Centre for Internet and Society

Who Minds the Maxwell's Demon (Revisiting Communication Networks through the Lens of the Intermediary)

sharath — 2013-03-05T07:37:37Z

A holistic reflection on information networks and it’s regulatory framework is possible only when the medium-specific boundary that has often separated the Internet and Telecom networks begins to dissolve, to objectively reveal points of contention in the communication network where the dynamics of network security and privacy are at large – namely, within the historic role of the intermediary at data/signal switching and routing nodes.

It is unfair to contextualize the history of the Internet without looking at how analog information networks like cable and wireless telegraph and later, the telephone, almost coincidentally necessitated the invention of automated networks for remote machine control and peer-to- peer communication over the Internet that promised to drastically reduce intermediary overheads. While the whole world was fraught in patent wars over wired private networks, the first nodes of the ‘open’ internet were built in a two-week global meeting of computer scientists who were flown down to simply prepare for ‘a public exhibition’ of the ARPANET in 1971.

While India only received it’s first telephone in New Delhi late into the 20^th century, “Telegraph Laws” to most of the Indian working class always remained an ominously urgent telegram that brought the news of a dear one who had taken seriously ill. And so, on a lateral note, it is apt to bring to light the life of one Mr Almond Brown Strowger, wherein the idea of an automatic telephone exchange was given birth to by the ‘business of death’.

The Automatic Telephone Exchange

Almond Strowger was an undertaker based in Missouri, in a town where there was yet another undertaker, who’s wife incidentally was an operator in the then manual telephone exchange. Strowger came to believe the reason he received fewer phone calls was that his business competitor’s wife ended up preferentially routing all callers seeking Strowger’s funeral services to her undertaker husband instead. Strowger conceived the initial idea in 1888 and patented ‘The Automatic Telephone Exchange’ in 1891. http://goo.gl/oieIJ

Popularly known as the ‘Strowger Switch’, the Step-by Step switch (SXS switch) consisted of two interfaces – One at the customer’s end that used telegraph keys (and later a rotary dial) to send a train of electric current pulses corresponding to the digits 0 -9 all the way to the exchange. The actual Strowger switch at the exchange, used an electromechanical device that could move vertically to select one of 10 contacts, and then rotated to select one of another 10 in each row – a total of 100 choices. Consequently was formed in 1892, the Strowger Automatic Telephone Exchange Company at Indiana with about 75 subscribers. Strowger later sold his patents for $10,000 in 1898 to the Automatic Electric Company, a competitor of Bell System’s Western Electric. His patents were eventually acquired by Bell systems for $2.5 million in 1916, showing just how much growth and investor interest the telephone industry had gained by then.

Switching Paradigms

The architecture of global communication was headed towards different ideals and directions. Most media historians contrast these methodologies into ‘circuit switching’ and ‘packet switching’, or a connection-oriented fault intolerant system on one hand and another connection-less fault tolerant protocol respectively, both of which were being developed concurrently. In reality however, a major driving factor were the stakeholders backing the infrastructure of the rapidly growing communication industry, who were looking for growing returns on their investments. And hence these parallel ramifications may also be looked at through the lens of closed proprietary and medium specific networks versus an open, shared, medium in-specific paradigm of information theory.

Circuit switching relied on an assured dedicated connection between 2 nodes, and was especially patronized by the industry that saw telecommunication as the latest fad in urban luxury (a key factor in the distinction of suburban areas as the affluent moved into urban areas that were ‘connected’ by telephone). Owners and manufacturers of the hardware infrastructure became the most significant stakeholders. The revenue model was based on the amount of time the network was used and hence was popular in analog voice telephone networks. The entire bandwidth of the channel was made available for the duration of the session along with a fixed delay between communicating nodes. Therefore, even if there was no information being transmitted during a session, the channel would not be made available to anyone else waiting to use it unless released by the previous party. Early telephone exchanges relied on manual labour to facilitate switching until the automated exchange came about.

Packet switching on the other hand, leaned towards the paradigm of shared bandwidth and resources, and more importantly approached communication with complete disregard to the medium of transmission, be it wired or wireless. Furthermore, it also disregarded the content, modality and form of communication with an objectified data-centric approach. Information to be transmitted was divided into structured “packets” or “capsules”. These packets were all ‘thrown’ into the shared network pool consisting of numerous other such packets, each with its own destination, to be carefully buffered, stored and forwarded by intermediary routers in the network. Apart from occasional packet loss, the time taken to send a message is indeterminate and is dependent on the overall traffic load on the network at any given time.

INTERFACE MESSAGE PROCESSOR and the ICCC ‘Hackathon’

Plans forged on into the early 1960s towards the development of an open architecture to enable network communication between computer systems, culminating in the invention of the ‘interface message processor’ that promised to herald the coming of an era of packet switching by enabling the ARPANET (Advanced Research Projects Agency Network), the first wide area packet switched network – and precursor to the world wide web as we know it today.

While the Information Processing Techniques Office (IPTO) had previously contracted Larry Roberts who in 1965 developed the first packet switched network between two computers , the TX-2 at MIT with a Q-32 in California, a growing need was felt to have a centralized terminal with access to multiple sites that would enable any computer to connect to any site. The first IMP was commissioned to be built by the engineering firm BBN (Bolt, Beranek and Newman, a professor student trio from MIT).

(The very first Interface Message Processor by BBN: Courtesy: http://goo.gl/tvo8n)

By 1971, the four original nodes that connected the ARPANET (viz, UCLA, Stanford Research Institute, University of Utah and University of California at Santa Barbara) had expanded to 15 nodes, but the lack of a common host protocol meant that a full-scale implementation and adoption of the ARPANET was far from complete. The time had come to allow the public to engage with the promising future that the Internet held. What entailed was the organization of first public International Conference on Computer Communication (1972) (http://goo.gl/PFhtL) under the umbrella of the IEEE Computer Society at the Hilton Hotel, Washington D.C. In many ways the event was the original version of a modern day new media art ‘hackathon’ and involved about 50 computer scientists who were flown in from around the globe alongside the likes of Vint Cerf and Bob Metcalfe. The deadline of a public demonstration provided the much-needed impetus to drive the network to functional completion. Exhibits included a variety of networked applications like the famed dialogue between the ‘paranoid patient’ chatbot PARRY and doctor ELIZA, motion control of the LOGO ‘Turtle’ across the network and remote access of digital files that were printed on paper locally. A milestone in distributed packet switching had been achieved and the stage had been set to compete with the archaic paradigm of circuit switched networks, even as delegates from AT&T (incidentally one of the funders of the event) watched on with the hope that the demonstration would run into a fatal glitch.

Who Minds the Maxwell's Demon

It may not be boldly evident from the vast corpus of policy research surrounding the regulation of communication networks (be it the issues of network security, privacy, anonymity, surveillance or billing systems) that key-points in the control system where dynamics play at large, are at the interfacing nodes and data/signal switches at either transceiver nodes as well as intermediary nodes. This is further underlined by the historical fact that the invention of the automatic telephone exchange was fuelled by the necessity to ensure a paradigm of unbiased circuit switching within the context of a networked business.

Just a glimpse at the number of patents that directly or indirectly refer to the Automatic Telephone Exchange patent shall bring to light myriad applications that range from “Linking of Personal Information Management Data”, “Universal Data Aggregation”, “Flexible Billing Architecture”, ”Multiple Data Store Authentication” , “Managing User to User Contact using Inferred Presence Detection” to various paradigms surrounding distributed systems for cache defeat detection, most of which are part of PUSH technology services that manage networked smartphone applications from instant messaging to email access. Other proposed systems for spectrum management and dynamic bandwidth allocation, such as policy alternatives to spectrum auction that entail frequency hopping at the transmitter level shall invariably depend on a centralized automated intermediary who shall in theory have transparent access to data flow. The role of routing intermediaries with specialized access, poses many interesting questions with regards to policy issues that surround network privacy and security.

This brings us back to the seemingly comical reference that this article makes to a mysterious entity named the ‘Maxwell’s Demon’. A thought experiment proposed by James Clerk Maxwell, involved a chamber of gas molecules at equilibrium that was divided into two halves along with a ‘door’ controlled by the “Maxwell’s Demon”. The demon had the ability to ‘open’ the door to allow faster than average molecules to enter one side of the chamber while slower molecules ended up on the other side of the chamber, causing the former side to heat up while the other side gradually cooled down, thereby establishing a temperature difference without doing any work, and thus violating the 2^nd Law of Thermodynamics. The parallel drawn in this article between networked switching intermediaries and the Maxwell’s demon does not go beyond this simple functional similarity.

However for the ambitious reader, it maybe interesting to note that ever since the invention of digital computers, scientists have actively pursued the paradox of Maxwell’s demon to revisit physical fundamentals governing information theory and information processing, which has involved analyzing the thermodynamic costs of elementary information manipulation in digital circuits – A study that probably constantly engages Google as they pump water through steel tubes to cool their million servers.

We shall save all this for another day, but on yet another related note, everytime say an email sent to an invalid address bounces back to your inbox as a “Mailer Daemon”, let it be known that the “Daemon” in Operating System terminology that refers to an invisible background process that the user has no control over, infact directly owes it’s etymology to the paradox of ‘Maxwell’s Demon’.

For more details visit https://cis-india.org/telecom/blog/who-minds-the-maxwells-demon

Nirmita Narasimhan

praskrishna — 2013-02-27T05:23:31Z

Nirmita Narasimhan works as a Policy Director at the Centre for Internet and Society in Bangalore.

For more details visit https://cis-india.org/accessibility/blog/nirmita-narasimhan.pdf

BigDog is Watching You! The Sci-fi Future of Animal and Insect Drones

maria — 2013-07-12T15:38:33Z

Do you think robotic aeroplanes monitoring us are scary enough? Wait until you read about DARPA´s new innovative and subtle way to keep us all under the microscope! This blog post presents a new reality of drones which is depicted in none other than animal and insect-like robots, equipped with cameras and other surveillance technologies.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

Just when we thought we had seen it all, the US Defence Advanced Research Projects Agency (DARPA) funded another controversial surveillance project which makes even the most bizarre sci-fi movie seem like a pleasant fairy-tale in comparison to what we are facing: animal and insect drones.

Up until recently, unmanned aerial vehicles (UAVs), otherwise called drones, depicted the scary reality of surveillance, as robotic pilot-less planes have been swarming the skies, while monitoring large amounts of data without people´s knowledge or consent. Today, DARPA has come up with more subtle forms of surveillance: animal and insect drones. Clearly animal and insect-like drones have a much better camouflage than aeroplanes, especially since they are able to go to places and obtain data that mainstream UAVs can not.

India´s ´DARPA´, the Defence Research and Development Organisation (DRDO), has been creating UAVs over the last ten years, while the Indian Army first acquired UAVs from Israel in the late 1990s. Yet the use of all UAVs in India is still poorly regulated! Drones in the U.S. are regulated by the Federal Aviation Administration (FAA), whilst the European Aviation Safety Agency (EASA) regulates drones in the European Union. In India, the Ministry of Civil Aviation regulates drones, whilst the government is moving ahead with plans to replace the Directorate General of Civil Aviation (DGCA) with a Civil Aviation Authority. However, current Indian aviation laws are vague in regards to data acquired, shared and retained, thus not only posing a threat to individual´s right to privacy and other human rights, but also enabling the creation of a secret surveillance state.

The DRDO appears to be following DARPA´s footsteps in terms of surveillance technologies and the questions which arise are: will animal and insect drones be employed in India in the future? If so, how will they be regulated?

BigDog/LS3

Apparently having UAVs flying above us and monitoring territories and populations without our knowledge or consent was not enough. DARPA is currently funding the BigDog project, which is none other than a drone dog, a four-legged robot equipped with a camera and capable of surveillance in disguise. DARPA and Boston Dynamics are working on the latest version of BigDog, called the Legged Squad Support System (LS3), which can carry 400 pounds of gear for more than 20 miles without refuelling. Not only can the LS3 walk and run on all types of surfaces, including ice and snow, but it also has ´vision sensors´ which enable it to autonomously maneuver around obstacles and follow soldiers in the battle field. The LS3 is expected to respond to soldiers' voice commands, such as 'come', 'stop' and 'sit', as well as serve as a battery charger for electronic devices.

BigDog/LS3 is undoubtedly an impressive technological advancement in terms of aiding squads with surveillance, strategic management and a mobile auxiliary power source, as well as by carrying gear. Over the last century most technological developments have manifested through the military and have later been integrated in societies. Many questions arise around the BigDog/LS3 and its potential future use by governments for non-military purposes. Although UAVs were initially used for strictly military purposes, they are currently also being used by governments on an international level for civil purposes, such as to monitor climate change and extinct animals, as well as to surveille populations. Is it a matter of time before BigDog is used by governments for ´civil purposes´ too? Will robotic dogs swarm cities in the future to provide ´security´?

Like any other surveillance technology, the LS3 should be legally regulated and current lack of regulation could create a potential for abuse. Is authorisation required to use a LS3? If so, who has the legal right to authorise its use? Under what conditions can authorisation be granted and for how long? What kind of data can legally be obtained and under what conditions? Who has the legal authority to access such data? Can data be retained and if so, for how long and under what conditions? Do individuals have the right to be informed about the data withheld about them? Just because it´s a ´dog´ should not imply its non-regulation. This four-legged robot has extremely intrusive surveillance capabilities which may breach the right to privacy and other human rights when left unregulated.

Humming Bird Drone


Source: HighTech Edge

TIME magazine recognised DARPA for its Hummingbird nano air vehicle (NAV) and named the drone bird one of the 50 best inventions of 2011. True, it is rather impressive to create a robot which looks like a bird, behaves like a bird, but serves as a secret spy.

During the presentation of the humming bird drone, Regina Dugan, former Director of DARPA, stated:

"Since we took to the sky, we have wanted to fly faster and farther. And to do so, we've had to believe in impossible things and we've had to refuse to fear failure."

Although believing in 'impossible things' is usually a prerequisite to innovation, the potential implications on human rights of every innovation and their probability of occurring should be examined. Given the fact that drones already exist and that they are used for both military and non-military purposes, the probability is that the hummingbird drone will be used for civil purposes in the future. The value of data in contemporary information societies, as well as government's obsession with surveillance for ´national security´ purposes back up the probability that drone birds will not be restricted to battlefields.

