="_ftn23">[23]</a> <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra,</i> Delhi High Court - Full Bench, LPA No.501/2009, dated 12-01-2010.</p>
</div>
<div id="ftn24">
<p><a href="#_ftnref24" name="_ftn24">[24]</a> <i>Jamia Millia Islamia v. Sh. Ikramuddin</i> , Delhi High Court, WP(C) 5677 of 2011 dated 22-11-2011.</p>
</div>
<div id="ftn25">
<p><a href="#_ftnref25" name="_ftn25">[25]</a> <i>Union Public Service Commission </i> v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 ( for stay), dated 13-07-2012.</p>
</div>
<div id="ftn26">
<p><a href="#_ftnref26" name="_ftn26">[26]</a> <i>Union Public Service Commission </i> v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 ( for stay), dated 13-07-2012.</p>
</div>
<div id="ftn27">
<p><a href="#_ftnref27" name="_ftn27">[27]</a> AIR 1963 SC 129.<i> </i></p>
</div>
<div id="ftn28">
<p><a href="#_ftnref28" name="_ftn28">[28]</a> Delhi High Court, WP(C) No.7455/2001 dated 02-07-2009.</p>
</div>
<div id="ftn29">
<p><a href="#_ftnref29" name="_ftn29">[29]</a> <i>Union Public Service Commission </i> v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 (for stay), dated 13-07-2012. This ruling was overturned by a Division Bench of the High Court relying upon a subsequent Supreme Court ruling, however, it could be argued that the Division Bench did not per se disagree with the discussion and the principles laid down in this case, but only the way they were applied.</p>
</div>
<div id="ftn30">
<p><a href="#_ftnref30" name="_ftn30">[30]</a> <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
</div>
<div id="ftn31">
<p><a href="#_ftnref31" name="_ftn31">[31]</a> Right to equality.</p>
</div>
<div id="ftn32">
<p><a href="#_ftnref32" name="_ftn32">[32]</a> Freedom of speech and expression.</p>
</div>
<div id="ftn33">
<p><a href="#_ftnref33" name="_ftn33">[33]</a> Right to life.</p>
</div>
<div id="ftn34">
<p><a href="#_ftnref34" name="_ftn34">[34]</a> Article 19(2) of the Constitution of India, 1950.</p>
</div>
<div id="ftn35">
<p><a href="#_ftnref35" name="_ftn35">[35]</a> Article 19(5) of the Constitution of India, 1950.</p>
</div>
<div id="ftn36">
<p><a href="#_ftnref36" name="_ftn36">[36]</a> <i>Maneka Gandhi </i> v. <i>Union of India</i>, Supreme Court of India, WP No. 231 of 1977, dated 25-01-1978. The test laid down in this case is universally considered to be that the procedure established by law which restricts the fundamental right should be just, fair and reasonable.</p>
</div>
<div id="ftn37">
<p><a href="#_ftnref37" name="_ftn37">[37]</a> <i>Govind </i> v.<i> State of M.P</i><i>.</i>, Supreme Court of India, WP No. 72 of 1970, dated 18-03-1975.</p>
</div>
<div id="ftn38">
<p><a href="#_ftnref38" name="_ftn38">[38]</a> <i>Govind </i> v.<i> State of M.P</i><i>.</i>,<i> </i>Supreme Court of India, WP No. 72 of 1970, dated 18-03-1975.</p>
</div>
<div id="ftn39">
<p><a href="#_ftnref39" name="_ftn39">[39]</a> <i>Govind </i> v.<i> State of M.P</i><i>.</i>, Supreme Court of India, WP No. 72 of 1970, dated 18-03-1975. However the Court later used phrases such as "reasonable restriction in public interest" and "reasonable restriction upon it for compelling interest of State" interchangeably which seems to suggest that the terms "compelling public interest" and "compelling state interest" used by the Court are being used synonymously and the Court does not draw any distinction between them. It is also important to note that the wider phrase "countervailing interest is shown to be superior" seems to suggest that it is possible, atleast in theory, to have other interests apart from public interest or state interest also which could trump the right to privacy.</p>
</div>
<div id="ftn40">
<p><a href="#_ftnref40" name="_ftn40">[40]</a> <i>R. Rajagopal v. Union of India</i> , Supreme Court of India, dated 7-10-1994. These tests have been listed as one group since they are all applicable in the specific context of publication of private information.</p>
</div>
<div id="ftn41">
<p><a href="#_ftnref41" name="_ftn41">[41]</a> <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
</div>
<div id="ftn42">
<p><a href="#_ftnref42" name="_ftn42">[42]</a> <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra,</i> Delhi High Court - Full Bench, LPA No.501/2009, dated 12-01-2010. Also see <i>Vijay Prakash</i> v. <i>Union of India</i>, 2009 (82) AIC 583 (Del).</p>
</div>
<div id="ftn43">
<p><a href="#_ftnref43" name="_ftn43">[43]</a> <i>Canara Bank</i> v. <i>Chief Information Commissioner</i>, 2007 (58) AIC Ker 667. This case also held that information cannot be denied on the ground that it would be too voluminous.</p>
</div>
<div id="ftn44">
