Centre for Internet and Society

Misuse of Surveillance Powers in India (Case 1)

pranesh — 2013-12-06T09:37:24Z

In this series of blog posts, Pranesh Prakash looks at a brief history of misuse of surveillance powers in India. He notes that the government's surveillance powers have been freqently misused, very often without any kind of judicial or political redressal. This, he argues, should lead us as concerned citizens to demand a scaling down of the government's surveillance powers and pass laws to put it place more robust oversight mechanisms.

Case 1: Unlawful Phone-tapping in Himachal Pradesh

In December 2012, the government changed in Himachal Pradesh. The Bharatiya Janata Party (BJP) went out of power, and the Indian National Congress (INC) came into power. One of the first things that Chief Minister Virbhadra Singh did, within hours of taking his oath as Chief Minister on December 25, 2012, was to get a Special Investigation Team (SIT) to investigate phone tapping during the BJP government’s tenure.

On December 25th and 26th, 12 hard disk drives were seized from the offices of the Crime Investigation Department (CID) and the Vigilance Department (which is supposed to be an oversight mechanism over the rest of the police). These hard disks showed that 1371¹ phone numbers were targetted and hundreds of thousands of phone conversations were recorded. These included conversations of prominent leaders “mainly of” the INC but also from the BJP, including three former cabinet ministers and close relatives of multiple chief ministers, a journalist, and many senior police officials, including the Director General of Police.

Violations of the Law

While the law required the state’s Home Secretary to grant permission for each person that was being tapped, the Home Secretary had legitimately only granted permission in 34² cases. This leaves over a thousand cases where phones were tapped illegally, in direct violation of the law. The oversight mechanism provided in the law, namely the Review Committee under Rule 419A of the Indian Telegraph Rules, was utterly powerless to check this. Indeed, the internal checks for the police, namely the Vigilance Department, also seems to have failed spectacularly.

Every private telecom company cooperated in this unlawful surveillance, even though the people who were conducting it did so without proper legal authority. Clearly we need to revise our interception rules to ensure that these telecom companies do not cooperate unless they are served with an order digitally signed by the Home Secretary.

While all interception recordings are required to be destroyed within 6 months as per Rule 419A of the Indian Telegraph Rules, that rule was also evidently ignored and conversations going back to 2009 were being stored.

Concluding Concerns

What should concern us is not merely that such a large number of politicians/police officers were tapped, but that no criminal charges were brought about on the basis of these phone taps, indicating that much of it was being used for political purposes.

What should concern us is that the requirement under Section 5 of the Indian Telegraph Act, which covers phone taps, of the existence of a “public emergency” or endangerment of “public safety”, which is a prerequisite of phone taps as per the law and as emphasised by the Supreme Court in 1996 in the PUCL judgment, were blatantly ignored.

What should concern us is that it took a change in government to actually uncover this sordid tale.

1385 according to a Hindustan Times report [1]: http://indiatoday.intoday.in/story/himachal-pradesh-police-registers-first-fir-in-phone-tapping-scandal/1/285698.html↩
A Zee News report states 34 while it’s 171 according to a Mail Today report ↩

For more details visit https://cis-india.org/internet-governance/blog/misuse-surveillance-powers-india-case1

Tweets from Bali IGF 2013

pranesh — 2013-10-28T09:09:16Z

CIS is logging all tweets with the words "igf2013", "igf13", "igf", "bestbits", and "genderit" during the Intenet Governance Forum going on in the Bali this week, and making it available in downloadable files.

To enable research by those who don't want to mess around with Twitter's APIs, we are making available CSV files available to the general public. These files can be opened up in any spreadsheet software (including web-based ones), or even in a text editor.

These files will be updated with the latest version at the end of each evening in Bali.

If you have any ideas as to other keywords we should capture, or about visualizations that we should engage in, do get in touch with pranesh AT cis-india DOT org.

For more details visit https://cis-india.org/internet-governance/blog/tweets-from-igf2013

Tweets with "BestBits"

pranesh — 2013-10-28T08:46:54Z

Tweets with "BestBits".

For more details visit https://cis-india.org/internet-governance/resources/20131021T092108_bestbits

Tweets with "IGF13"

pranesh — 2013-10-28T06:29:42Z

Tweets with "IGF13".

For more details visit https://cis-india.org/internet-governance/resources/20131021T090102_igf13

Tweets with "IGF2013"

pranesh — 2013-10-28T06:37:58Z

Tweets with "IGF2013".

For more details visit https://cis-india.org/internet-governance/resources/20131021T090102_igf2013

Tweets with "IGF"

pranesh — 2013-10-28T06:55:37Z

For more details visit https://cis-india.org/internet-governance/resources/20131021T090102_igf

Copyrights and Copywrongs Why the Government Should Embrace the Public Domain

pranesh — 2013-09-06T04:56:42Z

Each of you reading this article is a criminal and should be jailed for up to three years. Yes, you. "Why?," you may ask.

This article by Pranesh Prakash was published in Yojana, Issue: August 2013.

Have you ever whistled a tune or sung a film song aloud? Have you ever retold a joke? Have you replied to an e-mail without deleting the copy of that e-mail that automatically added to the reply? Or photocopied pages from a book? Have you ever used an image from the Internet in presentation? Have you ever surfed the Internet at work, used the the 'share' button on a website, or retweeted anything on Twitter? And before 2012, did you ever use a search engine?

If you have done any of the above without the permission of the copyright holder, you might well have been in violation of the Indian Copyright Act, since in each of those examples you're creating a copy or are otherwise infringing the rights of the copyright holder. Interestingly, it was only through an amendment in 2012 that search engines (like Google and Yahoo) were legalized.

Traditional Justifications for Copyright

Copyright is one among the many forms of intellectual property rights. Across differing theories of copyright, two broad categories may be made. The first category would be those countries where copyright is intended to benefit society, the other where it is intended to benefit the author. Within the second category, there can again be two subcategories: those that see the need to benefit the author due to notions of natural justice and those that see the need to provide incentives for authors to create. Incentives to create are necessary only when the act of creation itself is valuable (and more so than the creator). The act of creation is valued highly as it directly benefits society. Thus, it is seen that the second sub-category is closer to the societal benefit theory than the natural justice sub-category. In the United States, the wording of the Progress Clause makes things clear that copyright is for the benefit of the public, and the author is only given secondary consideration. It is in light of this that the U.S. Supreme Court said,
"The monopoly privileges that Congress may authorize are neither unlimited nor primarily designed to provide a special private benefit. Rather, the limited grant is a means by which an important public purpose may be achieved. It is intended to motivate the creative activity of authors and inventors by the provision of a special reward, and to allow the public access to the products of their genius after the limited period of exclusive control has expired."