So should innovation be encouraged for innovation’s sake, regardless of potential infringement of human rights? This question could open up a never-ending debate with supporters arguing that it´s not technology itself which is harmful, but its use or misuse. However the current reality of drones is this: UAVs and NAVs are poorly regulated (if regulated at all in many countries) and their potential for abuse is enormous, given that ´what happens to our data happens to ourselves....who controls our data controls our lives.´ If UAVs are used to surveille populations, why would drone birds not be used for the same purpose? In fact, they have an awesome camouflage and are potentially capable of acquiring much more data than any UAV! Given the surveillance benefits, governments would appear irrational not to use them.

MeshWorms and Remote-Controlled Insects


Source: NY Daily News

Think insects are creepy? Now we can have a real reason to be afraid of them. Clearly robotic planes, dogs and birds are not enough.

DARPA´s MeshWorm project entails the creation of earthworm-like robots that crawl along surfaces by contracting segments of their bodies. The MeshWorm can squeeze through tight spaces and mold its shape to rough terrain, as well as absorb heavy blows. This robotic worm will be used for military purposes, while future use for ´civil purposes´ remains a probability.

Robots, however, are not only the case. Actual insects are being wirelessly controlled, such as beetles with implanted electrodes and a radio receiver on their back. The giant flower beetle´s size enables it to carry a small camera and a heat sensor, which constitutes it as a reliable mean for surveillance.

Other drone insects look and fly like ladybugs and dragonflies. Researchers at the Wright State University in Dayton, Ohio, have been working on a butterfly drone since 2008. Former software engineer Alan Lovejoy has argued that the US is developing mosquito drones. Such a device could potentially be equipped with a camera and a microphone, it could use its needle to abstract a DNA sample with the pain of a mosquito bite and it could also inject a micro RFID tracking device under peoples´ skin. All such micro-drones could potentially be used for both military and civil purposes and could violate individuals´ right to privacy and other civil liberties.

Security vs. Privacy: The wrong debate

09/11 was not only a pioneering date for the U.S., but also for India and most countries in the world. The War on Terror unleashed a global wave of surveillance to supposedly enable the detection and prevention of crime and terrorism. Governments on an international level have been arguing over the last decade that the use of surveillance technologies is a prerequisite to safety. However, security expert, Bruce Schneier, argues that the trade-off of privacy for security is a false dichotomy.

Everyone can potentially be a suspect within a surveillance state. Analyses of Big Data can not only profile individuals and populations, but also identify ‘branches of communication’ around every individual. In short, if you know someone who may be considered a suspect by intelligence agencies, you may also be a suspect. The mainstream argument “I have nothing to hide, I am not a terrorist’ is none other than a psychological coping mechanism when dealing with surveillance. The reality of security indicates that when an individual’s data is being intercepted, the probability is that those who control that data can also control that individual’s life. Schneier has argued that privacy and security are not on the opposite side of a seesaw, but on the contrary, the one is a prerequisite of the other. Governments should not expect us to give up our privacy in exchange for security, as loss of privacy indicates loss of individuality and essentially, loss of freedom. We can not be safe when we trade-off our personal data, because privacy is what protects us from abuse from those in power. Thus the entire War on Terror appears to waged through a type of phishing, as the promise of ´security´ may be bait to acquire our personal data.

Since the 2008 Mumbai terrorist attacks, India has had more reasons to produce, buy and use surveillance technologies, including drones. Last New Year´s Eve, the Mumbai police used UAVs to monitor hotspots, supposedly to help track down revellers who sexually harass women. The Chennai police recently procured three UAVs from Anna University to assist them in keeping an eye on the city´s vehicle flow. Raj Thackeray´s rally marked the biggest surveillance exercise ever launched for a single event, which included UAVs. The Chandigarh police are the first Indian police force to use the ´Golden Hawk´ - a UAV which will keep a ´bird´s eye on criminal activities´. This new type of drone was manufactured by the Aeronautical Development Establishment (one of DRDO's premier laboratories based in Bangalore) and as of 2011 is being used by Indian law enforcement agencies.

Although there is no evidence that India currently has any animal or insect drones, it could be a probability in the forthcoming years. Since India is currently using many UAVs either way, why would animal and/or insect drones be excluded? What would prevent India from potentially using such drones in the future for ´civil purposes´? More importantly, how are ´civil purposes´ defined? Who defines ´civil purposes´and under what criteria? Would the term change and if so, under what circumstances? The term ´civil purposes´ varies from country to country and is defined by many political, social, economic and cultural factors, thus potentially enabling extensive surveillance and abuse of human rights.

Drones can potentially be as intrusive as other communications surveillance technologies, depending on the type of technology they´re equipped with, their location and the purpose of their use. As they can potentially violate individuals´ right to privacy, freedom of expression, freedom of movement and many other human rights, they should be strictly regulated. In Europe UAVs are regulated based upon their weight, as unmanned aircraft with an operating mass of less than 150kg are exempt by the EASA Regulation and its Implementation Rules. This should not be the case in India, as drones lighter than 150kg can potentially be more intrusive than other heavier drones, especially in the case of bird and insect drones.

Laws which explicitly regulate the use of all types of drones (UAVs, NAVs and micro-drones) and which legally define the term ´civil purposes´ in regards to human rights should be enacted in India. Some thoughts on the authorisation of drones include the following: A Special Committee on the Use of All Drones (SCUAD) could be established, which would be comprised of members of the jury, as well as by other legal and security experts of India. Such a committee would be the sole legal entity responsible for issuing authorisation for the use of drones, and every authorisation would have to comply with the constitutional and statutory provisions of human rights. Another committee, the Supervisory Committee on the Authorisation of the Use of Drones (lets call this ´SCAUD´), could also be established, which would also be comprised by (other) members of the jury, as well as by (other) legal and security experts of India. This second committee would supervise the first and it would ensure that SCUAD provides authorisations in compliance with the laws, once the necessity and utility of the use of drones has been adequately proven.

It´s not about ´privacy vs. security´. Nor is it about ´privacy or security´. In every democratic state, it should be about ´privacy and security´, since the one cannot exist without the other. Although the creation of animal and insect drones is undoubtedly technologically impressive, do we really want to live in a world where even animal-like robots can be used to spy on us? Should we be spied on at all? How much privacy do we give up and how much security do we gain in return through drones? If drones provided the ´promised security´, then India and all other countries equipped with these technologies should be extremely safe and crime-free; however, that is not the case.

In order to ensure that the use of drones does not infringe upon the right to privacy and other human rights, strict regulations are a minimal prerequisite. As long as people do not require that the use of these spying technologies are strictly regulated, very little can be done to prevent a scary sci-fi future. That´s why this blog has been written.

For more details visit https://cis-india.org/internet-governance/blog/big-dog-is-watching-you

Analyzing Draft Human DNA Profiling Bill 2012

praskrishna — 2013-02-25T08:13:16Z

For more details visit https://cis-india.org/internet-governance/blog/draft-dna-profiling-bill-2012.pdf

Stop Press Carousel

praskrishna — 2013-03-06T04:27:15Z

The silent blocking of URLs by the DoT assaults freedom of expression.

Arindam Mukherjee's article was published in the Outlook on February 22, 2013. Sunil Abraham is quoted.

Five Questions

On what grounds did the DoT ask for a ban on the 55 Facebook URLs pertaining to Afzal Guru?
Why did the Gwalior court rush into blocking of 73 URLs related to IIPM even though the content was very old and clearly some of it was even prima facie non-defamatory?
Why is the Gwalior court order not being made public?
Why doesn’t DoT keep the whole process transparent by putting up all its block orders on its website, giving reasons in each case?
How many URLs in all has the DoT asked for a ban on so far?

***

It’s the perfect recipe for a potboiler—a sudden, mysterious and arbitrary blocking of web pages, sparked off by an irate ‘educationist’; several upset publications (Outlook included); a government department with a blocked web page; a ministry trying to figure out how to react to a court order that is at the root of all the action, but which no one has been able to see.

As the cliche goes, truth is often stranger than fiction—as the affected parties discovered on February 15. That’s when it became known that the government had sought to block 78 web pages, reportedly following an order from a court in Gwalior. Around 73 of these articles sought to be blocked are on the controversial Indian Institute of Planning and Management (IIPM), promoted by self-styled management guru Arindam Chaudhuri.

What has taken everyone by surprise is how the blocks were executed—in a clandestine manner, without informing the affected parties, without serving them a notice or a copy of the order, or giving them a chance to react or defend themselves. The enormity of the ban is evident from the list of websites targeted, which include The Economic Times, The Indian Express, The Wall Street Journal, FirstPost, Careers360, Rediff.com and Caravan. When it came to Outlook, there was a clear case of overreach, as not just the web pages, but the entire blogs area was blocked for more than eight hours (see Jump Cut).

What is even more surprising is the smokescreen that is being maintained over the Gwalior court order that has caused this consternation on the Internet. At the time of going to print, no one—the affected websites, authors, lawyers or activists—had access to the order or had seen it, and the government was evading media queries on details of the order and the case. Despite repeated requests, the head of the Computer Emergency Response Team (CERT), Gulshan Rai, did not speak to Outlook.

So, in the absence of the order, no one even knows who the complainant is. Significantly, IIPM’s Chaudhuri has said that one of his ‘channel partners’ approached the court, though he clearly is the chief beneficiary of the episode. What this entire episode serves up is a blatant use of the law to muzzle press criticism while the government and official machinery have been willy-nilly forced to become mute players.

This surreal, Kafkaesque scenario continues apace at Outlook’s website, where on protesting the block on its blogs, the ISP said, “As only some of the URLs are mentioned in the DoT letter, we have reactivated the website and requested you to delete the mentioned contents,” adding that they had “attached the DoT instructions alongwith”. What they had attached was not one but two DoT orders, both dated February 14. One was, of course, the order about the 78 URLs. The other order came as news: an order on 55 Facebook URLs on Afzal Guru that the DoT wanted blocked.

As expected, internet activists and advocates of freedom of speech are livid. Shivam Vij, founder of kafila.org, one of the blogs that was blocked in the IIPM matter, says, “We were never given a chance to defend or explain. If only the DoT had put up the notice on their website, there would have been a healthier debate on regulation or censorship. But this was done in an opaque and arbitrary manner. If a book is banned, everyone gets to know. Why was there so much secrecy here?”

The arbitrariness of the twin government action also stems from the new IT Act which authorises the government or a competent authority to block or take down content considered “harmful”. And, according to the law, there is no obligation on the authorities’ part to inform the defendants. Cyber law expert Apar Gupta says, “Under the blocking rules, there is nothing that says that a copy of the court order has to be given to the affected parties. The rules also do not talk about the authors being given a chance to explain. It permits ad interim injunction to block content.”

Says Nikhil Pahwa, internet activist and editor of Medianama, which first reported about the IIPM blocks, “It is not clear why the DoT has taken this cloak-and-dagger approach. These are legitimate issues being raised by people regarding IIPM and its students. This is an infringement on the freedom of speech and expression. The DoT should have executed the blocks in a transparent manner by sending the affected parties a copy of the court order and making it public.”

That’s important, because legal experts feel that full facts may not have been considered in the IIPM case. “For this kind of a blocking order, the content should have come to the notice of the plaintiff recently. In this case, most of the content was much older. But sometimes plaintiffs also do not provide full details in a case,” says Gupta. Lawyers also feel that the Gwalior court may not be equipped to deal with litigation on new technologies.

There are other issues. In the IIPM case, the issue is primarily of defamation. But it is not clear whether defamation was established in all the articles that were sought to be taken down, especially a University Grants Commission (UGC) notice. Thus, the evidence that was presented to the court is important. Once again, till the court order becomes public, no one will know who the complainant was or what evidence was presented. The temporary ban on UGC’s web page is particularly surprising—and this has been noted by Shashi Tharoor—considering it is an independent regulator. “The regulatory body’s job is to regulate and nobody considers its notice as defamatory,” says Parminder Jeet Singh of IT for Change, an organisation dealing with internet issues.

The real purpose of such exercises, say experts, is to create a scare and embroil people in the legal process so that the process itself becomes a punishment and acts as a deterrent to others to engage in such writing. And that is why such cases are filed in remote and unusual destinations like Gwalior, Silchar, Dehradun and Guwahati. “There is a concept of forum shopping and forum shifting where cases are filed at remote destinations and by asking for huge damages, an attempt is made to scare people away from free speech. There are also many bullies who use defamation to create a scare effect. IIPM seems to have pioneered forum shopping in India,” says Sunil Abraham, executive director of the Bangalore-based Centre for Internet and Society (CIS).

The problem, everyone agrees, stems from the faulty nature of the Information Technology Act, which is open to interpretation and misuse. Says Singh, “The law tries to cover everything under a single head. It does not look specifically at the nuances of new media and give an appropriate response. So it is misused.” It is time that DoT became transparent and stopped its arbitrary, covert war against freedom of expression.

For more details visit https://cis-india.org/news/outlook-feb-22-2013-arindam-mukherjee-stop-press-counsel

Knowledge Sharing through GLAM at Bangalore

praskrishna — 2013-02-18T05:37:46Z

A seminar for GLAM institutions (GLAM stands for Galleries, Libraries, Archives, and Museums) will be held in Bangalore on February 25, 2013, from 2 p.m. to 6 p.m. The program is supported by Wikimedia, Creative Commons and the Centre for Internet & Society.

Creative Commons

Creative Commons is a nonprofit organization that enables users to share their knowledge and creativity through free legal tools. They develop, support, and steward legal and technical infrastructure that maximizes digital creativity, sharing, and innovation.

Copyright laws were developed in a previous era where in protection was given to artists, authors, and other creators as a default. In this situation sharing requires a deliberate prior permission. In the internet era, so much of sharing of digital media is happening online, and these require tools that ensure prior permission, and control the level of use. The legal tools of Creative Commons enable controlled sharing.

Creative Commons licenses are not an alternative to copyright. They work alongside copyright and enable users to modify their copyright terms to best suit their needs.

What will users learn?

In this part of the seminar users will learn about:

Creative Commons as an organization
How the Creative Commons licenses work
How they relate to Open GLAM, and Wikimedia
What are the tools? How to choose them and use them
How can people selectively retain rights, while releasing some of it for free public use
Examples of how GLAM institutions are using CC
New business models and online communities
Other applications of CC

The speakers from Creative Commons have a long experience of discussing CC with GLAM institutions.