<p><a href="#_ftnref44" name="_ftn44">[44]</a> <i>Union Centre for Earth Science Studies </i> v. <i>Anson Sebastian, </i>AIR 2010 Ker. 151; <i>Union Public Service Commission </i>v. <i>R.K. Jain</i>, Delhi High Court W.P.(C) 1243/2011 & C.M. No. 2618/2011 (for stay), dated 13-07-2012</p>
</div>
<div id="ftn45">
<p><a href="#_ftnref45" name="_ftn45">[45]</a> 2012 (119) AIC 105 (SC).</p>
</div>
<div id="ftn46">
<p><a href="#_ftnref46" name="_ftn46">[46]</a> <i>Girish Ramchandra Deshpande</i> v. <i>Central Information Commissioner</i>, 2012 (119) AIC 105 (SC).</p>
</div>
<div id="ftn47">
<p><a href="#_ftnref47" name="_ftn47">[47]</a> <i>Girish Ramchandra Deshpande</i> v. <i>Central Information Commissioner</i>, 2012 (119) AIC 105 (SC).</p>
</div>
<div id="ftn48">
<p><a href="#_ftnref48" name="_ftn48">[48]</a> <i>Canara Bank</i> v. <i>Chief Information Commissioner</i>, 2007 (58) AIC Ker 667.</p>
</div>
<div id="ftn49">
<p><a href="#_ftnref49" name="_ftn49">[49]</a> <i>Haryana Public Service Commission </i> v. <i>State Information Commission, </i>AIR 2009 P & H 14.</p>
</div>
<div id="ftn50">
<p><a href="#_ftnref50" name="_ftn50">[50]</a> <i>UCO Bank</i> v. <i>Central Information Commissioner and another</i>, 2009 (79) AIC 545 (P&H).</p>
</div>
<div id="ftn51">
<p><a href="#_ftnref51" name="_ftn51">[51]</a> <i>Surendra Singh </i> v. <i>State of U.P</i>, AIR 2009 Alld. 106.</p>
</div>
<div id="ftn52">
<p><a href="#_ftnref52" name="_ftn52">[52]</a> <i>Girish Ramchandra Deshpande</i> v. <i>Central Information Commissioner</i>, 2012 (119) AIC 105 (SC).</p>
</div>
<div id="ftn53">
<p><a href="#_ftnref53" name="_ftn53">[53]</a> <i>Girish Ramchandra Deshpande</i> v. <i>Central Information Commissioner</i>, 2012 (119) AIC 105 (SC).</p>
</div>
<div id="ftn54">
<p><a href="#_ftnref54" name="_ftn54">[54]</a> <i>R.K. Jain</i> v. <i>Union Public Service Commission</i>, Delhi High Court, LPA No. 618 of 2012, dated 12-11-2012.</p>
</div>
<div id="ftn55">
<p><a href="#_ftnref55" name="_ftn55">[55]</a> <i>Secretary General, Supreme Court of India</i> v. <i>Subhash Chandra,</i> Delhi High Court - Full Bench, LPA No.501/2009, dated 12-01-2010.</p>
</div>
<div id="ftn56">
<p><a href="#_ftnref56" name="_ftn56">[56]</a> <i>Srikant Pandaya</i> v. <i>State of M.P.</i>, AIR 2011 MP 14.</p>
</div>
<div id="ftn57">
<p><a href="#_ftnref57" name="_ftn57">[57]</a> <i>Paardarshita Public Welfare Foundation</i> v. <i>Union of India and others</i>, AIR 2011 Del 82. It must be mentioned that this case was not exactly under the procedure prescribed under the RTI Act but was a public interest litigation although the courts relied upon the provisions of the RTI Act.</p>
</div>
<div id="ftn58">
<p><a href="#_ftnref58" name="_ftn58">[58]</a> WP(C) 3444 of 2012 dated 23-08-2013.</p>
</div>
<div id="ftn59">
<p><a href="#_ftnref59" name="_ftn59">[59]</a> WP(C) 2232/2012 dated 17-09-2013.</p>
</div>
<div id="ftn60">
<p><a href="#_ftnref60" name="_ftn60">[60]</a> <i>President's Secretariat</i> v. <i>Nitish Kumar Tripathi</i>, Delhi High Court, WP (C) 3382 of 2012, dated 14-06-2012.</p>
</div>
<div id="ftn61">
<p><a href="#_ftnref61" name="_ftn61">[61]</a> <i>P.C. Wadhwa</i> v. <i>Central Information Commission</i>, Punjab and Haryana High Court, LPA No. 1252 of 2009 dated 29-11-2010.</p>
</div>
<div id="ftn62">
<p><a href="#_ftnref62" name="_ftn62">[62]</a> <i>Rajinder Jaina</i> v. <i>Central Information Commission</i>, 2010 (86) AIC 510 (Del. H.C.).</p>
</div>
<div id="ftn63">
<p><a href="#_ftnref63" name="_ftn63">[63]</a> <i>Rajendra Vasantlal Shah</i> v. <i>Central Information Commissioner, New Delhi</i>, AIR 2011 Guj 70.</p>
</div>
</div>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/white-paper-on-rti-and-privacy-v-1.2'>https://cis-india.org/internet-governance/blog/white-paper-on-rti-and-privacy-v-1.2</a>
</p>
No publishervipulFeaturedHomepageInternet GovernancePrivacy2014-11-09T02:53:51ZBlog EntryWhite Paper on Data Protection and Privacy
https://cis-india.org/internet-governance/news/white-paper-on-data-protection-and-privacy
<b>National Institute of Public Finance and Policy is organizing a roundtable on data protection and privacy in New Delhi on March 8, 2018. Sunil Abraham is participating as a moderator in the session on Rights and Protections. Amber Sinha is also participating as a panelist.</b>
<p>Agenda <a class="external-link" href="http://cis-india.org/internet-governance/files/white-paper-on-data-protection-and-privacy/">here</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/news/white-paper-on-data-protection-and-privacy'>https://cis-india.org/internet-governance/news/white-paper-on-data-protection-and-privacy</a>
</p>
No publisherAdminInternet GovernancePrivacy2018-03-07T14:57:53ZNews ItemWherever you are, whatever you do