Economic theories of copyright see copyright as an incentive mechanism, designed to encourage creators to produce material because they would be able to recover costs and make a profit due to the exclusionary rights that copyright law grants. Thus, the ideal period of copyright for any material, under the economic theory would be the minimum period required for a person to recoup the costs that go into the production of that material. Allowing for the great-grandchildren of the author to benefit from the author’s work would actually go against the incentive mechanism. Even if the author is motivated enough to put in even more hard work to provide for her great-grandchildren, her children, grandchildren, and great-grandchildren wouldn’t have any incentive to create for themselves (as the incentive is seen purely in terms of economics, and not in terms of creative urge, etc.), as they are already provided for by copyright. Thus, in a sense, the shift towards longer periods of copyright terms that we are seeing today can be seen as a shift from the incentive-based model to a rewards-based model of copyright.

The other standard theory of copyright justification is the natural rights theory, which deems intellectual property the fruit of the author’s labour, thus entitling them to complete control over that fruit. This brings us to the conception of property itself, and the Lockean and Hegelian justifications for personal property is what is most often used to back such an argument up.

There are many problems with the natural rights theory of intellectual property. If that theory were to hold water, copyright law would accord greater precedence to authors than to publishers. Yet, we see that it is publishers primarily, and not authors, who get benefit of copyright. The "work for hire" doctrine, embodied in Section 17 of the Copyright Act, holds that it is the employer who is treated as the owner of copyright, not the author. This plainly contradicts that natural rights theory. And it also raises the question of why we should protect certain kinds of knowledge investments in the first place. Publishing is a business, and all risks inherent with other businesses should come along with publishing. There is no reason that the State should safeguard their investment by vesting in them a right while safeguarding the investments of any other business only occasionally, and that too as an act of munificence. This problem arises because of the free transferability of copyright. This leads us to the larger problem, which is of course that of treating knowledge as a form of property. Property, as we have traditionally understood it, has a few features like excludability. Knowledge, however, does not share that feature with property. Once you know something that I created, I can’t exclude you from that knowledge that (unlike my ability to take back an apple you have stolen from me). This analysis also has the pernicious effect of excluding free speech analysis of copyright laws. An incorrect analogy is often drawn to explain why free speech analysis doesn’t work on property: you may wish to exercise your right to free speech on my front lawn, yet the State may decree that I am in full right to throw you off my property, without being accused of abridging your right to freedom of speech. So, the argument goes, enforcement of property rights is not an affront to freedom of speech. The problems with this analogy are obvious enough: the two forms of “property” cannot be equated. If you take the location of speech away, I can still speak. If, on the other hand, you restrict my ideas/expression, then I can no longer be said to have the freedom of expression.

One Size Doesn't Fit All

It is easy to see that copyright is an ill-fit for all the things that it now covers. Copyright in its present form is a historical accident, which evolved into the state it is in a very haphazard fashion. It is a colonial imposition on developing countries. It does not value that which we often value in Indian culture: tradition. Instead, copyright law values modernity and newness. It can also be seen as a trade issue imposed on us through the Trade-Related Intellectual Property Agreement (TRIPS Agreements) as part of the World Trade Organization.

Importantly, copyright is not a single well-planned scheme. In some cases — for literature, visual art works, lyrics, musical tunes, etc. — it provides rights to the artist, while in other cases — for recordings of those musical tunes, and for films — it provides rights to the producers. What are the legal reasons for this distinction? There aren't any; the distinction is a historical one (with sound recordings and films getting copyright protection after literature, etc.). At one point of time only exact copies were governed by copyright law. Hence, translations of a work were considered not to be infringement of that work (or a "derivative work"), but new independent works, since after all it takes considerable artistic effort to create a good translation of a work. However now even creating an encyclopedia based on Harry Potter (as the Harry Potter Lexicon was), is covered as infringement of the exclusive rights of the author. At one point of time photographs were not provided any copyright, being as they are, 'mere' mechanical reproductions. They were seen as not being 'creative' enough. However, around the turn of the twentieth century, that position changed, and hence every photograph you've taken of your dog is now copyrighted. According to a recent Supreme Court decision, merely adding paragraph numbering to court judgments is considered to be 'creative' enough to merit copyright protection! At one point of time, copyright existed for 14 years. Now, with the international minimum being "fifty years after the death of the author", it lasts for an average of more than a century! Once upon a time, copyright was only granted to those who wanted it and applied for it. That has now changed, and you have copyright over every single original thing that you have ever written, recorded, or otherwise affixed to a medium.

Copyright in the Digital Era

All digital activities violate copyright, since automatically copies are created on the computer's RAM, cache, etc. Because now everything is copyrighted, and copyrighted seemingly forever, each one of us violates copyright on a day-to-day basis. It is a mockery of the law when everyone is a criminal. The US President Barack Obama violated copyright law when he presented UK's Queen Elizabeth II an iPod filled with 40 songs from popular musicals like West Side Story and the King and I. When even presidents, with legal advisers cannot navigate copyright law successfully, what hopes have we ordinary people?

There is no shortage of similar examples to show that copyright law has gone out of control.

Take extradition, for instance. Augusto Pinochet was extradited, Charles Shobraj was sought to be extradited. Added to their ranks is the pimply teenager who runs TVShark, who British courts have cleared for extradition to the USA for potential violation of copyright law. The extreme injustice of copyright is easily observable if one sees the contorted map depicting net royalty inflows available on Worldmapper.org: there are a sum total of less than a dozen countries which are net exporters of IP; all other countries, including India, are net importers of IP. IP law is one area where both those who talk about social justice and those who talk about individual liberties find common ground in the monopolistic or exclusionary rights granted under copyright law. Copyright acts as a barrier to free trade, thus allowing Nelson Mandela's autobiography to be more expensive in South Africa than the United Kingdom because South Africa is prohibited by the UK publisher from importing the book from India. Mark Getty, the heir to the Getty Images fortune, once presciently observed that "IP is the oil of the 21st century".

Government Copyright

In the ivory towers of academia, there has in recent times been a clarion call that's resounding strongly: the call for open access. As the Public Library of Science states, "open access is a stands for unrestricted access and unrestricted reuse". Why is it important? "Most publishers own the rights to the articles in their journals. Anyone who wants to read the articles must pay to access them. Anyone who wants to use the articles in any way must obtain permission from the publisher and is often required to pay an additional fee. Although many researchers can access the journals they need via their institution and think that their access is free, in reality it is not. The institution has often been involved in lengthy negotiations around the price of their site license, and re-use of this content is limited." Importantly, the writers of articles (scholars) do not get paid by the publishers for their articles, and most developing countries are not able to afford the costs imposed by these scholarly publishers. Even India's premier scientific research agency, the Council for Scientific and Industrial Research, recently declared that the costs of scientific journals was beyond its means.