CC licensing also works for many other applications such as music, video, writing, and many other creative works. Open Education Resources, and Public Data are also some of the domains. The focus of the presentation will be on GLAM. However, people interested in other applications may also be able to take the opportunity to have discussions after the main presentation.

Who should attend the seminar?

The seminar would be of interests to:

Administrators of Public policy
Administrators of GLAM institutions
Art historians, Artists, Photographers, and Sculptors
Legal professionals
Bloggers, Authors, Editors, and Publishers.

Admission:

Admission is free to the public who register. Please bring a print copy of this registration page for admission.

Please visit the link to register: http://bit.ly/VZ8yIE

Location map of venue: http://goo.gl/maps/sYsxI

For more details visit https://cis-india.org/openness/events/knowledge-sharing-through-glam

One For All

nishant — 2013-03-04T04:13:06Z

The importance of making information accessible and universal.

Nishant Shah's column was published in the Indian Express on February 17, 2013.

In the late 1990s, when I was an undergraduate student studying English Literature, a professor asked me if I could volunteer to write exam papers for a student with visual impairment, Milind, who was one year my senior. It was my first encounter with a student with a visual challenge, and it changed my experience and understanding of education. I had always found comfort in the world of words and stories. When I first met Milind, I soon realised that he was being excluded from this world of reading and writing that I had taken for granted. With most of the prescribed textbooks not available in Braille and none of the reference material in libraries accessible, he was dependent on volunteers and disability support organisations to audio-record the texts so that he could access them. His library was made of audio-cassettes scratched from over-use, which did not offer him the options of re-visiting, annotating, and close-reading. And when I wrote the exams for him, writing as he dictated, I was left humbled and inspired by his strong commitment to educating himself. The phone call I received when he got his English Literature degree, and our celebratory dinner, remain one of my happiest memories as an undergraduate student.

That experience made me realise, for the first time the exclusivity of the world of books and print. While print and paper industries have helped democratise knowledge and provided us access to store and retrieve knowledge through ages and time, they are also technologies of exclusion. Reading has been so naturalised in our everyday life, that we have almost forgotten that it is a visual medium. A book is not easily accessible to people who do not have the privilege or capacity to be literate. A book can also exclude with jargon and dense languages, which are the stronghold of an elite few. And more than anything else, it stays, if you will excuse the pun, a closed book, to people with visual impairment.

Like many who might have encountered second-person disability, I have never done much to change our society. I might have done some volunteer work, or signed petitions for better infrastructure, but the interventions have been minimal and almost non-existent. I think about this today, because on February 7, 2013, one of the strongest and most powerful voices that has been fighting apathetic government systems, moribund policies and indifferent social attitudes towards visually challenged people, Rahul Cherian, died due to ill-health. Cherian, who was the co-founder of the Inclusive Planet Centre for Disability Law and Policy and a fellow at the Centre for Internet and Society, where I work, was a disability policy activist who realised the potential of the digital world, to make information and knowledge accessible to those who were previously discriminated against.

Cherian firmly believed that the digital interfaces would provide new access to information and knowledge to those who live with visual disability. If we implement global standards to ensure that the text on the internet can be read out loud by text-to-speech devices, we would have a new democratisation of information that allows people to engage with the Web. His spirit and enthusiasm was infectious as he resolutely worked at persuading technology developers and holding governments responsible for implementing accessibility protocols to make information in the digital age open.

He was committed to digitising printed resources in formats which allowed deeper engagement and manipulation of text through voice and keyboard-based controls. He fought against intellectual property right regimes which disallow books to be converted into formats that can be accessible to open source and free screen readers and text-to-speech engines. Cherian worked at collectively harnessing the powers of the digital towards building a just and inclusive society that made me recognise how deep-seated our blind spots are, when we look at the mainstream and the popular. His work made me understand that the battles for open knowledge and open access are not only economic in nature. That the digital book projects offer new inroads for those previously excluded, into the world of knowledge and information. I feel honoured to have shared conversations and working spaces with him, and know that his passing will leave a large hole, in the lives of those who knew him, as well as the political movement that demands better access for inclusion of people with disability.

Today, I want to take this moment of loss, to remind myself of something that sometimes gets forgotten — the digital technologies that we take for granted and often use just for fun, have a strong potential for social and political change. While it is great that the digital world has offered new spaces for content generation, information sharing, cultural production and social connection, it also has the potential to build safe, just and inclusive information societies. I don't know if we should buy into the rhetoric that the next global war is going to be around information, but we should remember that information is definitely worth fighting for and making accessible to all.

For more details visit https://cis-india.org/accessibility/blog/indian-express-feb-17-2013-nishant-shah-one-for-all

Wiki Meet-up in Bangalore: Talk by Vishnu Vardhan

praskrishna — 2013-02-11T06:22:56Z

Vishnu Vardhan, Director of Access to Knowledge team at CIS has been invited by the Bangalore SIG Chair. Vishnu will speak on the Access to Knowledge (Wikipedia) project. The talk is scheduled for February 25, 2013 at 2.00 p.m. in Bangalore.

Agenda

Wikimedia Projects
Access to Knowledge by Mr.Vishnu Vardhan, Director A2K, CIS
Guest Talk by Mr.Joe Justice, Founder WikiSpeed & Mr.Vibhu Srinivasan, MD, Solutions IQ
Audience address by Chief Guest, Mr.KS Viswanath, Vice President, Industry Initiatives, NASSCOM
Networking

KS Viswanath

Mr. K.S. Viswanathan, Vice President, Industry Initiatives, NASSCOM, has around 32 years of general management and leadership experience in the Indian business context, building key executive relationships and a strong customer capital in diverse business environment. His extensive work experience in the IT industry and social sector comprises of developing and executing operational strategies, managing customer engagement programs, and establishing models for customer acquisition and retention. Over the span of his career, Mr. Viswanathan has held strategic & leadership positions at Wipro, Dell, Azim Premji Foundation and Hilleman Laboratories. As the Head for India geography at Wipro Infotech (2003-2008), he led the positive transformation of and business landscape for Wipro in India. He was the first country manager for Dell in India in 2000 and was instrumental in establishing Dell’s direct business model in India. Mr. Viswanathan is a graduate from Birla Institute of Technology and Science (1979 batch). He holds a MBA in marketing from PSG College of Technology (1981 batch).

Vishnu Vardhan

Vishnu Vardhan is the Programme Director-Access to Knowledge at CIS since February 2013. His experience spans across academics, industry (media) and not-for-profit sectors. Over the last 11 years he has worked in various capacities as researcher, grant manager, teacher, project consultant, information architect and translator. Prior to joining CIS, Vishnu managed the Art, Crafts and Culture portfolio of the Sir Ratan Tata Trust (SRTT); where had spent 5 years in project conceptualization, management and assessment of quality and impact in the not-for-profit sector. Vishnu managed more than 30 projects and funds to the tune of Rs. 160 million. He also anchored SRTT’s automation and knowledge management activities. Vishnu worked as Research Coordinator at Centre for the Study of Culture and Society (CSCS), Bangalore where he a) coordinated the online M.A. in Cultural Studies; b) managed the Library Fellowship programme; c) conceptualized and coordinated national and international workshops and short-term courses in Media and Cultural Studies; and d) helped in building academic institutional partnerships. Vishnu is a superannuated doctoral candidate at the Centre for Media Research, University of Ulster and CSCS, Bangalore.

Joe Justice

Joe Justice (@WIKISPEED) Founder, CEO, WikiSpeed Joe's team tied for 10th place in the mainstream class of the 2010 Progressive Insurance Automotive X Prize, a $10 million challenge for 100+ MPG automobiles. WIKISPEED now uses agile processes to solve problems for social good. Joe has spoken to audiences at TEDx, Denver University, University of California Berkley, Google, The Bill and Melinda Gates Foundation, Rotary International, and others about social web application development, project methodology, and agile best practices. He is CEO of WIKISPEED and works at SolutionsIQ, a leading provider of Agile consulting, certified training, coaching, development, and Agile talent services, where he helps clients leverage Agile project management and team development methods to deliver solutions more reliably.

Vibhu Srinivasan

Vibhu Srinivasan (@vibhu_s) Managing Director, SolutionsIQ India Vibhu Srinivasan is an Entrepreneur, Agile Coach, Technologist and currently heads SolutionsIQ India. Vibhu has an extensive technology, process, and consulting background allowing him to work with a diverse set of clients and teams. Vibhu has been practicing agile practices since 1997 (officially called Agile only in 2001).He brings to his consulting, deep rooted passion and practices gained by working in the trenches with hundreds of developers on real projects. He is very passionate about software development and can code in multiple languages. He has helped many teams in their quest for agility. He is a CTO of a early stage start up in Seattle and has an MBA in strategic management from school of business Madison. He has a very solid understanding of building large scale scalable systems having participated in various roles over the years, most recently chief architect for a game, Lead for virtualization product at Microsoft and CTO of his own start-up. He has worked in financial, gaming, visualization domains to name a few. An entrepreneur by choice he is always busy building a company/product and is currently in India heading Solutions IQ a premier provider of Agile consulting and development services in the US.

Participants

Intended Audience

Anyone interested in Wikipedia (user, contributor or curious about it). Wikipedians from any part of India or the world and anyone who is interested in Wikipedia! Meetup is open to members of all Wikimedia projects and Wikipedians from all languages. All are welcome, and we are especially interested in seeing newcomers to join the experienced Wikipedians/Wikimedians. If you are interested in coming, please add your name below.

The full details can be accessed on the Wikipedia page

For more details visit https://cis-india.org/news/wiki-meet-up-bangalore

Report of Aaron Swartz Memorial Hacknight

zainab — 2013-03-02T13:32:25Z

On 19th and 20th January, HasGeek organized a hacknight to commemorate the life and works of Aaron Swartz. Zainab Bawa from HasGeek shares with us the developments.

Why host an Aaron Swartz memorial hacknight? In the aftermath of Aaron’s death, some people began expressing doubts, uncertanties and misinformed opinions about his activist causes. They questioned whether Aaron committed a ’crime’ by downloading articles from JSTOR and whether the means he used for liberating data were wrong in the first place. It was important to dispel these doubts and provide people with a better understanding about issues such as IT laws, copyright rules and access to information, and how these are implemented in different parts of the world.

Aaron had initiated several coding projects during his lifetime. Anand Chitipothu, who collaborated with Aaron at the Internet Archive and maintains his web.py framework, suggested that the hacknight could also be an opportunity where people get familiar with Aaron’s coding projects and work on some of them.

The hacknight: 87 people registered for the hacknight. Approximately 40 people turned up. Some participants proposed projects to liberate different kinds of public data such as electoral data, weather data, information about train timetables and crawling data from government and NIC websites. Developers worked on these projects to make the data searchable and usable.

Discussions during the hacknight: The hacknight started at 3 PM with a discussion about the life of Aaron Swartz and the political and legal implications of his coding projects and activism.

This discussion was led by Anand and Kiran Jonnalagadda of HasGeek.

Kiran gave an elaborate background about Aaron’s life starting with how he established RSS 1.0 as a standard and the collaboration between Aaron and Lawrence Lessig on using the RDF format for Creative Commons licensing, leading to Aaron’s work with Reddit and its acquisition by Condé Nast. Shortly after Reddit’s acquisition, Aaron left Reddit and began a career in activism. In this period, he started freeing data funded by public money which constitutionally belonged in the public domain. He published data from the catalogue of the Library of Congress and the US case law archives on the Internet Archive. Later, Aaron downloaded articles from JSTOR to release academic papers whose research was funded with public money. Before he could sift through the downloads, Aaron was caught by the police. He returned the hard disk containing the downloads. JSTOR and MIT did not pursue cases against him, but the United States government charged Aaron for breaking into the MIT campus and faking identity by changing the MAC address of his computer.

At the end of Kiran’s presentation, participants asked several questions about activism, what constitutes offensive speech, framework of IT laws in India, and the process of law-making.

At 5 PM, Sunil Abraham of the Centre for Internet and Society (CIS) joined the hacknight. He made a presentation about copyright laws, the Indian IT Act and Aaron’s work.

Sunil explained how Aaron believed in the importance of access to information by releasing data from copyright and thereby enabling freedom of expression. According to Sunil, Aaron Swartz is a very troublesome hero because his data liberation projects do not fall into one neat category. Moreover, the means he used for his activism are questioned by different activist groups. This makes it difficult to pinpoint exactly what one must credit Aaron for and what category of activism his work falls under.

After Sunil’s presentation, there was a half hour discussion about the scope of copyright laws in India, copyright exemptions and what constitutes copyright infringement. Participants agreed that the trouble lies with the broad interpretations of copyright and IT laws. This enables the state and private parties to target and harass a person, often on frivolous grounds.

Discussion about hacknight projects: At 6 PM, participants with project ideas and those who wanted to join projects gathered in the garden. Over tea and snacks, groups / pairs were formed. Participants reported two difficulties here:

There weren’t enough projects to choose from i.e., fewer problems to solve
Not everyone who proposed projects could break the problem down into tasks for individual team members to work on.

This affected participants’ motivation to stay through the night.

Web.py workshop: After the tea break, Anand conducted a workshop on web.py.

Some participants came to the hacknight mainly to attend this workshop. The code used in this workshop is available on github.com/anandology/webpy-workshop.

Anand also worked on the database module of web.py to decouple it and make it into a separate python module. This project requires more work before it is completed. The code is available at: http://github.com/anandology/sqlpy

Projects at the hacknight: A complete list of projects that participants worked on during the hacknight are available on the hacknight website. We talked with some of the teams and individual participants to understand their projects, the process they followed for solving the problems, and outcomes at the end of the hacknight.

Liberating electoral data: Arun Raghavan, an open source enthusiast, and four other participants (Arun K, Praveen, Mikul and Sumant) worked on scraping electorial data from http://ceokarnataka.kar.nic.in/. They planned to build a frontend which will make it easy for users to search their names and polling booth information. Currently, the electoral roll is published as a PDF document for each polling station along with a search form (which is unreliable and fails often) for individuals to find their names on the roll and the location of their polling station.

It was difficult to parse the data because the PDFs were not designed for machine readability. Hence, the team had to spend time understanding how to extract the text. The other problem was that the person’s name was written above the father’s name, but if the person’s name was very long, it overlapped the father’s name. This made it difficult to determine where the person’s name ended and where the father’s name began. The team managed to come up with a heuristic to distinguish between the person’s name and father’s name based on slight differences in the way the text was printed on each sheet.