https://cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do
<b>Facebook recently launched a location-based service called Places. Privacy advocates are resenting to this new development. Sunil Abraham identifies the three prime reasons for this outcry against Facebook. The article was published in the Indian Express on 23 August, 2010.</b>
<p>Privacy activists are up in arms again, at Facebook’s recent launch of a new location-based service called Places. But what’s the new issue here? For years, telecom operators have been able to roughly locate you by triangulating the signal strength between the three nearest cell towers. In India, geo-location is part of the call logs maintained by the operator. That is how the police was able to determine that Bangalore resident Sathish Gupta killed his wife Priyanka. He took her mobile with him during a jog with his friend and then faked a phone call as an alibi. He knew that the time-stamps on the call logs would corroborate his lies. But the location-data nailed him. So, in short, the state and telecom operators know where you are even if you don’t have a smartphone with GPS support.</p>
<p>For those who can afford it? GPS support provides greater accuracy and reliability, independent of telecom signal strength. The immediate and future benefits are huge. For parents, MyKidIsSafe.com, allows them to create a geo-fence and receive automatic notification when the child leaves the safety zone. In combination with RFID, businesses are able to provide their customers with accurate updates regarding status of deliveries. The Karnataka police is able to verify that the police inspector issuing the challan using a Blackberry for a traffic violation is not doing it from home. Seven hundred and fifty thousand gay men from 162 countries use a geo-social network called Grindr to find love. In the future, most car-pooling services will be GPS-enabled. Geo-location-based crowd-sourcing will be used to predict and avoid traffic jams by measuring the density and velocity of mobile phones on various routes.</p>
<p>Privacy advocates worry that after helping the police solve crimes and fight terrrorism, telecom companies retain the logs instead of deleting, anonymising or obfuscating them. Especially so in India, given the lack of privacy laws, telecom operators, web and mobile service providers could retain the logs for customer profiling or worse still, sell the raw data or analysis to third parties. Cyber-stalkers, child molesters and rapists benefit. Cat burglars will know when you are away and be able to clean out your house in a more relaxed fashion. Geo-surveillance by a state, obsessed with terrorism, will have negligible benefits while extracting a huge social cost and significantly undermining national security.</p>
<p>So why this particular outcry against the world’s most successful social networking website? There are three reasons that come immediately to mind. First, Facebook has a terrible record with privacy. In the last five years, the default settings have moved from one where no personal data was available for anonymous access to one with anonymous access to everything except birthday and contact information. And these are settings that affect the majority of the half a billion people who don’t bother changing default settings. So there is no guarantee that Facebook will not get more intrusive with its default geo-location privacy settings.</p>
<p>Second, a friend can geo-tag you without requiring you to approve or confirm this. Once you are geo-tagged, all your common friends will be notified through the friend-feed system. This is similar to the current system of photo sharing. A friend can upload a inappropriate photograph and tag you almost instantly all your work-mates who also happen to be your Facebook friends get a notification via the feed. Of course, you can always untag the photo, change the settings and defriend the culprit but by then the damage is usually done.</p>
<p>Third, the Facebook user-interface for privacy settings is notoriously complex and cumbersome. Many users will think that they have managed to bolt down the security settings when in fact their personal data will remain all up for grabs. The half a million third-party products available today on the Facebook platform only compounds this problem.</p>
<p>Read the original in the<a class="external-link" href="http://www.indianexpress.com/news/Wherever-you-are--whatever-you-do/663810"> Indian Express</a></p>
<p>
For more details visit <a href='https://cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do'>https://cis-india.org/internet-governance/blog/wherever-you-are-whatever-you-do</a>
</p>
No publishersunilInternet Governance2012-03-21T10:12:05ZBlog Entry