Why is this important? Because apart from establishing the idea of informational equity and justice, it also establishes the idea that taxpayer-funded research (as most scientific and much of academic research is) ought to belong to the public domain, and be available freely. This principle, seemingly uncontroversial, is very unfortunately not embodied in the Indian Copyright Act. Most public servants do not realize that that which they create may not be freely used by the public whom they serve.

Under the Indian Copyright Act, all creations of the government, whether by the executive, judiciary, or legislature, is by default copyrighted. This does not make sense under either of the two theories of copyright that we examined above. The government is not an 'author' who can have any form of 'natural rights' over its labour. Nor is the government incentivised to create more works if it has copyright over them. Most of the copyrighted works, such as various reports, the Gazette of India, etc., that the government creates are required to be created, and the cultural works it creates are for cultural promotion and not for commercial exploitation. Hence it makes absolutely no sense to continue with the colonial regime of 'crown copyright', when countries like the USA have suffered no ill effects by legally placing all government works in the public domain.

While there are a limited set of exceptions to government copyright provided for in the law, those are very minimal. This means that even though you are legally allowed to get a document through the Right to Information Act, publicising that document on the Internet could potentially get you jailed under the Copyright Act. This is obviously not what any government official would want. If instead of the four sub-sections that form the exception, the exception was merely one line and allowed for "the reproduction, communication to the public, or publication of any government work", then that itself would elegantly take care of the problem. This would also remove the ambiguities inherent currently in the Data.gov.in, where the central government is publishing information that it wants civil society, entrepreneurs, and other government departments to use, however there is no clarity on whether they are legally allowed to do so.

Recently, the member states of the World Intellectual Property Organization passed a treaty that would facilitate blind persons' access to books. On that occasion, at Marrakesh, I noted that intellectual property must not be seen as a good in itself, but as an instrumentalist tool which may be selectively deployed to achieve societally desirable objectives. I said: It is historic that today WIPO and its members have collectively recognized in a treaty that copyright isn't just an "engine of free expression" but can pose a significant barrier to access to knowledge. Today we recognize that blind writers are currently curtailed more by copyright law than protected by it. Today we recognize that copyright not only may be curtailed in some circumstances, but that it must be curtailed in some circumstances, even beyond the few that have been listed in the Berne Convention. One of the original framers of the Berne Convention, Swiss jurist and president, Numa Droz, recognized this in 1884 when he emphasized that "limits to absolute protection are rightly set by the public interest". And as Debabrata Saha, India's delegate to WIPO during the adoption of the WIPO Development Agenda noted, "intellectual property rights have to be viewed not as a self contained and distinct domain, but rather as an effective policy instrument for wide ranging socio-economic and technological development. The primary objective of this instrument is to maximize public welfare." When copyright doesn't serve public welfare, states must intervene, and the law must change to promote human rights, the freedom of expression and to receive and impart information, and to protect authors and consumers. Importantly, markets alone cannot be relied upon to achieve a just allocation of informational resources, as we have seen clearly from the book famine that the blind are experiencing. Marrakesh was the city in which, as Debabrata Saha noted, "the damage [of] TRIPS [was] wrought on developing countries". Now it has redeemed itself through this treaty.

The Indian government needs to similarly redeem itself by freeing governmental works, including the scientific research it funds, the archives of All India Radio, the movies that it produces through Prasar Bharati, and all other tax-payer funded works, and by returning them to the public domain, where they belong.

For more details visit https://cis-india.org/a2k/blogs/yojana-august-2013-pranesh-prakash-copyrights-and-copywrongs-why-the-govt-should-embrace-the-public-domain

Can India Trust Its Government on Privacy?

pranesh — 2013-07-15T10:35:33Z

In response to criticisms of the Centralized Monitoring System, India’s new surveillance program, the government could contend that merely having the capability to engage in mass surveillance won’t mean that it will. Officials will argue that they will still abide by the law and will ensure that each instance of interception will be authorized.

Pranesh Prakash's article was published in the New York Times on July 11, 2013.

In fact, they will argue that the program, known as C.M.S., will better safeguard citizens’ privacy: it will cut out the telecommunications companies, which can be sources of privacy leaks; it will ensure that each interception request is tracked and the recorded content duly destroyed within six months as is required under the law; and it will enable quicker interception, which will save more lives. But there are a host of reasons why the citizens of India should be skeptical of those official claims.

Cutting out telecoms will not help protect citizens from electronic snooping since these companies still have the requisite infrastructure to conduct surveillance. As long as the infrastructure exists, telecom employees will misuse it. In a 2010 report, the journalist M.A. Arun noted that “alarmingly, this correspondent also came across several instances of service providers’ employees accessing personal communication of subscribers without authorization.” Some years back, K.K. Paul, a top Delhi Police officer and now the Governor of Meghalaya, drafted a memo in which he noted mobile operators’ complaints that private individuals were misusing police contacts to tap phone calls of “opponents in trade or estranged spouses.”

India does not need to have centralized interception facilities to have centralized tracking of interception requests. To prevent unauthorized access to communications content that has been intercepted, at all points of time, the files should be encrypted using public key infrastructure. Mechanisms also exist to securely allow a chain of custody to be tracked, and to ensure the timely destruction of intercepted material after six months, as required by the law. Such technological means need to be made mandatory to prevent unauthorized access, rather than centralizing all interception capabilities.

At the moment, interception orders are given by the federal Home Secretary of India and by state home secretaries without adequate consideration. Every month at the federal level 7,000 to 9,000 phone taps are authorized or re-authorized. Even if it took just three minutes to evaluate each case, it would take 15 hours each day (without any weekends or holidays) to go through 9,000 requests. The numbers in Indian states could be worse, but one can’t be certain as statistics on surveillance across India are not available. It indicates bureaucratic callousness and indifference toward following the procedure laid down in the Telegraph Act.

In a 1975 case, the Supreme Court held that an “economic emergency” may not amount to a “public emergency.” Yet we find that of the nine central government agencies empowered to conduct interception in India, according to press reports — Central Board of Direct Taxes, Intelligence Bureau, Central Bureau of Investigation, Narcotics Control Bureau, Directorate of Revenue Intelligence, Enforcement Directorate, Research & Analysis Wing, National Investigation Agency and the Defense Intelligence Agency — three are exclusively dedicated to economic offenses.