Arun Raghavan and other team members used Python to parse data from the PDFs. They also tried extracting data by using the search form and saving results whenever it returned them (since it failed often). The search form required a JavaScript submit, so Praveen Kumar and Arun K learned to use casper.js to emulate a browser and extract data. Praveen also used casper.js to liberate his friend Aram Bhusal’s blog from Sulekha.com. Aram made a presentation about this at the January edition of the Bangalore JS meet.

At the end of the hacknight, the group almost managed to get a dump of an entire electoral roll. The project repositories:

Other data liberation projects:

Indexing Government websites by category of information: Elvis D’souza worked on crawling government websites and indexing them by category, for e.g., education, import-export trade, science and technology, etc. According to him, government websites contain lots of information including documents and spreadsheets. At the hacknight, Elvis completed the indexing process and ran some statistics about information contained in these websites. He eventually wants to build a portal where people can access this index and the documents.
Railway timetable data: Anand scraped data from the IRCTC website. Supreeth Srinivasmurthy worked with this data to plot a map. Bibhas Debnath also worked on the timetable data to build an API. A demo of this API is yet to be released.
Parsing weather data: Asok Padda converted weather data from HTML format to Excel sheets. Hourly weather data for all weather stations in India during 2012 is parsed and uploaded to Internet Archive: http://archive.org/details/www.imdaws.com-2012
Other projects: Kashyap Kondamundi started building an app which will help people to calculate the current values of their mutual funds. He built 70% of this app at the hacknight.

HasGeek has requested participants to post updates about their projects and share links to their code.

Overall achievements from the hacknight: Participants reported the following outcomes from the hacknight:

Learning about new libraries and their applications
Awareness about IT laws and copyright frameworks in India
Opportunity to meet and network with other coders who have an interest in data-related projects or working on new project ideas.

Participants appreciated Anand’s presence as a mentor during the hacknight. He interacted with the teams and helped them when they were stuck with their projects, either with his expertise in Python or by suggesting alternative ways of approaching the problem.

HasGeek thanks CIS for sponsoring the venue and providing logistical support during the hacknight.

For more details visit https://cis-india.org/openness/blog-old/hasgeek-blog-zainab-bawa-feb-6-2013-report-of-aaron-swartz-memorial-hacknight

A Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications

elonnai — 2013-07-12T15:40:51Z

This blog post is a comparison of the relevant Indian legislations allowing governmental access to communications and the Draft International Principles on Surveillance of Communications. The principles, first drafted in October 2012 and developed subsequently seeks to establish an international standard for surveillance of communications in the context of human rights.

This research was undertaken as part of the 'SAFEGUARDS' project that CIS is undertaking with Privacy International and IDRC.

The Centre for Internet and Society is contributing feedback to the drafting of the principles. The principles are still in draft form and the most recent version along with the preamble to the principles can be accessed at: http://necessaryandproportionate.net/

The Principles:

1. Principle - Legality: Any limitation to the right to privacy must be prescribed by law. Neither the Executive nor the Judiciary may adopt or implement a measure that interferes with the right to privacy without a previous act by the Legislature that results from a comprehensive and participatory process. Given the rate of technological change, laws enabling limitations on the right to privacy should be subject to periodic review by means of a participatory legislative or regulatory process.

Indian Legislation: In India there are two predominant legislations with subsequent Rules and Licenses that allow for access to communications by law enforcement and the government. Though the basic power of interception of communications are prescribed by law, the Rules and Licenses build off of these powers and create procedural requirements, and requirements for assistance.

The Indian Telegraph Act, 1885

The Indian Telegraph Amendment Rules 2007: These Rules are grounded in section 419A of the Indian Telegraph Act and establish procedures and safeguards for the interception of communications.
License Agreement for Provision of Unified Access Services After Migration from CMTS (UASL): This license is grounded in the Telegraph Act, and details what types of assistance service providers must provide to law enforcement and the government.
License Agreement for Provision of Internet Services: This license is grounded in the Telegraph Act, and details what types of assistance service providers must provide to law enforcement and the government.
The Information Technology Act, 2000
- Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules 2009: These Rules were notified in 2009 and allow authorized governmental agencies to intercept, monitor, and decrypt information generated, transmitted, received, or stored in any computer resource.
- Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules 2009: These Rules were notified in 2009 and allow authorized agencies to monitor and collect traffic data or information that is generated, transmitted, received or stored in any computer resource.

2. Principle - Legitimate Purpose: Laws should only allow access to communications or communications metadata by authorized public authorities for investigative purposes and in pursuit of a legitimate purpose, consistent with a free and democratic society.

Indian Legislation: In relevant Indian legislation there are no specific provisions requiring that access by law enforcement must be for a legitimate purpose and consistent with a free and democratic society. Instead, Indian legislation defines and lays out specific circumstances for which access would be allowed.

Below are the circumstances for which access is allowed by each Act, Rule, and License:

The TA Rules 2007: Interception is allowed in the following circumstances:

On the occurrence of any public emergency

In the interest of the public safety

In the interests of the sovereignty and integrity of India

The security of the state

Friendly relations with foreign states

Public order

Preventing incitement to the commission of an offence

ITA Interception and Monitoring Rules: Interception, monitoring, and decryption of communications is allowed in the following circumstances:

In the interest of the sovereignty or integrity of India,
Defense of India
Security of the state
Friendly relations with foreign states
Public order
Preventing incitement to the commission of any cognizable offence relating to the above
For investigation of any offence

ITA Monitoring of Traffic Data Rules: Monitoring of traffic data and collection of information is allowed for the following purposes related to cyber security:

Forecasting of imminent cyber incidents
Monitoring network application with traffic data or information on computer resources
Identification and determination of viruses or computer contaminant
Tracking cyber security breaches or cyber security incidents
Tracking computer resource breaching cyber security or spreading virus’s or computer contaminants
Identifying or tracking of any person who has breached, or is suspected of having breached or being likely to breach cyber security.
Undertaking forensic of the concerned computer resource as a part of investigation or internal audit of information security practices in the computer resource.
Accessing stored information for enforcement of any provisions of the laws relating to cyber security for the time being in force.
Any other matter relating to cyber security.

UASL License: Assistance must be provided to the government for the following reasons and times:

Reasons defined in the Telegraph Act. (Section 41.20 (xix))
National Security. (Section 41.20 (xvii))
To counteract espionage, subversive act, sabotage, or any other unlawful activity. (Section 41.1)
Trace nuisance, obnoxious or malicious calls, messages or communications transported through his/her equipment. (Section 40.4)
In the interests of security. (Section 41.7)
For security reasons. (Section 41.20 (iii))

ISP License: Assistance must be provided to the government for the following reasons and times:

To counteract espionage, subversive act, sabotage, or any other unlawful activity. (Section 34.1)
In the interests of security. (Section 34.4)
For security reasons. (Section 34.28 (iii))
Reasons defined in the Telegraph Act. (Section 35.2)

3. Principle - Necessity: Laws allowing access to communications or communications metadata by authorized public authorities should limit such access to that which is strictly and demonstrably necessary, in the sense that an overwhelmingly positive justification exists, and justifiable in a democratic society in order for the authority to pursue its legitimate purposes, and which the authority would otherwise be unable to pursue. The onus of establishing this justification, in judicial as well as in legislative processes, is on the government.

Indian Legislation: Relevant Indian legislation do not contain provisions mandating that access to communications must be demonstrably necessary, and do not give details of the criteria that authorizing authorities should use to determine if a request is a valid or not. Relevant Indian legislation does require that all directions contain reasons for the direction. Additionally, excluding the ITA Procedure and safeguard for Monitoring and Collecting Traffic Data or Information Rules, relevant Indian legislation requires that all other means for acquiring the information must be taken into consideration before a direction for access can be granted.

Below are summaries of the relevant provisions:

TA Rules 2007: Any order for interception issued by the competent authority must contain reasons for the direction (Section 2). While issuing orders for direction, all other means for acquiring the information must be taken into consideration, and directions can only be issued if it is not possible to acquire the information by any other reasonable means (Section 3).
ITA Interception and Monitoring Rules: Any direction issued by the competent authority must contain reasons for such direction (Section 7). The competent authority must consider the possibility of acquiring the necessary information by other means and the direction can be issued only when it is not possible to acquire the information any other reasonable means (Section 8).
ITA Traffic Monitoring Rules: Any direction issued by the competent authority must contain reasons for the direction (Section 3(3)).
UASL & ISP License: As laid out in the Telegraph Act and subsequent Rules.

4. Principle - Adequacy: Public authorities should restrain themselves from adopting or implementing any measure of intrusion allowing access to communications or communications metadata that is not appropriate for fulfillment of the legitimate purpose that justified establishing that measure.

Indian Legislation: In relevant Indian legislation there are provisions that require direction for access to be specific, but there are no provisions that specifically prohibit government agencies from collecting and accessing information that is not appropriate for fulfillment of the stated purpose of the direction.

5. Principle - Competent Authority: Authorities capable of making determinations relating to communications or communications metadata must be competent and must act with independence and have adequate resources in exercising the functions assigned to them.

Indian Legislation: In relevant Indian legislation it is required that directions for access to be authorized by "competent authorities". The most common authority for authorizing orders for access is the Secretary to the Government of India in the Ministry of Home Affairs, but authorization can also come from other officials depending on the circumstance. The fact that authorization for access to communications content is not from a judge has been a contested topic, as in many countries a judicial order is the minimum requirement for access to communication content. It is unclear from the legislation if adequate resources are assigned to the competent authorities.

Below are summaries of relevant provisions:

The TA Rules 2007: Under the Telegraph Act the authorizing authorities are:

The Secretary to the Government of India in the Ministry of Home Affairs at the Central Level
The Secretary to the State Government in charge of the Home Department in the case of the State Government.
In unavoidable circumstances an order for interception may only be made by an officer not below the rank of a Joint Secretary to the Government of India who has been authorized by the Union Home Secretary or the State Secretary.
In remote areas or for operational reasons where obtaining prior directions for interception is not feasible the head or the second senior most officer of the authorized security agency at the Central level and the officers authorized in this behalf and not below the rank of Inspector of General Police. (Section 1(2)).
ITA Interception and Monitoring Rules: Under the ITA Rules related to the interception, monitoring, and decryption of communications, the competent authorities for authorizing directions are:
- The Secretary in the Ministry of Home Affairs in case of the Central Government.
- The Secretary in charge of the Home Department, in case of a State Government or Union Territory.
- In unavoidable circumstances any officer not below the rank of the Joint Secretary to the Government of India who has been authorized by the competent authority.
- In remote areas or for operational reasons where obtaining prior directions is not feasible, the head or the second senior most officer of the security and law enforcement agency at the Central level or the officer authorized and not below the rank of the inspector General of Police or an officer of equivalent rank at the State or Union territory level. (Section 3).
ITA Monitoring and Collecting Traffic Data Rules: Under the ITA Rules related to the monitoring and collecting of traffic data, the competent authorities who can issue and authorize directions are:
- The Secretary to the Government of Indian in the Department of Information Technology under the Ministry of Communications and Information Technology. (Section 2(d)).
- An employee of an intermediary may complete the following if it is in relation to the services that he is providing including: accessing stored information from computer resource for the purpose of implementing information security practices in the computer resource, determining any security breaches, computer contaminant or computer virus, undertaking forensic of the concerned computer resource as a part of investigation or internal audit. Accessing or analyzing information from a computer resource for the purpose of tracing a computer resource or any person who has contravened or is suspected of having contravened or being likely to contravene any provisions of the Act that is likely to have an adverse impact on the services provided by the intermediary. (Section 9 (2)).
UASL & ISP License: As laid out in the Telegraph Act and subsequent Rules.

6. Principle - Proportionality: Public authorities should only order the preservation and access to specifically identified, targeted communications or communications metadata on a case-by-case basis, under a specified legal basis. Competent authorities must ensure that all formal requirements are fulfilled and must determine the validity of each specific attempt to access or receive communications or communications metadata, and that each attempt is proportionate in relation to the specific purposes of the case at hand. Communications and communications metadata are inherently sensitive and their acquisition should be regarded as highly intrusive. As such, requests should at a minimum establish a) that there is a very high degree of probability that a serious crime has been or will be committed; b) and that evidence of such a crime would be found by accessing the communications or communications metadata sought; c) other less invasive investigative techniques have been exhausted; and d) that a plan to ensure that the information collected will be only that information reasonably related to the crime and that any excess information collected will be promptly destroyed or returned. Neither the scope of information types, the number or type of persons whose information is sought, the amount of data sought, the retention of that data held by the authorities, nor the level of secrecy afforded to the request should go beyond what is demonstrably necessary to achieve a specific investigation.

Indian Legislation: In relevant Indian legislation there are no comprehensive provisions that ensure proportionality of the surveillance of communications but there are provisions that contribute to ensuring proportionality. These include provisions requiring: time frames for how long law enforcement can retain accessed and collected material, directions to be issued only after there are no other means for acquiring the information, requests to contain reasons for the order, the duration for which an order can remain in force to be limited, and requests to be for specified purpose based on a particular set of premises. All of these provisions are found in the Telegraph Rules issued in 2007 and the ITA Procedures and Safeguards for Interception, Monitoring, and Decryption of Information Rules. None of these requirements are found in the UASL or ISP licenses, and many are missing from the ITA Safeguards for Monitoring and Collecting Traffic Data or Information Rules.

Though the above are steps to ensuring proportionality, Indian legislation does not provide details of how the proportionality of requests would be measured as recommended by the principle. For example, it is not required that requests for access demonstrate that evidence of the crime would be found by accessing the communications or communications metadata sought, and that information only related directly to the crime will be collected. Furthermore, Indian legislation does not place restrictions on the amount of data sought, nor the level of secrecy afforded to the request.