Suspicion of tax evasion cannot legally justify a wiretap, which is why the government said it had believed that Nira Radia, a corporate lobbyist, was a spy when it defended putting a wiretap on her phone in 2008 and 2009. A 2011 report by the cabinet secretary pointed out that economic offenses might not be counted as “public emergencies,” and that the Central Board of Direct Taxes should not be empowered to intercept communications. Yet the tax department continues to be on the list of agencies empowered to conduct interceptions.

India has arrived at a scary juncture, where the multiple departments of the Indian government don’t even trust each other. India’s Department of Information Technology recently complained to the National Security Advisor that the National Technical Research Organization had hacked into National Informatics Center infrastructure and extracted sensitive data connected to various ministries. The National Technical Research Organization denied it had hacked into the servers but said hundreds of e-mail accounts of top government officials were compromised in 2012, including those of “the home secretary, the naval attaché to Tehran, several Indian missions abroad, top investigators of the Central Bureau of Investigation and the armed forces,” The Mint newspaper reported. Such incidents aggravate the fear that the Indian government might not be willing and able to protect the enormous amounts of information it is about to collect through the C.M.S.

Simply put, government entities have engaged in unofficial and illegal surveillance, and the C.M.S. is not likely to change this. In a 2010 article in Outlook, the journalist Saikat Datta described how various central and state intelligence organizations across India are illegally using off-the-air interception devices. “These systems are frequently deployed in Muslim-dominated areas of cities like Delhi, Lucknow and Hyderabad,” Mr. Datta wrote. “The systems, mounted inside cars, are sent on ‘fishing expeditions,’ randomly tuning into conversations of citizens in a bid to track down terrorists.”

The National Technical Research Organization, which is not even on the list of entities authorized to conduct interception, is one of the largest surveillance organizations in India. The Mint reported last year that the organization’s surveillance devices, “contrary to norms, were deployed more often in the national capital than in border areas” and that under new standard operating procedures issued in early 2012, the organization can only intercept signals at the international borders. The organization runs multiple facilities in Mumbai, Bangalore, Delhi, Hyderabad, Lucknow and Kolkata, in which monumental amounts of Internet traffic are captured. In Mumbai, all the traffic passing through the undersea cables there is captured, Mr. Datta found.

In the western state of Gujarat, a recent investigation by Amitabh Pathak, the director general of police, revealed that in a period of less than six months, more than 90,000 requests were made for call detail records, including for the phones of senior police and civil service officers. This high a number could not possibly have been generated from criminal investigations alone. Again, these do not seem to have led to any criminal charges against any of the people whose records were obtained. The information seems to have been collected for purposes other than national security.

India is struggling to keep track of the location of its proliferating interception devices. More than 73,000 devices to intercept mobile phone calls have been imported into India since 2005. In 2011, the federal government asked various state governments, private corporations, the army and intelligence agencies to surrender these to the government, noting that usage of any such equipment for surveillance was illegal. We don’t know how many devices were actually turned in.

These kinds of violations of privacy can have very dangerous consequences. According to the former Intelligence Bureau head in the western state of Gujarat, R.B. Sreekumar, the call records of a mobile number used by Haren Pandya, the former Gujarat home minister, were used to confirm that it was he who had provided secret testimony to the Citizens’ Tribunal, which was conducting an independent investigation of the 2002 sectarian riots in the state. Mr. Pandya was murdered in 2003.

The limited efforts to make India’s intelligence agencies more accountable have gone nowhere. In 2012, the Planning Commission of India formed a group of experts under Justice A.P. Shah, a retired Chief Justice of the Delhi High Court, to look into existing projects of the government and to suggest principles to guide a privacy law in light of international experience. (Centre for Internet and Society, where I work was part of the group). However, the government has yet to introduce a bill to protect citizens’ privacy, even though the governmental and private sector violations of Indian citizens’ privacy is growing at an alarming rate.

In February, after frequent calls by privacy activists and lawyers for greater accountability and parliamentary oversight of intelligence agencies, the Centre for Public Interest Litigation filed a case in the Supreme Court. This would, one hopes, lead to reform.

Citizens must also demand that a strong Privacy Act be enacted. In 1991, the leak of a Central Bureau of Investigation report titled “Tapping of Politicians’ Phones” prompted the rights groups, People’s Union of Civil Liberties to file a writ petition, which eventually led to a Supreme Court of India ruling that recognized the right to privacy of communications for all citizens as part of the fundamental rights of freedom of speech and of life and personal liberty. However, through the 2008 amendments to the Information Technology Act, the IT Rules framed in 2011 and the telecom licenses, the government has greatly weakened the right to privacy as recognized by the Supreme Court. The damage must be undone through a strong privacy law that safeguards the privacy of Indian citizens against both the state and corporations. The law should not only provide legal procedures, but also ensure that the government should not employ technologies that erode legal procedures.

A strong privacy law should provide strong grounds on which to hold the National Security Advisor’s mass surveillance of Indians (over 12.1 billion pieces of intelligence in one month) as unlawful. The law should ensure that Parliament, and Indian citizens, are regularly provided information on the scale of surveillance across India, and the convictions resulting from that surveillance. Individuals whose communications metadata or content is monitored or intercepted should be told about it after the passage of a reasonable amount of time. After all, the data should only be gathered if it is to charge a person of committing a crime. If such charges are not being brought, the person should be told of the incursion into his or her privacy.

The privacy law should ensure that all surveillance follows the following principles: legitimacy (is the surveillance for a legitimate, democratic purpose?), necessity (is this necessary to further that purpose? does a less invasive means exist?), proportionality and harm minimization (is this the minimum level of intrusion into privacy?), specificity (is this surveillance order limited to a specific case?) transparency (is this intrusion into privacy recorded and also eventually revealed to the data subject?), purpose limitation (is the data collected only used for the stated purpose?), and independent oversight (is the surveillance reported to a legislative committee or a privacy commissioner, and are statistics kept on surveillance conducted and criminal prosecution filings?). Constitutional courts such as the Supreme Court of India or the High Courts in the Indian states should make such determinations. Citizens should have a right to civil and criminal remedies for violations of surveillance laws.

Indian citizens should also take greater care of their own privacy and safeguard the security of their communications. The solution is to minimize usage of mobile phones and to use anonymizing technologies and end-to-end encryption while communicating on the Internet. Free and open-source software like OpenPGP can make e-mails secure. Technologies like off-the-record messaging used in apps like ChatSecure and Pidgin chat conversations, TextSecure for text messages, HTTPS Everywhere and Virtual Private Networks can prevent Internet service providers from being able to snoop, and make Internet communications anonymous.

Indian government, and especially our intelligence agencies, violate Indian citizens’ privacy without legal authority on a routine basis. It is time India stops itself from sleepwalking into a surveillance state.

For more details visit https://cis-india.org/internet-governance/blog/new-york-times-july-11-2013-can-india-trust-its-government-on-piracy

How Surveillance Works in India

pranesh — 2013-07-15T10:20:45Z

When the Indian government announced it would start a Centralized Monitoring System in 2009 to monitor telecommunications in the country, the public seemed unconcerned. When the government announced that the system, also known as C.M.S., commenced in April, the news didn’t receive much attention.

This article by Pranesh Prakash was published in the New York Times on July 10, 2013.

After a colleague at the Centre for Internet and Society wrote about the program and it was lambasted by Human Rights Watch, more reporters started covering it as a privacy issue. But it was ultimately the revelations by Edward J. Snowden about American surveillance that prompted Indians to ask questions about its own government’s surveillance programs.

In India, we have a strange mix of great amounts of transparency and very little accountability when it comes to surveillance and intelligence agencies. Many senior officials are happy to anonymously brief reporters about the state of surveillance, but there is very little that is officially made public, and still less is debated in the national press and in Parliament.

This lack of accountability is seen both in the way the Big-Brother acronyms (C.M.S., Natgrid, T.C.I.S., C.C.T.N.S., etc.) have been rolled out, as well as the murky status of the intelligence agencies. No intelligence agency in India has been created under an act of Parliament with clearly established roles and limitations on powers, and hence there is no public accountability whatsoever.

The absence of accountability has meant that the government has since 2006 been working on the C.M.S., which will integrate with the Telephone Call Interception System that is also being rolled out. The cost: around 8 billion rupees ($132 million) — more than four times the initial estimate of 1.7 billion — and even more important, our privacy and personal liberty. Under their licensing terms, all Internet service providers and telecom providers are required to provide the government direct access to all communications passing through them. However, this currently happens in a decentralized fashion, and the government in most cases has to ask the telecoms for metadata, like call detail records, visited Web sites, IP address assignments, or to carry out the interception and provide the recordings to the government. Apart from this, the government uses equipment to gain access to vast quantities of raw data traversing the Internet across multiple cities, including the data going through the undersea cables that land in Mumbai.

With the C.M.S., the government will get centralized access to all communications metadata and content traversing through all telecom networks in India. This means that the government can listen to all your calls, track a mobile phone and its user’s location, read all your text messages, personal e-mails and chat conversations. It can also see all your Google searches, Web site visits, usernames and passwords if your communications aren’t encrypted.


A man surfing a Facebook page at an internet cafe in Guwahati, Assam, on Dec. 6, 2011. Image Credit: Anupam Nath/Associated Press

You might ask: Why is this a problem when the government already had the same access, albeit in a decentralized fashion? To answer that question, one has to first examine the law.

There are no laws that allow for mass surveillance in India. The two laws covering interception are the Indian Telegraph Act of 1885 and the Information Technology Act of 2000, as amended in 2008, and they restrict lawful interception to time-limited and targeted interception.The targeted interception both these laws allow ordinarily requires case-by-case authorization by either the home secretary or the secretary of the department of information technology.

Interestingly, the colonial government framed better privacy safeguards into communications interception than did the post-independence democratic Indian state. The Telegraph Act mandates that interception of communications can only be done on account of a public emergency or for public safety. If either of those two preconditions is satisfied, then the government may cite any of the following five reasons: “the sovereignty and integrity of India, the security of the state, friendly relations with foreign states, or public order, or for preventing incitement to the commission of an offense.” In 2008, the Information Technology Act copied much of the interception provision of the Telegraph Act but removed the preconditions of public emergency or public safety, and expands the power of the government to order interception for “investigation of any offense.” The IT Act thus very substantially lowers the bar for wiretapping.

Apart from these two provisions, which apply to interception, there are many laws that cover recorded metadata, all of which have far lower standards. Under the Code of Criminal Procedure, no court order is required unless the entity is seen to be a “postal or telegraph authority” — and generally e-mail providers and social networking sites are not seen as such.

Unauthorized access to communications data is not punishable per se, which is why a private detective who gained access to the cellphone records of Arun Jaitley, a Bharatiya Janata Party leader, has been charged under the weak provision on fraud, rather than invasion of privacy. While there is a provision in the Telegraph Act to punish unlawful interception, it carries a far lesser penalty (up to three years of imprisonment) than for a citizen’s failure to assist an agency that wishes to intercept or monitor or decrypt (up to seven years of imprisonment).

To put the ridiculousness of the penalty in Sections 69 and 69 B of the IT Act provision in perspective, an Intelligence Bureau officer who spills national secrets may be imprisoned up to three years. And under the Indian Penal Code, failing to provide a document one is legally bound to provide to a public servant, the punishment can be up to one month’s imprisonment. Further, a citizen who refuses to assist an authority in decryption, as one is required to under Section 69, may simply be exercising her constitutional right against self-incrimination. For these reasons and more, these provisions of the IT Act are arguably unconstitutional.

As bad as the IT Act is, legally the government has done far worse. In the licenses that the Department of Telecommunications grants Internet service providers, cellular providers and telecoms, there are provisions that require them to provide direct access to all communications data and content even without a warrant, which is not permitted by the existing laws on interception. The licenses also force cellular providers to have ‘bulk encryption’ of less than 40 bits. (Since G.S.M. network encryption systems like A5/1, A5/2, and A5/3 have a fixed encryption bit length of 64 bits, providers in India have been known use A5/0, that is, no encryption, thus meaning any person — not just the government — can use off-the-air interception techniques to listen to your calls.)

Cybercafes (but not public phone operators) are required to maintain detailed records of clients’ identity proofs, photographs and the Web sites they have visited, for a minimum period of one year. Under the rules designed as India’s data protection law (oh, the irony!), sensitive personal data has to be shared with government agencies, if required for “purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offenses.”

Along similar lines, in the rules meant to say when an Internet intermediary may be held liable for a user’s actions, there is a provision requiring the Internet company to “provide information or any such assistance to government agencies legally authorized for investigative, protective, cybersecurity activity.” (Incoherent, vague and grammatically incorrect sentences are a consistent feature of laws drafted by the Ministry of Communications and IT; one of the telecom licenses states: “The licensee should make arrangement for monitoring simultaneous calls by government security agencies,” when clearly they meant “for simultaneous monitoring of calls.”)

In a landmark 1996 judgment, the Indian Supreme Court held that telephone tapping is a serious invasion of an individual’s privacy and that the citizens’ right to privacy has to be protected from abuse by the authorities. Given this, undoubtedly governments must have explicit permission from their legislatures to engage in any kind of broadening of electronic surveillance powers. Yet, without introducing any new laws, the government has surreptitiously granted itself powers — powers that Parliament hasn’t authorized it to exercise — by sneaking such powers into provisions in contracts and in subordinate legislation.