Below is a summary of the relevant provisions:

TA Rules 2007:

Service providers shall destroy record pertaining to directions for interception of message within two months of discontinuing the interception. (Section 19).
Directions for interception should only be issued only when it is not possible to acquire the information by any other reasonable means. (Section 3).
The interception must be of a message or class of message from and too one particular person that is specified or described in the order or one particular set of premises specified or described in the order. (Section 4).
The direction for interception will remain in force for a period of 60 days, or 180 days if the directions are renewed. (Section 6).
ITA Interception and Monitoring Rules:
- Any direction issued by the competent authority must contain reasons for such direction. (Section 7).
- The competent authority must consider all other possibilities of acquiring the information by other means, and the direction can only be issued when it is not possible to acquire the information by any other reasonable means. (Section 8).
- The direction of interception, monitoring, or decryption of any information generated, transmitted, received, or stored in any computer resource etc., as may be specified or described in the direction. (Section 9).
- The directions for interception, monitoring, or decryption will remain in force for a period of 60 days, or 180 days if the directions are renewed. (Section 10).
ITA Traffic and Monitoring Rules:
- Any direction issued by the competent authority must contain reasons for such direction. (Section 3(3)).
- Every record including electronic records pertaining to such directions for monitoring or collection of traffic data shall be destroyed after the expiry of nine months by the designated officer. Except when the information is needed for an ongoing investigation, the person in charge of a computer resource shall destroy records within a period of six months of discontinuing the monitoring. (Section 8).

7. Principle - Due process: Due process requires that governments must respect and guarantee an individual’s human rights, that any interference with such rights must be authorized in law, and that the lawful procedure that governs how the government can interfere with those rights is properly enumerated and available to the general public.(9) While criminal investigations and other considerations of public security and safety may warrant limited access to information by public authorities, the granting of such access must be subject to guarantees of procedural fairness. Every request for access should be subject to prior authorization by a competent authority, except when there is imminent risk of danger to human life.(10)

Indian Legislation: In the relevant Indian legislation the only guarantee for due process is that every request for access must be subject to prior authorization by a competent authority.

TA Rules 2007:

All orders for interception must be issued by the Secretary to the Government of India in the Ministry of Home Affairs.
ITA Interception and Monitoring Rules:
- All orders for interception must be issued by the Secretary to the Government of India in the Ministry of Home Affairs.
ITA Monitoring of Traffic Rules:
- The Secretary to the Government of India in the Department of Information Technology under the Ministry of Communications and Information Technology is the competent authority for authorizing orders.

8. Principle - User notification: Notwithstanding the notification and transparency requirements that governments should bear, service providers should notify a user that a public authority has requested his or her communications or communications metadata with enough time and information about the request so that a user may challenge the request. In specific cases where the public authority wishes to delay the notification of the affected user or in an emergency situation where sufficient time may not be reasonable, the authority should be obliged to demonstrate that such notification would jeopardize the course of investigation to the competent judicial authority reviewing the request. In such cases, it is the responsibility of the public authority to notify the individual affected and the service provider as soon as the risk is lifted or after the conclusion of the investigation, whichever is sooner.

Indian Legislation: In relevant Indian legislation there are no provisions that require the government or service providers to notify the user that a public authority has requested his or her communication data.

9. Principle - Transparency about use of government surveillance: The access capabilities of public authorities and the process for access should be prescribed by law and should be transparent to the public. The government and service providers should provide the maximum possible transparency about the access by public authorities without imperiling ongoing investigations and with enough information so that individuals have sufficient knowledge to fully comprehend the scope and nature of the law, and when relevant, challenge it. Service providers must also publish the procedure they apply to deal with data requests from public authorities.

Indian Legislation: In relevant Indian legislation there are no requirements that access capabilities of the government and the process for access must be transparent to the public. Nor are service providers required to publish the procedure applied to handle data requests from public authorities.

10. Principle - Oversight: An independent oversight mechanism should be established to ensure transparency of lawful access requests. This mechanism should have the authority to access information about public authorities' actions, including, where appropriate, access to secret or classified information, to assess whether public authorities are making legitimate use of their lawful capabilities, and to publish regular reports and data relevant to lawful access. This is in addition to any oversight already provided through another branch of government such as parliament or a judicial authority. This mechanism must provide – at minimum – aggregate information on the number of requests, the number of requests that were rejected, and a specification of the number of requests per service provider and per type of crime. (11)

Indian Legislation: In relevant Indian legislation there are requirements for a review committee to be established. The review committee must meet on a bi-monthly basis and review directions to ensure that they are in accordance with the prescribed law. Currently, it is unclear from the legislation if the review committees have the authority to access information about public authorities’ actions, and currently the review committee does not publish aggregate information about the number of requests, the number of requests that were rejected, and a specification of the number of requests per service provider and per type of crime. These standards are recommended by the principle.

The relevant provisions are summarized below:

TA Rules 2007:

A review committee will be constituted by a state government that consists of a chief secretary, secretary of law, secretary to the state government. The review committee shall meet at least once in two months. If the committee finds that directions are not in accordance with the mandated provisions, then the committee can order the destruction of the directions. (Section 17). Any order issued by the competent authority must contain reasons for such directions and a copy be forwarded to the concerned review committee within a period of seven working days. (Section 2).
ITA Interception and Monitoring Rules:
- Any direction issued by the competent authority must be forwarded to the review committee within a period of seven working days from issuing. The review committee is the same as constituted under rule 419A of the Indian Telegraph Rules, 1951. The review committee must meet bi-monthly and determine whether directions are in accordance with the ITA Act. If the review committee finds that the directions are not in accordance with the Act, it may issue an order for the destruction of the copies of accessed information and set aside the directions. (Section 22).
ITA Traffic Monitoring Rules:
- Any direction issued by the competent authority must be forwarded to the review committee within a period of seven working days from issuing. The review committee is the same as constituted under rule 419A of the Indian Telegraph Rules, 1951. The review committee must meet bi-monthly and determine whether directions are in accordance with the ITA Act. If the review committee finds that the directions are not in accordance with the Act, it may issue an order for the destruction of the copies of accessed information and set aside the directions. (Section 7).

11. Principles - Integrity of communications and systems: It is the responsibility of service providers to transmit and store communications and communications metadata securely and to a degree that is minimally necessary for operation. It is essential that new communications technologies incorporate security and privacy in the design phases. In order, in part, to ensure the integrity of the service providers’ systems, and in recognition of the fact that compromising security for government purposes almost always compromises security more generally, governments shall not compel service providers to build surveillance or monitoring capability into their systems. Nor shall governments require that these systems be designed to collect or retain particular information purely for law enforcement or surveillance purposes. Moreover, a priori data retention or collection should never be required of service providers and orders for communications and communications metadata preservation must be decided on a case-by-case basis. Finally, present capabilities should be subject to audit by an independent public oversight body.

Indian Legislation: In relevant Indian legislation there are a number of security measures that must be put in place but these are predominantly actions that must be taken by service providers, and do not pertain to intelligence agencies. Furthermore, many provisions found in the ITA Procedure and Safeguards for Interception, Monitoring, and Decryption of Information Rules, and the ISP and UASL licenses include requirements for service providers to provide monitoring facilities and technical assistance, require information to be retained specifically for law enforcement purposes, and require service providers to comply with a-priori data retention mandates. In the ISP and UASL license, service providers are audited and inspected to ensure compliance with requirements listed in the license, but it unclear from the legislation if the access capabilities of government or governmental agencies are audited by an independent public oversight body. This standard is recommended by the principle.

Relevant provisions are summarized below:

TA Rules 2007: The service provider must put in place internal checks to ensure that unauthorized interception of messages does not take place. (Section 14) Service providers are also responsible for actions of their employees. In the case of unauthorized interception or a breach in security, service providers can be held liable for up to three years in prison, fines, and revocation of the service providers licenses depending on the nature and scale of the violation. (Section 20, 20A 21, 23).

ITA Interception and Monitoring Rules: The intermediary or person in charge of the computer resources must put in place adequate and effective internal checks to ensure that unauthorized interception of communications does not take place and extreme secrecy is maintained and utmost care and precaution taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary. (Section 20).

ITA Traffic Monitoring Rules: The intermediary or person in charge of the computer resources must put in place adequate and effective internal checks to ensure that unauthorized interception of communications does not take place and extreme secrecy is maintained and utmost care and precaution taken in the matter of interception or monitoring or decryption of information as it affects privacy of citizens and also that it is handled only by the designated officers of the intermediary. (Section 5&6).

UASL License: The intermediary or service provider is responsible for ensuring the protection of privacy of communication and to ensure that unauthorized interception of messages does not take place. (Section 39.1, Section 39.2, Section 41.4).

ISP License: The ISP has the responsibility of ensuring that unauthorized interception of messages does not take place. (Section 32.1) The ISP must take all necessary steps to safeguard the privacy and confidentiality of an information about a third party and its business and will do its best endeavor to ensure that no information, except what is necessary is divulged, and no employee of the ISP seeks information other than is necessary for the purpose of providing service to the third party. (Section 32.2) The ISP must also take necessary steps to ensure that any person acting on its behalf observe confidentiality of customer information. (Section 32.3).

Provisions requiring the provision of facilities, assistance, and retention:

ITA Interception and Monitoring Rules:

The intermediary must provide all facilities, co-operation for interception, monitoring, and decryption of information mentioned in the direction (Section 13(2)).
If a decryption direction or copy is handed to the decryption key holder to whom the decryption direction is addressed by the nodal officer, the decryption key holder must disclose the decryption key or provide the decryption assistance. (Section 17).

ITA Monitoring of Traffic Rules:

The intermediary must extend all facilities, co-operation and assistance in installation, removal and testing of equipment and also enable online access to the computer resource for monitoring and collecting traffic data or information. (Section 4(7)).

UASL License:

The service provider cannot employ bulk encryption equipment in its network, and any encryption equipment connected to the licensee’s network for specific requirements must have prior evaluation an approval of the licensor. (Section 39.1).
The service provider must provide all tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through the equipment and network to authorized officers of the government for purposes of national security.(Section 40.4).
Suitable monitoring equipment as may be prescribed for each type of system used will be provided by the service provider for monitoring as and when required by the licensor. (Section 41.7).
The designated person of the Central/State Government as conveyed to the Licensor from time to time in addition to the licensor or its nominee shall have the right to monitor the telecommunication traffic in every MSC/Exchange/MGC/MG. The service provider must make arrangements for the monitoring of simultaneous calls by Government security agencies. In case the security agencies intend to locate the equipment at the service provider’s premises for facilitating monitoring, the service provider should extend all support in this regard including space and entry of the authorized security personnel. The interface requirements as well as features and facilities as defined by the licensor should be implemented by the service provider for both data and speech. Presently, the service provider should ensure suitable redundancy in the complete chain of monitoring equipment for trouble free operations of monitoring of at least 210 simultaneous calls for seven security agencies. (Section 41.10).
The service provider must also make the following records available: called/calling party mobile/PSTN numbers, Time/date and duration of interception, location of target subscribers, telephone numbers if any call-forwarding feature has been invoked by the target subscriber, data records for even failed attempts, and call data record of roaming subscribers. (Section 41.10).
The service provider shall provide the facility to carry out surveillance of Mobile Terminal activity within a specified area. (Section 41.11).
The complete list of subscribers must be made available by the service provider on their website to authorized intelligence agencies. This list must be updated on a regular basis. Hard copies of the list must also be made available to security agencies when requested. (Section 41.14). The database of subscribers must also be made available to the licensor or its representatives. (Section 41.16).
The service provider must maintain all commercial records with regard to the communications exchanged on the network. All records must be archived for at least one year. (Section 41.17).
Calling Line Identification must be provided and the network should also support Malicious Call Identification. (Section 41.18).
Information about bulk connections must be forwarded to the VTM Cell of DoT, DDG (Security) DoT, and any other officer authorized by the Licensor from time to time as well as Security Agencies on a monthly basis (Section 41.19).
Subscribers having CLIR should be listed in a password protected website with their complete address and details so that authorized Government agencies can view or download for detection and investigation of misuse. (Section 41.19(iv)).
The service provider must provide traceable identities of their subscribers. If the subscriber is roaming from another foreign company, the Indian Company must try to obtain traceable identities from the foreign company as part of its roaming agreement. (41.20 (ix)).
On request by the licensor or any other agency authorized by the licensor, the licensee must be able to provide the geographical location (BTS location) of any subscriber at any point of time. (41.20 (x))
Suitable technical devices should be made available at the Indian end to designated security agency/licensor in which a mirror image of the remote access information is available on line for monitoring purposes. (41.20 (xiv)).
A complete audit trail of the remote access activities pertaining to the network operated in India should be maintained for a period of six months and provided on request to the licensor. (Section 41.20 (xv)).
For monitoring traffic, the service provider should provide access of their network and other facilities as well as to books of accounts to the security agencies. (Section 41.20 (xx)).

ISP License:

The ISP must ensure that Bulk Encryption is not deployed by ISPs. Individuals/groups /organizations can use encryption up to 40 bit key length without obtaining permission from the licensor. If encryption equipments higher than this limit are deployed, individuals/groups/organizations must obtain prior written permission from the licensor and deposit the decryption key. (Section 2.2(vii)).
The ISP must furnish to the licensor/TRAI on demand documents, accounts, estimates, returns, reports, or other information. (Section 9.1).
The ISP will provide tracing facilities to trace nuisance, obnoxious or malicious calls, messages or communications transported through his equipment and network when such information is necessary for investigations or detection of crimes and in the interest of national security. (Section 33.4).
The ISP will provide the necessary facilities for continuous monitoring of the system, as required by the licensor or its authorized representatives. (Section 30.1).
The ISP shall provide necessary facilities depending upon the specific situation at the relevant time to the Government to counteract espionage, subversive acts, sabotage or any other unlawful activity. (Section 34.1).
In the interests of security, suitable monitoring equipment as may be prescribed for each type of system used, which will be provided by the licensee. (Section 34.4).
The designated person of the Central/State Government or its nominee will have the right to monitor the telecommunication traffic. The ISP will make arrangements for monitoring simultaneous calls by Government security agencies. (Section 34.6).
The ISP must install infrastructure in the service area with respect to: Internet telephony services offered by the ISP for processing, routing, directing, managing, authenticating the internet telephony calls including the generation of Call Details Record (CDR), called IP address, called numbers, date , duration, time and charges of internet telephony calls. (Section 34.7).
ISPs must maintain a log of all users connected and the service that they are using (mail, telnet, http etc.). The ISPs must log every outward login or telnet through their computers. These logs as well as copies of all the packets originating from the Customer Premises Equipment of the ISP must be made available in real time to the Telecom Authority. (Section 34.8).
The ISP should provide the facility to carry out surveillance of Mobile Terminal activity within a specified area. (Section 34.9).
The complete list of subscribers must be made available by the ISP on their website so that intelligence agencies can obtain the subscriber list at any time. (Section 34.12).
The list of Internet leased line customers and sub-costumers must be placed on a password protected website with the following information: Name of customer, IP address allotted, bandwidth provided, address of installation, date of installation, contact person with phone number and email. This information should be accessible to authorized Government agencies. (Section 34.13).
Monitoring of high UDP traffic value and to check for cases where upstream UDP traffic is similar to downstream UDP traffic and monitor such customer monthly with physical verification and personal identity. (Section 34.15).
The licensor will have access to the database relating to the subscribers of the ISP. The ISP must make available at any instant the details of the subscribers using the service. (Section 34.22).
The ISP must maintain all commercial records with regard to the communications exchanged on the network for at least one year and will be destroyed unless directed otherwise. (Section 34.23).
Every international gateway with a route/switch having a capacity of 2Mbps must be equipped with a monitoring Centre at the cost of the ISP. The cost of meeting the requirements of the security agencies, the cost of maintenance of the monitoring equipment and infrastructure must be borne by the ISP. (Section 34.27 (a(i)).
Office space of 10 by 10 feet with adequate power supply and air-conditioning must be provided by the ISP free of cost. (Section 34.27 (a(ii)) One local exclusive telephone must be made available by the ISP at the monitoring centre at the cost of the ISP. (Section 34.27 (a(iii)).
Each route/switch of the ISP should be connected by the LAN operating at the same speed as the router/switch; the monitoring equipment will be connected to this network. (Section 34.27 (a(v)).
The ISP must provide traceable identity of their subscribers. In the case of roaming subscribers the ISP must try to obtain the traceable identity of roaming subscribers from the foreign company. (Section 34.27 (ix)).
On request of the licensor or any other authorized agency, the ISP must be able to provide the geographical location of any subscriber (BTS location of wireless subscriber) at a given point of time. (Section 34.27 (x)).
Suitable technical devices should be made available to designated security agencies in which a mirror image of the remote access information is available on line for monitoring purposes. (Section 34.27 (xiv)).
A complete audit trail of the remote access activities pertaining to the network operated in India should be maintained for a period of six months and provided on request. (Section 34.27 (xv)).
ISPs must provide access of their network and other facilities, as well as books to security agencies. (Section 34.27 (xx)).

12. Principle - Safeguards for international cooperation: In response to changes in the flows of information and the technologies and services that are now used to communicate, governments may have to work across borders to fight crime. Mutual legal assistance treaties (MLATs) should ensure that, where the laws of more than one state could apply to communications and communications metadata, the higher/highest of the available standards should be applied to the data. Mutual legal assistance processes and how they are used should also be clearly documented and open to the public. The processes should distinguish between when law enforcement agencies can collaborate for purposes of intelligence as opposed to sharing actual evidence. Moreover, governments cannot use international cooperation as a means to surveil people in ways that would be unlawful under their own laws. States must verify that the data collected or supplied, and the mode of analysis under MLAT, is in fact limited to what is permitted. In the absence of an MLAT, service providers should not respond to requests of the government of a particular country requesting information of users if the requests do not include the same safeguards as providers would require from domestic authorities, and the safeguards do not match these principles.

Indian Legislation: India currently has signed 32 MLAT treaties with other countries, each with its own provisions and conditions relating to access to information. The provisions of the Information Technology Act 2000 apply to any contravention of the Act that is committed outside of India, thus the Rules related to interception, monitoring, decryption etc. would apply to any contravention of the Act outside of India. The provisions of the Indian Telegraph Act only apply to communications within India, but the licenses do specify when information held by service providers cannot be transferred across borders.

Below is a summary of the relevant provisions:

ITA 2000: The Act will extend to the whole of India, and applies to any offence or contravention committed outside India by any person. (Section 1(2))

UASL License: The service provider cannot transfer any accounting information relating to the subscriber or user information to any person or place outside of India (this does not restrict a statutorily required disclosure of financial nature. (section (41.20 (viii))

ISP License: For security reasons, domestic traffic of such entities as identified by the licensor will not be hauled or route to any place outside of India. (Section 34.28 (iii)) ISPs shall also not transfer accounting information relating to the subscriber or user information to any person or place outside of India (this does not restrict a statutorily required disclosure of financial nature) (Section 34.28 (viii))

13. Principle - Safeguards against illegitimate access: To protect individuals against unwarranted attempts to access communications and communications metadata, governments should ensure that those authorities and organizations who initiate, or are complicit in, unnecessary, disproportionate or extra-legal interception or access are subject to sufficient and significant dissuasive penalties, including protection and rewards for whistleblowers, and that individuals affected by such activities are able to access avenues for redress. Any information obtained in a manner that is inconsistent with these principles is inadmissible as evidence in any proceeding, as is any evidence derivative of such information.

Indian Legislation: Though relevant Indian legislation does provide penalty for unauthorized interception or access, the penalty applies only to service providers, and does not hold governmental agencies responsible. Currently there are no avenues of redress for the individual, and there are no protections or rewards for whistleblowers. Both of these safeguards are recommended by the principle.

The relevant provisions are summarized below:

TA Rules 2007: The Telegraph Act: The service provider must put in place internal checks to ensure that unauthorized interception of messages does not take place. (Section 14) Service providers are also responsible for actions of their employees. In the case of unauthorized interception or a breach in security on the part of the service provider, service providers can be held liable with penalty of imprisonment from 1 to 3 years and or a fine of rs.500 – 1000 depending on the exact violation. (Section 20, 20A, 23, and 24 Indian Telegraph Act).

ITA Interception and Monitoring Rules: The intermediary must be responsible for the actions of their employees and in the case of violation pertaining to the maintenance of secrecy and confidentiality of intercepted material or unauthorized interception, monitoring, or decrypting of information – the intermediary will be held liable under the relevant provisions of the laws in force. (Section 21).

ITA Traffic Monitoring Rules: The intermediary must be responsible for the actions of their employees and in the case of violation pertaining to the maintenance of secrecy and confidentiality of intercepted material or unauthorized interception, monitoring, or decrypting of information – the intermediary will be held liable under the relevant provisions of the laws in force. (Section 6).

UASL License:

In order to maintain privacy of voice and data, monitoring must be done in accordance with the 2007 Rules established under the Indian Telegraph Act, 1885. (Section 41.20 (xix)).
Any damage arising from the failure of the service provider to provider tracing assistance to the government for purposes of national security is payable by the service provider. (Section 40.4).

ISP License:

In order to maintain the privacy of voice and data, monitoring can only be carried out after authorization by the Union Home Secretary or Home Secretaries of the State/Union Territories. (Section 34.28 (xix)).
The ISP indemnifies the licensor against all actions brought against the licensor for breach of privacy or unauthorized interruption of data transmitted by the subscribers. (Section 8.4).
Any damages that occur from non-compliance on the part of the ISP must be paid by the ISP. (Section 33.4).

14. Principle - Cost of surveillance: The financial cost of providing access to user data should be borne by the public authority undertaking the investigation. Financial constraints place an institutional check on the overuse of orders, but the payments should not exceed the service provider’s actual costs for reviewing and responding to orders, as such would provide a perverse financial incentive in opposition to user’s rights.

Indian Legislation: In India, the ISP and the UASL licenses specifically state that the cost of providing facilities must be borne by the service provider. Though the ITA Interception and Monitoring Rules do require intermediaries to provide facilities, it is not clear from the Rules where the burden of the cost will fall. Currently, there are no requirements that the cost of access to user data should be borne by the public authority undertaking the investigation. This standard is recommended by the principle.

Below are summaries of relevant provisions:

UASL License:

Any damage arising from the failure of the service provider to provider tracing assistance to the government for purposes of national security is payable by the service provider. (Section 40.4).
Suitable monitoring equipment as may be prescribed for each type of system used will be provided by the service provider for monitoring as and when required by the licensor. (Section 41.7).
The hardware and software required for the monitoring of calls must be engineered, provided/installed, and maintained by the service provider at the service providers cost. However the respective Government instrumentality must bear the cost of the user end hardware and leased line circuits from the MSC/Exchange/MGC/MG to the monitoring centers to be located as per their choice in their premises. (Section 41.10).
The service provider must ensure that the necessary provision (hardware/software) is available in their equipment for doing the Lawful Interception and monitoring from a centralized location. (Section 41.20 (xvi)).
ISP License:
- Any damages that occur from non-compliance on the part of the ISP must be paid by the ISP. (Section 33.4).
- The hardware at the ISP end and the software required for monitoring of calls must be engineered, provided/installed, and maintained by the ISP. (Section 34.7).
- Every international gateway with a route/switch having a capacity of 2Mbps must be equipped with a monitoring Centre at the cost of the ISP. The cost of meeting the requirements of the security agencies, the cost of maintenance of the monitoring equipment and infrastructure must be borne by the ISP. (Section 34.27 (a(i)).
- Office space of 10 by 10 feet with adequate power supply and air-conditioning must be provided by the ISP free of cost. (Section 34.27 (a(ii)) One local exclusive telephone must be made available by the ISP at the monitoring centre at the cost of the ISP. (Section 34.27 (a(iii)).

For more details visit https://cis-india.org/internet-governance/blog/comparison-of-indian-legislation-and-draft-principles-on-surveillance-of-communications

January 2013 Bulletin

praskrishna — 2013-06-11T11:56:35Z

We at the Centre for Internet & Society (CIS) wish you all a great year ahead and welcome you to the first issue of our newsletter for the year 2013. This issue brings you an overview of our research programs, events organised and participated, news and media coverage, and videos of recent events.

Jobs

CIS is seeking applications for the posts of Programme Officer (Access to Knowledge — Indic Language Initiatives), Developer (NVDA Project), Programme Officer (Access to Knowledge and Openness), and Programme Officer (Internet Governance). To apply send your resume to sunil@cis-india.org and pranesh@cis-india.org. For our Privacy project, we are seeking applications for the post of Researcher, Technology/Security Expert, Graphic Designer as well as for internships. To apply for these posts, please send in your resume to Elonnai Hickok (elonnai@cis-india.org).

Accessibility

CIS is carrying out two projects in partnership with the Hans Foundation. The first one is to create a national resource kit of state-wise laws, policies and programmes on issues relating to persons with disabilities in India and the second one is for developing a screen reader and text to speech synthesizer for Indian languages. We are also working with the World Blind Union to develop the Treaty for Improved Access for Blind, Visually Impaired and other Reading Disabled Persons, and assisting in the negotiations at WIPO:

National Resource Kit for Persons with Disabilities

Anandhi Viswanathan from CIS and Manojna Yeluri from the Centre for Law and Policy Research are working in this project. Shruti Ramakrishnan has left the project. Draft chapters have been published. Feedback and comments are invited from readers for the chapter on Haryana:

The Haryana Chapter (by Anandi Viswanathan, January 31, 2012): The state implements the provisions under the central laws, particularly the Persons with Disabilities (Equal Opportunities, Protection of Rights and Full Participation) Act 1995 and the National Trust for Welfare of Persons with Autism, Cerebral Palsy, Mental Retardation and Multiple Disabilities Act 1999.

Submission / Notification

Making Public Libraries Accessible to People with Disabilities (by Rahul Cherian, January 23, 2013): CIS was one of the 20 disability rights groups that wrote to the Ministry of Culture.
Government of Madhya Pradesh initiates ICT Accessibility in Public Communication (by Nirmita Narasimhan, January 31, 2013): CIS with Daisy Forum of India member Arushi in Bhopal submitted a request for a notification mandating that all communication by the Government of Madhya Pradesh should be accessible to persons with disabilities.

Report

Accessible Broadcasting in India (by Srividya Vaidyanathan, January 11, 2013): The abridged version of ITU’s report "Making Television Accessible" which was initially put up for comments last year has been updated once again.

Blog Entry

Linking Commercial Availability and Exceptions in the Treaty for Visually Impaired/Persons with Disabilities (by Rahul Cherian, January 23, 2013).

Access to Knowledge

In partnership with the International Development Research Centre we are doing a project on Pervasive Technologies examining the relationship between production of pervasive technologies and intellectual property. The Wikimedia Foundation’s India Program to support and develop free knowledge in India is now being executed by us. We are also supporting the Iraq government in developing an eGovernment Interoperability Framework:

Wikipedia

Beginning from September 1, 2012, Wikimedia Foundation has awarded CIS a two-year grant of INR 26,000,000 to support and develop free knowledge in India. The A2K team consists of four members based in Delhi: T. Vishnu Vardhan, Nitika Tandon, Subhashish Panigrahi and Noopur Raval.

New Project Director

T. Vishnu Vardhan is the new Programme Director-Access to Knowledge at CIS. Vishnu has over the last 11 years worked in various capacities as researcher, grant manager, teacher, project consultant, information architect and translator. Vishnu managed the Art, Crafts and Culture portfolio of Sir Ratan Tata Trust and also worked as Research Coordinator at the Centre for the Study of Culture and Society.

New Distinguished Fellow at CIS

Tejaswini Niranjana, a Senior Fellow at the Centre for the Study of Culture and Society (CSCS), Bangalore, and Visiting Professor at the Tata Institute of Social Sciences (TISS), Mumbai is joining our team as an Adviser to the 'Access to Knowledge' project. She will guide the A2K team in expanding the Indian language Wikipedias and in increasing the number of active editors through strategic partnerships with Higher Education institutions across India.

Reports

Access to Knowledge Report — September to December 2012 (by Noopur Raval, January 31, 2013): The report covers an overview of the activities done by the Access to Knowledge team under the grant provided by the Wikimedia Foundation from September 2012 to December 2012.
Indic Language Wikipedias — Statistical Report — 2012 (by Shiju Alex, January 21, 2013): A statistical update of the Indic language Wikipedias for the year 2012 providing perspectives on the health of various Indic language communities as well as the state of various Indic language wikipedias.

Wiki Event Reports
CIS organised a series of Wiki workshops in Goa in the month of December 2012, we bring you the reports from those events.

Note: The workshops were held in the month of December 2012 but the reports were published only in the month of January.

Two-day Wiki Workshop in Goa University: An Introduction (by Nitika Tandon, January 15, 2013).
Wikipedia in St. Xavier's College, Mapusa, Goa (by Nitika Tandon, January 19, 2013).
Bringing Konkani Encyclopedia in Public Domain (by Nitika Tandon, January 22, 2013).
Promoting GLAM in Goa (by Nitika Tandon, January 24, 2013).
Konkani in Wikipedia Incubator — Taking it to the Next Level (by Nitika Tandon, January 25, 2013).