For more details visit https://cis-india.org/internet-governance/blog/nytimes-july-10-2013-pranesh-prakash-how-surveillance-works-in-india

India's Closing Statement at Marrakesh on the Treaty for the Blind

pranesh — 2013-07-03T11:42:17Z

This was the statement that the Government of India made at the closing of the WIPO Diplomatic Conference to Conclude a Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities (17-28 June 2013), after the Marrakesh Treaty (the "Marrakesh Treaty to Facilitate Access to Published Works for the Blind, Visually Impaired and otherwise Print Disabled") was adopted.

Mr. President,

Flexibility is the life force in conducting any work and without this no progress happens in the work. It is the presence of flexibility which gave life to the negotiation work undertaken by the member states during this Diplomatic Conference. We salute this flexibility which brought smiles on the faces of millions of blind and visually impaired persons.

Today the member states attending the WIPO Diplomatic Conference have created history by adopting the Treaty to Facilitate Access to Published Works for the Blind, Visually Impaired and otherwise Print Disabled. The treaty promotes sharing of books in any accessible format for the blind or visually impaired, and is expected to alleviate the “book famine” experienced by many of the WHO-estimated 300 million people suffering from such disability in the world. According to the World Health Organisation (WHO), India has more than 63 million visually impaired people, of whom about 8 million are blind.

Considering the importance of access to knowledge, especially to blind persons, the Indian Parliament approved amendments to India’s copyright law which includes very robust exceptions for the physically-disabled persons, which are disability-neutral and works-neutral. We are happy that member states have the flexibility to continue with their national laws after joining this treaty. This treaty removes barriers to access, recognises the right to read, establishes equal opportunities and rights for blind, visually impaired and otherwise print disabled persons who are marginalised due to lack of access to published works. We are happy to note that this treaty strikes an appropriate balance between copyright and exceptions and limitations to it.

The Indian delegation would like to thank you for your able leadership and guidance in directing all the member states to achieve the objectives of this Diplomatic Conference. We would like to congratulate and appreciate Mr. Francis Gurry, Director General of WIPO, for his able leadership and initiatives taken by him for the successful completion of this Diplomatic Conference. We also congratulate Amb. Trevor Clarke, Assistant Director General, the chairpersons of the Main Committees, Drafting Committees, Credentials Committee and the informal groups for their significant contributions. We also would like to congratulate all the member states, WBU members and millions of visually impaired persons all over the world in this regard. We would like to remember the significant and valuable contribution of the late Mr. Rahul Cherian of Inclusive Planet, an accredited NGO of WIPO, who passed away recently.

The Indian delegation believes that member states will take special interest in ratifying this treaty which is the first step towards implementation of this treaty. Further, we believe that contracts should not create problems for cross-border exchange of accessible format copies and we hope that member states will take appropriate and effective measures in implementing the objectives of this treaty. We also understand that the provisions of this treaty will facilitate translation of content in the accessible format copies in the language beneficiary persons speak and read. We also believe that this treaty will strengthen the international copyright system.

Marrakesh which has given WTO/TRIPS agreement in 1994, has indeed proved lucky again for us by giving an important multilateral treaty for blind people. The Marrakesh spirit has set an unprecedented example in solving the problems in the international norm setting and it reinforces our confidence in the WIPO's significant role in managing and implementing the international copyright system. We would like to thank all the individuals who have contributed to this treaty and made it happen by showing flexibility in negotiation, and the WIPO secretariat for their secretarial work. The Indian delegation would like to thank the Government of the Kingdom of Morocco for the excellent arrangements made for organising this conference and the hospitality shown to us.

We are happy to celebrate and see that the treaty has finally took the form of a beautiful butterfly which is liked by one and all.

Thank you.

For more details visit https://cis-india.org/a2k/blogs/india-closing-statement-marrakesh-treaty-for-the-blind

CIS's Closing Statement at Marrakesh on the Treaty for the Blind

pranesh — 2013-07-03T12:01:25Z

Pranesh Prakash read out an abridged version of this statement as his closing remarks in Marrakesh, where the WIPO Treaty for the Blind (the "Marrakesh Treaty") has been successfully concluded. The Marrakesh Treaty aims to facilitate access to published works by blind persons, persons with visual impairment, and other print disabled persons, by requiring mandatory exceptions in copyright law to enable conversions of books into accessible formats, and by enabling cross-border transfer of accessible format books.

Thank you, Mr. President.

I am truly humbled to be here today representing the Centre for Internet and Society, an Indian civil society organization. If I may assume the privilege of speaking on behalf of my blind colleagues at CIS who led much of our work on this treaty, and the many blindness organizations we have been working with over the past five years who haven't the means of being here today, I would like to thank you and all the delegates here for this important achievement. And especially, I would like to thank the World Blind Union and Knowledge Ecology International who renewed focus on this issue more than 2 decades after WIPO and UNESCO first called attention to this problem and created a "Working Group on Access by the Visually and Auditory Handicapped to Material Reproducing Works Produced by Copyright".

While doing so, I would like to remember my friend Rahul Cherian — a young, physically impaired lawyer from India — who co-founded Inclusive Planet, was a fellow with the Centre for Internet and Society, and was a legal adviser to the World Blind Union. He worked hard on this treaty for many years, but very unfortunately did not live long enough to see it becoming a reality. His presence here is missed, but I would like to think that by concluding this treaty, all the distinguished delegations here managed to honour his memory and work.

I am grateful to all the distinguished delegations here for successfully concluding a reasonably workable treaty, but especially those — such as Brazil, India, Ecuador, Nigeria, Uruguay, Egypt, South Africa, Switzerland, and numerous others — who realized they were negotiating with blind people's lives, and regarded this treaty as a means of ensuring basic human rights and dignity of the visually impaired and the print disabled, instead of regarding it merely as "copyright flexibility" to be first denied and then grudgingly conceded. The current imbalance in terms of global royalty flows and in terms of the bargaining strength of richer countries within WIPO — many of who strongly opposed the access this treaty seeks to facilitate right till the very end — is for me a stark reminder of colonialism, and I see the conclusion of this treaty as a tiny victory against it.

It is historic that today WIPO and its members have collectively recognized in a treaty that copyright isn't just an "engine of free expression" but can pose a significant barrier to access to knowledge. Today we recognize that blind writers are currently curtailed more by copyright law than protected by it. Today we recognize that copyright not only may be curtailed in some circumstances, but that it must be curtailed in some circumstances, even beyond the few that have been listed in the Berne Convention. One of the original framers of the Berne Convention, Swiss jurist and president, Numa Droz, recognized this in 1884 when he emphasized that "limits to absolute protection are rightly set by the public interest". And as Debabrata Saha, India's delegate to WIPO during the adoption of the WIPO Development Agenda noted, "intellectual property rights have to be viewed not as a self contained and distinct domain, but rather as an effective policy instrument for wide ranging socio-economic and technological development. The primary objective of this instrument is to maximize public welfare."