CIS also organised a Wiki workshop in Ghaziabad:

A Wiki Workshop at Raj Kumar Goel Institute of Technology, Ghaziabad (RKGIT, Ghaziabad, January 17, 2013).

Wiki Event Participated

Celebrating the success of Wikipedia in Wikipedia Summit Pune 2013 (organized by Wikipedia Club, Pune, January 12 – 13, 2013). Subhashish Panigrahi participated in the event.

Wikipedia News Coverage

First Odia Wikipedia Education Program concludes at IIMC, Dhenkanal (Odisha Diary Bureau, Dhenkanal, January 27, 2013).
Odia Wikipedia's 9th Anniversary and Workshop on Application of Odia in Media (Sambad, January 30, 2013).

Wiki Events Organised

Odia Education Program (Indian Institute of Mass Communication, Dhenkanal, Orissa, January 26, 2013).
Odia Wikipedia 9th Anniversary Celebration (Academy of Media Learning, Samantha Vihar, Bhubaneswar, Orissa, January 29, 2013).

Pervasive Technologies

The Pervasive Technologies project carries out research on the intellectual property implicated in the hardware, software and content available in low-cost mobile devices.The long-term outcome of this project is to create a legitimate, legal space for these technologies to exist on the Indian market.

Events Participated

Pervasive Technologies: Access to Knowledge in the Market Place — A Presentation by Sunil Abraham (FGV Law School, Rio de Janeiro, December 15, 2012).
Fifth International IPR Conference (GIPC 2013) (organised by ITAG Business Solutions, Hotel Lalit Ashok, Bangalore, January 30, 2013): Snehashish Ghosh made a presentation on the Pervasive Technologies Project.

Other Openness Updates

Blog Posts / Columns

The Violence of Knowledge Cartels (by Nishant Shah, Hybrid Publishing Lab, January 17, 2013).
Remembering Aaron Swartz, Taking Up the Fight (by Nishant Shah, DML Central, January 24, 2013).

Interview

Aaron Swartz: The First Martyr of the Free Information Movement: Prabir Purkayastha interviewed Lawrence Liang on Newsclick, January 19, 2013. The video is published.

Media Coverage

Bangalore hackers write code as tribute to Aaron Swartz (by Deepa Kurup, Hindu, January 21, 2013. Sunil Abraham is quoted.

HasGeek
HasGeek creates discussion spaces for geeks and has organised conferences like the Fifth Elephant, Droidcon India 2011, Android Camp, etc. HasGeek is supported by CIS and works out from CIS office in Bengaluru.
Event Organized Aaron Swartz Memorial Hacknight (CIS, Bangalore, January 19 – 20, 2013): Aaron’s collaborators such as Anand Chitipothu and A S L Devi participated in the event.

Internet Governance

With Privacy International, London we signed an agreement to facilitate the implementation of activities related to surveillance and freedom of speech and expression. In this month we have blog posts on data retention, international principles of surveillance and human rights and comparitive analysis of Indian legislation vis-à-vis draft of the International Principles on Surveillance of Communications by Ellonai Hickok, and columns by Sunil Abraham and Nishant Shah:

Privacy Research

Data Retention in India (by Elonnai Hickok, January 30, 2013): The post provides an insight into the data retention mandates from the Government of India and data retention practices by service providers.
Draft International Principles on Communications Surveillance and Human Rights (by Elonnai Hickok, January 16, 2013): These principles were developed by Privacy International and the Electronic Frontier Foundation and seek to define an international standard for the surveillance of communications.
A Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications (by Elonnai Hickok, January 31, 2013): The principles, first drafted in October 2012 and developed subsequently seek to establish an international standard for surveillance of communications in the context of human rights. CIS is contributing feedback to the drafting of the principles.

Columns/Op-eds

Web of Sameness (by Nishant Shah, Indian Express, January 18, 2013).
TV versus Social Media: The Rights and Wrongs (by Sunil Abraham, The Tribune, January 20, 2013).

Statement

Statement of Solidarity on Freedom of Expression and Safety of Internet Users in Bangladesh (by Pranesh Prakash, January 15, 2013): This is a statement on the violent attack on blogger Asif Mohiuddin by the participants to the Third South Asian Meeting on the Internet and Freedom of Expression.

Blog Entries

No Civil Society Members in the Cyber Regulations Advisory Committee (by Pranesh Prakash, January 10, 2013).
Five Frequently Asked Questions about the Amended ITRs (by Chinmayi Arun, January 28, 2013): The author discusses the five major questions that have been the subject of debate after the World Conference on International Telecommunications 2012 (WCIT).

Upcoming Event

DML Conference 2013 (co-organised by CIS and Digital Media & Learning Research Hub Central, Sheraton Chicago Hotel & Towers - Chicago, Illinois, March 14 – 16, 2013).

Event Organized

An Introduction to Bitfilm and Bitcoin – A Discussion by Aaron Koenig (CIS, Bangalore, January 23, 2013): Aaron Koenig, Managing Director, Bitfilm Networks of Hamburg, Germany gave a talk.

Events Participated

Panel Discussion on E-Commerce at NLSIU (organised by National Law School of India University, Bangalore, January 7, 2013). Pranesh Prakash was a panelist.
Mobile Broadband: Leveraging for Business Transformation (Chancery Pavilion, Bangalore, January 9, 2013): Sunil Abraham was a panelist in this event.
Third South Asian Meeting on the Internet and Freedom of Expression (organized by Internet Democracy Project, Voices for Interactive Choice & Empowerment and Global Partners & Associates, Dhaka, January 14 – 15, 2013): Pranesh Prakash moderated the session on "Understanding cyber security and surveillance in South Asia”.
Is Freedom of Expression under Threat in the Digital Age? (organized by Editors Guild of India, Index on Censorship and Sage, India International Centre, New Delhi, January 15, 2013): Sunil Abraham was a panelist at this event.
7th India Digital Summit 2013 (organised by Internet and Mobile Association of India, Lalit Hotel, New Delhi, January 16 – 17, 2013): Sunil Abraham was the moderator for Plenary Session 3: Discussion on Social Media – Freedom, Moderation or Regulation.

Upcoming Event

9th International Asian Conference (organised by ITechLaw, February 14 – 15, 2013): Sunil Abraham will be participating as a panelist in the session on “Censorship of Online Content”.

Media Coverage

2012 in Review: Biometric ID Systems Grew Internationally...and So Did Concerns about Privacy (by Rebecca Bowe, Right Side News, January 1, 2013)
Cool Jobs | Parmesh Shahani, Head, Godrej India Culture Lab (LiveMint, January 4, 2013).
Clash of the cyberworlds (by Latha Jishnu, Dinsa Sachan and Moyna, Down to Earth, January 15, 2013 issue). Pranesh Prakash is quoted.
Is freedom of expression under threat in digital age? (originally published by Indo Asian News Service, January 16, 2013 and also covered in the Business Standard, Vancouver Desi, DNA, and Tech2). Sunil Abraham is quoted.
Is freedom of expression under threat in the digital age? (by Mahima Kaul, Index on Censorship, January 18, 2013).
Internet Freedom in India – Open to Debate (by Kirsty Hughes, Index on Censorship, January 22, 2013). CIS research on censorship is quoted.
Cyber security, surveillance and the right to privacy: country perspectives (by Richa Kaul Padte, Internet Democracy Project).
Surveillance Camp: Privatized State Surveillance (by Katitza Rodriguez, Electronic Frontier Foundation, January 28, 2013). Elonnai Hickok is quoted.
An innovative concept comes to the fore (Deccan Herald, January 29, 2013).

Internet Access – Knowledge Repository
In partnership with Ford Foundation, CIS was tasked to produce and disseminate modules on various aspects of telecommunications including policy, regulations, infrastructure and market. However, as on November 9, 2012 there was a change in the mandate of the project. Currently, we are working on building a knowledge repository on “Internet Access”. This new repository will cover the history of the internet, technologies involved, principle and values of internet access, broadband market and universal access. It will also touch upon various polices and regulations which has an impact on internet access and bodies and mechanism which are responsible for such policy formulation. For this purpose we will be hosting a new website: www.internet-institute.in.
We are also organizing an “Institute on Internet and Society” in collaboration with the Ford Foundation India, which is to be held from June 8, 2013 to June 14, 2013. Call for registrations and relevant details will be soon announced on our website.

Telecom

While the potential for growth and returns exist for telecommunications in India, a range of issues need to be addressed. One aspect is more extensive rural coverage and the other is a countrywide access to broadband which is low. Both require effective and efficient use of networks and resources, including spectrum.:

Column by Shyam Ponappa

What's Needed Is User-Centric Design, Not Good Intentions (by Shyam Ponappa, Business Standard, January 3, 2013 and Organizing India Blogpost, January 6, 2013).

Event(s) Participated

21^st Convergence Conference Conference India 2013 (organized by Exhibitions India Group, January 16 – 17, 2013, Pragati Maidan, New Delhi). Snehashish Ghosh participated in the event.

Digital Humanities

From 2012 to 2015, the Researchers At Work series is focusing on building research clusters in the field of Digital Humanities. We organised the first Habits of Living workshops in Bangalore last year. The next workshop is being held in Brown University:

Habits of Living Workshop

Habits of Living: Networked Affects, Glocal Effects (organised by CIS and Brown University, March 21 – 23, 2013, Brown University, Rhode Island). Nishant Shah will be speaking at this event.

About CIS
CIS was registered as a society in Bangalore in 2008. As an independent, non-profit research organisation, it runs different policy research programmes such as Accessibility, Access to Knowledge, Openness, Internet Governance, and Telecom. The policy research programmes have resulted in outputs such as the e-Accessibility Policy Handbook for Persons with Disabilities with ITU and G3ict, and Digital Alternatives with a Cause?, Thinkathon Position Papers and the Digital Natives with a Cause? Report with Hivos, etc. We have conducted policy research for the Ministry of Communications & Information Technology, Ministry of Human Resource Development, Ministry of Personnel, Public Grievances and Pensions, Ministry of Social Justice and Empowerment, etc., on WIPO Treaties, Copyright Bill, NIA Bill, etc.
CIS is accredited as an observer at WIPO. CIS staff participates in the Standing Committee for Copyright and Related Rights (SCCR) meetings regularly held in Geneva, and participate in the discussions and comments on them from a public interest perspective. Our Policy Director, Nirmita Narasimhan won the National Award for Empowerment of Persons with Disabilities from the Government of India and also received the NIVH Excellence Award.

Follow us elsewhere

Get short, timely messages from us on Twitter
Join the CIS group on Facebook
Visit us at http://cis-india.org

Support Us

Please help us defend consumer / citizen rights on the Internet! Write a cheque in favour of ‘The Centre for Internet and Society’ and mail it to us at No. 194, 2nd ‘C’ Cross, Domlur, 2nd Stage, Bengaluru – 5600 71.

Request for Collaboration

We invite researchers, practitioners, and theoreticians, both organisationally and as individuals, to collaboratively engage with Internet and society and improve our understanding of this new field. To discuss the research collaborations, write to Sunil Abraham, Executive Director, at sunil@cis-india.org or Nishant Shah, Director – Research, at nishant@cis-india.org

CIS is grateful to its donors, Wikimedia Foundation, Ford Foundation, Privacy International, UK, Hans Foundation and the Kusuma Trust which was founded by Anurag Dikshit and Soma Pujari, philanthropists of Indian origin, for its core funding and support for most of its projects.

For more details visit https://cis-india.org/about/newsletters/january-2013-bulletin

Remembering Aaron Swartz, Taking Up the Fight

nishant — 2013-01-28T04:51:58Z

I encountered the Aaron Swartz memorial the other day that helps ‘liberate’ a randomly selected article from JSTOR, as an act of civil disobedience, to commemorate both the legacy that Swartz leaves behind, but also the high-profile witch-hunt case which was a crucial factor in him taking his own life.

Nishant Shah's blog post was published by DML Central on January 24, 2013.

Much has been said about Swartz and much more will have to be said about him, and about his work, to make sure that the good that men do does not get interred with their bones. And there are people more articulate, closer to him in personal and professional capacities who will do a better job at making sure we have an archive of memories to fill up the ‘Aaron sized-hole’ that his untimely death has introduced into our lives.

So instead of attempting to write a eulogy I am ill-equipped for, I want to mark the tragic loss of Aaron Swartz by talking about causes and everyday politics. And I might have to do it through a mode of collective self-flagellation because it is a point that needs to be driven home. I am sure that almost everybody would agree that the ideals that Swartz held were unimpeachable, even though they might not always agree with his tactics. There would be a general consensus that in our rapidly growing information societies free knowledge leads to better, stronger, and more equitable societies. In fact, there is a whole generation of younger users who are so used to having unlimited and unrestricted access to digital information that they often get frustrated and infuriated when they encounter media cartels and Intellectual Property Regimes that insist on locking up knowledge -- especially publicly funded academic resources -- behind paywalls.

We have all grumbled, at different points, about the essay we wanted to teach in class, the book we needed for a research paper, the movie we wanted to remix, or the song we wanted to sample, locked up behind (often) unaffordable access systems. We recognise that in the building of this gated knowledge landscape, we are creating uneven, corrupt and corrupting hierarchies of information control and access. And yet, when it comes to actually responding to these questions of closed intellectual property, restricted information access and media monopolies exerted by information cartels, we generally have a comfortable sense of distance. These are other peoples’ problems. These are battles somebody else will fight.

Even within academia, where we have been the most active in questioning and contesting the notions of power and knowledge, there is also the highest complicity in creating these monstrous behemoths that we feed regularly with research that is more often than not, publicly funded. In our quest for tenures, careers and popularity, we have voluntarily given up our rights to private and closed access journals that in return give us the symbolic capital to gain power in the system. In the 1980s, when the Subaltern school was writing against colonial legacies and cultural imperialism, Homi Bhabha had described this condition of granted agency and borrowed power as mimicry. In his own hyphenated way, he had suggested that the new subaltern, who is often seen as engaged in critically responding to the colonial masters and their legacies, only exists in a structure of mimicry -- where he emptily gestures towards the problems of colonial inheritance, without any power to actually overthrow or challenge it. Within South Asian feminisms, Kumkum Sangari has described this status of granted agency within patriarchy -- a condition that gives us a sense of power and a space of negotiation, as long as we uphold the very structure that oppresses us in the name of our empowerment.

It is time to realise that within academia, and the social sciences and arts based academia in particular, we have now perfected the art of mimicry. Where we pull our pens instead of our swords and talk (often indecipherably) about conditions of power and geographies of inequality and the need to do something about it. We attend conferences where proceedings go into closed access journals, and publish books with publishing houses that charge us and our students exorbitant sums of money to access the knowledge in those books. We publish not to be heard but to be cited, not to create open publics but closed communities of interlocked interests. And we feel smug about being politically committed, separating the conditions of our knowledge production from the content of our knowledge, as if the two have nothing to do with each other.

In other sectors that I dabble with but am not such a rank (and hence equally complicit) insider, I see similar distances. This alienation of our intellectual work from its political content is just one of the separations we make. The other separation is between our discursive communities and everyday practice. So embedded is our description, explanation and analysis of the world, in languages inaccessible to any but the privileged few who are trained to understand it. The advice we give our students -- follow the grandmother rule: write clearly so that your grandmother will be able to understand it -- is a standard we rarely practice in our academic writing.

These are symptoms I see in other sectors that are also committed to political questioning and change, working towards building better worlds and societies. Specialised lawyers fight their battles in closed court-rooms and write in obscure law journals which are not accessible or intelligible to the common public. Activists often get bogged down into appropriating the same language to be taken seriously. Advocates of causes fear over-simplification of the complex issues, keeping the everyday person outside of these battles around information and knowledge. We have built gated politics where the threshold of investment and engagement is so high, that the only response to that is detachment.

This brings me back to talking about Swartz and his dream of liberating information from the clutches of exploitative information houses. Swartz’s crime was not that he broke the law -- I wonder if the public prosecutor has never pirated material online; statistics would suggest otherwise -- but that he didn’t find allies in spaces which profess political commitment but then mimic it in their content rather than in practice. It is not surprising that even when JSTOR, the affected party, refused to push for criminal or civil charges, the University where the ‘crime’ occurred and the federal authorities decided to pursue him as a felon. Many people have wondered about why a well-loved and popular cult figure like Swartz would feel so lonely as to take this drastic step to end his life, and we now have to take responsibility that this separation of what he believed as the central tenet to life is something that his natural allies have separated out from their work.

Swartz is a folk-hero and he shall live as an icon for the groups working around internet freedom and information openness. But maybe it is time to stop waiting for another martyr to the cause. Maybe it is time to recognise that these battles around knowledge and information are not specialised fights to be played out in sombre tones by zealots on opposite sides. These are human wars, and they affect not only our everyday sense of who we are and the societies we live in, but also who we want to become and the worlds we want to create for future generations to inherit. Swartz embodies a whole generation of digital natives who fail to understand why the ethically wrong and morally reprehensible practice of protected intellectual property, that goes against the very grain of building information societies, continues to find silent supporters rather than vocal protestors. The grief and sense of loss we have with Swartz's passing is not easy to remedy. But Swartz will also be a moniker that every digital native will have to wear, as they traverse a treacherous terrain, persecuted by IP watchdogs and punished for what seems to be a natural order of things in their information worlds.

There is a lot of growing commentary with people expressing anger, shock, and sadness for the 26 year old man who died fighting a battle that we did not even become an audience to. And that commentary is necessary because we need to cope with the fact that we live in a world where somebody who believed in the most beautiful idea of a world that has free knowledge was persecuted to an early death. But at some point, we also need to stop talking and realise that we don’t have to come to arms for a moment only once-every-heroic-death. That the last disservice we will do to this everyday battle against intellectual property regime is to wait for the next icon to be trapped in this Greek tragedy structure of being punished for doing what he felt was right. It is time to start thinking of these questions of knowledge and information in our everyday life, negotiate with them beyond the narratives of convenience, and hope that there will be no more need to produce martyrs for a cause that is not just about books and music, but about being human.

Banner image credit: Maria Jesus V http://www.flickr.com/photos/favina/8377387022/

For more details visit https://cis-india.org/openness/blog-old/dml-central-jan-24-2013-nishant-shah-remembering-aaron-swartz-taking-up-the-fight

Bangalore hackers write code as tribute to Aaron Swartz

praskrishna — 2013-01-25T11:41:05Z

A small crowd gathered here on Saturday afternoon in the basement of the Centre for Internet and Society to participate in the Aaron Swartz Memorial Hacknight, organised by HasGeek.

Deepa Kurup's article was published in the Hindu on January 21, 2013. Sunil Abraham is quoted.

Hackers have been coming together the world over to hold memorial services to pay tribute to the work, and the technological and political ideas that are the legacy of Aaron Swartz, who ended his life last Saturday.

A small crowd gathered here on Saturday afternoon in the basement of the Centre for Internet and Society to participate in the Aaron Swartz Memorial Hacknight, organised by HasGeek, a company that hosts technology events in the city.

For the first few hours, before getting down to the technological brass tacks of writing code and contributing to open data projects, they discussed the legacy of the young programming genius; right from co-writing the RSS standard at the age of 14 (which created a standard format for getting feeds of changing web content) to his advocacy against regressive copyright legislations and closed data regimes.

The hacknight, which commenced at 2 p.m., went on till early Sunday morning. It was meant to take forward the legacy of Swartz by coming up with projects that liberate data in the Indian context, as well as working on some of the projects and code that Swartz left unfinished.

“Besides these unfinished projects, there are a lot of ideas on political activism and running campaigns that we need to record and learn from. We also want to maintain some of the tech projects he ran,” says Kiran Jonnalagadda of HasGeek.

This motivated him, and a few others who have collaborated with Swartz on OpenLibrary.org and Internet Archive, to organise this tribute.

Most of the projects that are being worked on at the hacknight have at the core the idea that public data must be accessible and should be used for public good. For instance, one of the groups here proposed to build an interface that can extract data from the electoral rolls so that it becomes easier for citizens to check their names and coordinates on the voter ID list. Another group is working on writing code to extract simple data on passenger reservation and ticket availability to create a database that can then be used to chart simple trends. Yet another team is working on creating a similar web interface that can extract weather data using the weekly updates uploaded by the weather department.

These projects, Mr. Jonnalagadda points out, are all attempts to liberate data, much like what each of the projects Swartz initiated.

Speaking at the event, he said: “Swartz’s death bothered me quite a bit. A guy way ahead of his time, his political activism is an inspiration for many of us here who are working with open data. And we need to preserve this.”

Sunil Abraham, director, CIS, spoke about Swartz and the ethical landmines he stumbled into with the JSTOR case, where he was charged for hacking into and downloading millions of academic papers from the subscription database of JSTOR (short for Journal Storage) in 2011. He put this in the context of American foreign policy rhetoric based on Internet freedom, which restricts itself to freedom of expression and doesn’t include access to knowledge.

“This isn’t the case in India, where the Supreme Court has on various occasions spoken in favour of access to knowledge for example in the Cricket Association Of Bengal decision in 1995 where it was determined that the right to watch cricket cannot be restricted by private broadcasters or channels. This difference was why Swartz, who believed Internet freedom includes access to knowledge, was not defended by Hillary Clinton, who identifies herself as an advocate for Internet freedom.”

For more details visit https://cis-india.org/news/the-hindu-deepa-kurup-january-21-2013-bangalore-hackers-write-code-as-tribute-to-aaron-swartz

Internet Freedom in India – Open to Debate

praskrishna — 2013-01-25T10:45:56Z

In the aftermath of an Index on Censorship debate in New Delhi, Kirsty Hughes says India’s web users are standing at a crossroads

This article by Kirsty Hughes was published in Index on Censorship. CIS's research on censorship is quoted.

If debate is a sign of a positive environment for internet freedom, then India scores highly. From debates in parliament, and panel discussions (including Index’s own recent event) to newspaper editorials, blogs and tweets on the rights and wrongs of internet freedom, controls on the web, and India’s position in the international debate, there is no shortage of voices and views.

India has around 120 million web users — a large number but still only about 10 per cent of the country’s population. As cheaper smart phones enable millions more to access the net on their mobiles, India’s net savvy population is set to soar in the next few years. But what sort of online environment they will find is open to question — and to wide debate.

India has some very broad laws that could apply to a wide range of online speech, comment and criticism. These laws have been so far rather randomly applied. But the cases that have arisen — from individuals criticising politicians by email, Facebook or Twitter to some of the big web companies such as Google and Facebook (both facing numerous takedown requests and court cases in India) — show just why India needs to look at limiting both the range of some of its net laws, and to stop these laws criminalising a range of speech.

In 2012, there was widespread outcry in India when two women were arrested for complaining on Facebook about the disruption caused by the funeral of Bal Thackeray, leader of the right wing Hindu party, Shiv Sena. They were arrested under the infamous section 66A of India’s IT Act (2008) which criminalises “grossly offensive” and “menacing” messages sent by electronic means, but also “false” messages sent to cheat, deceive, mislead or annoy, taking online censorship beyond offline laws.

India’s telecom minister Kapil Sibal spoke out against the arrests. And as part of the fallout, guidelines were announced that in future any such charges could only be brought by senior police. But how effective such a restriction might be was challenged, with aTimes of India editorial suggesting “rampant political interference in law enforcement is itself a burning issue…so to argue that senior police officers will always resist mob pressure or political diktats isn’t persuasive.”

Other parts of the IT Act (2008) are also causing a chilling atmosphere in India’s cyber sphere — with new regulations introduced in 2011 obliging internet service providers to take down content within 36 of a complaint (whether an individual, organisation, government body or anyone else) or face prosecution. The law covers a sweeping range of grounds for complaint, including “grossly harmful”, “harassing, “blasphemous” and more. It also is confused on liability – holding intermediaries large and small responsible for content on websites and platforms.

One of India’s leading policy centres on digital issues, the Centre for Internet and Society, decided to test how this 36-hour takedown rule could result in censorship of innocuous and legal content on web sites. They sent complaints to four main search engines across a range of content — and as a result got thousands of innocuous posts removed; a censor’s dream outcome.

Despite a debate in parliament calling for repeal of the 2011 rules, for now they remain.

Some observers suggest the Indian government is catch-up mode, not fully understanding the reach or nature of social media or how to deal with the international range and speed of the web today — something plenty of other governments around the world are showing some confusion about. Some think the lively debate on net freedom in India reflects the voice and demands of the growing Indian middle class. But whether those demands remain pro-freedom is yet to be seen as internet penetration grows apace.

There are some other encouraging signs. While many in India are not keen at US dominance of key parts of internet regulation, there was concern from business and civil society ahead of the International Telecommunications Union summit in December 2012, when the Indian government looked like it might advocate some form of top down control of the web as an alternative. In the event, India, like the EU and US, did not go along with Russia, China and others keen to include net governance into the ITU’s remit.

India is going to be an increasingly influential voice in global internet debates — with its rapidly growing number of netizens and its increasing clout more widely in a multipolar world.

Its healthy and lively debate about digital freedom stands as a beacon of hope in the face of some of its more disturbing laws. But the laws will need to change, if India is to be a country that stands for internet freedom.

For more details visit https://cis-india.org/news/index-on-censorship-kirsty-hughes-january-22-2013-internet-freedom-in-india

Aaron Swartz: The First Martyr of the Free Information Movement

lawrence — 2013-01-24T12:26:02Z

Well known American computer programmer, writer, political organizer and Internet activist died on January 11, 2013. Lawrence Liang from the Alternative Law Forum discusses with Newsclick the tragic loss. The interview was conducted by Prabir Purkayastha.

This interview was originally published by NewsClick on January 19, 2013.

Discussing on the immediate background in which this tragic event happened, Lawrence says that all of us are collectively mourning the death of an extremely talented individual. He adds that Aaron was facing a very difficult trial ahead. A couple of years ago he had plugged his computer on to the MIT network and had downloaded approximately four million articles from JSTOR (primary database for social science and other science journals) and he had intended to make freely available. This act of his in many ways marks Aaaron's short life but one which is marked by a certain commitment and activism around the idea of free knowledge.

Lawrence further says that his anger at databases like JSTOR was the fact that they were charging extraordinary amounts of money to provide access (which meant that they were not available to most people in the world) without paying any royalty to the authors contributing to the article or to the people who do the peer review of the articles. Here is a scenario which is rent control of the worst kind essentially of knowledge which is completely privatised and enclosed (public knowledge which is enclosed in this particular way).

Most researchers and academics who work and contribute towards making of journals do not get compensated for it but are paid for by public money because they happen to be employed by universities or research centres. And then all this material goes behind pay walls. And that is the context in which we need to understand Aaron's life. Click below to watch the full interview:

Video

For more details visit https://cis-india.org/openness/blog-old/aaron-swartz-the-first-martyr-of-free-information-movement

Centre for Internet and Society

Who Minds the Maxwell's Demon (Revisiting Communication Networks through the Lens of the Intermediary)

The Automatic Telephone Exchange

Switching Paradigms

INTERFACE MESSAGE PROCESSOR and the ICCC ‘Hackathon’

Who Minds the Maxwell's Demon

Nirmita Narasimhan

BigDog is Watching You! The Sci-fi Future of Animal and Insect Drones

BigDog/LS3

Humming Bird Drone

MeshWorms and Remote-Controlled Insects

Security vs. Privacy: The wrong debate

Analyzing Draft Human DNA Profiling Bill 2012

Stop Press Carousel

Knowledge Sharing through GLAM at Bangalore

Sponsors

What is GLAM and what does it have to do with Wikimedia and Creative Commons?

Why contribute?

How to contribute?

How does it help the GLAM institution?

Creative Commons

What will users learn?

Who should attend the seminar?

Admission:

One For All

Wiki Meet-up in Bangalore: Talk by Vishnu Vardhan

Agenda

KS Viswanath

Vishnu Vardhan

Joe Justice

Vibhu Srinivasan

Participants

Intended Audience

Report of Aaron Swartz Memorial Hacknight

A Comparison of Indian Legislation to Draft International Principles on Surveillance of Communications

January 2013 Bulletin

Accessibility

National Resource Kit for Persons with Disabilities

Access to Knowledge

Wikipedia

Pervasive Technologies

Other Openness Updates

HasGeek

Internet Governance

Internet Access – Knowledge Repository

Telecom

Digital Humanities

About CIS

Follow us elsewhere

Support Us

Request for Collaboration

Remembering Aaron Swartz, Taking Up the Fight

Bangalore hackers write code as tribute to Aaron Swartz

Internet Freedom in India – Open to Debate

Aaron Swartz: The First Martyr of the Free Information Movement

Video