When copyright doesn't serve public welfare, states must intervene, and the law must change to promote human rights, the freedom of expression and to receive and impart information, and to protect authors and consumers. Importantly, markets alone cannot be relied upon to achieve a just allocation of informational resources, as we have seen clearly from the book famine that the blind are experiencing. Marrakesh was the city in which, as Debabrata Saha noted, "the damage [of] TRIPS [was] wrought on developing countries". Now it has redeemed itself through this treaty.

This treaty is an important step in recognizing that exceptions and limitations are as important a part of the international copyright acquis as the granting of rights to copyright holders. This is an important step towards fulfilling the WIPO Development Agenda. This is an important step towards fulfilling the UN Convention on the Rights of Persons with Disabilities. This is an important step towards fulfilling Article 27 of the Universal Declaration of Human Rights, Article 15 of the International Covenant on Economic Social and Cultural Rights and Article 30 of the UN Convention on Persons with Disabilities, all of which affirm the right of everyone — including the differently-abled — to take part in cultural life of the community.

While this treaty is an important part of overcoming the book famine that the blind have faced, the fact remains that there is far more that needs to be done to bridge the access gap faced by persons with disabilities, including the print disabled.

We need to ensure that globally we tackle societal and economic discrimination against the print disabled, as does the important issue of their education. This treaty is a small but important cog in a much larger wheel through which we hope to achieve justice and equity. And finally, blind people can stop being forced to wear an eye-patch and being pirates to get access to the right to read.

I also thank the WIPO Secretariat, Director General Francis Gurry, Ambassador Trevor Clark, Michelle Woods, and the WIPO staff for pushing transparency and inclusiveness of civil society organizations in these deliberations, in stark contrast to the way many bilateral and plurilateral treaties such as Anti-Counterfeiting Trade Agreement, the India-EU Free Trade Agreement, and the Trans-Pacific Partnership Agreement have been, and are being, conducted. I hope we see even more transparency, and especially non-governmental participation in this area in the future.

I call upon all countries, and especially book-exporting countries like the USA, UK, France, Portugal, and Spain to ratify this treaty immediately, and would encourage various rightholders organizations, and the MPAA who have in the past campaigned against this treaty and now welcome this treaty, to show their support for it by publicly working to get all countries to ratify this treaty and letting us all know about it.

I congratulate you all for the "Miracle of Marrakesh", which shows, as my late colleague Rahul Cherian said, "when people are demanding their basic rights, no power in the world is strong enough to stop them getting what they want".

For more details visit https://cis-india.org/a2k/blogs/cis-closing-statement-marrakesh-treaty-for-the-blind

Primer on the Treaty for the Visually Impaired

pranesh — 2013-06-25T08:47:18Z

In this primer, Pranesh Prakash and Puneeth Nagaraj explain what effects a WIPO Treaty for the Visually Impaired can have and who's opposing it.

A Primer on the provisions of the TVI and ongoing negotiations

The Treaty on Limitations and Exceptions for Visually Impaired Persons/Persons with Print Disabilities (“TVI” for short) is a landmark international instrument in recognizing the crucial link between copyright limitation and greater access to visually impaired persons / persons with print disabilities (“VIPs” for short). Below is a summary of the provisions of the Treaty and the benefit it will bring to VIPs, and the kinds of speed-bumps that rich countries are trying to place to make this treaty ineffective for the blind, the majority of whom live in poor countries.

1. Exceptions in Domestic Copyright Law

Currently, in most countries, only the owner of copyright to a particular book has the right to convert it into an “accessible format” (e.g. Braille, audio book, DAISY book, etc.). This treaty aims to create an exception to this rule by allowing print disabled persons, their representatives and non-profit ‘authorized entities’ the ability to convert books for the benefit of VIPs without seeking permission. The treaty would leave it up to each country whether their law will require such conversions to be paid or not since there is no uniformity on this question among countries that have national exceptions.

Opposition: The United States, European Union, France, Australia, Canada, and the publishing lobby have asked for multiple conditions for creation of accessible formats. They wish to confine this exception to non-profits, prevent translations, and ensure that books that are “commercially available” can be excluded, and require that countries who wish to use this exception have to comply with an onerous test called the “three step test”. Internationally, rights holders have zero formalities for gaining copyright (which, by international treaty, does not even have to be registered). But the rights holders want to ensure as many bureaucratic hurdles are put to exceptions as possible.

2. Cross-border Transfer of Accessible Works

One of the main purpose main purpose of the TVI is to increase the cross-boundary exchange of copyrighted works in accessible formats. According to the World Health Organisation, 87% of the visually impaired live in underdeveloped countries. Bangladesh and Swaziland, for instance, spend very little money on converting books, while in the USA, millions of dollars are spent both by the government and by charities. If this treaty is passed the way the World Blind Union and other pro-disability NGOs are asking, a blind girl from Bangladesh would be able register with a US-based site like Bookshare.org, after proving she’s blind, and just download the book she needs in a format that is accessible to her.

Opposition: The European Union and United States want make this non-mandatory. They also wish to restrict the ability of the Bangladeshi blind girl from accessing these books by allowing trade only between non-profit ‘authorized entities’. Unfortunately, many developing world countries (like Swaziland) don’t have any authorized entities to speak of, leaving blind people there stranded. For a treaty to be effective, individuals must be granted the right to import books as well. The European Union also wishes for a ‘commercial availability’ clause, meaning that if a book is ‘commercially available’ in the receiving country, then the authorized entity can’t export. In Europe itself there are almost no countries (with the UK being an exception) that have such a requirement when it comes to domestic conversions, but the EU still wants to ensure that as a requirement for poor countries. It is very difficult for an authorized entity located in the USA to determine in each and every case whether an accessible format of the book is ‘commercially available’ in the hundreds of countries they will receive requests from. Importantly, even a book priced exorbitantly or available only for those with expensive iPads may be considered ‘commercially available’, even if it is practically out of reach of the blind in the receiving country. This clause must go if the treaty is to be meaningful.

3. Digital locks

If digital locks (often called “Digital Rights/Restrictions Management” or DRMs) are used, then technologically, the blind can be restricted from enjoying a work which they have a legal right to access. For instance, Amazon has limited — at the behest of the Authors’ Guild of America — the ability of blind people to get their Kindle e-book readers to read aloud a book, and did so using digital locks. The TVI proposes that countries be required to ensure that the blind have effective access to books, even if they have digital locks.

Opposition: The United States and the publishing lobby is the biggest opponent of this provision. They have a system under which the blind are not required to automatically be granted the right to ‘circumvent’ the digital lock to make a book accessible even if they have bought an e-book, but have to granted permission to do so every three years by the government. The most recent three-yearly review found that the blind groups did not make out a strong enough case to justify granting them an exception, but thankfully this determination was overruled by the US Librarian of Congress. Thus the TVI must ensure that publishers cannot technologically impose restrictions on a book for the blind that they can’t do legally.

4. Translation

Another hot-button issue is the right to translation. Given that the biggest exporters of books, due to their colonial legacy, are USA, UK, France, and Spain, it is imperative that the blind in developing countries have access to these books in languages that they can understand. Very unfortunately, most of these languages are not profitable-enough markets for publishers to publish accessible translated books. Given this, it is necessary for charities to be able to make translations of accessible works specifically for the blind.

Opposition: The European Union and the publishing lobby is strongly opposing this, claiming that this will result in the blind having better access than the sighted. This is a false claim. A sighted student might have access to a translated book (made without an exception), but the blind student might not. For this has no merit as it ignores the social consequences of disability. This provision will merely bring the visually impaired to the same level as the rest of the population and not give them some illusory advantage.

For more details visit https://cis-india.org/a2k/blogs/primer-on-tvi

Indian surveillance laws & practices far worse than US

pranesh — 2013-07-12T11:09:39Z

Explosive would be just the word to describe the revelations by National Security Agency (NSA) whistleblower Edward Snowden.

Pranesh Prakash's column was published in the Economic Times on June 13, 2013. This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Now, with the American Civil Liberties Union suing the Obama administration over the NSA surveillance programme, more fireworks could be in store. Snowden's expose provides proof of what many working in the field of privacy have long known. The leaks show the NSA (through the FBI) has got a secret court order requiring telecom provider Verizon to hand over "metadata", i.e., non-content data like phone numbers and call durations, relating to millions of US customers (known as dragnet or mass surveillance); that the NSA has a tool called Prism through which it queries at least nine American companies (including Google and Facebook); and that it also has a tool called Boundless Informant (a screenshot of which revealed that, in February 2013, the NSA collected 12.61 billion pieces of metadata from India).

Nothing Quite Private

The outrage in the US has to do with the fact that much of the data the NSA has been granted access to by the court relates to communications between US citizens, something the NSA is not authorised to gain access to. What should be of concern to Indians is that the US government refuses to acknowledge non-Americans as people who also have a fundamental right to privacy, if not under US law, then at least under international laws like the Universal Declaration of Human Rights and the ICCPR.

US companies such as Facebook and Google have had a deleterious effect on privacy. In 2004, there was a public outcry when Gmail announced it was using an algorithm to read through your emails to serve you advertisements. Facebook and Google collect massive amounts of data about you and websites you visit, and by doing so, they make themselves targets for governments wishing to snoop on you, legally or not.

Worse, Indian-Style

That said, Google and Twitter have at least challenged a few of the secretive National Security Letters requiring them to hand over data to the FBI, and have won. Yahoo India has challenged the authority of the Controller of Certifying Authorities, a technical functionary under the IT Act, to ask for user data, and the case is still going on.

To the best of my knowledge, no Indian web company has ever challenged the government in court over a privacy-related matter. Actually, Indian law is far worse than American law on these matters. In the US, the NSA needed a court order to get the Verizon data. In India, the licences under which telecom companies operate require them to provide this. No need for messy court processes.

The law we currently have â€” sections 69 and 69B of the Information Technology Act â€” is far worse than the surveillance law the British imposed on us. Even that lax law has not been followed by our intelligence agencies.

Keeping it Safe

Recent reports reveal India's secretive National Technical Research Organisation (NTRO) â€” created under an executive order and not accountable to Parliament â€” often goes beyond its mandate and, in 2006-07, tried to crack into Google and Skype servers, but failed. It succeeded in cracking Rediffmail and Sify servers, and more recently was accused by the Department of Electronics and IT in a report on unauthorised access to government officials' mails.

While the government argues systems like the Telephone Call Interception System (TCIS), the Central Monitoring System (CMS) and the National Intelligence Grid (Natgrid) will introduce restrictions on misuse of surveillance data, it is a flawed claim. Mass surveillance only increases the size of the haystack, which doesn't help in finding the needle. Targeted surveillance, when necessary and proportional, is required. And no such systems should be introduced without public debate and a legal regime in place for public and parliamentary accountability.

The government should also encourage the usage of end-to-end encryption, ensuring Indian citizens' data remains safe even if stored on foreign servers. Merely requiring those servers to be located in India will not help, since that information is still accessible to American agencies if it is not encrypted. Also, the currently lax Indian laws will also apply, degrading users' privacy even more.

Indians need to be aware they have virtually no privacy when communicating online unless they take proactive measures. Free or open-source software and technologies like Open-PGP can make emails secure, Off-The-Record can secure instant messages, TextSecure for SMSes, and Tor can anonymise internet traffic.

http://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

For more details visit https://cis-india.org/internet-governance/blog/economic-times-june-13-2013-pranesh-prakash-indian-surveillance-laws-and-practices-far-worse-than-us

Computer Related Offences

pranesh — 2013-06-07T10:47:36Z

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both.

Explanation
For the purposes of this section,

the word “dishonestly” shall have the meaning assigned to it in section 24 of the Indian Penal Code;
the word “fraudulently” shall have the meaning assigned to it in section 25 of the Indian Penal Code.

For more details visit https://cis-india.org/internet-governance/resources/section-66-it-act.txt

Section 43 of the Information Technology Act

pranesh — 2013-06-07T10:37:04Z

Given below is the text of section 43 of the IT Act:

43. Penalty and compensation for damage to computer, computer system, etc.
If any person without permission of the owner or any other person who is incharge of a computer, computer system or computer network, or computer resource —

accesses or secures access to such computer, computer system or computer network;
downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;
damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
disrupts or causes disruption of any computer, computer system or computer network;
denies or causes the denial of access to any person authorised to access any computer, computer system or computer network by any means; (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made thereunder;
charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation to the person so affected.
destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
steel, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

Explanation.
For the purposes of this section:

"computer contaminant" means any set of computer instructions that are designed —
- to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or
- by any means to usurp the normal operation of the computer, computer system, or computer network;
"computer data base" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network;
"computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, daia or instruction is executed or some other event takes place in that computer resource;
"damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

For more details visit https://cis-india.org/internet-governance/resources/section-43-it-act.txt